Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 28 Feb 2004 07:37:37 +0600
From:      Alexey Dokuchaev <danfe@nsu.ru>
To:        Sam Leffler <sam@errno.com>
Cc:        Dag-Erling Sm?rgrav <des@des.no>
Subject:   Re: cvs commit: src/sys/contrib/pf/net if_pflog.c if_pflog.h if_pfsync.c if_pfsync.h pf.c pf_ioctl.c pf_norm.c pf_osfp.c pf_table.c pfvar.h src/sys/contrib/pf/netinet in4_cksum.c
Message-ID:  <20040228013737.GA15560@regency.nsu.ru>
In-Reply-To: <200402270818.12553.sam@errno.com>
References:  <200402260234.i1Q2YDx1014240@repoman.freebsd.org> <565913D0-68E2-11D8-AE91-000A95AD0668@errno.com> <xzpptc10vvv.fsf@dwp.des.no> <200402270818.12553.sam@errno.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Feb 27, 2004 at 08:18:12AM -0800, Sam Leffler wrote:
> On Friday 27 February 2004 12:28 am, Dag-Erling Sm?rgrav wrote:
> > Sam Leffler <sam@errno.com> writes:
> > > I made two attempts to eliminate all the ipfw-, dummmynet-, and
> > > bridge-specific code in the ip protocols but never got stuff to the
> > > point where I was willing to commit it.  My main motivation for doing
> > > this was to eliminate much of the incestuous behaviour so that you
> > > could reason about locking requirements but there were other benefits
> > > (e.g. I was also trying to make the ip code more "firewall agnostic").
> >
> > The ideal solution would be to convert the entire networking stack to
> > netgraph nodes; we could then insert filter nodes at any point in the
> > graph.
> 
> I consider netgraph a fine prototyping system.  I think that using it for this 
> purpose would be a mistake.

Hmm, may I ask what do you mean by "prototyping system" in this context?

./danfe



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040228013737.GA15560>