Sponsored:
If someone googles you right now and you don’t come up? You might as well not exist. Every client, opportunity and connection is passing you by.
You don’t need to know code. RoseHosting lets you launch something you’re proud of this afternoon.
Stop hiding. Build yours today.
Author:
Source
A major rewrite of pfsync(4), the state table synchronization tool for redundant pf(4) setups is in the works.
In a recent message to tech@, David Gwynne (dlg@) describes the multi-year process behind the diff contained in the message,
moving pf forward has been a real struggle, and pfsync has been a constant source of pain. we have been papering over the problems for a while now, but it reached the point that it needed a fundamental restructure, which is what this diff is. i started rewriting pfsync (again) during h2k22 last year, and it's only been in the last couple of months that i got all the existing functionality working again, and it's only been the last three weeks in particular that it's been solid. this is the first time since about openbsd 6.9 that i've been able to upgrade my production firewalls without them falling over.
which means there may still be rough edges, but testing by brave souls is encouraged. There are huge potential performance gains to be found if this works out right.
You can read the entire message (with the diff) here, or just take in the rest of the text after the fold.