From: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
To: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Cc: Netfilter Development Mailing list
<netfilter-devel@vger.kernel.org>,
Pablo Neira Ayuso <pablo@netfilter.org>
Subject: Re: [RFC nftables kernel PATCH] netfilter: nf_tables: fix nft_meta_target module
Date: Thu, 28 Nov 2013 15:32:29 +0200 [thread overview]
Message-ID: <529745ED.5050201@linux.intel.com> (raw)
In-Reply-To: <CAOkSjBj+XER8sn1eakaTDyDJPUn=t50WFYLE8zF4uP7Ef9TTOA@mail.gmail.com>
Hi Arturo,
>> All expression have a short, one-word based name, which is nice.
> Yes, any suggestion?
Always the tricky part ^^ (complaining about is easy...).
But we might avoid that:
>> Anyway, doesn't it work already: if you create an immediate expression (to
>> load the value you want, at default dreg 0 aka NFT_REG_VERDICT) and a meta
>> expression without the NFTA_META_DREG set? (didn't try myself)
>>
> I commented the immediate load with Pablo. He suggested the value to
> be fetched from the metatarget directly.
Ok I see it optimize things, then below:
>> If not maybe there is a shorter way to fix this, instead of creating a full
>> new expression. Looks like it was the original plan.
>>
> You mean the original plan was to avoid creating a new expression?
> In that case, I will have to revisit this, as I wasn't considering
> this approach.
Thus, why not adding an attribute to the meta expression. Like:
NFTA_META_SVAL? (Of course NFTA_META_DREG and this new attribute are
mutually exclusive)
I guess then you only need to adapt struct nft_policy in
nft_meta_target.c to handle it, and adding value element in its nft_meta
struct, and there you are.
Less code and API change.
Tomasz
next prev parent reply other threads:[~2013-11-28 13:32 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-28 11:15 [RFC nftables kernel PATCH] netfilter: nf_tables: fix nft_meta_target module Arturo Borrero Gonzalez
2013-11-28 12:33 ` Tomasz Bursztyka
2013-11-28 13:15 ` Arturo Borrero Gonzalez
2013-11-28 13:32 ` Tomasz Bursztyka [this message]
2013-11-28 14:33 ` Arturo Borrero Gonzalez
2013-11-29 5:52 ` Tomasz Bursztyka
2013-12-04 13:21 ` Pablo Neira Ayuso
2013-12-04 13:30 ` Tomasz Bursztyka
2013-12-04 15:05 ` Arturo Borrero Gonzalez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=529745ED.5050201@linux.intel.com \
--to=tomasz.bursztyka@linux.intel.com \
--cc=arturo.borrero.glez@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.