[CFR] unified rc.firewall
Hajimu UMEMOTO
ume at FreeBSD.org
Mon Nov 23 15:14:06 UTC 2009
Hi,
>>>>> On Sun, 22 Nov 2009 11:12:33 -0800
>>>>> Doug Barton <dougb at FreeBSD.org> said:
dougb> In rc.firewall you seem to have copied afexists() from network.subr.
dougb> Is there a reason that you did not simply source that file? That would
dougb> be the preferred method. Also in that file you call "if afexists
dougb> inet6" quite a few times. My preference from a performance standpoint
dougb> would be to call it once, perhaps in a start_precmd then cache the value.
Thank you for the comments.
Ah, yes, afexists() is only in 9-CURRENT, and is not MFC'ed into 8,
yet. So, I thought the patch should be able to work on both 9 and 8,
for review. I've changed to source network.subr for afexists().
Calling afexists() several times was not good idea. So, I've changed
to call afexists() just once.
The new patch is attached.
dougb> And of course, you have regression tested this thoroughly, yes? :)
dougb> Please include scenarios where there is no INET6 in the kernel as well.
Okay, I've tested it on INET6-less kernel, as well.
Sincerely,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipfw-unify.diff
Type: text/x-patch
Size: 15186 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20091123/527401d3/ipfw-unify.bin
-------------- next part --------------
--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume at mahoroba.org ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/
More information about the freebsd-current
mailing list