Date: Mon, 24 Jun 2002 22:47:27 -0700 From: "Crist J. Clark" <crist.clark@attbi.com> To: Luigi Rizzo <rizzo@icir.org> Cc: ipfw@FreeBSD.ORG Subject: Re: do we need IPFIREWALL_FORWARD to be optional ? Message-ID: <20020624224727.A50149@blossom.cjclark.org> In-Reply-To: <20020621104900.C81994@iguana.icir.org>; from rizzo@icir.org on Fri, Jun 21, 2002 at 10:49:00AM -0700 References: <20020621104900.C81994@iguana.icir.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jun 21, 2002 at 10:49:00AM -0700, Luigi Rizzo wrote: > I am fixing that part of the netinet/ stack, and i wonder why > do we need to make this optional. > > Once the global variables holding its state are removed, all the > code reduces to a small set of short blocks (which are never entered > if you do not have fwd rules) scattered in ip_input.c ip_output.c > ip_fw.c and tcp_input.c, and I strongly believe that the pain and > obfuscation of having it conditionally compiled is a lot worse than > the modest code size increase. > > Unless there are strong objections, I am going to make it > standard. If you feel up to it, unconditionalize pfil(9) stuff too. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020624224727.A50149>