Folks, Here'a an opportunity to contribute to the Netfilter community of which Shorewall and LEAF are a part. I know that a number of you use the ipt_recent match (as I myself do) and it would be a shame to see that feature become unusable.
-Tom
---------- Forwarded Message ----------
Return-Path: <[EMAIL PROTECTED]>
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received-SPF: none (lists.shorewall.net: 213.95.27.115 is neither permitted
nor denied by domain of lists.netfilter.org) client-ip=213.95.27.115;
[EMAIL PROTECTED];
helo=vishnu.netfilter.org;
Received: from vishnu.netfilter.org (vishnu.netfilter.org [213.95.27.115])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by lists.shorewall.net (Postfix) with ESMTP id 5CD09190028
for <[EMAIL PROTECTED]>; Thu, 8 Dec 2005 20:16:56 -0800 (PST)
Received: from localhost ([127.0.0.1] helo=vishnu.netfilter.org)
by vishnu.netfilter.org with esmtp (Exim 4.41 #1 (Debian))
id 1EkZj3-0005ow-MH; Fri, 09 Dec 2005 05:19:17 +0100
Received: from [2001:780:0:1d::117] (helo=ganesha.gnumonks.org)
by vishnu.netfilter.org with esmtp (Exim 4.41 #1 (Debian))
id 1EkZj1-0005oj-JT for <[EMAIL PROTECTED]>;
Fri, 09 Dec 2005 05:19:15 +0100
Received: from uucp by ganesha.gnumonks.org with local-bsmtp (Exim 4.50)
id 1EkZgg-0008HE-AL
for [EMAIL PROTECTED]; Fri, 09 Dec 2005 05:16:50 +0100
Received: from laforge by rama.gnumonks.org with local (Exim 3.36 #1)
id 1EkaYw-00019t-00
for [EMAIL PROTECTED]; Fri, 09 Dec 2005 10:42:54 +0530
Date: Fri, 9 Dec 2005 10:42:54 +0530
From: Harald Welte <[EMAIL PROTECTED]>
To: Netfilter Development Mailinglist <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
Mail-Followup-To: Harald Welte <[EMAIL PROTECTED]>,
Netfilter Development Mailinglist <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed;
micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="smOfPzt+Qjm5bNGJ"
Content-Disposition: inline
User-Agent: mutt-ng devel-20050619 (Debian)
Subject: ipt_recent needs a maintainer!
X-BeenThere: [EMAIL PROTECTED]
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: discussion about netfilter development
<netfilter-devel.lists.netfilter.org>
List-Unsubscribe:
<https://lists.netfilter.org/mailman/listinfo/netfilter-devel>,
<mailto:[EMAIL PROTECTED]>
List-Archive: </pipermail/netfilter-devel>
List-Post: <mailto:[EMAIL PROTECTED]>
List-Help: <mailto:[EMAIL PROTECTED]>
List-Subscribe:
<https://lists.netfilter.org/mailman/listinfo/netfilter-devel>,
<mailto:[EMAIL PROTECTED]>
Sender: [EMAIL PROTECTED]
Errors-To: [EMAIL PROTECTED]
X-Virus-Scanned: by ClamAV 0.87 (amavisd-new) at lists.shorewall.net
X-UID: 11173
X-Length: 5211
Hi!
ipt_recent was merged into the mainline kernel quite some time ago, but
unfortunately the original author doesn't seem to be compelled to
maintain it. There's nothing wrong with that, after all we do this
voluntarily! But we have to deal with the consequences.
Some people from the netfilter community have indicated that it's coding
style rectifies a re-write, but that's something I don't want to address
now.
What we need as a short-term solution is somebody maintaining this
beast, somebody looking into bug reports, etc.
There are a number of bug reports coming in, and nobody really takes
care of them. The latest one seems to be
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=415
but there are more, like
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=369
and I also think there have been reports to bugme.osdl.org as well.
Unless somebody volunteers to maintain that module within a short time,
I suggest that we mark it as "EXPERIMENTAL" and/or "BROKEN" in Kconfig
of 2.6.16.
Comments welcome.
[p.s: you might argue that it's the coreteam's job to do this. This is
true, but I for myself haven't even used the module once and I doubt
it's usefulness. I'm not familiar with the code, and the past months
have shown that I'm not likely to find the time to deal with it.]
--
- Harald Welte <[EMAIL PROTECTED]> http://netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
-------------------------------------------------------
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
pgp4enOuOFCOB.pgp
Description: PGP signature
