From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [libnftables PATCH 2/2] Basic support for printing nft_data_reg in XML format.
Date: Thu, 4 Apr 2013 14:33:30 +0200 [thread overview]
Message-ID: <20130404123330.GA6069@localhost> (raw)
In-Reply-To: <CAOkSjBhNJAfa18_W8deetS=97X18H-5W=Z5n1a8txYm3WOzEjw@mail.gmail.com>
On Wed, Apr 03, 2013 at 02:38:38PM +0200, Arturo Borrero Gonzalez wrote:
> 2013/4/2 Pablo Neira Ayuso <pablo@netfilter.org>:
> > On Tue, Apr 02, 2013 at 07:18:39PM +0200, Arturo Borrero Gonzalez wrote:
> >> If cmp and bitwise are going to always have DATA_VALUE, and imm
> >> depending on what was set, I think we could do:
> >>
> >> int nft_data_reg_snprintf(char *buf, union data_reg *data, int type, ...)
> >> switch(type)
> >> return nft_data_reg_snprintf_'type'(buf, data, ...)
> >
> > where 'type' can be: value, verdict or chain.
> >
> >> And the same applies when parsing XML.
> >
> > Exactly.
>
> I propose to use this format:
>
> for DATA_VALUE:
>
> <expr type=cmp>
> [...]
> <cmpdata>
> <data_reg type=value>
> <len>N</len>
> <data0>reg->val[i]</data0>
> [...]
> <dataN>reg->val[n]</dataN>
> </data_reg>
> </cmpdata>
> </expr>
>
> This way we also export/import the len of reg->val (actually reg->len)
>
> For DATA_VERDICT or DATA_CHAIN:
> <data_reg type=verdict>
> <verdict>int</verdict>
> <chain>string</chain>
> </data_reg>
>
> assuming verdict and chain are always used together, despite of node
> '<verdict>' or '<chain>' being not set (but present with no value)
>
> For DATA_VERDICT or DATA_CHAIN:
> <data_reg type=verdict>
> <verdict>int</verdict>
> <chain>string</chain>
> </data_reg>
The verdict and the chain are mutually exclusive. So it has to be:
* For DATA_VERDICT:
<data_reg type=verdict>
<verdict>string</verdict>
</data_reg>
where string can be accept, drop, return. Better use the string than
the value, it's human readable and people can edit it without knowing
the mapping between values and verdicts.
* For DATA_CHAIN:
<data_reg type=verdict>
<chain>string</chain>
</data_reg>
where string is the chain name. This chain is the chain to jump in
case of matching (like in iptables: -j some_chain).
Regards.
prev parent reply other threads:[~2013-04-04 12:33 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-29 15:34 [libnftables PATCH 0/2] Arturo Borrero
2013-03-29 15:34 ` [libnftables PATCH 1/2] Fix a typo in src/expr/match Arturo Borrero
2013-03-29 15:34 ` [libnftables PATCH 2/2] Basic support for printing nft_data_reg in XML format Arturo Borrero
2013-04-02 11:41 ` Pablo Neira Ayuso
2013-04-02 17:18 ` Arturo Borrero Gonzalez
2013-04-02 19:32 ` Pablo Neira Ayuso
2013-04-03 12:38 ` Arturo Borrero Gonzalez
2013-04-04 12:33 ` Pablo Neira Ayuso [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130404123330.GA6069@localhost \
--to=pablo@netfilter.org \
--cc=arturo.borrero.glez@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.