Date: Sat, 27 Mar 2021 12:54:28 +0100 From: "Kristof Provost" <kp@FreeBSD.org> To: "FreeBSD pf" <freebsd-pf@freebsd.org> Cc: freebsd-arch@freebsd.org Subject: [RFC] pf ioctl changes Message-ID: <24E09373-EBCD-4ED1-8B59-A44E687F287E@FreeBSD.org>
next in thread | raw e-mail | index | archive | help
Hi, There are several patches in the pipeline that require changes in pf’s interface between kernel and userspace. In the past these have been handled in multiple ways. Either by simply making the change, breaking binary compatibility, or by introducing a v2 ioctl (e.g. DIOCADDALTQV1). While one is better than the other neither is wholly satisfying. New versions of calls constitute a maintenance burden after all. I’d like to change the ioctl interface to use nvlists, which would make such extensions much easier, because fields can be optional. That is, if userspace doesn’t supply the ‘shinynewfeature’ field the kernel can assume the default value and things just work. Similarly, if the kernel supplies a ’shinynewfeature’ which userspace doesn’t know about it’s simply ignored. The rough plan is to introduce nvlist versions of the get/add rules calls for now. Others will follow as the need presents itself. As these are new ioctls it is safe to MFC them to stable/12 and stable/13. The old interface will remain supported in those branches, but I’d like to remove it from main (and thus FreeBSD 14). As part of this effort I may end up splitting off the ioctl interface code from pfctl into libpfctl, which should make reuse of that code easier. I hope to post preliminary patches in the coming week. Thoughts? Objections? Best regards, Kristof
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?24E09373-EBCD-4ED1-8B59-A44E687F287E>