From owner-freebsd-pf@FreeBSD.ORG Sat Jun 2 06:52:53 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5C54916A421; Sat, 2 Jun 2007 06:52:53 +0000 (UTC) (envelope-from mime@traveller.cz) Received: from nxm.secservers.com (nxm.secservers.com [89.185.226.22]) by mx1.freebsd.org (Postfix) with ESMTP id E544A13C447; Sat, 2 Jun 2007 06:52:52 +0000 (UTC) (envelope-from mime@traveller.cz) Received: from [127.0.0.1] (nxm.secservers.com. [89.185.226.22]) by nxm.secservers.com (8.13.4/8.13.8) with ESMTP id l526dCL5098901; Sat, 2 Jun 2007 08:39:12 +0200 (CEST) (envelope-from mime@traveller.cz) From: Michal Mertl To: Max Laier In-Reply-To: <200706011717.54698.max@love2party.net> References: <20070601103549.GA22490@localhost.localdomain> <465FFFA4.1060706@delphij.net> <200706011717.54698.max@love2party.net> Content-Type: text/plain Date: Sat, 02 Jun 2007 08:39:06 +0200 Message-Id: <1180766346.30151.3.camel@genius.i.cz> Mime-Version: 1.0 X-Mailer: Evolution 2.10.1 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit Cc: freebsd-current@freebsd.org, freebsd-pf@freebsd.org Subject: Re: pf(4) status in 7.0-R X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Jun 2007 06:52:53 -0000 Max Laier wrote: > [ moving this to the more specific list ] > > On Friday 01 June 2007, LI Xin wrote: > > Stanislaw Halik wrote: > > > Heya, > > > > > > Are there any plans to sync pf(4) before 7.0-R? OpenBSD has some neat > > > stuff in it, including expiretable functionality, which would come in > > > handy. > > > > Last time I have talked with Max (Cc'ed) about the issue, we finally > > figured out that porting the whole stuff would need some > > infrastructural changes to our routing code, which could be risky so we > > wanted to avoid it at this stage (about 15 days before RELENG_7 code > > freeze). On the other hand, some functionality (like the expiretable > > feature) does not seem to touch a large part of kernel and might be > > appropriate > > RELENG_7(_0) candidate. > > > > Could you please enumerate some features that FreeBSD is currently lack > > of and are considered "high priority" so we will be able to evaluate > > whether to port? > > > > BTW. Patches are always welcome, as usual :-) So don't hesitate to > > submit if you already did some work. > > ditto. I'd like to import a couple of features on a per-feature base > rather than doing a complete import which isn't possible anymore due to > SMP and routing code changes. > > Submit your list of features and I'll see what I can do this weekend. My > list includes: > > - keep state and flags S/SA to default > - improved state table purgeing (this is internal, but a huge benefit) > - interface handling (groups etc.) > - pfsync / pflog update (not 100% sure about these due to libpcap / > tcpdump dependency) > > While at it, I might also introduce needed ABI breakage for netgraph > interaction. > > Anything else? > The updated ftp-proxy - the one in the tree does not rewrite source IP address of data connections and some firewalls (e.g. Windows Firewall) don't let the connection through. It should be pretty easy to import - the program it already in some form in the ports tree. Michal