On Tue, Aug 19, 2008 at 10:17:36AM +0200, Enrico Perla wrote: > I guess (James will correct if I miss something :P) that the idea here is to > create an high-level meta-language. Pretty much what happens with binary > analysis: you create a meta-language and an interpreter for that language > and than you just have to "port" the different machine codes (UltraSPARC, > x86, PPC, etc) to that meta-language and you can investigate them with > standard (and tested) primitives.
There's a low-level packet filtering language called BPF (BSD Packet Filter). Like DTrace, it doesn't allow for looping -- you can only branch forward in a BPF program. That's probably too low-level a language for use by firewall management applications -- decoding a BPF program into rules that can be displayed is difficult, akin to decompiling a binary executable. Nico --
