Re: mbuf_pullup practically useless
Re: mbuf_pullup practically useless
- Subject: Re: mbuf_pullup practically useless
- From: Platon Fomichev <email@hidden>
- Date: Thu, 30 Aug 2007 22:25:04 +0400
Howdy-ho Chris
I will try looking at prospectives to port PF as NKE as I've recently
developed a bunch of them. If anyone wishes to join me in my efforts
on PF port let's unite our forces, although I highly doubt
possibility to develop it out of kernel as NKE... (f.ex. is there any
possibility to create /dev/pf from NKE as a start?)
Btw not everything is easy as it seems... For example one of my tasks
while developing an NKE (at socket level) was to delay connect() call
until user land processes signals that it's ok - rather trivial task
as I think - but nope connect() can't be blocked as it is in data
path - I can't swallow connect() call and it seems that there is no
way I can solve this on Socket NKE level...
So if anyone have some advice about connect() call or is also anxious
to devote some time for PF let's communicate.
Best regards,
Stauff__
On Aug 30, 2007, at 8:23 PM, Christopher D. Lewis wrote:
On Aug 27, 2007, at 2:25 AM, Platon Fomichev wrote:
I will surely do this. Btw as a side note questions - are there
any plans to include OpenBSD Packet Filter (quite a good piece of
software imho) into Mac OS? I am thinking of doing some initial
investigations on possibility of this project if no-one is already
on this.
Not too long after Mr. Hubbard came to Apple, he responded to a
question like this (sent by me) by explaining that spending scarce
man-hours developing pf was a waste of time because FreeBSD already
had a firewall. I understood from his reply that he hadn't
actually paid any attention to what I explained were the then-
existing advantages of pf (incl. authpf, etc.). Integrated NAT
didn't yet exist, so the admin advantages have increased.
Questions about features that make administration easier have
occasionally been replied-to on the list with retorts about how
grandma doesn't want to administer her machine, she wants to use
it, which of course flies in the face of Grandma's purpose, which
is to have the machine do what she wants so readily that she spends
her time using it rather than either administering it or regarding
it as broken. Administering is simply the effort needed to prepare
the machine to behave as you want as you use it, and it should be a
goal to make this time as short and as painless as possible, not
pretend every machine will magically take care of needs as
configured from the mfg.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden