Jozsef Kadlecsik wrote:
If restructuring is on the way, then it should cover all possible parts.
Just my quick thoughts, with suggested module names:
addr/packet type matches in one module (addrtype):
addrtype, pkttype
mark modules, targets in one module (route):
connmark, mark, realm
CLASSIFY, CONNMARK, MARK
CONNMARK and connmark needs to be separated from MARK etc. because
they depend on the conntrack module.
conntrack related modules in one module (conntrack):
conntrack, helper, state
IPv4/IPv6 header matching and modifying in one module (iphdr):
dscp, length, tos, ttl
DSCP, TOS, TTL
IPv6 extension headers matching and modifying in one module (exthdr):
dst, frag, hbh, hl, ipv6hdr, mh, rt
HL
TCP header matching and modifying in one module (tcphdr):
ecn, tcpmss
ECN, TCPMSS, TCPOPTSTRIP
ipsec in one module (ipsec)
ah, esp, policy
security markings in one module: (secmark):
CONNSECMARK, SECMARK
Something similar should be done with the different type of
limit/statistics modules as well.
Funny thing is, only when you try you see more problems a-coming.
Like, Kconfig option names. Keep/Lose
NETFILTER_XT_{MATCH,TARGET}_CONNMARK, and query users for a new one?
Definitely yes. Kconfig is overloaded with netfilter targets/matches and
if matches/targets are collapsed into a single file, then Kconfig options
should be unified, as in your sample patch.
Agreed, but please keep the old options around (doing just a select
on the new ones) for one or two releases.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
