Date: Wed, 22 Apr 1998 10:49:15 -0700 (PDT) From: Julian Elischer <julian@whistle.com> To: Eivind Eklund <eivind@yes.no> Cc: Julian Elischer <julian@FreeBSD.ORG>, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-sys@FreeBSD.ORG Subject: Re: cvs commit: src/sys/netinet ip_fw.c Message-ID: <Pine.BSF.3.95.980422104831.29123D-100000@current1.whistle.com> In-Reply-To: <19980422155133.57092@follo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
If you could send your proposal.... (or I could try look it up in the archives.. when was it and what subject?) On Wed, 22 Apr 1998, Eivind Eklund wrote: > On Tue, Apr 21, 1998 at 04:31:13PM -0700, Julian Elischer wrote: > > Eivind Eklund wrote: > > > This still doesn't solve the problems with IPFW (foremost, that > > > extending the structure blow the userland interface). > > > > why? > > if you recompile it with a new structure... > > That's what I'm saying - it blow the userland interface. It means > that anything using IPFW has to track the kernel version exactly. > > > > We need a new interface - I proposed an interface to -hackers some > > > time back, and got exactly NO response :-( > > > > > > > I agree on the new interface, but the limit on the structure size > > was that each file rule had to fit into an mbuf. > > this removes that limit and should look identical to the user > > land program. > > I was considering using IOCTLS instead.. > > what was your suggestion? > > In-kernel object building. Basically, first an object is created in > the kernel with default values, and then the userland side send a set > of 'change field' requests, and at 'commit' the object is added to the > firewall chain. I also added support for multiple firewall chains to > the interface, 'just in case'. > > Copies of the original, detailed mail (200 lines) is available on > request (or I can re-send it to hackers). > > Eivind. > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.980422104831.29123D-100000>