On Monday, June 30, 2003, at 12:19  PM, Manuel Bouyer wrote:

> But from what I understood, Itojun will move the IPsec classification
> to PF. Or is it just part of the IPsec classification ?

In general, "packet classification" is looking into a packet and 
assigning some class identifier to it.

PF has both a classification engine and an application (a firewall/NAT 
package).  IPsec is another application which can use PF's 
classification engine.  ALTQ is another.

The conversation has been muddled so far because PF contains both 
parts, and so people are confusing PF's classification functionality 
with it's firewall/NAT application functionality.

         -- Jason R. Thorpe <thorpej@wasabisystems.com>