From owner-svn-src-head@freebsd.org  Fri Apr 14 00:20:56 2017
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id BF3D0D3CE71;
 Fri, 14 Apr 2017 00:20:56 +0000 (UTC)
 (envelope-from glebius@FreeBSD.org)
Received: from cell.glebi.us (glebi.us [96.95.210.25])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "cell.glebi.us", Issuer "cell.glebi.us" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id A7C9B28C;
 Fri, 14 Apr 2017 00:20:56 +0000 (UTC)
 (envelope-from glebius@FreeBSD.org)
Received: from cell.glebi.us (localhost [127.0.0.1])
 by cell.glebi.us (8.15.2/8.15.2) with ESMTPS id v3E0KtiZ048427
 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
 Thu, 13 Apr 2017 17:20:55 -0700 (PDT)
 (envelope-from glebius@FreeBSD.org)
Received: (from glebius@localhost)
 by cell.glebi.us (8.15.2/8.15.2/Submit) id v3E0KtjJ048426;
 Thu, 13 Apr 2017 17:20:55 -0700 (PDT)
 (envelope-from glebius@FreeBSD.org)
X-Authentication-Warning: cell.glebi.us: glebius set sender to
 glebius@FreeBSD.org using -f
Date: Thu, 13 Apr 2017 17:20:55 -0700
From: Gleb Smirnoff <glebius@FreeBSD.org>
To: Julian Elischer <julian@freebsd.org>
Cc: "Andrey V. Elsukov" <ae@FreeBSD.org>, src-committers@freebsd.org,
 svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject: Re: svn commit: r316435 - in head: sbin/ipfw sys/conf sys/modules
 sys/modules/ipfw_pmod sys/netpfil/ipfw/pmod
Message-ID: <20170414002055.GG1033@FreeBSD.org>
References: <201704030307.v3337mfs039014@repo.freebsd.org>
 <2fb0e146-8486-09c3-0c44-75c71a74fc2f@freebsd.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <2fb0e146-8486-09c3-0c44-75c71a74fc2f@freebsd.org>
User-Agent: Mutt/1.8.0 (2017-02-23)
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Apr 2017 00:20:56 -0000

On Mon, Apr 03, 2017 at 10:12:11PM +0800, Julian Elischer wrote:
J> On 3/4/17 11:07 am, Andrey V. Elsukov wrote:
J> > Author: ae
J> > Date: Mon Apr  3 03:07:48 2017
J> > New Revision: 316435
J> > URL: https://svnweb.freebsd.org/changeset/base/316435
J> 
J> it was always my intention to hook netgraph modules into ipfw in this way

Yes, ng_tcpmss (written in 2004) and ng_ipfw (written in 2005) allow to do that.
However, this comes with extra CPU cycles, and design flaws. Packet filter is
functional and synchronous, while netgraph isn't. Coupling them requires
hacks.

So nothing wrong in ipfw module.


-- 
Totus tuus, Glebius.