[leglug-users] BSD vs. Linux

[Denys (VISP)]

On Wed, 28 Feb 2007 09:45:46 +0200, laurent FANIS wrote
> Hi
> Looks like flame bait and i haven't slept in two days so i wouldn't bother.
> But if you really honestly think that iptables is better then pf then
> you obviously never tried bandwidth shaping and you never had 
> anything more then a small home NAT. NATting on pf is one line of 
> config you can't really make simpler.
Running NAT+DNAT on boxes with more than 15kpps. Not too much rules, but i 
dont need simplicity, i need flexibility. Plus i wrote application which 
using getsockopt/SO_ORIGINAL_DST. On FreeBSD it was more difficult to 
separate transparent from local packets, plus new zoo with pf, it must be 
O_RDONLY on OpenBSD, and O_RDWR on NetBSD/FreeBSD. And most ugly thing, i 
have to do open for /dev/pf, why to do old fashion way calling /dev/ node 
each time, if there is way to use syscalls? Not sure about performance, but i 
feel it will make problem for it.

About iptables and shaping, well, iptables have nothing to do with shaping. 
It is iproute2.Since 2002 i am working very closely with iproute2. I have 
expirience in developing complicated shaper for satellite ISP, with more than 
15000 classes (and sure filters), with hashing, and based on it traffic 
accounting, concurrent live updates for classes(changing speed), automatic 
calculations of customer MIR/CIR depends on his priority and current time, 
dynamic MPE(it is DVB thing) overhead calculation, cause it is not linear 
thing. Right now i am stuck with HTB, and left unprecise CBQ in 2002, but 
researching other shaping disciplines, plus searching optimal solution for my 
"embedded" solutions.

So i know, about what i am talking.
> 
> Try IPSec under linux and then drop some comment.
Didn't try yet. I prefer to use openvpn, it suit my needs completely for now. 
But i am going to test IPSec soon.

>  If the day is slow i will comment on all part of the mail.
I can say thanks, if you will do that. On such debates i am learning good 
things and also possible will change my opinion about FreeBSD. 

> Best Laurent.
> 
> PS:if you sacrifice you're security and morale (open-source) stand 
> for pretty GUI and accelerated X with binary blob then you better 
> put in windows at least you won't be a hypocrite. You don't complain 
> to vendors do you ? How many email you sent to 
> Intel/Atheros/Nvidia/ATI ?
Thats too big guys for me. I did reverse engineering only for small non-
functional part of some old DVB card SM200D, who was binary only. The vendor 
dies, but his half binary/half source driver lives, i port it from kernel 2.2 
to kernel 2.4, and it helps a lot of peop le. I dont see any problem in 
binarydriver for VGA card, it is not critical application for business, and 
used mostly for gaming. So binary is ok. But i dont accept binary drivers for 
wireless, and madwifi w HAL was killing me. Thanks god they did openhal 
branch also. But already i started hacking that binary HAL, and did what i 
need,just by patching few bytes, when it was important for me.
By the way FreeBSD as i know still using atheros driver with binary HAL. And 
really i love, what did OpenBSD guys, they begin from completely open driver. 
And last thing, if you dont know, in LKML there was announce, that binary 
drivers will be forbidden after 1 year, for linux kernel. It must be or GPL 
or nothing. Nobody know, if it will be good or not.
--
Virtual ISP S.A.L.