A frank discussion of architectural and aesthetic flaws (but not bugs) in the standard BSD packet filter. Some of these are largely internal, code-related issues: internal data structures, code readability and maintainability, etc. Others have their roots in design tradeoffs: syntactic richness vs. simplicity and stability over time, portability vs. tight integration with other subsystems.
Resolving many of the issues is a challenge, especially since the OpenBSD project flavors "evolutionary" over "revolutionary" change. To illustrate the approach taken, the talk will include a closer look at the recently completed state-table restructuring, mostly finalised in the upcoming 4.7 release but initially planned in 2004 and implemented over 6+ releases.
