Why merging recent OpenBSD PF code is not easy (was Re: FOLLOW-UP)
Kurt Jaeger
lists at opsec.eu
Sun Dec 7 11:12:34 UTC 2014
Hi!
> Nobody in their right mind would run the current version of PF on
> FreeBSD!
There was a big discussion on PF this summer, see
http://lists.freebsd.org/pipermail/freebsd-current/2014-July/051229.html
There are several issues why it can not easily be merged. The one
I remember was that the PF code is not suitable for multi-core use.
Today's hosts need multicore to keep up with line rates (and I have
a bunch of routers speaking BGP4 and running FreeBSD), so
something needs to be done in either direction.
There is an OpenBSD fork (!):
https://www.bitrig.org/
probably because the way OpenBSD handles its issues, and maybe
the multicore (vrs. old platform support) is one of them. So please do
not consider it an easy problem. It's hard.
--
pi at opsec.eu +49 171 3101372 6 years to go !
More information about the freebsd-pf
mailing list