From owner-freebsd-ipfw Wed Oct 31 17:41:34 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from iguana.aciri.org (iguana.aciri.org [192.150.187.36]) by hub.freebsd.org (Postfix) with ESMTP id AAB8637B40B; Wed, 31 Oct 2001 17:41:26 -0800 (PST) Received: (from rizzo@localhost) by iguana.aciri.org (8.11.3/8.11.1) id fA11bt226212; Wed, 31 Oct 2001 17:37:55 -0800 (PST) (envelope-from rizzo) Date: Wed, 31 Oct 2001 17:37:55 -0800 From: Luigi Rizzo To: stable@freebsd.org Subject: HEADS UP: a bunch of ipfw MFC in the next 1-2 days Message-ID: <20011031173755.F23297@iguana.aciri.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.23i Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG [Bcc to -net and -ipfw because of relevance] Hi, I am about to merge into stable a number of modifications that have been committed to current over the past month or two. The most significant ones are: * the merge of ipfw rule descriptor and chain pointer. No functional change, but the internal data structures and code are way more readable; * Bill Fenner's code to make ipfw/dummynet/bridge KLD'able BOTH THESE THINGS REQUIRES REBUILDING OF ipfw.ko and /sbin/ipfw * a new type of dynamic rule that lets you limit the number of simultaneous connections matching certain criteria (with the usual aggregation based on port/address masks) * fix spl*() protection in same parts of the code (only relevant for RELENG_4); * misc fixes that have or should arise while diff'ing old and new version of the files in HEAD and RELENG_4 (it happens more frequently than people can imagine, especially for those critical parts of the system for which we are almost doing independent implementations); While i am carefully reviewing and testing the code before committing, and try to do the commit at once, we all do mistakes sometime. So, please test the new code and submit feedback and bug reports as i complete the commits, put please don't rush and install the new code on a production machine two seconds after my first commit. We are sufficiently far away from the next release to do this commit now and shake down any bugs that should occur. cheers luigi ----------------------------------+----------------------------------------- Luigi RIZZO, luigi@iet.unipi.it . ACIRI/ICSI (on leave from Univ. di Pisa) http://www.iet.unipi.it/~luigi/ . 1947 Center St, Berkeley CA 94704 Phone: (510) 666 2927 ----------------------------------+----------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message