From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 273A1C4332F for ; Fri, 9 Dec 2022 16:52:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229784AbiLIQwO (ORCPT ); Fri, 9 Dec 2022 11:52:14 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44650 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229751AbiLIQwM (ORCPT ); Fri, 9 Dec 2022 11:52:12 -0500 Received: from orbyte.nwl.cc (orbyte.nwl.cc [IPv6:2001:41d0:e:133a::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0CFB29854C for ; Fri, 9 Dec 2022 08:52:12 -0800 (PST) Received: from n0-1 by orbyte.nwl.cc with local (Exim 4.94.2) (envelope-from ) id 1p3gbL-0004oE-15; Fri, 09 Dec 2022 17:51:55 +0100 Date: Fri, 9 Dec 2022 17:51:55 +0100 From: Phil Sutter To: Pablo Neira Ayuso Cc: netfilter-devel@vger.kernel.org, Florian Westphal Subject: Re: [iptables PATCH 1/7] ebtables: Implement --check command Message-ID: Mail-Followup-To: Phil Sutter , Pablo Neira Ayuso , netfilter-devel@vger.kernel.org, Florian Westphal References: <20221201163916.30808-1-phil@nwl.cc> <20221201163916.30808-2-phil@nwl.cc> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org On Fri, Dec 09, 2022 at 04:23:49PM +0100, Pablo Neira Ayuso wrote: > On Fri, Dec 09, 2022 at 01:41:24AM +0100, Phil Sutter wrote: > > On Thu, Dec 08, 2022 at 10:40:22PM +0100, Pablo Neira Ayuso wrote: > > > On Thu, Dec 01, 2022 at 05:39:10PM +0100, Phil Sutter wrote: > > > > Sadly, '-C' is in use already for --change-counters (even though > > > > ebtables-nft does not implement this), so add a long-option only. It is > > > > needed for xlate testsuite in replay mode, which will use '--check' > > > > instead of '-C'. > > > > > > Hm, yet another of those exotic deviations (from ip{6}tables) in > > > ebtables. > > > > > > This -C is not supported by ebtables-nft, right? If so, > > > according to manpage, ebtables -C takes start_nr[:end_nr]. > > > > > > Maybe there is a chance to get this aligned with other ip{6}tables > > > tools by checking if optarg is available? Otherwise, really check the > > > ruleset? > > > > > > BTW, I'm re-reading the ebtables manpage, not sure how this feature -C > > > was supposed to be used. Do you understand the usecase? > > > > Yes, it's odd - so fits perfectly the rest of ebtables syntax. ;) > > > > There are two ways to use it: > > > > 1) ebtables -C > > 2) ebtables -C > > > > So I could check if the two parameters following the chain name are > > numbers or not to distinguish between --change-counters and --check, but > > it's ugly and with ebtables-nft not supporting one of them makes things > > actually worse. > > > > We need --check only for internal purposes, let's please just leave it > > like this - there are much more important things to work on. > > OK, just an idea in case there is a need for getting ebtables more > aligned with other xtables userspace. I'd love to, but the syntax is so far off, it's almost futile. :( Cheers, Phil