Date: Wed, 15 Dec 2004 12:11:35 +0300 From: Gleb Smirnoff <glebius@freebsd.org> To: Andre Oppermann <andre@freebsd.org> Cc: freebsd-net@freebsd.org Subject: Re: per-interface packet filters, design approach Message-ID: <20041215091135.GC53509@cell.sick.ru> In-Reply-To: <41BEF2AF.470F9079@freebsd.org> References: <41BEF2AF.470F9079@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Dec 14, 2004 at 03:03:27PM +0100, Andre Oppermann wrote: A> d1. The PFIL_HOOKS API has one hook per direction per protocol and A> passes the interface information to the firewall package. A> d2. Should the PFIL_HOOKS API be changed and be per interface instead A> of per protocol? All firewall packages need to be modified and A> we are no longer compatible with the PFIL_HOOKS API. s/API/usage/g Andre, you are the person, who is optimizing our IP stack. Can you ask this question, please: if the interface has no filters associated with it, why the hell the packets running on it would enter firewall functions? -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041215091135.GC53509>