HEADSUP: PFIL_HOOKS/ipfilter changes
Michael Nottebrock
michaelnottebrock at gmx.net
Tue Sep 23 21:42:53 PDT 2003
Sam Leffler wrote:
> It was not "due for 5.0" or any subsequent release. It was requested by
> certain developers and I requested that they demonstrate that adding it to
> the GENERIC system would not noticeably impact non-PFIL_HOOKS users.
>
> I intend to convert certain network subsystems to use PFIL_HOOKS instead of
> their (current) adhoc techniques. This will mean that PFIL_HOOKS will be a
> necessary part of the system and so will be in the GENERIC kernel.
PFIL_HOOKS has been necessary in order to use the ipfilter kernel module,
since 5.0-R and before, IIRC. The fact that a kernel customization and
recompile was needed because of the missing PFIL_HOOKS in GENERIC for two
releases in a row is a bug, and it ought to be fixed.
(On a related note, the ipfilter kernel module itself is still built without
IPV6 support - is there a particular reason for this?)
--
,_, | Michael Nottebrock | lofi at freebsd.org
(/^ ^\) | FreeBSD - The Power to Serve | http://www.freebsd.org
\u/ | K Desktop Environment on FreeBSD | http://freebsd.kde.org
More information about the freebsd-current
mailing list