Subject: Re: Try again, itojun, patches need more work.
To: Manuel Bouyer <bouyer@antioche.eu.org>
From: Jason Thorpe <thorpej@wasabisystems.com>
List: tech-net
Date: 06/30/2003 11:56:31
On Monday, June 30, 2003, at 11:43 AM, Manuel Bouyer wrote:
From what I understand, the "classification engine" would just, given a
> mbuf and a tag name, put the appropriate m_tag to the mbuf.
> It can't do more, the rules to associate a tag to a mbuf is unique to
> each classification package (it may not be based on IP headers for
> example).
> However, each classification package has its own cache of matching
> rules.
> It would probably be more efficient if it would cache the mbuf tag
> value
> here as well.
Well...
If you think about it, IPsec and an IP firewall package have exactly
the same needs when it comes to classification. Maybe it's because I
see the "rule" that matches a packet as orthogonal to the "action"
taken when a match is found.
It just seems silly to me to have two sets of code that parse IP
headers in order to then tell a "classification engine" to assign a
pre-determined name to the packet. Really, the act of parsing those
headers *IS* the classification step!
-- Jason R. Thorpe <thorpej@wasabisystems.com>