Rui Paulo <rpa...@felyko.com> wrote: > > > > Comments? > > > Why do you need this in the first place?
It provides us a capability to offload more complex packet processing. My primary user would be NPF in NetBSD, e.g. one of the operations is to lookup an IP address in a table/ipset. > Are you sure this is a safe design? Adding this functionality to BPF > makes me a little nervous as an error in the implementation leads to > kernel code execution (I could be able to call random kernel functions). This is functionality is for a custom use of BPF. There would be no coprocessor by default and the instruction would essentially be a NOP. Perhaps I was not clear on bpf_set_cop(9) - it is a kernel routine, so the user would be a kernel subsystem which has a full control over the functions it provides. The functions are predetermined, not random. -- Mindaugas _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
