Date: Sun, 07 Dec 2014 16:52:53 +0100 From: Martin Hanson <greencoppermine@yandex.com> To: Kurt Jaeger <lists@opsec.eu> Cc: "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org> Subject: Re: Why merging recent OpenBSD PF code is not easy (was Re: FOLLOW-UP) Message-ID: <473461417967573@web11h.yandex.ru> In-Reply-To: <20141207111233.GQ44537@home.opsec.eu> References: <363021417833295@web21g.yandex.ru> <20141207111233.GQ44537@home.opsec.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
>> Nobody in their right mind would run the current version of PF on >> FreeBSD! > > There was a big discussion on PF this summer, see > > http://lists.freebsd.org/pipermail/freebsd-current/2014-July/051229.html > > There are several issues why it can not easily be merged. The one > I remember was that the PF code is not suitable for multi-core use. > Today's hosts need multicore to keep up with line rates (and I have > a bunch of routers speaking BGP4 and running FreeBSD), so > something needs to be done in either direction. All in good time! But the way it has been dealt with on FreeBSD is just plain stupid! I am sorry, but take a look at the PF on OpenBSD! The PF code on OpenBSD has essentially been completely replaced by the redesign those guys did. Its not just syntax changes, those changes was a result of the redesign. Did anyone on FreeBSD bother to look at that first? Multi-threading!? So okay, now there's essentially another product on FreeBSD, its NOT PF any longer! It's "old crap that should have been updated some six years ago" with new multi-threading support! And then some fixes here and there by a single guy, or two guys. Bad decisions don't become right just because you sugar coat them with some new flavor. All we need now is a new name, how about fpf (f***ed, PF?). Sorry. > There is an OpenBSD fork (!): > > https://www.bitrig.org/ > > probably because the way OpenBSD handles its issues, and maybe > the multicore (vrs. old platform support) is one of them. So please do > not consider it an easy problem. It's hard. Nobody said it was easy. But there is something a lot of people seem to misunderstand. OpenBSD will eventually get multicore support, no doubt about that, but the difference is that once they do, they do it RIGHT! They don't let big companies bully them around! Other people are just in a hurry, so who the hell cares if getting there causes serious documentation lacking, old crap - that should have been fixed - gets mixed with new crap, and quality is.. well.. we don't recognize that word any longer - do we!? bitrig.org? YES! Lets break some more stuff! > -- > pi@opsec.eu +49 171 3101372 6 years to go !
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?473461417967573>