Date: Fri, 27 Feb 2004 19:51:03 -0600 From: juli mallett <jmallett@FreeBSD.org> To: Alexey Dokuchaev <danfe@nsu.ru> Cc: Sam Leffler <sam@errno.com> Subject: Re: cvs commit: src/sys/contrib/pf/net if_pflog.c if_pflog.h if_pfsync.c if_pfsync.h pf.c pf_ioctl.c pf_norm.c pf_osfp.c pf_table.c pfvar.h src/sys/contrib/pf/netinet in4_cksum.c Message-ID: <20040228015103.GA70336@FreeBSD.org> In-Reply-To: <20040228013737.GA15560@regency.nsu.ru> References: <200402260234.i1Q2YDx1014240@repoman.freebsd.org> <565913D0-68E2-11D8-AE91-000A95AD0668@errno.com> <xzpptc10vvv.fsf@dwp.des.no> <200402270818.12553.sam@errno.com> <20040228013737.GA15560@regency.nsu.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
* Alexey Dokuchaev <danfe@nsu.ru> [ Date: 2004-02-27 ] [ w.r.t. Re: cvs commit: src/sys/contrib/pf/net if_pflog.c if_pflog.h if_pfsync.c if_pfsync.h pf.c pf_ioctl.c pf_norm.c pf_osfp.c pf_table.c pfvar.h src/sys/contrib/pf/netinet in4_cksum.c ] > On Fri, Feb 27, 2004 at 08:18:12AM -0800, Sam Leffler wrote: > > On Friday 27 February 2004 12:28 am, Dag-Erling Sm?rgrav wrote: > > > Sam Leffler <sam@errno.com> writes: > > > > I made two attempts to eliminate all the ipfw-, dummmynet-, and > > > > bridge-specific code in the ip protocols but never got stuff to the > > > > point where I was willing to commit it. My main motivation for doing > > > > this was to eliminate much of the incestuous behaviour so that you > > > > could reason about locking requirements but there were other benefits > > > > (e.g. I was also trying to make the ip code more "firewall agnostic"). > > > > > > The ideal solution would be to convert the entire networking stack to > > > netgraph nodes; we could then insert filter nodes at any point in the > > > graph. > > > > I consider netgraph a fine prototyping system. I think that using it for this > > purpose would be a mistake. > > Hmm, may I ask what do you mean by "prototyping system" in this context? You can tie things together without much effort and with great modularity and with the ability to promiscuously pass through, etc., to begin to develop an application, but eventually, the overhead of a pipe/stream alike message-passing system which is not highly parallel or fast is not very attractive. -- juli mallett. email: jmallett@freebsd.org; efnet: juli; o/~ sweet talk like candy rots teeth o/~
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040228015103.GA70336>