From: Patrick McHardy <kaber@trash.net>
To: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>,
Eric Leblond <eric@regit.org>,
netfilter-devel@vger.kernel.org
Subject: Re: [RFC PATCH 0/1] add insert after to nf_tables
Date: Thu, 20 Jun 2013 12:46:21 +0200 [thread overview]
Message-ID: <20130620104621.GC31140@macbook.localnet> (raw)
In-Reply-To: <51C2DB10.1060607@linux.intel.com>
On Thu, Jun 20, 2013 at 01:36:00PM +0300, Tomasz Bursztyka wrote:
> Hi Pablo,
>
> >>Hum, how?
> >>The handle it will get from the notification is the handle of the
> >>newly created rule, not the one used to identify the rule for
> >>insertion.
> >That's right. I don't come with any other way to make it rather than
> >adding a new attribute.
>
> Yes, though it breaks the design logic of the current API, somehow.
>
> I mean, attributes are currently reflecting the rule as it is, and
> are used symmetrically in queries/replies.
>
> Here what we need is a temporary extra attribute, or some sort, only
> used for the notification.
>
> Either via:
>
> we don't add an element to enum nft_rule_attributes {}, instead we
> create another enum for attributes only used on notification.
> like enum nft_rule_extras_notifications_attributes {}
>
>
> Or via (maybe better for nla policy way of working?):
>
> Adding a nft_rule_attributes as NFTA_RULE_EXTRAS_NOTIFICATIONS as a
> nested attribute
> and then enum nft_rule_extras_notifications_attributes {} again, etc etc...
>
>
> It's just a quick proposal, but my point here is to keep the API
> semantically sane.
> So it won't require extra guesses to understand how it's supposed to work
> (as it is right now: it's a sane API, besides the lonely
> NFT_RULE_F_COMMIT in its anonymous enum)
>
> Maybe there is a better way, probably. But you get my point.
We could instead of using NLA_RULE_HANDLE for the position add a new
attribute NLA_RULE_POSITION and use that both for creating rules and
for notifications. It would always be set and contain the handle of
the rule preceeding the new rule (for NLM_F_APPEND) or the one
following it (for !NLM_F_APPEND).
next prev parent reply other threads:[~2013-06-20 10:46 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-19 8:03 [RFC PATCH 0/1] add insert after to nf_tables Eric Leblond
2013-06-19 8:03 ` [PATCH] netfilter: nf_tables: add insert operation Eric Leblond
2013-06-19 8:04 ` [libnftables PATCH] examples: add insert rule example Eric Leblond
2013-06-19 9:47 ` [RFC PATCH 0/1] add insert after to nf_tables Tomasz Bursztyka
2013-06-20 9:42 ` Pablo Neira Ayuso
2013-06-20 9:52 ` Tomasz Bursztyka
2013-06-20 10:10 ` Pablo Neira Ayuso
2013-06-20 10:36 ` Tomasz Bursztyka
2013-06-20 10:46 ` Patrick McHardy [this message]
2013-06-20 10:59 ` Tomasz Bursztyka
2013-06-20 12:17 ` Eric Leblond
2013-06-28 21:05 ` [RFC PATCHv2] netfilter: nf_tables: add insert operation Eric Leblond
2013-06-29 10:24 ` Pablo Neira Ayuso
2013-07-06 15:31 ` [PATCHv3 nftables insert operation] Eric Leblond
2013-07-06 15:31 ` [PATCH] netfilter: nf_tables: add insert operation Eric Leblond
2013-07-07 21:56 ` Pablo Neira Ayuso
2013-07-08 22:56 ` [PATCHv4 nftables insert operation 0/1] Eric Leblond
2013-07-08 22:56 ` [PATCHv4] netfilter: nf_tables: add insert operation Eric Leblond
2013-07-15 10:48 ` Pablo Neira Ayuso
2013-07-15 17:27 ` Eric Leblond
2013-07-15 23:57 ` Pablo Neira Ayuso
2013-07-16 7:35 ` Eric Leblond
2013-07-16 10:00 ` Pablo Neira Ayuso
2013-07-16 10:07 ` Eric Leblond
2013-07-19 7:45 ` [PATCHv5] " Eric Leblond
2013-07-19 12:49 ` Pablo Neira Ayuso
2013-07-08 23:00 ` [nftables PATCH] rule: honor flag argument during rule creation Eric Leblond
2013-07-06 15:33 ` [libnftables PATCH 1/4] rule: add support for position attribute Eric Leblond
2013-07-06 15:33 ` [libnftables PATCH 2/4] examples: add insert rule example Eric Leblond
2013-07-19 12:31 ` Pablo Neira Ayuso
2013-07-06 15:33 ` [libnftables PATCH 3/4] rule: display position in default printf Eric Leblond
2013-07-19 12:32 ` Pablo Neira Ayuso
2013-07-06 15:33 ` [libnftables PATCH 4/4] rule: change type of function to use const Eric Leblond
2013-07-19 12:32 ` Pablo Neira Ayuso
2013-07-19 12:31 ` [libnftables PATCH 1/4] rule: add support for position attribute Pablo Neira Ayuso
2013-07-06 15:33 ` [nftables PATCH] Add support for insertion inside rule list Eric Leblond
2013-07-19 12:28 ` Pablo Neira Ayuso
2013-07-19 14:31 ` Eric Leblond
2013-07-19 15:50 ` Pablo Neira Ayuso
2013-07-01 7:01 ` [RFC PATCHv2] netfilter: nf_tables: add insert operation Tomasz Bursztyka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130620104621.GC31140@macbook.localnet \
--to=kaber@trash.net \
--cc=eric@regit.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=tomasz.bursztyka@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).