From owner-freebsd-hackers  Mon Apr  5  7:38:42 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from sasami.jurai.net (sasami.jurai.net [207.153.65.3])
	by hub.freebsd.org (Postfix) with ESMTP id 1DB2F14D21
	for <hackers@FreeBSD.ORG>; Mon,  5 Apr 1999 07:38:36 -0700 (PDT)
	(envelope-from winter@jurai.net)
Received: from localhost (winter@localhost)
	by sasami.jurai.net (8.8.8/8.8.7) with SMTP id KAA16754;
	Mon, 5 Apr 1999 10:36:27 -0400 (EDT)
Date: Mon, 5 Apr 1999 10:36:27 -0400 (EDT)
From: "Matthew N. Dodd" <winter@jurai.net>
To: Brian Feldman <green@unixhelp.org>
Cc: hackers@FreeBSD.ORG
Subject: Re: ipfw uid mods (seemingly) done
In-Reply-To: <Pine.BSF.4.05.9904050141480.30815-100000@janus.syracuse.net>
Message-ID: <Pine.BSF.4.02.9904050915160.2158-100000@sasami.jurai.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, 5 Apr 1999, Brian Feldman wrote:
>   I'd like some more testing of the ipfw uid mods (found at
> http://janus.syracuse.net/~green/public_html/ipfw_uid.patch) before
> I'm truly comfortable that it's fine and dandy.  I added incoming
> packet support today, as you can see:

If you're going to bloat the size of an m_buf, why not store a pid_t
instead of a uid_t?  This means you'll have to make up a struct to hold
all of the values to match rules against in ip_fw (might I suggest a
value/context type arrangement here as a single rule never need match more
than a single gid/uid/euid/egid etc.

-- 
| Matthew N. Dodd  | 78 280Z | 75 164E | 84 245DL | FreeBSD/NetBSD/Sprite/VMS |
| winter@jurai.net |      This Space For Rent     | ix86,sparc,m68k,pmax,vax  |
| http://www.jurai.net/~winter | Are you k-rad elite enough for my webpage?   |



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message