Linux Advanced Routing and Traffic Control list
 help / color / mirror / Atom feed
From: Patrick McHardy <kaber@trash.net>
To: Jan Engelhardt <jengelh@linux01.gwdg.de>
Cc: lartc@mailman.ds9a.nl, netfilter-devel@lists.netfilter.org,
	Krzysztof Oledzki <ole@ans.pl>
Subject: [LARTC] Re: iptables 1.3.7, kernel 2.6.19, ROUTE and Layer7 issues
Date: Wed, 10 Jan 2007 12:53:49 +0000	[thread overview]
Message-ID: <45A4E1DD.8070001@trash.net> (raw)
In-Reply-To: <Pine.LNX.4.61.0701101233080.3029@yvahk01.tjqt.qr>

Jan Engelhardt wrote:
> On Jan 10 2007 06:58, Patrick McHardy wrote:
> 
>>I would prefer to have someone maintain it externally though. Jan, are
>>you still interested in doing that? If you need help or webspace for
>>an external repository please let me know.
> 
> 
> I would give it a try. Though I would really prefer to have it in the
> kernel and iptables rather than pomng or pomng-external. In my
> opinion that simplifies maintainability. Changes in the netfilter API
> seem to be the most common reason for patching (someone changed the
> xt_match->match and xt_target->target signatures in 2.6.20 again!),
> and keeping out-of-tree modules compiling with kernel-du-jour can be
> an #ifdef pita. Then it's really preferable to have 2.6.18 have a
> xt_FOOBAR with netfilter-2.6.18 signatures, and 2.6.20 with
> netfilter-2.6.20. Especially since many people run distributions with
> RPM/DEBified iptables, so the POM `runme` will not be easy to
> accomplish for the casual user. (I currently do have that issue -
> after doing `svn up` on pomng, I have to manually move the changes to
> (my) kernel rpm and (my) iptables rpm, because the days of `make
> install` are GONE for me - at least I try.)
> 
> I understand that POM does not require to compile with all
> kernels-of-the-last-three-months, but this also simplifies
> integration for end users. They do not need to backport/forward port
> indated/outdated out-of-tree modules and, at best, do not even need
> to recompile the kernel.
> 
> Of course there are some modules that continue being out-of-tree
> because they would not fit in (imagine a 500K geoip.c with a
> compiled-in big string array). Not sure what to do about them.
> Perhaps do it like chaostables [2.6.18-2.6.20], trying to keep it
> working for a limited set of kernels.
> 
> Oh well, that said, my ideal plan would be to get ROUTE TARPIT
> connlimit and u32 into mainline in one go, and perhaps, after review
> and discussion, chaostables and some of the others that live in
> Krzystof's patchlet collection.

ROUTE will not go in, its a bad hack and shouldn't be used (which
is why I would prefer to get rid of it). Haven't looked at TARPIT
and connlimit in a long time, we can think about it.

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

  parent reply	other threads:[~2007-01-10 12:53 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-12-11 19:44 [LARTC] iptables 1.3.7, kernel 2.6.19, ROUTE and Layer7 issues ArcosCom Linux User
2006-12-12  8:24 ` [LARTC] " ArcosCom Linux User
2006-12-12  8:34   ` Patrick McHardy
2006-12-13  8:31     ` ArcosCom Linux User
2006-12-13  8:38       ` Patrick McHardy
2006-12-13  9:12         ` ArcosCom Linux User
2006-12-13  9:17           ` Patrick McHardy
     [not found]         ` <Pine.LNX.4.64.0612282158360.16672@bizon.gios.gov.pl>
2007-01-10  5:58           ` Patrick McHardy
     [not found]             ` <Pine.LNX.4.61.0701101233080.3029@yvahk01.tjqt.qr>
2007-01-10 12:53               ` Patrick McHardy [this message]
2007-01-10 13:15               ` [LARTC] Opinions about pom/patches [was: iptables 1.3.7, ArcosCom Linux User
2007-01-10 13:21               ` ArcosCom Linux User
2007-01-25 17:41                 ` Andrew Beverley
     [not found]                   ` <45C005EB.1040704@netfilter.org>
2007-02-09 13:37                     ` Andrew Beverley
     [not found]                       ` <Pine.LNX.4.64.0702091741250.9884@bizon.gios.gov.pl>
2007-02-09 17:03                         ` [LARTC] Opinions about pom/patches [was: iptables 1.3.7, kernel Patrick McHardy
2007-02-09 17:30                         ` [LARTC] Opinions about pom/patches [was: iptables 1.3.7, Andrew Beverley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=45A4E1DD.8070001@trash.net \
    --to=kaber@trash.net \
    --cc=jengelh@linux01.gwdg.de \
    --cc=lartc@mailman.ds9a.nl \
    --cc=netfilter-devel@lists.netfilter.org \
    --cc=ole@ans.pl \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox