BSDi BPF extension

[itojun () itojun org (Jun-ichiro itojun Hagino)]

        (sorry i lost the original posting)

        BSDi BPF extension is part of BSDi packet filter ("ipfw", don't confuse
        it with FreeBSD one with the same name).  i've contacted BSDi guy if
        they could release the code to the public, so please hold for a moment
        on the official answer.  time have passed since he gave me an OK to
        release BSDi BPF, his management have changed (WindRiver chewed up
        BSDi and stuff), so we need a positive response from him before making
        any action.

        BSDi BPF extension has a few good things and a few bad things:
        good things:
                it can do "protochain" in one BPF insn.  backward jump is
                prohibited in kernel BPF interpreter to avoid infinite loop,
                so BSDi BPF has a BPF insn to do "protochain" operation.

                it has 128bit registers, which would help IPv6 parsing.

        bad things:
                BSDi BPF changed interpretation of some additional BPF insn
                (and new interpretation like 128bit register) without having
                any version identification.  there's no way to identify
                what version of BPF engine is installed in the kernel, so we
                can't make libpcap compiler to work on pre-BSDi and BSDi BPF
                engine.

        the "bad things" part really bothers me, as if we switch to BSDi BPF,
        we require every operating system to switch their kernel BPF evaluation
        engine to BSDi one.  it is not a smooth transition, there needs to be
        a big "flag day".

itojun
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe