From owner-svn-src-all@freebsd.org Thu Jan 31 23:44:36 2019 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8073114BC259; Thu, 31 Jan 2019 23:44:36 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1C1B981975; Thu, 31 Jan 2019 23:44:36 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from mail.xzibition.com (unknown [127.0.1.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by freefall.freebsd.org (Postfix) with ESMTPS id DA990AA57; Thu, 31 Jan 2019 23:44:35 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from mail.xzibition.com (localhost [172.31.3.2]) by mail.xzibition.com (Postfix) with ESMTP id 215D6158F; Thu, 31 Jan 2019 23:44:35 +0000 (UTC) X-Virus-Scanned: amavisd-new at mail.xzibition.com Received: from mail.xzibition.com ([172.31.3.2]) by mail.xzibition.com (mail.xzibition.com [172.31.3.2]) (amavisd-new, port 10026) with LMTP id kKoDavYNz8wS; Thu, 31 Jan 2019 23:44:31 +0000 (UTC) Subject: Re: svn commit: r343631 - in head: . sbin sbin/pfilctl share/man/man9 sys/contrib/ipfilter/netinet sys/net sys/netinet sys/netinet6 sys/netpfil/ipfw sys/netpfil/pf DKIM-Filter: OpenDKIM Filter v2.10.3 mail.xzibition.com 5C326157C To: Gleb Smirnoff , src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org References: <201901312301.x0VN13lM097213@repo.freebsd.org> From: Bryan Drewery Openpgp: preference=signencrypt Autocrypt: addr=bdrewery@FreeBSD.org; prefer-encrypt=mutual; keydata= mQENBFJphmsBCADiFgmS4bIzwZijrS31SjEMzg+n5zNellgM+HkShwehpqCiyhXdWrvH6dTZ a6u50pbUIX7doTR7W7PQHCjCTqtpwvcj0eulZva+iHFp+XrbgSFHn+VVXgkYP2MFySyZRFab D2qqzJBEJofhpv4HvY6uQI5K99pMqKr1Z/lHqsijYYu4RH2OfwB5PinId7xeldzWEonVoCr+ rfxzO/UrgA6v/3layGZcKNHFjmc3NqoN1DXtdaEHqtjIozzbndVkH6lkFvIpIrI6i5ox8pwp VxsxLCr/4Musd5CWgHiet5kSw2SzNeA8FbxdLYCpXNVu+uBACEbCUP+CSNy3NVfEUxsBABEB AAG0JEJyeWFuIERyZXdlcnkgPGJkcmV3ZXJ5QEZyZWVCU0Qub3JnPokBVwQTAQoAQQIbAwUL CQgHAwUVCgkICwUWAwIBAAIeAQIXgAIZARYhBPkXPLLDqup6XIofCTXXcbtuRpfPBQJb5hLu BQkNPvODAAoJEDXXcbtuRpfP9rMH/3f7cfX5rzyEV5QNfV/wS4jFukLoPZ4+nCM/TKxH3pEX 2bLbeQbkk6La8cueQ5Lpoht5XFZ18Y5TbMittngltrlNzoDD0h9are24OkDFGim3afJU7tkj IGQa1if+re+vI5BhzYwRhj0oKXzBi39M5oePd3L1dXfx83rg2FPyZBdIejsz6fR74T3JVkbd 6k2l5/3Zk2uiNMy+eBfDRgYE1E6CP28kV0nCeGKZgSVso0kGUUHud7voKqGVpMvbd0mE4pp4 PE5YJaFPjrll9miaDAvdU8LGIq5n6+aXPLKoQ/QNl6mg6ifgI6FfKILOkTizLW8E5PBSNnCm NapQ55yjm125AQ0EUmmGawEIAKJUU9+Q19oW1RK5jTf3m56j+szIc8Y9DaLC8REUKl4UZJBK BqCl6c0cukVApOD92XoU6hJPm2rLEyp/IcYcPPNTnVu8D8h9oag2L8EiFN7+2hk0xG+lwjc8 uOIZycme7AIJsBU4AZ1v63lxm2k104hwpiatgbe71GIGl7p1MX6ousP/wGzXCOF25Dx9w02C eRe7zEMfhnFjSUhzdCC9han2+KaVB7qIqNR3b8NfbwRNlwPmHqlhXffUow9OsQjSnTK8WKNR lx7xzVccXIvWP2wECFrmqmzMmXpSrmIuiWEpFwZ9x2a0Pva8dCNRiCVTK51IlRXKjaAxiN1u IUrMm6UAEQEAAYkBJQQYAQoADwUCUmmGawIbDAUJCWYBgAAKCRA113G7bkaXz1Q+CADaYZCn bzIJQqwnoocVXL+Wkd+hCsoX6zsd8pNTY5tV5U1fgjxl1bVQ7jyZGrEQ7BjyvlhIfpfTo6aK oJfZpIxeDc3Tr+X7O2UHT5QYaWRcGO+X3+eKL5sLpvxda67RftClv2hgEr1i2hqjK5WmUCaN 2P9w+i7rmZ4ohpLXINOMeHjnQOtbxCCF7qXRsVfgEcpNKb31T3QwvsRjX0HqIjYFlKpa61Wz IPvWgBERjo0aAOkI4g7oVLjX5Z5gINGPy+xr8GJqhfZ3ZIEOwLCwTB71+Dk9gyLa5UiG8vo6 