Date: Thu, 27 Feb 2020 10:21:06 +0100 From: "Kristof Provost" <kp@FreeBSD.org> To: freebsd-pf@freebsd.org Subject: Re: Updating our translation functionality Message-ID: <966CF6DF-0EFF-4F92-924C-552F4F72A6A0@FreeBSD.org> In-Reply-To: <20200227100837.02d60d16@opal.com> References: <20200227100837.02d60d16@opal.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 27 Feb 2020, at 10:08, J.R. Oldroyd wrote: > I read back and found the thread last August "Update to PF from > OpenBSD > 6.5". > > I was going to ask the same thing but, given the complexities > discussed > in the responses there, perhaps the question should be asked a > different > way round. > > How much work would it be to add in OpenBSD's latest translation > functionality to our implementation? > > OpenBSD's pf has new translation functionality, specifically nat64 > support using the "af-to" syntax. At the same time, existing > translation syntax was changed with the nat, binat and rdr rule > syntax changing to "pass ... nat-to ..." etc. > > I think it is good that we are still called "pf" here and that we do > try > to maintain compatibility with other pf implementations. So, we > should > consider adding the new translation functionality to our > implementation. > Understood that this means requiring changes to existing pf.conf > configurations but these can be documented with examples and announced > in advance. > > How big of a project would this be? > I don’t know. I’ve not specifically investigated the nat64 bits, and they’re (to me) the least interesting bits as well. It’s possible that they can be imported without too much trouble, but someone would have to sit down and spend the time on it. Right now this isn’t even on my todo list and I’m not planning to add it either. Given that this change would break compatibility with existing configurations (unless significant extra work is done to cope with this) I’m not keen on it. I’d need to see very good arguments for introducing an intermediate painful step between the current situation and a state where we have the same syntax as OpenBSD. If you’re looking for nat64, IPFW has an implementation. Best regards, Kristof
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?966CF6DF-0EFF-4F92-924C-552F4F72A6A0>