Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 3 Mar 2008 11:25:53 +0000 (UTC)
From:      Vadim Goncharov <vadim_nuclight@mail.ru>
To:        freebsd-ipfw@freebsd.org
Subject:   Re: [patch] ipfw_nat as a kld module
Message-ID:  <slrnfsno20.c8a.vadim_nuclight@hostel.avtf.net>
References:  <20080228151134.GA73358@tin.it> <slrnfsf5iv.17n8.vadim_nuclight@hostel.avtf.net> <20080229095150.GA76592@tin.it> <slrnfsg64q.223r.vadim_nuclight@hostel.avtf.net> <20080229154144.GA81243@tin.it>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi piso@FreeBSD.org! 

On Fri, 29 Feb 2008 16:41:44 +0100; piso@FreeBSD.org wrote about 'Re: [patch] ipfw_nat as a kld module':

>>>> * struct ip_fw_chain moved to .h and no longer static, is this good?
>>>>   I suggest to move into it's own static chain in module, see next
>>> the symbol is used outside it's originating file
>> 
>> Is it needed if LIST_HEAD will be in its own module?
> every modification/access to layer3_chain lock is arbitrated via its
> own rwlock(), thus to answer your question, yes, there are places
> where we would need access to layer3_chain

Umm, why? Dummynet doesn't need this access, for example.

>>> that's something i thought about, but i didn't see any tangible improvement
>>> to this modification, cause part of ipfw_nat would still be called from 
>>> ipfw2.c (see ipfw_ctl).
>> 
>> This could be fixed, too, as is done with dummynet, which is also configured
>> via ipfw(8). As it is HEAD, ABI can be broken and this will not be done via
>> ipfw_ctl().
> yes, but does it buy us anything? moreover, we would loose the ability
> to merge the work back to 7.x.

OK, this could be done after merging to 7.x to preserve ABI there. I think,
some time after ``ipfw nat'' is widely tested in 7.0-RELEASE to wait for
bugfixes to settle. May be a month or two.

What benefits?.. I've listed some in previous message, e.g. ability to change
code in NAT module without affecting main ipfw, like easily changing from LIST
to HASH, etc.

Of course, ``ipfw nat'' should be done this way from scratch, but while it's
to late for 7.x, 8.0 still could be split to gain other possible bonuses of
clean-architecture.

-- 
WBR, Vadim Goncharov. ICQ#166852181       mailto:vadim_nuclight@mail.ru
[Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight]

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?slrnfsno20.c8a.vadim_nuclight>