per-interface packet filters, design approach
glebius at freebsd.org
Wed Dec 15 01:11:39 PST 2004
On Tue, Dec 14, 2004 at 03:03:27PM +0100, Andre Oppermann wrote:
A> d1. The PFIL_HOOKS API has one hook per direction per protocol and
A> passes the interface information to the firewall package.
A> d2. Should the PFIL_HOOKS API be changed and be per interface instead
A> of per protocol? All firewall packages need to be modified and
A> we are no longer compatible with the PFIL_HOOKS API.
Andre, you are the person, who is optimizing our IP stack. Can you ask
this question, please: if the interface has no filters associated with it,
why the hell the packets running on it would enter firewall functions?
Totus tuus, Glebius.
More information about the freebsd-net