Date: Fri, 27 Feb 2004 08:18:12 -0800 From: Sam Leffler <sam@errno.com> To: des@des.no (Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?=) Cc: cvs-src@FreeBSD.org Subject: Re: cvs commit: src/sys/contrib/pf/net if_pflog.c if_pflog.h if_pfsync.c if_pfsync.h pf.c pf_ioctl.c pf_norm.c pf_osfp.c pf_table.c pfvar.h src/sys/contrib/pf/netinet in4_cksum.c Message-ID: <200402270818.12553.sam@errno.com> In-Reply-To: <xzpptc10vvv.fsf@dwp.des.no> References: <200402260234.i1Q2YDx1014240@repoman.freebsd.org> <565913D0-68E2-11D8-AE91-000A95AD0668@errno.com> <xzpptc10vvv.fsf@dwp.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 27 February 2004 12:28 am, Dag-Erling Sm=F8rgrav wrote: > Sam Leffler <sam@errno.com> writes: > > I made two attempts to eliminate all the ipfw-, dummmynet-, and > > bridge-specific code in the ip protocols but never got stuff to the > > point where I was willing to commit it. My main motivation for doing > > this was to eliminate much of the incestuous behaviour so that you > > could reason about locking requirements but there were other benefits > > (e.g. I was also trying to make the ip code more "firewall agnostic"). > > The ideal solution would be to convert the entire networking stack to > netgraph nodes; we could then insert filter nodes at any point in the > graph. I consider netgraph a fine prototyping system. I think that using it for t= his=20 purpose would be a mistake. Sam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200402270818.12553.sam>