Darren Reed writes: > Linux does allow more than just iptables to hook in, > however the method they choose to determine the order > in which a packet is received (assignment of priority > numbers for the various "hooks") was rejected by PSARC.
The use of priority itself wasn't rejected. What was specifically questioned in that approach was giving such a fundamental issue to the system administrator to resolve for the general case. There may be cases where there is some flexibility in ordering, but in general, determining the order of operations among hook users is a system design issue requiring deep understanding of how the code itself works, and ought to be specified adequately such that end users don't have to dream up their own designs. > So the ships-in-the-night problem is definately present there, > as well as everywhere else that I've seen, too. But as long as > the relative ordering of multiple consumers is correct and > stable, then it shouldn't be necessary for others to be aware > of someone else having made a change (or that will make one.) Yes, it's the "correct and stable" part that's an issue. -- James Carlson, Solaris Networking <james.d.carlson at sun.com> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
