Upgrading FreeBSD to use the NEW pf syntax.
Gleb Smirnoff
glebius at FreeBSD.org
Wed Nov 21 07:56:44 UTC 2012
Mark,
On Tue, Nov 20, 2012 at 03:43:17PM +0100, Mark Martinec wrote:
M> For one thing, I'm desperately awaiting NAT64 support (the 'af-to'
M> translation rule in newer pf (5.1?), committed on 2011-10).
Backport this exact feature to FreeBSD and send patch.
M> Other: packet normalization (scrub) has been reworked and simplified,
M> and is now a rulset option. Considering that scrub is currently broken
M> (9.1, see list of PF bugs in FreeBSD), along with several other
M> bugs that need fixing, it seems the (scarce) manpower would better
M> be spent in moving on, than keeping the already leaky (buggy) pf
M> afloat.
Yes, scrub improvements can be cherry picked and added to FreeBSD, too.
But if you think that bulk import of new version would close all current
bugs without opening new problems, then you are mistaking. Last bulk
import introduced much more bugs than it closed. And this statement isn't
a accusation towards the person who did the import. This is just a generic
rule. If you take 100k lines of code that were developed for another
operating system kernel and without thourough reviewing it just make it
compile and link with another kernel, then you are about to miss many
rough edges that will show up later, when the code would be utilized.
Thus, cherry-picking is preferred over bulk imports.
--
Totus tuus, Glebius.
More information about the freebsd-pf
mailing list