Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 23 Nov 2012 19:27:41 +0400
From:      Gleb Smirnoff <glebius@FreeBSD.org>
To:        Andre Oppermann <andre@FreeBSD.org>
Cc:        src-committers@FreeBSD.org, svn-src-user@FreeBSD.org
Subject:   Re: svn commit: r243458 - in user/andre/tcp_workqueue/sys: net netinet
Message-ID:  <20121123152741.GZ84121@FreeBSD.org>
In-Reply-To: <201211231453.qANErSKF034907@svn.freebsd.org>
References:  <201211231453.qANErSKF034907@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
  Andre,

On Fri, Nov 23, 2012 at 02:53:28PM +0000, Andre Oppermann wrote:
A> Log:
A>   Add sysctl support for pfil hook reporting and ordering.
A>   
A>   pfil_head_register() takes an additional pointer to the parent sysctl
A>   node pointer of the protocol family that is being registered here.
A>   
A>   Two new branches are then attached named "pfil_in" and "pfil_out".
A>   In each branch a list of the attached pfil hooks in the order of
A>   their processing is provided in the "hooks" string sysctl.
A>   
A>   In addition each attached pfil hook has its own node with a numeric
A>   representation of is ordering rank (0-255).  Writing a new ordering
A>   rank changes the processing order.  If two hooks have the same rank
A>   the last installed or changed comes first.
A>   
A>   Example output:
A>    net.inet.pfil_in.hooks="pf,ipfw,ipfilter"
A>    net.inet.pfil_in.pf=200
A>    net.inet.pfil_in.ipfw=201
A>    net.inet.pfil_in.ipfilter=202
A>    net.inet.pfil_out.hooks="ipfilter,ipfw,pf"
A>    net.inet.pfil_out.ipfilter=53
A>    net.inet.pfil_out.ipfw=54
A>    net.inet.pfil_out.pf=55
A>   
A>   This may be further tweaked and refined.

  Frankly speaking, the fact that the list can't be set directly
in one sysctl oid:

	sysctl net.inet.pfil_in.hooks="pf,ipfw,ipfilter"

, but can only be set via suppling pointless numeric values to N
oids looks very poor from perspective of an average user. He might
think something like "oh, FreeBSD developers were too lazy to parse
a string", or "they designed an interface not for people but for nerds".

  Interface must be easier! If you don't like parsing strings in kernel,
then /sbin/pfilctl can be introduced. The utility eventually may grow
more functionality.

-- 
Totus tuus, Glebius.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20121123152741.GZ84121>