Date: Sat, 28 Feb 2004 07:37:37 +0600 From: Alexey Dokuchaev <danfe@nsu.ru> To: Sam Leffler <sam@errno.com> Cc: Dag-Erling Sm?rgrav <des@des.no> Subject: Re: cvs commit: src/sys/contrib/pf/net if_pflog.c if_pflog.h if_pfsync.c if_pfsync.h pf.c pf_ioctl.c pf_norm.c pf_osfp.c pf_table.c pfvar.h src/sys/contrib/pf/netinet in4_cksum.c Message-ID: <20040228013737.GA15560@regency.nsu.ru> In-Reply-To: <200402270818.12553.sam@errno.com> References: <200402260234.i1Q2YDx1014240@repoman.freebsd.org> <565913D0-68E2-11D8-AE91-000A95AD0668@errno.com> <xzpptc10vvv.fsf@dwp.des.no> <200402270818.12553.sam@errno.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Feb 27, 2004 at 08:18:12AM -0800, Sam Leffler wrote: > On Friday 27 February 2004 12:28 am, Dag-Erling Sm?rgrav wrote: > > Sam Leffler <sam@errno.com> writes: > > > I made two attempts to eliminate all the ipfw-, dummmynet-, and > > > bridge-specific code in the ip protocols but never got stuff to the > > > point where I was willing to commit it. My main motivation for doing > > > this was to eliminate much of the incestuous behaviour so that you > > > could reason about locking requirements but there were other benefits > > > (e.g. I was also trying to make the ip code more "firewall agnostic"). > > > > The ideal solution would be to convert the entire networking stack to > > netgraph nodes; we could then insert filter nodes at any point in the > > graph. > > I consider netgraph a fine prototyping system. I think that using it for this > purpose would be a mistake. Hmm, may I ask what do you mean by "prototyping system" in this context? ./danfe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040228013737.GA15560>