Date: Fri, 16 Jan 2004 10:27:08 +0100 From: Guido van Rooij <guido@gvr.org> To: Robert Watson <rwatson@freebsd.org> Cc: freebsd-hackers@freebsd.org Subject: Re: 5.1->5.2 Message-ID: <20040116092708.GA203@gvr.gvr.org> In-Reply-To: <Pine.NEB.3.96L.1040115170208.74950B-100000@fledge.watson.org> References: <40070D9E.6060407@inodes.us> <Pine.NEB.3.96L.1040115170208.74950B-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jan 15, 2004 at 05:04:59PM -0500, Robert Watson wrote: > > IPFILTER now relies on the PFIL_HOOKS kernel option; this is something > that is somewhat poorly documented, and we should add it to the errate I > suspect. If you add "options PFIL_HOOKS" to your kernel config, it should > work. Moving to PFIL_HOOKS for all the "funky IP input/ouput" feature is > a goal for 5.3 (in fact, I believe Sam has it almost entirely done in one > of his development branches), and should both simplify the input/output > paths, and also simplify locking for the IP stack. So the change is for a > good cause :-). > That reminds me: is there a way to influence the order in which the various packages are hooked up? E.g. I can imagine a situation where you want IPfilter NATting and ipfw filtering. In such a scenario you want to be able to specify _exactly_ that ipfilter comes before ipfw when packets come in, and vice versa when packets go out. -Guido
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040116092708.GA203>