From owner-cvs-src@FreeBSD.ORG Fri Feb 27 17:51:04 2004 Return-Path: Delivered-To: cvs-src@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 931) id E212016A4CF; Fri, 27 Feb 2004 17:51:03 -0800 (PST) Date: Fri, 27 Feb 2004 19:51:03 -0600 From: juli mallett To: Alexey Dokuchaev Message-ID: <20040228015103.GA70336@FreeBSD.org> References: <200402260234.i1Q2YDx1014240@repoman.freebsd.org> <565913D0-68E2-11D8-AE91-000A95AD0668@errno.com> <200402270818.12553.sam@errno.com> <20040228013737.GA15560@regency.nsu.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040228013737.GA15560@regency.nsu.ru> User-Agent: Mutt/1.4.1i X-Negacore: Yes X-Authentication-Warning: localhost: juli pwned teh intarweb X-Mailman-Approved-At: Sat, 28 Feb 2004 05:06:19 -0800 cc: cvs-src@freebsd.org cc: Max Laier cc: Andre Oppermann cc: Tim Robbins cc: Luigi Rizzo cc: cvs-all@freebsd.org cc: src-committers@freebsd.org cc: Steve Kargl cc: Dag-Erling Sm?rgrav cc: Sam Leffler Subject: Re: cvs commit: src/sys/contrib/pf/net if_pflog.c if_pflog.h if_pfsync.c if_pfsync.h pf.c pf_ioctl.c pf_norm.c pf_osfp.c pf_table.c pfvar.h src/sys/contrib/pf/netinet in4_cksum.c X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Feb 2004 01:51:04 -0000 * Alexey Dokuchaev [ Date: 2004-02-27 ] [ w.r.t. Re: cvs commit: src/sys/contrib/pf/net if_pflog.c if_pflog.h if_pfsync.c if_pfsync.h pf.c pf_ioctl.c pf_norm.c pf_osfp.c pf_table.c pfvar.h src/sys/contrib/pf/netinet in4_cksum.c ] > On Fri, Feb 27, 2004 at 08:18:12AM -0800, Sam Leffler wrote: > > On Friday 27 February 2004 12:28 am, Dag-Erling Sm?rgrav wrote: > > > Sam Leffler writes: > > > > I made two attempts to eliminate all the ipfw-, dummmynet-, and > > > > bridge-specific code in the ip protocols but never got stuff to the > > > > point where I was willing to commit it. My main motivation for doing > > > > this was to eliminate much of the incestuous behaviour so that you > > > > could reason about locking requirements but there were other benefits > > > > (e.g. I was also trying to make the ip code more "firewall agnostic"). > > > > > > The ideal solution would be to convert the entire networking stack to > > > netgraph nodes; we could then insert filter nodes at any point in the > > > graph. > > > > I consider netgraph a fine prototyping system. I think that using it for this > > purpose would be a mistake. > > Hmm, may I ask what do you mean by "prototyping system" in this context? You can tie things together without much effort and with great modularity and with the ability to promiscuously pass through, etc., to begin to develop an application, but eventually, the overhead of a pipe/stream alike message-passing system which is not highly parallel or fast is not very attractive. -- juli mallett. email: jmallett@freebsd.org; efnet: juli; o/~ sweet talk like candy rots teeth o/~