On Mon, Oct 22, 2007 at 10:20:41AM -0600, Beavis wrote: | hi folks, | | I saw this performance issue with pf on a AMD64firewall: below is the link | | http://www.nabble.com/firewall-is-very-slow%2C-something%27s-wrong-t4572653i2 0.html | | it states that pf on 4.2 performs much better than in 4.1. having said | this, is it possible to be able to just update pf's feature instead of | going through the entire OS upgrade? since im really going after the | features of pf, and happy with how 4.1 is.
Some of the improvements are outside of pf (some drivers have had drastic improvements), so only updating pf may not even get you all the new performance improvements that were made between 4.1 and 4.2. However, since pf is part of the kernel, the short answer to your question is no. You must upgrade the kernel to be able to use the new pf. The new kernel requires new userland, so that too must be upgraded. If you really want, and are a highly qualified coder, you could try to backport the improvements to 4.1. You'll find that upgrading is way (and i do mean *WAY*) easier than doing this work. If you are such a skilled programmer, your time is probably better spent doing other useful stuff (maybe improve pf even more). The upgrade will take you a coupe of minutes to an hour, depending on your exact situation. The backport will take you probably about six months and a team of dedicated OpenBSD developers. You will at the end be left with something that is not OpenBSD 4.1 anymore. How (and when) are you going to upgrade that ? Unless you consider this backport-thing a fun excercise, I would recommend against doing it. Cheers, Paul 'WEiRD' de Weerd -- >++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+ +++++++++++>-]<.>++[<------------>-]<+.--------------.[-] http://www.weirdnet.nl/ [demime 1.01d removed an attachment of type application/pgp-signature]