pf(4) status in 7.0-R

Fri Jun 1 15:17:59 UTC 2007

[ moving this to the more specific list ]

On Friday 01 June 2007, LI Xin wrote:
> Stanislaw Halik wrote:
> > Heya,
> >
> > Are there any plans to sync pf(4) before 7.0-R? OpenBSD has some neat
> > stuff in it, including expiretable functionality, which would come in
> > handy.
>
> Last time I have talked with Max (Cc'ed) about the issue, we finally
> figured out that porting the whole stuff would need some
> infrastructural changes to our routing code, which could be risky so we
> wanted to avoid it at this stage (about 15 days before RELENG_7 code
> freeze).  On the other hand, some functionality (like the expiretable
> feature) does not seem to touch a large part of kernel and might be
> appropriate
> RELENG_7(_0) candidate.
>
> Could you please enumerate some features that FreeBSD is currently lack
> of and are considered "high priority" so we will be able to evaluate
> whether to port?
>
> BTW.  Patches are always welcome, as usual :-)  So don't hesitate to
> submit if you already did some work.

ditto.  I'd like to import a couple of features on a per-feature base 
rather than doing a complete import which isn't possible anymore due to 
SMP and routing code changes.

Submit your list of features and I'll see what I can do this weekend.  My 
list includes:

- keep state and flags S/SA to default
- improved state table purgeing (this is internal, but a huge benefit)
- interface handling (groups etc.)
- pfsync / pflog update (not 100% sure about these due to libpcap / 
tcpdump dependency)

While at it, I might also introduce needed ABI breakage for netgraph 
interaction.

Anything else?

-- 
/"\  Best regards,                      | mlaier at freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News