From: Patrick McHardy <kaber@trash.net>
To: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>,
Eric Leblond <eric@regit.org>,
netfilter-devel@vger.kernel.org
Subject: Re: [RFC PATCH 0/1] add insert after to nf_tables
Date: Thu, 20 Jun 2013 12:46:21 +0200 [thread overview]
Message-ID: <20130620104621.GC31140@macbook.localnet> (raw)
In-Reply-To: <51C2DB10.1060607@linux.intel.com>
On Thu, Jun 20, 2013 at 01:36:00PM +0300, Tomasz Bursztyka wrote:
> Hi Pablo,
>
> >>Hum, how?
> >>The handle it will get from the notification is the handle of the
> >>newly created rule, not the one used to identify the rule for
> >>insertion.
> >That's right. I don't come with any other way to make it rather than
> >adding a new attribute.
>
> Yes, though it breaks the design logic of the current API, somehow.
>
> I mean, attributes are currently reflecting the rule as it is, and
> are used symmetrically in queries/replies.
>
> Here what we need is a temporary extra attribute, or some sort, only
> used for the notification.
>
> Either via:
>
> we don't add an element to enum nft_rule_attributes {}, instead we
> create another enum for attributes only used on notification.
> like enum nft_rule_extras_notifications_attributes {}
>
>
> Or via (maybe better for nla policy way of working?):
>
> Adding a nft_rule_attributes as NFTA_RULE_EXTRAS_NOTIFICATIONS as a
> nested attribute
> and then enum nft_rule_extras_notifications_attributes {} again, etc etc...
>
>
> It's just a quick proposal, but my point here is to keep the API
> semantically sane.
> So it won't require extra guesses to understand how it's supposed to work
> (as it is right now: it's a sane API, besides the lonely
> NFT_RULE_F_COMMIT in its anonymous enum)
>
> Maybe there is a better way, probably. But you get my point.
We could instead of using NLA_RULE_HANDLE for the position add a new
attribute NLA_RULE_POSITION and use that both for creating rules and
for notifications. It would always be set and contain the handle of
the rule preceeding the new rule (for NLM_F_APPEND) or the one
following it (for !NLM_F_APPEND).
next prev parent reply other threads:[~2013-06-20 10:46 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-19 8:03 [RFC PATCH 0/1] add insert after to nf_tables Eric Leblond
2013-06-19 8:03 ` [PATCH] netfilter: nf_tables: add insert operation Eric Leblond
2013-06-19 8:04 ` [libnftables PATCH] examples: add insert rule example Eric Leblond
2013-06-19 9:47 ` [RFC PATCH 0/1] add insert after to nf_tables Tomasz Bursztyka
2013-06-20 9:42 ` Pablo Neira Ayuso
2013-06-20 9:52 ` Tomasz Bursztyka
2013-06-20 10:10 ` Pablo Neira Ayuso
2013-06-20 10:36 ` Tomasz Bursztyka
2013-06-20 10:46 ` Patrick McHardy [this message]
2013-06-20 10:59 ` Tomasz Bursztyka
2013-06-20 12:17 ` Eric Leblond
2013-06-28 21:05 ` [RFC PATCHv2] netfilter: nf_tables: add insert operation Eric Leblond
2013-06-29 10:24 ` Pablo Neira Ayuso
2013-07-06 15:31 ` [PATCHv3 nftables insert operation] Eric Leblond
2013-07-06 15:31 ` [PATCH] netfilter: nf_tables: add insert operation Eric Leblond
2013-07-07 21:56 ` Pablo Neira Ayuso
2013-07-08 22:56 ` [PATCHv4 nftables insert operation 0/1] Eric Leblond
2013-07-08 22:56 ` [PATCHv4] netfilter: nf_tables: add insert operation Eric Leblond
2013-07-15 10:48 ` Pablo Neira Ayuso
2013-07-15 17:27 ` Eric Leblond
2013-07-15 23:57 ` Pablo Neira Ayuso
2013-07-16 7:35 ` Eric Leblond
2013-07-16 10:00 ` Pablo Neira Ayuso
2013-07-16 10:07 ` Eric Leblond
2013-07-19 7:45 ` [PATCHv5] " Eric Leblond
2013-07-19 12:49 ` Pablo Neira Ayuso
2013-07-08 23:00 ` [nftables PATCH] rule: honor flag argument during rule creation Eric Leblond
2013-07-06 15:33 ` [libnftables PATCH 1/4] rule: add support for position attribute Eric Leblond
2013-07-06 15:33 ` [libnftables PATCH 2/4] examples: add insert rule example Eric Leblond
2013-07-19 12:31 ` Pablo Neira Ayuso
2013-07-06 15:33 ` [libnftables PATCH 3/4] rule: display position in default printf Eric Leblond
2013-07-19 12:32 ` Pablo Neira Ayuso
2013-07-06 15:33 ` [libnftables PATCH 4/4] rule: change type of function to use const Eric Leblond
2013-07-19 12:32 ` Pablo Neira Ayuso
2013-07-19 12:31 ` [libnftables PATCH 1/4] rule: add support for position attribute Pablo Neira Ayuso
2013-07-06 15:33 ` [nftables PATCH] Add support for insertion inside rule list Eric Leblond
2013-07-19 12:28 ` Pablo Neira Ayuso
2013-07-19 14:31 ` Eric Leblond
2013-07-19 15:50 ` Pablo Neira Ayuso
2013-07-01 7:01 ` [RFC PATCHv2] netfilter: nf_tables: add insert operation Tomasz Bursztyka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130620104621.GC31140@macbook.localnet \
--to=kaber@trash.net \
--cc=eric@regit.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=tomasz.bursztyka@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.