Darren Reed wrote:
> Just because you have BPF does not mean you have a "packet filter".
> You need a whole lot of other infrastructure as well.
> Same goes for netgraph. Both netgraph and BPF are enabling technologies
> but are not in and of themselves providers of solutions.
Darren, I think people do understand that. Since you compared BPF to
Java, of course you need more than the virtual machine, you need a
compiler (parts of tcpdump is a compiler to the BPF VM) and for
firewalling mechanism, you need a library of additional functionality.
I am just completely amazed about how many things there are that
basically do very similar jobs, like packet filtering/classifying.
While in general diversity is good, it is also a problem for the
developers and users of the *BSDs who try to apply these bits and
pieces as a complete functional whole. It also diverts developer
time if each needs to maintain his/her own packet matching/classifyer
code, and last but not least, it leads to kernel bloat.
So, I am still advocating for the great unification, but I understand
that I do that from the outside not being a developer of any of
those packages. Thus, I can understand if the developers dismiss my
calls.
Thanks anyway for your good work. I am still hopefull that some day
all those pieces will fall together to form a coherent overall system.
regards
-Gunther
--
Gunther Schadow, M.D., Ph.D. [EMAIL PROTECTED]
Medical Information Scientist Regenstrief Institute for Health Care
Adjunct Assistent Professor Indiana University School of Medicine
tel:1(317)630-7960 http://aurora.regenstrief.org
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
