> This means that IP filters need to grab some of IP packets, process
> them on a specialized prosessor and then re-inject them into the IP
> packet stream. That is, the filter may decide to convert the packet,
> but it doesn't have it ready-to-go when it has to return. However,
> it may have it ready at some later time, possibly when it processes
> a hardware interrupt and sees that the co-processor has finished its
> work on the packet. Can ipfilter handle this?
no idea about ipfilter, but i guess not -- in the case of ipfw i
did have to implement exactly this funcionality for dummynet and i
ended up putting it _outside_ dummynet (i.e. in the callers routines,
ip_input(), ip_output() and bdg_forward() ) .
this might ease life to those who want to replace ipfw with ipfilter
for dummynet or similar things, if nothing else.
cheers
luigi
-----------------------------------+-------------------------------------
Luigi RIZZO, lu...@iet.unipi.it . Dip. di Ing. dell'Informazione
http://www.iet.unipi.it/~luigi/ . Universita` di Pisa
TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy)
http://www.iet.unipi.it/~luigi/ngc99/
==== First International Workshop on Networked Group Communication ====
-----------------------------------+-------------------------------------
To Unsubscribe: send mail to majord...@freebsd.org
with "unsubscribe freebsd-hackers" in the body of the message
