aperezdc
commented
8 years ago This may not be needed in the end. Given that the current implementation provides Scanner objects (code) which contain the state of the L7 packet analyzer, and that an instance can be explicitly passed to the L7Spy application, it seems easier to just allow later on the same Scanner instance to be passed to the L7Fw application. That way the L7Fw can first check simpler conditions (below Layer-7), and if needed pull the associated packet flow from the Scanner object to perform L7 checks on packets.
Due to that, I am closing this for the moment. Though it still would be interesting to have a “generic per-packet metadata” mechanism in Snabb, it is not strictly needed for SnabbWall.
We need a way to support attaching arbitrary metadata to SnS'
packet_t, which minimizes the overhead of passing packets around when packet metadatas are not used (ideally, the overhead would be ~zero for that case).