On Wed, May 01, 2013 at 00:16, Franco Fichtner wrote: > Yes, I am proposing a lightweight approach: hard-wired regex-like > code, no allocations, no reassembly or state machines. I've seen > far worse things being put into Kernels and I assure you that I do > refrain from putting in anything that could cause segmentation > faults, sleeps, or other non-suitable behaviour.
> And talking about complexity: 1000 LOC for 25 protocols. I'm afraid > it can't be simplified any more than this. Well, it's really hard to comment on code we can't see. My thoughts on the matter have always been that it would be cool to integrate bpf into pf (though other developers surely have other opinions). Then you get filtering for as many protocols as you care to write bpf matchers for.
