From: Florian Westphal <fw@strlen.de>
To: Christoph Anton Mitterer <mail@christoph.anton.mitterer.name>
Cc: netfilter-devel@vger.kernel.org, pablo@netfilter.org
Subject: Re: [PATCH v3 1/6] doc: fix/improve documentation of verdicts
Date: Mon, 20 Oct 2025 11:28:25 +0200 [thread overview]
Message-ID: <aPYAuQ89M7Z7doVJ@strlen.de> (raw)
In-Reply-To: <20251019014000.49891-2-mail@christoph.anton.mitterer.name>
Christoph Anton Mitterer <mail@christoph.anton.mitterer.name> wrote:
> +*drop*:: Immediately drop the packet and terminate ruleset evaluation.
> + This means no further evaluation of any chains and it’s thus – unlike with
> + *accept* – not possible to again change the ultimate fate of the packet in any
> + later chain.
> +
> +
> +Terminate ruleset evaluation and drop the packet. This occurs
Hmm, looks like something went wrong during a rebase?
Why are there 2 blank lines followed by a rephrase of the first
sentence?
> +For example, a *reject* also immediately terminates the evaluation of the
> +current rule as well as of all chains, overrules any *accept* from any other chains and can itself not be
> +overruled, while the various NAT statements may be overruled by other *drop*
> +verdict respectively statements that imply this.
I totally dislike this sorry :-(
There is no overruling, there is no 'verdict state tracking'.
Or would you say that a qdisc that dropped a packet overruled a nft accept
verdict...?
Sorry for spinning on this again and again.
Its important to me that users understand that packets traverse through netfilter hooks
one after another until a drop verdict is seen or there are no more hooks.
In a way, *accept* moves packet to the next basechain/hook, but thats
all there is to it.
All this talk about *overrule* makes it sound much more complicated than it is.
Can you re-send this patch standalone, without this pragraph?
Or perhaps just the 'For example, a *reject* also immediately *drops*
the packet'.
I did not spot anything else other than the format nit above.
next prev parent reply other threads:[~2025-10-20 9:28 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-25 0:07 nft manpage/wiki issues and improvement ideas Christoph Anton Mitterer
2025-09-25 7:35 ` Pablo Neira Ayuso
2025-09-25 20:37 ` Christoph Anton Mitterer
2025-09-26 1:52 ` [PATCH 0/7] doc: miscellaneois improvements Christoph Anton Mitterer
2025-09-26 1:52 ` [PATCH 1/7] doc: clarify evaluation of chains Christoph Anton Mitterer
2025-09-26 1:52 ` [PATCH 2/7] doc: fix/improve documentation of verdicts Christoph Anton Mitterer
2025-09-30 10:50 ` Florian Westphal
2025-10-02 14:50 ` Christoph Anton Mitterer
2025-10-02 15:21 ` Florian Westphal
2025-10-10 23:06 ` Christoph Anton Mitterer
2025-09-26 1:52 ` [PATCH 3/7] doc: minor improvements with respect to the term “ruleset” Christoph Anton Mitterer
2025-09-26 1:52 ` [PATCH 4/7] doc: add overall description of the ruleset evaluation Christoph Anton Mitterer
2025-09-30 11:50 ` Florian Westphal
2025-10-10 23:07 ` Christoph Anton Mitterer
2025-09-26 1:52 ` [PATCH 5/7] doc: add some more documentation on bitmasks Christoph Anton Mitterer
2025-09-30 11:51 ` Florian Westphal
2025-09-30 11:53 ` Florian Westphal
2025-09-26 1:52 ` [PATCH 6/7] doc: describe include’s collation order to be that of the C locale Christoph Anton Mitterer
2025-09-26 1:52 ` [PATCH 7/7] doc: describe how values match sets Christoph Anton Mitterer
