On Wed, May 05, 2004 at 03:38:29PM +0800, Yusuf Goolamabbas wrote: > Hi, Can any of the participants of the recent pf2k4 hackathon in Sechelt > post about the summary of the work done there and what has been > committed, about to be committed etc
Henning made a list in the second part of the recent ONLamp interview, see http://www.onlamp.com/pub/a/bsd/2004/05/06/pf_developers.html More details can be found in the commit logs themselves, of course, if you're not subscribed to CVS log mailing list, the archive is online on http://marc.theaimsgroup.com/?l=openbsd-cvs The thing I've been working on in Sechelt mostly (and which isn't completely finished yet) is making anchors fully recursive, so you can put anchors within anchors within anchors, etc., instead of the fixed two-level hierarchy there is now. Among other things, that allows to split the main ruleset into a hierarchy of subrulesets (much like functions in a programming language), and together with conditional branching (calling functions conditionally) that can improve evaluation performance. There's a full call stack, so functions return to where they were called from. It think this will be equally versatile as IPFilter group/head or iptables' chains, but provides more structured paths (function calls instead of gotos). It'll take a couple of days to finish the ugly details, but it's working fine already. If you want to test it, you'll need a working, up-to-date -current (if you have problems getting that set up, you don't want to be testing this diff ;). Daniel
