From owner-freebsd-current  Sat Dec 21 10: 9:31 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 72CD237B401
	for <current@FreeBSD.ORG>; Sat, 21 Dec 2002 10:09:29 -0800 (PST)
Received: from lemori.mokr.ru (lemori.mokr.ru [212.16.28.194])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E6B1843EDA
	for <current@FreeBSD.ORG>; Sat, 21 Dec 2002 10:09:27 -0800 (PST)
	(envelope-from mokr@mokr.net)
Received: from lemori.mokr.ru (lemori.mokr.ru [212.16.28.194])
	by lemori.mokr.ru (8.12.3/8.12.6/20021103185140) with ESMTP id gBLI9IMI021800;
	Sat, 21 Dec 2002 21:09:18 +0300 (MSK)
	(envelope-from mokr@mokr.net)
Date: Sat, 21 Dec 2002 21:09:18 +0300 (MSK)
From: Sergey Mokryshev <mokr@mokr.net>
X-X-Sender: mokr@lemori.mokr.ru
To: Terry Lambert <tlambert2@mindspring.com>
Cc: Vallo Kallaste <kalts@estpak.ee>, Sam Leffler <sam@errno.com>,
	Hiten Pandya <hiten@unixdaemons.com>,
	Darren Reed <darrenr@reed.wattle.id.au>, <current@FreeBSD.ORG>
Subject: Re: PFIL_HOOKS should be made default in 5.0
In-Reply-To: <3E04A746.20C5C72E@mindspring.com>
Message-ID: <20021221210002.W7129-100000@lemori.mokr.ru>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: by amavisd-milter (http://amavis.org/)
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

On Sat, 21 Dec 2002, Terry Lambert wrote:

> Sergey Mokryshev wrote:
> > > I'm really not a fan of "NO_PFIL_HOOKS" as an option.
> >
> > I'm not talking about NO_PFIL_HOOKS but "options PFIL_HOOKS" in GENERIC.
> > Too many people may foot shoot themselves trying to upgrade from 4-STABLE
> > to 5.0.
>
> If you make them non-optional, which is what started this thread,
> then you *are* talking about having to add an option in to get
> rid of them.
>
> I understand that people all want their pet software to run out
> of the box without modification.
>

I did not start this thread :-)

I've filled a PR a while ago.

Since PFIL code is optional - let it be. IMHO it is good to keep
the same behaviour of the default installations between versions,
but entries in UPDATING, RELEASE NOTES and, probably later, FAQ will ease
the transition.

>
> > > Probably the correct thing to do is to wire in ipfilter as a
> > > Netgraph module.
> >
> > AFAIK Solaris, HP-UX and others lack Netgraph support, but support pfil.
>
> They support Streams, instead.  Same ecological niche.
>
Never get a chance to dig in. Perhaps in the future.


Darren states that PFIL code was derived from NetBSD so there are no
licensing issues.


Sergey Mokryshev.

-- 
Sergey S. Mokryshev <mokr@mokr.net>
SMP453, MOKR-RIPN


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message