2025-09-26 2:32 ` nft manpage/wiki issues and improvement ideas Christoph Anton Mitterer
2025-10-11 0:23 ` [PATCH v2 0/7] doc: miscellaneous improvements Christoph Anton Mitterer
2025-10-11 0:23 ` [PATCH v2 1/7] doc: clarify evaluation of chains Christoph Anton Mitterer
2025-10-15 11:46 ` Florian Westphal
2025-10-11 0:23 ` [PATCH v2 2/7] doc: fix/improve documentation of verdicts Christoph Anton Mitterer
2025-10-15 11:42 ` Florian Westphal
2025-10-17 2:30 ` Christoph Anton Mitterer
2025-10-18 13:25 ` Florian Westphal
2025-10-19 0:11 ` Christoph Anton Mitterer
2025-10-11 0:23 ` [PATCH v2 3/7] doc: minor improvements with respect to the term “ruleset” Christoph Anton Mitterer
2025-10-15 11:51 ` Florian Westphal
2025-10-11 0:24 ` [PATCH v2 4/7] doc: add overall description of the ruleset evaluation Christoph Anton Mitterer
2025-10-20 9:39 ` Florian Westphal
2025-10-20 23:48 ` Christoph Anton Mitterer
2025-10-11 0:24 ` [PATCH v2 5/7] doc: add some more documentation on bitmasks Christoph Anton Mitterer
2025-10-18 13:32 ` Florian Westphal
2025-10-19 1:31 ` Christoph Anton Mitterer
2025-10-11 0:24 ` [PATCH v2 6/7] doc: describe include’s collation order to be that of the C locale Christoph Anton Mitterer
2025-10-18 13:35 ` Florian Westphal
2025-10-18 22:13 ` Christoph Anton Mitterer
2025-10-11 0:24 ` [PATCH v2 7/7] doc: describe how values match sets Christoph Anton Mitterer
2025-10-18 13:51 ` Florian Westphal
2025-10-19 1:50 ` Christoph Anton Mitterer
2025-10-19 1:38 ` [PATCH v3 0/6] doc: miscellaneous improvements Christoph Anton Mitterer
2025-10-19 1:38 ` [PATCH v3 1/6] doc: fix/improve documentation of verdicts Christoph Anton Mitterer
2025-10-20 9:28 ` Florian Westphal [this message]
2025-10-20 22:13 ` Christoph Anton Mitterer
2025-10-19 1:38 ` [PATCH v3 2/6] doc: minor improvements with respect to the term “ruleset” Christoph Anton Mitterer
2025-10-20 9:04 ` Florian Westphal
2025-10-19 1:38 ` [PATCH v3 3/6] doc: add overall description of the ruleset evaluation Christoph Anton Mitterer
2025-10-19 1:38 ` [PATCH v3 4/6] doc: add more documentation on bitmasks and sets Christoph Anton Mitterer
2025-10-20 9:06 ` Florian Westphal
2025-10-20 21:57 ` Christoph Anton Mitterer
2025-10-20 22:18 ` Florian Westphal
2025-10-20 23:51 ` Christoph Anton Mitterer
2025-10-19 1:38 ` [PATCH v3 5/6] doc: describe include’s collation order to be that of the C locale Christoph Anton Mitterer
2025-10-19 1:38 ` [PATCH v3 6/6] doc: minor improvements the `reject` statement Christoph Anton Mitterer
2025-10-20 23:49 ` [PATCH v4 0/5] doc: miscellaneous improvements Christoph Anton Mitterer
2025-10-20 23:49 ` [PATCH v4 1/5] doc: fix/improve documentation of verdicts Christoph Anton Mitterer
2025-10-20 23:49 ` [PATCH v4 2/5] doc: add overall description of the ruleset evaluation Christoph Anton Mitterer
2025-10-20 23:49 ` [PATCH v4 3/5] doc: add more documentation on bitmasks and sets Christoph Anton Mitterer
2025-10-20 23:49 ` [PATCH v4 4/5] doc: describe include’s collation order to be that of the C locale Christoph Anton Mitterer
2025-10-20 23:49 ` [PATCH v4 5/5] doc: minor improvements the `reject` statement Christoph Anton Mitterer
2025-10-22 14:34 ` Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aPYAuQ89M7Z7doVJ@strlen.de \
--to=fw@strlen.de \
--cc=mail@christoph.anton.mitterer.name \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.