Re: NPF and PF

To: tech-net%NetBSD.org@localhost
Subject: Re: NPF and PF
From: Joerg Sonnenberger <joerg%bec.de@localhost>
Date: Wed, 16 Dec 2020 16:38:51 +0100

On Wed, Dec 16, 2020 at 04:07:54PM +0100, Hauke Fath wrote:
> On Wed, 16 Dec 2020 13:26:12 +0100, Joerg Sonnenberger wrote:
> > On Tue, Dec 15, 2020 at 10:40:46PM -0600, Hector wrote:
> >> My use cases depend on PF.  NPF is incapable of doing some things which
> >> I currently do with PF.  If there are any plans or thoughts to remove PF
> >> from NetBSD, I would be greatly concerned. In fact, I would like to see
> >> PF be maintained so it is not considered "obsolete". I might be able
> >> to work on this, if I were given some guidance.
> > 
> > I think you are severely underestimating the amount of work updating PF
> > involves. Yes, there are known shortcomings in NPF, but changes are
> > extremely high that fixing them is at least an order of magnitude less
> > work. That's not even including the work of keeping it up-to-date.
> 
> FreeBSD has forked pf a while back, and made it smp capable. I have 
> converted three NetBSD 7 routers @work to FreeBSD three years ago, and 
> they have been performant and stable ever since. If you need the 
> feature set of pf, but cannot stomach its creators, that would be the 
> way to go.

...and have you looked at the amount of work that was? That's exactly my
point.

Joerg

Follow-Ups:
- Re: NPF and PF
  - From: Hauke Fath

References:
- NPF and PF
  - From: Hector
- Re: NPF and PF
  - From: Joerg Sonnenberger
- Re: NPF and PF
  - From: Hauke Fath

Prev by Date: Re: NPF and PF
Next by Date: Re: NPF and PF
Previous by Thread: Re: NPF and PF
Next by Thread: Re: NPF and PF
Indexes:

Home | Main Index | Thread Index | Old Index