From owner-cvs-src@FreeBSD.ORG  Tue Oct  5 23:01:29 2004
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2F62B16A4CE; Tue,  5 Oct 2004 23:01:29 +0000 (GMT)
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.183])	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 8D41543D2F; Tue,  5 Oct 2004 23:01:28 +0000 (GMT)
	(envelope-from max@love2party.net)
Received: from [212.227.126.206] (helo=mrelayng.kundenserver.de)
	by moutng.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1CEyJE-0004ZN-00; Wed, 06 Oct 2004 01:01:28 +0200
Received: from [217.83.10.25] (helo=donor.laier.local)
	by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128)
	(Exim 3.35 #1)
	id 1CEyJD-0000eQ-00; Wed, 06 Oct 2004 01:01:27 +0200
From: Max Laier <max@love2party.net>
To: Brian Fundakowski Feldman <green@freebsd.org>
Date: Wed, 6 Oct 2004 01:00:23 +0200
User-Agent: KMail/1.7
References: <200410052044.i95KiOVV072560@repoman.freebsd.org>
	<20041005212704.GB47017@green.homeunix.org>
In-Reply-To: <20041005212704.GB47017@green.homeunix.org>
MIME-Version: 1.0
Content-Type: multipart/signed;
  boundary="nextPart2130184.0zvSYzcZC6";
  protocol="application/pgp-signature";
  micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200410060100.47991.max@love2party.net>
X-Provags-ID: kundenserver.de abuse@kundenserver.de
	auth:61c499deaeeba3ba5be80f48ecc83056
cc: cvs-src@freebsd.org
cc: Max Laier <mlaier@freebsd.org>
cc: src-committers@freebsd.org
cc: cvs-all@freebsd.org
Subject: Re: cvs commit: src/contrib/pf/man pf.4
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Oct 2004 23:01:29 -0000

--nextPart2130184.0zvSYzcZC6
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Tuesday 05 October 2004 23:27, Brian Fundakowski Feldman wrote:
> On Tue, Oct 05, 2004 at 08:44:24PM +0000, Max Laier wrote:
> > mlaier      2004-10-05 20:44:24 UTC
> >
> >   FreeBSD src repository
> >
> >   Modified files:        (Branch: RELENG_5)
> >     contrib/pf/man       pf.4
> >   Log:
> >   MFC:
> >     PFIL_HOOKS in no longer an optional item.
> >
> >     Submitted by:   Anders Hanssen
>
> I have a bunch of questions regarding pf documentation...
>
> Do you think we should update pf(4)/pfctl(8) documentation to
> cross-reference IPFW at all?

I fail to see that point, but I don't care much either way. Maybe I should =
add=20
pf to the firewall(7) "ADDITIONAL READING"?

> Is it worth explaining in pfctl(8) what the default RED parameters for
> ALTQ are and how they relate to qlimit?

Sure. pf.conf(5), right? That's the place you were thinking of - not pfctl(=
8)?

> Isn't there an altq.4 somewhere?

No. Feel free to write it. I agree that ALTQ documentation is suboptimal at=
=20
the moment. I had plans to evolve the configuration process, but didn't yet=
=20
find time to ... in the longrun it should no longer require dev/pf and all=
=20
that ...

> Shouldn't pfctl(8) document what occurs when there is no memory to add
> an ALTQ tag?

pf.conf(5)? Well, if you don't have memory for a tag you are in trouble=20
anyway. But what happens? The packet ends up in the default queue (I hope).

> P.S. Think we should MFC dc(4) ALTQ support?

You know if it works or not, can't comment on that. If it does work, go for=
=20
it. Make sure to update altq(8) as well (or the TBD altq(4))

> P.P.S. Should we look again into changing the pfil locking to not
> fail-open?

=46eel free to make if fail-close. You must not sleep there, so it's either=
 open=20
or close. In contrast to what I told you earlier - you can return EAGAIN or=
=20
ENOBUF so that applications don't get confused.

Other than that, I am still waiting for you to commit sxfast so that I can=
=20
redo the pfil locking with it. I am wondering, however, if you didn't try t=
o=20
sleep there as well (which is not possible here).

=2D-=20
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

--nextPart2130184.0zvSYzcZC6
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQBBYyefXyyEoT62BG0RAj0wAJ0YVgVcXqwaysfcVCOUkXzu20HFpQCdGCy3
bc+9ehS8L8C6tng0fv7mEXI=
=whrN
-----END PGP SIGNATURE-----

--nextPart2130184.0zvSYzcZC6--