From owner-freebsd-pf@FreeBSD.ORG Thu Dec 5 10:07:54 2013 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 49B79245 for ; Thu, 5 Dec 2013 10:07:54 +0000 (UTC) Received: from mail-ea0-f170.google.com (mail-ea0-f170.google.com [209.85.215.170]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id CCD281EEB for ; Thu, 5 Dec 2013 10:07:53 +0000 (UTC) Received: by mail-ea0-f170.google.com with SMTP id k10so11428657eaj.1 for ; Thu, 05 Dec 2013 02:07:46 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:date:user-agent:cc:references :in-reply-to:mime-version:content-type:content-transfer-encoding :message-id; bh=SYI3dfiizs8SDkuec6Q7JaJMpc2fytsWfyuCg8S1J+M=; b=dbl2U73oH7aLYCBe+753QSFTYKls4MdbZsc1HfaZnZc+OiFlRF0IVAfy9UGv95Gjig DpIG7r++MJpC9VSsndkVDjTdWFWvKJb2w0qsTpmMd8N66sDhbe9sBvQK9dvBoyq5SO47 BXMy/tZ9MXj7a66zI5Mb5JhQpwJyiAIrL3mA1BzIgkakX3WQotDgoXwVnGL5otdC/AzC WqEG+naQrBtn7azWSB3s2e8eGNCMxNI80maYSRZIrtrsC5jk12ZtU73L/OIjTDOmoV99 m/yvjzLgByWjinw5YX3a1gGgQseIRAPqLNcPVf1POZkQfCQqRtTIGWdabpA7nPmBuEau Jv5A== X-Gm-Message-State: ALoCoQnw9/hyBn/MgfQXtr9PsS45jXQjZKZBw5ufuxeg335v5Ba0Bt4PCcWxuByuyR1DqUi+uLdU X-Received: by 10.15.56.7 with SMTP id x7mr15224255eew.43.1386238066184; Thu, 05 Dec 2013 02:07:46 -0800 (PST) Received: from zvezda.localnet ([212.48.107.10]) by mx.google.com with ESMTPSA id e3sm67106346eeg.11.2013.12.05.02.07.45 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 05 Dec 2013 02:07:45 -0800 (PST) From: Kajetan Staszkiewicz To: Gleb Smirnoff Subject: Re: [patch] Source entries removing is awfully slow. Date: Thu, 5 Dec 2013 11:07:39 +0100 User-Agent: KMail/1.13.7 (Linux/3.10.1; KDE/4.8.4; x86_64; ; ) References: <201303081419.17743.vegeta@tuxpowered.net> <201312041529.21788.vegeta@tuxpowered.net> <20131205081848.GQ48919@glebius.int.ru> In-Reply-To: <20131205081848.GQ48919@glebius.int.ru> MIME-Version: 1.0 Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <201312051107.39932.vegeta@tuxpowered.net> Cc: "freebsd-pf@freebsd.org" X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Dec 2013 10:07:54 -0000 Dnia czwartek, 5 grudnia 2013 o 09:18:48 Gleb Smirnoff napisa=C5=82(a): > K> To have the most clean and simple code it would make the most sense to > use the K> aforementioned pfioc_universal_kill for both DIOCKILLSTATES and > K> DIOCKILLSRCNODES. But that would be a change of kernel api which I > assume can K> not take place inside major release, so translation of > structures is currently K> the way to go. Please correct me if I am wrong. >=20 > It is okay to add new API. I was rather thinking about leaving DIOCKILLSTATES and DIOCKILLSRCNODES ioc= tls=20 in place but change the structure passed to them to pfioc_universal_killer.= So=20 changint the existing API. > So in head we will add new API/ABI, then remove obsoleted one. We will > merge only addition to stable/10, not removal. >=20 > The ABI constraints for stable branches are the following. Newer kernel > must work with older utilxities. So, 10.1 kernel will work with pfctl from > 10.0, since old ioctls are still supported. Is recompiling older utilities allowed? Please note that I need to add=20 ps(n?)k_table to (pfioc_src_nod|stat)e_kill and psnk_killed_states to=20 psnk_src_node_kill anyway. If not, then we must consider that this patch co= uld=20 get only into head, and only with struct pfioc_universal_kill. I see no rea= son=20 to clean up the old parser without adding the new syntax with new parameter= s. =2D-=20 | pozdrawiam / greetings | powered by Debian, FreeBSD and CentOS | | Kajetan Staszkiewicz | jabber,email: vegeta()tuxpowered net | | Vegeta | www: http://vegeta.tuxpowered.net | `------------------------^---------------------------------------'