On Thu, Jan 09, 2003 at 07:22:14PM +0100, Cedric Berger wrote: > >If we leave out all the technical challenges involved, the real question > >is if the pf developers find this idea useful at all? > > > A few points, in wrac: > > 1) I kind of like libraries, but they are difficult to get right, > and probably more difficult is to have people agree to use it.
In case of pf(4), I don't see why anybody would object to using it. If it is done correctly, of course. E.g. I had to write 500+ lines of code just to get a list of currently loaded filter rules. If we had a library, I bet 20 lines would've been enough. > 2) Theo doesn't like libraries too much. Imagine what would OpenBSD look like if it didn't have any libraries ;) Again, if done properly, I doubt even Theo would have anything against it. > 3) The current way file are shared between pfctl, authpf and > tcpdump is kind of ugly IMHO. Can't really tell, but a library would've been nicer, for sure. > 4) I've never used authpf, but I wonder why authpf does not > call the pfctl binary, to have the benefit of code reuse without > that tricky sharing of files. Combining binaries is usually the > Unix way, I believe. pfctl does not support inserting rules on the fly and authpf needs that. On the other hand, the overhead of having that would be too big. // haver
