[CFT] modular kernel config

Alexander Leidinger Alexander at Leidinger.net
Tue Feb 28 15:38:00 UTC 2012 

Quoting ~Lst <slackbie at gmail.com> (from Tue, 28 Feb 2012 16:38:43 +0700):

> 2012/2/28 Steve Wills <swills at freebsd.org>:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 02/27/12 10:53, Łukasz Wąsikowski wrote:
>>> W dniu 2012-02-22 23:31, Bjoern A. Zeeb pisze:
>>>
>>>> You cannot ship that on by default for non-tecnical reasons in a
>>>> kernel.  Please do not commit a kernel config that can be booted
>>>> (no LINT cannot be booted) with these on without consulting
>>>> appropriate hats upfront.
>>>>
>>>>
>>>>> - ALTQ - SW_WATCHDOG - QUOTA - IPSTEALTH (disabled in
>>>>> loader.conf) - IPFIREWALL_FORWARD (touches every packet, power
>>>>> users which need a bigger PPS but not this feature can
>>>>> recompile the kernel, discussed with julian@) - FLOWTABLE
>>>>> (disabled in loader.conf)
>>>> Which is not the same as it's not 100% disabled and will still
>>>> allocate memory.
>>>
>>> FLOWTABLE on 8.x crashed BGP routers (kern/144917). I don't know if
>>> it is fixed by now, but this kind of potential problematic features
>>> should not be enabled by default.
>>>
>>
>> Agree, I've run into problems with FLOWTABLE (with just the features
>> that were enabled by default in 8.0) when routers changed MAC
>> addresses. As far as I understand it, FLOWTABLE is both broken and
>> abandoned (but if I'm wrong, please let me know).
>>
>> So, IMHO, not only should it not be enabled by default, but given that
>> it was disabled complete in 8.x after 8.0 (too lazy to look at exactly
>> when right now), I think it shouldn't even be included, since that
>> might encourage users to try it out only to encounter problems with it.
>>
>> Steve
>>
>
> Definitely yes, I'd some problems too with FLOWTABLE running for router.
> So I have to disabled in kernel and sysctl.

To make sure I understand you correctly: Did you disabled it with the  
sysctl/loader-tunable and everything was OK again, or did you had to  
remove it from the kernel config (disabling via sysctl was not enough)  
to resolve the issue?

I have one report where a person has issue with FLOWTABLE, but  
disabling it via the sysctl/loader-tunable was enough to address his  
concerns.

Bye,
Alexander.

-- 
The light at the end of the tunnel is the headlamp of
an oncoming train.

http://www.Leidinger.net    Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org       netchild @ FreeBSD.org  : PGP ID = 72077137

More information about the freebsd-current mailing list