On May 2, 2013, at 10:45 AM, Damien Miller <d...@mindrot.org> wrote:

> On Thu, 2 May 2013, Franco Fichtner wrote:
>> as stated before, breaking down complexity to the bare minimum is my
>> requirement for this to be happening at all.  You all get to be the
>> judges.  I'm just trying to work on something worth doing.
> Well, bare minimum complexity per-protocol * large_number_of_protocols =
> a lot of complexity. The incentive is always going to be to add more
> protocols and never retire them.

I guess that's true for most software projects.

> Also, doesn't IPPROTO_DIVERT or SO_BINDANY+SO_SPLICE allow you to do
> near zero-overhead DPI completely in userspace?

Wouldn't that mean pf.conf(5) syntax extensions cannot be implemented?

It's not full-blown DPI analysis for extracting all kinds of events
from a flow -- it's merely a tagging tool, and if that sits in user
space, it's really not helpful except for logging / accounting. One
could do that with a simple pcap(3) binding as well.

Stuart made a good point for divert-packet being able to pick up
applications without the need for any other information (ports,
interfaces, addresses).

I'm sorry for not being able to make it more clear at this time.
Next step for me is to write a comprehensive description. In any case,
the input on tech@ has been very helpful so far. Thanks guys!  :)


Reply via email to