cvs commit: src/sys/contrib/pf/net if_pflog.c if_pflog.h
if_pfsync.c if_pfsync.h pf.c pf_ioctl.c pf_norm.c pf_osfp.c
pf_table.c pfvar.h src/sys/contrib/pf/netinet in4_cksum.c
Sam Leffler
sam at errno.com
Fri Feb 27 08:18:25 PST 2004
On Friday 27 February 2004 12:28 am, Dag-Erling Smørgrav wrote:
> Sam Leffler <sam at errno.com> writes:
> > I made two attempts to eliminate all the ipfw-, dummmynet-, and
> > bridge-specific code in the ip protocols but never got stuff to the
> > point where I was willing to commit it. My main motivation for doing
> > this was to eliminate much of the incestuous behaviour so that you
> > could reason about locking requirements but there were other benefits
> > (e.g. I was also trying to make the ip code more "firewall agnostic").
>
> The ideal solution would be to convert the entire networking stack to
> netgraph nodes; we could then insert filter nodes at any point in the
> graph.
I consider netgraph a fine prototyping system. I think that using it for this
purpose would be a mistake.
Sam
More information about the cvs-src
mailing list