New Firewall (hpf) for DragonFlyBSD
Max Laier
max at love2party.net
Fri Jan 9 09:39:06 PST 2004
On Friday 09 January 2004 18:06, Simon 'corecode' Schubert wrote:
> On 09.01.2004, at 15:28, Seb wrote:
> > Here you can found patch for using High Performance Firewall under
> > DragonFlyBSD. This firewall is a new type and exprimental. It's a
> > constant
> > time firewall, so CPU consumption is not dependent of rules number.
> > This a
> > turboACL like implementation so the kernel code is very very little.
> > Actually, hpf recognize some ipfw syntax but an ipfilter parser can be
> > developped. Dynamic rules are not supported for the moment and some
> > options
> > too. You can see at http://www.phear.org/~spe/syntaxe.txt what type of
> > syntax is recognized.
>
> I'm sorry, maybe I'm just ignorant, but doesn't such a tree need 256^14
> (or 13) entries?
>
> Also, using ints to store pointers won't work on all architectures.
Yapp - apart from being highly unreadable - your code is _really_ i386 centric
and does not care about storage sizes or byte order at all. Furthermore it's
ignorant on real life things like incomplete/short mbufs, encapsulation etc.
pp.
I am really curious how you plan to support IPv6, btw ;)
Nonetheless, it's an interesting approach for very special purpose, but not
(yet) fit for real-life applications IMO.
--
Best regards, | max at xxxxxxxxxxxxxx
Max Laier | ICQ #67774661
http://pf4freebsd.love2party.net/ | mlaier at EFnet
More information about the Submit
mailing list