From owner-freebsd-ipfw@FreeBSD.ORG Fri Feb 29 07:49:24 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 059F3106569B for ; Fri, 29 Feb 2008 07:49:24 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outN.internet-mail-service.net (outN.internet-mail-service.net [216.240.47.237]) by mx1.freebsd.org (Postfix) with ESMTP id D88978FC14 for ; Fri, 29 Feb 2008 07:49:23 +0000 (UTC) (envelope-from julian@elischer.org) Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160) by out.internet-mail-service.net (qpsmtpd/0.40) with ESMTP; Thu, 28 Feb 2008 23:49:22 -0800 Received: from julian-mac.elischer.org (localhost [127.0.0.1]) by idiom.com (Postfix) with ESMTP id D1CD62D6010; Thu, 28 Feb 2008 23:49:21 -0800 (PST) Message-ID: <47C7B913.5000405@elischer.org> Date: Thu, 28 Feb 2008 23:49:39 -0800 From: Julian Elischer User-Agent: Thunderbird 2.0.0.9 (Macintosh/20071031) MIME-Version: 1.0 To: vadim_nuclight@mail.ru References: <20080228151134.GA73358@tin.it> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org Subject: Re: [patch] ipfw_nat as a kld module X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Feb 2008 07:49:24 -0000 Vadim Goncharov wrote: > Hi Paolo Pisati! > > On Thu, 28 Feb 2008 16:11:34 +0100; Paolo Pisati wrote about '[patch] ipfw_nat as a kld module': > >> http://people.freebsd.org/~piso/ipfw_nat_module.patch >> Any objection if i commit it? > > Some comments: > > * //comments are not in out style(9) in case this is cryptic to you.. do "man 9 style" > * IPFW_NAT_LOADED - again style(9), CAPSLOCK is used for constants > * lookup_nat() duplication - it is short, may be turn to #define macro in .h? > * struct ip_fw_chain moved to .h and no longer static, is this good? > I suggest to move into it's own static chain in module, see next > * Instead of returning IP_FW_NAT function is called immediately from > ipfw_chk(). This inconsistent with other modules of this sort, like divert > and dummynet, where ipfw_chk() simply returns value and cookie to > ipfw_check_*() functions in _pfil.c. If it is done like that, ip_fw2.c > is dependent on modules in minimal way, as many of structures and code > as possible should be moved to modules. This allows to change module > without recompiling main ipfw - for example, your lookup_nat() and > LIST_HEAD from ip_fw_chain could reside entirely in module - then it would > be possible to easily switch from LIST to hash of some kind (imagine 500 > NAT instances). And so on. > > Maybe I missed some points as I was looking briefly... >