> On Sat, Sep 16, 2006 at 05:22:40PM -0500, yancm@sdf.lonestar.org wrote:
> One question (regarding 3.1_RC3), is the current situation (with only half
> of the fix applied) better or worse than before?

The partial answer is that it did not work in 3_Stable and still
does not work.

So basically I think these patches represent no obvious change.

They only effect ippool. I can see no reason to think they would
introduce any recursions. This changed code only gets compiled
if the flag "options IPFILTER_LOOKUP" gets added to the kernel
config anyway.

I pulled my patches and put the clean netbsd-3 build on my home
network server to test, but when I saw this broke it, I pulled
back to my patches because I want to keep my protections enabled.

I am building a vmware test machine up to 3_Stable (3_RC2) right
now and will update my answer in a few hours if anything seems worse.

Thanks,
gene