cvs commit: src/sys/contrib/pf/net if_pflog.c if_pflog.h
if_pfsync.c if_pfsync.h pf.c pf_ioctl.c pf_norm.c pf_osfp.c pf_table.c
pfvar.h src/sys/contrib/pf/netinet in4_cksum.c
Dag-ErlingSmørgrav
des at des.no
Fri Feb 27 00:28:13 PST 2004
Sam Leffler <sam at errno.com> writes:
> I made two attempts to eliminate all the ipfw-, dummmynet-, and
> bridge-specific code in the ip protocols but never got stuff to the
> point where I was willing to commit it. My main motivation for doing
> this was to eliminate much of the incestuous behaviour so that you
> could reason about locking requirements but there were other benefits
> (e.g. I was also trying to make the ip code more "firewall agnostic").
The ideal solution would be to convert the entire networking stack to
netgraph nodes; we could then insert filter nodes at any point in the
graph.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the cvs-src
mailing list