Date: Fri, 3 Jan 2003 08:58:55 -0800 From: Brooks Davis <brooks@one-eyed-alien.net> To: Pekka Nikander <pekka.nikander@nomadiclab.com> Cc: Brooks Davis <brooks@one-eyed-alien.net>, freebsd-net@FreeBSD.ORG Subject: Re: IPsec / ipfw interaction in 4.7-STABLE: a proposed change Message-ID: <20030103085855.A8517@Odin.AC.HMC.Edu> In-Reply-To: <3E155BB5.4000706@nomadiclab.com>; from pekka.nikander@nomadiclab.com on Fri, Jan 03, 2003 at 11:45:25AM %2B0200 References: <3E144753.7020905@nomadiclab.com> <86k7hnz4hp.fsf@notbsdems.nantes.kisoft-services.com> <20030102122941.A27618@Odin.AC.HMC.Edu> <3E155BB5.4000706@nomadiclab.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--AqsLC8rIMeq19msA Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jan 03, 2003 at 11:45:25AM +0200, Pekka Nikander wrote: > Brooks Davis wrote: > > loif[] is evil and its use should not be extended. In any case, NLOOP > > no longer exists in current since loopback interfaces are clonable. If > > you didn't want to adopt OpenBSD's enc interface, an alternate solution > > might be to set up an ioctl to allow you to register the interface you > > want to have these packets come from. >=20 > Now, out of curiosity, why do you consider loif[] evil? The problem is that it makes lo0 a magic interface. In general, things like magic interfaces are to be avoided because they don't act like other objects of the same type. In the case of the loopback interface, it means you can't unload the lo(4) module without causing a panic. In reality, especialy when talking about loif, this is more likely a matter of principle then something we're actually going to fix, but the principle still holds. FYI, in current loif[] became *loif and we register an interface when if_lo is loaded. I suspect your system will in fact panic fairly quickly if it isn't loaded at startup though. Modularity was added when I added cloning, but mostly because it was easy to do. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --AqsLC8rIMeq19msA Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+FcFIXY6L6fI4GtQRAj6ZAJ4vxRiKaJY8mmNf0C6yOU1Ozp3JLgCeIdU0 TAX4gOAPmurNQd8afUMvwCE= =yfYx -----END PGP SIGNATURE----- --AqsLC8rIMeq19msA-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030103085855.A8517>