cvs commit: src/sys/contrib/pf/net if_pflog.c
if_pflog.hif_pfsync.c src/sys/contrib/pf/netinet in4_cksum.c
Darren Reed
darrenr at FreeBSD.ORG
Mon Mar 8 20:22:36 PST 2004
In some mail I received from Sam Leffler, sie wrote
>
> I made two attempts to eliminate all the ipfw-, dummmynet-, and
> bridge-specific code in the ip protocols but never got stuff to the
> point where I was willing to commit it. My main motivation for doing
> this was to eliminate much of the incestuous behaviour so that you
> could reason about locking requirements but there were other benefits
> (e.g. I was also trying to make the ip code more "firewall agnostic").
> The changes involved replacing the well-known function pointers with
> PFIL_HOOKS, restructuring code and API's so non-ip code could move out
> of the ip protocol code, and the elimination of MT_TAG mbufs. Max
> followed through getting the latter committed (thanks, great work!) and
> I hope to return to this when I've got free time.
If it helps, Sam, you've got my support in doing this :) I had a go at
doing this and I think the summary was:
- build a wrapper function for ipfw
- change the pfil interface from the network stack to include an
extra parameter with all the guff for ipfw
And through the use of the wrappers, there was no need to change ipfw
or ipfilter code. I suppose that sounds easy (for the casual reader)
but that's like all things that look easy :) If you want help with
this, just hollar.
Darren
More information about the cvs-src
mailing list