From owner-freebsd-hackers  Sat Apr  5 02:45:17 1997
Return-Path: <owner-hackers>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id CAA01669
          for hackers-outgoing; Sat, 5 Apr 1997 02:45:17 -0800 (PST)
Received: from pdx1.world.net (pdx1.world.net [192.243.32.18])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id CAA01663
          for <hackers@freebsd.org>; Sat, 5 Apr 1997 02:45:14 -0800 (PST)
From: proff@suburbia.net
Received: from suburbia.net (suburbia.net [203.4.184.1]) by pdx1.world.net (8.7.5/8.7.3) with SMTP id CAA12439 for <hackers@freebsd.org>; Sat, 5 Apr 1997 02:47:24 -0800 (PST)
Received: (qmail 22328 invoked by uid 110); 5 Apr 1997 10:44:22 -0000
Message-ID: <19970405104422.22327.qmail@suburbia.net>
Subject: ipfilter
To: hackers@freebsd.org
Date: Sat, 5 Apr 1997 20:44:22 +1000 (EST)
X-Mailer: ELM [version 2.4ME+ PL28 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


I have almost completed my ipfilter-current integration. If anyone
has any outstanding code can they please send it to me.

ps. darren: I'm considering breaking out nearly all of your #includes into
	    seven different files:

		conf.h
		dns.h
		netkern.h
		kernel.h
		types.h
		netinet.h
		user.h

	At the moment the <includes> are a mess and not easily maintainable
	across platforms. The changes in FreeBSD's include files don't
	help, but ipfilter should be able to adapt more easily to
	such conflicts.

	I still haven't nailed the mbuf leak in the tcp-state
	following code.  I've stopped the various panics that occur
	when pass returns strange values, nonetheless ipf was happy
	to eat over a 1000k in data mbuf's with only a few dozen
	concurrently active connections last night, and a high-water
	(according to ipfstat) of 78 connections.

e.g

	1408/1440 mbufs in use:
		1391 mbufs allocated to data
		1 mbufs allocated to packet headers
		13 mbufs allocated to protocol control blocks
		3 mbufs allocated to socket names and addresses
	313/318 mbuf clusters in use
	816 Kbytes allocated to network (98% in use)
	0 requests for memory denied
	0 requests for memory delayed
	0 calls to protocol drain routines

--
Prof. Julian Assange  |If you want to build a ship, don't drum up people
		      |together to collect wood and don't assign them tasks
proff@suburbia.net    |and work, but rather teach them to long for the endless
proff@gnu.ai.mit.edu  |immensity of the sea. -- Antoine de Saint Exupery