Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 08 May 2004 14:02:48 -0400
From:      Richard Coleman <richardcoleman@mindspring.com>
To:        Luigi Rizzo <rizzo@icir.org>
Cc:        Sam Leffler <sam@errno.com>
Subject:   Re: cvs commit: src/sys/netinet ip_fastfwd.c ip_input.c ip_var.h
Message-ID:  <409D20C8.6090105@mindspring.com>
In-Reply-To: <20040508101459.A98855@xorpc.icir.org>
References:  <200405061846.i46Ik3Jc060969@repoman.freebsd.org> <20040506185854.GB1777@madman.celabo.org> <20040507072031.GA48708@hub.freebsd.org> <200405070755.36055.sam@errno.com> <20040508152531.GA96827@hub.freebsd.org> <20040508101459.A98855@xorpc.icir.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Luigi Rizzo wrote:

> On the principle, I tend to agree with Darren here... it is not nice
> to replicate functionality in multiple places by using specialized
> code instead of relying on (and possibly optimizing) the generic one.
> It makes a lot harder to clean up the replication later, and i
> believe Andre knows that quite well given the cleanup work he has
> done in the past in the network stack.
> 
> I don't think it is worth making a bit fuss about this particular 
> change, but certainly, as a general principle, we should try as much
> as possible to use the generic mechanisms when available -- 
> especialliy given that performance killers are elsewhere (locking 
> etc.).
> 
> cheers luigi

I'm going to move this over to -net, since I don't want to reply to the 
cvs list.

One question I always have about these type of sysctl (and a couple 
kernel compile options) is that it is never clear how they interact with 
the various firewalls.  I personally use ipfilter, but would have the 
same questions whether I was using pf or ipfw.  Do these happen before 
or after the firewall?  If I'm using a firewall, are these redundant?

A quick glance raises this question about net.inet.tcp.blackhole, 
net.inet.udp.blackhole, IPSTEALTH, and TCP_DROP_SYNFIN.  I'm sure there 
are others.

Richard Coleman
richardcoleman@mindspring.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?409D20C8.6090105>