tech-net: Re: Try again, itojun, patches need more work.

Subject: Re: Try again, itojun, patches need more work.
To: Darren Reed <avalon@caligula.anu.edu.au>
From: None <itojun@iijlab.net>
List: tech-net
Date: 06/30/2003 09:04:19

>>Furthermore, the patches that bring pf into IP do not use
>>pfil(9).  That is not acceptable.  It's there for a reason
>>and the reason is for things like pf to use it.  If there
>>is a deficiency in the interface then bring it up for
>>discussion.
>	please check near pf_test() calls.
>	ip_input: i need to pass a parameter to ip_forward() (pfrdr),
>		which is not possible with pfil(9) infrastructure.
>	ip_output, ip6_*: i could use pfil(9), but i needed to patch ip_input
>		anyways, so i did not bother to use pfil(9).
>
>	if you have suggestions wrt how ip_input() hook should be done,
>	please let me know.  i have no clue how i can pass parameter to
>	ip_forward.

	or i can forget about pfrdr variable for now, and change pf to
	use pfil(9).  then you will be happy.

itojun