From owner-freebsd-pf@FreeBSD.ORG  Sun Jan  1 23:11:05 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 336C216A41F
	for <freebsd-pf@freebsd.org>; Sun,  1 Jan 2006 23:11:05 +0000 (GMT)
	(envelope-from lbromirski@mr0vka.eu.org)
Received: from r2d2.bromirski.net (r2d2.bromirski.net [217.153.57.194])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 996A643D5E
	for <freebsd-pf@freebsd.org>; Sun,  1 Jan 2006 23:11:04 +0000 (GMT)
	(envelope-from lbromirski@mr0vka.eu.org)
Received: from [192.168.0.10] (shield.wesola.pl [62.111.150.246])
	by r2d2.bromirski.net (Postfix) with ESMTP id 35379108A22
	for <freebsd-pf@freebsd.org>; Mon,  2 Jan 2006 00:17:19 +0100 (CET)
Message-ID: <43B86260.3070209@mr0vka.eu.org>
Date: Mon, 02 Jan 2006 00:14:40 +0100
From: =?ISO-8859-2?Q?=A3ukasz_Bromirski?= <lbromirski@mr0vka.eu.org>
User-Agent: Thunderbird 1.5 (Windows/20051206)
MIME-Version: 1.0
To: freebsd-pf@freebsd.org
References: <20051227084823.28384.qmail@web32611.mail.mud.yahoo.com>	<20051227122546.GE81@insomnia.benzedrine.cx>	<43B5C7E1.8060400@mr0vka.eu.org>	<20060101175800.GP42629@FreeBSD.org>
	<20060101193909.GK826@bashibuzuk.net>
In-Reply-To: <20060101193909.GK826@bashibuzuk.net>
Content-Type: text/plain; charset=ISO-8859-2; format=flowed
Content-Transfer-Encoding: 8bit
Subject: Re: [feature] ipfw verrevpath/versrcreach?
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Jan 2006 23:11:05 -0000

Yann Berthier wrote:

>    Is there reasons to not implement conditionaly these checks (the
>    strict and the loose mode) in the stack itself, in the same vein than
>    say ithe blackhole or the drop_synfin checks ? Just curious - but
>    uRPF filtering can be very handy, and i don't need full-fledged
>    filtering on every machine.

Yes, after some work on the pf sources I realized that doing the
uRPF work in ip_input.c and controlling it for example via sysctl of
some kind would be cleaner - no dependency on packet filtering of any
kind and functionality done once not splattered over few places.

But I asked because my lack of time and experience in coding *BSD.
I'm slowly moving on, but if someone has 15 minutes of his precious
time free and can code it with closed eyes, surely we'd be grateful.

-- 
this space was intentionally left blank    |            Łukasz Bromirski
you can insert your favourite quote here   |        lukasz:bromirski,net