vGfA50H5OSC87LnNlI07b1Qb8mKVkqg13PbCkRpTMKEYaou9iQElBBgBCgAPAhsMBQJa6M4o BQkKYHs9AAoJEDXXcbtuRpfPpuQH/0d1RHcTTAHAyHrPQA4UMqH49tEj1d3gidx2ETnm00rj XTrnRreAAMgPCrPeLvYYiKeSBrHOkQ7E/Vuztr4F4Xenld3omOTon+cSyGKyA1btWNRskcUa zxJ/0DqgzerhWQj8CtWjmqRnGAqzvZQdIDLk1X4B2p1Ota4AvbTF9DqADskXfld/zPJQzYYy XRfyKTt0nWMyn5MHbsuKmpsOBqYXMf0X2EL2C6v3g5D/HedD6YVnW6KlgcDUR2sq6Fv9Ozhs 38TOXyeZgbFz0HDtkHEY5Mh3+sQjOh4takC+Dp1zDRP2U19JZzo9f6R/d05c0h2TD02oogPz AQ97xrFwZgaJATwEGAEKACYCGwwWIQT5Fzyyw6rqelyKHwk113G7bkaXzwUCW+YS+AUJDT7z jQAKCRA113G7bkaXzwo3B/4rwbDqXaXm6YC4s0jVOf1+MljeQIsbHPVQZ0IRigCpzCDSUFTK QOebA9iUj8JaF2DPwd6sjyUUv/XMCLl+SwzSijmVN0Kfk85XspzNef8XmteKK1mERkYnLWBw TNwp6qezg/CukNbobNH08ciT+z2fxtPuwqK5X9Q5R4Q7egth5XUTxbwLwIJerEfVs4HG+687 m9h1bWyYJemB24MgBu8fTaVxas8dSSwDHabdgyGMKIvqDHUUJQSMDbio0Iwhs7lx2p3Xd5Br wQLMiaUPnKBHqfVM8ADWldvHF6xa9keBUjnEedKwQNjYf76lGH6bLwbyZcLigKFdXY1R2ooT Xi+R Organization: FreeBSD Message-ID: Date: Thu, 31 Jan 2019 15:44:30 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 MIME-Version: 1.0 In-Reply-To: <201901312301.x0VN13lM097213@repo.freebsd.org> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="Zm88ZyQXxqt1zgYRUw62e58AzfSFBjD8L" X-Rspamd-Queue-Id: 1C1B981975 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.98 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.98)[-0.981,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[] X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jan 2019 23:44:36 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Zm88ZyQXxqt1zgYRUw62e58AzfSFBjD8L Content-Type: multipart/mixed; boundary="MG8yPnvrACnE4sLycPNLhSh1pxKK947TS"; protected-headers="v1" From: Bryan Drewery To: Gleb Smirnoff , src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Message-ID: Subject: Re: svn commit: r343631 - in head: . sbin sbin/pfilctl share/man/man9 sys/contrib/ipfilter/netinet sys/net sys/netinet sys/netinet6 sys/netpfil/ipfw sys/netpfil/pf References: <201901312301.x0VN13lM097213@repo.freebsd.org> In-Reply-To: <201901312301.x0VN13lM097213@repo.freebsd.org> --MG8yPnvrACnE4sLycPNLhSh1pxKK947TS Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 1/31/19 3:01 PM, Gleb Smirnoff wrote: > Author: glebius > Date: Thu Jan 31 23:01:03 2019 > New Revision: 343631 > URL: https://svnweb.freebsd.org/changeset/base/343631 >=20 > Log: > New pfil(9) KPI together with newborn pfil API and control utility. > =20 > The KPI have been reviewed and cleansed of features that were planned= > back 20 years ago and never implemented. The pfil(9) internals have > been made opaque to protocols with only returned types and function > declarations exposed. The KPI is made more strict, but at the same ti= me > more extensible, as kernel uses same command structures that userland= > ioctl uses. > =20 > In nutshell [KA]PI is about declaring filtering points, declaring > filters and linking and unlinking them together. > =20 > New [KA]PI makes it possible to reconfigure pfil(9) configuration: > change order of hooks, rehook filter from one filtering point to a > different