From: Patrick McHardy <kaber@trash.net>
To: Massimiliano Hofer <max@nucleus.it>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: [PATCH] entry_data
Date: Tue, 20 Jun 2006 03:29:21 +0200 [thread overview]
Message-ID: <44974F71.3050209@trash.net> (raw)
In-Reply-To: <200606200105.04286.max@nucleus.it>
Massimiliano Hofer wrote:
> On Monday 19 June 2006 7:45 pm, Patrick McHardy wrote:
>
>
>>>This leads me to a more radical proposal. Is there any reason we don't
>>>have a general way to negate matches? It wouldn't be too difficult and we
>
> [...]
>
>>It would be useful for some matches (basically those that only check
>>a single attribute), others may want to combine negated matching
>>on some attributes with non-negated matching on others. In these
>
>
> I agree with you.
> Let's suppose we want to implement this feature and we don't want to cause
> major breakage. I can't find a suitable bit in xt_entry_match, but we could
> define a "wrapper match". We could set u.name to "!" or something similar and
> data to:
>
> struct {
> int invert;
> struct xt_entry_match nested_xt_entry_match;
> };
>
> Similar wrappers would effectively transform a simple linear data structure in
> a tree, so I don't think this is a thing we should endorse lighly.
I'm not sure how much effort we should put into glueing a generic
method around the matches, most already support proper negation and
we can just add it for the few(?) remaining ones manually (and I
don't accept new matches without proper negation support) and hope
for everything to get better with pkttables :)
next prev parent reply other threads:[~2006-06-20 1:29 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-06-04 22:29 [PATCH] entry_data Massimiliano Hofer
2006-06-11 23:19 ` Massimiliano Hofer
2006-06-12 9:50 ` Pablo Neira Ayuso
2006-06-12 12:45 ` Massimiliano Hofer
2006-06-13 15:19 ` Pablo Neira Ayuso
2006-06-13 20:56 ` Massimiliano Hofer
2006-06-19 0:15 ` Pablo Neira Ayuso
2006-06-19 7:02 ` Massimiliano Hofer
2006-06-19 23:37 ` Pablo Neira Ayuso
2006-06-20 1:39 ` Patrick McHardy
2006-06-14 9:03 ` Sven Anders
2006-06-17 22:55 ` Massimiliano Hofer
2006-06-19 17:45 ` Patrick McHardy
2006-06-19 23:05 ` Massimiliano Hofer
2006-06-20 1:29 ` Patrick McHardy [this message]
2006-06-19 17:34 ` Patrick McHardy
2006-06-19 22:35 ` Massimiliano Hofer
2006-06-19 23:13 ` Patrick McHardy
2006-06-20 11:25 ` Massimiliano Hofer
2006-06-20 13:17 ` Patrick McHardy
2006-06-21 0:03 ` [PATCH] priv_data (formerly entry_data) Massimiliano Hofer
2006-06-21 0:30 ` Patrick McHardy
2006-06-21 0:45 ` Massimiliano Hofer
2006-06-21 1:04 ` Patrick McHardy
2006-06-21 8:31 ` Massimiliano Hofer
2006-06-21 23:50 ` Massimiliano Hofer
2006-06-22 15:18 ` Patrick McHardy
2006-06-21 0:33 ` Massimiliano Hofer
2006-06-21 0:42 ` Massimiliano Hofer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44974F71.3050209@trash.net \
--to=kaber@trash.net \
--cc=max@nucleus.it \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.