svn commit: r316435 - in head: sbin/ipfw sys/conf sys/modules sys/modules/ipfw_pmod sys/netpfil/ipfw/pmod
Gleb Smirnoff
glebius at FreeBSD.org
Fri Apr 14 00:20:56 UTC 2017
On Mon, Apr 03, 2017 at 10:12:11PM +0800, Julian Elischer wrote:
J> On 3/4/17 11:07 am, Andrey V. Elsukov wrote:
J> > Author: ae
J> > Date: Mon Apr 3 03:07:48 2017
J> > New Revision: 316435
J> > URL: https://svnweb.freebsd.org/changeset/base/316435
J>
J> it was always my intention to hook netgraph modules into ipfw in this way
Yes, ng_tcpmss (written in 2004) and ng_ipfw (written in 2005) allow to do that.
However, this comes with extra CPU cycles, and design flaws. Packet filter is
functional and synchronous, while netgraph isn't. Coupling them requires
hacks.
So nothing wrong in ipfw module.
--
Totus tuus, Glebius.
More information about the svn-src-all
mailing list