> On Mon, Oct 22, 2007 at 10:20:41AM -0600, Beavis wrote:
> | hi folks,
> |
> | I saw this performance issue with pf on a AMD64firewall: below is the link
> |
> |
http://www.nabble.com/firewall-is-very-slow%2C-something%27s-wrong-t4572653i20.html
> |
> | it states that pf on 4.2 performs much better than in 4.1. having said
> | this, is it possible to be able to just update pf's feature instead of
> | going through the entire OS upgrade? since im really going after the
> | features of pf, and happy with how 4.1 is.
>
> Some of the improvements are outside of pf (some drivers have had
> drastic improvements), so only updating pf may not even get you all
> the new performance improvements that were made between 4.1 and 4.2.
> However, since pf is part of the kernel, the short answer to your
> question is no. You must upgrade the kernel to be able to use the new
> pf. The new kernel requires new userland, so that too must be
> upgraded.
>
> If you really want, and are a highly qualified coder, you could
> try to backport the improvements to 4.1. You'll find that upgrading is
> way (and i do mean *WAY*) easier than doing this work. If you are such
> a skilled programmer, your time is probably better spent doing other
> useful stuff (maybe improve pf even more). The upgrade will take you a
> coupe of minutes to an hour, depending on your exact situation. The
> backport will take you probably about six months and a team of
> dedicated OpenBSD developers. You will at the end be left with
> something that is not OpenBSD 4.1 anymore. How (and when) are you
> going to upgrade that ?
>
> Unless you consider this backport-thing a fun excercise, I would
> recommend against doing it.
>
> Cheers,
>
> Paul 'WEiRD' de Weerd
>
> --
> >++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
> +++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
>
http://www.weirdnet.nl/
