On Thu, Dec 06, 2001 at 07:41:15AM +1100, Darren Reed wrote:
> 
> People hate it being upgraded because it means they have to compile the
> various programs (ipf, ipnat, ipfstat, ipmon) and install them at the
> same time as the kernel.  Given that generally these change too, it
> should be no big deal but for whatever reason, it would seem quite a
> few people (mostly developers) run ipfilter enabled kernels that are
> much more recent than their corresponding userland.  So in short, nobody
> (except end users, it seems) wants it updated that often and then the time
> lag involved in the person maintaining it getting around to it often ends
> up with me saying "no wait for the next rev" (for good reason) and we
> go back to the start, again.

This problem is trivially resolved by simply treating changes in the 
interface to the ipf system calls just like changes in the interface to any
other system call: if you change the interface, you have to either version
the interface or bump the kernel version number.

It's simply that this *has not been done* that's irritated users in the
past AFAICT; if the ipfilter interface were more stable or the kernel
version number were bumped when non-backwards-compatible ipf changes were
made, the issue would go away (obviously, the former would be preferable
to the latter!)

-- 
Thor Lancelot Simon	                                      tls@rek.tjls.com
    And now he couldn't remember when this passion had flown, leaving him so
  foolish and bewildered and astray: can any man?
						   William Styron