Date: Mon, 8 Dec 2014 11:04:00 +0000 From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Jim Thompson <jim@netgate.com> Cc: Martin Hanson <greencoppermine@yandex.com>, freebsd-pf@freebsd.org Subject: Re: Why merging recent OpenBSD PF code is not easy (was Re: FOLLOW-UP) Message-ID: <6BB4C12E-DB19-42C1-93C8-264BAA053CED@lists.zabbadoz.net> In-Reply-To: <75F1B874-8BF5-4500-A9EB-9A6E3F90C3F2@netgate.com> References: <115251417993747@web27m.yandex.ru> <75F1B874-8BF5-4500-A9EB-9A6E3F90C3F2@netgate.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 08 Dec 2014, at 02:22 , Jim Thompson <jim@netgate.com> wrote: >> On Dec 7, 2014, at 5:09 PM, Martin Hanson = <greencoppermine@yandex.com> wrote: >>=20 >> Seems like you have missed the whole point, nobody can sort it out = now! >=20 > No, you=92re missing the point. >=20 > The codebase has forked, and it=92s unlikely that anyone who is = working on (or in a position to direct work on) pf believes that the = correct course of action is to reverse at this point, and follow your = prescriptive. I have not read all your references but there are more points one could = possibly consider: - backward compatibility; FreeBSD tries not to screw users over with = every new major release and constantly changing syntax and old firewall = rules no longer working are just not an option for us; you can =93fix=94 = this by writing a backward compat parser and adjusting the code to = support all the stuff still; just a lot more extra work on code you = don=92t maintain and thus making it hard to sync. - the #ifdefs were indeed just not sustainable and a major pain reading = the code; that could have been reduced but frankly prevented us for too = long to work on the code. V_irtualisation is just another code mangler. - the tight integration of pf in OpenBSD with the rest of their network = stack started to suit the more generic FreeBSD model less and less. We = can=92t just do that unless we drop other firewalls and screw a lot of = commercial user base. - There is another major pf player in the game who wasn=92t mentioned = yet, and that=92s Apple. Has anyone considered looking at their = implementation shipping on millions of devices, requiring similar =93API = stability=94 as FreeBSD would love to support? Just a few things from the top of my head. =97=20 Bjoern A. Zeeb Charles Haddon Spurgeon: "Friendship is one of the sweetest joys of life. Many might have failed beneath the bitterness of their trial had they not found a friend."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6BB4C12E-DB19-42C1-93C8-264BAA053CED>