a b wrote:
If you're using the open source IPFilter, then you should always compile
IPFilter against the target kernel you want to run it on.
This is because in order to work, it uses internal data structures and
interfaces that can change from patch to patch of Solaris.
Not ideal, I know...:(
My understanding of the matter was that one of the aspects of your
hire for Sun Microsystems was to better integrate IPFilter into Solaris.
Darren's spent the better part of 3 years doing exactly that :) First
integration into S10,
then helping with IPv6 and the merge to a more current Open Source
version. And
most recently, adding cleaner interfaces for packet filtering.
Sun was supposed to produce the missing interfaces and make them
public so that IPFilter would no longer have to "peek" (and "poke"?)
into private kernel structs and interfaces.
Has then this not taken place?
If the answer is no, will it take place, and if so, when?
Internally yes. Externally no. As much Solaris development is done in
the open the line
has been blurred. Much of this was discussed as 'pf hooks' or 'packet
filtering hooks'
in the networking discussion at:
http://www.opensolaris.org/os/community/networking/discussions
However, as Darren mentioned, it will be several months before this is
formally
released in a version of Solaris.
-Mike
