[EMAIL PROTECTED] (Thomas Bushnell, BSG) writes: > The kernel already has a netfilter capacity in Mach.
Could one use that to port something like KLIPS2 (the next version of the kernel parts of freeswan), which will use the linux-2.4 netfilter-architecture to get into the packet processing at the right places? > > Or is it totally out of the question (for performance reasons) to have > > each packet pass through a few rpc calls? > > Out of the question if it's the normal mode of operation. I see. With something like linux' netfilter, I think the pfinet process would check if packet matches the rules for each netfilter hook, and pass the packet on via rpc if it matches a rule. Thanks for the help, /Niels
