Thread: IPF & PF
View Single Post
  #4   (View Single Post)  
Old 21st January 2011
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by qmemo View Post
why a big company like SUN have not ported it to Solaris?
All anyone here can do is guess.

But if reality is any indication, look at the lag in PF versions found in both FreeBSD & NetBSD. Even though the network stacks are similar, porting PF is not a trivial matter, & I suspect that this is the general answer to your question -- very few engineers exist who have the knowledge, time, & desire to port it.

Secondly, it is important to focus on the tight binding between PF & the network stack. FreeBSD & NetBSD are at least close in fundamental structure in network stacks to OpenBSD. Solaris has long diverged from its FreeBSD roots. I suspect (but this is conjecture as well...) that it would be very difficult to shoehorn PF onto Solaris' network stack. Again, someone would have to possess the knowledge, time, & desire to port PF.

The other side of tight binding is that PF & OpenBSD's network stack are evolving/melding together more & more. Who is the say that PF's structure would be efficient on another network stack? I suspect (& this is conjecture too...) that the optimum packet filtering functionality for a network stack is specific to that stack. Yes, code can be written to be generic, but performance will likely degrade as a result.

Lastly, Sun is no longer. Oracle is calling the shots, & I suspect there is still upheaval going on following the merger. What is the value of having PF on Solaris? If porting is not likely to generate measurable sales, I suspect (again, conjecture...) there is little desire to port PF.

Last edited by ocicat; 21st January 2011 at 04:15 AM.
Reply With Quote