From owner-freebsd-pf@FreeBSD.ORG Sun Oct 17 23:02:25 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B73F316A4CE for ; Sun, 17 Oct 2004 23:02:25 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.171]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2166643D46 for ; Sun, 17 Oct 2004 23:02:25 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.205] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1CJK2i-0007yW-00 for freebsd-pf@freebsd.org; Mon, 18 Oct 2004 01:02:24 +0200 Received: from [84.128.141.34] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1CJK2e-0008Uz-00 for freebsd-pf@freebsd.org; Mon, 18 Oct 2004 01:02:24 +0200 From: Max Laier To: freebsd-pf@freebsd.org Date: Mon, 18 Oct 2004 01:01:42 +0200 User-Agent: KMail/1.7 MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2255424.PjvYpdfZ49"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200410180101.48611.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 Subject: Plans for 6-CURRENT and 5-STABLE X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Oct 2004 23:02:25 -0000 --nextPart2255424.PjvYpdfZ49 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline All, [Attention: Long mail - lot of babbling] now that RELENG_5_3 has been cut and FreeBSD 5.3 - the first release to shi= p=20 with PF - is about to leave the door. It's time to talk about the future=20 direction on PF development within FreeBSD. I'd like to share some of the=20 plans I have in mind and the anticipated schedule for them. One of the more serious problems we have to address is how (and if) we stay= in=20 sync with OpenBSD. As far as I understand it is suggested not to change any= =20 kernel <-> userland API/ABI during a -STABLE cycle. This effectively means= =20 that we can *not* track OpenBSD releases in -STABLE since they tend to chan= ge=20 API/ABI a lot. I think, however, that PF as of OpenBSD 3.5 (the one we have= =20 now as part of 5-STABLE) is already very mature and will serve well for the= =20 coming <2 years until we will move on to 6-STABLE. There are some FreeBSD specific things that need improvement and clean up.= =20 This is the first task that I will work on in 6-CURRENT starting from now.= =20 Most prominently this includes the interface handling. There are some open= =20 problems to be addressed, such as the inability to recognize renamed=20 interfaces as well as problems around 6to4. The hotfix for the interface=20 renaming that I posted here a while ago (and was not tested :-( ) causes so= me=20 problems with unloading the module and hence has not been committed. There = is=20 some more fundamental cleaning to be done in that part of the code. Together with the cleaning I will address the way we handle the PF modules = at=20 the moment. It should be possible to load pflog/pfsync as individual module= s.=20 It is yet unclear if that is possible without impacts on the performance so= =20 we will consider this very carefully. Another big thing on the plate now, is a shared/exclusive lock semantic for= =20 the ruleset evaluation. This will not only speed things up by quite a bit,= =20 but will also resolve the requirement to run with mpsafenet=3D0 if one want= s to=20 use user/group based filter rules. Preliminary patches have been on the lis= t=20 some time ago, but there are serious shortcomings and we will have to take= =20 this back to the blueprint planning to make it as good as we want it to be. All these projects will be merged into 5-STABLE once they have proven in HE= AD. Other than that, we will resume tracking OpenBSD releases once (some of) th= e=20 above tasks have been completed. If we catch up on OpenBSD 3.6 in HEAD it=20 will only complicate the testing of these changes. At the same time we will= =20 start to work on some FreeBSD specific features, but this has a low(er)=20 priority for the moment. It seems that pf development has reached a point o= f=20 maturity and will not gain too much new features in the next releases of=20 OpenBSD. There are some interesting cleanups and improvements of existing=20 infrastructure, but the main capabilities seem to have settled. Thanks for reading so far, please let me know your thoughts, concerns and=20 questions. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2255424.PjvYpdfZ49 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBcvncXyyEoT62BG0RAi+rAJwPW5lqjhGwS8rD9KZPnRpM3QI3NQCfT0pN 1P70j4kzsNwdVY9LGL4vbs4= =nZzY -----END PGP SIGNATURE----- --nextPart2255424.PjvYpdfZ49--