Raj Mathur <[EMAIL PROTECTED]> writes: > > OK, let me rephrase -- even if you can have packets for two different > applications arriving on the same TCP port, actually doing so would be > going against one of the basic design tenets of IP (the unique > address/protocol/port identifier). > > I'd strongly recommend against such a setup. Apart from being totally > incomprehensible to anyone else (or even to yourself 6 months after you > set it up), it'll be impossible to replicate properly, and extremely > fragile -- you don't write applications that break when a client > upgrade changes the value of one bit in a packet somewhere. > Is it fragile if iptables marks the packets in, say, unused bits of the tos settings of the tcp/ip packet just after the generator sends it?
(I'm assuming this tag will traverse the net without problems so it can be filtered according to tos by iptables at the other end - I don't know how that may work in practice - it seems convenient. I'm sure you have a better idea than I do.) > All in all, a horribly dirty hack which I personally wouldn't touch with > a 20-metre barge pole. If it's documented how the marking is done and it traverses without causing hiccups, then it looks like a pretty clean hack (iptables being the only places the implementor has to do stuff), given the conditions the original poster has to follow. I'm almost inspired to test it out myself... PJ _______________________________________________ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
