I've been using this patch for a couple of weeks. No problems so far.

Added krb5/util/profile__L back in again. I have yet to test build.

In D54323#1241416, @kib wrote:

Can you pleas explain

1. how the list of missed symbols was obtained

Just added this comment to the PR.

Looks good to me.

Also please MFC this.

In D54232#1239061, @jrtc27 wrote:

Why not properly namespace these with an ipf_ prefix whilst you're at it?

Add missing opt_ipfilter.h.

Renamed IPFS to IPFILTER_IPFS.

In D54041#1234795, @fuz wrote:

I recommend that instead of !defined(__cplusplus), maybe we do !defined(unreachable). This should also cover C codebases with their own unreachable macros and matches what we do for offsetof.

No issues here.

Replaced by D53843.

Replaced by D53843.

This fixes the issue.

In D53899#1231752, @des wrote:

In D53899#1231683, @cy wrote:

Can there be a sysctl to restore the legacy algorithm for sites that do not have many, if any, ephemeral IP addresses? Linux allows one to set this in /proc/sys/net/ipv4/neigh/ethX/gc_stale_time. We should be able to do the same in a sysctl.

There already is, if only you'd bothered to read the diff.

EDIT: I just realized you're referring to something else entirely, in which case can you please discuss it elsewhere?

Quoting the SUMMARY:

LGTM

This update incorporates Ed's suggestion. Instead of an additional
commit to conditionally remove ipfs(8) from ip_state.c we do it here
as well.

In D53787#1228857, @markj wrote:

This looks ok to me with Ed's suggestion applied.

In D53805#1228994, @markj wrote:

In D53805#1228989, @cy wrote:

Rather than set IPFERROR within the function we return a return code and let the caller set the IPFERROR. Do you mind if I take this and flesh it out a bit?

Please go ahead!

Rather than set IPFERROR within the function we return a return code and let the caller set the IPFERROR. Do you mind if I take this and flesh it out a bit?