pf(4) status in 7.0-R

Max Laier max at
Fri Jun 1 16:22:37 UTC 2007

On Friday 01 June 2007, Greg Hennessy wrote:
> > ditto.  I'd like to import a couple of features on a per-feature base
> > rather than doing a complete import which isn't possible anymore due
> > to SMP and routing code changes.
> Is the inability to completely sync PF with the latest OpenBSD release
> cast in stone for here on, or it an issue of resource to do ?
> Just curious in light of recent PF improvements as detailed here

This is a completely unrelated issue really.  Is debateable if it is good 
practice to put all that information into the pkthdr, but the speed 
improvement is something for sure.  It remains to be seen if FreeBSD's 
mbuf tags perform as badly as OpenBSD's and - if they do - what can be 
done about that.  One thing to keep in mind, however, pf is not the one 
and only Firewall in FreeBSD and there are *many* other places that use 
mbuf tags, too.  I would rather look for a more general optimization of 
the mbuf tag framework - if required - , than gluttering the m_pkthdr 
with all fields one can think of (pf, ipfw, ipf, vlans, ipsec, altq ...)

/"\  Best regards,                      | mlaier at
\ /  Max Laier                          | ICQ #67774661
 X  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

More information about the freebsd-current mailing list