Sergey Mokryshev wrote: > Unfortunately nobody cares to look into PR database (conf/44576) > > In case PFIL_HOOKS really slows IP processing I don't mind keeping this > out of GENERIC, however it should be noted in UPDATING and release notes. > > I did not do any time consuming searches the first time I tried to load > ipl.ko, but I've spent some time reading NOTES before upgrading to > -CURRENT and I am using IP Filter for about three years now on Solaris > and FreeBSD (thanks, Darren). > > IMHO GENERIC is not supposed to be fast, but to be useable out-of-the box.
This is a reasonable argument... if it's possible to tune it so that it's fast. Hacking in the IP Filter hooks unonditionally for code that can't really be distributed as part of the system because of its license, and thus making things slower, with no chance to make them faster later, is not my idea of A Really Good Thing(tm). I'm really not a fan of "NO_PFIL_HOOKS" as an option. Probably the correct thing to do is to wire in ipfilter as a Netgraph module. -- Terry To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
