From owner-cvs-src@FreeBSD.ORG Fri Feb 27 10:00:24 2004 Return-Path: Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2CA1916A4D3; Fri, 27 Feb 2004 10:00:24 -0800 (PST) Received: from smtp.netcabo.pt (smtp.netcabo.pt [212.113.174.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 113F343D31; Fri, 27 Feb 2004 10:00:23 -0800 (PST) (envelope-from bms@spc.org) Received: from mail pickup service by smtp.netcabo.pt with Microsoft SMTPSVC; Fri, 27 Feb 2004 18:00:22 +0000 Received: from rt.dgc.tvcabo.pt ([212.113.163.4]) by smtp.netcabo.pt with Microsoft SMTPSVC(5.0.2195.6713); Thu, 26 Feb 2004 06:21:53 +0000 Received: (qmail 14250 invoked by uid 512); 26 Feb 2004 06:20:47 -0000 Received: from owner-cvs-all@freebsd.org by legolas.hdi.tvcabo.pt by uid 504 with qmail-scanner-1.20st (clamuko: 0.66. spamassassin: 2.63. Clear:RC:1(212.113.174.9):. Processed in 0.456713 secs); 26 Feb 2004 06:20:47 -0000 X-Antivirus-TVCABO-Mail-From: owner-cvs-all@freebsd.org via legolas.hdi.tvcabo.pt X-Antivirus-TVCABO: 1.20st (Clear:RC:1(212.113.174.9):. Processed in 0.456713 secs) process 14249 Received: from smtp.netcabo.pt (212.113.174.9) by rt.dgc.tvcabo.pt with SMTP; 26 Feb 2004 06:20:47 -0000 Received: from mx2.freebsd.org ([216.136.204.119]) by smtp.netcabo.pt with Microsoft SMTPSVC(5.0.2195.6713); Thu, 26 Feb 2004 06:19:38 +0000 Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id 833B257818; Wed, 25 Feb 2004 22:19:16 -0800 (PST) (envelope-from owner-cvs-all@freebsd.org) Received: from hub.freebsd.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id A5B2C16A51B; Wed, 25 Feb 2004 22:18:58 -0800 (PST) Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 20CDD16A4EF; Wed, 25 Feb 2004 22:18:51 -0800 (PST) Received: from arginine.spc.org (arginine.spc.org [195.206.69.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id 902E943D1D; Wed, 25 Feb 2004 22:18:50 -0800 (PST) (envelope-from bms@spc.org) Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id 98DFE65480; Thu, 26 Feb 2004 06:18:49 +0000 (GMT) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 53408-03; Thu, 26 Feb 2004 06:18:48 +0000 (GMT) Received: from saboteur.dek.spc.org (82-147-17-88.dsl.uk.rapidplay.com [82.147.17.88]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by arginine.spc.org (Postfix) with ESMTP id 2684165418; Thu, 26 Feb 2004 06:18:48 +0000 (GMT) Received: by saboteur.dek.spc.org (Postfix, from userid 1001) id DCB1B38; Thu, 26 Feb 2004 06:18:46 +0000 (GMT) Date: Thu, 26 Feb 2004 06:18:46 +0000 From: Bruce M Simpson To: Steve Kargl Message-ID: <20040226061846.GB15864@saboteur.dek.spc.org> Mail-Followup-To: Steve Kargl , Max Laier , src-committers@freebsd.org, cvs-src@freebsd.org, cvs-all@freebsd.org References: <200402260234.i1Q2YDx1014240@repoman.freebsd.org> <20040226060126.GA70201@troutmask.apl.washington.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="5vNYLRcllDrimb99" Content-Disposition: inline In-Reply-To: <20040226060126.GA70201@troutmask.apl.washington.edu> X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Sender: owner-cvs-all@freebsd.org Errors-To: owner-cvs-all@freebsd.org X-OriginalArrivalTime: 26 Feb 2004 06:19:38.0537 (UTC) FILETIME=[8324E990:01C3FC30] cc: cvs-src@freebsd.org cc: Max Laier cc: src-committers@freebsd.org cc: cvs-all@freebsd.org Subject: Re: cvs commit: src/sys/contrib/pf/net if_pflog.c if_pflog.h if_pfsync.c if_pfsync.h pf.c pf_ioctl.c pf_norm.c pf_osfp.c pf_table.c pfvar.h src/sys/contrib/pf/netinet in4_cksum.c X-BeenThere: cvs-src@freebsd.org List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2004 18:00:24 -0000 --5vNYLRcllDrimb99 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Feb 25, 2004 at 10:01:26PM -0800, Steve Kargl wrote: > > Log: > > Bring diff from the security/pf port. This has code been tested as a = port > > for a long time and is run in production use. This is the code presen= t in > > portversion 2.03 with some additional tweaks. >=20 > Was this import discussed on arch@ or current@? We now have ipfw, ipfilt= er, > and pf in the base system. How many more firewall packages are we going > to import into the base system? Are you going to remove ipfw or ipfilter? > Is there a NO_PF make.conf knob? PF is not in the base system at this time. The import is the product of ongoing discussions between several of the network developers; core@ have also been involved (Max was brought onto the team explicitly for this purpose). A by-product of the pf import is that other more general fixes have been ongoing within the network stack which are related to parallelism in the network stack (removal of MT_TAG on-stack mbufs, for one thing). The benefits (many) outweigh the disadvantages (few); pf development and maintenance is extremely active compared to the other firewall implementations we have. The IPv6 support is also very mature and extensive. Maintenance of pf outside of the main kernel source tree is difficult because of the API differences between OpenBSD and FreeBSD. We do not plan to remove ipfw or ipfilter at this time nor do we have plans to remove them, until pf receives further evaluation by the user base, there would be no mandate or grounding for such a decision. We do however plan to try to smooth the differences between the different codebases as much as possible, through the use of PFIL_HOOKS (this was something I discussed with luigi@ and markm@ over lunch in December). I also have Evil Plans(tm) for pf on FreeBSD. BMS --5vNYLRcllDrimb99 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Comment: '' iD8DBQFAPY/FueUpAYYNtTsRAl5YAKCWa2J+6FrU/xow9k/O6VSeuG4nOwCfe8P0 QSD6AY6B4vyFLcjpxbuNXfQ= =6cwP -----END PGP SIGNATURE----- --5vNYLRcllDrimb99--