svn commit: r243458 - in user/andre/tcp_workqueue/sys: net netinet
Gleb Smirnoff
glebius at FreeBSD.org
Fri Nov 23 15:27:45 UTC 2012
Andre,
On Fri, Nov 23, 2012 at 02:53:28PM +0000, Andre Oppermann wrote:
A> Log:
A> Add sysctl support for pfil hook reporting and ordering.
A>
A> pfil_head_register() takes an additional pointer to the parent sysctl
A> node pointer of the protocol family that is being registered here.
A>
A> Two new branches are then attached named "pfil_in" and "pfil_out".
A> In each branch a list of the attached pfil hooks in the order of
A> their processing is provided in the "hooks" string sysctl.
A>
A> In addition each attached pfil hook has its own node with a numeric
A> representation of is ordering rank (0-255). Writing a new ordering
A> rank changes the processing order. If two hooks have the same rank
A> the last installed or changed comes first.
A>
A> Example output:
A> net.inet.pfil_in.hooks="pf,ipfw,ipfilter"
A> net.inet.pfil_in.pf=200
A> net.inet.pfil_in.ipfw=201
A> net.inet.pfil_in.ipfilter=202
A> net.inet.pfil_out.hooks="ipfilter,ipfw,pf"
A> net.inet.pfil_out.ipfilter=53
A> net.inet.pfil_out.ipfw=54
A> net.inet.pfil_out.pf=55
A>
A> This may be further tweaked and refined.
Frankly speaking, the fact that the list can't be set directly
in one sysctl oid:
sysctl net.inet.pfil_in.hooks="pf,ipfw,ipfilter"
, but can only be set via suppling pointless numeric values to N
oids looks very poor from perspective of an average user. He might
think something like "oh, FreeBSD developers were too lazy to parse
a string", or "they designed an interface not for people but for nerds".
Interface must be easier! If you don't like parsing strings in kernel,
then /sbin/pfilctl can be introduced. The utility eventually may grow
more functionality.
--
Totus tuus, Glebius.
More information about the svn-src-user
mailing list