Re: git: 9eff6390718d - main - pf: remove COMPAT_FREEBSD14 #ifdef from pfvar.h
- In reply to: Jessica Clarke : "Re: git: 9eff6390718d - main - pf: remove COMPAT_FREEBSD14 #ifdef from pfvar.h"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 19 Oct 2023 15:09:12 UTC
On 19 Oct 2023, at 17:02, Jessica Clarke wrote: > On 19 Oct 2023, at 15:56, Kristof Provost <kp@FreeBSD.org> wrote: >> >> On 19 Oct 2023, at 16:41, Jessica Clarke wrote: >>> On 19 Oct 2023, at 15:20, Kristof Provost <kp@FreeBSD.org> wrote: >>>> >>>> The branch main has been updated by kp: >>>> >>>> URL: https://cgit.FreeBSD.org/src/commit/?id=9eff6390718d0fa67dffc6cd830b0bc6b815e8c4 >>>> >>>> commit 9eff6390718d0fa67dffc6cd830b0bc6b815e8c4 >>>> Author: Kristof Provost <kp@FreeBSD.org> >>>> AuthorDate: 2023-10-19 10:06:29 +0000 >>>> Commit: Kristof Provost <kp@FreeBSD.org> >>>> CommitDate: 2023-10-19 14:19:39 +0000 >>>> >>>> pf: remove COMPAT_FREEBSD14 #ifdef from pfvar.h >>>> >>>> When userspace includes pfvar.h it doesn't get the kernel's COMPAT_* >>>> defines, so we end up not having required symbols in userspace. This >>>> caused the libpfctl port to fail to build. >>>> >>>> libpfctl will be updated to use the new netlink-based state export code >>>> soon, which will also fix thix build issue. >>>> >>>> Sponsored by: Rubicon Communications, LLC ("Netgate") >>> >>> That’s normally a feature to stop userspace using deprecated things. >>> Will you be reverting this once libpfctl is fixed? One could also hack >>> libpfctl instead to define COMPAT_FREEBSD14 temporarily (IIRC that’s >>> what was done for kbdcontrol to allow it to run on old kernels). >>> >> I wasn’t planning on that, no. The libpfctl port fix should land soon, but I figured that it’d be better to keep the definitions, because userspace doesn’t know if the kernel is built with or without COMPAT_FREEBSD14. >> I’m open to being persuaded that that’s a bad idea though. > > Indeed it doesn’t, because it shouldn’t. The thinking is that userspace > should *never* explicitly use them, only the kernel to provide > compatibility with binaries built against older versions. Deliberately > exposing them to userspace is quite unusual and deemed generally dodgy. > That makes sense. I’ll revert this change once the libpfctl port update has had a chance to land and get built. Best regards, Kristof