[feature] ipfw verrevpath/versrcreach?

[Łukasz Bromirski]

Yann Berthier wrote:

>    Is there reasons to not implement conditionaly these checks (the
>    strict and the loose mode) in the stack itself, in the same vein than
>    say ithe blackhole or the drop_synfin checks ? Just curious - but
>    uRPF filtering can be very handy, and i don't need full-fledged
>    filtering on every machine.

Yes, after some work on the pf sources I realized that doing the
uRPF work in ip_input.c and controlling it for example via sysctl of
some kind would be cleaner - no dependency on packet filtering of any
kind and functionality done once not splattered over few places.

But I asked because my lack of time and experience in coding *BSD.
I'm slowly moving on, but if someone has 15 minutes of his precious
time free and can code it with closed eyes, surely we'd be grateful.

-- 
this space was intentionally left blank    |            Łukasz Bromirski
you can insert your favourite quote here   |        lukasz:bromirski,net