Tables are cluttered with laptops, servers, switches, cables and cords as the 2006 OpenBSD hackathon continues in Calgary, Canada. Small groups of developers talk and debate around LCD screens, while others work individually on their own projects. Behind the scenes, a donated 10 megabit wireless connection provides Internet access to all. IP addresses and DNS are provided by stock bind and dhcpd processes running on an OpenBSD server. Among other things, the infrastructure area hosts an HP DL385 with 24 GB of memory that was recently donated by HP, a G5, several Sun Blade 2000's, and an assortment of PowerPC, Alpha and Opteron-based servers. A console server provides serial connections to the servers along with logs of what went on on the serial console, useful for debugging. Power issues on the first day were resolved by evenly spreading the servers and many laptops across the available circuits in the hackathon room. Chris Kuethe explained, "the whole point of the infrastructure is that it's not supposed to be exciting, it's just supposed to be there, like a light switch."
I have spoken with another 28 OpenBSD developers from Turkey, Iceland, Ireland, Germany, Sweden, Switzerland, Denmark, Australia, Austria, Hungary, the US, and Canada. Efforts are being made on ACPI, the VFS subsystem, link-layer authentication, OpenBGPD, tcpdump, XFree86, pf, CARP, dvmrpd as a replacement for mrouted, OpenRCS, OpenCVS, the USB layer, prebinding, ipsecctl, 10 gig Ethernet support, link layer path mtu discovery, several new and improved drivers, amd64 large memory support, new CD and DVD recording features for cdio, improvements to mg, support for new architectures, numerous new and updated ports, and much more.
The upcoming release of OpenBSD 3.3 on May 1'st will include, among many other improvements, a notably enhanced version of PF, OpenBSD's stateful packet filter. Some of the more significant enhancements to PF include: 'queues', allowing for per-rule bandwidth control [story]; 'pool options', allowing one to utilize multiple uplinks and to intelligently redirect traffic to multiple servers; 'anchors', which allow one to divide packet filtering rule lists into logical pieces; 'tables', efficiently allowing for very large lists; and other parser improvements that make an already friendly syntax more human readable.
PF replaced its predecessor, IPF, with the release of OpenBSD 3.0 in December of 2001. Since that time, this impressive and relatively new packet filter has grown a faithful following (myself included), and continues to evolve rapidly with each new OpenBSD release. Perhaps the greatest compliment, developers have begun to port PF to other operating systems. Back in January, Joel Wilsson announced his effort to port PF to NetBSD. And more recently, Pyun YongHyeon announced his port for FreeBSD.
I approached Pyun to learn more about his recent porting efforts. In the following article he explains why he began working on this port, and what FreeBSD users can expect from the project. Additionally, I spoke with PF creator Daniel Hartmeier [interview], PF developer Henning Brauer, and OpenBSD creator Theo de Raadt [interview]. They all reflect on these recent porting efforts, as well as the exciting new features found in OpenBSD's PF.
Henning Brauer announced today that "altq's functionality has been merged into pf." The ALTQ project page explains that Alternate Queueing "provides queueing disciplines and other QoS related components required to realize resource-sharing and quality of service." Thus PF, the OpenBSD project's state
