On Mon, Jun 30, 2003 at 11:24:12AM -0700, Jason Thorpe wrote:
> Well...
> 
> The right way to do it, of course, is to make the classification engine 
> just a library... and then various applications -- the PF firewall/NAT 
> package, IPsec, ALTQ, etc. simply use the library.

I see it more like a module than a library. All these applications needs to
share some information, and in my understanding a library would have
distinct data structures for each instance (but maybe I misunderstood what
a library really is :)

From what I understand, the "classification engine" would just, given a
mbuf and a tag name, put the appropriate m_tag to the mbuf.
It can't do more, the rules to associate a tag to a mbuf is unique to
each classification package (it may not be based on IP headers for example).
However, each classification package has its own cache of matching rules.
It would probably be more efficient if it would cache the mbuf tag value
here as well.

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 24 ans d'experience feront toujours la difference
--