From nobody Thu Jan 04 22:42:37 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4T5hS12gWPz55RnT; Thu, 4 Jan 2024 22:42:41 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4T5hS129PFz4RVl; Thu, 4 Jan 2024 22:42:41 +0000 (UTC) (envelope-from kp@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1704408161; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=mzMvWxwwBmu5UPQ9Gd0OB5TDQ6OJo6hRWapiweEwXyU=; b=GLBzXOTQUr2uszn6NXN9P8TTUcI95ntBwilevln3nCmpzqllK6aWLbxEdBTPo8R9w5KzN8 7UD/5yzKPWRUPZWiP+/uORhZKiM9EYlsm1QZJZmNHQcQiRp6gESF1y4O72TlUen4gQ3YXn A3JjZCb5IZvcW9YgHnwdiPi6Ezr+tOe26dxaurLl8ptApXqCMPr/kRJNGpj1NA93tLwV9j qvOnvSytNwbPiFHnchCg+k/+JGL1NASt2lYqLPG4qKETStLCj6ftdtOo71K1wSOpTLVadT PtJ0GXHtvEKisRZBt1hh+OgsgSF4Ymeb3QjpvTDH2FunQFig9ZJ5OLcZDIwV/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1704408161; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=mzMvWxwwBmu5UPQ9Gd0OB5TDQ6OJo6hRWapiweEwXyU=; b=oElZviJtLQHu0siA95L+34/zVkejHSUN1mhjOusmB23L88HGBTiHsUpYS28aCKlKtccwx/ rhREP2XPjl/OqdfpCq/kiKDMajCauIrljbEWVkMZhOatkkZuWFdI4whIM/DVoI2z/ZSdFC X89IU31/EZouugribEqd3vpuMd6XnlgKMAdAnbPr6xdtY+J52V+/18v5wSeTujXL1kwjSP QMQAF2Zhhf040wiA11y9jrCp/V3hj7QofA3jPjMZasPl+IFgIVLjpkNkTqQL78LyXqRwj7 7W+2wYTWXLEp0hcz34VjdSHkwKnx9jPbTcFJZNCGXdAKd+6PVPZZa4i7YeqgtA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1704408161; a=rsa-sha256; cv=none; b=Pg5E20nI9l6WFrnPQegnBfMvnG9SHTbbB2WNH5BeNgGWbED3vxUTASbJBVQtz/ZsLe8+RL 75xiDEci1xdgQ461eigHNXQgPbXE9uPuBG8COli7RrOY5TaQNwL8Y3Ia3PIDr/9Fy9meCw NWif7NB4umvowPdO+rnaq7LnujLn7rnxPdZ0moQUa7OzJUW12j846XMiz3kF0l63BBNdR2 n428rNGZoQyIvRVbFbZGU3KLRgK0PyScz24cRRZ0/kDmNUW/ARgAVu7ZZRnZ/KSSUaFtoI Rx2QHl8WUuvDsigeuj69pEPlVQYVZ/c4nvQFLtB8d8MvsiomMYhXcewAavoZOQ== Received: from venus.codepro.be (venus.codepro.be [5.9.86.228]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mx1.codepro.be", Issuer "R3" (verified OK)) (Authenticated sender: kp) by smtp.freebsd.org (Postfix) with ESMTPSA id 4T5hS10cn4z1gJC; Thu, 4 Jan 2024 22:42:41 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: by venus.codepro.be (Postfix, authenticated sender kp) id F3A6E3D0F0; Thu, 4 Jan 2024 23:42:37 +0100 (CET) From: Kristof Provost To: Jessica Clarke Cc: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: Re: git: 324fd7ec4043 - main - libpfctl: introduce a handle-enabled variant of pfctl_add_rule() Date: Thu, 04 Jan 2024 23:42:37 +0100 X-Mailer: MailMate (1.14r5937) Message-ID: <87DCAFCC-1C6E-4052-90C9-FE684E30679C@FreeBSD.org> In-Reply-To: <38CDCAED-9DF7-467B-BEF9-84BE6D1E8085@freebsd.org> References: <202401042211.404MBC3D003204@gitrepo.freebsd.org> <38CDCAED-9DF7-467B-BEF9-84BE6D1E8085@freebsd.org> List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 4 Jan 2024, at 23:19, Jessica Clarke wrote: > On 4 Jan 2024, at 22:11, Kristof Provost wrote: >> The branch main has been updated by kp: >> >> URL: https://cgit.FreeBSD.org/src/commit/?id=3D324fd7ec40439e6b3916429= a69956d7acf74eb19 >> >> commit 324fd7ec40439e6b3916429a69956d7acf74eb19 >> Author: Kristof Provost >> AuthorDate: 2024-01-04 12:45:56 +0000 >> Commit: Kristof Provost >> CommitDate: 2024-01-04 22:10:44 +0000 >> >> libpfctl: introduce a handle-enabled variant of pfctl_add_rule() >> >> Introduce pfctl_add_rule_h(), which takes a pfctl_handle rather tha= n a >> file descriptor (which it didn't use). This means that library user= s can >> open the handle while they're running as root, but later drop privi= leges >> and still add rules to pf. > > Given libpfctl is an INTERALLIB, why do we need to care about this > compatibility (and live with this cruft) instead of just changing > pfctl_add_rule to the new thing? > There=E2=80=99s also a ports version of libpfctl, which copies the libpfc= tl code and builds it for port consumption. I didn=E2=80=99t want to turn libpfctl into a stable abi/api in the src t= ree, but ports do need something to use. We don=E2=80=99t want them to ha= ve to care about nvlists or netlink. Given that it=E2=80=99s external we can have different code there, but I = don=E2=80=99t want to make maintaining the external versions harder than = it needs to be. Best regards, Kristof