cvs commit: src/sys/conf files options src/sys/modules/ipfw Makefile src/sys/net bridge.c src/sys/netgraph ng_bridge.c src/sys/netinet ip_divert.c ip_dummynet.c ip_dummynet.h ip_fastfwd.c ip_fw.h ip_fw2.c ip_fw_pfil.c ip_input.c ip_output.c ...

Andre Oppermann andre at freebsd.org
Tue Aug 17 16:46:11 PDT 2004 

Sam Leffler wrote:
> 
> On Tuesday 17 August 2004 04:34 pm, Andre Oppermann wrote:
> > Max Laier wrote:
> > > On Wednesday 18 August 2004 00:05, Andre Oppermann wrote:
> > > > andre       2004-08-17 22:05:54 UTC
> > > >
> > > >   FreeBSD src repository
> > > >
> > > >   Modified files:
> > > >     sys/conf             files options
> > > >     sys/modules/ipfw     Makefile
> > > >     sys/net              bridge.c
> > > >     sys/netgraph         ng_bridge.c
> > > >     sys/netinet          ip_divert.c ip_dummynet.c ip_dummynet.h
> > > >                          ip_fastfwd.c ip_fw.h ip_fw2.c ip_input.c
> > > >                          ip_output.c ip_var.h raw_ip.c tcp_input.c
> > > >                          tcp_sack.c
> > > >     sys/sys              mbuf.h
> > > >   Added files:
> > > >     sys/netinet          ip_fw_pfil.c
> > > >   Log:
> > > >   Convert ipfw to use PFIL_HOOKS.
> > >
> > > Excellent!!! Great!!!! Thank you!!!
> > >
> > > I don't like the hack to bridge.c, but that's marked XXX so I guess you
> > > don't either. I hope we can clean this up for RELENG_5_3, though.
> >
> > No, I don't like it at all.  I have some code ready but did not have time
> > to test it before code freeze.  What I want to do is a PFIL_HOOK with
> > protocol AF_ETHER which gives you the full layer2 header in the packet.
> > What the packet filter does with it is up its implementation.  For example
> > it might ignore everthing but IP packets or provide ether header matching
> > functionality or such.
> >
> > I think we (mlaier and me) could cook this up within a week.  Though I'm
> > not sure much RE is going to like this kind of changes at this time.
> 
> My original version of this work added several new pfil hooks for stuff like
> this.

Do you have your orginal work still somewhere around to have a look at?
I'd like to avoid to re-invent the wheel if possible. ;-)

-- 
Andre

More information about the cvs-src mailing list