pf(4) status in 7.0-R
Stanislaw Halik
sthalik at tehran.lain.pl
Fri Jun 1 13:18:39 UTC 2007
On Fri, Jun 01, 2007, LI Xin wrote:
>> Are there any plans to sync pf(4) before 7.0-R? OpenBSD has some neat
>> stuff in it, including expiretable functionality, which would come in
>> handy.
> Last time I have talked with Max (Cc'ed) about the issue, we finally
> figured out that porting the whole stuff would need some infrastructural
> changes to our routing code, which could be risky so we wanted to avoid
> it at this stage (about 15 days before RELENG_7 code freeze). On the
> other hand, some functionality (like the expiretable feature) does not
> seem to touch a large part of kernel and might be appropriate
> RELENG_7(_0) candidate.
> Could you please enumerate some features that FreeBSD is currently lack
> of and are considered "high priority" so we will be able to evaluate
> whether to port?
>From what I've spotted on the OpenBSD Journal:
- http://marc.info/?l=openbsd-cvs&m=118037274607974&w=2
Claims a large speedup to pf. I'm not entirely sure if it's applicable
to FreeBSD as well.
- http://marc.info/?l=openbsd-cvs&m=118040004621784&w=2
A 10% speedup. This one should apply to FreeBSD as well.
- http://marc.info/?l=openbsd-cvs&m=116915376827511&w=2
Userland portion of the expiretable patch. I'm unable to find the
kernel-land one, though. `expiretable' makes `overload' and any other
kind of automated blacklisting a lot more useful.
Thanks in advance for importing any of these.
> BTW. Patches are always welcome, as usual :-) So don't hesitate to
> submit if you already did some work.
I apologize for not being able to be of any help, but I'm no kernel
developer.
--
Whenever you find that you are on the side of the majority, it is time
to reform.
-- Mark Twain
More information about the freebsd-current
mailing list