On Wednesday 2010-04-21 15:17, Patrick McHardy wrote: >Jan Engelhardt wrote: >> On Wednesday 2010-04-21 14:59, Patrick McHardy wrote: >> >>> Jan Engelhardt wrote: >>>> The SYSRQ target will allow to remotely invoke sysrq on the local >>>> machine. Authentication is by means of a pre-shared key that can >>>> either be transmitted plaintext or digest-secured. >>> I really think this is pushing what netfilter is meant for a bit >>> far. Its basically abusing the firewall ruleset to offer a network >>> service. >>> >>> I can see that its useful to have this in the kernel instead of >>> userspace, but why isn't this implemented as a stand-alone module? >>> That seems like a better design to me and also makes it more useful >>> by not depending on netfilter. >> >> That sort of diverts from the earlier what-seemed-to-be-consensus. >> >> Oh well, I would not mind holding the single commit up as long as the >> rest isn't blocked too :-) > >Then lets skip this one for now. Well you raised the concern before -- namely that kdboe would have the very same feature. And yet, kdboe was not part of the kernel. Neither is the magical stand-alone module. I really prefer to have it in rather than out, because I know that's going to mess up maintenance-here-and-there. I'm already having a big time with xtables-addons that still carries xt_condition and SYSRQ for a while, and it does have some different code lines than the kernel copy. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
