From nobody Mon Jul 10 08:17:48 2023
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QzxhP0GmHz4dZsb
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Mon, 10 Jul 2023 08:17:57 +0000 (UTC)
	(envelope-from pblok@bsd4all.org)
Received: from mail.bsd4all.org (mail.bsd4all.org [88.99.169.216])
	by mx1.freebsd.org (Postfix) with ESMTP id 4QzxhN13GPz4BHp
	for <freebsd-hackers@freebsd.org>; Mon, 10 Jul 2023 08:17:56 +0000 (UTC)
	(envelope-from pblok@bsd4all.org)
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	spf=pass (mx1.freebsd.org: domain of pblok@bsd4all.org designates 88.99.169.216 as permitted sender) smtp.mailfrom=pblok@bsd4all.org;
	dmarc=none
Received: from mail.bsd4all.org (localhost [127.0.0.1])
	by mail.bsd4all.org (Postfix) with ESMTP id C70195875
	for <freebsd-hackers@freebsd.org>; Mon, 10 Jul 2023 10:17:53 +0200 (CEST)
X-Virus-Scanned: amavisd-new at bsd4all.org
Received: from mail.bsd4all.org ([127.0.0.1])
	by mail.bsd4all.org (mail.bsd4all.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 83rdF2Kfr8wa for <freebsd-hackers@freebsd.org>;
	Mon, 10 Jul 2023 10:17:53 +0200 (CEST)
Received: from smtpclient.apple (pony_ip [204.168.249.121])
	by mail.bsd4all.org (Postfix) with ESMTPSA id 5E4985872
	for <freebsd-hackers@freebsd.org>; Mon, 10 Jul 2023 10:17:53 +0200 (CEST)
From: Peter Blok <pblok@bsd4all.org>
Content-Type: text/plain;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@freebsd.org
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.3\))
Subject: ZFS Solaris: Cannot find the pool label
Message-Id: <6A5954CF-E4B4-4CFD-BCB3-652B89F2475A@bsd4all.org>
Date: Mon, 10 Jul 2023 10:17:48 +0200
To: freebsd-hackers@freebsd.org
X-Mailer: Apple Mail (2.3696.120.41.1.3)
X-Spamd-Result: default: False [-2.67 / 15.00];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-1.00)[-0.995];
	NEURAL_HAM_LONG(-0.98)[-0.977];
	MV_CASE(0.50)[];
	R_SPF_ALLOW(-0.20)[+mx];
	RCVD_NO_TLS_LAST(0.10)[];
	MIME_GOOD(-0.10)[text/plain];
	MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org];
	FROM_EQ_ENVFROM(0.00)[];
	MIME_TRACE(0.00)[0:+];
	R_DKIM_NA(0.00)[];
	DMARC_NA(0.00)[bsd4all.org];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	ASN(0.00)[asn:24940, ipnet:88.99.0.0/16, country:DE];
	FROM_HAS_DN(0.00)[];
	ARC_NA(0.00)[];
	RCVD_COUNT_THREE(0.00)[4];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
	TO_DN_NONE(0.00)[];
	RCPT_COUNT_ONE(0.00)[1];
	MID_RHS_MATCH_FROM(0.00)[]
X-Rspamd-Queue-Id: 4QzxhN13GPz4BHp
X-Spamd-Bar: --
X-ThisMailContainsUnwantedMimeParts: N

Hi,

I have a small sized NAS with an on-board LSI SAS2308 controller in IR =
mode, but with drives presented directly. Due to space constraints I=E2=80=
=99m booting of those drives, which host a RAID-Z pool. A known problem =
with the on-board controller is that it is getting to hot and over time =
it dies slowly with lots of controller resets. This happened before, but =
I had a spare MB.

Over the weekend this started to happen with my last spare MB. I still =
had a PCIe version of SAS2308 and plugged that with the drives into a =
newer machine, because it doesn=E2=80=99t fit in the existing case.

The boot loader is started but it stops with Solaris: Cannot find the =
boot label for zroot

When I add an extra drive on a SATA port and install FreeBSD ( same =
version 13-stable of a couple of days ago ) I can import the pool ok and =
scrub it. No errors found, but booting stil fails the same way even when =
I physically disconnect the extra drive.

There are differences:

- PCIe controller runs in IT mode. Reported drive size in blocks is =
identical. Firmware is 17.0. based when the on-board had 20.0 (latest) =
and ran IR in pass-thru.
- hardware is different

Before I start upgrading firmware, I would like to investigate a bit =
more. (This is my last controller and I don=E2=80=99t want to brick it =
with newer firmware)

Which label is ZFS complaining about and where is it located?

Peter




From nobody Mon Jul 10 13:17:35 2023
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R04LN2grHz2tv7h
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Mon, 10 Jul 2023 13:17:48 +0000 (UTC)
	(envelope-from asomers@gmail.com)
Received: from mail-vs1-f53.google.com (mail-vs1-f53.google.com [209.85.217.53])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4R04LN12SYz464v
	for <freebsd-hackers@freebsd.org>; Mon, 10 Jul 2023 13:17:48 +0000 (UTC)
	(envelope-from asomers@gmail.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-vs1-f53.google.com with SMTP id ada2fe7eead31-440bb9bad3cso1169542137.0
        for <freebsd-hackers@freebsd.org>; Mon, 10 Jul 2023 06:17:48 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1688995066; x=1691587066;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=15olOHyzD9vB/Npwl/D8Z7TcqfWSNxmJsMnOBVc72z4=;
        b=CWmZ1cabO3ON4P4qbAeDMkK8WXO1OIymZnl8lzP5Rmbn8qYVGV5cDTBGrY9GINLavx
         tgoRSPRQtExBVwlsqElnlZjUgXJxtNErgN46+esWrPecd8jkxQ5+zILt6u8yJxD/DcmG
         636Ai1NXeD7355YuODYnpAwXKb/y/uUod2T01qL7gUa1TLhjnvUOSKLUN2GYHR86ri/G
         hYBGf79fsVPPzKYdnPA6iwBAQRScH9Wp8Ku1FOxdQQx/VoG3NJ2RMJGEbRRZ0frIHoB5
         Fs+kFKMhnDqHs1lSBkO7XnmGO1Rg/U1naSFFWhoAAGIvxEpNZ+5yfWWyjfMCs0f69RVa
         EA+Q==
X-Gm-Message-State: ABy/qLZTL5xAkiAhp4ZsvFqQn5gXm/82A01N7LaxC1iN9qZpG+fApT5N
	V6KLc1FSKPgJeHkN9oQuKdExHBY9I3Z21ZRlH7BL0r9I71Q=
X-Google-Smtp-Source: APBJJlF+77AI4bB9pwIDJ6xW2tao289jt7dQx8kbZaDaGKBHD7PmywiHZU823wSA6ymHhrPWmxhH6jwEYWz4zKQu3Gg=
X-Received: by 2002:a67:e903:0:b0:444:bf8f:a939 with SMTP id
 c3-20020a67e903000000b00444bf8fa939mr4649338vso.12.1688995066687; Mon, 10 Jul
 2023 06:17:46 -0700 (PDT)
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@freebsd.org
MIME-Version: 1.0
References: <6A5954CF-E4B4-4CFD-BCB3-652B89F2475A@bsd4all.org>
In-Reply-To: <6A5954CF-E4B4-4CFD-BCB3-652B89F2475A@bsd4all.org>
From: Alan Somers <asomers@freebsd.org>
Date: Mon, 10 Jul 2023 06:17:35 -0700
Message-ID: <CAOtMX2h+zyik44dqOSjzqr9a0fYZEK8pp3eXGyL7nJu_ciqigg@mail.gmail.com>
Subject: Re: ZFS Solaris: Cannot find the pool label
To: pblok@bsd4all.org
Cc: freebsd-hackers@freebsd.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Queue-Id: 4R04LN12SYz464v
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-ThisMailContainsUnwantedMimeParts: N

On Mon, Jul 10, 2023 at 1:18=E2=80=AFAM Peter Blok <pblok@bsd4all.org> wrot=
e:
>
> Hi,
>
> I have a small sized NAS with an on-board LSI SAS2308 controller in IR mo=
de, but with drives presented directly. Due to space constraints I=E2=80=99=
m booting of those drives, which host a RAID-Z pool. A known problem with t=
he on-board controller is that it is getting to hot and over time it dies s=
lowly with lots of controller resets. This happened before, but I had a spa=
re MB.
>
> Over the weekend this started to happen with my last spare MB. I still ha=
d a PCIe version of SAS2308 and plugged that with the drives into a newer m=
achine, because it doesn=E2=80=99t fit in the existing case.
>
> The boot loader is started but it stops with Solaris: Cannot find the boo=
t label for zroot
>
> When I add an extra drive on a SATA port and install FreeBSD ( same versi=
on 13-stable of a couple of days ago ) I can import the pool ok and scrub i=
t. No errors found, but booting stil fails the same way even when I physica=
lly disconnect the extra drive.
>
> There are differences:
>
> - PCIe controller runs in IT mode. Reported drive size in blocks is ident=
ical. Firmware is 17.0. based when the on-board had 20.0 (latest) and ran I=
R in pass-thru.
> - hardware is different
>
> Before I start upgrading firmware, I would like to investigate a bit more=
. (This is my last controller and I don=E2=80=99t want to brick it with new=
er firmware)
>
> Which label is ZFS complaining about and where is it located?
>
> Peter

At any point did you do `zpool upgrade` or `zpool set`?  Maybe you
activated a zpool feature that is too new for the bootloader to
understand.  You could try reinstalling the boot loader.
-Alan

From nobody Mon Jul 10 13:51:42 2023
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R055b5VSLz3cQjY
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Mon, 10 Jul 2023 13:51:47 +0000 (UTC)
	(envelope-from yuri@aetern.org)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4R055b2gP5z4DxQ
	for <freebsd-hackers@freebsd.org>; Mon, 10 Jul 2023 13:51:47 +0000 (UTC)
	(envelope-from yuri@aetern.org)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=aetern.org header.s=fm2 header.b=SqdGg7qj;
	dkim=pass header.d=messagingengine.com header.s=fm2 header.b="L 5Hs5r4";
	spf=pass (mx1.freebsd.org: domain of yuri@aetern.org designates 66.111.4.26 as permitted sender) smtp.mailfrom=yuri@aetern.org
Received: from compute2.internal (compute2.nyi.internal [10.202.2.46])
	by mailout.nyi.internal (Postfix) with ESMTP id 8737D5C00A7
	for <freebsd-hackers@freebsd.org>; Mon, 10 Jul 2023 09:51:45 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
  by compute2.internal (MEProxy); Mon, 10 Jul 2023 09:51:45 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aetern.org; h=cc
	:content-transfer-encoding:content-type:content-type:date:date
	:from:from:in-reply-to:in-reply-to:message-id:mime-version
	:references:reply-to:sender:subject:subject:to:to; s=fm2; t=
	1688997105; x=1689083505; bh=XojOcS9KJw3K56lC9v5HfeTsoHZn0WBxTeP
	aNQZDnH4=; b=SqdGg7qj+vytfJkip5bcX1X9TswIqoa7BOudGWFvc69iPlREJDI
	onUSeSsL5CPhRjqrf/AIinkKYuA75v/Y7JRRyR5DWtaVMxyFFi9mMR2wZ1du7UkK
	Q7ohZdRJdYzT4+V0hY4Dj3xqwmHQtIYl5glliQo99qmh0/g1AxOhEsYZcPkX3Ryz
	V1YEs/g9fY1L2ZmOuanKTCTX9DmHKE30iQeWrGHzzPXzr9PYFcaCd7r/0MPQFhAB
	3b+CIhBJzT3/f8uJsS9EddiCWtDzzJQnxRgPEYLW2KvOXNlPZJRTxlOO7aatNuSc
	l7s18rQfR5/4s232lnd9Pwl4fzvqTsQB2tw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-transfer-encoding:content-type
	:content-type:date:date:feedback-id:feedback-id:from:from
	:in-reply-to:in-reply-to:message-id:mime-version:references
	:reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy
	:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1688997105; x=
	1689083505; bh=XojOcS9KJw3K56lC9v5HfeTsoHZn0WBxTePaNQZDnH4=; b=L
	5Hs5r43MgyqhrSZmMJL7P/1KHzyPgli/PoBQthmxiP5DDqYLO6jRo48QizJCjGv6
	jk2pnugrtsCIiDZWQZJorAwUo961hGxliiDP94bPFRB0KD7ZbxViNHSn+L5gjWxi
	i359jzQeCPRnIeS72ITJ/N8AiUmc6ec5mNJAxvS6Ozukf67cgnqNkj6/ISrzQ7ZP
	Shh9PTw/Zb+hT57zD5zyi2YxcKITffnEJ1TnGWOD0VGKIj5o8PAt3BC0Bi3Xg4Pq
	iYTdWtYZyiQu5kL9gkC/zBDdukC516CrLsHU+JmqJ21wYy68fz9TPP0IZqhGxEdP
	a33UeWLjpadpu9LvnJwGQ==
X-ME-Sender: <xms:8QysZL5n1gKgbFxAA1RpqEkUoUr5x59O7Gk41Dw__Ew-DL0kTd4bxA>
    <xme:8QysZA78nIUYHWsOgjATiL78BrR1Tm5wVYbzmPM4kMJ0cGbLoH00be9jrCEGlypLF
    -nPn2cGq3VasDvkUJI>
X-ME-Received: <xmr:8QysZCc-lGYDnBZG7aDx5_ShV_N5ZQs9CA7CrIs_NcrlMo72VtfL9h_2cWND_tVw1A>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedviedrvdekgdeitdcutefuodetggdotefrodftvf
    curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
    uegrihhlohhuthemuceftddtnecunecujfgurhepkfffgggfuffvfhfhjggtgfesthekre
    dttdefjeenucfhrhhomhepjghurhhiuceohihurhhisegrvghtvghrnhdrohhrgheqnecu
    ggftrfgrthhtvghrnhephedtkeehfeelueehgfeuteegveeukedtuddtgeffhfeuueetle
    egieetveejueevnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhf
    rhhomhephihurhhisegrvghtvghrnhdrohhrgh
X-ME-Proxy: <xmx:8QysZMLszD_zUHg1Yg8oONmV5-8rEskmjbwJgFQpNI2OkXUqUE6f_g>
    <xmx:8QysZPLeEgLZg-jZjRrnVb1ogMIJ_bFXk-nYtsbN1jrrRQatt906ag>
    <xmx:8QysZFz1VLrHgcXnMENeYA9y5KSgx1b8mFueFm00F696YFyscwtzDQ>
    <xmx:8QysZKlik0n2AMM7Z6EGgF5k3lk7p0iS__2QcdGQGxMCiPfA4gGgjg>
Feedback-ID: i0d79475b:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for
 <freebsd-hackers@freebsd.org>; Mon, 10 Jul 2023 09:51:44 -0400 (EDT)
Message-ID: <d5ef569e-ec0f-b90a-2ed6-f035d6003032@aetern.org>
Date: Mon, 10 Jul 2023 15:51:42 +0200
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@freebsd.org
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
 Thunderbird/102.13.0
Subject: Re: ZFS Solaris: Cannot find the pool label
Content-Language: en-US
To: freebsd-hackers@freebsd.org
References: <6A5954CF-E4B4-4CFD-BCB3-652B89F2475A@bsd4all.org>
From: Yuri <yuri@aetern.org>
In-Reply-To: <6A5954CF-E4B4-4CFD-BCB3-652B89F2475A@bsd4all.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 4R055b2gP5z4DxQ
X-Spamd-Bar: /
X-Spamd-Result: default: False [-0.40 / 15.00];
	R_SPF_ALLOW(-0.20)[+ip4:66.111.4.26];
	R_DKIM_ALLOW(-0.20)[aetern.org:s=fm2,messagingengine.com:s=fm2];
	ASN(0.00)[asn:19151, ipnet:66.111.4.0/24, country:US];
	DKIM_TRACE(0.00)[aetern.org:+,messagingengine.com:+];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
	local_wl_from(0.00)[yuri@aetern.org]
X-Rspamd-Pre-Result: action=no action;
	module=multimap;
	Matched map: local_wl_from
X-ThisMailContainsUnwantedMimeParts: N

Peter Blok wrote:
> Hi,
> 
> I have a small sized NAS with an on-board LSI SAS2308 controller in IR mode, but with drives presented directly. Due to space constraints I’m booting of those drives, which host a RAID-Z pool. A known problem with the on-board controller is that it is getting to hot and over time it dies slowly with lots of controller resets. This happened before, but I had a spare MB.
> 
> Over the weekend this started to happen with my last spare MB. I still had a PCIe version of SAS2308 and plugged that with the drives into a newer machine, because it doesn’t fit in the existing case.
> 
> The boot loader is started but it stops with Solaris: Cannot find the boot label for zroot

Is this exact error message (you have it worded differently in subject)
as I can't find that string anywhere in source (or history)?

> When I add an extra drive on a SATA port and install FreeBSD ( same version 13-stable of a couple of days ago ) I can import the pool ok and scrub it. No errors found, but booting stil fails the same way even when I physically disconnect the extra drive.
> 
> There are differences:
> 
> - PCIe controller runs in IT mode. Reported drive size in blocks is identical. Firmware is 17.0. based when the on-board had 20.0 (latest) and ran IR in pass-thru.
> - hardware is different
> 
> Before I start upgrading firmware, I would like to investigate a bit more. (This is my last controller and I don’t want to brick it with newer firmware)
> 
> Which label is ZFS complaining about and where is it located?


