New preview patch for ipfw to pfil_hooks conversion

Maxim Konovalov maxim at
Tue Jun 22 08:15:41 GMT 2004

Hi Andre,

On Mon, 21 Jun 2004, 23:36+0200, Andre Oppermann wrote:

> Here is the next preview patch for the ipfw to pfil_hooks conversion:
> This patch significantly cleans up ip_input.c and ip_output.c.
> The following is included in this patch:
>   o Remove all ipfw related cruft from ip_input() and ip_output()
>   o New ip_fw_pfil.c file which contains all ipfw/pfil_hooks logic
>  o ipfw firewalling, divert and dummynet works fine
>   o ipfw forward is not yet implemented again (comes next)
>   o ipfw layer2 is not yet implemented again (comes next)
>  o ip_reass() is a self-contained function now (external code only relocated)
>   o All IP Options related functions of ip_input/ip_output are moved into
>   their
>     own ip_options.[ch] file to have them together in one place
>  o Some other small work in progress

Is it possible to split that ~100KB patch in a logic chunks?  One for
phil_hook, one for ip_pcbopt, one for ip_reass etc.  Much easier to
review and commit them later.

> Consider this a FYI.  It is very much a WIP at the moment.  I want
> to get this into the tree in before 5.3 code freeze.

In fact, our real world tests shown the current -CURRENT comparing to
RELENG_5_2 is in a very bad shape.  Is it really worth to commit that
mostly cleanup code before say 6-CURRENT with a chance to
destabilizate -CURRENT a bit more?

Maxim Konovalov

