Re: Experiments with npf on -current

To: Mindaugas Rasiukevicius <rmind%netbsd.org@localhost>
Subject: Re: Experiments with npf on -current
From: Darren Reed <darrenr%netbsd.org@localhost>
Date: Wed, 23 Nov 2011 04:34:36 +0100

On 20/11/2011 9:48 PM, Mindaugas Rasiukevicius wrote:
> David Brownlee <abs%absd.org@localhost> wrote:
>>
>> /etc/rc.d/npf reload
>> Reloading NPF ruleset.
>> npfctl: n-code size got wrong (36 != 72)
>>
>>
>> /netbsd & /stand/amd64/5.99.56/modules/npf/npf.kmod  from the same
>> build last night.
>> Could there be anything obvious I'm missing?
>>
>> Thanks
> 
> There are multiple regressions after IPv6 merge, which broke IPv4 filtering
> as well.  I have various fixes in my local tree, which I hope to finish in
> upcoming week.  Also, separate fixes for TCP state tracking, which are still
> under testing.

Well at least there is one firewall solution in NetBSD (ipfilter) where
testing (prior to integration) and security are taken seriously.

Darren

Follow-Ups:
- Re: Experiments with npf on -current
  - From: Scott Solmonson

References:
- Experiments with npf on -current
  - From: David Brownlee
- Re: Experiments with npf on -current
  - From: Mindaugas Rasiukevicius

Prev by Date: Re: NetBSD 5.1 TCP performance issue (lots of ACK)
Next by Date: Re: Experiments with npf on -current
Previous by Thread: Re: Experiments with npf on -current
Next by Thread: Re: Experiments with npf on -current
Indexes:

Home | Main Index | Thread Index | Old Index