From mboxrd@z Thu Jan 1 00:00:00 1970 From: Patrick McHardy Subject: Re: [PATCH libnftables] Add support for ct set Date: Fri, 10 Jan 2014 18:06:25 +0000 Message-ID: <20140110180625.GA4002@macbook.localnet> References: <1389359425-6837-1-git-send-email-kristian.evensen@gmail.com> <20140110131406.GA8088@macbook.localnet> <20140110132703.GA8224@macbook.localnet> <20140110134342.GA8720@macbook.localnet> <20140110135435.GA18191@localhost> <20140110135800.GA8854@macbook.localnet> <20140110143252.GA3879@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Kristian Evensen , Netfilter Development Mailing list To: Pablo Neira Ayuso Return-path: Received: from stinky.trash.net ([213.144.137.162]:61087 "EHLO stinky.trash.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750962AbaAJSG3 (ORCPT ); Fri, 10 Jan 2014 13:06:29 -0500 Content-Disposition: inline In-Reply-To: <20140110143252.GA3879@localhost> Sender: netfilter-devel-owner@vger.kernel.org List-ID: On Fri, Jan 10, 2014 at 03:32:52PM +0100, Pablo Neira Ayuso wrote: > On Fri, Jan 10, 2014 at 01:58:01PM +0000, Patrick McHardy wrote: > > On Fri, Jan 10, 2014 at 02:54:35PM +0100, Pablo Neira Ayuso wrote: > > > On Fri, Jan 10, 2014 at 01:43:43PM +0000, Patrick McHardy wrote: > > > > On Fri, Jan 10, 2014 at 02:33:06PM +0100, Kristian Evensen wrote: > > > > > Hi, > > > > > > > > > > On Fri, Jan 10, 2014 at 2:27 PM, Patrick McHardy wrote: > > > > > > No, I'm refering to the (ab)use of the expression. Anything not returning > > > > > > data is not an expression but a statement. > > > > > > > > > > Ok, then I follow :) I followed the naming in meta, but I agree. What > > > > > would be a good naming convetion? I thought of something like > > > > > nft_expr_stmt_*. It is a bit clumsy, but it is at least clear that the > > > > > struct can be used to represent both an expression and a statement. > > > > > > > > nft_ct_stmt? This is what we use in nftables f.i. in case of meta. > > > > > > Perhaps nft_ct_instr? So we can identify this as the nftables > > > instruction-set. > > > > Well, expressions also belong to the instruction set. A statement is > > is one (more specific) case of an instruction, as are expressions. > > Why introduce new terminology that isn't used anywhere else so far > > if statement is the exact description of what this is and is already > > used by nftables. > > So are you proposing to add a new object for statements in > libnftables? That will require a new infrastructure which would be > very similar to what we have in the current expressions. Well, the infrastructure should be pretty small. In fact you could probably map everything to expressions internally (although I don't think adding new infrastructure would be much effort), I would just rather not create an API that confuses fundamental types. > To that extend, that would also require a new infrastructure in the > kernel so we also have statements there. I think one of the good > things of the nf_tables kernel side is that we didn't make any > distinction between matches/targets (or call it > expressions/statements). In the kernel that was deliberate and is only internal to the kernel (well, and libraries and so on). I considered it, but I think in the kernel its more important to keep the code base and APIs as small as possible.