From owner-cvs-all@FreeBSD.ORG  Mon Mar  8 20:22:36 2004
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 680)
	id 600F916A4CF; Mon,  8 Mar 2004 20:22:36 -0800 (PST)
In-Reply-To: <565913D0-68E2-11D8-AE91-000A95AD0668@errno.com>
To: Sam Leffler <sam@errno.com>
Date: Mon, 8 Mar 2004 20:22:36 -0800 (PST)
X-Mailer: ELM [version 2.4ME+ PL112 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII
Message-Id: <20040309042236.600F916A4CF@hub.freebsd.org>
From: darrenr@FreeBSD.ORG (Darren Reed)
cc: Max Laier <mlaier@FreeBSD.org>
cc: Andre Oppermann <andre@FreeBSD.org>
cc: Steve Kargl <sgk@troutmask.apl.washington.edu>
cc: Luigi Rizzo <rizzo@icir.org>
cc: cvs-all@FreeBSD.org
cc: src-committers@FreeBSD.org
cc: Tim Robbins <tjr@FreeBSD.org>
cc: cvs-src@FreeBSD.org
Subject: Re: cvs commit: src/sys/contrib/pf/net if_pflog.c
	if_pflog.hif_pfsync.c src/sys/contrib/pf/netinet in4_cksum.c
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Mar 2004 04:22:36 -0000

In some mail I received from Sam Leffler, sie wrote
> 
> I made two attempts to eliminate all the ipfw-, dummmynet-, and 
> bridge-specific code in the ip protocols but never got stuff to the 
> point where I was willing to commit it.  My main motivation for doing 
> this was to eliminate much of the incestuous behaviour so that you 
> could reason about locking requirements but there were other benefits 
> (e.g. I was also trying to make the ip code more "firewall agnostic").  
> The changes involved replacing the well-known function pointers with 
> PFIL_HOOKS, restructuring code and API's so non-ip code could move out 
> of the ip protocol code, and the elimination of MT_TAG mbufs.  Max 
> followed through getting the latter committed (thanks, great work!) and 
> I hope to return to this when I've got free time.

If it helps, Sam, you've got my support in doing this :)  I had a go at
doing this and I think the summary was:
- build a wrapper function for ipfw
- change the pfil interface from the network stack to include an
  extra parameter with all the guff for ipfw

And through the use of the wrappers, there was no need to change ipfw
or ipfilter code.  I suppose that sounds easy (for the casual reader)
but that's like all things that look easy :)  If you want help with
this, just hollar.

Darren