From nobody Wed Jul 12 18:38:35 2023
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R1RMf1ZVqz4mwwp
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Wed, 12 Jul 2023 18:38:38 +0000 (UTC)
	(envelope-from kp@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4R1RMf09Fyz4lQY;
	Wed, 12 Jul 2023 18:38:38 +0000 (UTC)
	(envelope-from kp@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1689187118;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=Rz+yPYRKfc8kGZ0VxkfJcuHeTmOI+pRK7J7GspfxmeM=;
	b=np4OJTBuOOZQnx1WOh5cks8v6+PRyholOYmjLuDta6eHQto6ZCZoCrzvCg86/YnuCGj1b8
	ApqKyAeXZxsrIv8PaPk+V08JmTQno15X4peJBwN5uJLIeFDEVwtktHFiv6R55jHyiFvaIQ
	Bc22+qWdUV2pIs3/V6nplBLUolUb2WyO830MkiR9U6VrsEyCBP3vP/fj9PzGpfsWIYyyhY
	SxvPCnfzwfwTgltCdKOwRPbSIJJhEgu0m3fT1DjnJcCGkEbx6E9WZENIcDkcCIbw58sQEf
	K2S54QHEiCQE1AwwcVQfYLfBUv8lQGRpjPLn8PDx6oBn7xm6QGW3Jw6j4mJnLw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1689187118;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=Rz+yPYRKfc8kGZ0VxkfJcuHeTmOI+pRK7J7GspfxmeM=;
	b=Rbc3SDbK8iPMPehuUcrdiqpROAejCJ+4e7A+YRbUZfk62WufLv56X/uvc6i7xC4KHgzdW2
	Q4LGjUir4lw0dJ7DbMrIc7a37C65jy85VxClU2ANzBx6dbRpu3LCQ4h7b3pfLpUeZJ0MDR
	JTXAzA4jEo0tzOTGhWRgVDQyC5c8ImZHlnExuZ4lx/t4v2WAm58gMzDbKkZdUMjgTndPPX
	NtSrtg+o1Bjf7yS5RIVrHCOY9wXhig+RB0Q+sVDScHQ0ppPhRUmLdTgiraqMloe1As7mOt
	zcI1kGAlw3XbVcm12HYVsd8HGNnvO+0M4edxnouzSSzzPeGh+vBnT/67j53sFg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1689187118; a=rsa-sha256; cv=none;
	b=Sh60BwRurGw7xuKgFY+RPUvaoskDuC2sg9qx482rD1fwxbd5P3Gdidcd9YSmmkCmf/buoC
	iV51Prs1FKI8sbFQV+YP+J2MtKbrncE7s7DWOBM6zjGmvrUWMXaS5TWm5sWR331o4LSkdI
	5/R2nUt7gXdW8ttr/b8fJzTVTQRyiDtpMHUCMnYvTwkvvdgLDB7Fbd7SfuyJtWQEdFUzI0
	L5oZX62CC1zsdTA/8BVuYura4840kqLF/FzxTf6WSu/hxmwRwG9RLoTsjgzvOP9gAWjW8B
	G5a0vFz/1kv5FjWB1VSgtfP9F9rWy4s5ik3KIiLyyqyHW27m2MIDzwk5FgdENA==
Received: from venus.codepro.be (venus.codepro.be [5.9.86.228])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "mx1.codepro.be", Issuer "R3" (verified OK))
	(Authenticated sender: kp)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4R1RMd5flFz10jv;
	Wed, 12 Jul 2023 18:38:37 +0000 (UTC)
	(envelope-from kp@FreeBSD.org)
Received: by venus.codepro.be (Postfix, authenticated sender kp)
 id D63B24F47F;
	Wed, 12 Jul 2023 20:38:35 +0200 (CEST)
From: Kristof Provost <kp@FreeBSD.org>
To: void <void@f-m.fm>
Cc: freebsd-hackers@freebsd.org
Subject: Re: dis/advantages of compiling in-kernel over kldload
Date: Wed, 12 Jul 2023 20:38:35 +0200
X-Mailer: MailMate (1.14r5937)
Message-ID: <F94E719F-C1BE-48C4-882D-AF42E3350ACB@FreeBSD.org>
In-Reply-To: <ZK7mnohS12eEYoV2@int21h>
References: <ZK7mnohS12eEYoV2@int21h>
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-ThisMailContainsUnwantedMimeParts: N

On 12 Jul 2023, at 19:45, void wrote:
> (for context this is on recent -current)
>
> in man(4) pf we have
>
> SYNOPSIS
>      device pf
>      options PF_DEFAULT_TO_DROP
>
> no real mention if it being loaded in rc.conf.
>
> But when it is loaded in (just) rc.conf with pf_enable=3DYES
> it gets loaded as a kld.
> Is there an advantage in compiling it in the kernel?
> Is there a disadvantage in it being compiled in the kernel?
>
I strongly recommend that people stick with the GENERIC config, and ideal=
ly just use the builds the project releases.

Any deviation from that means you=E2=80=99re running a configuration that=
=E2=80=99s less tested than the default.
There may be good reasons to do so, but know that our warranty policy is =
=E2=80=9CIf you break it you get to keep all of the pieces=E2=80=9D.

For example, PF_DEFAULT_TO_DROP is know to be broken in at least some sce=
narios: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D237477

Best regards,
Kristof