On 12/18/2009 10:12 PM, Peter Serwe wrote:
You can't patch the Berkeley Packet Filter into Linux. Linux kernel doesn't support it.
and...
Despite a cacophonous chorus of replies directing you to the right tool for the job, you insist on sticking with Linux.
If you want to use the wrong tool for the job, by all means, use ipset/iptables - have a great time with it. When it doesn't give you the performance you want, then you will probably go buy something else.
I don't care how you pretty up iptables and it's predecessor, ipchains, it's still a black eye on Linux comparatively speaking.
Berkeley invented TCP/IP, the Berkeley TCP/IP stack is implemented on just about every platform/OS combination there is.
Berkeley *is* networking. And yes, the community around BSD are assholes,
(I'd like to say that all other BSD communities are very friendly; the one exception is the OpenBSD guys. OTOH, they're sometimes more than on the right track: E.g., when they say 'open source', they mean it. GNU/Linux is as lame as the FreeBSD guys, as both allow tainted stuff, as binary-only drivers (nVidia, e.g.). NetBSD is neither nor.
Timo
but they are semi-entitled. Their shit is way better documented than just about anything else in Open Source, including most things Linux.
Peter