Date: Wed, 12 Jul 2023 11:53:32 -0600 From: Warner Losh <imp@bsdimp.com> To: freebsd-hackers@freebsd.org Subject: Re: dis/advantages of compiling in-kernel over kldload Message-ID: <CANCZdfo1z9xq2%2BZNoYmudxkrR9=c_9Eg9NOECKU8kwgoGi7pbA@mail.gmail.com> In-Reply-To: <ZK7mnohS12eEYoV2@int21h> References: <ZK7mnohS12eEYoV2@int21h>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Wed, Jul 12, 2023 at 11:45 AM void <void@f-m.fm> wrote: > Hello hackers@ > > (for context this is on recent -current) > > in man(4) pf we have > > SYNOPSIS > device pf > options PF_DEFAULT_TO_DROP > > no real mention if it being loaded in rc.conf. > > But when it is loaded in (just) rc.conf with pf_enable=YES > it gets loaded as a kld. > > Is there an advantage in compiling it in the kernel? > Is there a disadvantage in it being compiled in the kernel? > > If it's compiled in the kernel, does the system still require > pf_enable=YES in rc.conf? > Yes. pf_enable=YES will load it as a side effect when it configures pf, but isn't primarily to load it as a module. But if it's in the kernel, you still need to configure pf on boot (or some time later). I still have 'pf_load="YES"' in my /boot/loader.conf, but it's for a system I have that configures pf in weird ways not at boot. It's to work around the "weird ways" script not loading pf on demand though. Warner [-- Attachment #2 --] <div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Jul 12, 2023 at 11:45 AM void <<a href="mailto:void@f-m.fm">void@f-m.fm</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello hackers@<br> <br> (for context this is on recent -current)<br> <br> in man(4) pf we have<br> <br> SYNOPSIS<br> device pf<br> options PF_DEFAULT_TO_DROP<br> <br> no real mention if it being loaded in rc.conf.<br> <br> But when it is loaded in (just) rc.conf with pf_enable=YES<br> it gets loaded as a kld. <br> <br> Is there an advantage in compiling it in the kernel?<br> Is there a disadvantage in it being compiled in the kernel?<br> <br> If it's compiled in the kernel, does the system still require<br> pf_enable=YES in rc.conf?<br></blockquote><div><br></div><div>Yes. pf_enable=YES will load it as a side effect when it configures</div><div>pf, but isn't primarily to load it as a module. But if it's in the kernel,</div><div>you still need to configure pf on boot (or some time later).</div><div><br></div><div>I still have 'pf_load="YES"' in my /boot/loader.conf, but it's for a system</div><div>I have that configures pf in weird ways not at boot. It's to work around the</div><div>"weird ways" script not loading pf on demand though.</div><div><br></div><div>Warner<br></div></div></div>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANCZdfo1z9xq2%2BZNoYmudxkrR9=c_9Eg9NOECKU8kwgoGi7pbA>