From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Florian Westphal <fw@strlen.de>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH nft 2/2] src: rename ct eventmask to event
Date: Wed, 7 Jun 2017 13:27:50 +0200 [thread overview]
Message-ID: <20170607112750.GA9759@salvia> (raw)
In-Reply-To: <20170607110751.GC18283@breakpoint.cc>
On Wed, Jun 07, 2017 at 01:07:51PM +0200, Florian Westphal wrote:
> Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> > On Wed, Jun 07, 2017 at 12:24:10PM +0200, Florian Westphal wrote:
> > > diff --git a/tests/py/any/ct.t b/tests/py/any/ct.t
> > > index 667126e656ae..1c90ec1c769d 100644
> > > --- a/tests/py/any/ct.t
> > > +++ b/tests/py/any/ct.t
> > > @@ -100,11 +100,11 @@ ct original mark 42;fail
> > [...]
> > > +ct event set new or related or destroy or foobar;fail
> > > +ct event set 'new | related | destroy | label';ok;ct event set new | related | destroy | label
> >
> > I would replace this by the new syntax in the tests too.
> >
> > So anyone looking at test for example relies on this new one, it is
> > more compact and readable IMO.
>
> Good point, we still print
> ct event set new | related | destroy | label
>
> because we lack the OP_FLAGCMP postprocessing that relational expression
> does (it converts the rhs binops into list in case of OP_FLAGCMP).
>
> Flagcmp is also a bit different thing:
> tcp flags syn,ack
> is short-hand for
> 'tcp flags & (syn|ack) != 0'
>
> but when using 'ct event set foo,bar'
> its same as
> ct event set foo|bar.
>
> This gets ugly... I see no way to autodetect which output format
> we should use.
>
> I could of course stick a check for the key type into
> netlink_delinerize.c but thats ugly.
>
> Alterntively I could hook into ct_stmt_print and dissect there.
>
> Any idea/preference?
I suggest you always use the comma separated one to print this.
This assymmetry is not a problem, what matters if that the internal
AST representation end up being the same, which is what matters to the
delete by name (if that is your primary concern with this). So it's
not that we need the same syntax in both directions specifically, but
the same internal representation for both.
So we just need that the evaluation transform these or syntax to
OP_FLAGCMP.
Actually, I remember to have discussed with Laura ideas to kill
OP_FLAGCMP and just convert this to binary, specifically, I need to
look back at the archive, but I think the problem is to check for
flaglist mismatch.
Anyway, at this stage, I would suggest you just update this to print
it in comma separated output.
next prev parent reply other threads:[~2017-06-07 11:27 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-07 10:24 [PATCH nft 1/2] parser: allow ct eventmask set new,related Florian Westphal
2017-06-07 10:24 ` [PATCH nft 2/2] src: rename ct eventmask to event Florian Westphal
2017-06-07 10:38 ` Pablo Neira Ayuso
2017-06-07 10:38 ` Pablo Neira Ayuso
2017-06-07 11:07 ` Florian Westphal
2017-06-07 11:27 ` Pablo Neira Ayuso [this message]
2017-06-07 15:31 ` Florian Westphal
2017-06-07 10:37 ` [PATCH nft 1/2] parser: allow ct eventmask set new,related Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170607112750.GA9759@salvia \
--to=pablo@netfilter.org \
--cc=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).