[HEADS UP] merging projects/pf into head

Gleb Smirnoff glebius at FreeBSD.org
Wed Sep 5 11:51:52 UTC 2012


  [announce goes both to net@ and pf@, but any discussion should
   go on on pf at FreeBSD.org only, please]

  As you already may now, last half a year I've been working on
making pf SMP-scalable and faster in general. More info can be
found here:


  Since that announce in June, I've been running experimental code for
more than 2 months in production on several routers. Also, some brave
people volunteered to be beta-testers and also run the experimental
branch in last couple of months. Code proved to be stable enough.

  The new code performs better in production: less CPU load, less
jitter, more responsive system under high load. It performs better
under synthetic benchmarks like random generated UDP flood. It
performs much better when DoS comes in.

  Thus, I plan to merge projects/pf/head to head this weekend, and
this is a HEADS UP email! You have been warned. :)

  What I'd like to do next:

  1) Move pf out of contrib.
  2) Refactor the pfvar.h into pf.h and pf_var.h. Provide stable
     kernel<->pfctl ABI. And probably other clean up tasks.
  3) ... too far to build any plans, yet. :)

Totus tuus, Glebius.

More information about the freebsd-pf mailing list