Dans un message du 06 Mar à 8:52, Harald Welte écrivait :
> I don't actually think that the unclean match should be widely delpoyed in
> production systems, honestly. I think it's just the wrong way to do
> packet filtering. It's a nice toy for some development and other
> 'experimental' use - but nothing more.
Well, I do not think that the experimental status fits this description.
Look at CONFIG_EXPERIMENTAL help : 'Some of the various things that
Linux supports (such as network drivers, file systems, network
protocols, etc.) can be in a state of development where the
functionality, stability, or the level of testing is not yet high
enough for general use.'
If people think that unclean should not be used widely, we should just
add a warning in the help message . I agree that an old version of
unclean could break stuff when new standards will arise. However, I note
that a lot of scripts are trying to find XMAS, NULL packets and so on.
Unclean just does this but in a much better way. Those scripts will
break anyway.
I think it is much better to acknowledge this need from the users by
including a module properly documented (that is to say, explaining the
problems which could happen in the future if the match is not uptodate)
and maintaining it.
> Therefore I strongly vote to keep the experimental status of the unclean
> match.
Please consider these arguments. I'd like to hear what you and the core
team think about them.
--
Guillaume Morin <[EMAIL PROTECTED]>
Sometimes I find I need to scream (RHCP)
