https://mwl.io/archives/23127 Skip to content [cropped-web-site-banners-2023-scaled-1] Michael W Lucas Gleefully Malicious Books. Comically Evil Code. Menu * About Me + Mailing Lists + Patronize/Sponsor/Crowdfund Me + Podcast: 60 Seconds of WIP + Images, Audio, Video + Support an Author + Travel Policy + Contact * Blog * Fiction + Science Fiction + Fantasy + Crime/Mystery + Nerd Smut + Collections + Anthologies + Odds and Ends * Nonfiction + Networking + Sysadmin Tools + Operating Systems + Business & Writing + Weirdness and WTF + Obsolete and Nonexistent Titles * Freebies * Frequently Asked Questions * Autobiography + The Car + The Cat + The Porn Star + The Thumbs + The Wasp + The Wish List * What To Try? * Blog Archive Posted on September 27, 2023 by Michael Lucas OpenBSD PF versus FreeBSD PF I encountered yet another discussion about OpenBSD PF versus FreeBSD PF. For those who are new to the discussion: OpenBSD developers created PF in 2001, and it rapidly improved to become the most approachable open source packet filter. FreeBSD ported PF over to its kernel in 2004, with occasional updates since. Today a whole bunch of folks who don't program echo cultish wisdom that one or the other version of PF has fallen behind, not kept up on improvements, or otherwise betrayed their community. My subtler comments have been misinterpreted, so let's try this. These claims are garbage. First, and most importantly: FreeBSD PF developers work with OpenBSD devs all the time, and OpenBSD PF developers pull stuff from FreeBSD^ 1. You get a lot of noise about certain people being jerks about the other project-and both projects absolutely have jerks. (And yes, anyone who has read my books knows that I am a cross-platform jerk.) But for the most part, folks want to work together. PF is absolutely an OpenBSD creation, though, so why isn't the OpenBSD version the Single Source of Truth? Why doesn't FreeBSD just consider OpenBSD a vendor and pull that code in? Because the OpenBSD and FreeBSD kernels are wholly different. Back when I wrote Absolute BSD, I could realistically write a single book that would basically apply to the three major open source BSDs. Yes, the various projects objected to being lumped together, but if you knew any one of them you could stumble through the others. This is no longer true. FreeBSD's kernel uses a wholly different locking model than OpenBSD. OpenBSD's memory protections have no equivalent in FreeBSD. These are not things you can manage with a shim layer or kernel ABI. These are big, complicated, intrusive differences. You can't tar up one version and dump it in the other's kernel. It won't work. If you do a hack job of making it work, it will perform badly. Yes, you can find "proof" that one PF or the other is faster under particular workloads on specific hardware. I have no doubt that some of them are not only accurate, but honest. There are other workloads, though, and other hardware, and other conditions. Regardless of who wins a particular race, the constant competition to achieve peak performance benefits everyone. I'm not going to link to any of the benchmarks, because I have made my opinions on benchmarking very clear elsewhere.^2 Pick what you want and roll with it. Every PF developer is trundling along, doing their best to make things work. Are features missing from one or the other? Yep. I'm not going to list examples because, as the above links show, each project plucks what they find useful from the other. These things are freely given, with glad hearts, but they take time to integrate. Filling message boards with staunch declarations that my team's PF is better is not only tedious, it wholly misses the point. People are working together to improve the world. And the PF syntax is the most approachable in all of open source Unix. (Partisan fanboy comments will be mercilessly whacked.) 1. Commit history links courtesy of Mina. Yes, I could have looked it up, but she thought to do so. 2. "The natural impulse to compare your server against others, to whup your neighbor, is exactly that: natural. It's like flipping rocks to find tasty grubs. Sleeping in trees coveting the upper-class caves inhabited by the snooty grizzly bears. Perishing within twenty years of What Is Vitamin C Anyway? We invented civilization to escape dysentery, cleaning ourselves with mud, and benchmarking." Categoriesbsd 4 Replies to "OpenBSD PF versus FreeBSD PF" 1. Pingback: OpenBSD PF versus FreeBSD PF - TOP HACKER(tm) 2. [7f15519ef0775] Patrick says: September 27, 2023 at 2:35 pm But all the rhetoric probably applies to Dragonfly, though? 3. [40cacce632e38] Michael Lucas says: September 27, 2023 at 2:37 pm no clue, but that's what commit logs search engines are for... 4. Pingback: OpenBSD PF versus FreeBSD PF - TOP HACKER(tm) Leave a Reply Your email address will not be published. Required fields are marked * [ ] [ ] [ ] [ ] [ ] [ ] [ ] Comment * [ ] Name * [ ] Email * [ ] Website [ ] [Post Comment] [ ] [ ] [ ] [ ] [ ] [ ] [ ] D[ ] Post navigation Previous PostPrevious Yes, I Know I'm In the AI Scraping Search Engine Account * Log in * Entries feed * Comments feed * WordPress.org Search Search for: [ ] Search Search Search for: [ ] Search RSS Blog and Podcast * Yes, I Know I'm In the AI Scraping Search Engine September 26, 2023 * 13: The Only Right We Have September 21, 2023 * A True Story: "The Cat" September 19, 2023 * Video Score: Me 83, Rats 53650 September 15, 2023 * 60 Seconds of WIP, 14 September 2023 September 14, 2023 * Proof You Should Not Run My Code: my SNMP agent September 8, 2023 * 60 Seconds of WIP, 7 September 2023 September 7, 2023 * "Apocalypse Moi" ebook out! September 6, 2023 * August's Aghast Sausage September 1, 2023 * 60 Seconds of WIP, 31 August 2023 August 31, 2023 Proudly powered by WordPress