Date: Thu, 13 Apr 2017 17:20:55 -0700 From: Gleb Smirnoff <glebius@FreeBSD.org> To: Julian Elischer <julian@freebsd.org> Cc: "Andrey V. Elsukov" <ae@FreeBSD.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r316435 - in head: sbin/ipfw sys/conf sys/modules sys/modules/ipfw_pmod sys/netpfil/ipfw/pmod Message-ID: <20170414002055.GG1033@FreeBSD.org> In-Reply-To: <2fb0e146-8486-09c3-0c44-75c71a74fc2f@freebsd.org> References: <201704030307.v3337mfs039014@repo.freebsd.org> <2fb0e146-8486-09c3-0c44-75c71a74fc2f@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Apr 03, 2017 at 10:12:11PM +0800, Julian Elischer wrote: J> On 3/4/17 11:07 am, Andrey V. Elsukov wrote: J> > Author: ae J> > Date: Mon Apr 3 03:07:48 2017 J> > New Revision: 316435 J> > URL: https://svnweb.freebsd.org/changeset/base/316435 J> J> it was always my intention to hook netgraph modules into ipfw in this way Yes, ng_tcpmss (written in 2004) and ng_ipfw (written in 2005) allow to do that. However, this comes with extra CPU cycles, and design flaws. Packet filter is functional and synchronous, while netgraph isn't. Coupling them requires hacks. So nothing wrong in ipfw module. -- Totus tuus, Glebius.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170414002055.GG1033>