On Thu, 2 May 2013, Damien Miller wrote: > You've just described bpf, right down to "no endless loops" and the amount > of data it returns. > > For a little more code that it takes to write one packet parser > (basically: loading bpf rules from pf and making the bpf_filter()'s > return value available to it) you get everything you described above and > more.
Actually, you could even make the bpf inspection stateful and bi-directional if you preserved its scratch memory between packets. -d
