Date: Thu, 4 Dec 2003 15:13:24 +0100 From: Devon H.O'Dell <dodell@sitetronics.com> To: freebsd-hackers@freebsd.org Subject: IPFW and the IP stack Message-ID: <05CEBB5C-2664-11D8-AAE8-000A95E5E66E@sitetronics.com>
next in thread | raw e-mail | index | archive | help
I've been looking through the IP stack for shits and giggles and was wondering why a few things are the way they are with IPFW's implementation. I went back through the CVSWeb stuff to check out the changes and it appears that most of my questions are purely cosmetic issues; but I still don't understand them. Specifically, pretty much everything in the iphack: section relied on IPFW being defined in the kernel configuration. Several checks went away when COMPAT_IPFW was defaulted into the kernel, then several were removed to make a buildable kernel without having options IPFIREWALL defined in the kernel configuration. Throughout these changes, several variables related to IPFW were removed from #ifdef IPFIREWALL checks. At this point, most IPFW variables are initialized by default (including some stuff for natd) and every call to ip_input() does a check at if (fw_enable && IPFW_LOADED) (I believe this is true for ip_output() as well). Why are these variables and sections compiled in by default instead of left out if no firewall is existent in the kernel? Hope that doesn't sound too ambiguous :) Kind regards, Devon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?05CEBB5C-2664-11D8-AAE8-000A95E5E66E>