From owner-freebsd-pf@FreeBSD.ORG  Wed Nov 21 07:56:44 2012
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id 12E67A97;
 Wed, 21 Nov 2012 07:56:44 +0000 (UTC)
 (envelope-from glebius@FreeBSD.org)
Received: from cell.glebius.int.ru (glebius.int.ru [81.19.64.117])
 by mx1.freebsd.org (Postfix) with ESMTP id 7CE318FC17;
 Wed, 21 Nov 2012 07:56:43 +0000 (UTC)
Received: from cell.glebius.int.ru (localhost [127.0.0.1])
 by cell.glebius.int.ru (8.14.5/8.14.5) with ESMTP id qAL7ugOw075471;
 Wed, 21 Nov 2012 11:56:42 +0400 (MSK)
 (envelope-from glebius@FreeBSD.org)
Received: (from glebius@localhost)
 by cell.glebius.int.ru (8.14.5/8.14.5/Submit) id qAL7ugG8075470;
 Wed, 21 Nov 2012 11:56:42 +0400 (MSK)
 (envelope-from glebius@FreeBSD.org)
X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to
 glebius@FreeBSD.org using -f
Date: Wed, 21 Nov 2012 11:56:42 +0400
From: Gleb Smirnoff <glebius@FreeBSD.org>
To: Mark Martinec <Mark.Martinec+freebsd@ijs.si>
Subject: Re: Upgrading FreeBSD to use the NEW pf syntax.
Message-ID: <20121121075642.GR67660@FreeBSD.org>
References: <op.wn1vktomjfousr@box.dlink.com>
 <CAPBZQG2R+LXTo8xXZNhfWg+S4wtkDc1cAuhoHqdgyiGDGZuXOw@mail.gmail.com>
 <CAEW+ogbUkHTaef98=CusV+V3qTFHqj-7x-_icKaom_0d2gv69g@mail.gmail.com>
 <201211201543.17903.Mark.Martinec+freebsd@ijs.si>
MIME-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
In-Reply-To: <201211201543.17903.Mark.Martinec+freebsd@ijs.si>
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: freebsd-current@FreeBSD.org, freebsd-pf@FreeBSD.org
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Nov 2012 07:56:44 -0000

  Mark,

On Tue, Nov 20, 2012 at 03:43:17PM +0100, Mark Martinec wrote:
M> For one thing, I'm desperately awaiting NAT64 support (the 'af-to'
M> translation rule in newer pf (5.1?), committed on 2011-10).

Backport this exact feature to FreeBSD and send patch.

M> Other: packet normalization (scrub) has been reworked and simplified,
M> and is now a rulset option. Considering that scrub is currently broken
M> (9.1, see list of PF bugs in FreeBSD), along with several other
M> bugs that need fixing, it seems the (scarce) manpower would better
M> be spent in moving on, than keeping the already leaky (buggy) pf
M> afloat.

Yes, scrub improvements can be cherry picked and added to FreeBSD, too.

But if you think that bulk import of new version would close all current
bugs without opening new problems, then you are mistaking. Last bulk
import introduced much more bugs than it closed. And this statement isn't
a accusation towards the person who did the import. This is just a generic
rule. If you take 100k lines of code that were developed for another
operating system kernel and without thourough reviewing it just make it
compile and link with another kernel, then you are about to miss many
rough edges that will show up later, when the code would be utilized.

Thus, cherry-picking is preferred over bulk imports.

-- 
Totus tuus, Glebius.