From owner-freebsd-ipfw@FreeBSD.ORG Mon Mar 3 11:26:06 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1D5AA1065671 for ; Mon, 3 Mar 2008 11:26:06 +0000 (UTC) (envelope-from freebsd-ipfw@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.freebsd.org (Postfix) with ESMTP id A46068FC13 for ; Mon, 3 Mar 2008 11:26:05 +0000 (UTC) (envelope-from freebsd-ipfw@m.gmane.org) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1JW8nw-00009U-OI for freebsd-ipfw@freebsd.org; Mon, 03 Mar 2008 11:26:00 +0000 Received: from 195.208.174.178 ([195.208.174.178]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 03 Mar 2008 11:26:00 +0000 Received: from vadim_nuclight by 195.208.174.178 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 03 Mar 2008 11:26:00 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-ipfw@freebsd.org From: Vadim Goncharov Date: Mon, 3 Mar 2008 11:25:53 +0000 (UTC) Organization: Nuclear Lightning @ Tomsk, TPU AVTF Hostel Lines: 40 Message-ID: References: <20080228151134.GA73358@tin.it> <20080229095150.GA76592@tin.it> <20080229154144.GA81243@tin.it> X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: 195.208.174.178 X-Comment-To: piso@FreeBSD.org User-Agent: slrn/0.9.8.1 (FreeBSD) Sender: news Subject: Re: [patch] ipfw_nat as a kld module X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: vadim_nuclight@mail.ru List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Mar 2008 11:26:06 -0000 Hi piso@FreeBSD.org! On Fri, 29 Feb 2008 16:41:44 +0100; piso@FreeBSD.org wrote about 'Re: [patch] ipfw_nat as a kld module': >>>> * struct ip_fw_chain moved to .h and no longer static, is this good? >>>> I suggest to move into it's own static chain in module, see next >>> the symbol is used outside it's originating file >> >> Is it needed if LIST_HEAD will be in its own module? > every modification/access to layer3_chain lock is arbitrated via its > own rwlock(), thus to answer your question, yes, there are places > where we would need access to layer3_chain Umm, why? Dummynet doesn't need this access, for example. >>> that's something i thought about, but i didn't see any tangible improvement >>> to this modification, cause part of ipfw_nat would still be called from >>> ipfw2.c (see ipfw_ctl). >> >> This could be fixed, too, as is done with dummynet, which is also configured >> via ipfw(8). As it is HEAD, ABI can be broken and this will not be done via >> ipfw_ctl(). > yes, but does it buy us anything? moreover, we would loose the ability > to merge the work back to 7.x. OK, this could be done after merging to 7.x to preserve ABI there. I think, some time after ``ipfw nat'' is widely tested in 7.0-RELEASE to wait for bugfixes to settle. May be a month or two. What benefits?.. I've listed some in previous message, e.g. ability to change code in NAT module without affecting main ipfw, like easily changing from LIST to HASH, etc. Of course, ``ipfw nat'' should be done this way from scratch, but while it's to late for 7.x, 8.0 still could be split to gain other possible bonuses of clean-architecture. -- WBR, Vadim Goncharov. ICQ#166852181 mailto:vadim_nuclight@mail.ru [Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight]