OpenBSD Journal

Call For Testers - PF internals redesign

Contributed by jason on from the your-firewall-will-still-respect-you-in-the-morning dept.

Ryan McBride (mcbride@) posted to the OpenBSD Tech mailing list this evening asking for testers of the most recent snapshots. There has been a lot of work going into the PF internals in preparation for work at the upcoming hackathon. Users are asked to check for regression bugs, particularly in complex configurations with high state counts.

Note: This presents a flag day for PF. As such, userland must be updated to match the kernel, and certain applications that rely on the ABI will be broken until they're updated. Read below for the full announcement and all the details.

Date: Mon, 26 May 2008 14:09:13 +0900
From: Ryan McBride 
Subject: testing request: pf internals rearrangement
To: tech@openbsd.org

Summary:

Please test latest snapshot for PF regressions


Details:

This is a request for people to test PF with the most recent snapshots,
which contain a rather substantial rearrangment of PF's internals, and
completes the split between the layer 3/4 addressing information (state
key) and the "extra" tracking information held in the state.

There should be no real functionality changes in this, it does not make
anything magic happen, and there should be no regressions.  However, it
changes the ABI and is a flag-day for pfsync and userland utilities that
print states - you have to update userland with the kernel, and things
like pftop and pfflowd will be broken until they're updated.

These changes are necessary for a number of interesting things we're
planning on tackling during the hackathon in a few weeks, but we need it
to be solid and committed very soon to have that happen. It's been
tested in some high-load and production environments, but we'd like to
get some more test coverage, particularly in non-trivial configurations:
route-to/reply-to, pfsync, relayd, huge numbers of states, etc.

Snapshots on fast architectures (i386, amd64, sparc64, etc) include
these changes, please take it for a spin... Successful tests to
mcbride@openbsd.org, failures to the list.

Thanks,

-Ryan
To reiterate, please only send failures in reply to the OpenBSD Tech (tech@) mailing list. Successful test reports should be sent off-list to Ryan (mcbride@).

(Comments are closed)


Comments
  1. By Anonymous Coward (203.20.79.132) on

    This is really exciting. The anticipation of what is coming is going to kill me!

    Comments
    1. By Anonymous Coward (24.37.242.64) on

      > This is really exciting. The anticipation of what is coming is going to kill me!
      >

      Same here!

      When is the next hackathon?

      I'm looking forward to hearing about some updates on it.

      Comments
      1. By Anonymous Coward (87.210.142.234) on

        > > This is really exciting. The anticipation of what is coming is going to kill me!
        > >
        >
        > Same here!
        >
        > When is the next hackathon?
        >
        > I'm looking forward to hearing about some updates on it.

        That's all nice to hear, but did you already test the diff?

        Comments
        1. By Anonymous Coward (203.20.79.132) on

          > > > This is really exciting. The anticipation of what is coming is going to kill me!
          > > >
          > >
          > > Same here!
          > >
          > > When is the next hackathon?
          > >
          > > I'm looking forward to hearing about some updates on it.
          >
          > That's all nice to hear, but did you already test the diff?

          Downloading a snapshot now... ; - )

      2. By Anonymous Coward (2a01:348:108:100:20a:5eff:fe1a:a300) on

        > When is the next hackathon?

        Read the article...

  2. By Matt Van Mater (67.105.229.98) on

    Any details on what the upcoming hackathon topics are that make this testing so important? Sounds interesting.

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]