Re: Removing PF

[Michael van Elst <mlelstv%serpens.de@localhost>]

On Sat, Mar 30, 2019 at 08:51:25PM +0100, Piotr Meyer wrote:

> > If you care about bugs in pf, open PRs, best with reproducable test
> > cases, or just fix the bugs.

> There are bugreports already, one with statement related to this
> thread (from #50809[1], Feb 2016, three yars ago):

Doesn't look like anyone could analyze or reproduce that bug. And
the answer was the same as today.

> :  We really need to decide what to do with pf and ipf. People keep using
> :  them but it seems that the versions in the tree have bit rotted and we
> :  get kernel bugs that nobody seems to care about fixing. Particularly
> :  in the pf case, the code is really old and should be really updated to
> :  the latest pf if we want to maintain this packet filter in the tree.

Just look at the following paragraph.

"For that we need to get npf to have feature parity with the
 other packet filters."

It was true 2016, and it is still true. In the meantime we (and
that includes Maxime) at least fixed NPF bugs.


> BTW: IMO Maxime's arguments are strengthen by fact that he ALREADY
> fixed real bugs in PF, as commit history in [3] shows.
> 
> 1 - https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=50809
> 2 - https://mail-index.netbsd.org/tech-net/2017/03/23/msg006289.html
> 3 - http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dist/pf/net/?only_with_tag=MAIN

Have you actually looked at these commits? He changed parts of the
internal network API and had to adjust PF code to match these changes
and keep compiling. You could call that 'maintenance' but hardly 'fixed
real bugs'.


Greetings,
-- 
                                Michael van Elst
Internet: mlelstv%serpens.de@localhost
                                "A potential Snark may lurk in every tree."