I went back through the CVSWeb stuff to check out the changes and it appears that most of my questions are purely cosmetic issues; but I still don't understand them.
Specifically, pretty much everything in the iphack: section relied on IPFW being defined in the kernel configuration. Several checks went away when COMPAT_IPFW was defaulted into the kernel, then several were removed to make a buildable kernel without having options IPFIREWALL defined in the kernel configuration. Throughout these changes, several variables related to IPFW were removed from #ifdef IPFIREWALL checks. At this point, most IPFW variables are initialized by default (including some stuff for natd) and every call to ip_input() does a check at if (fw_enable && IPFW_LOADED) (I believe this is true for ip_output() as well). Why are these variables and sections compiled in by default instead of left out if no firewall is existent in the kernel?
Hope that doesn't sound too ambiguous :)
Kind regards,
Devon
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
