From owner-freebsd-current  Wed Dec 18 16:55: 3 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9D43137B401; Wed, 18 Dec 2002 16:55:02 -0800 (PST)
Received: from ebb.errno.com (ebb.errno.com [66.127.85.87])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 3593D43EB2; Wed, 18 Dec 2002 16:55:02 -0800 (PST)
	(envelope-from sam@errno.com)
Received: from melange (melange.errno.com [66.127.85.82])
	(authenticated bits=0)
	by ebb.errno.com (8.12.5/8.12.1) with ESMTP id gBJ0t09i089815
	(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO);
	Wed, 18 Dec 2002 16:55:01 -0800 (PST)?g
	(envelope-from sam@errno.com)œ
X-Authentication-Warning: ebb.errno.com: Host melange.errno.com [66.127.85.82] claimed to be melange
Message-ID: <0a6201c2a6f9$42cfd720$52557f42@errno.com>
From: "Sam Leffler" <sam@errno.com>
To: "Hiten Pandya" <hiten@unixdaemons.com>, <current@FreeBSD.ORG>
Cc: <darrenr@FreeBSD.ORG>
References: <20021219003856.GA49597@unixdaemons.com>
Subject: Re: PFIL_HOOKS should be made default in 5.0
Date: Wed, 18 Dec 2002 16:55:00 -0800
Organization: Errno Consulting
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

> A teeny-weeny issue I would like to discuss, is that we make the pfil(9)
> hooks code default in 5.0, and remove the kernel option; this is because
> it creates problems when PFIL_HOOKS is not in the (e.g. GENERIC) kernel,
> and someone tries to load the ipfilter kernel module (ipl.ko). [1]
>
> I have discussed this with Darren, but would just like to make it
> public, so it can be discussed by the release engineers etc.  I
> apologize but I do not have patches for this.
>

Enabling PFIL_HOOKS changes various code paths.  Doing this so late in the
release cycle is a bad idea.  I also recall that there is a performance
penalty (at least in the bridge code) for having this enabled.

Both issues make it seem like it should stay an option for 5.0.

    Sam


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message