From owner-freebsd-ipfw  Mon Jun 24 22:47:35 2002
Delivered-To: freebsd-ipfw@freebsd.org
Received: from sccrmhc02.attbi.com (sccrmhc02.attbi.com [204.127.202.62])
	by hub.freebsd.org (Postfix) with ESMTP id 5EAF137B408
	for <ipfw@FreeBSD.ORG>; Mon, 24 Jun 2002 22:47:31 -0700 (PDT)
Received: from blossom.cjclark.org ([12.234.91.48]) by sccrmhc02.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20020625054730.NQUS10417.sccrmhc02.attbi.com@blossom.cjclark.org>;
          Tue, 25 Jun 2002 05:47:30 +0000
Received: from blossom.cjclark.org (localhost. [127.0.0.1])
	by blossom.cjclark.org (8.12.3/8.12.3) with ESMTP id g5P5lTJK050383;
	Mon, 24 Jun 2002 22:47:29 -0700 (PDT)
	(envelope-from crist.clark@attbi.com)
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.12.3/8.12.3/Submit) id g5P5lRAY050382;
	Mon, 24 Jun 2002 22:47:27 -0700 (PDT)
X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f
Date: Mon, 24 Jun 2002 22:47:27 -0700
From: "Crist J. Clark" <crist.clark@attbi.com>
To: Luigi Rizzo <rizzo@icir.org>
Cc: ipfw@FreeBSD.ORG
Subject: Re: do we need IPFIREWALL_FORWARD to be optional ?
Message-ID: <20020624224727.A50149@blossom.cjclark.org>
Reply-To: "Crist J. Clark" <cjc@FreeBSD.ORG>
References: <20020621104900.C81994@iguana.icir.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <20020621104900.C81994@iguana.icir.org>; from rizzo@icir.org on Fri, Jun 21, 2002 at 10:49:00AM -0700
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ipfw.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ipfw>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ipfw>
X-Loop: FreeBSD.ORG

On Fri, Jun 21, 2002 at 10:49:00AM -0700, Luigi Rizzo wrote:
> I am fixing that part of the netinet/ stack, and i wonder why
> do we need to make this optional.
> 
> Once the global variables holding its state are removed, all the
> code reduces to a small set of short blocks (which are never entered
> if you do not have fwd rules) scattered in ip_input.c ip_output.c
> ip_fw.c and tcp_input.c, and I strongly believe that the pain and
> obfuscation of having it conditionally compiled is a lot worse than
> the modest code size increase.
> 
> Unless there are strong objections, I am going to make it
> standard.

If you feel up to it, unconditionalize pfil(9) stuff too.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message