Re: dis/advantages of compiling in-kernel over kldload

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Wed, 12 Jul 2023 18:38:35 UTC
On 12 Jul 2023, at 19:45, void wrote:
> (for context this is on recent -current)
>
> in man(4) pf we have
>
> SYNOPSIS
>      device pf
>      options PF_DEFAULT_TO_DROP
>
> no real mention if it being loaded in rc.conf.
>
> But when it is loaded in (just) rc.conf with pf_enable=YES
> it gets loaded as a kld.
> Is there an advantage in compiling it in the kernel?
> Is there a disadvantage in it being compiled in the kernel?
>
I strongly recommend that people stick with the GENERIC config, and ideally just use the builds the project releases.

Any deviation from that means you’re running a configuration that’s less tested than the default.
There may be good reasons to do so, but know that our warranty policy is “If you break it you get to keep all of the pieces”.

For example, PF_DEFAULT_TO_DROP is know to be broken in at least some scenarios: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237477

Best regards,
Kristof