moving pfil consumers to sys/netpfil
Gleb Smirnoff
glebius at FreeBSD.org
Wed Sep 12 12:34:59 UTC 2012
Hi,
we (me and Bjoern) would like to establish a single place
for all kinds of pfil(9) consumers, for current ones and
for future as well.
The place chosen is sys/netpfil.
On first round we'd like to move there our Tier-1 firewalls:
ipfw and pf. This also includes moving pf out of contrib.
The plan of movement is the following:
sys/contrib/pf/net/*.c -> sys/netpfil/pf/
sys/contrib/pf/net/*.h -> sys/net/ [1]
contrib/pf/pfctl/*.c -> sbin/pfctl
contrib/pf/pfctl/*.h -> sbin/pfctl
contrib/pf/pfctl/pfctl.8 -> sbin/pfctl
contrib/pf/pfctl/*.4 -> share/man/man4
contrib/pf/pfctl/*.5 -> share/man/man5
sys/netinet/ipfw -> sys/netpfil/ipfw
That's all.
[1] This line is arguable, however the future plan is to:
- split pfvar.h into pf.h and pf_var.h
- kill if_pfsync.h and if_pflog.h as soon as they stop being ifnets
- kill pf_mtag.h moving its declaration to mbuf.h or pf_var.h
So, all new stuff in sys/net would dissolve soon. Notice that current
movement doesn't affect software in ports, but above plans would. So
decision is just put pf stuff into sys/net for now to avoid breaking
ports twice.
--
Totus tuus, Glebius.
More information about the freebsd-net
mailing list