Re: Removing PF

[Piotr Meyer <aniou%smutek.pl@localhost>]

On Sat, Mar 30, 2019 at 08:26:23PM +0100, Michael van Elst wrote:
> On Sat, Mar 30, 2019 at 08:10:21PM +0100, Maxime Villard wrote:
> 
> > ... sure, meanwhile you didn't really answer to the core of the issue, which
> > I think was stated clearly by Sevan ...
> 
> The issue is that we need to work on npf before we can drop other code.
> 
> If you care about bugs in pf, open PRs, best with reproducable test
> cases, or just fix the bugs.

There are bugreports already, one with statement related to this
thread (from #50809[1], Feb 2016, three yars ago):

:  We really need to decide what to do with pf and ipf. People keep using
:  them but it seems that the versions in the tree have bit rotted and we
:  get kernel bugs that nobody seems to care about fixing. Particularly
:  in the pf case, the code is really old and should be really updated to
:  the latest pf if we want to maintain this packet filter in the tree.

Although there was conclusions that "NPF is the seemly lack of BRIDGE_IPF"
I found that Mindaugas wrote that it should work[2].

BTW: IMO Maxime's arguments are strengthen by fact that he ALREADY
fixed real bugs in PF, as commit history in [3] shows.

1 - https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=50809
2 - https://mail-index.netbsd.org/tech-net/2017/03/23/msg006289.html
3 - http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dist/pf/net/?only_with_tag=MAIN

Regards,
-- 
Piotr 'aniou' Meyer