Re: [m0n0wall] OpenVPN, switching to m0n0

From:	Peter Allgeyer <allgeyer at web dot de>
To:	Kris Maglione <bsdaemon at comcast dot net>
Cc:	m0n0wall dash dev at lists dot m0n0 dot ch, m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] OpenVPN, switching to m0n0
Date:	Wed, 21 Sep 2005 11:23:22 +0200

X-Post to m0n0wall-dev list. IMHO, we should discuss this only there.

Am Dienstag, den 20.09.2005, 22:22 -0400 schrieb Kris Maglione:
> Actually, my idea was to add a field to each rule saying what it depends 
> on. If the dependency can't be found, the rule is void, and should be 
> deleted.
> 
> i.e. a firewall rule would have <depend component="NAT" ruleid="<some 
> hash>" />

And an interface definition has an entry like:
<depend component="filter" ruleid="<some hash>"
<depend component="NAT" ruleid="<some hash>"

No, I don't think that this is a passable way to go. From what the
current design is, I would prefer an extra datastructure. Call it
dependency tree. It's a container, where you can fill in fields, if you
add a rule and it can be be checked, if a rule is to be deleted. The
structure should be a sorted tree for better searching, what kind of
tree is a discussion for its own. There may be other solutions to this,
if we switch to an OO design, but this is a place other people do know
more about than I.

> This is obviously not something for the 1.2beta line.
Totally agree about this. But it's a good point to consider for 1.3.

Ciao ...
	... PIT ...


---------------------------------------------------------------------------
 copyleft(c) by |           This code passes Torvalds test grades 0, 1 and
 Peter Allgeyer |   _-_     2 (it looks ok, it compiles and it booted).
                | 0(o_o)0   -- Alan Cox
---------------oOO--(_)--OOo-----------------------------------------------