From owner-freebsd-net@FreeBSD.ORG Sat Apr 13 12:13:41 2013 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 0D4B8D1F; Sat, 13 Apr 2013 12:13:41 +0000 (UTC) (envelope-from kpaasial@gmail.com) Received: from mail-wi0-x22b.google.com (mail-wi0-x22b.google.com [IPv6:2a00:1450:400c:c05::22b]) by mx1.freebsd.org (Postfix) with ESMTP id 27366135; Sat, 13 Apr 2013 12:13:39 +0000 (UTC) Received: by mail-wi0-f171.google.com with SMTP id hn17so323060wib.4 for ; Sat, 13 Apr 2013 05:13:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type:content-transfer-encoding; bh=ncYewNEqrVoGG7rIJVc4pIHBCTO9DfUhoKivuz/yyhs=; b=lKk92uQfzEcseCH1ZBVPskCAxCUhsoTbVf27ftWXZ1UCir+AhUOf5f8wHrfXTQodjY uRs7RLfj3pKZXl/GYfndAtGdXWNAw6ExwRVihxltM7aO7GU6p4Wl4ufMlmzfJKXpvZMa FfoZlOAabkmMANCsPXt50D2y3rDHrr8rPch1sv9jhtC7OyHytxfyGF53YelTAKPD8DVJ LUOaoyYUDjTKVPzuaSB7DjHEH3zj4spS/hfzACj3z2q2xzlaKtMnVYix8E7uNfUGu3+D v0s8MuGp4Rqm1nNrvWkr/+QlSrkQtS7OI0VM1KqBHpOX4d94tP60+luejKWbY1xSWf4g KLIA== MIME-Version: 1.0 X-Received: by 10.180.73.6 with SMTP id h6mr2869930wiv.27.1365855219275; Sat, 13 Apr 2013 05:13:39 -0700 (PDT) Received: by 10.216.139.72 with HTTP; Sat, 13 Apr 2013 05:13:39 -0700 (PDT) In-Reply-To: <6DEDD3EA-45C1-4549-AA13-5E4F6674BE3E@samsco.org> References: <20130411201805.GD76816@FreeBSD.org> <7D8ACD5C-821D-4505-82E4-02267A7BA4F8@FreeBSD.org> <96D56EAE-E797-429E-AEC9-42B19B048CCC@FreeBSD.org> <6DEDD3EA-45C1-4549-AA13-5E4F6674BE3E@samsco.org> Date: Sat, 13 Apr 2013 15:13:39 +0300 Message-ID: Subject: Re: ipfilter(4) needs maintainer From: Kimmo Paasiala To: Scott Long Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: Rui Paulo , "current@freebsd.org" , "net@freebsd.org" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Apr 2013 12:13:41 -0000 On Sat, Apr 13, 2013 at 3:03 PM, Scott Long wrote: > > On Apr 13, 2013, at 12:33 AM, Rui Paulo wrote: > >> On 2013/04/12, at 22:31, Scott Long wrote: >> >>> On Apr 12, 2013, at 7:43 PM, Rui Paulo wrote: >>> >>>> On 2013/04/11, at 13:18, Gleb Smirnoff wrote: >>>> >>>>> Lack of maintainer in a near future would lead to bitrot due to chang= es >>>>> in other areas of network stack, kernel APIs, etc. This already happe= ns, >>>>> many changes during 10.0-CURRENT cycle were only compile tested wrt >>>>> ipfilter. If we fail to find maintainer, then a correct decision woul= d be >>>>> to remove ipfilter(4) from the base system before 10.0-RELEASE. >>>> >>>> This has been discussed in the past. Every time someone came up and sa= id "I'm still using ipfilter!" and the idea to remove it dies with it. >>>> I've been saying we should remove it for 4 years now. Not only it's ou= tdated but it also doesn't not fit well in the FreeBSD roadmap. Then there'= s the question of maintainability. We gave the author a commit bit so that = he could maintain it. That doesn't happen anymore and it sounds like he has= since moved away from FreeBSD. I cannot find any reason to burden another = FreeBSD developer with maintaining ipfilter. >>>> >>> >>> One thing that FreeBSD is bad about (and this really applies to many op= en source projects) when deprecating something is that the developer and re= lease engineering groups rarely provide adequate, if any, tools to help use= rs transition and cope with the deprecation. The fear of deprecation can b= e largely overcome by giving these users a clear and comprehensive path for= ward. Just announcing "ipfilter is going away. EOM" is inadequate and lea= ds to completely justified complaints from users. >> >> I agree with the deprecation path, but given the amount of changes that = happened in the last 6 months, I'm not even sure ipfilter is working fine i= n FreeBSD CURRENT, but I haven't tested it. >> > > You target audience for this isn't people who track CURRENT, it's people = who are on 7, 8, or 9 and looking to update to 10.x sometime in the future. > >>> So with that said, would it be possible to write some tutorials on how = to migrate an ipfilter installation to pf? Maybe some mechanical syntax do= cs accompanied by a few case studies? Is it possible for a script to autom= ate some of the common mechanical changes? Also essential is a clear docum= ent on what goes away with ipfilter and what is gained with pf. Once those= tools are written, I suggest announcing that ipfilter is available but dep= recated/unsupported in FreeBSD 10, and will be removed from FreeBSD 11. Ce= rtain people will still pitch a fit about it departing, but if the tools ar= e there to help the common users, you'll be successful in winning mindshare= and general support. >> >> >> It's not very difficult to switch an ipf.conf/ipnat.conf to a pf.conf, b= ut I'm not sure automated tools exist. I'm also not convinced we need to wr= ite them and I think the issue can be deal with by writing a bunch of examp= les on how to do it manually. Then we can give people 1y to switch. >> > > Please believe me that no matter how trivial you think the switch is, a m= igration guide still needs to be written. > > Scott > \ The migration guide is best written by the current users of ipfilter, not those who have no interest in doing so because their interests are completely elsewhere. Please don't try to defer to an authority that does not exist here. -Kimmo