Understanding Linux Network Internals 1.5当一..
时间:2006-02-26 来源:icedragon
1.5. When a Feature Is Offered as a Patch
The kernel networking code is continuously evolving. Not only does it integrate new features, but existing components sometimes undergo design changes to achieve more modularity and higher performance. This obviously makes Linux very attractive as an embedded operating system for network appliance products (routers, switches, firewalls, load balancers, etc.). 1.5节 当一个特征以补丁方式提交的时候
网络密码的核心不断进化。 不只它整合新的特征, 但是现有的成份有时遭受设计变化达成较多的模组化和较高的表现。 这显然地为使 Linux 对于网络用具产品来说(路由器,交换机,防火墙,负载平衡, 等等。)成为一个非常吸引人的嵌入式操作系统。 Because anyone can develop a new feature for the Linux kernel, or extend or reimplement an existing one, the greatest thrill for any "open" developer is to see her work make it to the official kernel release. Sometimes, however, that is not possible or it may take a long time, even when a project has valuable features and is well implemented. Common reasons include: 任何人都能为 Linux 内核发展一个新的特征, 或扩充或者再实现一个现有的特征。最令人兴奋的是因为任何的 " 开源 " 开发者能在官方的内核发行中见到自己工作所制造的那部分。 然而,有时候那是不可能的,因为它可能花很长的时间,即使当计划一个有有价值的特征并且会很好的实现。 通常的理由包括: The code may not have been written following the guidelines in Documentation/CodingStyle. 代码可能没有按照规定的代码风格来书写。 Another major project that provides the same functionality has been around for some time and has already received the green light from the Linux community and from the key kernel developers that maintain the associated kernel area. 在邻近的时间,另外一个相类似功能性的计划已经被 linux 团队和维护关联内核区域的主要内核开发者所接受。
There is too much overlap with another kernel component. In a case like this, the best approach is to remove the redundant functionality and use existing functionality where possible, or to extend the latter so that it can be used in new contexts. This situation underlines the importance of modularity. 用另外的一个核心成份有太多重叠。 在一情况喜欢这, 最好的方式是去掉多余的功能性和尽可能使用现有的功能性, 或者扩充后者以便它能被用于新的前后关系中。 这种情形是强调模块化的重要性。
The size of the project and the amount of work required to maintain it in a quick-changing kernel may lead the new project's developers to keep it as a separate patch and release a new version only once in a while. 工程的大小和维持它所必须的工作量在一个容易改变的内核中可能致使新工程的开发者实现它作为一个单独的补丁或者一次发放一个新的版本。
The feature would be used only in very specific scenarios, considered not necessary in a general-purpose operating system. In this case, a separate patch is often the best solution. 这种特征只会被用于非常特定的情节。 在一个多通途型的操作系统中是不被视为必须的,所以分开的补丁通常是最好的解决方法。
The overall design may not satisfy some key kernel developers. These experts usually have the big picture in mind, concerning both where the kernel is and where it is going. Often, they request design changes to make a feature fit into the kernel the right way. 全部的设计不可能使一些主要内核开发者满意。 这些专家脑中通常有大场景, 关于两者的内核在哪里和它要向哪里发展。 经常,他们请求设计的变化使特征成为更适合内核的正确的方法。 Sometimes, overlap between features is hard to remove completely, perhaps, for example, because a feature is so flexible that its different uses become apparent only after some time. For example, the firewall has hooks in several places in the network stack. This makes it unnecessary for other features to implement any filtering or marking of data packets going in any direction: they can simply rely on the firewall. Of course, this creates dependencies (for example, if the routing subsystem wants to mark traffic matching specific criteria, the kernel must include support for the firewall). Also, the firewall maintainers must be ready to accept reasonable enhancement requests when they are deemed to be required by other kernel features. However, the compromise is often worth the gain: less redundant code means fewer bugs, easier code maintenance, simplified code paths, and other benefits. 因为一个特征是很灵活的,所以有时,也许在特征之间重叠的部分很难被完全地移除, 举例来说,因而它的不同只有在使用一些时间之后变的明显。
举例来说,防火墙在网络堆栈的一些地方中有钩子 这使其他的特征不必要实现任何的过滤或进入任何方向的数据包的标记: 他们只是依赖防火墙。
当然,这将产生依赖。 (举例来说,如果路由子系统想要为相配的特定的标准通信量作标记, 内核一定要包括对防火墙的支持) 同时, 当他们被认为被内核其他特征所需要的时候,防火墙维护人员必须做好的一定准备去接受增加了的合理请求。然而, 妥协时常是价值的:较少的多余代码意味着更少的bug,更低廉的维护费用,更简易的代码补丁和其他的益处。 An example of a recent cleanup of feature overlap is the removal of stateless Network Address Translation (NAT) support by the routing code in version 2.6 of the kernel. The developers realized that the stateful NAT support in the firewall is more flexible, and therefore that it was no longer worthwhile maintaining stateless NAT code (although it is faster and consumes less memory). Note that a new module could be written for Netfilter at any time to provide stateless NAT support if necessary.
