From owner-freebsd-ipfw@FreeBSD.ORG Fri Feb 29 06:05:07 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C97AD1065676 for ; Fri, 29 Feb 2008 06:05:07 +0000 (UTC) (envelope-from freebsd-ipfw@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.freebsd.org (Postfix) with ESMTP id 80A9D8FC22 for ; Fri, 29 Feb 2008 06:05:07 +0000 (UTC) (envelope-from freebsd-ipfw@m.gmane.org) Received: from root by ciao.gmane.org with local (Exim 4.43) id 1JUxte-0000A9-8I for freebsd-ipfw@freebsd.org; Fri, 29 Feb 2008 05:35:02 +0000 Received: from 195.208.174.178 ([195.208.174.178]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 29 Feb 2008 05:35:02 +0000 Received: from vadim_nuclight by 195.208.174.178 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 29 Feb 2008 05:35:02 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-ipfw@freebsd.org From: Vadim Goncharov Date: Fri, 29 Feb 2008 05:21:35 +0000 (UTC) Organization: Nuclear Lightning @ Tomsk, TPU AVTF Hostel Lines: 30 Message-ID: References: <20080228151134.GA73358@tin.it> X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: 195.208.174.178 X-Comment-To: Paolo Pisati User-Agent: slrn/0.9.8.1 (FreeBSD) Sender: news Subject: Re: [patch] ipfw_nat as a kld module X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: vadim_nuclight@mail.ru List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Feb 2008 06:05:07 -0000 Hi Paolo Pisati! On Thu, 28 Feb 2008 16:11:34 +0100; Paolo Pisati wrote about '[patch] ipfw_nat as a kld module': > http://people.freebsd.org/~piso/ipfw_nat_module.patch > Any objection if i commit it? Some comments: * //comments are not in out style(9) * IPFW_NAT_LOADED - again style(9), CAPSLOCK is used for constants * lookup_nat() duplication - it is short, may be turn to #define macro in .h? * struct ip_fw_chain moved to .h and no longer static, is this good? I suggest to move into it's own static chain in module, see next * Instead of returning IP_FW_NAT function is called immediately from ipfw_chk(). This inconsistent with other modules of this sort, like divert and dummynet, where ipfw_chk() simply returns value and cookie to ipfw_check_*() functions in _pfil.c. If it is done like that, ip_fw2.c is dependent on modules in minimal way, as many of structures and code as possible should be moved to modules. This allows to change module without recompiling main ipfw - for example, your lookup_nat() and LIST_HEAD from ip_fw_chain could reside entirely in module - then it would be possible to easily switch from LIST to hash of some kind (imagine 500 NAT instances). And so on. Maybe I missed some points as I was looking briefly... -- WBR, Vadim Goncharov. ICQ#166852181 mailto:vadim_nuclight@mail.ru [Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight]