On Thu, May 03, 2001 at 04:06:01PM +0000, Gunther Schadow wrote:
> Hmm, so you are arguing gainst multiple return values and stateful
> inspection? I like simplicity, but wouldn't this impede the ability
> to produce high-performance classifiers?
The approach I'm taking is to have the filters live in as large of a BPF
program as possible (possibly multiple large BPF programs chained together
by some glue). This allows the pcap code optimizer to do a better job.
The pcap compiler is being modified to add a "return N" keyword, to
instruct BPF to return a particular value.
A combination of better optimizatoin and a generalized return statement
allows you to do fast matching and fast dispatching.
> What about adding a state memory to the BPF VM and allowing the BPF
> VM to return an arbitrary long integer value. That value would index
> the action to take for filters, mutators, encapsulators, forwarders
> and queuers.
You don't need to add anything to BPF itself to do this -- BPF can already
return arbitrary values. The problem is the BPF instruction compiler that
everyone uses (libpcap).
--
-- Jason R. Thorpe <[EMAIL PROTECTED]>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
