From owner-svn-src-user@FreeBSD.ORG Fri Nov 23 15:27:45 2012 Return-Path: Delivered-To: svn-src-user@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 97E756D6; Fri, 23 Nov 2012 15:27:45 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebius.int.ru (glebius.int.ru [81.19.64.117]) by mx1.freebsd.org (Postfix) with ESMTP id 15DA38FC08; Fri, 23 Nov 2012 15:27:44 +0000 (UTC) Received: from cell.glebius.int.ru (localhost [127.0.0.1]) by cell.glebius.int.ru (8.14.5/8.14.5) with ESMTP id qANFRfWt090975; Fri, 23 Nov 2012 19:27:41 +0400 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebius.int.ru (8.14.5/8.14.5/Submit) id qANFRf6H090974; Fri, 23 Nov 2012 19:27:41 +0400 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Fri, 23 Nov 2012 19:27:41 +0400 From: Gleb Smirnoff To: Andre Oppermann Subject: Re: svn commit: r243458 - in user/andre/tcp_workqueue/sys: net netinet Message-ID: <20121123152741.GZ84121@FreeBSD.org> References: <201211231453.qANErSKF034907@svn.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <201211231453.qANErSKF034907@svn.freebsd.org> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: src-committers@FreeBSD.org, svn-src-user@FreeBSD.org X-BeenThere: svn-src-user@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the experimental " user" src tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Nov 2012 15:27:45 -0000 Andre, On Fri, Nov 23, 2012 at 02:53:28PM +0000, Andre Oppermann wrote: A> Log: A> Add sysctl support for pfil hook reporting and ordering. A> A> pfil_head_register() takes an additional pointer to the parent sysctl A> node pointer of the protocol family that is being registered here. A> A> Two new branches are then attached named "pfil_in" and "pfil_out". A> In each branch a list of the attached pfil hooks in the order of A> their processing is provided in the "hooks" string sysctl. A> A> In addition each attached pfil hook has its own node with a numeric A> representation of is ordering rank (0-255). Writing a new ordering A> rank changes the processing order. If two hooks have the same rank A> the last installed or changed comes first. A> A> Example output: A> net.inet.pfil_in.hooks="pf,ipfw,ipfilter" A> net.inet.pfil_in.pf=200 A> net.inet.pfil_in.ipfw=201 A> net.inet.pfil_in.ipfilter=202 A> net.inet.pfil_out.hooks="ipfilter,ipfw,pf" A> net.inet.pfil_out.ipfilter=53 A> net.inet.pfil_out.ipfw=54 A> net.inet.pfil_out.pf=55 A> A> This may be further tweaked and refined. Frankly speaking, the fact that the list can't be set directly in one sysctl oid: sysctl net.inet.pfil_in.hooks="pf,ipfw,ipfilter" , but can only be set via suppling pointless numeric values to N oids looks very poor from perspective of an average user. He might think something like "oh, FreeBSD developers were too lazy to parse a string", or "they designed an interface not for people but for nerds". Interface must be easier! If you don't like parsing strings in kernel, then /sbin/pfilctl can be introduced. The utility eventually may grow more functionality. -- Totus tuus, Glebius.