清除特征重叠的最近的一个例子在 2.6 版的内核中是移除无状态的网络住址转换 (NAT) 支持的路由代码。 开发者认识到在防火墙的完整状态的 NAT 支持更灵活, 因此不再值得花时间维持没状态的 NAT 代码.(虽然它比较快速而且消耗比较少的内存) 注意:如果有需要的话,一个新的模块可能随时被网络过滤(Netfilter) 所改写在没有状态的 NAT 提供支持。
The kernel networking code is continuously evolving. Not only does it integrate new features, but existing components sometimes undergo design changes to achieve more modularity and higher performance. This obviously makes Linux very attractive as an embedded operating system for network appliance products (routers, switches, firewalls, load balancers, etc.). 1.5节 当一个特征以补丁方式提交的时候
网络密码的核心不断进化。 不只它整合新的特征, 但是现有的成份有时遭受设计变化达成较多的模组化和较高的表现。 这显然地为使 Linux 对于网络用具产品来说(路由器,交换机,防火墙,负载平衡, 等等。)成为一个非常吸引人的嵌入式操作系统。 Because anyone can develop a new feature for the Linux kernel, or extend or reimplement an existing one, the greatest thrill for any "open" developer is to see her work make it to the official kernel release. Sometimes, however, that is not possible or it may take a long time, even when a project has valuable features and is well implemented. Common reasons include: 任何人都能为 Linux 内核发展一个新的特征, 或扩充或者再实现一个现有的特征。最令人兴奋的是因为任何的 " 开源 " 开发者能在官方的内核发行中见到自己工作所制造的那部分。 然而,有时候那是不可能的,因为它可能花很长的时间,即使当计划一个有有价值的特征并且会很好的实现。 通常的理由包括: The code may not have been written following the guidelines in Documentation/CodingStyle. 代码可能没有按照规定的代码风格来书写。 Another major project that provides the same functionality has been around for some time and has already received the green light from the Linux community and from the key kernel developers that maintain the associated kernel area. 在邻近的时间,另外一个相类似功能性的计划已经被 linux 团队和维护关联内核区域的主要内核开发者所接受。
There is too much overlap with another kernel component. In a case like this, the best approach is to remove the redundant functionality and use existing functionality where possible, or to extend the latter so that it can be used in new contexts. This situation underlines the importance of modularity. 用另外的一个核心成份有太多重叠。 在一情况喜欢这, 最好的方式是去掉多余的功能性和尽可能使用现有的功能性, 或者扩充后者以便它能被用于新的前后关系中。 这种情形是强调模块化的重要性。
The size of the project and the amount of work required to maintain it in a quick-changing kernel may lead the new project's developers to keep it as a separate patch and release a new version only once in a while. 工程的大小和维持它所必须的工作量在一个容易改变的内核中可能致使新工程的开发者实现它作为一个单独的补丁或者一次发放一个新的版本。
The feature would be used only in very specific scenarios, considered not necessary in a general-purpose operating system. In this case, a separate patch is often the best solution. 这种特征只会被用于非常特定的情节。 在一个多通途型的操作系统中是不被视为必须的,所以分开的补丁通常是最好的解决方法。
The overall design may not satisfy some key kernel developers. These experts usually have the big picture in mind, concerning both where the kernel is and where it is going. Often, they request design changes to make a feature fit into the kernel the right way. 全部的设计不可能使一些主要内核开发者满意。 这些专家脑中通常有大场景, 关于两者的内核在哪里和它要向哪里发展。 经常,他们请求设计的变化使特征成为更适合内核的正确的方法。 Sometimes, overlap between features is hard to remove completely, perhaps, for example, because a feature is so flexible that its different uses become apparent only after some time. For example, the firewall has hooks in several places in the network stack. This makes it unnecessary for other features to implement any filtering or marking of data packets going in any direction: they can simply rely on the firewall. Of course, this creates dependencies (for example, if the routing subsystem wants to mark traffic matching specific criteria, the kernel must include support for the firewall). Also, the firewall maintainers must be ready to accept reasonable enhancement requests when they are deemed to be required by other kernel features. However, the compromise is often worth the gain: less redundant code means fewer bugs, easier code maintenance, simplified code paths, and other benefits. 因为一个特征是很灵活的,所以有时,也许在特征之间重叠的部分很难被完全地移除, 举例来说,因而它的不同只有在使用一些时间之后变的明显。
举例来说,防火墙在网络堆栈的一些地方中有钩子 这使其他的特征不必要实现任何的过滤或进入任何方向的数据包的标记: 他们只是依赖防火墙。
当然,这将产生依赖。 (举例来说,如果路由子系统想要为相配的特定的标准通信量作标记, 内核一定要包括对防火墙的支持) 同时, 当他们被认为被内核其他特征所需要的时候,防火墙维护人员必须做好的一定准备去接受增加了的合理请求。然而, 妥协时常是价值的:较少的多余代码意味着更少的bug,更低廉的维护费用,更简易的代码补丁和其他的益处。 An example of a recent cleanup of feature overlap is the removal of stateless Network Address Translation (NAT) support by the routing code in version 2.6 of the kernel. The developers realized that the stateful NAT support in the firewall is more flexible, and therefore that it was no longer worthwhile maintaining stateless NAT code (although it is faster and consumes less memory). Note that a new module could be written for Netfilter at any time to provide stateless NAT support if necessary.
清除特征重叠的最近的一个例子在 2.6 版的内核中是移除无状态的网络住址转换 (NAT) 支持的路由代码。 开发者认识到在防火墙的完整状态的 NAT 支持更灵活, 因此不再值得花时间维持没状态的 NAT 代码.(虽然它比较快速而且消耗比较少的内存) 注意:如果有需要的话,一个新的模块可能随时被网络过滤(Netfilter) 所改写在没有状态的 NAT 提供支持。
相关阅读 更多 +