Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 24 Jun 2002 22:47:27 -0700
From:      "Crist J. Clark" <crist.clark@attbi.com>
To:        Luigi Rizzo <rizzo@icir.org>
Cc:        ipfw@FreeBSD.ORG
Subject:   Re: do we need IPFIREWALL_FORWARD to be optional ?
Message-ID:  <20020624224727.A50149@blossom.cjclark.org>
In-Reply-To: <20020621104900.C81994@iguana.icir.org>; from rizzo@icir.org on Fri, Jun 21, 2002 at 10:49:00AM -0700
References:  <20020621104900.C81994@iguana.icir.org>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Fri, Jun 21, 2002 at 10:49:00AM -0700, Luigi Rizzo wrote:
> I am fixing that part of the netinet/ stack, and i wonder why
> do we need to make this optional.
> 
> Once the global variables holding its state are removed, all the
> code reduces to a small set of short blocks (which are never entered
> if you do not have fwd rules) scattered in ip_input.c ip_output.c
> ip_fw.c and tcp_input.c, and I strongly believe that the pain and
> obfuscation of having it conditionally compiled is a lot worse than
> the modest code size increase.
> 
> Unless there are strong objections, I am going to make it
> standard.

If you feel up to it, unconditionalize pfil(9) stuff too.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20020624224727.A50149>