From: Patrick McHardy <kaber@trash.net>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>,
netfilter-devel@vger.kernel.org
Subject: Re: [nft RFC PATCH 6/6] src: add events reporting
Date: Tue, 18 Feb 2014 10:12:59 +0000 [thread overview]
Message-ID: <20140218101259.GC12496@macbook.localnet> (raw)
In-Reply-To: <20140218095829.GA4173@localhost>
On Tue, Feb 18, 2014 at 10:58:29AM +0100, Pablo Neira Ayuso wrote:
> On Tue, Feb 18, 2014 at 09:52:10AM +0000, Patrick McHardy wrote:
> >
> > Sure, just wanted to be clear about which types of errors may cause
> > a fatal error.
>
> Talking about errors when building the higher level expression tree
> from the netlink message, I think nft should output some low-level
> expression if it fails to interpret it in a human readable way / nft
> syntax way.
Not sure how exactly to do that. It will never really fail unless the
rule has real errors like using data that hasn't been loaded before.
It will always result in *some* expression, so how would be determine
that?
> We already discussed that third party applications may decide to skip
> nft as use the netlink interface to build sophisticated filters, in
> that case, I think those tools should not break the output of nft if
> it fails to understand what it gets from the kernel.
I'm actually not sure nft really could fail if the expression returned
from the kernel makes any sense at all. Worst case should be that it
translates it to literate expressions used by the kernel (IOW,
payload @raw-expression & val ^ val2 >= ... instead of some simplified
form).
next prev parent reply other threads:[~2014-02-18 10:13 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-17 23:18 [nft RFC PATCH 0/6] events Arturo Borrero Gonzalez
2014-02-17 23:18 ` [nft RFC PATCH 1/6] rule: make family2str() public Arturo Borrero Gonzalez
2014-02-18 1:01 ` Pablo Neira Ayuso
2014-02-17 23:18 ` [nft RFC PATCH 2/6] rule: allow to print sets in plain format Arturo Borrero Gonzalez
2014-02-18 1:54 ` Patrick McHardy
2014-02-17 23:18 ` [nft RFC PATCH 3/6] netlink: add netlink_delinearize_set() func Arturo Borrero Gonzalez
2014-02-18 1:56 ` Patrick McHardy
2014-02-18 9:11 ` Arturo Borrero Gonzalez
2014-02-18 9:21 ` Patrick McHardy
2014-02-17 23:18 ` [nft RFC PATCH 4/6] rule: generalize chain_print() Arturo Borrero Gonzalez
2014-02-17 23:18 ` [nft RFC PATCH 5/6] netlink: add netlink_delinearize_rule() func Arturo Borrero Gonzalez
2014-02-17 23:18 ` [nft RFC PATCH 6/6] src: add events reporting Arturo Borrero Gonzalez
2014-02-18 1:10 ` Pablo Neira Ayuso
2014-02-18 2:03 ` Patrick McHardy
2014-02-18 9:28 ` Pablo Neira Ayuso
2014-02-18 9:33 ` Patrick McHardy
2014-02-18 9:43 ` Pablo Neira Ayuso
2014-02-18 9:52 ` Patrick McHardy
2014-02-18 9:58 ` Pablo Neira Ayuso
2014-02-18 10:12 ` Patrick McHardy [this message]
2014-02-18 14:21 ` Arturo Borrero Gonzalez
2014-02-18 14:46 ` Patrick McHardy
2014-02-18 1:07 ` [nft RFC PATCH 0/6] events Pablo Neira Ayuso
2014-02-18 1:43 ` Patrick McHardy
2014-02-18 9:20 ` Arturo Borrero Gonzalez
2014-02-18 9:24 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140218101259.GC12496@macbook.localnet \
--to=kaber@trash.net \
--cc=arturo.borrero.glez@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).