On Sat, 21 Jan 2012, Jan Engelhardt wrote: > On Saturday 2012-01-21 15:10, Jozsef Kadlecsik wrote: > > >On Thu, 19 Jan 2012, Jan Engelhardt wrote: > > > >> So here is the first set of patches implementing part of the xt2 core > >> and nfnl interface. Please review, I am sure you will have something > >> to say :) > > > >At a first glance I must say it looks very promising. Good job! > >What seems to be missing is some kind of protocol version negotiation > >support between kernel and userspace. Or it'll come in the next batch of > >patches? :-) > > Can be an attribute returned with NFXTM_IDENTIFY messages. That attribute should be there from the very beginning. > But I had not really given thought to that (ipset is also still at protocol > 6, so..) Yes, but anytime there would be a need for a protocol extension/new protocol, that'd be added easily, with full transition support. Netlink makes too easy to add new attributes - and ignores unknown ones. However, in our case both communicating parties must know the exact capabilities of the other one: it's unacceptable that say a new flag is introduced and sent from userspace and got silently discarded by the (older) kernel. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
