On Mon, 23 Nov 2009, John Baldwin wrote:
On Monday 23 November 2009 10:13:54 am Hajimu UMEMOTO wrote:
Hi,
On Sun, 22 Nov 2009 11:12:33 -0800
Doug Barton <do...@freebsd.org> said:
dougb> In rc.firewall you seem to have copied afexists() from network.subr.
dougb> Is there a reason that you did not simply source that file? That
would
dougb> be the preferred method. Also in that file you call "if afexists
dougb> inet6" quite a few times. My preference from a performance standpoint
dougb> would be to call it once, perhaps in a start_precmd then cache the
value.
Thank you for the comments.
Ah, yes, afexists() is only in 9-CURRENT, and is not MFC'ed into 8,
yet. So, I thought the patch should be able to work on both 9 and 8,
for review. I've changed to source network.subr for afexists().
Calling afexists() several times was not good idea. So, I've changed
to call afexists() just once.
The new patch is attached.
dougb> And of course, you have regression tested this thoroughly, yes? :)
dougb> Please include scenarios where there is no INET6 in the kernel as
well.
Okay, I've tested it on INET6-less kernel, as well.
Some comments I have:
@@ -178,6 +212,16 @@
# Allow any traffic to or from my own net.
${fwcmd} add pass all from me to ${net}
${fwcmd} add pass all from ${net} to me
I haven't looked at the entire update but as I see this I shall note
unless I missed a fix to ipfw, you need to make that ip and use ip6
and me6 for the new world order.
Please make sure that this works as expected in mixed-world scenarios
as well as legacy IP and IPv6 only worlds.
/bz
--
Bjoern A. Zeeb It will not break if you know what you are doing.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