From nobody Mon Jul 10 13:54:46 2023
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R059H3bK5z3cRs3
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Mon, 10 Jul 2023 13:54:59 +0000 (UTC)
	(envelope-from nonesuch@longcount.org)
Received: from mail-vk1-xa2e.google.com (mail-vk1-xa2e.google.com [IPv6:2607:f8b0:4864:20::a2e])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4R059G34ykz4GRJ
	for <freebsd-hackers@freebsd.org>; Mon, 10 Jul 2023 13:54:58 +0000 (UTC)
	(envelope-from nonesuch@longcount.org)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=longcount.org header.s=google header.b=Q2J7XIwn;
	spf=pass (mx1.freebsd.org: domain of nonesuch@longcount.org designates 2607:f8b0:4864:20::a2e as permitted sender) smtp.mailfrom=nonesuch@longcount.org;
	dmarc=none
Received: by mail-vk1-xa2e.google.com with SMTP id 71dfb90a1353d-47e8934d3easo1151312e0c.1
        for <freebsd-hackers@freebsd.org>; Mon, 10 Jul 2023 06:54:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=longcount.org; s=google; t=1688997297; x=1691589297;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :from:to:cc:subject:date:message-id:reply-to;
        bh=wimCFP9eNccnjcdShSBUcSlJYo6l1D8qLXO+TnEvTOc=;
        b=Q2J7XIwny1n3+Z143PvxzQhjJXJfdAwtA1fwJL57r3Tkmx5DewWXngrbZzP5SSzpF7
         j2MsSt8u5JkG0YPrSnblcvnPhMr4uf2zQ8VxdnpGmhQ1RbRd8N+GbylterpMKeF5ws3+
         FFltfVQ7H9Pe/NraklLP3Jmo2Tbp09wc504EDS+MFwjiOfTzTcddP9RCopUbmaD9PXiQ
         j1uMKmplu6MeluQ51VNFISGVidgFGg7d+3hK1S7WZIvcqa2uAAqkYqj3rBlDdR6m9oFf
         fkA8ZLe8siduyef9RyGqlgHYNXhYLcuLWjMSVgkj+YqSQJojyejrLYWtdT7nqJ2Eh+ta
         3CDA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1688997297; x=1691589297;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=wimCFP9eNccnjcdShSBUcSlJYo6l1D8qLXO+TnEvTOc=;
        b=cFAK7yPKC3vwDF7CUz8vhnnQk1MNA7xloJ0nkAf8waj/CLiMMSLPjirdpd56Vmb65B
         jGAsZAWGwH3q3K7a4GPI9riC2NN8T7N2gFziSmv01ddB+2INeTV/8i3GcOOl+FbASH49
         TqMNbl5mXxEj7MAo33tRSMZAt3uiIQRDvJ7o5DJ5iPeGR11NWqonjIThzZtt3Y2zxoUn
         AlEonWiWfwHtO/R6GQ9qniODEODKg9L4qm/RxDCcw0B7Jm3UZRLJAh+ajU3XtERd8DVQ
         jb+eKi73drhC1n7gzpJPmr2uRr/mt43qPicBdXFAG4QdHk817VV/uXwUOyl9dhtAXLtz
         zY1Q==
X-Gm-Message-State: ABy/qLZj4IhBiY1IfTrrk14qWApXwmqAeWjZFM4IZJPxcUstdfE9hgEA
	wMcfiHmOQvvq2TDN66YfbO97HTj3qlG0V2YYi07mgbYzA+/nD3RtL/NPKw==
X-Google-Smtp-Source: APBJJlGDPFIoxhyQdUFdKY+fBIyhrBwWj4EKTkf9/bgr9vs2JafLEp+Gpn/8bWIBwZXVxtqJHi5ODV5hW/lVkZXkqAU=
X-Received: by 2002:a1f:5c42:0:b0:47e:22fd:7b65 with SMTP id
 q63-20020a1f5c42000000b0047e22fd7b65mr3613131vkb.14.1688997297364; Mon, 10
 Jul 2023 06:54:57 -0700 (PDT)
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@freebsd.org
MIME-Version: 1.0
References: <6A5954CF-E4B4-4CFD-BCB3-652B89F2475A@bsd4all.org> <CAOtMX2h+zyik44dqOSjzqr9a0fYZEK8pp3eXGyL7nJu_ciqigg@mail.gmail.com>
In-Reply-To: <CAOtMX2h+zyik44dqOSjzqr9a0fYZEK8pp3eXGyL7nJu_ciqigg@mail.gmail.com>
From: Mark Saad <nonesuch@longcount.org>
Date: Mon, 10 Jul 2023 09:54:46 -0400
Message-ID: <CAMXt9NZZG37TSqs+sufSieTE4pDwCdK1EizH1wAGJ2qEChkwRg@mail.gmail.com>
Subject: Re: ZFS Solaris: Cannot find the pool label
To: freebsd-hackers@freebsd.org
Content-Type: multipart/alternative; boundary="000000000000efb85f06002253a0"
X-Spamd-Result: default: False [-3.49 / 15.00];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-0.99)[-0.993];
	R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36];
	R_DKIM_ALLOW(-0.20)[longcount.org:s=google];
	MIME_GOOD(-0.10)[multipart/alternative,text/plain];
	RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::a2e:from];
	RCVD_TLS_LAST(0.00)[];
	MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org];
	FROM_EQ_ENVFROM(0.00)[];
	MIME_TRACE(0.00)[0:+,1:+,2:~];
	DKIM_TRACE(0.00)[longcount.org:+];
	ARC_NA(0.00)[];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	FROM_HAS_DN(0.00)[];
	DMARC_NA(0.00)[longcount.org];
	TO_DN_NONE(0.00)[];
	RCPT_COUNT_ONE(0.00)[1];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
	RCVD_COUNT_TWO(0.00)[2]
X-Rspamd-Queue-Id: 4R059G34ykz4GRJ
X-Spamd-Bar: ---
X-ThisMailContainsUnwantedMimeParts: N

--000000000000efb85f06002253a0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

pblock
   I have added case exhaust fans in the past to help deal with overheating
cards. Not sure if this will help, but it's inexpensive .
https://www.startech.com/en-us/computer-parts/fancase

On Mon, Jul 10, 2023 at 9:18=E2=80=AFAM Alan Somers <asomers@freebsd.org> w=
rote:

> On Mon, Jul 10, 2023 at 1:18=E2=80=AFAM Peter Blok <pblok@bsd4all.org> wr=
ote:
> >
> > Hi,
> >
> > I have a small sized NAS with an on-board LSI SAS2308 controller in IR
> mode, but with drives presented directly. Due to space constraints I=E2=
=80=99m
> booting of those drives, which host a RAID-Z pool. A known problem with t=
he
> on-board controller is that it is getting to hot and over time it dies
> slowly with lots of controller resets. This happened before, but I had a
> spare MB.
> >
> > Over the weekend this started to happen with my last spare MB. I still
> had a PCIe version of SAS2308 and plugged that with the drives into a new=
er
> machine, because it doesn=E2=80=99t fit in the existing case.
> >
> > The boot loader is started but it stops with Solaris: Cannot find the
> boot label for zroot
> >
> > When I add an extra drive on a SATA port and install FreeBSD ( same
> version 13-stable of a couple of days ago ) I can import the pool ok and
> scrub it. No errors found, but booting stil fails the same way even when =
I
> physically disconnect the extra drive.
> >
> > There are differences:
> >
> > - PCIe controller runs in IT mode. Reported drive size in blocks is
> identical. Firmware is 17.0. based when the on-board had 20.0 (latest) an=
d
> ran IR in pass-thru.
> > - hardware is different
> >
> > Before I start upgrading firmware, I would like to investigate a bit
> more. (This is my last controller and I don=E2=80=99t want to brick it wi=
th newer
> firmware)
> >
> > Which label is ZFS complaining about and where is it located?
> >
> > Peter
>
> At any point did you do `zpool upgrade` or `zpool set`?  Maybe you
> activated a zpool feature that is too new for the bootloader to
> understand.  You could try reinstalling the boot loader.
> -Alan
>
>

--=20
mark saad | nonesuch@longcount.org

--000000000000efb85f06002253a0
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>pblock</div><div>=C2=A0=C2=A0 I have added case exhau=
st fans in the past to help deal with overheating cards. Not sure if this w=
ill help, but it&#39;s inexpensive . <a href=3D"https://www.startech.com/en=
-us/computer-parts/fancase">https://www.startech.com/en-us/computer-parts/f=
ancase</a></div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=
=3D"gmail_attr">On Mon, Jul 10, 2023 at 9:18=E2=80=AFAM Alan Somers &lt;<a =
href=3D"mailto:asomers@freebsd.org">asomers@freebsd.org</a>&gt; wrote:<br><=
/div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;bo=
rder-left:1px solid rgb(204,204,204);padding-left:1ex">On Mon, Jul 10, 2023=
 at 1:18=E2=80=AFAM Peter Blok &lt;<a href=3D"mailto:pblok@bsd4all.org" tar=
get=3D"_blank">pblok@bsd4all.org</a>&gt; wrote:<br>
&gt;<br>
&gt; Hi,<br>
&gt;<br>
&gt; I have a small sized NAS with an on-board LSI SAS2308 controller in IR=
 mode, but with drives presented directly. Due to space constraints I=E2=80=
=99m booting of those drives, which host a RAID-Z pool. A known problem wit=
h the on-board controller is that it is getting to hot and over time it die=
s slowly with lots of controller resets. This happened before, but I had a =
spare MB.<br>
&gt;<br>
&gt; Over the weekend this started to happen with my last spare MB. I still=
 had a PCIe version of SAS2308 and plugged that with the drives into a newe=
r machine, because it doesn=E2=80=99t fit in the existing case.<br>
&gt;<br>
&gt; The boot loader is started but it stops with Solaris: Cannot find the =
boot label for zroot<br>
&gt;<br>
&gt; When I add an extra drive on a SATA port and install FreeBSD ( same ve=
rsion 13-stable of a couple of days ago ) I can import the pool ok and scru=
b it. No errors found, but booting stil fails the same way even when I phys=
ically disconnect the extra drive.<br>
&gt;<br>
&gt; There are differences:<br>
&gt;<br>
&gt; - PCIe controller runs in IT mode. Reported drive size in blocks is id=
entical. Firmware is 17.0. based when the on-board had 20.0 (latest) and ra=
n IR in pass-thru.<br>
&gt; - hardware is different<br>
&gt;<br>
&gt; Before I start upgrading firmware, I would like to investigate a bit m=
ore. (This is my last controller and I don=E2=80=99t want to brick it with =
newer firmware)<br>
&gt;<br>
&gt; Which label is ZFS complaining about and where is it located?<br>
&gt;<br>
&gt; Peter<br>
<br>
At any point did you do `zpool upgrade` or `zpool set`?=C2=A0 Maybe you<br>
activated a zpool feature that is too new for the bootloader to<br>
understand.=C2=A0 You could try reinstalling the boot loader.<br>
-Alan<br>
<br>
</blockquote></div><br clear=3D"all"><br><span class=3D"gmail_signature_pre=
fix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature">mark saad | <=
a href=3D"mailto:nonesuch@longcount.org" target=3D"_blank">nonesuch@longcou=
nt.org</a><br></div>

--000000000000efb85f06002253a0--

From nobody Tue Jul 11 11:58:43 2023
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R0fXq34y3z2tmCS
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Tue, 11 Jul 2023 11:58:51 +0000 (UTC)
	(envelope-from pblok@bsd4all.org)
Received: from mail.bsd4all.org (mail.bsd4all.org [88.99.169.216])
	by mx1.freebsd.org (Postfix) with ESMTP id 4R0fXq0Zf5z3qp9
	for <freebsd-hackers@freebsd.org>; Tue, 11 Jul 2023 11:58:51 +0000 (UTC)
	(envelope-from pblok@bsd4all.org)
Authentication-Results: mx1.freebsd.org;
	none
Received: from mail.bsd4all.org (localhost [127.0.0.1])
	by mail.bsd4all.org (Postfix) with ESMTP id 67B4662B5;
	Tue, 11 Jul 2023 13:58:48 +0200 (CEST)
X-Virus-Scanned: amavisd-new at bsd4all.org
Received: from mail.bsd4all.org ([127.0.0.1])
	by mail.bsd4all.org (mail.bsd4all.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id yo6mx58MXP8K; Tue, 11 Jul 2023 13:58:47 +0200 (CEST)
Received: from smtpclient.apple (pony_ip [204.168.249.121])
	by mail.bsd4all.org (Postfix) with ESMTPSA id B572462B4;
	Tue, 11 Jul 2023 13:58:47 +0200 (CEST)
Content-Type: text/plain;
	charset=utf-8
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@freebsd.org
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.3\))
Subject: Re: ZFS Solaris: Cannot find the pool label
From: Peter Blok <pblok@bsd4all.org>
In-Reply-To: <d5ef569e-ec0f-b90a-2ed6-f035d6003032@aetern.org>
Date: Tue, 11 Jul 2023 13:58:43 +0200
Cc: freebsd-hackers@freebsd.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <B42FCC63-4D2C-4BAF-9BF7-314961BF3C90@bsd4all.org>
References: <6A5954CF-E4B4-4CFD-BCB3-652B89F2475A@bsd4all.org>
 <d5ef569e-ec0f-b90a-2ed6-f035d6003032@aetern.org>
To: Yuri <yuri@aetern.org>
X-Mailer: Apple Mail (2.3696.120.41.1.3)
X-Rspamd-Queue-Id: 4R0fXq0Zf5z3qp9
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:24940, ipnet:88.99.0.0/16, country:DE]
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-ThisMailContainsUnwantedMimeParts: N

Yuri,

The exact message is in =
sys/contrib/openzfs/module/os/freebsd/zfs/spa_os.c:231 "Cannot find the =
pool label for %s, which is zroot in my case.

Peter

> On 10 Jul 2023, at 15:51, Yuri <yuri@aetern.org> wrote:
>=20
> Peter Blok wrote:
>> Hi,
>>=20
>> I have a small sized NAS with an on-board LSI SAS2308 controller in =
IR mode, but with drives presented directly. Due to space constraints =
I=E2=80=99m booting of those drives, which host a RAID-Z pool. A known =
problem with the on-board controller is that it is getting to hot and =
over time it dies slowly with lots of controller resets. This happened =
before, but I had a spare MB.
>>=20
>> Over the weekend this started to happen with my last spare MB. I =
still had a PCIe version of SAS2308 and plugged that with the drives =
into a newer machine, because it doesn=E2=80=99t fit in the existing =
case.
>>=20
>> The boot loader is started but it stops with Solaris: Cannot find the =
boot label for zroot
>=20
> Is this exact error message (you have it worded differently in =
subject)
> as I can't find that string anywhere in source (or history)?
>=20
>> When I add an extra drive on a SATA port and install FreeBSD ( same =
version 13-stable of a couple of days ago ) I can import the pool ok and =
scrub it. No errors found, but booting stil fails the same way even when =
I physically disconnect the extra drive.
>>=20
>> There are differences:
>>=20
>> - PCIe controller runs in IT mode. Reported drive size in blocks is =
identical. Firmware is 17.0. based when the on-board had 20.0 (latest) =
and ran IR in pass-thru.
>> - hardware is different
>>=20
>> Before I start upgrading firmware, I would like to investigate a bit =
more. (This is my last controller and I don=E2=80=99t want to brick it =
with newer firmware)
>>=20
>> Which label is ZFS complaining about and where is it located?
>=20
>=20


From nobody Tue Jul 11 12:05:34 2023
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R0fhc40YXz2tmP2
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Tue, 11 Jul 2023 12:05:36 +0000 (UTC)
	(envelope-from pblok@bsd4all.org)
Received: from mail.bsd4all.org (mail.bsd4all.org [88.99.169.216])
	by mx1.freebsd.org (Postfix) with ESMTP id 4R0fhc3FXmz3sPF;
	Tue, 11 Jul 2023 12:05:36 +0000 (UTC)
	(envelope-from pblok@bsd4all.org)
Authentication-Results: mx1.freebsd.org;
	none
Received: from mail.bsd4all.org (localhost [127.0.0.1])
	by mail.bsd4all.org (Postfix) with ESMTP id DC68062B8;
	Tue, 11 Jul 2023 14:05:39 +0200 (CEST)
X-Virus-Scanned: amavisd-new at bsd4all.org
Received: from mail.bsd4all.org ([127.0.0.1])
	by mail.bsd4all.org (mail.bsd4all.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id h7s8ihe-MIb3; Tue, 11 Jul 2023 14:05:39 +0200 (CEST)
Received: from smtpclient.apple (pony_ip [204.168.249.121])
	by mail.bsd4all.org (Postfix) with ESMTPSA id 576B76266;
	Tue, 11 Jul 2023 14:05:39 +0200 (CEST)
Content-Type: text/plain;
	charset=utf-8
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@freebsd.org
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.3\))
Subject: Re: SOLVED: ZFS Solaris: Cannot find the pool label
From: Peter Blok <pblok@bsd4all.org>
In-Reply-To: <CAOtMX2h+zyik44dqOSjzqr9a0fYZEK8pp3eXGyL7nJu_ciqigg@mail.gmail.com>
Date: Tue, 11 Jul 2023 14:05:34 +0200
Cc: freebsd-hackers@freebsd.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <96F2B721-5096-41FB-9763-510F8F1F4C8D@bsd4all.org>
References: <6A5954CF-E4B4-4CFD-BCB3-652B89F2475A@bsd4all.org>
 <CAOtMX2h+zyik44dqOSjzqr9a0fYZEK8pp3eXGyL7nJu_ciqigg@mail.gmail.com>
To: Alan Somers <asomers@freebsd.org>
X-Mailer: Apple Mail (2.3696.120.41.1.3)
X-Rspamd-Queue-Id: 4R0fhc3FXmz3sPF
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:24940, ipnet:88.99.0.0/16, country:DE]
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-ThisMailContainsUnwantedMimeParts: N

Hi Alan,

Your suggestion might be related. On all 6 drives I have boot partitions =
and UEFI partitions. I assumed the order in which the drives were =
presented was the same as with the on-board controller, but that was not =
the case. It used the loader.efi from a different disk in the new =
system. There was only one UEFI partition I apparantly did not update =
and that happened to be the one that was picked in the new system.

I took the UEFI partition from the freshly installed external disk and =
copied it on all and now the system boots.


