DragonFly kernel List (threaded) for 2004-05
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

Re: PF/ALTQ

From:	Max Laier <max@xxxxxxxxxxxxxx>
Date:	Sat, 8 May 2004 12:57:04 +0200

On Saturday 08 May 2004 03:43, Matthew Dillon wrote:
> :Does anyone here have any plans to import PF and ALTQ into FreeBSD? It's
> : now in FreeBSD 5.x base, so it shouldnt be too hard to import?
> :
> :Max Laier made a test import and it worked out pretty well, but it looks
> :like he's too buys at these times to import it for us. I also know that
> : Matt don't want things like security prioritized at this stage, but it
> : still would be nice to have the features. Alot of people are using
> : OpenBSD on their gateways/firewalls just because of PF/ALTQ.

Yes. That is the case indeed. I could hack together a new test import, but I 
do not believe that this would serve the project well. With the ongoing work 
in your netstack, it'd be much more reasonable to implement a quite different 
firewall. Anyhow, it sure is possible to modify pf to work *well* in 
DragonFly environment. As Erik said, I am just a bit busy ... if you need 
pointers, though, feel free to ask (that's the main reason why I did not ask 
to remove me from the "team" list, but a note that I am not actively working 
on it might be sensable?!).

> :And some of us tries to run DragonFly on all boxes they can, just to help
> :out with bug reporting :)
> :
> :Erik
>
>     Well, more like it's not a priority for *me*, yet.  There's still a lot
>     of basic infrastructure that needs to get done before I can turn my
>     attention to higher level things.  This certainly does not prevent
> others from working on the issue, though.
>
>     If it can be done as a module, and does not interfere with Jeff's work,
>     it can go into the system at any time.  Otherwise I would suggest
> waiting a few more weeks to let Jeff get farther along with the network
> stack before we start ripping up the kernel again with PF/ALTQ.

Pf will work as a module, provided you do something about interface address 
changes and interface arrival/leave events. ALTQ will not, but as far as I am 
familiar with Jeff's work, it will not interfere. I suggest that you import 
only disciplines that support pf_altq mode which is even less disruptive.

Questions welcome, just allow me some time to answer them.

-- 
Best regards,				| mlaier@xxxxxxxxxxx
Max Laier				| ICQ #67774661
http://pf4freebsd.love2party.net/	| mlaier@EFnet

Attachment: pgp00003.pgp
Description: signature

Follow-Ups:
- Re: PF/ALTQ
  - From: Emiel Kollof

References:
- PF/ALTQ
  - From: Erik P. Skaalerud
- Re: PF/ALTQ
  - From: Matthew Dillon

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]