[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Any summary on work done during recent pf2k4 hackathon ?



On Wed, May 05, 2004 at 03:38:29PM +0800, Yusuf Goolamabbas wrote:
> Hi, Can any of the participants of the recent pf2k4 hackathon in Sechelt
> post about the summary of the work done there and what has been
> committed, about to be committed etc
Henning made a list in the second part of the recent ONLamp interview,
see
  http://www.onlamp.com/pub/a/bsd/2004/05/06/pf_developers.html
More details can be found in the commit logs themselves, of course, if
you're not subscribed to CVS log mailing list, the archive is online
on
  http://marc.theaimsgroup.com/?l=openbsd-cvs
The thing I've been working on in Sechelt mostly (and which isn't
completely finished yet) is making anchors fully recursive, so you can
put anchors within anchors within anchors, etc., instead of the fixed
two-level hierarchy there is now.
Among other things, that allows to split the main ruleset into a
hierarchy of subrulesets (much like functions in a programming
language), and together with conditional branching (calling functions
conditionally) that can improve evaluation performance. There's a full
call stack, so functions return to where they were called from. It think
this will be equally versatile as IPFilter group/head or iptables' chains,
but provides more structured paths (function calls instead of gotos).
It'll take a couple of days to finish the ugly details, but it's working
fine already. If you want to test it, you'll need a working, up-to-date
-current (if you have problems getting that set up, you don't want to be
testing this diff ;).
Daniel