pf 3.5 + ALTQ import / Looking for beta testers and altq drivers

Max Laier max at love2party.net
Tue May 18 17:15:03 PDT 2004 

Hello,

http://people.freebsd.org/~mlaier/ has an import of the OpenBSD 3.5 pf sources 
(OPENBSD_3_5_BASE, stable imports will follow later). To build this you need 
a recent -current source tree. Just apply the patch and copy over the other 
files. After this you should be ready for a build{world, kernel}. If you do 
not want to do a full buildworld, make sure to update (at least) pfctl(8) and 
authpf(8). You might also want to update ifconfig(8) and kdump(1).

This comes bundled with latest ALTQ sources from KAME, providing "pf_mode" 
only (i.e. no support of /dev/altq). This makes the locking really easy and 
keeps the impact of ALTQ to the tree very small (i.e. no classifier hooks 
etc).

The ALTQ-enabled driver set is very limited at the moment as I'd like to 
import only well-tested drivers to this patchset anticipating a possible 
import into the tree.

The pf import is a bit different in respect to the interface handling. As 
FreeBSD allows network interfaces to be renamed at runtime I had to introduce 
a special group for interfaces that have not yet been seen. Just to explain 
what this "notyet" group is all about and what "(placeholder)" means. Other 
than this, there should be no noticable difference between Open- and FreeBSD.

Please test this stuff if you have time/resources at hand and possibly 
feedback drivers after a reasonable time of testing. It should be able to 
apply the driver patch from the rofug.ro patchset in most cases, if you run 
into troubles - let me know.

Note that this is really a BETA patch. It works great for me on two routers, 
my desktop and laptop, but that does not mean anything. It is also missing 
some glue in regards to pfsync(4) (which is kinda pointless w/o carp[1] 
anyways) and other minor tweaks that make up a proper import. If you run into 
anything let me know! (w/ or w/o patches to fix it).

Okay ... this is a bit of a disordered mess, but I think you get the point. I 
am in Canada at the moment and will not be very available until monday, but I 
just had to send this out ... finally.

[1] There is an old patchset available to import this. Pick up from there or 
fund me to finish it ;)

P.S.: There is also this "jailed.patch". If you have an application for it, 
please give it a try (discription is on the site) and let me know what you 
think about it.

-- 
Best regards,				| mlaier at freebsd.org
Max Laier				| ICQ #67774661
http://pf4freebsd.love2party.net/	| mlaier at EFnet

More information about the freebsd-net mailing list