From owner-svn-src-projects@FreeBSD.ORG Mon Oct 13 15:16:21 2014 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D15EFA67; Mon, 13 Oct 2014 15:16:21 +0000 (UTC) Received: from bigwig.baldwin.cx (bigwig.baldwin.cx [IPv6:2001:470:1f11:75::1]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A85CF8E; Mon, 13 Oct 2014 15:16:21 +0000 (UTC) Received: from ralph.baldwin.cx (pool-173-70-85-31.nwrknj.fios.verizon.net [173.70.85.31]) by bigwig.baldwin.cx (Postfix) with ESMTPSA id B1E90B917; Mon, 13 Oct 2014 11:16:20 -0400 (EDT) From: John Baldwin To: "Alexander V. Chernikov" Subject: Re: svn commit: r272515 - projects/ipfw/sys/netpfil/ipfw Date: Mon, 13 Oct 2014 09:46:28 -0400 Message-ID: <2638508.DdhyVaDRpY@ralph.baldwin.cx> User-Agent: KMail/4.12.5 (FreeBSD/10.1-BETA2; KDE/4.12.5; amd64; ; ) In-Reply-To: References: <201410041210.s94CAX7I012628@svn.freebsd.org> <201410091711.28587.jhb@freebsd.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (bigwig.baldwin.cx); Mon, 13 Oct 2014 11:16:20 -0400 (EDT) Cc: svn-src-projects@freebsd.org, src-committers@freebsd.org, "Alexander V. Chernikov" X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Oct 2014 15:16:22 -0000 On Sunday, October 12, 2014 12:13:00 AM Alexander V. Chernikov wrote: > On 10 Oct 2014, at 01:11, John Baldwin wrote: > > On Thursday, October 09, 2014 12:17:50 pm Alexander V. Chernikov wr= ote: > >> On 06.10.2014 19:45, John Baldwin wrote: > >>> On Saturday, October 04, 2014 12:10:33 PM Alexander V. Chernikov = wrote: > >>>> Author: melifaro > >>>> Date: Sat Oct 4 12:10:32 2014 > >>>> New Revision: 272515 > >>>> URL: https://svnweb.freebsd.org/changeset/base/272515 > >>>>=20 > >>>> Log: > >>>> Add "ipfw_ctl3" FEATURE to indicate presence of new ipfw inter= face. > >>>>=20 > >>>> Modified: > >>>> projects/ipfw/sys/netpfil/ipfw/ip_fw2.c > >>>>=20 > >>>> Modified: projects/ipfw/sys/netpfil/ipfw/ip_fw2.c > >>>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D > >>>> =3D=3D=3D=3D=3D =3D=3D --- projects/ipfw/sys/netpfil/ipfw/ip_fw2= .c=09Sat Oct 4 > >>>> 11:40:35 2014=09(r272514) +++ > >>>> projects/ipfw/sys/netpfil/ipfw/ip_fw2.c=09Sat Oct 4 12:10:32 > >>>> 2014=09(r272515) @@ -2874,6 +2874,7 @@ static moduledata_t ipfwm= od =3D { > >>>>=20 > >>>> #define=09IPFW_VNET_ORDER=09=09(IPFW_MODEVENT_ORDER + 2) /* Lat= er still.=20 */ > >>>> =20 > >>>> DECLARE_MODULE(ipfw, ipfwmod, IPFW_SI_SUB_FIREWALL, > >>>> IPFW_MODEVENT_ORDER); > >>>>=20 > >>>> +FEATURE(ipfw_ctl3, "ipfw new sockopt calls"); > >>>>=20 > >>>> MODULE_VERSION(ipfw, 2); > >>>> /* should declare some dependencies here */ > >>>=20 > >>> Would it be better to bump the module version to 3 instead? User= land > >>> programs can then use modfind() and modstat() to determine the ve= rsion. > >>=20 > >> I've bumped ipfw module version in r272828. Actually, I've entirel= y > >> forgotten about this possibility. > >> However, it is a bit hard to determine module version inside > >> (perl|python|sh|any) script. > >> On the other case, FEATURE framework provides nice and easy way to= > >> determine any "feature" status > >> both in C and interpreted programs. > >=20 > > I'll grant you that feature is convenient. Perhaps create a SYSCTL= node > > though that holds the current version? That is 'foo.ipfw.version' = being > > 2 or 3 is more future proof than 'feature.ipfw2/3/4=E2=80=99. >=20 > No, this is not about new _ipfw_ version. I=E2=80=99m unsure if all t= hese changes > are large enough to name ipfw as =E2=80=9Cipfw3=E2=80=9D. This is jus= t an indication that > all ipfw-related sockopts are available via single setsockopt called > IP_FW3. Maybe naming is not the best - I=E2=80=99m open to any sugges= tion. Hmm, it sure seems like a new version in that there is a different styl= e of=20 interface similar to how umtx changed from discrete system calls=20 (umtx_lock/unlock) to a multiplexer (umtx_op). > However, I=E2=80=99m not sure why should I invent additional sysctls = instead of > using standard interface. Well, I think using FEATURE() to communicate version numbers is not rea= lly its intended application. That said, if you wanted, another option wou= ld be to possibly rename the socket options to something like 'IP_FW_OP' and 'IP_DUMMYNET_OP' (to reflect that they take an operation as an argument= similar to umtx_op). Also, if what you care about is 'xtable' support,= you could have 'FEATURE(ipfw_xtable)'. That is more along the lines of how= FEATURE() is currently used rather than version numbers. > > Alternatively, we could change the module code to export a dynamic = sysctl > > tree for all loaded modules that includes the versions, i.e. > > 'module..version', etc. This is still another idea that would transparently export MODULE_VERSI= ON() info via sysctls without requiring API changes. --=20 John Baldwin