From mboxrd@z Thu Jan 1 00:00:00 1970 From: Pablo Neira Ayuso Subject: Re: [PATCH nft 0/3] support ct/meta key lookups at runtime Date: Thu, 27 Oct 2016 18:51:16 +0200 Message-ID: <20161027165116.GA17182@salvia> References: <1477521368-12696-1-git-send-email-fw@strlen.de> <20161027164810.GA15837@salvia> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: netfilter-devel@vger.kernel.org To: Florian Westphal Return-path: Received: from mail.us.es ([193.147.175.20]:44484 "EHLO mail.us.es" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S964863AbcJ0QvV (ORCPT ); Thu, 27 Oct 2016 12:51:21 -0400 Received: from antivirus1-rhel7.int (unknown [192.168.2.11]) by mail.us.es (Postfix) with ESMTP id 40ECB6EACE for ; Thu, 27 Oct 2016 18:51:19 +0200 (CEST) Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id 31F25DA845 for ; Thu, 27 Oct 2016 18:51:19 +0200 (CEST) Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id 00616DA842 for ; Thu, 27 Oct 2016 18:51:17 +0200 (CEST) Content-Disposition: inline In-Reply-To: <20161027164810.GA15837@salvia> Sender: netfilter-devel-owner@vger.kernel.org List-ID: On Thu, Oct 27, 2016 at 06:48:10PM +0200, Pablo Neira Ayuso wrote: > On Thu, Oct 27, 2016 at 12:36:05AM +0200, Florian Westphal wrote: > > I have a patch series to add support of hash (skb hash) and sym hash > > (symmetric skb hash) to nft_meta. > > > > This series would allow extending meta without adding new hash/symhash > > keywords in the scanner. > > > > What do you think? > > Acked-by: Pablo Neira Ayuso > > Only one suggestion, instead of: > > return error(loc, "Could not parse %s, known ct keys are: %s", str, buf); > > Looking at current error reporting: > > # nft add rule x y ct > :1:18-18: Error: syntax error, unexpected newline > add rule x y ct > ^ > Probably something like looks better: > > "syntax error, unexpected %s, known keys are %s" Actually, if we follow this approach, we probably have to revisit all other existing error messages... Keep this as it is, we can revisit this later.