cvs commit: src/sbin/ipfw ipfw2.c src/sys/netgraph ng_ipfw.cng_ipfw.h src/sys/netinet ip_fw.h ip_fw2.c ip_fw_pfil.c

Gleb Smirnoff glebius at freebsd.org
Thu Feb 10 11:03:38 GMT 2005 

On Thu, Feb 10, 2005 at 11:52:10AM +0100, Andre Oppermann wrote:
A> I have not withdrawn my objections to the non-decoupling upon entering

You haven't replied my email and reminder during more than a week. On last mail
you have said, that you are going to be online in one day.

A> into netgraph.  I think you should decouple the stack upon entering
A> netgraph and not when returning back to ng_ipfw.  It is not neccessary
A> to go back the same way and I can imagine several normal setups where
A> packets may come back through another way leading to recursions and a
A> very (too) deep stack.  NG_SEND_DATA_ONLY() doesn't seem to decouple
A> it but it's hard to follow the netgraph code and I'm not too used to
A> it.  If you can show that NG_SEND_DATA_ONLY() does in fact decouple
A> it then I withdraw this objection.

Andre, all other edge netgraph nodes does not queue packet for ISR.
"Edge node" stands for a node which is an interface between netgraph and
other networking subsystem. It has been proved in practice, that it is not
needed. And in theory, there is no way ro recurse. You say, that you can
describe a normal setup which leads to recursion. I can't. So pls describe it.

A> The other thing is the passing back of errors from netgraph.  Only
A> certain kinds of errors should be reported back and others converted
A> to some default error.  It is very confusing for an application
A> developer to get a very (from his POV) non-sensical error message
A> like ENOTCONN when writing on a socket.  He doesn't have knowledge
A> of the ipfw/netgraph stuff that happens in the kernel and it makes
A> debugging extremely confusing.  In the he blames FreeBSDs socket
A> implementation whereas it was only some error in setting up the
A> netgraph by the administrator.

I have already replied this in net@ list. OK, I'll ask again: Do you want
ng_ipfw_rcvdata() to end with "return (0)"?

A> You've got others to review you stuff and committed it.  But it was
A> pretty clear that I wasn't fully happy with the code yet so please
A> don't put my name into the reviewed-by line then.

You were not responsive more than ten days.

-- 
Totus tuus, Glebius.
GLEBIUS-RIPN GLEB-RIPE

More information about the cvs-src mailing list