Re: New preview patch for ipfw to pfil_hooks conversion
From: Angelo Turetta (aturetta_at_commit.it)
Date: 06/22/04
- Previous message: Luigi Rizzo: "Re: New preview patch for ipfw to pfil_hooks conversion"
- In reply to: Andre Oppermann: "New preview patch for ipfw to pfil_hooks conversion"
- Next in thread: Andre Oppermann: "Re: New preview patch for ipfw to pfil_hooks conversion"
- Reply: Andre Oppermann: "Re: New preview patch for ipfw to pfil_hooks conversion"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: <freebsd-current@freebsd.org> Date: Tue, 22 Jun 2004 11:52:59 +0200
----- Original Message -----
From: "Andre Oppermann" <andre@freebsd.org>
Sent: Monday, June 21, 2004 11:36 PM
> This patch significantly cleans up ip_input.c and ip_output.c.
>
> The following is included in this patch:
>
> o Remove all ipfw related cruft from ip_input() and ip_output()
> o New ip_fw_pfil.c file which contains all ipfw/pfil_hooks logic
IIRC, I had once a problem with a mixed setup where I used IPFILTER NAT &
IPFW DUMMYNET. Basically, there was an asymmetry in the order the two
filters were called, because the code in ip_input.c called IPFILTER before
entering the IPFW code, and ip_output.c did the same, while it should have
called first IPFW then IPFILTER. (beware, it might have been the opposite
WRT what was first in which function, I don't remember exactly).
Does your new code take this ordering issue into account? I suppose it would
be nice to be able to control the order filters are processed: I may like
IPFW to be 'wrapping' IPFILTER (that is, called before it during input, and
after it during output), while others might prefer the opposite. And anyway,
am I right the filter list should be traversed in opposite directions during
input versus output (maybe it's already so).
Ciao,
Angelo.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Luigi Rizzo: "Re: New preview patch for ipfw to pfil_hooks conversion"
- In reply to: Andre Oppermann: "New preview patch for ipfw to pfil_hooks conversion"
- Next in thread: Andre Oppermann: "Re: New preview patch for ipfw to pfil_hooks conversion"
- Reply: Andre Oppermann: "Re: New preview patch for ipfw to pfil_hooks conversion"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
