> Indeed.
>
> I've considered to merge it into 2.2, but eventually gave up. It was
> (and IMHO still is) in a defunct state as it's in the tree now. You
> need a lot of handwork in order to get it going. The source is in
> src/contrib, sure, but that's about almost all. It cannot be built as
> part of the kernel, only as an LKM yet. However, the LKM hooks to
> build it (under src/lkm) are missing, so it won't be build as an LKM
> by default. Likewise, the entire command hierarchy hooks that are
> finally expected to reference src/contrib/ipfilter are missing, too.
> (This probably requires a bunch of stub Makefiles, maybe with a few -D
> options in their CFLAGS, that reference the contrib stuff via .PATH
> statements.) The kernel sources can be compiled into a kernel, but
> not used, since they don't generate cdevsw entries. The required
> options to get ipfilter statically compiled into your kernel aren't
> described in LINT and src/sys/conf/options either.
>
> Once these points are fixed (which requires someone who's got a clue
> about how ipfilter is working, and who can test it -- thus not me),
> ipfilter can be tagged/merged into RELENG_2_2 as well.
>
> --
> cheers, J"org
I've addressed all of these points appart from in-kernel compilation
(see my kern pr). I don't believe that the ipfilter kernel code
should have ever been placed in sys/netinet. This will cause no-end
of future code-management trouble. sys/netinet/Makefile should be
be modifed to union contrib/ipfilter and netinet transparently.
Cherrs,
Julian
--
Prof. Julian Assange |If you want to build a ship, don't drum up people
|together to collect wood and don't assign them tasks
proff@suburbia.net |and work, but rather teach them to long for the endless
proff@gnu.ai.mit.edu |immensity of the sea. -- Antoine de Saint Exupery