On Thu, 2 May 2013, Damien Miller wrote:

> You've just described bpf, right down to "no endless loops" and the amount
> of data it returns.
> For a little more code that it takes to write one packet parser
> (basically: loading bpf rules from pf and making the bpf_filter()'s
> return value available to it) you get everything you described above and
> more.

Actually, you could even make the bpf inspection stateful and bi-directional
if you preserved its scratch memory between packets.


Reply via email to