Date: Thu, 23 Apr 1998 01:51:25 +0200 From: Eivind Eklund <eivind@yes.no> To: darrenr@reed.wattle.id.au Cc: cvs-committers@FreeBSD.ORG Subject: Re: cvs commit: src/sys/netinet ip_fw.c Message-ID: <19980423015125.15103@follo.net> In-Reply-To: <9804222327.AA01355@avalon.reed.wattle.id.au.>; from darrenr@reed.wattle.id.au on Thu, Apr 23, 1998 at 01:50:05AM %2B1000 References: <19980422155133.57092@follo.net> <9804222327.AA01355@avalon.reed.wattle.id.au.>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Apr 23, 1998 at 01:50:05AM +1000, darrenr@reed.wattle.id.au wrote: > In some email I received from Eivind Eklund, sie wrote: > > > > On Tue, Apr 21, 1998 at 04:31:13PM -0700, Julian Elischer wrote: > > > why? > > > if you recompile it with a new structure... > > > > That's what I'm saying - it blow the userland interface. It means > > that anything using IPFW has to track the kernel version exactly. > > There are numerous programs like this already - ps, netstat, top, etc. > > I'd say "deal with it". ps et.al. aren't that critical. Sure, it suck that they are that way, but if ps is broken, _you can still get to the machine_. This is not the case with IPFW. Having a structure-dependent interface for the firewall is IMO not acceptable. I'm planning (have started) to do something about it locally; I'd like to throw that code into FreeBSD, but I'd like to know I'm not alone in thinking that an abstracted, slighly slower interface for adding rules is a good change. > > > I agree on the new interface, but the limit on the structure size > > > was that each file rule had to fit into an mbuf. > > see NetBSD's pfil(9) for a starting point. This is nice for an in-kernel interface, but it would be good to have a unified userland interface, too. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980423015125.15103>