tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Patch: accept filters for NetBSD

On Tue, Jan 29, 2008 at 01:16:53PM -0500, der Mouse wrote:
> >> [...accept filters...]
> > You may very well want to make some connections go away without ever
> > bothering userspace.  That almost always requires looking at the
> > data.  [...] you have to peek into [the data]
> As described upthread, feels kinda gross - it feels like the sort of
> kludge I'd expect to find in Linux, not a BSD.  Data-present is not a
> particularly useful test (connection floods just need to include a byte
> of data), and moving part of HTTP into the kernel strikes me as
> something that we might want to support via a general mechanism but not
> via special-case code.

This is a general mechanism -- though the filters themselves are
specific to each application layer protocol, and are small (an "ssl"
filter that just looks for a complete minimum-length SSL record is
about the same size as the "dataready" filter).

>From my point of view the dataready filter is nothing more than an
example.  Other people seem to find it useful for more than that,
but I would tend to agree with you about its utility in real use.

What this is not, though, is a general purpose parsing _language_
implementation -- because it needs to be fast.


Home | Main Index | Thread Index | Old Index