From: Phil Sutter <phil@nwl.cc>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [nf-next PATCH 0/2] Support resetting rules' state
Date: Wed, 9 Nov 2022 13:11:44 +0100 [thread overview]
Message-ID: <Y2uZAP7d1VEA4BeL@orbyte.nwl.cc> (raw)
In-Reply-To: <Y2t97iyVIMEzIF0q@salvia>
On Wed, Nov 09, 2022 at 11:16:14AM +0100, Pablo Neira Ayuso wrote:
> On Tue, Nov 08, 2022 at 05:49:25PM +0100, Phil Sutter wrote:
[...]
> > IIRC, your request at NFWS was to introduce something like:
> >
> > - reset table (for 'reset rules table')
>
> This would require to make two calls, one to NFT_MSG_GETOBJ_RESET and
> another to NFT_MSG_GETRULE_RESET:
Ah yes, there is NFT_OBJECT_UNSPEC which should allow to reset all kinds
of objects at once.
> > - reset chain (for 'reset rules chain')
>
> This could be implemented with the new NFT_MSG_GETRULE_RESET, which
> already allows to filter with chain.
Yes, it would just be an alias for 'reset rules chain'.
> So these two would only require userspace code, this can be done
> later.
ACK.
> > But the first one may seem like resetting *all* state of a table,
> > including named quotas, counters, etc. while in fact it only resets
> > state in rules.
>
> Yes, first should reset everything that is stateful and that is
> contained in the table.
>
> As said, this can be implemented later on from userspace.
>
> This is addressing all my questions then, I'm going to put this into
> nf-next.
Cool, thanks!
Cheers, Phil
prev parent reply other threads:[~2022-11-09 12:11 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-14 21:45 [nf-next PATCH 0/2] Support resetting rules' state Phil Sutter
2022-10-14 21:45 ` [nf-next PATCH 1/2] netfilter: nf_tables: Extend nft_expr_ops::dump callback parameters Phil Sutter
2022-10-14 21:45 ` [nf-next PATCH 2/2] netfilter: nf_tables: Introduce NFT_MSG_GETRULE_RESET Phil Sutter
2022-10-25 11:52 ` [nf-next PATCH 0/2] Support resetting rules' state Pablo Neira Ayuso
2022-11-08 16:49 ` Phil Sutter
2022-11-09 10:16 ` Pablo Neira Ayuso
2022-11-09 12:11 ` Phil Sutter [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y2uZAP7d1VEA4BeL@orbyte.nwl.cc \
--to=phil@nwl.cc \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.