Upgrading pf in time for 5.4?

Max Laier max at love2party.net
Fri Apr 1 15:44:26 PST 2005 

On Saturday 02 April 2005 01:26, R. Tyler Ballance wrote:
> I'm about halfway through with slugging through the changes from
> OPENBSD_3_5 -> OPENBSD_3_6 to packet filter code, and i'm wondering if
> (a) i'm going about it the "right" way, and (b) if it's worth devoting
> more time to (my employer (texas A&M) is allowing me to work on it at
> work ;)) to get some patches done before 5.4-RELEASE

I don't think there is much gain in doing the 3.6 pull-up now, with 3.7 
branched and almost out of the door.  I am going to look at pulling 3.7 into 
FreeBSD-CURRENT by the time 3.7 is official (May, 1st as of now).

> From our standpoint, we'd stand a good bit to gain if the code was
> updated, given the rule optimizations that have been added to pf from
> 3_5->3_6 and a few other changes (i'm still hoping for if_bridge.* to be
> ported over soon ;))

The latter is certainly a more pushing project - IMO.  If your employer would 
sponsor you some time for that - that'd be perfect.  Talk to Bruce (bms@) who 
has been working with some people to get this in.  What is needed the most at 
this point is *proper* testing and performance analysis wrt. the current 
bridge.c implementation.  Could you dig up some resources for that?

> So, how long might I have to wrap it up, and any suggestions on how the
> "right way" would be (just to make sure i'm not wasting a lot of time
> here ;))

Judging from my experience (and provided you are reasonably familiar with the 
code) you can do an import in <1week.  You should spend another week fixing 
the apparent bugs and introducing infrastructure that is required.  The 
"right way" to go - IMHO - would be to get a cvsrepo and import the OpenBSD 
vendor source into it (some CVS-foo required for this step).  This will help 
you with the trivia.  Then you start working from there ... get back to me on 
private mail on/after Tuesday, I will then start the dance with the currently 
available 3.7 code to see what issues we are looking at and I can sure use a 
second pair of eyes - if you are up for that.

As for 5.4R - that's done and over.  No new code (esp. as big as a pf pull-up) 
will go into it anymore.  And - as a pf pull-up will mess with API/ABI - it 
won't even go to RELENG_5 afterwards.  However, as I said several times 
before, I plan to make it easy to do a pull-up from FreeBSD-CURRENT to 
RELENG_5 and am committed to support this option if it proves easy enough.

-- 
/"\  Best regards,                      | mlaier at freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20050402/7ec601d1/attachment.bin

More information about the freebsd-pf mailing list