From owner-freebsd-pf@FreeBSD.ORG Sat Dec 6 02:09:44 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2A2AEBF7 for ; Sat, 6 Dec 2014 02:09:44 +0000 (UTC) Received: from forward15.mail.yandex.net (forward15.mail.yandex.net [IPv6:2a02:6b8:0:801::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "forwards.mail.yandex.net", Issuer "Certum Level IV CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D4974B09 for ; Sat, 6 Dec 2014 02:09:43 +0000 (UTC) Received: from web24j.yandex.ru (web24j.yandex.ru [5.45.198.65]) by forward15.mail.yandex.net (Yandex) with ESMTP id 0DE209E1087 for ; Sat, 6 Dec 2014 05:09:31 +0300 (MSK) Received: from 127.0.0.1 (localhost [127.0.0.1]) by web24j.yandex.ru (Yandex) with ESMTP id A41241E00164; Sat, 6 Dec 2014 05:09:31 +0300 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.com; s=mail; t=1417831771; bh=xTwNgWvGjj3QW9LWLVpAZWfbRVhN+yY5DOr3LRsgOCE=; h=From:To:Subject:Date; b=kChupyrIl49zwCP+d7oAEPOO7KOiU8vMd4mrzdoKf6Im2aYq4T5860MoUylWiIF24 IA179LtwWjG/h7Zhxn2WA5bj4fNAYr+ubS0nUI8unYDlEtd8Yh5Sb0zMVQk46JZ0iX 7i8Vzgp2+DHCP/0QdEKy4jOhPI0u/N6TNgcS5LaM= Received: from 108.61.122.87.choopa.net (108.61.122.87.choopa.net [108.61.122.87]) by web24j.yandex.ru with HTTP; Sat, 06 Dec 2014 05:09:31 +0300 From: Martin Hanson To: freebsd-pf@freebsd.org Subject: Get RID of the multi threading patch in FreeBSDs version of PF MIME-Version: 1.0 Message-Id: <136621417831771@web24j.yandex.ru> X-Mailer: Yamail [ http://yandex.ru ] 5.0 Date: Sat, 06 Dec 2014 03:09:31 +0100 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Dec 2014 02:09:44 -0000 Hi, I have been looking into PF on FreeBSD and I am surprised about the situation in which support for multi threading was added before it was brought up to date with the version from OpenBSD. Some people outright warn about using it because the version in FreeBSD is more than five years old and with the multi threading patch it has become completely impossible to bring it up to date. Has any important bugs been fixed in PF on OpenBSD since the current port in FreeBSD that actually makes the current PF in FreeBSD "dangerous" to run with? I believe that most would agree that it would be a whole lot better to get an updated port from OpenBSD rather than running with multi threading support on a completely outdated firewall. It's like taking my old rust bucket of a car and installing a new fast engine before a actually fixing the old crap. Who cares about driving fast if the freaking wheels come of? Rolling it back WITHOUT actually upgrading it would even be *better* than running it with the multi threading patch! Then someone who might actually have the time might take the task upon himself/herself to bring it in sync with OpenBSD. With the multi threading patch in place nobody will ever want to do that! It is damaging for FreeBSD in that we're loosing the best firewall out there! I am not a coder, but my advice is: Roll PF back for the next release of FreeBSD and leave it as is! Then someone will upgrade it, sooner or later. Keep the multi threading patch and PF will eventually be gone from FreeBSD! Kind regards Martin