From owner-freebsd-current  Mon Dec 16  9:32:39 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3441037B401
	for <current@FreeBSD.ORG>; Mon, 16 Dec 2002 09:32:37 -0800 (PST)
Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2E49343EC2
	for <current@FreeBSD.ORG>; Mon, 16 Dec 2002 09:32:31 -0800 (PST)
	(envelope-from ru@whale.sunbay.crimea.ua)
Received: from whale.sunbay.crimea.ua (ru@localhost [127.0.0.1])
	by whale.sunbay.crimea.ua (8.12.6/8.12.6/Sunbay) with ESMTP id gBGHWJkf036148
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO);
	Mon, 16 Dec 2002 19:32:19 +0200 (EET)
	(envelope-from ru@whale.sunbay.crimea.ua)
Received: (from ru@localhost)
	by whale.sunbay.crimea.ua (8.12.6/8.12.6/Submit) id gBGHWEfT036143;
	Mon, 16 Dec 2002 19:32:14 +0200 (EET)
Date: Mon, 16 Dec 2002 19:32:14 +0200
From: Ruslan Ermilov <ru@FreeBSD.ORG>
To: Nik Clayton <nik@FreeBSD.ORG>
Cc: Matthew Dillon <dillon@apollo.backplane.com>,
	"M. Warner Losh" <imp@bsdimp.com>, sam@errno.com, mux@FreeBSD.ORG,
	obrien@FreeBSD.ORG, current@FreeBSD.ORG
Subject: Re: ipfw userland breaks again.
Message-ID: <20021216173214.GA34320@sunbay.com>
References: <200212150015.gBF0FlbS066547@apollo.backplane.com> <20021215.111441.05985858.imp@bsdimp.com> <200212151826.gBFIQMpo081407@apollo.backplane.com> <20021215.115657.90648628.imp@bsdimp.com> <200212151908.gBFJ811I081774@apollo.backplane.com> <20021215204723.GE2816@clan.nothing-going-on.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="Dxnq1zWXvFF0Q93v"
Content-Disposition: inline
In-Reply-To: <20021215204723.GE2816@clan.nothing-going-on.org>
User-Agent: Mutt/1.5.1i
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG


--Dxnq1zWXvFF0Q93v
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Dec 15, 2002 at 08:47:23PM +0000, Nik Clayton wrote:
> On Sun, Dec 15, 2002 at 11:08:01AM -0800, Matthew Dillon wrote:
> >=20
> > :
> > ::    This is complete BULLSHIT, Warner. =20
> > :
> > :Your attitude it totally unacceptible.  Learn to play well with
> > :others, or get the fuck out of the project.
> >=20
> >      Really?  You think I should learn to play well with others?  You
> >      think it's appropriate to request that I spend a man week rewriting
> >      an API?  You really do?  You think it's appropriate to bring up a=
=20
> >      bogus security issue when its obvious that no security issue exist=
s,
> >      abusing your power in that manner is playing well with others?  Th=
is
> >      is Warner of core?
>=20
> I think it's more appropriate if you put=20
>=20
>     options IPFIREWALL_DEFAULT_TO_ACCEPT
>=20
> on any boxes where you're running test code.  That's much more
> acceptable than committing a kludge with a poor choice of name after
> minimal discussion when efforts would be better spent working on other
> rough edges in the run up to 5-release.
>=20
There were times, even within RELENG_4 lifecycle, when IPFW ABI
was broken, making it really hard to remotely upgrade IPFW boxes,
as we're required to boot with the new kernel before doing an
installworld.  It once costed me about 12 hours of downtime of
our Australian production box.

This is from the -STABLE's UPDATING:

20010109:
        ipfw interface changed.  Make sure that the userland and kernel mat=
ch
        or you won't have the firewall rules you think you do.

19990620:
        IPFW uid/gid-based filtering support has been committed. This
        breaks binary compatibility with previous copies of
        ipfw(8). Any utilities using the ioctl()s of ipfw (especially
        ipfw(8)) need to be recompiled with the newest headers
        installed.

19980725:
        The ipfw interface to the kernel has changed.  You will need to
        recompile ipfw programs for the new kernel.


Cheers,
--=20
Ruslan Ermilov		Sysadmin and DBA,
ru@sunbay.com		Sunbay Software AG,
ru@FreeBSD.org		FreeBSD committer,
+380.652.512.251	Simferopol, Ukraine

http://www.FreeBSD.org	The Power To Serve
http://www.oracle.com	Enabling The Information Age

--Dxnq1zWXvFF0Q93v
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE9/g4eUkv4P6juNwoRAoKXAJ9h5UGCUkNmBnAiU1AeOt9kVzccXgCfQI7i
NLjjrU5ANa8FH2FjnJ8UIsk=
=iD7Z
-----END PGP SIGNATURE-----

--Dxnq1zWXvFF0Q93v--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message