On Mon, Oct 24, 2005 at 02:38:43AM -0500, Travis H. wrote: > Has anyone thought of modeling packet filtering/translation/queueing > as a virtual machine?
BSD/OS ipfw (http://www.pix.net/software/ipfw/) did use BPF bytecode for filterrules. basically you compile you filter ruleset into BPF bytecode and match the packets. however, in practice its very had to retrieve the current filter set and read the optimized BPF bytecode while trying to figure out the the active rule set does.