From owner-freebsd-hackers@FreeBSD.ORG  Thu Dec  4 06:13:29 2003
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 48AD116A4D0
	for <freebsd-hackers@freebsd.org>;
	Thu,  4 Dec 2003 06:13:29 -0800 (PST)
Received: from smtp3.euronet.nl (smtp3.euronet.nl [194.134.35.173])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 263E043FB1
	for <freebsd-hackers@freebsd.org>;
	Thu,  4 Dec 2003 06:13:26 -0800 (PST)
	(envelope-from dodell@sitetronics.com)
Received: from [192.168.1.42] (zp-c-13e65.mxs.adsl.euronet.nl [81.69.92.101])
	by smtp3.euronet.nl (Postfix) with ESMTP id 08BB339FB6
	for <freebsd-hackers@freebsd.org>;
	Thu,  4 Dec 2003 15:13:25 +0100 (MET)
Mime-Version: 1.0 (Apple Message framework v606)
Content-Transfer-Encoding: 7bit
Message-Id: <05CEBB5C-2664-11D8-AAE8-000A95E5E66E@sitetronics.com>
Content-Type: text/plain; charset=US-ASCII; format=flowed
To: freebsd-hackers@freebsd.org
From: Devon H.O'Dell <dodell@sitetronics.com>
Date: Thu, 4 Dec 2003 15:13:24 +0100
X-Mailer: Apple Mail (2.606)
Subject: IPFW and the IP stack
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Dec 2003 14:13:29 -0000

I've been looking through the IP stack for shits and giggles and was 
wondering why a few things are the way they are with IPFW's 
implementation.

I went back through the CVSWeb stuff to check out the changes and it 
appears that most of my questions are purely cosmetic issues; but I 
still don't understand them.

Specifically, pretty much everything in the iphack: section relied on 
IPFW being defined in the kernel configuration. Several checks went 
away when COMPAT_IPFW was defaulted into the kernel, then several were 
removed to make a buildable kernel without having options IPFIREWALL 
defined in the kernel configuration. Throughout these changes, several 
variables related to IPFW were removed from #ifdef IPFIREWALL checks. 
At this point, most IPFW variables are initialized by default 
(including some stuff for natd) and every call to ip_input() does a 
check at if (fw_enable && IPFW_LOADED) (I believe this is true for 
ip_output() as well). Why are these variables and sections compiled in 
by default instead of left out if no firewall is existent in the 
kernel?

Hope that doesn't sound too ambiguous :)

Kind regards,

Devon