On Thu, Sep 25, 2003 at 09:57:47PM +0300, Pekka Savola wrote:
> First, a meta-comment:
>
> What I fear is that in the end, nothing gets done because having the goal
> set to perfection. If there is no energy to drive through the
> L3-independent connecting tracking, the end result is that the user
> does not have this feature
well, that's the reason why I'd like to see it in
> (remember ip6tables REJECT target? That must have been sitting in
> netfilter for some 2+ years, and not having been integrated in the
> mainline kernel and the users still do not have the feature!).
Mh, nobody has bugged me about that in all those 2 years. At least I
don't remember somebody asking me for kernel inclusion...
Since ipv4 REJECT has now changed
> So, my personal take is:
> - if a L3-independent conn tracking can be done *quickly*, fine,
I've started to write a small paper about the envisioned desgign. It
doesn't look all that complicated, if somebody can concentrate on this
job. I personally (as indicated before) do not have the time to work on
that issue. But I'm happy to give advise.
> - if not, just merge the current one, start working on L3 independent
> conn tracking, and add it when available.
I understand your point. However, I fear to be the one responsible of
keeping ip6_conntrack in sync with ip_conntrack. If there is a
volunteer (maybe Yasuyuki?) who would really commit himself to look at
which changes go into ip_conntack, and sending me patches to sync
ip6_conntrack, I'd be more inclined to submit ip6_conntrack to the
mainline kernel.
> .. but I'm not the one who's answering the support emails, so in all
> fairness, I should be silent now..
;)
--
- Harald Welte <laforge@xxxxxxxxxxxxx> http://www.netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
pgpEbjeeFy0H2.pgp
Description: PGP signature
|