From owner-cvs-all  Mon Jul  8  1:32:36 2002
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 89D2037B400
	for <cvs-all@FreeBSD.org>; Mon,  8 Jul 2002 01:32:30 -0700 (PDT)
Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch [62.48.0.70])
	by mx1.FreeBSD.org (Postfix) with SMTP id C96E543E42
	for <cvs-all@FreeBSD.org>; Mon,  8 Jul 2002 01:32:28 -0700 (PDT)
	(envelope-from oppermann@pipeline.ch)
Received: (qmail 78760 invoked from network); 8 Jul 2002 08:31:22 -0000
Received: from unknown (HELO pipeline.ch) ([62.48.0.54]) (envelope-sender <oppermann@pipeline.ch>)
          by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP
          for <luigi@FreeBSD.org>; 8 Jul 2002 08:31:22 -0000
Message-ID: <3D294DC2.F7E46CCE@pipeline.ch>
Date: Mon, 08 Jul 2002 10:30:58 +0200
From: Andre Oppermann <oppermann@pipeline.ch>
X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Luigi Rizzo <luigi@FreeBSD.org>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/netinet ip_fw.h ip_fw2.c src/sbin/ipfw ipfw2.c
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

> luigi       2002/07/05 15:43:06 PDT
> 
>   Modified files:
>     sys/netinet          ip_fw.h ip_fw2.c 
>     sbin/ipfw            ipfw2.c 
>   Log:
>   Implement the last 2-3 missing instructions for ipfw,
>   now it should support all the instructions of the old ipfw.
>   
>   Fix some bugs in the user interface, /sbin/ipfw.
>   
>   Please check this code against your rulesets, so i can fix the
>   remaining bugs (if any, i think they will be mostly in /sbin/ipfw).
>   
>   Once we have done a bit of testing, this code is ready to be MFC'ed,
>   together with a bunch of other changes (glue to ipfw, and also the
>   removal of some global variables) which have been in -current for
>   a couple of weeks now.
>   
>   MFC after: 7 days

May I ask for some more time testing in -current? This is security
critical code and many people depend on its correctness in -stable.
Not that your new code is bad but it's a lot of new code and history
tells that there are some bugs in it.

Do you have run it through test suites to verify it's correctness
and that behaves the exactly the same as old ipfw? Maybe OpenBSD has
some test sets they used to verify pf.

-- 
Andre

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message