On Sat, Mar 30, 2019 at 08:26:23PM +0100, Michael van Elst wrote: > On Sat, Mar 30, 2019 at 08:10:21PM +0100, Maxime Villard wrote: > > > ... sure, meanwhile you didn't really answer to the core of the issue, which > > I think was stated clearly by Sevan ... > > The issue is that we need to work on npf before we can drop other code. > > If you care about bugs in pf, open PRs, best with reproducable test > cases, or just fix the bugs.
There are bugreports already, one with statement related to this thread (from #50809[1], Feb 2016, three yars ago): : We really need to decide what to do with pf and ipf. People keep using : them but it seems that the versions in the tree have bit rotted and we : get kernel bugs that nobody seems to care about fixing. Particularly : in the pf case, the code is really old and should be really updated to : the latest pf if we want to maintain this packet filter in the tree. Although there was conclusions that "NPF is the seemly lack of BRIDGE_IPF" I found that Mindaugas wrote that it should work[2]. BTW: IMO Maxime's arguments are strengthen by fact that he ALREADY fixed real bugs in PF, as commit history in [3] shows. 1 - https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=50809 2 - https://mail-index.netbsd.org/tech-net/2017/03/23/msg006289.html 3 - http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dist/pf/net/?only_with_tag=MAIN Regards, -- Piotr 'aniou' Meyer
