Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 22 Apr 1998 15:51:33 +0200
From:      Eivind Eklund <eivind@yes.no>
To:        Julian Elischer <julian@whistle.com>
Cc:        Julian Elischer <julian@FreeBSD.ORG>, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-sys@FreeBSD.ORG
Subject:   Re: cvs commit: src/sys/netinet ip_fw.c
Message-ID:  <19980422155133.57092@follo.net>
In-Reply-To: <353D2C41.1F1A7590@whistle.com>; from Julian Elischer on Tue, Apr 21, 1998 at 04:31:13PM -0700
References:  <199804211854.LAA01853@freefall.freebsd.org> <19980422000150.56907@follo.net> <353D2C41.1F1A7590@whistle.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Apr 21, 1998 at 04:31:13PM -0700, Julian Elischer wrote:
> Eivind Eklund wrote:
> > This still doesn't solve the problems with IPFW (foremost, that
> > extending the structure blow the userland interface).
> 
> why?
> if you recompile it with a new structure...

That's what I'm saying - it blow the userland interface.  It means
that anything using IPFW has to track the kernel version exactly.

> > We need a new interface - I proposed an interface to -hackers some
> > time back, and got exactly NO response :-(
> > 
> 
> I agree on the new interface, but the limit on the structure size
> was that each file rule had to fit into an mbuf.
> this removes that limit and should look identical to the user 
> land program.
> I was considering using IOCTLS instead..
> what was your suggestion?

In-kernel object building.  Basically, first an object is created in
the kernel with default values, and then the userland side send a set
of 'change field' requests, and at 'commit' the object is added to the
firewall chain.  I also added support for multiple firewall chains to
the interface, 'just in case'.

Copies of the original, detailed mail (200 lines) is available on
request (or I can re-send it to hackers).

Eivind.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980422155133.57092>