Date: Sat, 19 Feb 2000 11:46:41 +0100 (CET) From: Luigi Rizzo <luigi@info.iet.unipi.it> To: Darren Reed <avalon@coombs.anu.edu.au> Cc: hackers@FreeBSD.ORG Subject: Re: post 4.0...adoption of pfil(9) from NetBSD ? Message-ID: <200002191046.LAA84458@info.iet.unipi.it> In-Reply-To: <200002190852.TAA22462@cairo.anu.edu.au> from Darren Reed at "Feb 19, 2000 07:52:37 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> I was just having a quick peek at how ipfw works in FreeBSD-4 for IPv6,
> to see what's required for IP-Filter (hoping for a clean interface)
> and the response is "sigh". The old ipfw mechanism needs to be
> abandoned, IMHO.
can you comment a bit more ? I am a bit unclear on what
exactly is thay you don't find appropriate in ipfw etc.
If you have an URL for a pfil(9) manpage i would appreciate it.
Some comments:
The issue of one vs. multiple lists (per direction, interface,
protocol, you name it) has been discussed some time ago. For sure
multiple lists are a (minor, given that we can start the ipfw lists
with a few of "skipto") performance improvement over a single one,
at the possible price of having some duplication in writing filters
and even defining how many lists are appropriate.
> The advantage to using pfil(9) from NetBSD (unless someone feels
> the distinct need to roll their own code to do something the same)
> is it provides a clean interface rather than requiring people to
> patch things like ip6_input.c, etc.
I think that if you want to do tricks such as
forward, divert, dummynet and the like, it is unavoidable to
have to hook in the middle of ${proto}_{input|output}.c, as
you end up doing protocol-specific things...
cheers
luigi
-----------------------------------+-------------------------------------
Luigi RIZZO, luigi@iet.unipi.it . Dip. di Ing. dell'Informazione
http://www.iet.unipi.it/~luigi/ . Universita` di Pisa
TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy)
Mobile +39-347-0373137
-----------------------------------+-------------------------------------
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200002191046.LAA84458>