Darren Reed wrote:
Rao Shoaib wrote:
Darren Reed wrote:
So we decide to make it one-only for now and get input from people
about how they want to use more than one hook.
This is quite a useful framework and IMHO should be extended for use
by multiple consumers. Of course we have to resolve the ordering issue.
Some issues that we ran into:
1) If you have muiltiple consumers that all want to be "in the
same position", how do you decide who gets it and what happens
to the one that doesn't?
Example: I have ipfilter on solaris and I want to use another
firewall package too. The SMF manifest for both specifies
"I want to be first".
2) Who gets to have the ultimate say in the ordering, the provider
of the software or the administrator? If the administrator does,
is he allowed to over ride dependencies?
Example: I have a layered packet firewall and NAT solution (rather
than both being part of the same entity.) The NAT says that it
depends on the firewall and thus should always come after it.
Should the administrator be able to over ride this? What about
if there are dependencies in the NAT code on the firewall having
done "something" first? Can the administrator insert something
between them and otherwise preserve the ordering?
All the above issues seem like the issues we have when plumbing streams.
There is a preffered order in which the modules should be pushed but if
some one wants to chnage that oder that is fine, there is no gaurantee
that things will work. Sure it would be nice if the OS detects and
prints some informative message for a bad condfig but ultimatley it's
the admin who has the final say.
3) Should it be possible to change the ordering of loaded filters
at run time or is the ordering fixed once they are loaded?
It depends on what it will take to change the ordering at run time. If
it can be achieved sure it will nice to change it a run time.
4) Does ordering information get locked into code or into SMF
manifests or somewhere else?
I would say SMF database.
5) If there is a mix of hooks registered to receive packets,
how do you manage those that don't specify an preference in
the order of things vs those that do?
The registration part would include specifying the order just like when
plumbing a stream if you want the module at a spcific location you
specify the location or else it ends up on the top.
Rao.
There are probably other issues that I can't think of right now.
Darren
_______________________________________________
networking-discuss mailing list
[email protected]
_______________________________________________
networking-discuss mailing list
[email protected]
