From owner-freebsd-pf@freebsd.org Thu Feb 27 09:08:53 2020 Return-Path: Delivered-To: freebsd-pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B40AD259BF2 for ; Thu, 27 Feb 2020 09:08:53 +0000 (UTC) (envelope-from fbsd@opal.com) Received: from mail.opal.com (tunnel103479-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:113d::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.opal.com", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48Sn0N1l1Dz3R9R for ; Thu, 27 Feb 2020 09:08:51 +0000 (UTC) (envelope-from fbsd@opal.com) Received: from localhost ([IPv6:2001:470:8cb8:4:0:0:0:2]) (authenticated bits=0) by mail.opal.com (8.15.2/8.15.2) with ESMTPSA id 01R98ixe058605 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NO) for ; Thu, 27 Feb 2020 04:08:45 -0500 (EST) (envelope-from fbsd@opal.com) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opal.com; s=mail; t=1582794525; bh=oi/eE7qlSNmXYAGDLMcZrMty/CO522oJJ7SxAUCeIxw=; h=Date:From:To:Subject; b=oxLFmoMRNbof1tw0zBOfR0fd4t6eLVSShZ5ntRFLyhA5/DuhtfUikee0ry0qvv/qs aFFqK0sGS7SiZjUS1bqXq3YFlUFV7O2kui5eJ0hho8KUHwEzqWoVSZ/gnanDfVxXfQ 8AaTueIy0x1Yl4NJgv0eIfmCKhWix2ywksfzuVLs= Date: Thu, 27 Feb 2020 10:08:37 +0100 From: "J.R. Oldroyd" To: freebsd-pf@freebsd.org Subject: Updating our translation functionality Message-ID: <20200227100837.02d60d16@opal.com> X-Mailer: Claws Mail 3.17.4 (GTK+ 2.24.32; amd64-portbld-freebsd12.0) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2 (mail.opal.com [IPv6:2001:470:8cb8:2:0:0:0:1]); Thu, 27 Feb 2020 04:08:45 -0500 (EST) X-Rspamd-Queue-Id: 48Sn0N1l1Dz3R9R X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=opal.com header.s=mail header.b=oxLFmoMR; dmarc=none; spf=pass (mx1.freebsd.org: domain of fbsd@opal.com designates 2001:470:1f06:113d::2 as permitted sender) smtp.mailfrom=fbsd@opal.com X-Spamd-Result: default: False [-4.16 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[opal.com:s=mail]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-pf@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; DMARC_NA(0.00)[opal.com]; DKIM_TRACE(0.00)[opal.com:+]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; IP_SCORE(-1.66)[ipnet: 2001:470::/32(-4.65), asn: 6939(-3.58), country: US(-0.05)]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Feb 2020 09:08:53 -0000 Hi, I read back and found the thread last August "Update to PF from OpenBSD 6.5". I was going to ask the same thing but, given the complexities discussed in the responses there, perhaps the question should be asked a different way round. How much work would it be to add in OpenBSD's latest translation functionality to our implementation? OpenBSD's pf has new translation functionality, specifically nat64 support using the "af-to" syntax. At the same time, existing translation syntax was changed with the nat, binat and rdr rule syntax changing to "pass ... nat-to ..." etc. I think it is good that we are still called "pf" here and that we do try to maintain compatibility with other pf implementations. So, we should consider adding the new translation functionality to our implementation. Understood that this means requiring changes to existing pf.conf configurations but these can be documented with examples and announced in advance. How big of a project would this be? -jr