OpenBSD Journal

Call For Testers - pfsync rewrite

Contributed by mitja on from the testing-is-pfun-on-a-bun dept.

David Gwyne (dlg@) has requested testing a diff that will bring a major update to pfsync.

over the course of n2k9 i tweaked the pfsync protocol and rewrote
most of the implementation to address some performance issues i was
hitting.

ive got the code pretty stable now but it needs testing to move
forward. is anyone willing to give this diff a go?

there important changes in this code:

- more efficient packet construction and parsing
- more effective mitigation of pfsync transmits
- bundling of multiple pfsync actions in a single pfsync packet

there are some caveats though:

- no compatability with pfsync v4 (the one currently in the tree)
- bpf listeners on the pfsync interface will see the same messages as
  what is sent on the wire to the peers.

this needs testing though.

If you want to see this new, improved pfsync(4) implementation committed into the tree in time for the 4.5 release, please test it now and submit your reports to dlg@!

Update (Mon Feb 16 01:36:03 CET 2009): David has just committed the update, keep on testing!

(Comments are closed)


Comments
  1. By Anonymous Coward (70.81.15.127) on

    I thought 4.5 was locked...? Just the same though, great news!

    Comments
    1. By Anonymous Coward (98.127.110.254) on

      > I thought 4.5 was locked...? Just the same though, great news!

      Marked as version++ != locked, that comes a bit later.

  2. By Anonymous Coward (83.101.57.138) on

    Is there any sort of document available that describes how pfsync works? Other than the source code, that iS.

    Comments
    1. By Edward (67.204.59.7) on

      > Is there any sort of document available that describes how pfsync works? Other than the source code, that iS.

      Manual Page of pfsync(4):
      http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]