From owner-svn-src-user@FreeBSD.ORG Mon Nov 26 13:10:33 2012 Return-Path: Delivered-To: svn-src-user@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9F25A6A8 for ; Mon, 26 Nov 2012 13:10:33 +0000 (UTC) (envelope-from andre@freebsd.org) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.freebsd.org (Postfix) with ESMTP id F36F48FC13 for ; Mon, 26 Nov 2012 13:10:32 +0000 (UTC) Received: (qmail 84999 invoked from network); 26 Nov 2012 14:42:16 -0000 Received: from c00l3r.networx.ch (HELO [127.0.0.1]) ([62.48.2.2]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 26 Nov 2012 14:42:16 -0000 Message-ID: <50B36A38.7040603@freebsd.org> Date: Mon, 26 Nov 2012 14:10:16 +0100 From: Andre Oppermann User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20121026 Thunderbird/16.0.2 MIME-Version: 1.0 To: =?ISO-8859-1?Q?Ermal_Lu=E7i?= Subject: Re: svn commit: r243458 - in user/andre/tcp_workqueue/sys: net netinet References: <201211231453.qANErSKF034907@svn.freebsd.org> <20121123152741.GZ84121@FreeBSD.org> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Cc: Gleb Smirnoff , src-committers@freebsd.org, svn-src-user@freebsd.org X-BeenThere: svn-src-user@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the experimental " user" src tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Nov 2012 13:10:33 -0000 On 23.11.2012 17:11, Ermal Luçi wrote: > On Fri, Nov 23, 2012 at 4:27 PM, Gleb Smirnoff > wrote: > > Frankly speaking, the fact that the list can't be set directly > in one sysctl oid: > > sysctl net.inet.pfil_in.hooks="pf,ipfw,ipfilter" > > , but can only be set via suppling pointless numeric values to N > oids looks very poor from perspective of an average user. He might > think something like "oh, FreeBSD developers were too lazy to parse > a string", or "they designed an interface not for people but for nerds". > > Interface must be easier! If you don't like parsing strings in kernel, > then /sbin/pfilctl can be introduced. The utility eventually may grow > more functionality. > > I already gave a link to already existing patch for this. > Not sure why andre@ decided the other way around. I wanted to have a pre-determined default order of pfil modules especially with the IPSec pfil hook I've started working on. That's the reason for the ordering value. This ordering value has to be carried along somehow. Also I'm no fan of kernel side parsing, even if there are instances where it can't be avoided. So the default pfil hook ordering should lessen the need to reorder pfil hooks at runtime. Would you mind having a pfilctl at Gleb suggested? That way we could abstract the whole thing away and also gain flexibility in the kernel implementation for the future. Another question: In your patch you have a pfil hook disable option directly in the hook mechanism. What is the reason for that versus having the pfil consumer unhook itself when not enabled or in use? -- Andre