[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ipfilter proposed changes
- To: tech_(_at_)_openbsd_(_dot_)_org
- Subject: ipfilter proposed changes
- From: Matthew Patton <matthew_(_dot_)_patton_(_at_)_ra_(_dot_)_pae_(_dot_)_osd_(_dot_)_mil>
- Date: Wed, 16 Sep 1998 12:46:26 -0400
- Delivery-date: Wed Sep 16 09:42:57 1998
Some have asserted that it's in poor taste to print kernel messages each
time the filter get's initialized. While I agree in a certain extent, I do
find the message, as a configuration/status update, useful nonetheless. I
would like to:
1) move the "already enabled" message to the ipf program itself.
2) add a "ipfilter en/disabled" message to ipf
3) use syslog to send the above messages
4) add a IPFILTER_MESSAGES kernel option (yeah, like we need another but...)
5) change "logging enabled/disabled" to "available/unavailable" since it is
more correct. Doesn't matter if logging is enabled unless ipmon is running,
you won't get any logs.
In fil.c we have:
#if (defined(_KERNEL) || defined(KERNEL)) && !defined(linux)
# include <sys/systm.h>
#else
# include <stdio.h>
# include <string.h>
# include <stdlib.h>
#endif
shouldn't that be?
#if (defined(_KERNEL) || defined(KERNEL))
# if !defined(linux)
# include <sys/systm.h>
# else
# include <stdio.h>
# include <string.h>
# include <stdlib.h>
# endif
#endif
No userland program I could find uses fil.c. I suspect though that the
#else bit is entirely unnecessary but have no alternative platforms against
which to test.
I've mailed Darren about these. I'll see what he comes up with.
=====
Matthew Patton, 1LT USAF Webmaster, Resource Analysis
PGP Fingerprint: 17D4 98B1 51F1 BCD9 D815 5F3D 3B1C 5C26 762C C9C9
Key ID: 0x762CC9C9 Expires: 7/31/99
Visit your host, monkey.org