What are possible ways of implementing payload inspection in kernel? ...
And what's the point of writing that e-mail if you don't describe your atypical way?
What's the point in writing follow-ups to this really OT thread at all? And my piece for the "atypical way": Take a look at Net-/FreeBSDs PFIL_HOOKS that's a _generic_ way to implement in-kernel mbuf inspection of any kind. No need of any other hacks!
Problem is that mbuf inspection forces one to reimplement all the defragmentation and normalisation crap. It would be much nicer to have access to a post-scrub stream.
Right now, one would still have to do tcp segment reassembly in userspace, but that isn't quite so bad...
One can do most of this right now using rdr to a local proxy (and have the OS deal with reassembling the stream), but it isn't amazingly fast.
Not that "deep packet inspection" is going to be blazingly fast anyway
:)
-d
