cvs commit: src/sys/contrib/pf/net if_pflog.c if_pflog.h
if_pfsync.c if_pfsync.h pf.c pf_ioctl.c pf_norm.c pf_osfp.c
pf_table.c pfvar.h src/sys/contrib/pf/netinet in4_cksum.c
Alexey Dokuchaev
danfe at nsu.ru
Fri Feb 27 17:36:28 PST 2004
On Fri, Feb 27, 2004 at 08:18:12AM -0800, Sam Leffler wrote:
> On Friday 27 February 2004 12:28 am, Dag-Erling Sm?rgrav wrote:
> > Sam Leffler <sam at errno.com> writes:
> > > I made two attempts to eliminate all the ipfw-, dummmynet-, and
> > > bridge-specific code in the ip protocols but never got stuff to the
> > > point where I was willing to commit it. My main motivation for doing
> > > this was to eliminate much of the incestuous behaviour so that you
> > > could reason about locking requirements but there were other benefits
> > > (e.g. I was also trying to make the ip code more "firewall agnostic").
> >
> > The ideal solution would be to convert the entire networking stack to
> > netgraph nodes; we could then insert filter nodes at any point in the
> > graph.
>
> I consider netgraph a fine prototyping system. I think that using it for this
> purpose would be a mistake.
Hmm, may I ask what do you mean by "prototyping system" in this context?
./danfe
More information about the cvs-src
mailing list