porting next-gen firewalls: When to build in-kernel vs. KEXT?
porting next-gen firewalls: When to build in-kernel vs. KEXT?
- Subject: porting next-gen firewalls: When to build in-kernel vs. KEXT?
- From: OpenMacNews <email@hidden>
- Date: Wed, 26 Nov 2003 20:01:13 -0800
hi all,
1st, a caveat ... i'm new to the kernel.
that said, after reading up on some of the firewall ports (e.g. pf, ipfw2) in the *BSDs, i'm wondering about the choice
of building/porting "pf" to Darwin as in-kernel code, requiring of course, a kernel recompile, vs. as a KEXT.
from what i've read at
<
http://www.opensource.apple.com/projects/documentation/howto/html/kext_tutorials/about_kext.html>, KEXTs, as i
understand them to be (?) the Darwin analogues of "dynamically loadable kernel modules" for other *NIXs, seem like a
logical route for a fw implementation ....
QUESTION:
if, e.g., porting the *BSD pf firewall is the goal, what are the pro/con arguments for in-kernel vs/ KEXT?
AND, should this issue be more appropriately discussed in "darwin-kernel" or "darwin-development"?
looking forward to hearing your thoughts ...
richard
_______________________________________________
darwin-kernel mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/darwin-kernel
Do not post admin requests to the list. They will be ignored.