From owner-freebsd-current Sat Dec 14 14:45:26 2002 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7600B37B401; Sat, 14 Dec 2002 14:45:25 -0800 (PST) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2CAA643EC2; Sat, 14 Dec 2002 14:45:25 -0800 (PST) (envelope-from mux@freebsd.org) Received: by elvis.mu.org (Postfix, from userid 1920) id EAE6FAE27F; Sat, 14 Dec 2002 14:45:24 -0800 (PST) Date: Sat, 14 Dec 2002 14:45:24 -0800 From: Maxime Henrion To: Matthew Dillon Cc: David O'Brien , current@FreeBSD.ORG Subject: Re: ipfw userland breaks again. Message-ID: <20021214224524.GG27086@elvis.mu.org> References: <200212142025.aa99706@salmon.maths.tcd.ie> <200212142038.gBEKcDVv029924@apollo.backplane.com> <20021214204426.GA62058@dragon.nuxi.com> <200212142209.gBEM9D8p002479@apollo.backplane.com> <20021214221252.GF27086@elvis.mu.org> <200212142222.gBEMMqcn002571@apollo.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200212142222.gBEMMqcn002571@apollo.backplane.com> User-Agent: Mutt/1.4i Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Matthew Dillon wrote: > :I have a patch here which makes the IPFIREWALL_DEFAULT_TO_ACCEPT tunable > :at module load time using a kernel environment variable. Looks to me > :that it would do what you want. > > No, this isn't what I want. I want something that can be articulated > without having to reboot the whole system. You don't need to reboot with this patch. As I already said it, it's a *module load time* tunable. So if you use ipfw as a module, it will do what you want. If you don't, it's of course useless. Now I would really dislike seeing your patch in the tree, since I consider it's a rather crude hack to circumvent the ABI problems of ipfw. As I've already said to luigi in private e-mail (I would be surprised if this hasn't been already discussed in the lists as well), the proper way to fix this problem is to separate the kernel and userland structures of ipfw, and add versioning to the struct. This can be done without even breaking the ABI again, since several pointers in the kernel structures are useless to userland (like the next field) and can be reused to implement structure versioning. Cheers, Maxime To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message