Thanks a lot,

Peter



> On 10 Jul 2023, at 15:17, Alan Somers <asomers@freebsd.org> wrote:
>=20
> On Mon, Jul 10, 2023 at 1:18=E2=80=AFAM Peter Blok <pblok@bsd4all.org> =
wrote:
>>=20
>> Hi,
>>=20
>> I have a small sized NAS with an on-board LSI SAS2308 controller in =
IR mode, but with drives presented directly. Due to space constraints =
I=E2=80=99m booting of those drives, which host a RAID-Z pool. A known =
problem with the on-board controller is that it is getting to hot and =
over time it dies slowly with lots of controller resets. This happened =
before, but I had a spare MB.
>>=20
>> Over the weekend this started to happen with my last spare MB. I =
still had a PCIe version of SAS2308 and plugged that with the drives =
into a newer machine, because it doesn=E2=80=99t fit in the existing =
case.
>>=20
>> The boot loader is started but it stops with Solaris: Cannot find the =
boot label for zroot
>>=20
>> When I add an extra drive on a SATA port and install FreeBSD ( same =
version 13-stable of a couple of days ago ) I can import the pool ok and =
scrub it. No errors found, but booting stil fails the same way even when =
I physically disconnect the extra drive.
>>=20
>> There are differences:
>>=20
>> - PCIe controller runs in IT mode. Reported drive size in blocks is =
identical. Firmware is 17.0. based when the on-board had 20.0 (latest) =
and ran IR in pass-thru.
>> - hardware is different
>>=20
>> Before I start upgrading firmware, I would like to investigate a bit =
more. (This is my last controller and I don=E2=80=99t want to brick it =
with newer firmware)
>>=20
>> Which label is ZFS complaining about and where is it located?
>>=20
>> Peter
>=20
> At any point did you do `zpool upgrade` or `zpool set`?  Maybe you
> activated a zpool feature that is too new for the bootloader to
> understand.  You could try reinstalling the boot loader.
> -Alan
>=20


From nobody Wed Jul 12 17:45:02 2023
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R1Q9v4Z9gz4mc2k
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Wed, 12 Jul 2023 17:45:07 +0000 (UTC)
	(envelope-from void@f-m.fm)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4R1Q9t1Wpsz4MbG
	for <freebsd-hackers@freebsd.org>; Wed, 12 Jul 2023 17:45:06 +0000 (UTC)
	(envelope-from void@f-m.fm)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=f-m.fm header.s=fm2 header.b=FGTl6+kb;
	dkim=pass header.d=messagingengine.com header.s=fm2 header.b=eZ6Dr3he;
	spf=pass (mx1.freebsd.org: domain of void@f-m.fm designates 66.111.4.27 as permitted sender) smtp.mailfrom=void@f-m.fm;
	dmarc=pass (policy=none) header.from=f-m.fm
Received: from compute6.internal (compute6.nyi.internal [10.202.2.47])
	by mailout.nyi.internal (Postfix) with ESMTP id 856CA5C00C5
	for <freebsd-hackers@freebsd.org>; Wed, 12 Jul 2023 13:45:04 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
  by compute6.internal (MEProxy); Wed, 12 Jul 2023 13:45:04 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=f-m.fm; h=cc
	:content-type:content-type:date:date:from:from:in-reply-to
	:message-id:mime-version:reply-to:sender:subject:subject:to:to;
	 s=fm2; t=1689183904; x=1689270304; bh=FFzIKFKVSCnGbidi+YZ6ylFTf
	w+ItM29aphtuVs8D6I=; b=FGTl6+kbThxGvY/BevfPnAUIEIt4SnTXv6SRDhCPl
	h+AdEcVpZ22C1l4jXUExDd/WwQyrntBsNi35cBNZwI9FjQ1yJ2W+GiMSsHyil7Fk
	FoCs4t29VFnaJ2LL0WDUVHVEp8f2l6h4e08FVITnphWsJhqt4dRFLxdbwOJNAH0w
	pUj4nCx9I6bn3rbQmPpXC8AI6MrsSuJ6oUjjEyFXOaITRFTT34cd7a5eUeDFwGC/
	JTpT4DZwzVG4PbV7qD7IUmsTYhrzF9/UvI8op1D0CUvwlzT6PE/N0Ahh2w7vO3km
	VJnRvsg5MkXWjzVTfQo+yaNYrOsqtaz3PVCu/PJGnuyDw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-type:content-type:date:date
	:feedback-id:feedback-id:from:from:in-reply-to:message-id
	:mime-version:reply-to:sender:subject:subject:to:to:x-me-proxy
	:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=
	1689183904; x=1689270304; bh=FFzIKFKVSCnGbidi+YZ6ylFTfw+ItM29aph
	tuVs8D6I=; b=eZ6Dr3heK0CG7obwwZhs0OqBPaIPxLVuzBgPK/OwQnaAgubtUAq
	8OZeQeOdfYw6r8AJ77lPaaZyR+R+rYtHIsarGi4M95Hff+DcyHyeljtryyrS4/Zx
	BDqkcfnMhLgAugUX5i4gyLSlsFSZRoLp3oFKmPDznqODhVg1oiUuCtifZTJ5hBbv
	9FhdTMnQ+dFtHzHpqq2YUqX36zn4PonANxzzxd76mfovrttxF2TgVVQDloTEdKlW
	rOSc1EVDJ9nyuneoo3SOLNbvS0Is00pYIAhliPqYOlqkz9Md5dv7u1z+nxl4acrp
	+Z3aCMo+afjk5Ze1ObCkOE3TVCaIKnmilLg==
X-ME-Sender: <xms:oOauZHnAgtbg5uXytcz4nIbe3FBMyGdYqGfXQtXG7LbOhi1SfXkhAw>
    <xme:oOauZK3FGnR0oiPh-3PgsFuu9-GhmEpR_pmj2YaCFv4j8R1r3uVYYZfmm_7S_rLNj
    Ta78Xvra5W6tcCFiQ>
X-ME-Received: <xmr:oOauZNrw27V46VzJpBFrN-jKVFPisMD2lA00Q1ZJfrgpYnJyL5MW2vEy9IiwEjjT70Px>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedviedrfedvgdduudeiucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
    uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkgggtugesthdtredttd
    dtvdenucfhrhhomhepvhhoihguuceovhhoihgusehfqdhmrdhfmheqnecuggftrfgrthht
    vghrnhepveduffeivdfffffghfegfeejfefftdeiteehteekfefhvdefgfettdeuheegff
    eunecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepvhho
    ihgusehfqdhmrdhfmh
X-ME-Proxy: <xmx:oOauZPnU5GI4Me_4RnDXTwAUrMPOTX88QqnWwVSXGu__-hK_gYMN2w>
    <xmx:oOauZF0oljLGIzXF4-Sp1b8bNsV22v4a6fyij3lJRcvCCSNh0sjyDw>
    <xmx:oOauZOtZ1c4DPosYW_bXVXc_D-gyNTyI_T_tp7I2weUdHvCHzbs6Uw>
    <xmx:oOauZCgh_wzWGSpe00c2bh94ZdNdlKJmuYokQmmVP5gMbi_K5uhPzg>
Feedback-ID: i2541463c:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for
 <freebsd-hackers@freebsd.org>; Wed, 12 Jul 2023 13:45:03 -0400 (EDT)
Date: Wed, 12 Jul 2023 18:45:02 +0100
From: void <void@f-m.fm>
To: freebsd-hackers@freebsd.org
Subject: dis/advantages of compiling in-kernel over kldload
Message-ID: <ZK7mnohS12eEYoV2@int21h>
Mail-Followup-To: freebsd-hackers@freebsd.org
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
X-Spamd-Result: default: False [-4.55 / 15.00];
	DWL_DNSWL_LOW(-1.00)[messagingengine.com:dkim];
	NEURAL_HAM_MEDIUM(-0.98)[-0.984];
	NEURAL_HAM_SHORT(-0.98)[-0.982];
	NEURAL_HAM_LONG(-0.98)[-0.982];
	DMARC_POLICY_ALLOW(-0.50)[f-m.fm,none];
	MID_RHS_NOT_FQDN(0.50)[];
	R_SPF_ALLOW(-0.20)[+ip4:66.111.4.27];
	R_DKIM_ALLOW(-0.20)[f-m.fm:s=fm2,messagingengine.com:s=fm2];
	MIME_GOOD(-0.10)[text/plain];
	RCVD_IN_DNSWL_LOW(-0.10)[66.111.4.27:from];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
	FROM_HAS_DN(0.00)[];
	RCPT_COUNT_ONE(0.00)[1];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	ARC_NA(0.00)[];
	RCVD_TLS_LAST(0.00)[];
	ASN(0.00)[asn:19151, ipnet:66.111.4.0/24, country:US];
	RCVD_COUNT_THREE(0.00)[4];
	TO_DN_NONE(0.00)[];
	FREEMAIL_FROM(0.00)[f-m.fm];
	MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org];
	DKIM_TRACE(0.00)[f-m.fm:+,messagingengine.com:+];
	MIME_TRACE(0.00)[0:+];
	FROM_EQ_ENVFROM(0.00)[];
	FREEMAIL_ENVFROM(0.00)[f-m.fm];
	RCVD_VIA_SMTP_AUTH(0.00)[]
X-Rspamd-Queue-Id: 4R1Q9t1Wpsz4MbG
X-Spamd-Bar: ----
X-ThisMailContainsUnwantedMimeParts: N

Hello hackers@

(for context this is on recent -current)

in man(4) pf we have

SYNOPSIS
      device pf
      options PF_DEFAULT_TO_DROP

no real mention if it being loaded in rc.conf.

But when it is loaded in (just) rc.conf with pf_enable=YES
it gets loaded as a kld. 

Is there an advantage in compiling it in the kernel?
Is there a disadvantage in it being compiled in the kernel?

If it's compiled in the kernel, does the system still require
pf_enable=YES in rc.conf?
-- 

From nobody Wed Jul 12 17:53:32 2023
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R1QMt18Bgz4mfXx
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Wed, 12 Jul 2023 17:53:46 +0000 (UTC)
	(envelope-from wlosh@bsdimp.com)
Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com [IPv6:2a00:1450:4864:20::533])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4R1QMr69F8z4Pbt
	for <freebsd-hackers@freebsd.org>; Wed, 12 Jul 2023 17:53:44 +0000 (UTC)
	(envelope-from wlosh@bsdimp.com)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=bsdimp-com.20221208.gappssmtp.com header.s=20221208 header.b="zI/ZvMuU";
	spf=none (mx1.freebsd.org: domain of wlosh@bsdimp.com has no SPF policy when checking 2a00:1450:4864:20::533) smtp.mailfrom=wlosh@bsdimp.com;
	dmarc=none
Received: by mail-ed1-x533.google.com with SMTP id 4fb4d7f45d1cf-51a52a7d859so2301345a12.0
        for <freebsd-hackers@freebsd.org>; Wed, 12 Jul 2023 10:53:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=bsdimp-com.20221208.gappssmtp.com; s=20221208; t=1689184423; x=1691776423;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :from:to:cc:subject:date:message-id:reply-to;
        bh=tJFxSeIRuQ449GYeSclakGdbDMoHuqV6osy6t7YZiJc=;
        b=zI/ZvMuUdI4/0kL+us5ye6eprGG4Jnhg+TW2zXE6XXkdgK968nVnPmgKsFtBR895uh
         MfPV/UoGeb/IgHP65GaPfkQj/b5DOsGlxrjlRh8SgviHVSG/iIFLLyIofISAh1zdJTiD
         mG+l+8bCZuUSwExtwSSUGEoxPzlAaTN2Ns6Z+uc2rKRWT2VdhJGytCR3J8slTaps/4cf
         +SWPKaznfbItrBbUuVLTc6v/tGGKkXthvjMBfdKYGmOQgXiv11RtzKtXQHPjTDwiBVnT
         s4amsaUnS0zZaKW0UJg8entqAFBZnEpZlBgdbeu6aJK4pThFYN+5fk59pbeCC/VKM55W
         3jBA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1689184423; x=1691776423;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=tJFxSeIRuQ449GYeSclakGdbDMoHuqV6osy6t7YZiJc=;
        b=dXYBfnIKcvvlCHmTI890hPvrp68HahijBEOnou8YhRGIRkT8yKZvAN/3Y1JReN2s3F
         XoRsbDKEdP3tmXqseKUI0bWvP1JxB2IZsa3izrXxaukBPpK+IEXHL2xxbc07nNu2mgYq
         JGMIVih2c+ypf56Sh3e1243hOsAdlJ2QUJV3P+5jjtOoZJIax/r7FBAh4AuY2rapFpqa
         uXGR5C8CmMVCHtA5tTtpzptbRDcNYuxtxHLJebeuTI1ecd8BblA67YlOISoc5VJ5y7m0
         pQ7aLtH/MVTSSnAGYqXc5YVA44E16Lo4FZAuAwg6749NgoP+2iNaEMgbr/NiaGrryEmO
         kytw==
X-Gm-Message-State: ABy/qLbLJfY2qhxGoLBcH5Dabr/AqEck1XRxS4X5zV9fuTPzjwBvK3WQ
	BAox7TdveXjJedeuMY3H5LZQr/JXorPe8sPac183W+PJbZhnTG75
X-Google-Smtp-Source: APBJJlHkwP7p01fB1GpjcBJyEbQ22iGXoHDA5vVjHpmAzJruRSWkItkrszaGAdnmYySzwPlhCZS9FEZgI46MB++vupA=
X-Received: by 2002:aa7:d909:0:b0:51d:e2ee:33ff with SMTP id
 a9-20020aa7d909000000b0051de2ee33ffmr3816403edr.7.1689184423118; Wed, 12 Jul
 2023 10:53:43 -0700 (PDT)
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@freebsd.org
MIME-Version: 1.0
References: <ZK7mnohS12eEYoV2@int21h>
In-Reply-To: <ZK7mnohS12eEYoV2@int21h>
From: Warner Losh <imp@bsdimp.com>
Date: Wed, 12 Jul 2023 11:53:32 -0600
Message-ID: <CANCZdfo1z9xq2+ZNoYmudxkrR9=c_9Eg9NOECKU8kwgoGi7pbA@mail.gmail.com>
Subject: Re: dis/advantages of compiling in-kernel over kldload
To: freebsd-hackers@freebsd.org
Content-Type: multipart/alternative; boundary="000000000000801ddf06004de578"
X-Spamd-Result: default: False [-3.00 / 15.00];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-1.00)[-0.997];
	FORGED_SENDER(0.30)[imp@bsdimp.com,wlosh@bsdimp.com];
	R_DKIM_ALLOW(-0.20)[bsdimp-com.20221208.gappssmtp.com:s=20221208];
	MIME_GOOD(-0.10)[multipart/alternative,text/plain];
	RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::533:from];
	MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org];
	RCVD_TLS_LAST(0.00)[];
	ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US];
	MIME_TRACE(0.00)[0:+,1:+,2:~];
	R_SPF_NA(0.00)[no SPF record];
	ARC_NA(0.00)[];
	DMARC_NA(0.00)[bsdimp.com];
	FROM_NEQ_ENVFROM(0.00)[imp@bsdimp.com,wlosh@bsdimp.com];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	FROM_HAS_DN(0.00)[];
	DKIM_TRACE(0.00)[bsdimp-com.20221208.gappssmtp.com:+];
	TO_DN_NONE(0.00)[];
	RCPT_COUNT_ONE(0.00)[1];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
	RCVD_COUNT_TWO(0.00)[2]
X-Rspamd-Queue-Id: 4R1QMr69F8z4Pbt
X-Spamd-Bar: --
X-ThisMailContainsUnwantedMimeParts: N

--000000000000801ddf06004de578
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Wed, Jul 12, 2023 at 11:45=E2=80=AFAM void <void@f-m.fm> wrote:

> Hello hackers@
>
> (for context this is on recent -current)
>
> in man(4) pf we have
>
> SYNOPSIS
>       device pf
>       options PF_DEFAULT_TO_DROP
>
> no real mention if it being loaded in rc.conf.
>
> But when it is loaded in (just) rc.conf with pf_enable=3DYES
> it gets loaded as a kld.
>
> Is there an advantage in compiling it in the kernel?
> Is there a disadvantage in it being compiled in the kernel?
>
> If it's compiled in the kernel, does the system still require
> pf_enable=3DYES in rc.conf?
>

Yes. pf_enable=3DYES will load it as a side effect when it configures
pf, but isn't primarily to load it as a module. But if it's in the kernel,
you still need to configure pf on boot (or some time later).

I still have 'pf_load=3D"YES"' in my /boot/loader.conf, but it's for a syst=
em
I have that configures pf in weird ways not at boot. It's to work around th=
e
"weird ways" script not loading pf on demand though.

