> > o It's very difficult to understand the code:
> > - indentation is only 2 chars
> > - c++ , just kidding :) [very advanced c++ for me!]
> > - some prototype definitions are missing or should go into *.h files
> > e.g, Select.cc is ugly as it gets :))
>
> Well, I suppose readability is subjective, but I'm sorry you find my
> code hard to read.
It's ok, I can live with it. For my bigger coding projects I had to
realize that nothing can beat an excellent documentation and a structured
code. YMMV and I was more kidding anyway :)
> I'm one of those people who thinks 2 space indentation is a good thing :)
<OT, please do not start a flamewar>
Hey, I coded 70000+ lines spaghetti code in 80x86 assembly, then I learned
c and someone told me that good programmers indent a little bit and I fell
in love with 2 space intendation. But at a certain point I had to work in
a team where there were coding rules. It took me quite some time to accept
to use 4 or 8 chars intendation because I wasn't used to write functions
and so my statements often started at the second line. :)
I somehow got used to it and sometimes I even think it is a good thing (tm),
for me.
</OT>
> Also I like c++. I know most free projects disavow c++ but I think it
> has gotten a bad rap. I feel I have used basic c++ features such as
> templates and inheritance appropriately.
Your c++ is IMHO very good and appropriate for your project. As I said
before, I was rather kidding.
> And yes, Select.cc is an ugly hack. You seem to be good at finding them :)
Pure luck for that one, sorry. Having had a second look I couldn't find
another such thingy :)
> > o very interesting code, but very CPU intensive! I have 15000 iptables
> > rules,
> > and all together 5000 concurrent connections -> iptables -L -vnx is a pain
> > in the ass, that's why we have /proc/net/ip_masq/vs_stats.
>
> Ok, yes I see your complaint with ipchains now. That is a _lot_ of rules.
It's not a lot, at least not for us. We deploy firewalls and packetfilters
since many years and with the increasing knowledge about networking and
security you'll find out, that basic ipchains scripts are not enough anymore.
Besides, with the increasing CPU power and OS ability to successfully support
more the 8 NICs, you certainly do have this amount of rules very fast! A
problem is the failover/failback: On one of our heaviest packetfilter it
takes about 4 minutes to set up the rules. And another interesting thing is,
that network response time decreases exponentially with linear increased
amount of ipchains/iptables rules. This is not the case with ipfw for example.
> The stats are modular so I will write one for /proc/net/ip_masq/vs_stats
> (already on my TODO)
Very good. I'm sorry the stats came so late, was on our TODO list for some
time too :)
> Well, portability was not an initial design goal. Also, I work at a linux
> shop and have only linux at home so I develop for linux.
Fair enough.
> My use of pthreads is sparing, and only once do I call pthread_create().
> I'm not really sure why other OS's that claim to have pthread support
> would not work.
AFAICS, your code is portable, but I had some problems when using some, even
POSIX, thread related functions. I remember having had problem with signal
delivery on Solaris.
> Well, at the end of the INSTALL file is a known problems section. This is
> listed :)
Sorry for that. Thanks for pointing.
> The init scripts are for redhat now. Sucks but writing them portably is
> really hard. Yes everyone has ps but the switches are different in many
> places.
>
> Did I mention I hate shell scripting :)
Ohhh, don't say that to me, I love shell scripting :)
Did I mention I don't like c++ ?
> Anyways, thanks for your input.
No problem, always to your service. I think I should rather test it before
complaining ...
So long,
Roberto Nibali, ratz
--
mailto: `echo NrOatSz@xxxxxxxxx | sed 's/[NOSPAM]//g'`
|