Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 29 Feb 2008 14:37:14 +0000 (UTC)
From:      Vadim Goncharov <vadim_nuclight@mail.ru>
To:        freebsd-ipfw@freebsd.org
Subject:   Re: [patch] ipfw_nat as a kld module
Message-ID:  <slrnfsg64q.223r.vadim_nuclight@hostel.avtf.net>
References:  <20080228151134.GA73358@tin.it> <slrnfsf5iv.17n8.vadim_nuclight@hostel.avtf.net> <20080229095150.GA76592@tin.it>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi Paolo Pisati! 

>> * struct ip_fw_chain moved to .h and no longer static, is this good?
>>   I suggest to move into it's own static chain in module, see next
> the symbol is used outside it's originating file

Is it needed if LIST_HEAD will be in its own module?

>> * Instead of returning IP_FW_NAT function is called immediately from
>>   ipfw_chk(). This inconsistent with other modules of this sort, like divert
>>   and dummynet, where ipfw_chk() simply returns value and cookie to
>>   ipfw_check_*() functions in _pfil.c. If it is done like that, ip_fw2.c
>>   is dependent on modules in minimal way, as many of structures and code
>>   as possible should be moved to modules. This allows to change module
>>   without recompiling main ipfw - for example, your lookup_nat() and
>>   LIST_HEAD from ip_fw_chain could reside entirely in module - then it would
>>   be possible to easily switch from LIST to hash of some kind (imagine 500
>>   NAT instances). And so on.
> that's something i thought about, but i didn't see any tangible improvement
> to this modification, cause part of ipfw_nat would still be called from 
> ipfw2.c (see ipfw_ctl).

This could be fixed, too, as is done with dummynet, which is also configured
via ipfw(8). As it is HEAD, ABI can be broken and this will not be done via
ipfw_ctl().

> Anyway, i'll fix a couple of nits and commit as it is.

Why not to fix more?..

-- 
WBR, Vadim Goncharov. ICQ#166852181       mailto:vadim_nuclight@mail.ru
[Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight]

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?slrnfsg64q.223r.vadim_nuclight>