Contributed by jason on Mon May 26 13:36:59 2008 (GMT)
from the your-firewall-will-still-respect-you-in-the-morning dept.
Ryan McBride (mcbride@) posted to the OpenBSD Tech mailing list this evening asking for testers of the most recent snapshots. There has been a lot of work going into the PF internals in preparation for work at the upcoming hackathon. Users are asked to check for regression bugs, particularly in complex configurations with high state counts.
Note: This presents a flag day for PF. As such, userland must be updated to match the kernel, and certain applications that rely on the ABI will be broken until they're updated. Read below for the full announcement and all the details.
To reiterate, please only send failures in reply to the OpenBSD Tech (tech@) mailing list. Successful test reports should be sent off-list to Ryan (mcbride@).
Date: Mon, 26 May 2008 14:09:13 +0900
From: Ryan McBride
Subject: testing request: pf internals rearrangement
Please test latest snapshot for PF regressions
This is a request for people to test PF with the most recent snapshots,
which contain a rather substantial rearrangment of PF's internals, and
completes the split between the layer 3/4 addressing information (state
key) and the "extra" tracking information held in the state.
There should be no real functionality changes in this, it does not make
anything magic happen, and there should be no regressions. However, it
changes the ABI and is a flag-day for pfsync and userland utilities that
print states - you have to update userland with the kernel, and things
like pftop and pfflowd will be broken until they're updated.
These changes are necessary for a number of interesting things we're
planning on tackling during the hackathon in a few weeks, but we need it
to be solid and committed very soon to have that happen. It's been
tested in some high-load and production environments, but we'd like to
get some more test coverage, particularly in non-trivial configurations:
route-to/reply-to, pfsync, relayd, huge numbers of states, etc.
Snapshots on fast architectures (i386, amd64, sparc64, etc) include
these changes, please take it for a spin... Successful tests to
email@example.com, failures to the list.