Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 27 Feb 2012 21:45:59 -0500
From:      Steve Wills <swills@FreeBSD.org>
To:        =?UTF-8?B?xYF1a2FzeiBXxIVzaWtvd3NraQ==?= <lukasz@wasikowski.net>
Cc:        "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>, stable@FreeBSD.org, current@FreeBSD.org, Alexander Leidinger <Alexander@Leidinger.net>
Subject:   Re: [CFT] modular kernel config
Message-ID:  <4F4C3FE7.3040802@FreeBSD.org>
In-Reply-To: <4F4BA707.5070608@wasikowski.net>
References:  <20120221143537.Horde.deyFDZjmRSRPQ52pxBIpnLA@webmail.leidinger.net> <BA7FFA2D-DEE6-4FB7-AE26-0BC79CBFD8C0@lists.zabbadoz.net> <4F4BA707.5070608@wasikowski.net>

next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/27/12 10:53, Łukasz Wąsikowski wrote:
> W dniu 2012-02-22 23:31, Bjoern A. Zeeb pisze:
> 
>> You cannot ship that on by default for non-tecnical reasons in a
>> kernel.  Please do not commit a kernel config that can be booted
>> (no LINT cannot be booted) with these on without consulting
>> appropriate hats upfront.
>> 
>> 
>>> - ALTQ - SW_WATCHDOG - QUOTA - IPSTEALTH (disabled in
>>> loader.conf) - IPFIREWALL_FORWARD (touches every packet, power
>>> users which need a bigger PPS but not this feature can
>>> recompile the kernel, discussed with julian@) - FLOWTABLE
>>> (disabled in loader.conf)
>> Which is not the same as it's not 100% disabled and will still
>> allocate memory.
> 
> FLOWTABLE on 8.x crashed BGP routers (kern/144917). I don't know if
> it is fixed by now, but this kind of potential problematic features
> should not be enabled by default.
> 

Agree, I've run into problems with FLOWTABLE (with just the features
that were enabled by default in 8.0) when routers changed MAC
addresses. As far as I understand it, FLOWTABLE is both broken and
abandoned (but if I'm wrong, please let me know).

So, IMHO, not only should it not be enabled by default, but given that
it was disabled complete in 8.x after 8.0 (too lazy to look at exactly
when right now), I think it shouldn't even be included, since that
might encourage users to try it out only to encounter problems with it.

Steve
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (FreeBSD)

iQEcBAEBAgAGBQJPTD/nAAoJEPXPYrMgexuhvWAH/iPa0N32GJXdyL7OdqFNNuEN
R/Z0tOqTCCmAm4WsbAbN3m5poBKNctRtQxG40XoqmvZAWlomwYCwpS2xgCX60NZO
XhspUEpQ7cHQpt6ZOW12x3G6FZJ4DzFX0+mDPYxE/7YmwtsjZFeTFGVEPezeKQwr
Khar5jWYqETmM1+mFvAFXnfTUiBwnqErDfYmHQAE93wKQd9CyzrFmDfooNTiMUB6
yW+piexN/SzXz6nftQesJbFOWUW6fvhxe9TYcK8+b9zCo2GxPuUrRV60PKQX0apd
nlKWtj49znLVzmpTYboQnvmqmk+yik8wL2wszUaZ4jAjieCjWOhJwCWOvkQ9yIg=
=SBbK
-----END PGP SIGNATURE-----



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F4C3FE7.3040802>