On the principle, I tend to agree with Darren here... it is not nice to replicate functionality in multiple places by using specialized code instead of relying on (and possibly optimizing) the generic one. It makes a lot harder to clean up the replication later, and i believe Andre knows that quite well given the cleanup work he has done in the past in the network stack.
I don't think it is worth making a bit fuss about this particular change, but certainly, as a general principle, we should try as much
as possible to use the generic mechanisms when available -- especialliy given that performance killers are elsewhere (locking etc.).
cheers luigi
I'm going to move this over to -net, since I don't want to reply to the cvs list.
One question I always have about these type of sysctl (and a couple kernel compile options) is that it is never clear how they interact with the various firewalls. I personally use ipfilter, but would have the same questions whether I was using pf or ipfw. Do these happen before or after the firewall? If I'm using a firewall, are these redundant?
A quick glance raises this question about net.inet.tcp.blackhole, net.inet.udp.blackhole, IPSTEALTH, and TCP_DROP_SYNFIN. I'm sure there are others.
Richard Coleman [EMAIL PROTECTED]
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
