From owner-freebsd-pf@FreeBSD.ORG Sun Oct 2 15:16:46 2005 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5334016A41F for ; Sun, 2 Oct 2005 15:16:46 +0000 (GMT) (envelope-from yar@comp.chem.msu.su) Received: from comp.chem.msu.su (comp.chem.msu.su [158.250.32.97]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6521043D45 for ; Sun, 2 Oct 2005 15:16:45 +0000 (GMT) (envelope-from yar@comp.chem.msu.su) Received: from comp.chem.msu.su (localhost [127.0.0.1]) by comp.chem.msu.su (8.13.3/8.13.3) with ESMTP id j92FGh9G099632 for ; Sun, 2 Oct 2005 19:16:43 +0400 (MSD) (envelope-from yar@comp.chem.msu.su) Received: (from yar@localhost) by comp.chem.msu.su (8.13.3/8.13.3/Submit) id j92FGhP5099627 for freebsd-pf@freebsd.org; Sun, 2 Oct 2005 19:16:43 +0400 (MSD) (envelope-from yar) Date: Sun, 2 Oct 2005 19:16:42 +0400 From: Yar Tikhiy To: freebsd-pf@freebsd.org Message-ID: <20051002151642.GC76606@comp.chem.msu.su> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.9i Subject: pf kernel module(s) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Oct 2005 15:16:46 -0000 All, While making an rc.d script for pfsync as I had promised here, I noticed that pf.ko didn't include support for pfsync. Closer study revealed that it would be better to split pf.ko in separate modules for pf itself, pflog, and pfsync. The reason is as follows. As MODULES_WITH_WORLD are about to depart for /dev/null soon, modules should not rely on the opt_*.h files they create with their Makefiles now: The configuration is to be obtained from the opt_*.h files in the kernel build directory. Therefore it will not be possible to include pflog or pfsync functionality in pf.ko unless it is in the main kernel file, too, which is ridiculous. OTOH, having separate pflog.ko and pfsync.ko would allow for the modules to be built irrespective of the current kernel configuration. If the separation is not possible now, the pf.ko module should include all the functionality irrespective of the DEV_PF, DEV_PFLOG, or DEV_PFSYNC values found in opt_pf.h. As a matter of fact, a modern FreeBSD device driver should rarely use DEV_FOO values in its code because the inclusion of the driver source files in the build process is the major sign of the driver being enabled, and device instances should be created dynamically. Alas, OpenBSD code doesn't seem to follow this trend, so I'd consider setting NPFLOG and NPFSYNC to 1 statically if possible. -- Yar