Date: Wed, 12 Sep 2012 16:34:57 +0400 From: Gleb Smirnoff <glebius@FreeBSD.org> To: net@FreeBSD.org, luigi@FreeBSD.org Cc: "Bjoern A. Zeeb" <bz@FreeBSD.org> Subject: moving pfil consumers to sys/netpfil Message-ID: <20120912123457.GC85604@glebius.int.ru>
next in thread | raw e-mail | index | archive | help
Hi,
we (me and Bjoern) would like to establish a single place
for all kinds of pfil(9) consumers, for current ones and
for future as well.
The place chosen is sys/netpfil.
On first round we'd like to move there our Tier-1 firewalls:
ipfw and pf. This also includes moving pf out of contrib.
The plan of movement is the following:
sys/contrib/pf/net/*.c -> sys/netpfil/pf/
sys/contrib/pf/net/*.h -> sys/net/ [1]
contrib/pf/pfctl/*.c -> sbin/pfctl
contrib/pf/pfctl/*.h -> sbin/pfctl
contrib/pf/pfctl/pfctl.8 -> sbin/pfctl
contrib/pf/pfctl/*.4 -> share/man/man4
contrib/pf/pfctl/*.5 -> share/man/man5
sys/netinet/ipfw -> sys/netpfil/ipfw
That's all.
[1] This line is arguable, however the future plan is to:
- split pfvar.h into pf.h and pf_var.h
- kill if_pfsync.h and if_pflog.h as soon as they stop being ifnets
- kill pf_mtag.h moving its declaration to mbuf.h or pf_var.h
So, all new stuff in sys/net would dissolve soon. Notice that current
movement doesn't affect software in ports, but above plans would. So
decision is just put pf stuff into sys/net for now to avoid breaking
ports twice.
--
Totus tuus, Glebius.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120912123457.GC85604>