Jan Engelhardt wrote: > On Apr 11 2007 18:33, Patrick McHardy wrote: > >>The question whether to merge the time module came up repeatedely >>at netfilter workshops, but it was always decided against it so far, >>mainly because it apparently can't deal with timezones and daylight >>saving time. > > > Why, let iptables, or more precisely, ipt_time.c, handle timezones, > and pass an UTC value to the kernel -- that's what it is best at > dealing with. Than it wouldn't be able to deal with DST I guess. As I said, the kernel already has knowledge about the timezone, so it should be possible to do this properly quite easily, but I have no interest in doing this myself. >>IIRC Harald had strong feelings about it, I personally >>don't care much about this shortcoming as long as its documented. >>I'm not even sure its correct since the kernel has sys_tz. So if >>anyone finds out and submits a patch, I'll consider it. >> >> >>>Though that leaves me puzzled why connlimit has not gone in yet >>>(it all simplifies maintenance so much IMO). BTW, how about it? >> >>As I stated multiple times, the reason why its not included is that >>its horribly slow. But since I don't see any better way to do this >>and I know quite a few people are using this, I would consider this >>as well if someone sends me a patch, which has not happened so far. > > > So it's just that I need to pull the pomng code and make a diff out > of it, is that all? (Plus any compilation and perhaps runtime fixes, > of course.) >From a quick look I'd say: - move to x_tables - remove ip_conntrack stuff - clean up - fix up for recent API changes and improvements - fix 32/64 bit issues - use proper list macros - use kzalloc And explain to me why it needs knowledge about TCP states. That should be enough to get a discussion started.
