Date: 28 Sep 2001 20:08:13 +0200 From: Dag-Erling Smorgrav <des@ofug.org> To: Luigi Rizzo <luigi@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet ip_dummynet.c ip_dummynet.h ip_fw.c ip_fw.h ip_input.c ip_output.c src/sys/net bridge.c src/sbin/ipfw ipfw.8 ipfw.c Message-ID: <xzpwv2jkx2q.fsf@flood.ping.uio.no> In-Reply-To: <200109272344.f8RNiSV40274@freefall.freebsd.org> References: <200109272344.f8RNiSV40274@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Luigi Rizzo <luigi@FreeBSD.org> writes: > Log: > Two main changes here: > + implement "limit" rules, which permit to limit the number of sessions > between certain host pairs (according to masks). These are a special > type of stateful rules, which might be of interest in some cases. > See the ipfw manpage for details. > > + merge the list pointers and ipfw rule descriptors in the kernel, so > the code is smaller, faster and more readable. This patch basically > consists in replacing "foo->rule->bar" with "rule->bar" all over > the place. > I have been willing to do this for ages! Did you post this code to -arch or -audit before you committed it? Did you discuss these changes with anyone, e.g. on the -ipfw list? Did you even test the code properly? 1) with these patches, installing the rule "pass ip from any to any via lo0" (#2 in my ruleset) causes an immediate panic in add_entry() (no core dump yet, but I'm working on it) 2) you've completely broken binary compatibility *again*, without even a token attempt at detecting or working around a version mismatch. > MFC after: 1 week You must be joking! DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpwv2jkx2q.fsf>