Date: Mon, 18 Oct 2004 01:01:42 +0200 From: Max Laier <max@love2party.net> To: freebsd-pf@freebsd.org Subject: Plans for 6-CURRENT and 5-STABLE Message-ID: <200410180101.48611.max@love2party.net>
next in thread | raw e-mail | index | archive | help
--nextPart2255424.PjvYpdfZ49 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline All, [Attention: Long mail - lot of babbling] now that RELENG_5_3 has been cut and FreeBSD 5.3 - the first release to shi= p=20 with PF - is about to leave the door. It's time to talk about the future=20 direction on PF development within FreeBSD. I'd like to share some of the=20 plans I have in mind and the anticipated schedule for them. One of the more serious problems we have to address is how (and if) we stay= in=20 sync with OpenBSD. As far as I understand it is suggested not to change any= =20 kernel <-> userland API/ABI during a -STABLE cycle. This effectively means= =20 that we can *not* track OpenBSD releases in -STABLE since they tend to chan= ge=20 API/ABI a lot. I think, however, that PF as of OpenBSD 3.5 (the one we have= =20 now as part of 5-STABLE) is already very mature and will serve well for the= =20 coming <2 years until we will move on to 6-STABLE. There are some FreeBSD specific things that need improvement and clean up.= =20 This is the first task that I will work on in 6-CURRENT starting from now.= =20 Most prominently this includes the interface handling. There are some open= =20 problems to be addressed, such as the inability to recognize renamed=20 interfaces as well as problems around 6to4. The hotfix for the interface=20 renaming that I posted here a while ago (and was not tested :-( ) causes so= me=20 problems with unloading the module and hence has not been committed. There = is=20 some more fundamental cleaning to be done in that part of the code. Together with the cleaning I will address the way we handle the PF modules = at=20 the moment. It should be possible to load pflog/pfsync as individual module= s.=20 It is yet unclear if that is possible without impacts on the performance so= =20 we will consider this very carefully. Another big thing on the plate now, is a shared/exclusive lock semantic for= =20 the ruleset evaluation. This will not only speed things up by quite a bit,= =20 but will also resolve the requirement to run with mpsafenet=3D0 if one want= s to=20 use user/group based filter rules. Preliminary patches have been on the lis= t=20 some time ago, but there are serious shortcomings and we will have to take= =20 this back to the blueprint planning to make it as good as we want it to be. All these projects will be merged into 5-STABLE once they have proven in HE= AD. Other than that, we will resume tracking OpenBSD releases once (some of) th= e=20 above tasks have been completed. If we catch up on OpenBSD 3.6 in HEAD it=20 will only complicate the testing of these changes. At the same time we will= =20 start to work on some FreeBSD specific features, but this has a low(er)=20 priority for the moment. It seems that pf development has reached a point o= f=20 maturity and will not gain too much new features in the next releases of=20 OpenBSD. There are some interesting cleanups and improvements of existing=20 infrastructure, but the main capabilities seem to have settled. Thanks for reading so far, please let me know your thoughts, concerns and=20 questions. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2255424.PjvYpdfZ49 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBcvncXyyEoT62BG0RAi+rAJwPW5lqjhGwS8rD9KZPnRpM3QI3NQCfT0pN 1P70j4kzsNwdVY9LGL4vbs4= =nZzY -----END PGP SIGNATURE----- --nextPart2255424.PjvYpdfZ49--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200410180101.48611.max>