From owner-freebsd-net@FreeBSD.ORG Wed Sep 12 12:34:59 2012 Return-Path: Delivered-To: net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C84B9106564A; Wed, 12 Sep 2012 12:34:59 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebius.int.ru (glebius.int.ru [81.19.64.117]) by mx1.freebsd.org (Postfix) with ESMTP id 414CE8FC12; Wed, 12 Sep 2012 12:34:59 +0000 (UTC) Received: from cell.glebius.int.ru (localhost [127.0.0.1]) by cell.glebius.int.ru (8.14.5/8.14.5) with ESMTP id q8CCYvmc086362; Wed, 12 Sep 2012 16:34:57 +0400 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebius.int.ru (8.14.5/8.14.5/Submit) id q8CCYvuM086361; Wed, 12 Sep 2012 16:34:57 +0400 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Wed, 12 Sep 2012 16:34:57 +0400 From: Gleb Smirnoff To: net@FreeBSD.org, luigi@FreeBSD.org Message-ID: <20120912123457.GC85604@glebius.int.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) Cc: "Bjoern A. Zeeb" Subject: moving pfil consumers to sys/netpfil X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2012 12:34:59 -0000 Hi, we (me and Bjoern) would like to establish a single place for all kinds of pfil(9) consumers, for current ones and for future as well. The place chosen is sys/netpfil. On first round we'd like to move there our Tier-1 firewalls: ipfw and pf. This also includes moving pf out of contrib. The plan of movement is the following: sys/contrib/pf/net/*.c -> sys/netpfil/pf/ sys/contrib/pf/net/*.h -> sys/net/ [1] contrib/pf/pfctl/*.c -> sbin/pfctl contrib/pf/pfctl/*.h -> sbin/pfctl contrib/pf/pfctl/pfctl.8 -> sbin/pfctl contrib/pf/pfctl/*.4 -> share/man/man4 contrib/pf/pfctl/*.5 -> share/man/man5 sys/netinet/ipfw -> sys/netpfil/ipfw That's all. [1] This line is arguable, however the future plan is to: - split pfvar.h into pf.h and pf_var.h - kill if_pfsync.h and if_pflog.h as soon as they stop being ifnets - kill pf_mtag.h moving its declaration to mbuf.h or pf_var.h So, all new stuff in sys/net would dissolve soon. Notice that current movement doesn't affect software in ports, but above plans would. So decision is just put pf stuff into sys/net for now to avoid breaking ports twice. -- Totus tuus, Glebius.