From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [iptables-nftables PATCH 0/5] Centralizes rule parsing
Date: Tue, 20 Aug 2013 20:58:13 +0200 [thread overview]
Message-ID: <20130820185813.GA11790@localhost> (raw)
In-Reply-To: <1376913846-15996-1-git-send-email-tomasz.bursztyka@linux.intel.com>
On Mon, Aug 19, 2013 at 03:04:01PM +0300, Tomasz Bursztyka wrote:
> Hi,
>
> Here are the patches that refactors how rules are parsed. So now it's done in one unique place for all operations.
>
> And it adds a function to reset the counters with -Z since it's trivial to do so with such parsing strategy.
>
> Tomasz Bursztyka (5):
> nft: Parse fully and properly at once a rule into a cs
> nft: Refactor firewall printing so it reuses already parsed cs struct
> nft: Refactor rule deletion so it compares both cs structure
> xtables: nft: Complete refactoring on how rules are saved
I have collapsed these four patches in one single, we need that the
repository remains consistent between patches, that includes that new
functions need to have a client in the same patch.
The patch that I applied includes several things that I manually
fixed.
* IPv6 address printing was not working.
* Remove -4/-6 from the xtables-save output, we need exactly the same
output like iptables-save. It is only shown in xtables-events.
* Fix match/target aliasing, this one was not so obvious, as it's a
relatively new thing.
* Some coding style issue, this is prefered:
function(a, b, c, d,
e, f, g);
rather than:
function(a, b, c, d,
e, f, g);
I like that we saved 300 LOC with this. I have also applied one patch
to fix the wrong interpretation of the flags with IPv6.
> nft: Add a function to reset the counters of an existing rule
Also applied this one.
Thanks.
prev parent reply other threads:[~2013-08-20 18:58 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-19 12:04 [iptables-nftables PATCH 0/5] Centralizes rule parsing Tomasz Bursztyka
2013-08-19 12:04 ` [iptables-nftables PATCH 1/5] nft: Parse fully and properly at once a rule into a cs Tomasz Bursztyka
2013-08-19 12:04 ` [iptables-nftables PATCH 2/5] nft: Refactor firewall printing so it reuses already parsed cs struct Tomasz Bursztyka
2013-08-19 12:04 ` [iptables-nftables PATCH 3/5] nft: Refactor rule deletion so it compares both cs structure Tomasz Bursztyka
2013-08-19 12:04 ` [iptables-nftables PATCH 4/5] xtables: nft: Complete refactoring on how rules are saved Tomasz Bursztyka
2013-08-19 12:04 ` [iptables-nftables PATCH 5/5] nft: Add a function to reset the counters of an existing rule Tomasz Bursztyka
2013-08-20 18:58 ` Pablo Neira Ayuso [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130820185813.GA11790@localhost \
--to=pablo@netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=tomasz.bursztyka@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.