Date: Sat, 19 Feb 2000 19:52:37 +1100 (Australia/NSW) From: Darren Reed <avalon@coombs.anu.edu.au> To: hackers@freebsd.org Subject: post 4.0...adoption of pfil(9) from NetBSD ? Message-ID: <200002190852.TAA22462@cairo.anu.edu.au>
next in thread | raw e-mail | index | archive | help
I was just having a quick peek at how ipfw works in FreeBSD-4 for IPv6, to see what's required for IP-Filter (hoping for a clean interface) and the response is "sigh". The old ipfw mechanism needs to be abandoned, IMHO. For those that aren't aware, pfil(9) in NetBSD used to provide two lists for filtering IP packets going in.out. It now provides input and output filtering for both IPv4 and IPv6 with the list heads and other meta data stored in protosw, making it possible to further expand to develop UDP/TCP, etc, specific filters at some later time. The only hurdle I can see for FreeBSD is a missing "forward" list, but that's only a minor issue. The advantage to using pfil(9) from NetBSD (unless someone feels the distinct need to roll their own code to do something the same) is it provides a clean interface rather than requiring people to patch things like ip6_input.c, etc. Bringing pfil(9) into FreeBSD is most definately a post FreeBSD-4.0 exercise. Comments ? Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200002190852.TAA22462>