Re: dis/advantages of compiling in-kernel over kldload

From: Warner Losh <imp_at_bsdimp.com>
Date: Wed, 12 Jul 2023 17:53:32 UTC
On Wed, Jul 12, 2023 at 11:45 AM void <void@f-m.fm> wrote:

> Hello hackers@
>
> (for context this is on recent -current)
>
> in man(4) pf we have
>
> SYNOPSIS
>       device pf
>       options PF_DEFAULT_TO_DROP
>
> no real mention if it being loaded in rc.conf.
>
> But when it is loaded in (just) rc.conf with pf_enable=YES
> it gets loaded as a kld.
>
> Is there an advantage in compiling it in the kernel?
> Is there a disadvantage in it being compiled in the kernel?
>
> If it's compiled in the kernel, does the system still require
> pf_enable=YES in rc.conf?
>

Yes. pf_enable=YES will load it as a side effect when it configures
pf, but isn't primarily to load it as a module. But if it's in the kernel,
you still need to configure pf on boot (or some time later).

I still have 'pf_load="YES"' in my /boot/loader.conf, but it's for a system
I have that configures pf in weird ways not at boot. It's to work around the
"weird ways" script not loading pf on demand though.

Warner