option directive and turning on AOE
Julian Elischer
julian at elischer.org
Tue Aug 31 16:02:36 PDT 2004
Andre Oppermann wrote:
>Yea, a ng_pfilhook module should be fairly easy to write. I don't like
>it the other way around. PFIL_HOOKS is a hooking mechanism, so something
>should hook itself in there.
>
actually, netgraph is nothing but a hooking/connecting framework..
The modules are all just consumers of that interface.
an ng_pfil node would be a node that filters packets that are received
from a netgraph source..
it wouldn't have a clue what kind of source that was..
there already is an ng_ipfw node (but not in freebsd, though I believe
it's coming)
and there is an ng_bpf node that takes arbitrary filterring "programs"
as generated by bpf.
>
>PS: I'm thinking about moving all the IPSec cruft in IPv4 into a pfil
>hook. Thus IPSecKAME and FastIPSec could be loadable modules and it
>would relieve ip_input/output.c by some more 1000's of lines. Haven't
>looked fully into it yet though. I'm sure there are some difficulties
>hidden somewhere. ;-)
>
>
>
More information about the freebsd-arch
mailing list