Warner

--000000000000801ddf06004de578
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote">=
<div dir=3D"ltr" class=3D"gmail_attr">On Wed, Jul 12, 2023 at 11:45=E2=80=
=AFAM void &lt;<a href=3D"mailto:void@f-m.fm">void@f-m.fm</a>&gt; wrote:<br=
></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;=
border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello hackers@<br>
<br>
(for context this is on recent -current)<br>
<br>
in man(4) pf we have<br>
<br>
SYNOPSIS<br>
=C2=A0 =C2=A0 =C2=A0 device pf<br>
=C2=A0 =C2=A0 =C2=A0 options PF_DEFAULT_TO_DROP<br>
<br>
no real mention if it being loaded in rc.conf.<br>
<br>
But when it is loaded in (just) rc.conf with pf_enable=3DYES<br>
it gets loaded as a kld. <br>
<br>
Is there an advantage in compiling it in the kernel?<br>
Is there a disadvantage in it being compiled in the kernel?<br>
<br>
If it&#39;s compiled in the kernel, does the system still require<br>
pf_enable=3DYES in rc.conf?<br></blockquote><div><br></div><div>Yes. pf_ena=
ble=3DYES will load it as a side effect when it configures</div><div>pf, bu=
t isn&#39;t primarily to load it as a module. But if it&#39;s in the kernel=
,</div><div>you still need to configure pf on boot (or some time later).</d=
iv><div><br></div><div>I still have &#39;pf_load=3D&quot;YES&quot;&#39; in =
my /boot/loader.conf, but it&#39;s for a system</div><div>I have that confi=
gures pf in weird ways not at boot. It&#39;s to work around the</div><div>&=
quot;weird ways&quot; script not loading pf on demand though.</div><div><br=
></div><div>Warner<br></div></div></div>

--000000000000801ddf06004de578--

From nobody Wed Jul 12 17:58:02 2023
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R1QSs5q7Sz4mgnH
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Wed, 12 Jul 2023 17:58:05 +0000 (UTC)
	(envelope-from void@f-m.fm)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4R1QSs12s0z4R6m
	for <freebsd-hackers@freebsd.org>; Wed, 12 Jul 2023 17:58:05 +0000 (UTC)
	(envelope-from void@f-m.fm)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=f-m.fm header.s=fm2 header.b=bRKsFLCY;
	dkim=pass header.d=messagingengine.com header.s=fm2 header.b=NNNDUDWM;
	spf=pass (mx1.freebsd.org: domain of void@f-m.fm designates 66.111.4.27 as permitted sender) smtp.mailfrom=void@f-m.fm;
	dmarc=pass (policy=none) header.from=f-m.fm
Received: from compute6.internal (compute6.nyi.internal [10.202.2.47])
	by mailout.nyi.internal (Postfix) with ESMTP id D0C0F5C0114
	for <freebsd-hackers@freebsd.org>; Wed, 12 Jul 2023 13:58:04 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
  by compute6.internal (MEProxy); Wed, 12 Jul 2023 13:58:04 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=f-m.fm; h=cc
	:content-type:content-type:date:date:from:from:in-reply-to
	:in-reply-to:message-id:mime-version:references:reply-to:sender
	:subject:subject:to:to; s=fm2; t=1689184684; x=1689271084; bh=tN
	Mtvt9Lh04ikke5A5X6RxvQHpaxylycVCNoBZQCBlQ=; b=bRKsFLCY1Bmw753bJn
	4Z9ZiKvCJ35CW/I6jIPtzhyL3+D1dsi5Y1dHDkFz12CHft7e2H7GxlQCsw/bBe3e
	KglfxGTz9xKcM6+WDP/adde/mL6mCBANz9CfWT+uXkw1kELkyJvJR4CtZm+wXerc
	Wd03P8W4sTnehpW0GrTRxvYqXUpD9pN9m3L+h8up034WxdRNN8nlY0D5YseG8Cuq
	6eLwnz+opWT1prelJvbsF+O/kU8HPol8trlexZcMOan6QfD0H8MXfE5+4rgKtgvG
	f0Qq5Vg9fMJuX8juHNVy2SXggVzZ15P9syJ1Y94I7e+2i7wW/qcXDfHVWQBAH9qn
	sq+Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-type:content-type:date:date
	:feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
	:message-id:mime-version:references:reply-to:sender:subject
	:subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
	:x-sasl-enc; s=fm2; t=1689184684; x=1689271084; bh=tNMtvt9Lh04ik
	ke5A5X6RxvQHpaxylycVCNoBZQCBlQ=; b=NNNDUDWM1xNsJloykYF7RRxmmh8Zt
	eR4vr5htxHV2fjxeU4kI7fpO/gKclpAOsNx+YFNjENKGy7f4SYLZnqIBkSigmPdL
	HzzqDZSPvbu0DycWX2Yw/A+Pawpzyozjoz+inQqGNCr3+81jK+gO/ZM4Lbnx+Jri
	C4aXDWc1KjnQUr7LUMZHtu/2Xa2/E3B8jIR48gImJQMJ798V2twxtrDFgEm/d5OP
	Uvv8DB5Yy6kXN1URUJn1R4aidQ2Dn4STecjGRwPqOBvszvSTpAz7crnQfY0BivnL
	L7i2CDCNoL2ykSqbCsQOVqXnI3LP/WFjDj/XhGxwJogcC5C7+zzF4c5MQ==
X-ME-Sender: <xms:rOmuZJ-CN4882wGe61o6s_7c2IYpEF914L-KPUJkf8sXSooTAOBC-A>
    <xme:rOmuZNuTh26As5SjPw9jahXMq7mBiVM4KU8-w0hTrVHnJ9Ka4XPlVZZ3H4ecrXqwS
    VIdZLKURqWfPel8lw>
X-ME-Received: <xmr:rOmuZHAO1Q3SKozqKKbGdtRc8cckSE_cw5SMtRnhUH2vpR4XBR7WWAAt0QY853Y23I-x>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedviedrfedvgdduudelucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
    uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkfhggtggujgesthdtre
    dttddtvdenucfhrhhomhepvhhoihguuceovhhoihgusehfqdhmrdhfmheqnecuggftrfgr
    thhtvghrnhepkeeluddvlefhieelfefggffhffektdehleelgfdugfdvgeekjeejuddthe
    ehgfeunecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhep
    vhhoihgusehfqdhmrdhfmh
X-ME-Proxy: <xmx:rOmuZNcx0wJ9gXvJ9oiUBISGue9u513pwRmBpt1-tXA2RxS_0L8Dkg>
    <xmx:rOmuZOMmK5MLlHAiLwEKbXyfTgethvG18TeHL3VyxtnZTrgNkSrygA>
    <xmx:rOmuZPkceqJSWfTU95dzNThYAMYbZrWDWfodMJ2lHorjsa9-V230KA>
    <xmx:rOmuZBZHukcCq1Esmk7dTacaZf026XfxrAlA_7tOzyqfQrH9HaI5Kg>
Feedback-ID: i2541463c:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for
 <freebsd-hackers@freebsd.org>; Wed, 12 Jul 2023 13:58:04 -0400 (EDT)
Date: Wed, 12 Jul 2023 18:58:02 +0100
From: void <void@f-m.fm>
To: freebsd-hackers@freebsd.org
Subject: Re: dis/advantages of compiling in-kernel over kldload
Message-ID: <ZK7pqlDKY4JBkvek@int21h>
Mail-Followup-To: freebsd-hackers@freebsd.org
References: <ZK7mnohS12eEYoV2@int21h>
 <CANCZdfo1z9xq2+ZNoYmudxkrR9=c_9Eg9NOECKU8kwgoGi7pbA@mail.gmail.com>
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
In-Reply-To: <CANCZdfo1z9xq2+ZNoYmudxkrR9=c_9Eg9NOECKU8kwgoGi7pbA@mail.gmail.com>
X-Spamd-Result: default: False [-2.76 / 15.00];
	DWL_DNSWL_LOW(-1.00)[messagingengine.com:dkim];
	NEURAL_HAM_SHORT(-0.98)[-0.983];
	NEURAL_HAM_MEDIUM(-0.93)[-0.931];
	NEURAL_SPAM_LONG(0.76)[0.759];
	DMARC_POLICY_ALLOW(-0.50)[f-m.fm,none];
	MID_RHS_NOT_FQDN(0.50)[];
	R_DKIM_ALLOW(-0.20)[f-m.fm:s=fm2,messagingengine.com:s=fm2];
	R_SPF_ALLOW(-0.20)[+ip4:66.111.4.27:c];
	MIME_GOOD(-0.10)[text/plain];
	RCVD_IN_DNSWL_LOW(-0.10)[66.111.4.27:from];
	RCPT_COUNT_ONE(0.00)[1];
	FROM_HAS_DN(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
	ARC_NA(0.00)[];
	RCVD_TLS_LAST(0.00)[];
	ASN(0.00)[asn:19151, ipnet:66.111.4.0/24, country:US];
	RCVD_COUNT_THREE(0.00)[4];
	TO_DN_NONE(0.00)[];
	FREEMAIL_FROM(0.00)[f-m.fm];
	MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org];
	DKIM_TRACE(0.00)[f-m.fm:+,messagingengine.com:+];
	MIME_TRACE(0.00)[0:+];
	FROM_EQ_ENVFROM(0.00)[];
	FREEMAIL_ENVFROM(0.00)[f-m.fm];
	RCVD_VIA_SMTP_AUTH(0.00)[]
X-Rspamd-Queue-Id: 4R1QSs12s0z4R6m
X-Spamd-Bar: --
X-ThisMailContainsUnwantedMimeParts: N

Hi Warren,

On Wed, Jul 12, 2023 at 11:53:32AM -0600, Warner Losh wrote:

>Yes. pf_enable=YES will load it as a side effect when it configures
>pf, but isn't primarily to load it as a module. But if it's in the kernel,
>you still need to configure pf on boot (or some time later).

But if pf is already configured in /etc/pf.conf, is pf_enable=YES still
required in /etc/rc.conf ?

thanks
-- 

From nobody Wed Jul 12 18:04:21 2023
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R1QcL4cDnz4mk9D
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Wed, 12 Jul 2023 18:04:34 +0000 (UTC)
	(envelope-from wlosh@bsdimp.com)
Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com [IPv6:2a00:1450:4864:20::530])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4R1QcL0QPmz4SnX
	for <freebsd-hackers@freebsd.org>; Wed, 12 Jul 2023 18:04:34 +0000 (UTC)
	(envelope-from wlosh@bsdimp.com)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=bsdimp-com.20221208.gappssmtp.com header.s=20221208 header.b=Z8DiBm8I;
	spf=none (mx1.freebsd.org: domain of wlosh@bsdimp.com has no SPF policy when checking 2a00:1450:4864:20::530) smtp.mailfrom=wlosh@bsdimp.com;
	dmarc=none
Received: by mail-ed1-x530.google.com with SMTP id 4fb4d7f45d1cf-51e566b1774so4928137a12.1
        for <freebsd-hackers@freebsd.org>; Wed, 12 Jul 2023 11:04:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=bsdimp-com.20221208.gappssmtp.com; s=20221208; t=1689185072; x=1691777072;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :from:to:cc:subject:date:message-id:reply-to;
        bh=H1CwS6cCIVonz37gAhw7+VyNn1M0NklgF6OatsCCZDk=;
        b=Z8DiBm8IUhfGuAdbGnnl/2OaIVKGkC+C2n5OcBrA+l+VtucmhV7Cb1cgV+lefCI3nR
         Cfds17CvbiRa5qaeC30WATy2I/p6066efDBsa6LXLaTLBoI5vjnDx2S5mxUHfRdzdDUM
         7U7d+ZTdg+tbf3J7rOVvK8hAQ/oa9G3JwHlRw7Y4yFiPBXuLsNXc1N5m216sMIF8zd1N
         Wr65opvIGVlhpaXZbO86vGT7EHcBCz7+npzhrNAg9L/Cv6BjRMA5c57mUor3UHbKQ6Dp
         3wYPyEYtPvOVInaLL1xCnvLoj/qKxBfN0YApRrzHnMNBMmj/232S/NAekacn3gTrfwxJ
         HbZg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1689185072; x=1691777072;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=H1CwS6cCIVonz37gAhw7+VyNn1M0NklgF6OatsCCZDk=;
        b=cOr5g4k25smCNosxeSI/BrcwBlZji1yMTHXdFA9UsoAsyLaU1slqtGVZxenBVgcp5w
         f7BcIdHVRVcc46YhWvGf08BBgCXdlYpr9hJC7S5hJwLumM/3n0I7byh5e84oF+cUSEOL
         +RlJbuSPrYnrHBtA5SWTNpb2Mri7Zo/Z1tXGdSlZa+a4VO/MkyKAMJNLjZyzqUoXtlc2
         7JYoPE2EuxkEmTKmsQZgeMx/fkGDSd1geV58C9myslvDl/NLzf3ZtrQEA6XlmmXKpS7E
         SY634w4dZWR5bjb35qqL7CCQ8zDZ2v0bj0UsRocdFXyt1G5p446qHBVODbd6IRRVkDvH
         u6GQ==
X-Gm-Message-State: ABy/qLZID2ammBEdDZwIrgLCI7IW/fhJhuUXAp7nXc5puziM4AZJzUds
	yZ5t8bmv4A9gmHJVi8yXhU49cONWoNv9eXxURnb/Y0p2xvrzuwTo
X-Google-Smtp-Source: APBJJlGbdiTYrW+y6uUMTdlTzqPCkWcmEKfasS6P0u1+ZS68+/Ag6QEymCddvy4burzD7GZX0CxS6rW+694KHoCoS7g=
X-Received: by 2002:a05:6402:295:b0:51e:5786:dcd0 with SMTP id
 l21-20020a056402029500b0051e5786dcd0mr10041027edv.20.1689185072134; Wed, 12
 Jul 2023 11:04:32 -0700 (PDT)
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@freebsd.org
MIME-Version: 1.0
References: <ZK7mnohS12eEYoV2@int21h> <CANCZdfo1z9xq2+ZNoYmudxkrR9=c_9Eg9NOECKU8kwgoGi7pbA@mail.gmail.com>
 <ZK7pqlDKY4JBkvek@int21h>
In-Reply-To: <ZK7pqlDKY4JBkvek@int21h>
From: Warner Losh <imp@bsdimp.com>
Date: Wed, 12 Jul 2023 12:04:21 -0600
Message-ID: <CANCZdfqYSgGMT=JE8h16n0zVYbrWYYgggJwsJK4Z2QFoE8Es4g@mail.gmail.com>
Subject: Re: dis/advantages of compiling in-kernel over kldload
To: freebsd-hackers@freebsd.org
Content-Type: multipart/alternative; boundary="0000000000002f4cb806004e0c8d"
X-Spamd-Result: default: False [-3.00 / 15.00];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-1.00)[-0.997];
	FORGED_SENDER(0.30)[imp@bsdimp.com,wlosh@bsdimp.com];
	R_DKIM_ALLOW(-0.20)[bsdimp-com.20221208.gappssmtp.com:s=20221208];
	MIME_GOOD(-0.10)[multipart/alternative,text/plain];
	RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::530:from];
	MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org];
	RCVD_TLS_LAST(0.00)[];
	ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US];
	MIME_TRACE(0.00)[0:+,1:+,2:~];
	R_SPF_NA(0.00)[no SPF record];
	ARC_NA(0.00)[];
	DMARC_NA(0.00)[bsdimp.com];
	FROM_NEQ_ENVFROM(0.00)[imp@bsdimp.com,wlosh@bsdimp.com];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	FROM_HAS_DN(0.00)[];
	DKIM_TRACE(0.00)[bsdimp-com.20221208.gappssmtp.com:+];
	TO_DN_NONE(0.00)[];
	RCPT_COUNT_ONE(0.00)[1];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
	RCVD_COUNT_TWO(0.00)[2]
X-Rspamd-Queue-Id: 4R1QcL0QPmz4SnX
X-Spamd-Bar: --
X-ThisMailContainsUnwantedMimeParts: N

--0000000000002f4cb806004e0c8d
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Wed, Jul 12, 2023 at 11:58=E2=80=AFAM void <void@f-m.fm> wrote:

> Hi Warren,
>
> On Wed, Jul 12, 2023 at 11:53:32AM -0600, Warner Losh wrote:
>
> >Yes. pf_enable=3DYES will load it as a side effect when it configures
> >pf, but isn't primarily to load it as a module. But if it's in the kerne=
l,
> >you still need to configure pf on boot (or some time later).
>
> But if pf is already configured in /etc/pf.conf, is pf_enable=3DYES still
> required in /etc/rc.conf ?
>

Yes. /etc/rc.d/pf doesn't check /etc/pf.conf. Its pf_start() routine will
only
run if pf_enable=3DYES in /etc/rc.conf (or related file, which pf.conf is n=
ot)

Warner

--0000000000002f4cb806004e0c8d
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote">=
<div dir=3D"ltr" class=3D"gmail_attr">On Wed, Jul 12, 2023 at 11:58=E2=80=
=AFAM void &lt;<a href=3D"mailto:void@f-m.fm">void@f-m.fm</a>&gt; wrote:<br=
></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;=
border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi Warren,<br>
<br>
On Wed, Jul 12, 2023 at 11:53:32AM -0600, Warner Losh wrote:<br>
<br>
&gt;Yes. pf_enable=3DYES will load it as a side effect when it configures<b=
r>
&gt;pf, but isn&#39;t primarily to load it as a module. But if it&#39;s in =
the kernel,<br>
&gt;you still need to configure pf on boot (or some time later).<br>
<br>
But if pf is already configured in /etc/pf.conf, is pf_enable=3DYES still<b=
r>
required in /etc/rc.conf ?<br></blockquote><div><br></div><div>Yes. /etc/rc=
.d/pf doesn&#39;t check /etc/pf.conf. Its pf_start() routine will only</div=
><div>run if pf_enable=3DYES in /etc/rc.conf (or related file, which pf.con=
f is not)</div><div><br></div><div>Warner=C2=A0</div></div></div>

--0000000000002f4cb806004e0c8d--

From nobody Wed Jul 12 18:05:32 2023
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R1Qdq5m8nz4ml5F
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Wed, 12 Jul 2023 18:05:51 +0000 (UTC)
	(envelope-from dim@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4R1Qdq3z7Bz4TxZ;
	Wed, 12 Jul 2023 18:05:51 +0000 (UTC)
	(envelope-from dim@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1689185151;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=Ub4352azCXRPeIYopC9XKIVQzX1PiIOnCLI94kguiCI=;
	b=ygDlMkAANNrYOB8bVHwDvMyp8BVpfjvx04kcUYJ/zf0xHxPYv2pr02u2Oheg3mNtTd2Wgn
	c363b1ZKRCOPoZtT8PWcYQtx30za6sd87uH7vzxOJkcgNyZ8wR7rlRweZQcaxclD9xPyBK
	55/anKSs4pIaH2iS/63yKfEaX9kaJkWZv31pX0SwftWm7hfbn7HWP/Yhq8BKkQQSoMslMl
	U4a9TFV4E1zhoBycP/vuh8DqytEwI8Y9ReuL26WW59m8tqhFYIaJAt7fnPY9OTjACSCyFU
	J0TNafuEG60tLmnpa32wy50QQItikvebn0NSpcmrAwYrQBi1BMXUkK0gZS8YHg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1689185151;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=Ub4352azCXRPeIYopC9XKIVQzX1PiIOnCLI94kguiCI=;
	b=xyw5vAsd4xz0op4Cqo0TO4QtFfGVuagJopKyhVblntvdqQHKyxdKjxg8mfpGxzPWFy+SVC
	ZhDqA/tmVSAzqLjs4rKx/2Bkg1SNXMdoZHVwuTpOL+c2yxIg4oFUlOibmswwRy4YinPa/S
	B+0FnoBWsdudljriGjESihksqDc6wLELL5AiAwCBHwpmokgsK1+OXAGyrw0qmxnHhutV9J
	4vCO8d5fPV9x01Teh1JnA4RqT0tk9QDezANZR8FBWIKsI+S84aPE8HKE25Zlg0aU2FI14M
	p1nvP6NDi30unXejO7Uga5DPR3m8L1bUXLpqlEmHQw8je5ZZmYdnDkhqiFhk5A==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1689185151; a=rsa-sha256; cv=none;
	b=W4OPi0FyOK1x+RD8xd43nw50saZXI7e3IKCnGKyeGtf0v73KnQ1BrsnWApC8ktDEeT77Ts
	hj0cKVi74GhWeyDLNMT1L99xzLyXW5es7GtgGSCbXufaFiLNfosjcISj6Dti0iix48i0MM
	053mYF07g+4bInPNiArhAkmK7SjEXzBl31Poxkylb5scPEE+EjqEODyRox2ypSspxMp6lh
	3kuPrnWAEFOsmEMRdl0m+Wiq6z8Lw0KjqhM93gPsgX1oGzQrfWaFeIE0lsiK9ma9c+SVjp
	oEGM7Sg/30a7835HsdBaKkIHW6QciblXR6LYLSvJYeCDO4sY8jppickQa+OCJQ==
Received: from tensor.andric.com (tensor.andric.com [87.251.56.140])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "tensor.andric.com", Issuer "R3" (verified OK))
	(Authenticated sender: dim)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4R1Qdq2JPnzyWB;
	Wed, 12 Jul 2023 18:05:51 +0000 (UTC)
	(envelope-from dim@FreeBSD.org)
Received: from smtpclient.apple (longrow.home.andric.com [192.168.0.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by tensor.andric.com (Postfix) with ESMTPSA id 909C750FEE;
	Wed, 12 Jul 2023 20:05:48 +0200 (CEST)
Content-Type: multipart/signed;
	boundary="Apple-Mail=_1701F926-8F93-49C5-A555-0BEAA1E950A0";
	protocol="application/pgp-signature";
	micalg=pgp-sha1
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@freebsd.org
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\))
Subject: Re: dis/advantages of compiling in-kernel over kldload
From: Dimitry Andric <dim@FreeBSD.org>
In-Reply-To: <ZK7pqlDKY4JBkvek@int21h>
Date: Wed, 12 Jul 2023 20:05:32 +0200
Cc: freebsd-hackers@freebsd.org
Message-Id: <B88E284C-CCC6-4C8E-BA92-26505E6C1780@FreeBSD.org>
References: <ZK7mnohS12eEYoV2@int21h>
 <CANCZdfo1z9xq2+ZNoYmudxkrR9=c_9Eg9NOECKU8kwgoGi7pbA@mail.gmail.com>
 <ZK7pqlDKY4JBkvek@int21h>
To: void <void@f-m.fm>
X-Mailer: Apple Mail (2.3731.600.7)
X-ThisMailContainsUnwantedMimeParts: N


--Apple-Mail=_1701F926-8F93-49C5-A555-0BEAA1E950A0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=us-ascii

On 12 Jul 2023, at 19:58, void <void@f-m.fm> wrote:
> 
> On Wed, Jul 12, 2023 at 11:53:32AM -0600, Warner Losh wrote:
> 
>> Yes. pf_enable=YES will load it as a side effect when it configures
>> pf, but isn't primarily to load it as a module. But if it's in the kernel,
>> you still need to configure pf on boot (or some time later).
> 
> But if pf is already configured in /etc/pf.conf, is pf_enable=YES still
> required in /etc/rc.conf ?

