Date: Wed, 18 Dec 2002 16:55:00 -0800 From: "Sam Leffler" <sam@errno.com> To: "Hiten Pandya" <hiten@unixdaemons.com>, <current@FreeBSD.ORG> Cc: <darrenr@FreeBSD.ORG> Subject: Re: PFIL_HOOKS should be made default in 5.0 Message-ID: <0a6201c2a6f9$42cfd720$52557f42@errno.com> References: <20021219003856.GA49597@unixdaemons.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> A teeny-weeny issue I would like to discuss, is that we make the pfil(9)
> hooks code default in 5.0, and remove the kernel option; this is because
> it creates problems when PFIL_HOOKS is not in the (e.g. GENERIC) kernel,
> and someone tries to load the ipfilter kernel module (ipl.ko). [1]
>
> I have discussed this with Darren, but would just like to make it
> public, so it can be discussed by the release engineers etc. I
> apologize but I do not have patches for this.
>
Enabling PFIL_HOOKS changes various code paths. Doing this so late in the
release cycle is a bad idea. I also recall that there is a performance
penalty (at least in the bridge code) for having this enabled.
Both issues make it seem like it should stay an option for 5.0.
Sam
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0a6201c2a6f9$42cfd720$52557f42>