Re: kern/50809: pf panics while purging state

[Brad Spencer <brad%anduin.eldar.org@localhost>]

The following reply was made to PR kern/50809; it has been noted by GNATS.

From: Brad Spencer <brad%anduin.eldar.org@localhost>
To: rmind%NetBSD.org@localhost
Cc: christos%zoulas.com@localhost, gnats-bugs%NetBSD.org@localhost, kern-bug-people%NetBSD.org@localhost,
        gnats-admin%NetBSD.org@localhost, netbsd-bugs%NetBSD.org@localhost
Subject: Re: kern/50809: pf panics while purging state
Date: Mon, 15 Feb 2016 12:25:57 -0500 (EST)

    christos%zoulas.com@localhost (Christos Zoulas) wrote:
    > 
    > If we are not going to maintain them or spend cycles try to fix the
    > bugs people report, we should get people to use npf which we actively
    > maintain. For that we need to get npf to have feature parity with the
    > other packet filters. Hauke can you try switching in this case?
    > 
 
    I have not had enough time recently to work on the feature parity
    recently, but I am more than happy to spread the knowledge on the
    NPF internals and help with the work.  I also have some unfinished
    patches which add features; they need some mechanical completion
    and just testing really.
 
    -- 
    Mindaugas
 
 
 
 I probably use IPF in a somewhat unusual manor, but the only reason I
 don't use NPF is the seemly lack of BRIDGE_IPF.  I have placed an IPF
 filter in between me and the Internet with another system lower down doing
 NAT, and internal routing and more firewalling.  I actually have a small
 set of fully routable IPs that live on systems and would rather not do NAT
 on the edge if I can help it, nor would I like to maintain firewall sets
 on these systems for those things I would like to prevent from leaving or
 prevent from entering the edge network.
 
 
 
 -- 
 Brad Spencer - brad%anduin.eldar.org@localhost - KC8VKS
 http://anduin.eldar.org  - & -  http://anduin.ipv6.eldar.org [IPv6 only]