Yes. The rc.conf setting is needed for /etc/rc.d/pf, which is the
command script responsible for bringing pf up (or down).

-Dimitry


--Apple-Mail=_1701F926-8F93-49C5-A555-0BEAA1E950A0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.2

iF0EARECAB0WIQR6tGLSzjX8bUI5T82wXqMKLiCWowUCZK7rbQAKCRCwXqMKLiCW
o808AKDgKgRvm23OvRfgM8cznCoMr102ZQCdFyFc8L89RJjevDej0bixp5Lfts8=
=2Qlt
-----END PGP SIGNATURE-----

--Apple-Mail=_1701F926-8F93-49C5-A555-0BEAA1E950A0--

From nobody Wed Jul 12 18:20:03 2023
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R1QyJ4TGYz4mqWZ
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Wed, 12 Jul 2023 18:20:08 +0000 (UTC)
	(envelope-from void@f-m.fm)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4R1QyH6tCNz4YK2
	for <freebsd-hackers@freebsd.org>; Wed, 12 Jul 2023 18:20:07 +0000 (UTC)
	(envelope-from void@f-m.fm)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=f-m.fm header.s=fm2 header.b="jjwaSg/w";
	dkim=pass header.d=messagingengine.com header.s=fm2 header.b="jqRjme/g";
	spf=pass (mx1.freebsd.org: domain of void@f-m.fm designates 66.111.4.27 as permitted sender) smtp.mailfrom=void@f-m.fm;
	dmarc=pass (policy=none) header.from=f-m.fm
Received: from compute2.internal (compute2.nyi.internal [10.202.2.46])
	by mailout.nyi.internal (Postfix) with ESMTP id AB62C5C0110
	for <freebsd-hackers@freebsd.org>; Wed, 12 Jul 2023 14:20:07 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
  by compute2.internal (MEProxy); Wed, 12 Jul 2023 14:20:07 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=f-m.fm; h=cc
	:content-type:content-type:date:date:from:from:in-reply-to
	:in-reply-to:message-id:mime-version:references:reply-to:sender
	:subject:subject:to:to; s=fm2; t=1689186007; x=1689272407; bh=lc
	zOto9897Rp4w2Wzf5SCt6Nrr56mOpv36wiCSac24M=; b=jjwaSg/wYyH5SZ+BP5
	CKu6+YDCBys41t+Y68ob7a9ogIeH0z4in/Kvwtnblt/eBt3sntArF4Z6XgoNueyi
	aiD0dOSRmOlNAjRL/kj4y8GuZ5/eptrfuiHvgfepl0Hd8Ejgrkg5MZFYYEBfg9Oj
	4VHjcVqqPZqqF52jjyA2YSgXqnTHz8SEZ5OEynoQhnymDXFxiwJV4oFm2pMypIts
	5c5RXEqFggm3mheyn4nUMBvv5lEWe7n4tfHu0J9sJC1sr9gZ9siZfjVC8EvxEdIW
	c+zsTsJcNyHVugA8Df7S7KS6lbY9b9j0K6sQa7p+MuJLlQdFr/HgdkkC3wWGMxod
	ZNPQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-type:content-type:date:date
	:feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
	:message-id:mime-version:references:reply-to:sender:subject
	:subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
	:x-sasl-enc; s=fm2; t=1689186007; x=1689272407; bh=lczOto9897Rp4
	w2Wzf5SCt6Nrr56mOpv36wiCSac24M=; b=jqRjme/glU7aAFRWc9J2WyLvb7WzL
	c1X5MJGSp0BQySsmcnp9ZoPakjXU8Y6YeLyXoKT4qKt3AgMybdPnUun9fBTSae01
	AWaj0yButXgECDtWXCL1efRFgAWHot3oIuljPdjWlsHxI70JknLcse8YgdmgSPMk
	IuTZcd+5m/jj6TpDPGbLM3Lss/AQfOLJKIdaLkjXM1j3PM5Jhg2eliGvPSiH2T+D
	NUjKz7QPFFJ5DXq+T4ZyGlUZkxy9/ehKpPBAkW/7FZObUqY7B6y7qiCDSoGXi79y
	fJpe8rKQ7ZFpxhaW3JTIQvmRiwlyyrL/TJrBAUh09LRWk6+RzhwoaBGXg==
X-ME-Sender: <xms:1-6uZHiqdktAbXdEAYEzUWKo9dieTZRLXyUivQlrPe0eso10iaQzbA>
    <xme:1-6uZECBRD3p5h7r01hB6knnE1yyTCznVsTJbOC77R8QtQfQUPCEFfVnMESzV-oRS
    PImYw_qnJ4FYPRz7g>
X-ME-Received: <xmr:1-6uZHHgqkCwLshNvrLb1Bd9TlWXuoqoSJYDkkjYWUQeP9aH427wCkadilx5vTWDOFKd>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedviedrfedvgdduvdefucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
    uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkfhggtggujgesthdtre
    dttddtvdenucfhrhhomhepvhhoihguuceovhhoihgusehfqdhmrdhfmheqnecuggftrfgr
    thhtvghrnhepkeeluddvlefhieelfefggffhffektdehleelgfdugfdvgeekjeejuddthe
    ehgfeunecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhep
    vhhoihgusehfqdhmrdhfmh
X-ME-Proxy: <xmx:1-6uZESCdjmW-KhTTX_XqWyUVjQArV4mRMiHVk20YISQsmXUCWlQog>
    <xmx:1-6uZExTcjsGM336ZiBDk9V2cJKjHc4pbpG_mg6dtiEaxZYe7uJ_9Q>
    <xmx:1-6uZK5bejki9ahbx6QIQrLVlFCCLdsc5YB1bkTa0Co1QkUHqe3w_Q>
    <xmx:1-6uZBucH1CXjjQtHqq62ETXHWvwXfgUOkKSqdLJevwAUHot1PQw8g>
Feedback-ID: i2541463c:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for
 <freebsd-hackers@freebsd.org>; Wed, 12 Jul 2023 14:20:07 -0400 (EDT)
Date: Wed, 12 Jul 2023 19:20:03 +0100
From: void <void@f-m.fm>
To: freebsd-hackers@freebsd.org
Subject: Re: dis/advantages of compiling in-kernel over kldload
Message-ID: <ZK7u00XORTTe-2kK@int21h>
Mail-Followup-To: freebsd-hackers@freebsd.org
References: <ZK7mnohS12eEYoV2@int21h>
 <CANCZdfo1z9xq2+ZNoYmudxkrR9=c_9Eg9NOECKU8kwgoGi7pbA@mail.gmail.com>
 <ZK7pqlDKY4JBkvek@int21h>
 <CANCZdfqYSgGMT=JE8h16n0zVYbrWYYgggJwsJK4Z2QFoE8Es4g@mail.gmail.com>
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
In-Reply-To: <CANCZdfqYSgGMT=JE8h16n0zVYbrWYYgggJwsJK4Z2QFoE8Es4g@mail.gmail.com>
X-Spamd-Result: default: False [-2.63 / 15.00];
	DWL_DNSWL_LOW(-1.00)[messagingengine.com:dkim];
	NEURAL_HAM_MEDIUM(-0.94)[-0.937];
	NEURAL_HAM_SHORT(-0.93)[-0.925];
	NEURAL_SPAM_LONG(0.84)[0.836];
	DMARC_POLICY_ALLOW(-0.50)[f-m.fm,none];
	MID_RHS_NOT_FQDN(0.50)[];
	R_DKIM_ALLOW(-0.20)[f-m.fm:s=fm2,messagingengine.com:s=fm2];
	R_SPF_ALLOW(-0.20)[+ip4:66.111.4.27:c];
	MIME_GOOD(-0.10)[text/plain];
	RCVD_IN_DNSWL_LOW(-0.10)[66.111.4.27:from];
	RCPT_COUNT_ONE(0.00)[1];
	FROM_HAS_DN(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
	ARC_NA(0.00)[];
	RCVD_TLS_LAST(0.00)[];
	ASN(0.00)[asn:19151, ipnet:66.111.4.0/24, country:US];
	RCVD_COUNT_THREE(0.00)[4];
	TO_DN_NONE(0.00)[];
	FREEMAIL_FROM(0.00)[f-m.fm];
	MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org];
	DKIM_TRACE(0.00)[f-m.fm:+,messagingengine.com:+];
	MIME_TRACE(0.00)[0:+];
	FROM_EQ_ENVFROM(0.00)[];
	FREEMAIL_ENVFROM(0.00)[f-m.fm];
	RCVD_VIA_SMTP_AUTH(0.00)[]
X-Rspamd-Queue-Id: 4R1QyH6tCNz4YK2
X-Spamd-Bar: --
X-ThisMailContainsUnwantedMimeParts: N

On Wed, Jul 12, 2023 at 12:04:21PM -0600, Warner Losh wrote:
>
>Yes. /etc/rc.d/pf doesn't check /etc/pf.conf. Its pf_start() routine will
>only
>run if pf_enable=YES in /etc/rc.conf (or related file, which pf.conf is not)

Thanks for clarifying.
Is there advantage to compiling it in-kernel? Or disadvantage?
-- 

From nobody Wed Jul 12 18:24:45 2023
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R1R3v0cbcz4msMf
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Wed, 12 Jul 2023 18:24:59 +0000 (UTC)
	(envelope-from wlosh@bsdimp.com)
Received: from mail-lf1-x131.google.com (mail-lf1-x131.google.com [IPv6:2a00:1450:4864:20::131])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4R1R3t1qPkz4b4g
	for <freebsd-hackers@freebsd.org>; Wed, 12 Jul 2023 18:24:58 +0000 (UTC)
	(envelope-from wlosh@bsdimp.com)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=bsdimp-com.20221208.gappssmtp.com header.s=20221208 header.b=ejlj3N50;
	spf=none (mx1.freebsd.org: domain of wlosh@bsdimp.com has no SPF policy when checking 2a00:1450:4864:20::131) smtp.mailfrom=wlosh@bsdimp.com;
	dmarc=none
Received: by mail-lf1-x131.google.com with SMTP id 2adb3069b0e04-4fb9ae4cef6so11952970e87.3
        for <freebsd-hackers@freebsd.org>; Wed, 12 Jul 2023 11:24:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=bsdimp-com.20221208.gappssmtp.com; s=20221208; t=1689186296; x=1691778296;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :from:to:cc:subject:date:message-id:reply-to;
        bh=BXCu0zFlEbzlWkPpDnnQByw62i3h9Jj5qLW7JFMRdoE=;
        b=ejlj3N50eOD67ocOUa0XbOvtZ8G8iDh5ufeXKiJ4T74mAGUWvVM1woof56onW8r+Gg
         BtHluhcUbeLow3+qGfC3kbb/5EnpGduJ1MnmfJZzN2vprOhV24QVcyCq0DDZ6p0uMpCy
         2v27WWNY/FB9syPAv6SmoGMHhTz+Z2aEiES+CRouIYGK8nzZxNoC91lMUpueU5eM75O+
         88h8jXK2hayj/pV++71o17yQT7Aj5qefU78H1TT7bmJYLCo2xIquNGXiCUdyZOAcHd3c
         mO74IQJQEmgC2bnRGet24Xshg8xw3k6AZPg0oMyuZhs0kBz6QsX7XtV1mKfQgypuFk22
         Tsjw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1689186296; x=1691778296;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=BXCu0zFlEbzlWkPpDnnQByw62i3h9Jj5qLW7JFMRdoE=;
        b=ZW4liQZfvK2JtCi2D0DwuLUypbN3dewgD3OCaV6oSililKYyUeLGuZ0wBA8ntQW8I9
         m4Cuuzibk0cjFpFKT5l8iqxUscjwk21zTTaUJaCSSmGAJYokn5z6H04qjdvFKK+EMGji
         LTGE8I/432kAmirXiUq38+EuNHKrjTwVIYC+atkBF44+buuod7YAMdy/1ATYblFohVyX
         86M2DArTX5xzywBHrel1jTgyTsFcsXRfN/Y1K7q2iX8aES7M1oNf17RyCZCG5cxXsUFH
         WNym3qg4A3DldwM2/OpU3fW4qFGCw2B/AYfy+Xnjsu2pM6UFThmvKqkQTvNJ4Q1fXomq
         EijA==
X-Gm-Message-State: ABy/qLaG0XdR0cZCwLj+3kpg9b06W+gSA0fkffS3GqqeOcfVt6HRCVOX
	NWTvpw3hf+csUxzLxaeBQJert1g0LR64SiCCNRY2eFHWtFIvU2fj
X-Google-Smtp-Source: APBJJlEmCxSY8cFMcdT1UGYxyJVuXIhZIxJm+/JV/h/vFAdXs2WHcSCgIWPWaQG+7/uz3OS13mFrfuWG0HCCLGT0Hf0=
X-Received: by 2002:a05:6512:3d0d:b0:4f9:7aee:8dc5 with SMTP id
 d13-20020a0565123d0d00b004f97aee8dc5mr19119644lfv.19.1689186296058; Wed, 12
 Jul 2023 11:24:56 -0700 (PDT)
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@freebsd.org
MIME-Version: 1.0
References: <ZK7mnohS12eEYoV2@int21h> <CANCZdfo1z9xq2+ZNoYmudxkrR9=c_9Eg9NOECKU8kwgoGi7pbA@mail.gmail.com>
 <ZK7pqlDKY4JBkvek@int21h> <CANCZdfqYSgGMT=JE8h16n0zVYbrWYYgggJwsJK4Z2QFoE8Es4g@mail.gmail.com>
 <ZK7u00XORTTe-2kK@int21h>
In-Reply-To: <ZK7u00XORTTe-2kK@int21h>
From: Warner Losh <imp@bsdimp.com>
Date: Wed, 12 Jul 2023 12:24:45 -0600
Message-ID: <CANCZdfrTSTaKYjtXqqCrKnyw3j1QPPSkPaj0L3Y=JwHO+S-VWA@mail.gmail.com>
Subject: Re: dis/advantages of compiling in-kernel over kldload
To: FreeBSD Hackers <freebsd-hackers@freebsd.org>
Content-Type: multipart/alternative; boundary="00000000000022f40c06004e55b9"
X-Spamd-Result: default: False [-2.99 / 15.00];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-0.99)[-0.994];
	FORGED_SENDER(0.30)[imp@bsdimp.com,wlosh@bsdimp.com];
	R_DKIM_ALLOW(-0.20)[bsdimp-com.20221208.gappssmtp.com:s=20221208];
	MIME_GOOD(-0.10)[multipart/alternative,text/plain];
	RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::131:from];
	MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org];
	RCVD_TLS_LAST(0.00)[];
	ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US];
	MIME_TRACE(0.00)[0:+,1:+,2:~];
	R_SPF_NA(0.00)[no SPF record];
	ARC_NA(0.00)[];
	TO_DN_ALL(0.00)[];
	FROM_NEQ_ENVFROM(0.00)[imp@bsdimp.com,wlosh@bsdimp.com];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	FROM_HAS_DN(0.00)[];
	DKIM_TRACE(0.00)[bsdimp-com.20221208.gappssmtp.com:+];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
	RCPT_COUNT_ONE(0.00)[1];
	DMARC_NA(0.00)[bsdimp.com];
	RCVD_COUNT_TWO(0.00)[2]
X-Rspamd-Queue-Id: 4R1R3t1qPkz4b4g
X-Spamd-Bar: --
X-ThisMailContainsUnwantedMimeParts: N

--00000000000022f40c06004e55b9
Content-Type: text/plain; charset="UTF-8"

On Wed, Jul 12, 2023, 12:20 PM void <void@f-m.fm> wrote:

> On Wed, Jul 12, 2023 at 12:04:21PM -0600, Warner Losh wrote:
> >
> >Yes. /etc/rc.d/pf doesn't check /etc/pf.conf. Its pf_start() routine will
> >only
> >run if pf_enable=YES in /etc/rc.conf (or related file, which pf.conf is
> not)
>
> Thanks for clarifying.
> Is there advantage to compiling it in-kernel? Or disadvantage?
>

Depends. If you build everything, then you get "tied" modules that are only
for a specific kernel. If you run the released modules, then there can be a
small performance hit that don't matter too much unless you are out of
CPU.... the release modules withh work with a range of kernels.

