From owner-freebsd-net@FreeBSD.ORG Wed Sep 12 20:57:54 2012 Return-Path: Delivered-To: net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0B97410656D9; Wed, 12 Sep 2012 20:57:54 +0000 (UTC) (envelope-from luigi@onelab2.iet.unipi.it) Received: from onelab2.iet.unipi.it (onelab2.iet.unipi.it [131.114.59.238]) by mx1.freebsd.org (Postfix) with ESMTP id BB0918FC21; Wed, 12 Sep 2012 20:57:53 +0000 (UTC) Received: by onelab2.iet.unipi.it (Postfix, from userid 275) id 820A27300B; Wed, 12 Sep 2012 23:17:26 +0200 (CEST) Date: Wed, 12 Sep 2012 23:17:26 +0200 From: Luigi Rizzo To: Gleb Smirnoff Message-ID: <20120912211726.GB10974@onelab2.iet.unipi.it> References: <20120912123457.GC85604@glebius.int.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20120912123457.GC85604@glebius.int.ru> User-Agent: Mutt/1.4.2.3i Cc: luigi@FreeBSD.org, "Bjoern A. Zeeb" , net@FreeBSD.org Subject: Re: moving pfil consumers to sys/netpfil X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2012 20:57:54 -0000 On Wed, Sep 12, 2012 at 04:34:57PM +0400, Gleb Smirnoff wrote: > Hi, > > we (me and Bjoern) would like to establish a single place > for all kinds of pfil(9) consumers, for current ones and > for future as well. > > The place chosen is sys/netpfil. > > On first round we'd like to move there our Tier-1 firewalls: > ipfw and pf. This also includes moving pf out of contrib. > > The plan of movement is the following: > > sys/contrib/pf/net/*.c -> sys/netpfil/pf/ > sys/contrib/pf/net/*.h -> sys/net/ [1] > contrib/pf/pfctl/*.c -> sbin/pfctl > contrib/pf/pfctl/*.h -> sbin/pfctl > contrib/pf/pfctl/pfctl.8 -> sbin/pfctl > contrib/pf/pfctl/*.4 -> share/man/man4 > contrib/pf/pfctl/*.5 -> share/man/man5 > > sys/netinet/ipfw -> sys/netpfil/ipfw I have two concerns against moving ipfw/ - what do we gain by moving ipfw/ further away from its user header files (whose location in netinet/ is pretty much part of the API so difficult to change) ? - pfil is just one of the APIs that the ipfw code uses to send/receive packets (pfil, netmap for FreeBSD, and then netfilter and ndispacket for the other OS). The pfil dependencies amount to probably 1% of the code. So if we really want to relocate ipfw/ i'd rather move to a more generic place (but as far as i know we do not have one for subsystems -- dev/ is used for drivers, other stuff has generally accumulated under sys/ ,see geom, ofed, netgraph). > That's all. > > [1] This line is arguable, however the future plan is to: > - split pfvar.h into pf.h and pf_var.h > - kill if_pfsync.h and if_pflog.h as soon as they stop being ifnets this i am curious about - are you planning to remove bpf support for pflog, or just implement it in a different way ? cheers luigi