From owner-freebsd-pf@FreeBSD.ORG Thu Nov 22 15:00:07 2012 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1A2CFB7 for ; Thu, 22 Nov 2012 15:00:07 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: from mail-qa0-f54.google.com (mail-qa0-f54.google.com [209.85.216.54]) by mx1.freebsd.org (Postfix) with ESMTP id BE5378FC15 for ; Thu, 22 Nov 2012 15:00:06 +0000 (UTC) Received: by mail-qa0-f54.google.com with SMTP id g24so1079257qab.13 for ; Thu, 22 Nov 2012 07:00:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=CktWUpIBW6FvmsEAgE3j8rHJ8V5A6FeqFqZFZZ53kxU=; b=MUTPaj176FYLDeWpSeMu2Vjr0cIqvjWHq+5I1vyk7Pb2UlqcUewK+67tCtL9Gq2AKe MrABeUCOHpRR1tW1EwVhAXJfrC4e2le1aMUeoJWCpw2YdjvZJO6g/Ph0OQYzuHKsmdco mMFUBfVBCcEiCnARV4wJK0ZZ8hHuYHyZBIAiX0mgaSzvgWMYTMKMET3d2trzEqHHfNF8 FUQiUVcwu4T9uB+akZaDjYN5vez3SHRAX/zEVjdny4qcs/eIW8w9I/DO7aF+32j1vDIK dm0HhbjgmbZWguaFfPkL0rMQ5Qw8h4snqQ8cITH2fAvl4RU5GoYeuHCWivfOEZtZD5dT NJKw== MIME-Version: 1.0 Received: by 10.224.53.5 with SMTP id k5mr1522088qag.20.1353596405082; Thu, 22 Nov 2012 07:00:05 -0800 (PST) Sender: ermal.luci@gmail.com Received: by 10.49.121.163 with HTTP; Thu, 22 Nov 2012 07:00:05 -0800 (PST) In-Reply-To: References: Date: Thu, 22 Nov 2012 16:00:05 +0100 X-Google-Sender-Auth: 4bnjcXM8_Nfnsvp7gArHnMiwdIc Message-ID: Subject: Re: Upgrading FreeBSD to use the NEW pf syntax. From: =?ISO-8859-1?Q?Ermal_Lu=E7i?= To: Ian FREISLICH Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: "freebsd-pf@freebsd.org" X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Nov 2012 15:00:07 -0000 On Thu, Nov 22, 2012 at 3:13 PM, Ian FREISLICH wrote: > =?ISO-8859-1?Q?Ermal_Lu=E7i?= wrote: > > On Tue, Nov 20, 2012 at 9:07 AM, Sami Halabi wrote: > > > This was actually discussed much before, as I read it would make some > > > issues with the new pf-smp work done by gleb. > > > > > Not really since Gleb just changed the locking and nothing else. > > All his work is under the hood. > > > > He actually broke if-bound state but that's another story. > > Do you have more details on this? We use ifbound state in production > and I haven't noticed any issues with ifbound state, the way that > we use it. > > Well 'broken' is maybe not the good word depending on the context. The issue is that if-bound state in HEAD is a null op. Since every state goes into the hash buckets. Before with if-bound states a state will be bound to an interface so a packet coming/going from/to another interface would not match. Also would give some resilience with dynamic interfaces. Today its a null op. So it voids the keyword which should be deprecated in FreeBSD or should be reintroduced! Also it may break people assumptions on it. > There is however an issue with route-to and reply-to when using > ifbound state, but that problem existed before Gleb's work. > > Ian > > -- > Ian Freislich > -- Ermal