pf(4) status in 7.0-R

Stanislaw Halik sthalik at
Fri Jun 1 13:18:39 UTC 2007

On Fri, Jun 01, 2007, LI Xin wrote:
>> Are there any plans to sync pf(4) before 7.0-R? OpenBSD has some neat
>> stuff in it, including expiretable functionality, which would come in
>> handy.
> Last time I have talked with Max (Cc'ed) about the issue, we finally
> figured out that porting the whole stuff would need some infrastructural
> changes to our routing code, which could be risky so we wanted to avoid
> it at this stage (about 15 days before RELENG_7 code freeze).  On the
> other hand, some functionality (like the expiretable feature) does not
> seem to touch a large part of kernel and might be appropriate
> RELENG_7(_0) candidate.

> Could you please enumerate some features that FreeBSD is currently lack
> of and are considered "high priority" so we will be able to evaluate
> whether to port?

>From what I've spotted on the OpenBSD Journal:

  Claims a large speedup to pf. I'm not entirely sure if it's applicable
  to FreeBSD as well.
  A 10% speedup. This one should apply to FreeBSD as well.
  Userland portion of the expiretable patch. I'm unable to find the
  kernel-land one, though. `expiretable' makes `overload' and any other
  kind of automated blacklisting a lot more useful.

Thanks in advance for importing any of these.

> BTW.  Patches are always welcome, as usual :-)  So don't hesitate to
> submit if you already did some work.

I apologize for not being able to be of any help, but I'm no kernel

Whenever you find that you are on the side of the majority, it is time
to reform.
                -- Mark Twain

More information about the freebsd-current mailing list