Raj Mathur <[EMAIL PROTECTED]> writes:

> 
> OK, let me rephrase -- even if you can have packets for two different 
> applications arriving on the same TCP port, actually doing so would be 
> going against one of the basic design tenets of IP (the unique 
> address/protocol/port identifier).
> 
> I'd strongly recommend against such a setup.  Apart from being totally 
> incomprehensible to anyone else (or even to yourself 6 months after you 
> set it up), it'll be impossible to replicate properly, and extremely 
> fragile -- you don't write applications that break when a client 
> upgrade changes the value of one bit in a packet somewhere.
>
 
Is it fragile if iptables marks the packets in, say, unused bits of the
tos settings of the tcp/ip packet just after the generator sends it?

(I'm assuming this tag will traverse the net without problems so it can
be filtered according to tos by iptables at the other end - I don't
know how that may work in practice - it seems convenient. I'm sure you
have a better idea than I do.)

> All in all, a horribly dirty hack which I personally wouldn't touch with 
> a 20-metre barge pole.

If it's documented how the marking is done and it traverses without causing
hiccups, then it looks like a pretty clean hack (iptables being the only
places the implementor has to do stuff), given the conditions the original
poster has to follow.

I'm almost inspired to test it out myself...

PJ




_______________________________________________
ilugd mailinglist -- ilugd@lists.linux-delhi.org
http://frodo.hserus.net/mailman/listinfo/ilugd
Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi 
http://www.mail-archive.com/ilugd@lists.linux-delhi.org/

Reply via email to