one, disconnect a hook on output leaving it on input only, > prepend/append a filter to existing list of filters. > =20 > Now it possible for a single packet filter to provide multiple rulese= ts > that may be linked to different points. Think of per-interface ACLs i= n > Cisco or Juniper. None of existing packet filters yet support that, > however limited usage is already possible, e.g. default ruleset can > be moved to single interface, as soon as interface would pride their > filtering points. > =20 > Another future feature is possiblity to create pfil heads, that provi= de > not an mbuf pointer but just a memory pointer with length. That would= > allow filtering at very early stages of a packet lifecycle, e.g. when= > packet has just been received by a NIC and no mbuf was yet allocated.= > =20 > Differential Revision: https://reviews.freebsd.org/D18951 >=20 > Added: > head/sbin/pfilctl/ > head/sbin/pfilctl/Makefile (contents, props changed) > head/sbin/pfilctl/pfilctl.8 (contents, props changed) > head/sbin/pfilctl/pfilctl.c (contents, props changed) > Modified: > head/ObsoleteFiles.inc > head/sbin/Makefile > head/share/man/man9/Makefile > head/share/man/man9/pfil.9 > head/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c > head/sys/net/if_bridge.c > head/sys/net/if_enc.c > head/sys/net/if_ethersubr.c > head/sys/net/if_var.h > head/sys/net/pfil.c > head/sys/net/pfil.h > head/sys/netinet/ip_fastfwd.c > head/sys/netinet/ip_input.c > head/sys/netinet/ip_output.c > head/sys/netinet/ip_var.h > head/sys/netinet/siftr.c > head/sys/netinet6/ip6_fastfwd.c > head/sys/netinet6/ip6_forward.c > head/sys/netinet6/ip6_input.c > head/sys/netinet6/ip6_output.c > head/sys/netinet6/ip6_var.h > head/sys/netpfil/ipfw/ip_fw_eaction.c > head/sys/netpfil/ipfw/ip_fw_pfil.c > head/sys/netpfil/pf/pf_ioctl.c This breaks the build. https://ci.freebsd.org/job/FreeBSD-head-powerpc64-build/9220/console > 23:28:54 cc1: warnings being treated as errors > 23:28:54 /usr/src/sbin/pfilctl/pfilctl.c: In function 'help': > 23:28:54 /usr/src/sbin/pfilctl/pfilctl.c:97: warning: nested extern dec= laration of '__progname' > 23:28:54 --- all_subdir_lib --- > 23:28:54 --- clog.3.gz --- > 23:28:54 gzip -cn /usr/src/lib/msun/man/clog.3 > clog.3.gz > 23:28:54 --- all_subdir_sbin --- > 23:28:54 *** [pfilctl.o] Error code 1 > 23:28:54=20 > 23:28:54 make[4]: stopped in /usr/src/sbin/pfilctl --=20 Regards, Bryan Drewery --MG8yPnvrACnE4sLycPNLhSh1pxKK947TS-- --Zm88ZyQXxqt1zgYRUw62e58AzfSFBjD8L Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE+Rc8ssOq6npcih8JNddxu25Gl88FAlxTiF4ACgkQNddxu25G l88sSQf9GMr7ZZ8Rq86aVpbS9zr4yKznwrmWGJ0OxKybl3J2L1HzUOZuJn5hUyKS 8PUjz3PoXab0jkNyECkNMsRhz4v3BDe59QMOBvtpr4j1tPGaY+QnM5qhGGkbz3Sb 4oaGz1I3Un9qZwqa9G95zcf0zgzy2cwVJv7mU3KwF/vyNmUjt9NOTCOpIs1qqNmH l6SeNqKIj+M1MSNz+aCoCTHkgiCAz6q6JDpwwGPxIFprU2t8Q1nnmccDun17Ldbs VTw0FjkjdHx/tvz008Sa9tMDz7ttSNbeGjNM+afJt8muMpE40yuNhjj6EoOMKasW S+8W5jYmILBCUBTCf8G2YE95j1ckCQ== =H82w -----END PGP SIGNATURE----- --Zm88ZyQXxqt1zgYRUw62e58AzfSFBjD8L--