Warner

>

--00000000000022f40c06004e55b9
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"auto"><div><br><br><div class=3D"gmail_quote"><div dir=3D"ltr" =
class=3D"gmail_attr">On Wed, Jul 12, 2023, 12:20 PM void &lt;<a href=3D"mai=
lto:void@f-m.fm">void@f-m.fm</a>&gt; wrote:<br></div><blockquote class=3D"g=
mail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-l=
eft:1ex">On Wed, Jul 12, 2023 at 12:04:21PM -0600, Warner Losh wrote:<br>
&gt;<br>
&gt;Yes. /etc/rc.d/pf doesn&#39;t check /etc/pf.conf. Its pf_start() routin=
e will<br>
&gt;only<br>
&gt;run if pf_enable=3DYES in /etc/rc.conf (or related file, which pf.conf =
is not)<br>
<br>
Thanks for clarifying.<br>
Is there advantage to compiling it in-kernel? Or disadvantage?<br></blockqu=
ote></div></div><div dir=3D"auto"><br></div><div dir=3D"auto">Depends. If y=
ou build everything, then you get &quot;tied&quot; modules that are only fo=
r a specific kernel. If you run the released modules, then there can be a s=
mall performance hit that don&#39;t matter too much unless you are out of C=
PU.... the release modules withh work with a range of kernels.</div><div di=
r=3D"auto"><br></div><div dir=3D"auto">Warner</div><div dir=3D"auto"><div c=
lass=3D"gmail_quote"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 =
0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
</blockquote></div></div></div>

--00000000000022f40c06004e55b9--

From nobody Wed Jul 12 18:38:35 2023
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R1RMf1ZVqz4mwwp
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Wed, 12 Jul 2023 18:38:38 +0000 (UTC)
	(envelope-from kp@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4R1RMf09Fyz4lQY;
	Wed, 12 Jul 2023 18:38:38 +0000 (UTC)
	(envelope-from kp@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1689187118;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=Rz+yPYRKfc8kGZ0VxkfJcuHeTmOI+pRK7J7GspfxmeM=;
	b=np4OJTBuOOZQnx1WOh5cks8v6+PRyholOYmjLuDta6eHQto6ZCZoCrzvCg86/YnuCGj1b8
	ApqKyAeXZxsrIv8PaPk+V08JmTQno15X4peJBwN5uJLIeFDEVwtktHFiv6R55jHyiFvaIQ
	Bc22+qWdUV2pIs3/V6nplBLUolUb2WyO830MkiR9U6VrsEyCBP3vP/fj9PzGpfsWIYyyhY
	SxvPCnfzwfwTgltCdKOwRPbSIJJhEgu0m3fT1DjnJcCGkEbx6E9WZENIcDkcCIbw58sQEf
	K2S54QHEiCQE1AwwcVQfYLfBUv8lQGRpjPLn8PDx6oBn7xm6QGW3Jw6j4mJnLw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1689187118;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=Rz+yPYRKfc8kGZ0VxkfJcuHeTmOI+pRK7J7GspfxmeM=;
	b=Rbc3SDbK8iPMPehuUcrdiqpROAejCJ+4e7A+YRbUZfk62WufLv56X/uvc6i7xC4KHgzdW2
	Q4LGjUir4lw0dJ7DbMrIc7a37C65jy85VxClU2ANzBx6dbRpu3LCQ4h7b3pfLpUeZJ0MDR
	JTXAzA4jEo0tzOTGhWRgVDQyC5c8ImZHlnExuZ4lx/t4v2WAm58gMzDbKkZdUMjgTndPPX
	NtSrtg+o1Bjf7yS5RIVrHCOY9wXhig+RB0Q+sVDScHQ0ppPhRUmLdTgiraqMloe1As7mOt
	zcI1kGAlw3XbVcm12HYVsd8HGNnvO+0M4edxnouzSSzzPeGh+vBnT/67j53sFg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1689187118; a=rsa-sha256; cv=none;
	b=Sh60BwRurGw7xuKgFY+RPUvaoskDuC2sg9qx482rD1fwxbd5P3Gdidcd9YSmmkCmf/buoC
	iV51Prs1FKI8sbFQV+YP+J2MtKbrncE7s7DWOBM6zjGmvrUWMXaS5TWm5sWR331o4LSkdI
	5/R2nUt7gXdW8ttr/b8fJzTVTQRyiDtpMHUCMnYvTwkvvdgLDB7Fbd7SfuyJtWQEdFUzI0
	L5oZX62CC1zsdTA/8BVuYura4840kqLF/FzxTf6WSu/hxmwRwG9RLoTsjgzvOP9gAWjW8B
	G5a0vFz/1kv5FjWB1VSgtfP9F9rWy4s5ik3KIiLyyqyHW27m2MIDzwk5FgdENA==
Received: from venus.codepro.be (venus.codepro.be [5.9.86.228])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "mx1.codepro.be", Issuer "R3" (verified OK))
	(Authenticated sender: kp)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4R1RMd5flFz10jv;
	Wed, 12 Jul 2023 18:38:37 +0000 (UTC)
	(envelope-from kp@FreeBSD.org)
Received: by venus.codepro.be (Postfix, authenticated sender kp)
 id D63B24F47F;
	Wed, 12 Jul 2023 20:38:35 +0200 (CEST)
From: Kristof Provost <kp@FreeBSD.org>
To: void <void@f-m.fm>
Cc: freebsd-hackers@freebsd.org
Subject: Re: dis/advantages of compiling in-kernel over kldload
Date: Wed, 12 Jul 2023 20:38:35 +0200
X-Mailer: MailMate (1.14r5937)
Message-ID: <F94E719F-C1BE-48C4-882D-AF42E3350ACB@FreeBSD.org>
In-Reply-To: <ZK7mnohS12eEYoV2@int21h>
References: <ZK7mnohS12eEYoV2@int21h>
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-ThisMailContainsUnwantedMimeParts: N

On 12 Jul 2023, at 19:45, void wrote:
> (for context this is on recent -current)
>
> in man(4) pf we have
>
> SYNOPSIS
>      device pf
>      options PF_DEFAULT_TO_DROP
>
> no real mention if it being loaded in rc.conf.
>
> But when it is loaded in (just) rc.conf with pf_enable=3DYES
> it gets loaded as a kld.
> Is there an advantage in compiling it in the kernel?
> Is there a disadvantage in it being compiled in the kernel?
>
I strongly recommend that people stick with the GENERIC config, and ideal=
ly just use the builds the project releases.

Any deviation from that means you=E2=80=99re running a configuration that=
=E2=80=99s less tested than the default.
There may be good reasons to do so, but know that our warranty policy is =
=E2=80=9CIf you break it you get to keep all of the pieces=E2=80=9D.

For example, PF_DEFAULT_TO_DROP is know to be broken in at least some sce=
narios: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D237477

Best regards,
Kristof

From nobody Wed Jul 12 18:43:58 2023
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R1RTt1fpCz4mycM
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Wed, 12 Jul 2023 18:44:02 +0000 (UTC)
	(envelope-from void@f-m.fm)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4R1RTs1Xblz3Dh7
	for <freebsd-hackers@freebsd.org>; Wed, 12 Jul 2023 18:44:01 +0000 (UTC)
	(envelope-from void@f-m.fm)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=f-m.fm header.s=fm2 header.b=IRp2Rb9i;
	dkim=pass header.d=messagingengine.com header.s=fm2 header.b=FnWWEF+z;
	spf=pass (mx1.freebsd.org: domain of void@f-m.fm designates 66.111.4.27 as permitted sender) smtp.mailfrom=void@f-m.fm;
	dmarc=pass (policy=none) header.from=f-m.fm
Received: from compute2.internal (compute2.nyi.internal [10.202.2.46])
	by mailout.nyi.internal (Postfix) with ESMTP id E109E5C0182
	for <freebsd-hackers@freebsd.org>; Wed, 12 Jul 2023 14:44:00 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
  by compute2.internal (MEProxy); Wed, 12 Jul 2023 14:44:00 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=f-m.fm; h=cc
	:content-type:content-type:date:date:from:from:in-reply-to
	:in-reply-to:message-id:mime-version:references:reply-to:sender
	:subject:subject:to:to; s=fm2; t=1689187440; x=1689273840; bh=3K
	Tsc2gwwXDts2l1O7bpKeqsmKsXsJMTSS38PIgUN9I=; b=IRp2Rb9iS2WD+vWMSp
	ELi5/626irj9ZFP/dsRVZqygnsvBv3a5pU1wM1/+4oN8jCmB3ywEvrgTrwlNoWCm
	BhNmb5/Ik7MEWa22PQRBNVH3tSGAW+LUxkBhKuiT8tMmqV0ovGmW8W0TmtAtlL/E
	RfiGJET1/LTpsRVApExxHeTjvQHQxo901Y0cA7cXgGEwQ5Fq1o4hxIa8mH80wz5I
	XeELLQSUFHxJxcL//Y+kSdFx+9d+31eNc9A3Yw3+oEAcDj1/f/8cxt1EUWfPGgfo
	HJvCFPXYwqJTb9ns1WFhQ6BfvDYa7760S3t7wSd769D9PvF5fQJi2v4aUPza9tFZ
	5A4g==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-type:content-type:date:date
	:feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
	:message-id:mime-version:references:reply-to:sender:subject
	:subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
	:x-sasl-enc; s=fm2; t=1689187440; x=1689273840; bh=3KTsc2gwwXDts
	2l1O7bpKeqsmKsXsJMTSS38PIgUN9I=; b=FnWWEF+zc/166u8rL3hCAeh1YBUED
	YkI1/aitPiFD6115sKGaVslRicb6/lMykfIN0own/0AQPC0FEI2+4lwrxv6SJcX+
	xE9z4WUJNPoHVlnzX1YNreRC0lhWtjDLS5XmWf6qrZ3D1uaLrx8hdUCfV3eWAhQ+
	0nEDu76C+3WDou/FbzgqY45WuCu9jLvLhg7IU2jl8HWA7wTIizxRh4S5DqoAMC4B
	I7jJtbM0LqAtYjCYJP6ZCAs2olptMvzkKcE6jEzW+OURzRg9rJOlGaAySHBSIiMA
	15iDq9iFJhuAEY1/CUSC/Q0oJiQ0K4LNXHLX4Qx53GB0uPk0lwtJCLMrQ==
X-ME-Sender: <xms:cPSuZOQwubix_rblTGSya21ex4eYhAEhdWEmOydZlSamdi7_VklRpQ>
    <xme:cPSuZDzF7BqrpSFIC-sfa-IieOcpAuNV_wEX2Q3WQIM_9_k6A8FYCx0gDQgBGp1UG
    jP97KVFSo9M0LiXKQ>
X-ME-Received: <xmr:cPSuZL06tAKO5cKUCFM7vQzxTMRkfsSHlnAxtWcsauzQd3xCzIu-iG3pIhCfKlhArmiL>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedviedrfedvgdduvdekucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
    uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkfhggtggujgesthdtre
    dttddtvdenucfhrhhomhepvhhoihguuceovhhoihgusehfqdhmrdhfmheqnecuggftrfgr
    thhtvghrnhepkeeluddvlefhieelfefggffhffektdehleelgfdugfdvgeekjeejuddthe
    ehgfeunecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhep
    vhhoihgusehfqdhmrdhfmh
X-ME-Proxy: <xmx:cPSuZKA8omRzuxthO0M4BFstBpAeqv3j52HEovsUBxnj6Qrzd_kVdA>
    <xmx:cPSuZHhUT3trEho0FwgopV9V9i1JcmBdKw9isOzYyJGOvHKUpr7y3A>
    <xmx:cPSuZGpjMTYsT2OszrpKNLe0ec4B-ruKxtwJ8Bu446J7lvCq8yzSIg>
    <xmx:cPSuZJfjdbwNZX9WafjD1YC6_18qP57p0EYwFvpbpUzDTEQ8BifVvQ>
Feedback-ID: i2541463c:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for
 <freebsd-hackers@freebsd.org>; Wed, 12 Jul 2023 14:44:00 -0400 (EDT)
Date: Wed, 12 Jul 2023 19:43:58 +0100
From: void <void@f-m.fm>
To: freebsd-hackers@freebsd.org
Subject: Re: dis/advantages of compiling in-kernel over kldload
Message-ID: <ZK70boJDN8WxNf0V@int21h>
Mail-Followup-To: freebsd-hackers@freebsd.org
References: <ZK7mnohS12eEYoV2@int21h>
 <CANCZdfo1z9xq2+ZNoYmudxkrR9=c_9Eg9NOECKU8kwgoGi7pbA@mail.gmail.com>
 <ZK7pqlDKY4JBkvek@int21h>
 <CANCZdfqYSgGMT=JE8h16n0zVYbrWYYgggJwsJK4Z2QFoE8Es4g@mail.gmail.com>
 <ZK7u00XORTTe-2kK@int21h>
 <CANCZdfrTSTaKYjtXqqCrKnyw3j1QPPSkPaj0L3Y=JwHO+S-VWA@mail.gmail.com>
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
In-Reply-To: <CANCZdfrTSTaKYjtXqqCrKnyw3j1QPPSkPaj0L3Y=JwHO+S-VWA@mail.gmail.com>
X-Spamd-Result: default: False [-0.72 / 15.00];
	DWL_DNSWL_LOW(-1.00)[messagingengine.com:dkim];
	NEURAL_SPAM_SHORT(0.99)[0.992];
	NEURAL_HAM_MEDIUM(-0.94)[-0.938];
	NEURAL_SPAM_LONG(0.83)[0.829];
	DMARC_POLICY_ALLOW(-0.50)[f-m.fm,none];
	MID_RHS_NOT_FQDN(0.50)[];
	R_SPF_ALLOW(-0.20)[+ip4:66.111.4.27:c];
	R_DKIM_ALLOW(-0.20)[f-m.fm:s=fm2,messagingengine.com:s=fm2];
	MIME_GOOD(-0.10)[text/plain];
	RCVD_IN_DNSWL_LOW(-0.10)[66.111.4.27:from];
	ASN(0.00)[asn:19151, ipnet:66.111.4.0/24, country:US];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
	RCVD_COUNT_THREE(0.00)[4];
	DKIM_TRACE(0.00)[f-m.fm:+,messagingengine.com:+];
	RCPT_COUNT_ONE(0.00)[1];
	FREEMAIL_FROM(0.00)[f-m.fm];
	TO_DN_NONE(0.00)[];
	FREEMAIL_ENVFROM(0.00)[f-m.fm];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	FROM_EQ_ENVFROM(0.00)[];
	RCVD_TLS_LAST(0.00)[];
	FROM_HAS_DN(0.00)[];
	MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org];
	MIME_TRACE(0.00)[0:+];
	ARC_NA(0.00)[];
	RCVD_VIA_SMTP_AUTH(0.00)[]
X-Rspamd-Queue-Id: 4R1RTs1Xblz3Dh7
X-Spamd-Bar: /
X-ThisMailContainsUnwantedMimeParts: N

On Wed, Jul 12, 2023 at 12:24:45PM -0600, Warner Losh wrote:
>Depends. If you build everything, then you get "tied" modules that are only
>for a specific kernel. If you run the released modules, then there can be a
>small performance hit that don't matter too much unless you are out of
>CPU.... the release modules withh work with a range of kernels.

