From owner-freebsd-net@FreeBSD.ORG Sat May 8 11:02:38 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6691D16A4CE; Sat, 8 May 2004 11:02:38 -0700 (PDT) Received: from audiogram.mail.pas.earthlink.net (audiogram.mail.pas.earthlink.net [207.217.120.253]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1018543D3F; Sat, 8 May 2004 11:02:36 -0700 (PDT) (envelope-from richardcoleman@mindspring.com) Received: from c-24-99-11-212.atl.client2.attbi.com ([24.99.11.212] helo=mindspring.com) by audiogram.mail.pas.earthlink.net with asmtp (Exim 3.36 #4) id 1BMW9j-0005wg-00; Sat, 08 May 2004 11:02:35 -0700 Message-ID: <409D20C8.6090105@mindspring.com> Date: Sat, 08 May 2004 14:02:48 -0400 From: Richard Coleman Organization: Critical Magic, Inc. User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Luigi Rizzo References: <200405061846.i46Ik3Jc060969@repoman.freebsd.org> <20040506185854.GB1777@madman.celabo.org> <20040507072031.GA48708@hub.freebsd.org> <200405070755.36055.sam@errno.com> <20040508152531.GA96827@hub.freebsd.org> <20040508101459.A98855@xorpc.icir.org> In-Reply-To: <20040508101459.A98855@xorpc.icir.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-ELNK-Trace: 1ee258965991efcb0865379cdb43356e5e89bb4777695beb702e37df12b9c9ef5bb5dedf8f7f96bc0f8f4cba1cb2b6e1350badd9bab72f9c350badd9bab72f9c cc: "Jacques A. Vidrine" cc: freebsd-net@FreeBSD.org cc: Darren Reed cc: Andre Oppermann cc: Sam Leffler Subject: Re: cvs commit: src/sys/netinet ip_fastfwd.c ip_input.c ip_var.h X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: richardcoleman@mindspring.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 May 2004 18:02:38 -0000 Luigi Rizzo wrote: > On the principle, I tend to agree with Darren here... it is not nice > to replicate functionality in multiple places by using specialized > code instead of relying on (and possibly optimizing) the generic one. > It makes a lot harder to clean up the replication later, and i > believe Andre knows that quite well given the cleanup work he has > done in the past in the network stack. > > I don't think it is worth making a bit fuss about this particular > change, but certainly, as a general principle, we should try as much > as possible to use the generic mechanisms when available -- > especialliy given that performance killers are elsewhere (locking > etc.). > > cheers luigi I'm going to move this over to -net, since I don't want to reply to the cvs list. One question I always have about these type of sysctl (and a couple kernel compile options) is that it is never clear how they interact with the various firewalls. I personally use ipfilter, but would have the same questions whether I was using pf or ipfw. Do these happen before or after the firewall? If I'm using a firewall, are these redundant? A quick glance raises this question about net.inet.tcp.blackhole, net.inet.udp.blackhole, IPSTEALTH, and TCP_DROP_SYNFIN. I'm sure there are others. Richard Coleman richardcoleman@mindspring.com