From owner-freebsd-current Wed Aug 21 10:39:12 2002 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 31E7437B401 for ; Wed, 21 Aug 2002 10:39:05 -0700 (PDT) Received: from guardian.sch.ru (dial-slt-p-005.msu.net [212.16.3.243]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1C50E43E6A for ; Wed, 21 Aug 2002 10:38:51 -0700 (PDT) (envelope-from mokr@mokr.net) Received: from Draco (draco.office.tersys.ru [172.16.0.15] (may be forged)) by guardian.sch.ru (8.12.3/8.12.3/20020429) with SMTP id g7LHbqNY079038; Wed, 21 Aug 2002 21:37:52 +0400 (MSD) Message-ID: <0b8901c24939$717d0f20$0f0010ac@office.tersys.ru> From: "Sergey Mokryshev" To: "David W. Chapman Jr." Cc: , References: <20020816130147.GA39907@studnet.sk> <20020816193854.GC47465@blossom.cjclark.org> <062201c2475f$9f19ab40$0f0010ac@office.tersys.ru> <20020820181519.GA69240@blossom.cjclark.org> <0ab501c2492d$bc90fe10$0f0010ac@office.tersys.ru> <20020821162631.GA38043@leviathan.inethouston.net> <0b6601c24934$9dcf97f0$0f0010ac@office.tersys.ru> <20020821170743.GC38043@leviathan.inethouston.net> Subject: Re: question about ipl.ko Date: Wed, 21 Aug 2002 21:36:28 +0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 FL-Build: Fidolook Express 2001 UIExt. BuildID: 3BC00FAD (7/10/2001 12:17:49). X-Virus-Scanned: by amavisd-milter (http://amavis.org/) Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello, David! You wrote to "Sergey Mokryshev" on Wed, 21 Aug 2002 12:07:43 -0500: >> No, ipl.ko is not broken. It depends on pfil(9). DWC> Shouldn't we try to make a pfil.ko that ipl.ko depends on then? I make a brief look into code (I am not a kernel hacker nor a programmer). There are a few files with PFIL_HOOKS-dependant #ifdefs, but it is strongly tied with the code. /sys/net/bridge.c /sys/netinet/ip_input.c /sys/netinet/ip_output.c /sys/netinet6/ip6_forward.c /sys/netinet6/ip6_input.c /sys/netinet6/ip6_output.c Darren Reed has some pieces of code on his site, but I did not read it. ftp://coombs.anu.edu.au/pub/net/ip-filter/pfil-1.26.tar.gz According to pfil(9) manual ----------- BUGS The current pfil implementation will need changes to suit a threaded ker- nel model. ----------- May be this is the reason not to make it default. Sincerely yours, Sergey Mokryshev. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message