ok that's fine, thanks for the clarification.
-- 

From nobody Wed Jul 12 19:03:55 2023
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R1Rwv27lFz2tmJD
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Wed, 12 Jul 2023 19:03:59 +0000 (UTC)
	(envelope-from void@f-m.fm)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4R1Rwt4lw6z3L70
	for <freebsd-hackers@freebsd.org>; Wed, 12 Jul 2023 19:03:58 +0000 (UTC)
	(envelope-from void@f-m.fm)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=f-m.fm header.s=fm2 header.b=QMTEm3er;
	dkim=pass header.d=messagingengine.com header.s=fm2 header.b="q KGOwbi";
	spf=pass (mx1.freebsd.org: domain of void@f-m.fm designates 66.111.4.27 as permitted sender) smtp.mailfrom=void@f-m.fm;
	dmarc=pass (policy=none) header.from=f-m.fm
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
	by mailout.nyi.internal (Postfix) with ESMTP id 959A15C00F8
	for <freebsd-hackers@freebsd.org>; Wed, 12 Jul 2023 15:03:57 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
  by compute5.internal (MEProxy); Wed, 12 Jul 2023 15:03:57 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=f-m.fm; h=cc
	:content-transfer-encoding:content-type:content-type:date:date
	:from:from:in-reply-to:in-reply-to:message-id:mime-version
	:references:reply-to:sender:subject:subject:to:to; s=fm2; t=
	1689188637; x=1689275037; bh=IsVl0BIsPXMq//j36OWl6biIlGyR18o64gm
	GfJQCKa8=; b=QMTEm3erssudZOThdsdvQAqz2khdGEAdajPEhP0MAsbo3/b6sdX
	GM9uObBHbFK3jLDTeMgI96gWWLz0aEVRNl2CY58uwcBR/spWNUgk338lba9SYqfA
	HzgRNEvIA5y9b1cSq4X6tzWtUwNm7kaRRKGnzxRDf45mfkPhvG7xn0LxQ1kvleos
	2CUMoc7dFphr2isGfOPqNdEIz/WwQuSSU6gKzocproXaJJ2js9IXY9XS46A5vjA7
	DOBsh2P5RcP6i17GuDMIlFODoUFNsaG4E5eq67RQTHjPcCxxfcfdqasPJod79KJS
	55+Uz6vTaSovhLluz77Mhv8lFRVZLizITZw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-transfer-encoding:content-type
	:content-type:date:date:feedback-id:feedback-id:from:from
	:in-reply-to:in-reply-to:message-id:mime-version:references
	:reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy
	:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1689188637; x=
	1689275037; bh=IsVl0BIsPXMq//j36OWl6biIlGyR18o64gmGfJQCKa8=; b=q
	KGOwbiCVraZHFlBUKuTkgRxjJ1syQJfk/K7ppO/DVTEVRYXj54ki8V6xKlvkZsS5
	VTjCMfuQ9gmYGbKzY5XW6vNqvzoOe0rh4hdegrAE+jl5W5OHP8QdejXAJZkimj7A
	meXIUsUOwDcWcgS5akArQXKar23S7cL8Bb26tpMydIswep8S8p5xPIZJquwBYYqM
	Jj/UIOnNl1bn6EVv16tRz/Wc7y1tDA51gE9FFUtgRlx6D/vnaqcZQ3G8tbnZr0Of
	yl1avfFSxnZ0QAqsK6ofEWr665eBhipWLAIJN9b5Hsn3Kv9H23qCSzz9IV5OOYnk
	ueAoUFuxMyXzVqJ9KWPBg==
X-ME-Sender: <xms:HfmuZI2c77BxLttmUVTvLA_etAZc-7-61TnpfcOau2pMPBJw1RPmTQ>
    <xme:HfmuZDFynnxE3jy2bv3HqQHitx3KYlP6TmXm2X1_ECyOInn3TRwN7pOHL8eV9Mpsc
    WEO6sZxmSRmwd6dJQ>
X-ME-Received: <xmr:HfmuZA79miTD_vc75jOh3QN-663LmmJ6Ug5VRKMRWBPtD71OvMzTq5HsuaaLPyVVty2z>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedviedrfedvgddufedvucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
    uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkfhggtggugfgjsehtke
    ertddttdejnecuhfhrohhmpehvohhiugcuoehvohhiugesfhdqmhdrfhhmqeenucggtffr
    rghtthgvrhhnpefhheekvedttdfhleeffeeludehtdeghfehudefudetfedtgffhfedufe
    ehjefhjeenucffohhmrghinhepfhhrvggvsghsugdrohhrghenucevlhhushhtvghrufhi
    iigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehvohhiugesfhdqmhdrfhhm
X-ME-Proxy: <xmx:HfmuZB2_I4cC0iQZn8GZaPUHsYR5UHr5H7Trpb5R9_vOXwDGYgZ83w>
    <xmx:HfmuZLEx7Djetvw_VW0d8QSqNQWb_2pST37gEhlYn2lcaDJcnCNclw>
    <xmx:HfmuZK_KSD8CV8c3-JzWdjnGHvgVu8lvHPm_ab679oeUoKh8IIgYSQ>
    <xmx:HfmuZCxaMtmwuYh4ibRpm4AnVDTUvY-HuYxOp_f5eAo6Ys8L9ICyEQ>
Feedback-ID: i2541463c:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for
 <freebsd-hackers@freebsd.org>; Wed, 12 Jul 2023 15:03:56 -0400 (EDT)
Date: Wed, 12 Jul 2023 20:03:55 +0100
From: void <void@f-m.fm>
To: freebsd-hackers@freebsd.org
Subject: Re: dis/advantages of compiling in-kernel over kldload
Message-ID: <ZK75GyQCxE1YzEav@int21h>
Mail-Followup-To: freebsd-hackers@freebsd.org
References: <ZK7mnohS12eEYoV2@int21h>
 <F94E719F-C1BE-48C4-882D-AF42E3350ACB@FreeBSD.org>
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <F94E719F-C1BE-48C4-882D-AF42E3350ACB@FreeBSD.org>
X-Spamd-Result: default: False [-4.43 / 15.00];
	DWL_DNSWL_LOW(-1.00)[messagingengine.com:dkim];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-1.00)[-0.999];
	NEURAL_HAM_MEDIUM(-0.83)[-0.835];
	DMARC_POLICY_ALLOW(-0.50)[f-m.fm,none];
	MID_RHS_NOT_FQDN(0.50)[];
	R_SPF_ALLOW(-0.20)[+ip4:66.111.4.27];
	R_DKIM_ALLOW(-0.20)[f-m.fm:s=fm2,messagingengine.com:s=fm2];
	MIME_GOOD(-0.10)[text/plain];
	RCVD_IN_DNSWL_LOW(-0.10)[66.111.4.27:from];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
	FROM_HAS_DN(0.00)[];
	RCPT_COUNT_ONE(0.00)[1];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	ARC_NA(0.00)[];
	RCVD_TLS_LAST(0.00)[];
	ASN(0.00)[asn:19151, ipnet:66.111.4.0/24, country:US];
	RCVD_COUNT_THREE(0.00)[4];
	TO_DN_NONE(0.00)[];
	FREEMAIL_FROM(0.00)[f-m.fm];
	MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org];
	DKIM_TRACE(0.00)[f-m.fm:+,messagingengine.com:+];
	MIME_TRACE(0.00)[0:+];
	FROM_EQ_ENVFROM(0.00)[];
	FREEMAIL_ENVFROM(0.00)[f-m.fm];
	RCVD_VIA_SMTP_AUTH(0.00)[]
X-Rspamd-Queue-Id: 4R1Rwt4lw6z3L70
X-Spamd-Bar: ----
X-ThisMailContainsUnwantedMimeParts: N

Hello Kristof,

On Wed, Jul 12, 2023 at 08:38:35PM +0200, Kristof Provost wrote:

>I strongly recommend that people stick with the GENERIC config, 
>and ideally just use the builds the project releases.

I disagree. I think people need to look carefully at their own contexts.
What you're suggesting removes a configurable layer of the
security onion. It's not like we have OpenBSD's KARL. I find it hard to
see how using identical configs across systems benefits anyone apart from
either an attacker, or tech support.

>Any deviation from that means you’re running a configuration that’s less 
>tested than the default.

That's fine. If I report a problem I'll make sure to use a generic 
config to debug beforehand.

>There may be good reasons to do so, but know that our warranty policy is “If you break it you get to keep all of the pieces”.

I wasn't aware of any warranty policy at all :D

>For example, PF_DEFAULT_TO_DROP is know to be broken in at least some scenarios: 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237477

Would you not agree though, that if one didn't try, then no progress could be made?

What I'd like to acheive is the following:

If pf fails to load its ruleset, allow ssh from only this safe IP range 
and block everything else.
-- 

From nobody Wed Jul 12 19:20:42 2023
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R1SJF6mKxz2tsnL
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Wed, 12 Jul 2023 19:20:45 +0000 (UTC)
	(envelope-from void@f-m.fm)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4R1SJF2MKnz3Pt6
	for <freebsd-hackers@freebsd.org>; Wed, 12 Jul 2023 19:20:45 +0000 (UTC)
	(envelope-from void@f-m.fm)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=f-m.fm header.s=fm2 header.b=N8LOnUph;
	dkim=pass header.d=messagingengine.com header.s=fm2 header.b=jPAKM65g;
	spf=pass (mx1.freebsd.org: domain of void@f-m.fm designates 66.111.4.27 as permitted sender) smtp.mailfrom=void@f-m.fm;
	dmarc=pass (policy=none) header.from=f-m.fm
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43])
	by mailout.nyi.internal (Postfix) with ESMTP id 12CA95C00DA
	for <freebsd-hackers@freebsd.org>; Wed, 12 Jul 2023 15:20:45 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
  by compute3.internal (MEProxy); Wed, 12 Jul 2023 15:20:45 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=f-m.fm; h=cc
	:content-type:content-type:date:date:from:from:in-reply-to
	:in-reply-to:message-id:mime-version:references:reply-to:sender
	:subject:subject:to:to; s=fm2; t=1689189645; x=1689276045; bh=Hz
	giPw5Y6KcwKPY53MUi+5bqlLlhWssT6tBTWs4Fdio=; b=N8LOnUphGCFy/rMil1
	M46aZsPR8iboBKKFi6uyX/k0riXMt8htgRkvPEyqNPGLePlfVaMU73c0IRExLN1W
	YEzfs1lo21JJl7epKFClTdlxcPtTBAU3LFW3nI5x2NRu0TSnRM+T6OMzGLO/rYvm
	Sxr/3rFNpytBaF9oHSqTDBQFBKbJtYeE8qcx9Rx3EXPWn0Q/hUzp5IW2DGrfP/+z
	aqfLwKRiWSqAF3Ha9RY4wwEHT+PVM+KqJjEk2QqXv+5/EtAuxGVs3w/K0cSxCQsx
	o08QiJF8isWcc0KnA/SGQUWx4AlxYccBOJhOYCDumYqOVEX2QBR+tdmJNZhV3Eun
	TC1Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-type:content-type:date:date
	:feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
	:message-id:mime-version:references:reply-to:sender:subject
	:subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
	:x-sasl-enc; s=fm2; t=1689189645; x=1689276045; bh=HzgiPw5Y6KcwK
	PY53MUi+5bqlLlhWssT6tBTWs4Fdio=; b=jPAKM65gWaI98VnfznOU9YJxXw8Mj
	ToCyVOfF6SADgqnor2CrXRRJxAYppC6oNU4qsiyCX3mqn7jgz1Dns86/Qa4Ewjv3
	IiiQE8vp3lk6lRqI6ibUAtreokh1w8q/eYrowTSQEcW/3SxtscHXYc5Sf5fTI6O8
	oWKfchN0CImPf5kc2k2Dpud3MANtt7Il8URXjTMg3dcdXs9qjJCJGUgZ5vdLhTmt
	Owi2192vIFRvxMfCOCbgTDCIKLsahiJgN+PpONBBnwbygeeLIu/PLpp0AhaBSB/l
	vOSkOGYOWdvP4VHQmZwLTiIysKr9bag86HJ3VhVmeqGI8GIWf7DROgH7A==
X-ME-Sender: <xms:DP2uZCM7_-Q4g2rC8fdTRl7fYWu_z_kWXMXK8GtWNME0NJSb0oTZ5Q>
    <xme:DP2uZA-8B_YLrqbIlm7oJGZVAcXnm8Hkp05L9j_sCvLI3tdmmiBd0FdlfmHNHkhb7
    fSlZEu-QL-Rxdaysw>
X-ME-Received: <xmr:DP2uZJTkdAuw_btMlVsVASqjBQSxVNFuUa5UHW_hBYjxwTWP5IQAdz42iMVGpwbgyEpW>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedviedrfedvgddufeehucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
    uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkfhggtggujgesthdtre
    dttddtvdenucfhrhhomhepvhhoihguuceovhhoihgusehfqdhmrdhfmheqnecuggftrfgr
    thhtvghrnhepkeeluddvlefhieelfefggffhffektdehleelgfdugfdvgeekjeejuddthe
    ehgfeunecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhep
    vhhoihgusehfqdhmrdhfmh
X-ME-Proxy: <xmx:DP2uZCu3dTvLW_C7-_Je99oW6EQ917ZWVBgLus3JhaIw827aY4B8Xg>
    <xmx:DP2uZKdjl3VlE4dmrui8MRAicJxx55jn0gaN-j8q3MxWYHp9inhdrg>
    <xmx:DP2uZG0U2EX7MNlM0XOxPyFa-0f2pCJGhOMQk9ho_q1Jm3h0SZIS0w>
    <xmx:Df2uZMrBu3NOqhYSeXhmFSrgpnfs3E9G8d_jD2RtRFKUwI8Mcu7fmw>
Feedback-ID: i2541463c:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for
 <freebsd-hackers@freebsd.org>; Wed, 12 Jul 2023 15:20:44 -0400 (EDT)
Date: Wed, 12 Jul 2023 20:20:42 +0100
From: void <void@f-m.fm>
To: freebsd-hackers@freebsd.org
Subject: Re: dis/advantages of compiling in-kernel over kldload
Message-ID: <ZK79ClqxakjWjYRj@int21h>
Mail-Followup-To: freebsd-hackers@freebsd.org
References: <ZK7mnohS12eEYoV2@int21h>
 <CANCZdfo1z9xq2+ZNoYmudxkrR9=c_9Eg9NOECKU8kwgoGi7pbA@mail.gmail.com>
 <ZK7pqlDKY4JBkvek@int21h>
 <B88E284C-CCC6-4C8E-BA92-26505E6C1780@FreeBSD.org>
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
In-Reply-To: <B88E284C-CCC6-4C8E-BA92-26505E6C1780@FreeBSD.org>
X-Spamd-Result: default: False [-4.50 / 15.00];
	DWL_DNSWL_LOW(-1.00)[messagingengine.com:dkim];
	NEURAL_HAM_SHORT(-1.00)[-0.999];
	NEURAL_HAM_MEDIUM(-0.99)[-0.987];
	NEURAL_HAM_LONG(-0.92)[-0.919];
	DMARC_POLICY_ALLOW(-0.50)[f-m.fm,none];
	MID_RHS_NOT_FQDN(0.50)[];
	R_SPF_ALLOW(-0.20)[+ip4:66.111.4.27:c];
	R_DKIM_ALLOW(-0.20)[f-m.fm:s=fm2,messagingengine.com:s=fm2];
	MIME_GOOD(-0.10)[text/plain];
	RCVD_IN_DNSWL_LOW(-0.10)[66.111.4.27:from];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
	FROM_HAS_DN(0.00)[];
	RCPT_COUNT_ONE(0.00)[1];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	ARC_NA(0.00)[];
	RCVD_TLS_LAST(0.00)[];
	ASN(0.00)[asn:19151, ipnet:66.111.4.0/24, country:US];
	RCVD_COUNT_THREE(0.00)[4];
	TO_DN_NONE(0.00)[];
	FREEMAIL_FROM(0.00)[f-m.fm];
	MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org];
	DKIM_TRACE(0.00)[f-m.fm:+,messagingengine.com:+];
	MIME_TRACE(0.00)[0:+];
	FROM_EQ_ENVFROM(0.00)[];
	FREEMAIL_ENVFROM(0.00)[f-m.fm];
	RCVD_VIA_SMTP_AUTH(0.00)[]
X-Rspamd-Queue-Id: 4R1SJF2MKnz3Pt6
X-Spamd-Bar: ----
X-ThisMailContainsUnwantedMimeParts: N

On Wed, Jul 12, 2023 at 08:05:32PM +0200, Dimitry Andric wrote:
>Yes. The rc.conf setting is needed for /etc/rc.d/pf, which is the
>command script responsible for bringing pf up (or down).

thanks for clarifying.
-- 

From nobody Wed Jul 12 19:51:47 2023
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R1T0F1HPmz4mfCl
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Wed, 12 Jul 2023 19:51:57 +0000 (UTC)
	(envelope-from SRS0=U++U=C6=quip.cz=000.fbsd@elsa.codelab.cz)
Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4R1T0C6x45z3lSK
	for <freebsd-hackers@freebsd.org>; Wed, 12 Jul 2023 19:51:55 +0000 (UTC)
	(envelope-from SRS0=U++U=C6=quip.cz=000.fbsd@elsa.codelab.cz)
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	spf=none (mx1.freebsd.org: domain of "SRS0=U++U=C6=quip.cz=000.fbsd@elsa.codelab.cz" has no SPF policy when checking 94.124.105.4) smtp.mailfrom="SRS0=U++U=C6=quip.cz=000.fbsd@elsa.codelab.cz";
	dmarc=none
Received: from elsa.codelab.cz (localhost [127.0.0.1])
	by elsa.codelab.cz (Postfix) with ESMTP id AD2DCD78A1
	for <freebsd-hackers@freebsd.org>; Wed, 12 Jul 2023 21:51:48 +0200 (CEST)
Received: from [192.168.145.49] (ip-89-177-27-225.bb.vodafone.cz [89.177.27.225])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by elsa.codelab.cz (Postfix) with ESMTPSA id 1EA3CD7899
	for <freebsd-hackers@freebsd.org>; Wed, 12 Jul 2023 21:51:48 +0200 (CEST)
Message-ID: <e913ae94-6f9a-13e1-5a0e-9051a1356218@quip.cz>
Date: Wed, 12 Jul 2023 21:51:47 +0200
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@freebsd.org
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:102.0) Gecko/20100101
 Thunderbird/102.10.1
Subject: Re: dis/advantages of compiling in-kernel over kldload
To: freebsd-hackers@freebsd.org
References: <ZK7mnohS12eEYoV2@int21h>
 <F94E719F-C1BE-48C4-882D-AF42E3350ACB@FreeBSD.org> <ZK75GyQCxE1YzEav@int21h>
Content-Language: cs-Cestina
From: Miroslav Lachman <000.fbsd@quip.cz>
In-Reply-To: <ZK75GyQCxE1YzEav@int21h>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spamd-Result: default: False [-1.73 / 15.00];
	AUTH_NA(1.00)[];
	NEURAL_HAM_SHORT(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_LONG(-0.93)[-0.926];
	FORGED_SENDER(0.30)[000.fbsd@quip.cz,SRS0=U@elsa.codelab.cz];
	MIME_GOOD(-0.10)[text/plain];
	MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org];
	DMARC_NA(0.00)[quip.cz];
	RCVD_TLS_LAST(0.00)[];
	R_DKIM_NA(0.00)[];
	R_SPF_NA(0.00)[no SPF record];
	ASN(0.00)[asn:42000, ipnet:94.124.104.0/21, country:CZ];
	MIME_TRACE(0.00)[0:+];
	BLOCKLISTDE_FAIL(0.00)[89.177.27.225:server fail,94.124.105.4:server fail];
	ARC_NA(0.00)[];
	RCVD_COUNT_THREE(0.00)[3];
	FROM_HAS_DN(0.00)[];
	MID_RHS_MATCH_FROM(0.00)[];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	TAGGED_FROM(0.00)[U=C6=quip.cz=000.fbsd];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
	TO_DN_NONE(0.00)[];
	RCPT_COUNT_ONE(0.00)[1];
	FROM_NEQ_ENVFROM(0.00)[000.fbsd@quip.cz,SRS0=U@elsa.codelab.cz]
X-Rspamd-Queue-Id: 4R1T0C6x45z3lSK
X-Spamd-Bar: -
X-ThisMailContainsUnwantedMimeParts: N

On 12/07/2023 21:03, void wrote:

[..]

> What I'd like to acheive is the following:
> 
> If pf fails to load its ruleset, allow ssh from only this safe IP range 
> and block everything else.

Take a look in to /etc/defaults/rc.conf or man rc.conf for some examples 
of pf_fallback variables. You can define simple rule or special file to 
load when your main ruleset (pf.conf) failed to load at boot time.

