X-Original-To: alpine-devel@lists.alpinelinux.org
Delivered-To: alpine-devel@lists.alpinelinux.org
Received: from smtp.freemail.gr (smtp.freemail.gr [81.171.104.132])
	by lists.alpinelinux.org (Postfix) with ESMTP id 75A2717003B80
	for <alpine-devel@lists.alpinelinux.org>; Sat, 27 Dec 2008 10:05:11 +0000 (UTC)
Received: from [10.168.1.101] (ppp-94-65-161-35.home.otenet.gr [94.65.161.35])
	by smtp.freemail.gr (Postfix) with ESMTP id 995BE3381AA;
	Sat, 27 Dec 2008 12:05:10 +0200 (EET)
Message-ID: <4955FDD5.5020604@freemail.gr>
Date: Sat, 27 Dec 2008 12:05:09 +0200
From: Harry Lachanas <grharry@freemail.gr>
User-Agent: Icedove 1.5.0.14eol (X11/20080724)
X-Mailinglist: alpine-devel
Precedence: list
List-Id: Alpine Development <alpine-devel.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-devel+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-devel@lists.alpinelinux.org>
List-Help: <mailto:alpine-devel+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-devel+subscribe@lists.alpinelinux.org?subject=subscribe>
MIME-Version: 1.0
To: Alpine Developers <alpine-devel@lists.alpinelinux.org>
CC: Natanael Copa <natanael.copa@gmail.com>
Subject: Re: [alpine-devel] l7-filter
References: <49551EB7.60608@nothome.org>  <495553F0.1090406@freemail.gr> <1230367187.17565.21.camel@nc>
In-Reply-To: <1230367187.17565.21.camel@nc>
Content-Type: text/plain; charset=ISO-8859-7; format=flowed
Content-Transfer-Encoding: 7bit


>> Any chance to re-include layer7 support in the kernel ????
>>     
>
> Hi,
>
> I'm back from vacation.
>   
Nice to hear from U nc!  :-) However vacation was rather short ( as 
always ) :-(
anyway,
Wish U all the best for the holidays  !!!
> I'm looking to it but I have the following feeling:
>
> * it increases maintenece work as the kernel needs to be manually
> patched for every new release. The chance is fairly big that patch won't
> apply to the grsecured kernel. (havent tried though)
>
> * it might slow us down. If we want/need upgrade to a newer kernel, we
> mignt not be able to do so until l7-filter have a patch for the kernel
> we want. (looks like latest l7-filter is for 2.6.25 and *hopefully* for
> newer kernels)
>
> * it will require that iptables is patched as well.
>
> * there are generally good reason patches are not included in mainline
> kernel.
>
> So to sum up, it looks to me that it give me more work and increses risk
> that things break.
>   
I cannot disagree with U nc!
However in my opinion l7-layer is useful for protocol  centered  shaping 
and not for protocol blocking ( even though one cat do that also ).
I am not aware of any other tool that detects protocols from packet 
inspection ( don't forget the strange p2p, or ftp protocols etc  ).
So if shaping ( as in my case ) through protocol detection is required,  
then we need a tool that can do that.
I remind U that ipp2p code ( as I found out in my tests ) is probably 
screwed up by the maintainer and not functional anymore.
> How about we wait with it and re-evaluate after we got new build env
> bootable?
>
>   
The sooner the better ( I hope that the management tools will remain 
compatible, being able to boot from the new CD and read the old config 
from a writable media and  be close to 100% operational would be a major 
requirement and success ).

Cheers
Harry.




---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---