Pablo Neira Ayuso wrote:
Patrick McHardy wrote:
The fact that you have to specify it for deletion still seems unnecesary
though. You would never have two rules differing only in the seed value
since that would mean the node is part of two clusters. So we might as
well move it to the end and ignore it in userspace. What do you think?
But the value has to be the same in all the cluster nodes, so how can it
be set to ensure that it is the same value?
I only meant ignoring it on comparisons of course, just as we do
with all the private pointer stuff. Anyways, its not that important
and it in fact would be slightly different behaviour from what we
do in other cases, where we only ignore state. So perhaps not a good
idea after all.
In case you agree, I also think "secret" would be a more fitting name.
I can rename the field to "secret" in the structure or change the
iptables cluster match option to be "--cluster-secret" instead of
"--cluster-hash-seed" if you like.
Its more fitting in my opinion, but I don't really care.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
