Date: Mon, 24 Jun 2002 22:47:27 -0700 From: "Crist J. Clark" <crist.clark@attbi.com> To: Luigi Rizzo <rizzo@icir.org> Cc: ipfw@FreeBSD.ORG Subject: Re: do we need IPFIREWALL_FORWARD to be optional ? Message-ID: <20020624224727.A50149@blossom.cjclark.org> In-Reply-To: <20020621104900.C81994@iguana.icir.org>; from rizzo@icir.org on Fri, Jun 21, 2002 at 10:49:00AM -0700 References: <20020621104900.C81994@iguana.icir.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jun 21, 2002 at 10:49:00AM -0700, Luigi Rizzo wrote:
> I am fixing that part of the netinet/ stack, and i wonder why
> do we need to make this optional.
>
> Once the global variables holding its state are removed, all the
> code reduces to a small set of short blocks (which are never entered
> if you do not have fwd rules) scattered in ip_input.c ip_output.c
> ip_fw.c and tcp_input.c, and I strongly believe that the pain and
> obfuscation of having it conditionally compiled is a lot worse than
> the modest code size increase.
>
> Unless there are strong objections, I am going to make it
> standard.
If you feel up to it, unconditionalize pfil(9) stuff too.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020624224727.A50149>