From: Patrick McHardy <kaber@trash.net>
To: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Cc: netfilter-devel@vger.kernel.org, pablo@netfilter.org
Subject: Re: [RFC PATCH v2 0/6] nft events reporting
Date: Thu, 27 Feb 2014 14:09:39 +0000 [thread overview]
Message-ID: <20140227140939.GC18385@macbook.localnet> (raw)
In-Reply-To: <20140226160918.18974.64532.stgit@nfdev.cica.es>
On Wed, Feb 26, 2014 at 05:09:44PM +0100, Arturo Borrero Gonzalez wrote:
> This series implements basic event reporting in the nftables CLI tool.
>
> The first patches are some neccesary code factorization changes.
> The last patch is the event reporting itself.
>
> Its quite simple, the syntax is:
> % nft monitor [added|deleted] [tables|chains|sets|rules] [xml|json]
>
> I've discarted using 'new|delete' keywords because 'new' collides with
> the 'state new'ct option.
I have to strong preference, only tending to think that new/delete ic a bit
nicer. If you want to keep them, you can do handle this similar how to we
deal with f.i. "ip protocol tcp". If "new" is occuring somewhere outside
of the monitor rule, you simply convert it to a symbol expression.
> About this last format:
>
> Rules are hard to print exactly as the user typed because sets.
> The approach followed in the patch is:
> * keep a userspace cache of tables/anonymous sets.
> * since there are no event notifications for set_elements, query kernel
> for set_elements in the event callback.
> * since there are no event notification for deleted anon-sets, and sets names
> are reusable, scan each deleted rule to know which sets delete from the cache.
> * no need to do any caching if we are not monitoring new rule
> events in the nft default format.
We could add notifications for set elements and anonymous set deletions
if that makes things easier. Is my assumption correct that you only print
the set members for anonymous sets and for non-anonmyous sets simply print
... @set?
prev parent reply other threads:[~2014-02-27 14:09 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-26 16:09 [RFC PATCH v2 0/6] nft events reporting Arturo Borrero Gonzalez
2014-02-26 16:09 ` [RFC PATCH v2 1/6] rule: allow to print sets in plain format Arturo Borrero Gonzalez
2014-02-26 16:44 ` Pablo Neira Ayuso
2014-02-26 16:09 ` [RFC PATCH v2 2/6] netlink: add netlink_delinearize_set() func Arturo Borrero Gonzalez
2014-02-26 16:10 ` [RFC PATCH v2 3/6] rule: generalize chain_print() Arturo Borrero Gonzalez
2014-02-26 16:10 ` [RFC PATCH v2 4/6] netlink: add netlink_delinearize_chain() func Arturo Borrero Gonzalez
2014-02-26 16:49 ` Pablo Neira Ayuso
2014-02-26 16:10 ` [RFC PATCH v2 5/6] netlink: add netlink_delinearize_table() func Arturo Borrero Gonzalez
2014-02-26 16:10 ` [RFC PATCH v2 6/6] src: add events reporting Arturo Borrero Gonzalez
2014-02-26 17:17 ` Arturo Borrero Gonzalez
2014-02-26 17:27 ` Pablo Neira Ayuso
2014-02-26 17:36 ` Arturo Borrero Gonzalez
2014-02-26 17:19 ` Pablo Neira Ayuso
2014-02-27 14:09 ` Patrick McHardy [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140227140939.GC18385@macbook.localnet \
--to=kaber@trash.net \
--cc=arturo.borrero.glez@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).