On Thursday, June 26, 2003, at 09:51  PM, itojun@iijlab.net wrote:

> 	it was because ALTQ-on-1.6 inclueded its own packet classifier (which
> 	is very similar to packet filter).  in the way of ALTQ development,
> 	ALTQ dropped its classifier and chose to rely on packet tagging
> 	(provided by PF), because ALTQ classifier is basically a code
> 	duplication of packet filter.

I would like to state for the record that I support removing duplicated 
packet classification engines.  The needs of a firewall, traffic 
shaper, and IPsec SPD/SAD engine are all basically the same.

Of course, it would be nice if everything used BPF as the actual 
matching engine, but I don't want to let perfect be the enemy of good.

So, if PF allows us to clean up the network code in this way, I'm all 
for it.

         -- Jason R. Thorpe <thorpej@wasabisystems.com>