Enable fallback
pf_fallback_rules_enable="YES"

and then use one of these
pf_fallback_rules="block drop log all"
pf_fallback_rules_file="/etc/pf-fallback.conf"

Kind regards
Miroslav Lachman


From nobody Wed Jul 12 20:08:02 2023
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R1TLs1HtPz4mlJZ
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Wed, 12 Jul 2023 20:08:05 +0000 (UTC)
	(envelope-from kp@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4R1TLr6h38z3pCW;
	Wed, 12 Jul 2023 20:08:04 +0000 (UTC)
	(envelope-from kp@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1689192484;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=S3DZO27QJcAkLZR/pfNL8yMO7bDMWb/JKBQdvP5Il2A=;
	b=AVONkuPoe0I+sI0KiWxzG161XKaZiz55o1XVqHiYFx4RnqzRRQ/5q3MonwD8jG+0RtNvz8
	8OVZP1djFuU+0+yL0SvfmcXqiAllHv+vUkKGCfyn/qh8bLfPStqaq5+gdHI/QpdAZKqarD
	R9bFsB4+90vAA6luU8oMPU+yAFix0+VukXBu2auh2xzcgEJPrdEdg/dXF4awhs6YcfrX6j
	OO1DcoJjnTES94e3LdfyG3j+uxJbeeWaS4rXgJmUzvtZmh99HNjbfec9PmEcQKcHhG1uN3
	vkOcnzHM0Go7P3isi5DPadyLWrnTm4ouErxkQ6v7w9w9Yme/ztWHKNrBGsynRg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1689192484;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=S3DZO27QJcAkLZR/pfNL8yMO7bDMWb/JKBQdvP5Il2A=;
	b=o2938MKe0Gp62GI5Z6qQ9T6iqJY+URKmAJPZVoo4PEKTBUzfMIahG8bMT+h8ymkofXQhJQ
	nP8isdzlJiI6eZYggATI/S+So1sy15DZzPcAseCsIx2dk8AQBZE12ynLd5IhPX4/AkNUfN
	fW5rbUdG1n+hA8jt74xC9T9J5x4hMpY3A8DCDDq+uMkiabQFWYjaLh4iPWy71KBigdoiE5
	r+mW1eHWgXj3LIcKvRk8QMOaVFhVv7gKn0scxQqwFExaNneKPvliCbiMxGR5nUmQktah8N
	2RdtkErqa0JsuGtHKbe8+d9d1Z0InMDQ1polzXIgKop9bdIbhbxwHJMxavA+8Q==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1689192484; a=rsa-sha256; cv=none;
	b=gDIPpbxmFdUpi5wrSdDaAevdaRyAnhsRNy+OxXYx9KYniLuXS3wqIDRB34v9o2aClOTgmJ
	XAS355m4mJBflkG88+QBZ312bZLNaF1++hEmvOJa91GaRbNhNfNtsEpiOQPtcqIrwqNHjW
	pgiS6v+ynhmHDGFBJsAyzeKFwHwcDh5EegC1Sj64OidatnTqA8bVTwFq3Vwa4udQbndns8
	NGfIK1q2R+DiplK5Bv+jfjQ8l5jl8F0J/552/8W26hLTcZ86IgdUj2n8KHDb2RBWgh+Smy
	Ns3B3bZuXjkX5rp+/9Epa4YNm7Kn2MUlA1Vki6+Ej9vaXMFrQ3hOn9whXOEVYA==
Received: from venus.codepro.be (venus.codepro.be [5.9.86.228])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "mx1.codepro.be", Issuer "R3" (verified OK))
	(Authenticated sender: kp)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4R1TLr52nxz11x5;
	Wed, 12 Jul 2023 20:08:04 +0000 (UTC)
	(envelope-from kp@FreeBSD.org)
Received: by venus.codepro.be (Postfix, authenticated sender kp)
 id 40ED34F6BA;
	Wed, 12 Jul 2023 22:08:03 +0200 (CEST)
From: Kristof Provost <kp@FreeBSD.org>
To: void <void@f-m.fm>
Cc: freebsd-hackers@freebsd.org
Subject: Re: dis/advantages of compiling in-kernel over kldload
Date: Wed, 12 Jul 2023 22:08:02 +0200
X-Mailer: MailMate (1.14r5937)
Message-ID: <8E73D0C1-11A1-4767-9FE6-8C0DEB494B5A@FreeBSD.org>
In-Reply-To: <ZK75GyQCxE1YzEav@int21h>
References: <ZK7mnohS12eEYoV2@int21h>
 <F94E719F-C1BE-48C4-882D-AF42E3350ACB@FreeBSD.org> <ZK75GyQCxE1YzEav@int21h>
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-ThisMailContainsUnwantedMimeParts: N

On 12 Jul 2023, at 21:03, void wrote:
> Hello Kristof,
>
> On Wed, Jul 12, 2023 at 08:38:35PM +0200, Kristof Provost wrote:
>
>> I strongly recommend that people stick with the GENERIC config, and id=
eally just use the builds the project releases.
>
> I disagree. I think people need to look carefully at their own contexts=
=2E
> What you're suggesting removes a configurable layer of the
> security onion. It's not like we have OpenBSD's KARL. I find it hard to=

> see how using identical configs across systems benefits anyone apart fr=
om
> either an attacker, or tech support.

I=E2=80=99m not suggesting that you=E2=80=99re not allowed to deviate fro=
m the default kernel config. I=E2=80=99m saying that it=E2=80=99s risky, =
and that I=E2=80=99m going to be less interested in the bugs you run into=
=2E

>> For example, PF_DEFAULT_TO_DROP is know to be broken in at least some =
scenarios:
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D237477
>
> Would you not agree though, that if one didn't try, then no progress co=
uld be made?
>
Sure, if you=E2=80=99re interested in finding bugs that=E2=80=99s one thi=
ng you can do. You=E2=80=99re also likely to be allowed to fix them yours=
elf.

> What I'd like to acheive is the following:
>
> If pf fails to load its ruleset, allow ssh from only this safe IP range=
 and block everything else.
>
Look at pf_fallback_rules in /etc/defaults/rc.conf

Best regards,
Kristof

From nobody Wed Jul 12 23:05:34 2023
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R1YHl0NRrz2twPg
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Wed, 12 Jul 2023 23:05:39 +0000 (UTC)
	(envelope-from void@f-m.fm)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4R1YHk2Vd7z3Gpw
	for <freebsd-hackers@freebsd.org>; Wed, 12 Jul 2023 23:05:38 +0000 (UTC)
	(envelope-from void@f-m.fm)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=f-m.fm header.s=fm2 header.b=DYZoXmP6;
	dkim=pass header.d=messagingengine.com header.s=fm2 header.b=TErUTUPc;
	spf=pass (mx1.freebsd.org: domain of void@f-m.fm designates 66.111.4.25 as permitted sender) smtp.mailfrom=void@f-m.fm;
	dmarc=pass (policy=none) header.from=f-m.fm
Received: from compute6.internal (compute6.nyi.internal [10.202.2.47])
	by mailout.nyi.internal (Postfix) with ESMTP id E515D5C01B0
	for <freebsd-hackers@freebsd.org>; Wed, 12 Jul 2023 19:05:36 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
  by compute6.internal (MEProxy); Wed, 12 Jul 2023 19:05:36 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=f-m.fm; h=cc
	:content-type:content-type:date:date:from:from:in-reply-to
	:in-reply-to:message-id:mime-version:references:reply-to:sender
	:subject:subject:to:to; s=fm2; t=1689203136; x=1689289536; bh=zJ
	4yEwW957lHvsN+GWxM2ABh8KQ/vvZU02SHBwnX3HU=; b=DYZoXmP6Uxeo+QRMhG
	ekw3HDxTPxufPdEkd8fHXcKvWZX05pRciZKRYVnQl/t5XSkRk4Q7vAOvlult68Sc
	NlwmVtmFolAexdH4FBQxdlOf3HCO1YS1yZT1N6sDQY0ggmUPJz0va+/+1WFdyh5D
	3YuobFr3Mq9ivqT052S087fIOjRtGFUUFwnHWIga6lByB1v8pevjhZQIHz1X4Aq9
	ZCX10LeQ7K9rlpBkcPv09pqGsO8aj4D37m7fxX57i0GK5Wacq6VrvirQlbleosfv
	hgfNPs63x/pQVBmWcJh12qrMIMHacjvwllbtzEujhBUorqM8WafvJZfTWP2XFBKo
	hG3g==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-type:content-type:date:date
	:feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
	:message-id:mime-version:references:reply-to:sender:subject
	:subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
	:x-sasl-enc; s=fm2; t=1689203136; x=1689289536; bh=zJ4yEwW957lHv
	sN+GWxM2ABh8KQ/vvZU02SHBwnX3HU=; b=TErUTUPco4NfzoMeAq7buJYTZfcG1
	zeYxGh+QD6mdXwyfQ9DFd8cxvVfSpYsPxQ2GVzhFvY0yuIX906xGffkbpqmxRKtf
	6gFPJi6U44r5yJfkdsEJFsrJhyduw7+jzPz2UQcZSFMoCUxJN7qoKCKT5YNAY9st
	PK2L7T7hScKi904jB7ZxRyZeq+Rs3uJG+5F/ID48wlkFNtXH9b0625q9GkRI5OvH
	ayXNSpto1TYC4dY3FZx8L0ObWte8g/WUQjN0kZVHvko41OKFO7OkrfOc3lcShA8o
	EDAJ9oeRqW/FTBpqupRQEPYvzGuPGFWijdgF4eWB/UcSQDzVvNhUTfQXQ==
X-ME-Sender: <xms:wDGvZGM_OkdOKA-vSyBe8uzooCsnz-9M9etREJuLn6j-30zRuFgkxg>
    <xme:wDGvZE8L-jmTndz0jGQSiTJGjT4GJpNhJ8AUq1SKSaVWUlPjdaKgfiApfSstEZc3v
    mSgdQYKjiGbDOhaoQ>
X-ME-Received: <xmr:wDGvZNQi1DucK31k2IbHByCgvki47LdHECGmpJCCm6OWFRZcKTEa5chkNH31pcx5Nsst>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedviedrfeefgdduiecutefuodetggdotefrodftvf
    curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
    uegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfhfgggtuggjsehttdertd
    dttddvnecuhfhrohhmpehvohhiugcuoehvohhiugesfhdqmhdrfhhmqeenucggtffrrght
    thgvrhhnpeekleduvdelhfeileefgffghfffkedtheellefgudfgvdegkeejjedutdehhe
    fgueenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehv
    ohhiugesfhdqmhdrfhhm
X-ME-Proxy: <xmx:wDGvZGu48Egke95gCa9dMQ6ODz0TilqR0TeYCq3UckTZ2l-jRwCvpw>
    <xmx:wDGvZOdrFl1oJB3u_OdHUhaUmwTLMr-Ldg0y-tFM6iirl3g6JxQKqw>
    <xmx:wDGvZK0XWBN_tNcZhbPUi30lh-N6mCZmcgvElfFckmH8QLlwX_ymsA>
    <xmx:wDGvZAq5cOkcNaAVPAnKw4L2Vjgu3Fic0pJ6Qk4CVO2jWQOs-ciPFg>
Feedback-ID: i2541463c:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for
 <freebsd-hackers@freebsd.org>; Wed, 12 Jul 2023 19:05:36 -0400 (EDT)
Date: Thu, 13 Jul 2023 00:05:34 +0100
From: void <void@f-m.fm>
To: freebsd-hackers@freebsd.org
Subject: Re: dis/advantages of compiling in-kernel over kldload
Message-ID: <ZK8xvunReck7RAAp@int21h>
Mail-Followup-To: freebsd-hackers@freebsd.org
References: <ZK7mnohS12eEYoV2@int21h>
 <F94E719F-C1BE-48C4-882D-AF42E3350ACB@FreeBSD.org>
 <ZK75GyQCxE1YzEav@int21h>
 <e913ae94-6f9a-13e1-5a0e-9051a1356218@quip.cz>
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
In-Reply-To: <e913ae94-6f9a-13e1-5a0e-9051a1356218@quip.cz>
X-Spamd-Result: default: False [-2.51 / 15.00];
	DWL_DNSWL_LOW(-1.00)[messagingengine.com:dkim];
	NEURAL_HAM_MEDIUM(-0.94)[-0.943];
	NEURAL_SPAM_LONG(0.94)[0.942];
	NEURAL_HAM_SHORT(-0.81)[-0.806];
	MID_RHS_NOT_FQDN(0.50)[];
	DMARC_POLICY_ALLOW(-0.50)[f-m.fm,none];
	R_DKIM_ALLOW(-0.20)[f-m.fm:s=fm2,messagingengine.com:s=fm2];
	R_SPF_ALLOW(-0.20)[+ip4:66.111.4.25];
	RWL_MAILSPIKE_GOOD(-0.10)[66.111.4.25:from];
	RCVD_IN_DNSWL_LOW(-0.10)[66.111.4.25:from];
	MIME_GOOD(-0.10)[text/plain];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	RCPT_COUNT_ONE(0.00)[1];
	FROM_HAS_DN(0.00)[];
	ARC_NA(0.00)[];
	RCVD_TLS_LAST(0.00)[];
	ASN(0.00)[asn:19151, ipnet:66.111.4.0/24, country:US];
	RCVD_COUNT_THREE(0.00)[4];
	TO_DN_NONE(0.00)[];
	FREEMAIL_FROM(0.00)[f-m.fm];
	MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org];
	DKIM_TRACE(0.00)[f-m.fm:+,messagingengine.com:+];
	MIME_TRACE(0.00)[0:+];
	FROM_EQ_ENVFROM(0.00)[];
	FREEMAIL_ENVFROM(0.00)[f-m.fm];
	RCVD_VIA_SMTP_AUTH(0.00)[]
X-Rspamd-Queue-Id: 4R1YHk2Vd7z3Gpw
X-Spamd-Bar: --
X-ThisMailContainsUnwantedMimeParts: N

On Wed, Jul 12, 2023 at 09:51:47PM +0200, Miroslav Lachman wrote:
>Enable fallback
>pf_fallback_rules_enable="YES"
>
>and then use one of these
>pf_fallback_rules="block drop log all"
>pf_fallback_rules_file="/etc/pf-fallback.conf"

aaah! thats what I was looking for, thank you
-- 

From nobody Fri Jul 14 09:52:15 2023
X-Original-To: hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R2RbZ5cxFz4mx7L
	for <hackers@mlmmj.nyi.freebsd.org>; Fri, 14 Jul 2023 09:52:26 +0000 (UTC)
	(envelope-from danny@cs.huji.ac.il)
Received: from kabab.cs.huji.ac.il (kabab.cs.huji.ac.il [132.65.116.210])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4R2RbY42vjz4GTF
	for <hackers@freebsd.org>; Fri, 14 Jul 2023 09:52:25 +0000 (UTC)
	(envelope-from danny@cs.huji.ac.il)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=cs.huji.ac.il header.s=57791128 header.b=KC4FvLYr;
	spf=none (mx1.freebsd.org: domain of danny@cs.huji.ac.il has no SPF policy when checking 132.65.116.210) smtp.mailfrom=danny@cs.huji.ac.il;
	dmarc=pass (policy=none) header.from=huji.ac.il
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=cs.huji.ac.il; s=57791128;
	h=To:Date:Message-Id:Subject:Mime-Version:Content-Transfer-Encoding:Content-Type:From; bh=YRUCAUCJxH85hVVUlnF5yebZjwzVZ3oJCQr9TkWCAvM=;
	b=KC4FvLYraQ2GsdKVpJNe6Orx/HNJKPhK1pjVwOCpkMs4uECHop5LFHPX7FJNYSZKYGtxXSvunOyw7782VF3OvFls2tlPBH5b6IHTmsD7mNIVZXSa7J1grRtvfx4vpVdihVz4mpFkn3hxosw0TGJ2nus4qgRx6idhWfazpxiQrvnMdFOQOkiCQDrFJKQR8hnlK3Fkqbkyx7voDKQ4/s9mlJWJ45wyJT6LqvDeE+Y5owd3nCMMubfyXyEYPeltMj/8wDxgJbZpTfa8RhWiL2LG6N9Rlykp9v5+0wFUhIE+ej4MRoJBQBf4KdvmM5haVwRB+ihiFIPM+itcZOR6UXfXyQ==;
Received: from bach.cs.huji.ac.il ([132.65.80.20] helo=smtpclient.apple)
	by kabab.cs.huji.ac.il with esmtp
	id 1qKFTD-000JN6-Nr
	for hackers@freebsd.org; Fri, 14 Jul 2023 12:52:15 +0300
From: Daniel Braniss <danny@cs.huji.ac.il>
Content-Type: text/plain;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@freebsd.org
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.3\))
Subject: bhyve loader
Message-Id: <E37BFEE6-4AC2-4CE4-BA7A-1E521C217F23@cs.huji.ac.il>
Date: Fri, 14 Jul 2023 12:52:15 +0300
To: freebsd-hackers <hackers@freebsd.org>
X-Mailer: Apple Mail (2.3696.120.41.1.3)
X-Spamd-Result: default: False [-3.12 / 15.00];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-0.82)[-0.820];
	DMARC_POLICY_ALLOW(-0.50)[huji.ac.il,none];
	MV_CASE(0.50)[];
	R_DKIM_ALLOW(-0.20)[cs.huji.ac.il:s=57791128];
	MIME_GOOD(-0.10)[text/plain];
	MIME_TRACE(0.00)[0:+];
	MLMMJ_DEST(0.00)[hackers@freebsd.org];
	R_SPF_NA(0.00)[no SPF record];
	FROM_EQ_ENVFROM(0.00)[];
	ASN(0.00)[asn:378, ipnet:132.64.0.0/15, country:IL];
	RCVD_TLS_LAST(0.00)[];
	ARC_NA(0.00)[];
	TO_DN_ALL(0.00)[];
	RCVD_COUNT_TWO(0.00)[2];
	FREEFALL_USER(0.00)[danny];
	DKIM_TRACE(0.00)[cs.huji.ac.il:+];
	FROM_HAS_DN(0.00)[];
	RCPT_COUNT_ONE(0.00)[1];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	MID_RHS_MATCH_FROM(0.00)[]
X-Rspamd-Queue-Id: 4R2RbY42vjz4GTF
X-Spamd-Bar: ---
X-ThisMailContainsUnwantedMimeParts: N

hi,
till 13.1 i have in the config file
	loader=3D"bhyveload"
	uefi=3D=E2=80=9Cyes=E2=80=9D
        =E2=80=A6

and the clients load diskless just fine(*),

but now with FreeBSD 13.2 this stopped working.
now I have to set loader=3D=E2=80=9Cuefi=E2=80=9D

so Q: it the uefi=3D=E2=80=9Cyes=E2=80=9D still relevant?

cheers,
	danny

*: needs some twiks :-)