From owner-cvs-src@FreeBSD.ORG Fri Feb 27 17:36:27 2004 Return-Path: Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C61E116A4CE; Fri, 27 Feb 2004 17:36:27 -0800 (PST) Received: from mx.nsu.ru (mx.nsu.ru [212.192.164.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7668643D39; Fri, 27 Feb 2004 17:36:27 -0800 (PST) (envelope-from danfe@regency.nsu.ru) Received: from regency.nsu.ru ([193.124.210.26]) by mx.nsu.ru with esmtp (Exim 4.30) id 1AwtQU-0002nT-1c; Sat, 28 Feb 2004 07:37:58 +0600 Received: from regency.nsu.ru (localhost [127.0.0.1]) by regency.nsu.ru (8.12.10/8.12.10) with ESMTP id i1S1bdGx040067; Sat, 28 Feb 2004 07:37:39 +0600 (NOVT) (envelope-from danfe@regency.nsu.ru) Received: (from danfe@localhost) by regency.nsu.ru (8.12.10/8.12.10/Submit) id i1S1bcHA040002; Sat, 28 Feb 2004 07:37:38 +0600 (NOVT) (envelope-from danfe) Date: Sat, 28 Feb 2004 07:37:37 +0600 From: Alexey Dokuchaev To: Sam Leffler Message-ID: <20040228013737.GA15560@regency.nsu.ru> References: <200402260234.i1Q2YDx1014240@repoman.freebsd.org> <565913D0-68E2-11D8-AE91-000A95AD0668@errno.com> <200402270818.12553.sam@errno.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200402270818.12553.sam@errno.com> User-Agent: Mutt/1.4.1i X-Mailman-Approved-At: Sat, 28 Feb 2004 05:06:19 -0800 cc: Max Laier cc: Andre Oppermann cc: Tim Robbins cc: Luigi Rizzo cc: cvs-all@freebsd.org cc: src-committers@freebsd.org cc: Steve Kargl cc: cvs-src@freebsd.org cc: Dag-Erling Sm?rgrav Subject: Re: cvs commit: src/sys/contrib/pf/net if_pflog.c if_pflog.h if_pfsync.c if_pfsync.h pf.c pf_ioctl.c pf_norm.c pf_osfp.c pf_table.c pfvar.h src/sys/contrib/pf/netinet in4_cksum.c X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Feb 2004 01:36:28 -0000 On Fri, Feb 27, 2004 at 08:18:12AM -0800, Sam Leffler wrote: > On Friday 27 February 2004 12:28 am, Dag-Erling Sm?rgrav wrote: > > Sam Leffler writes: > > > I made two attempts to eliminate all the ipfw-, dummmynet-, and > > > bridge-specific code in the ip protocols but never got stuff to the > > > point where I was willing to commit it. My main motivation for doing > > > this was to eliminate much of the incestuous behaviour so that you > > > could reason about locking requirements but there were other benefits > > > (e.g. I was also trying to make the ip code more "firewall agnostic"). > > > > The ideal solution would be to convert the entire networking stack to > > netgraph nodes; we could then insert filter nodes at any point in the > > graph. > > I consider netgraph a fine prototyping system. I think that using it for this > purpose would be a mistake. Hmm, may I ask what do you mean by "prototyping system" in this context? ./danfe