Date: Wed, 21 Nov 2012 15:44:13 +0100 From: =?ISO-8859-1?Q?Ermal_Lu=E7i?= <eri@freebsd.org> To: Gleb Smirnoff <glebius@freebsd.org> Cc: Mark Martinec <Mark.Martinec+freebsd@ijs.si>, freebsd-current@freebsd.org, "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org> Subject: Re: Upgrading FreeBSD to use the NEW pf syntax. Message-ID: <CAPBZQG2-uDFm67NtYOQ3vV7Xh_3zzMMPr441DqnV7tOyViF4Lg@mail.gmail.com> In-Reply-To: <20121121075642.GR67660@FreeBSD.org> References: <op.wn1vktomjfousr@box.dlink.com> <CAPBZQG2R%2BLXTo8xXZNhfWg%2BS4wtkDc1cAuhoHqdgyiGDGZuXOw@mail.gmail.com> <CAEW%2BogbUkHTaef98=CusV%2BV3qTFHqj-7x-_icKaom_0d2gv69g@mail.gmail.com> <201211201543.17903.Mark.Martinec%2Bfreebsd@ijs.si> <20121121075642.GR67660@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Nov 21, 2012 at 8:56 AM, Gleb Smirnoff <glebius@freebsd.org> wrote: > Mark, > > On Tue, Nov 20, 2012 at 03:43:17PM +0100, Mark Martinec wrote: > M> For one thing, I'm desperately awaiting NAT64 support (the 'af-to' > M> translation rule in newer pf (5.1?), committed on 2011-10). > > Backport this exact feature to FreeBSD and send patch. > > M> Other: packet normalization (scrub) has been reworked and simplified, > M> and is now a rulset option. Considering that scrub is currently broken > M> (9.1, see list of PF bugs in FreeBSD), along with several other > M> bugs that need fixing, it seems the (scarce) manpower would better > M> be spent in moving on, than keeping the already leaky (buggy) pf > M> afloat. > > Yes, scrub improvements can be cherry picked and added to FreeBSD, too. > > The issues is you cannot without modifying rule config. > But if you think that bulk import of new version would close all current > bugs without opening new problems, then you are mistaking. Last bulk > import introduced much more bugs than it closed. And this statement isn't > a accusation towards the person who did the import. This is just a generic > rule. If you take 100k lines of code that were developed for another > operating system kernel and without thourough reviewing it just make it > compile and link with another kernel, then you are about to miss many > rough edges that will show up later, when the code would be utilized. > > Thus, cherry-picking is preferred over bulk imports. > > Well it depends on the amount of work. Cherry-picking would be when tehre is reasonable similarities. Also another argument to do this would be simplicity on locking as well as i told you when you started the changes. Though i am open to work together on this to merge the new syntax thorugh a whole bulk merge rather than cherry-pick. You already have 'broken' some functionality as if-bound in FreeBSD 10.x so why not break syntax and see to introduce if real value behind a converter as well. > -- > Totus tuus, Glebius. > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > -- Ermal
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPBZQG2-uDFm67NtYOQ3vV7Xh_3zzMMPr441DqnV7tOyViF4Lg>