From owner-cvs-all  Fri Sep 28 11: 8:25 2001
Delivered-To: cvs-all@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by hub.freebsd.org (Postfix) with ESMTP
	id EED2D37B405; Fri, 28 Sep 2001 11:08:18 -0700 (PDT)
Received: (from des@localhost)
	by flood.ping.uio.no (8.9.3/8.9.3) id UAA17923;
	Fri, 28 Sep 2001 20:08:14 +0200 (CEST)
	(envelope-from des@ofug.org)
X-URL: http://www.ofug.org/~des/
X-Disclaimer: The views expressed in this message do not necessarily
  coincide with those of any organisation or company with
  which I am or have been affiliated.
To: Luigi Rizzo <luigi@FreeBSD.org>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/netinet ip_dummynet.c ip_dummynet.h ip_fw.c ip_fw.h ip_input.c ip_output.c src/sys/net bridge.c src/sbin/ipfw ipfw.8 ipfw.c
References: <200109272344.f8RNiSV40274@freefall.freebsd.org>
From: Dag-Erling Smorgrav <des@ofug.org>
Date: 28 Sep 2001 20:08:13 +0200
In-Reply-To: <200109272344.f8RNiSV40274@freefall.freebsd.org>
Message-ID: <xzpwv2jkx2q.fsf@flood.ping.uio.no>
Lines: 32
User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

Luigi Rizzo <luigi@FreeBSD.org> writes:
>   Log:
>   Two main changes here:
>    + implement "limit" rules, which permit to limit the number of sessions
>      between certain host pairs (according to masks). These are a special
>      type of stateful rules, which might be of interest in some cases.
>      See the ipfw manpage for details.
>   
>    + merge the list pointers and ipfw rule descriptors in the kernel, so
>      the code is smaller, faster and more readable. This patch basically
>      consists in replacing "foo->rule->bar" with "rule->bar" all over
>      the place.
>      I have been willing to do this for ages!

Did you post this code to -arch or -audit before you committed it?
Did you discuss these changes with anyone, e.g. on the -ipfw list?
Did you even test the code properly?

1) with these patches, installing the rule "pass ip from any to any
   via lo0" (#2 in my ruleset) causes an immediate panic in
   add_entry() (no core dump yet, but I'm working on it)

2) you've completely broken binary compatibility *again*, without even
   a token attempt at detecting or working around a version mismatch.

>   MFC after: 1 week

You must be joking!

DES
-- 
Dag-Erling Smorgrav - des@ofug.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message