Re: Can't link kernel after recent libalias commits?

On Sunday 31 December 2006 08:04, Gleb Smirnoff wrote:
On Sun, Dec 31, 2006 at 03:42:03AM +0100, Paolo Pisati wrote:
P> On Sat, Dec 30, 2006 at 11:04:33PM +0100, Max Laier wrote:
P> > On Saturday 30 December 2006 22:46, Paolo Pisati wrote:
P> > > On Sat, Dec 30, 2006 at 01:43:21PM -0800, David Wolfskill wrote:
P> > > > Note that this was for a kernel that uses ipfw, but not natd
(ref. P> > > > src/sys/conf/NOTES).
P> > >
P> > > my mistake, i'll write an entry for UPDATING.
P> >
P> > Shouldn't it still be possible to build a kernel with IPFW but
without P> > LIBALIAS? i.e. instead of a UPDATING entry you should
just wrap the P> > libalias entry points in IPFW - or am I
misunderstanding what you are P> > saying?
P>
P> with my last commit, LIBALIAS became mandatory for IPFW, and this
adds P> 40kb (-O nocona) to my kernel size.
P>
P> If it's really an issue, i can change it.

As I said it will be very nice if it would be still possible to build
ipfw(4) w/o libalias. I think more people will share my opinion.

I agree. You can either simply #ifdef-out the Libalias glue code in ipfw
on LIBALIAS or introduce a new option "FIREWALL_NO_ALIAS" or something to
have that effect. The first would not break POLA and should be
preferred - IMO. Having the module build default to "with LIBALIAS" is
okay to make this great feature available from a default installation,
but there certainly should be a way to disable it on a custom build.
Also a make.conf switch to disable it from the module could make sense.

--
/"\ Best regards, | mlaier@xxxxxxxxxxx
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier@EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News

Attachment: pgpELBUjik8Nz.pgp
Description: PGP signature

Relevant Pages

  • Re: Cant link kernel after recent libalias commits?
    ... i'll write an entry for UPDATING. ... Shouldn't it still be possible to build a kernel with IPFW but without ... libalias entry points in IPFW - or am I misunderstanding what you are ...
    (freebsd-current)
  • Re: Cant link kernel after recent libalias commits?
    ... i'll write an entry for UPDATING. ... P>> libalias entry points in IPFW - or am I misunderstanding what you are ... P> 40kb to my kernel size. ...
    (freebsd-current)
  • Re: Cant link kernel after recent libalias commits?
    ... Shouldn't it still be possible to build a kernel with IPFW but without LIBALIAS? ... i.e. instead of a UPDATING entry you should just wrap the libalias entry points in IPFW - or am I misunderstanding what you are saying? ...
    (freebsd-current)
  • Re: Cant link kernel after recent libalias commits?
    ... i'll write an entry for UPDATING. ... Shouldn't it still be possible to build a kernel with IPFW but without ... libalias entry points in IPFW - or am I misunderstanding what you are ...
    (freebsd-current)
  • Re: NATD and Address Redirection
    ... > There was a translation table inside libalias with 3 columns in it: ... > When a packet was heading outside, ... such an entry would clone into ... I didn't know the internals. ...
    (freebsd-hackers)