Date: Thu, 04 Jan 2024 23:42:37 +0100 From: Kristof Provost <kp@FreeBSD.org> To: Jessica Clarke <jrtc27@freebsd.org> Cc: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: Re: git: 324fd7ec4043 - main - libpfctl: introduce a handle-enabled variant of pfctl_add_rule() Message-ID: <87DCAFCC-1C6E-4052-90C9-FE684E30679C@FreeBSD.org> In-Reply-To: <38CDCAED-9DF7-467B-BEF9-84BE6D1E8085@freebsd.org> References: <202401042211.404MBC3D003204@gitrepo.freebsd.org> <38CDCAED-9DF7-467B-BEF9-84BE6D1E8085@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4 Jan 2024, at 23:19, Jessica Clarke wrote: > On 4 Jan 2024, at 22:11, Kristof Provost <kp@FreeBSD.org> wrote: >> The branch main has been updated by kp: >> >> URL: https://cgit.FreeBSD.org/src/commit/?id=3D324fd7ec40439e6b3916429= a69956d7acf74eb19 >> >> commit 324fd7ec40439e6b3916429a69956d7acf74eb19 >> Author: Kristof Provost <kp@FreeBSD.org> >> AuthorDate: 2024-01-04 12:45:56 +0000 >> Commit: Kristof Provost <kp@FreeBSD.org> >> CommitDate: 2024-01-04 22:10:44 +0000 >> >> libpfctl: introduce a handle-enabled variant of pfctl_add_rule() >> >> Introduce pfctl_add_rule_h(), which takes a pfctl_handle rather tha= n a >> file descriptor (which it didn't use). This means that library user= s can >> open the handle while they're running as root, but later drop privi= leges >> and still add rules to pf. > > Given libpfctl is an INTERALLIB, why do we need to care about this > compatibility (and live with this cruft) instead of just changing > pfctl_add_rule to the new thing? > There=E2=80=99s also a ports version of libpfctl, which copies the libpfc= tl code and builds it for port consumption. I didn=E2=80=99t want to turn libpfctl into a stable abi/api in the src t= ree, but ports do need something to use. We don=E2=80=99t want them to ha= ve to care about nvlists or netlink. Given that it=E2=80=99s external we can have different code there, but I = don=E2=80=99t want to make maintaining the external versions harder than = it needs to be. Best regards, Kristof
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87DCAFCC-1C6E-4052-90C9-FE684E30679C>