From owner-freebsd-net@FreeBSD.ORG Wed Sep 5 11:51:52 2012 Return-Path: Delivered-To: net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 95199106566C; Wed, 5 Sep 2012 11:51:52 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebius.int.ru (glebius.int.ru [81.19.64.117]) by mx1.freebsd.org (Postfix) with ESMTP id E77F98FC14; Wed, 5 Sep 2012 11:51:48 +0000 (UTC) Received: from cell.glebius.int.ru (localhost [127.0.0.1]) by cell.glebius.int.ru (8.14.5/8.14.5) with ESMTP id q85BpeEL029470; Wed, 5 Sep 2012 15:51:40 +0400 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebius.int.ru (8.14.5/8.14.5/Submit) id q85BpeBO029469; Wed, 5 Sep 2012 15:51:40 +0400 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Wed, 5 Sep 2012 15:51:40 +0400 From: Gleb Smirnoff To: net@FreeBSD.org, pf@FreeBSD.org Message-ID: <20120905115140.GF15915@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) Cc: Subject: [HEADS UP] merging projects/pf into head X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Sep 2012 11:51:52 -0000 Hi! [announce goes both to net@ and pf@, but any discussion should go on on pf@FreeBSD.org only, please] As you already may now, last half a year I've been working on making pf SMP-scalable and faster in general. More info can be found here: http://lists.freebsd.org/pipermail/freebsd-pf/2012-June/006643.html http://lists.freebsd.org/pipermail/freebsd-pf/2012-June/006662.html Since that announce in June, I've been running experimental code for more than 2 months in production on several routers. Also, some brave people volunteered to be beta-testers and also run the experimental branch in last couple of months. Code proved to be stable enough. The new code performs better in production: less CPU load, less jitter, more responsive system under high load. It performs better under synthetic benchmarks like random generated UDP flood. It performs much better when DoS comes in. Thus, I plan to merge projects/pf/head to head this weekend, and this is a HEADS UP email! You have been warned. :) What I'd like to do next: 1) Move pf out of contrib. 2) Refactor the pfvar.h into pf.h and pf_var.h. Provide stable kernel<->pfctl ABI. And probably other clean up tasks. ... 3) ... too far to build any plans, yet. :) -- Totus tuus, Glebius.