tech-net: Re: Try again, itojun, patches need more work.

Subject: Re: Try again, itojun, patches need more work.
To: Darren Reed <avalon@caligula.anu.edu.au>
From: None <itojun@iijlab.net>
List: tech-net
Date: 06/30/2003 08:16:22

>Ok, itojun, I did a quick review of the patches.
>And what do I find ?
>pf code (pftag_tagname2tag) moved from pf.c to uipc_mbuf2.c
>What sort of joke are you trying to pull here ?

	with this ipfilter could co-work with component that require tagging
	(coming ipsec change).

>Furthermore, the patches that bring pf into IP do not use
>pfil(9).  That is not acceptable.  It's there for a reason
>and the reason is for things like pf to use it.  If there
>is a deficiency in the interface then bring it up for
>discussion.

	please check near pf_test() calls.
	ip_input: i need to pass a parameter to ip_forward() (pfrdr),
		which is not possible with pfil(9) infrastructure.
	ip_output, ip6_*: i could use pfil(9), but i needed to patch ip_input
		anyways, so i did not bother to use pfil(9).

	if you have suggestions wrt how ip_input() hook should be done,
	please let me know.  i have no clue how i can pass parameter to
	ip_forward.

itojun