> This means that IP filters need to grab some of IP packets, process > them on a specialized prosessor and then re-inject them into the IP > packet stream. That is, the filter may decide to convert the packet, > but it doesn't have it ready-to-go when it has to return. However, > it may have it ready at some later time, possibly when it processes > a hardware interrupt and sees that the co-processor has finished its > work on the packet. Can ipfilter handle this?
no idea about ipfilter, but i guess not -- in the case of ipfw i did have to implement exactly this funcionality for dummynet and i ended up putting it _outside_ dummynet (i.e. in the callers routines, ip_input(), ip_output() and bdg_forward() ) . this might ease life to those who want to replace ipfw with ipfilter for dummynet or similar things, if nothing else. cheers luigi -----------------------------------+------------------------------------- Luigi RIZZO, lu...@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy) http://www.iet.unipi.it/~luigi/ngc99/ ==== First International Workshop on Networked Group Communication ==== -----------------------------------+------------------------------------- To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-hackers" in the body of the message