On Mon, Oct 22, 2007 at 10:20:41AM -0600, Beavis wrote:
| hi folks,
|
| I saw this performance issue with pf on a AMD64firewall: below is the
link
|
|
http://www.nabble.com/firewall-is-very-slow%2C-something%27s-wrong-t4572653i2
0.html
|
| it states that pf on 4.2 performs much better than in 4.1. having said
| this, is it possible to be able to just update pf's feature instead of
| going through the entire OS upgrade? since im really going after the
| features of pf, and happy with how 4.1 is.
Some of the improvements are outside of pf (some drivers have had
drastic improvements), so only updating pf may not even get you all
the new performance improvements that were made between 4.1 and 4.2.
However, since pf is part of the kernel, the short answer to your
question is no. You must upgrade the kernel to be able to use the new
pf. The new kernel requires new userland, so that too must be
upgraded.
If you really want, and are a highly qualified coder, you could
try to backport the improvements to 4.1. You'll find that upgrading is
way (and i do mean *WAY*) easier than doing this work. If you are such
a skilled programmer, your time is probably better spent doing other
useful stuff (maybe improve pf even more). The upgrade will take you a
coupe of minutes to an hour, depending on your exact situation. The
backport will take you probably about six months and a team of
dedicated OpenBSD developers. You will at the end be left with
something that is not OpenBSD 4.1 anymore. How (and when) are you
going to upgrade that ?
Unless you consider this backport-thing a fun excercise, I would
recommend against doing it.
Cheers,
Paul 'WEiRD' de Weerd
--
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
http://www.weirdnet.nl/
[demime 1.01d removed an attachment of type application/pgp-signature]
