[LARTC] Opinions about pom/patches [was: iptables 1.3.7, kernel
2.6.19, ROUTE and Layer7 issues]
Krzysztof Oledzki
ole at ans.pl
Fri Feb 9 17:57:22 CET 2007
On Fri, 9 Feb 2007, Andrew Beverley wrote:
> On Wed, 2007-01-31 at 03:58 +0100, Pablo Neira Ayuso wrote:
>> Andrew Beverley wrote:
>>> I would also like to see as many of the POM included in the stable
>>> kernel. It's a bit of a headache to patch in what I want each time I
>>> update the kernel, and on a fresh system I have to install CURL just to
>>> update POM just to add connlimit to the kernel...
>>
>> IMHO, patching kernels to add some certain shiny-feature(TM) is
>> generally a bad idea if you don't know how the patch internally works or
>> if you can't directly get support from the author of such patch.
>
> Yes, agreed. I was more thinking of those that (look like) they have
> been stable for a few years.
>
>> Anyway, if you think that some certain patch is stable enough to push it
>> forward to mainline, encourage the author to push it forward. Probably
>> there is a reason why he decided not to do that.
>
> Okay, I've emailed the author (of connlimit) but not received a reply. I
> did ask him a while ago on the same subject but didn't really get a
> reason as to why it is not. Anybody have any ideas?
>
> In this case can *I* push it forward to the stable kernel?
Please excuse me - I have been _extremely _ busy for the last three weeks.
Getting back to the question: generally I have no objection for forwarding
connlinit to the mainline but I believe we should first investigate a
possibilty to add support for other protocols than TCP. AFAIK at least UDP
support could be very usefull - p2p software generates not only a lot of
tcp cnnections but also udp flows and main job for this extension is to
prevent conntrack database overflows.
BTW: I'm not the author of this code - I only volunteered to maintain it.
Best regards,
Krzysztof Olędzki
More information about the netfilter-devel
mailing list