[PATCH] iptables-restore: renames --test to --dry-run

[PATCH] iptables-restore: renames --test to --dry-run

[Peter Warasin]

Hi

The following patch renames the option --test (-t) to --dry-run (-d)
in order to free the letter 't' for --table, which makes the options
more consistent regarding the other *tables tools, where -t is always
--table.

peter

--- patch begins here ---
renames --test (-t) to --dry-run (-d) and -T (--table) to -t
adds missing short options to usage message

Signed-off-by: Peter Warasin <peter@endian.com>
---
Index: iptables-restore.c
===================================================================
--- iptables-restore.c.orig	2007-11-07 21:57:45.000000000 +0100
+++ iptables-restore.c	2007-11-07 22:09:12.000000000 +0100
@@ -29,11 +29,11 @@
 	{ "binary", 0, 0, 'b' },
 	{ "counters", 0, 0, 'c' },
 	{ "verbose", 0, 0, 'v' },
-	{ "test", 0, 0, 't' },
+	{ "dry-run", 0, 0, 'd' },
 	{ "help", 0, 0, 'h' },
 	{ "noflush", 0, 0, 'n'},
 	{ "modprobe", 1, 0, 'M'},
-	{ "table", 1, 0, 'T'},
+	{ "table", 1, 0, 't'},
 	{ 0 }
 };

@@ -41,11 +41,11 @@

 static void print_usage(const char *name, const char *version)
 {
-	fprintf(stderr, "Usage: %s [-b] [-c] [-v] [-t] [-h]\n"
+	fprintf(stderr, "Usage: %s [-b] [-c] [-v] [-d] [-h] [-n] [-t] [-M]\n"
 			"	   [ --binary ]\n"
 			"	   [ --counters ]\n"
 			"	   [ --verbose ]\n"
-			"	   [ --test ]\n"
+			"	   [ --dry-run ]\n"
 			"	   [ --help ]\n"
 			"	   [ --noflush ]\n"
 			"	   [ --table=<TABLE> ]\n"
@@ -139,7 +139,7 @@
 	init_extensions();
 #endif

-	while ((c = getopt_long(argc, argv, "bcvthnM:T:", options, NULL)) != -1) {
+	while ((c = getopt_long(argc, argv, "bcvdhnM:t:", options, NULL)) != -1) {
 		switch (c) {
 			case 'b':
 				binary = 1;
@@ -150,7 +150,7 @@
 			case 'v':
 				verbose = 1;
 				break;
-			case 't':
+			case 'd':
 				testing = 1;
 				break;
 			case 'h':
@@ -163,7 +163,7 @@
 			case 'M':
 				modprobe = optarg;
 				break;
-			case 'T':
+			case 't':
 				tablename = optarg;
 				break;
 		}

Re: [PATCH] iptables-restore: renames --test to --dry-run

[Hervé Eychenne]

On Wed, Nov 07, 2007 at 10:25:30PM +0100, Peter Warasin wrote:

 Hi,

> The following patch renames the option --test (-t) to --dry-run (-d)
> in order to free the letter 't' for --table, which makes the options
> more consistent regarding the other *tables tools, where -t is always
> --table.

Well, a long time ago (more than 3 years, a few days before the 2004
workshop), I had sent a big patch which contained among others things:
- the ability to restore only one table
- a better(?) testing mode

This patch was juged too big (72 KB) and it was not applied:
I admit I should have broken it up into many smaller patches, but the
amount of work was somewhat discouraging.
Well, I'm glad some of these ideas have been resurfacing in (smaller)
pieces over time.

Here are some thoughts (dating from this time) related to testing
mode:

- the -d option is generally used (as a debug switch). The one-letter
  equivalent of --dry-run is generally -n.

- I had taken a different approach than the existing one for "testing
  mode". I think I can recall having encountered some problems
  with the current approach, but I cannot remember which ones exactly
  after all this time.
  Anyway, I ended up implementing testing mode at the libiptc level,
  which is better as it is more generic and enables to validate iptables
  command line (and not only iptables-restore file) syntax as well.

I wish I had the courage and the time to go through my old big patch
and extract the things that are still relevant today.
I had asked at that time to this list if someone knew a patch splitter
GUI, that would enable to split a patch into several (sub)patches by
graphically selecting which changes would go to each (sub)patch.
Maybe there has been some progress on this, or some new well-informed
readers?

 Herve

-- 
 _
(°=  Hervé Eychenne
//)  Homepage:          http://www.eychenne.org/
v_/_ WallFire project:  http://www.wallfire.org/
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] iptables-restore: renames --test to --dry-run

[Patrick McHardy]

Hervé Eychenne wrote:
> I wish I had the courage and the time to go through my old big patch
> and extract the things that are still relevant today.
> I had asked at that time to this list if someone knew a patch splitter
> GUI, that would enable to split a patch into several (sub)patches by
> graphically selecting which changes would go to each (sub)patch.
> Maybe there has been some progress on this, or some new well-informed
> readers?


I'm not aware of such a thing, but what works pretty well for me is
to use stgit and selectively pull chunks to patches earlier in the
series and merge the top again.

So its something like:

- do lots of changes, commit on top of stack
- open in editor, pop patch
- create new patch, copy stuff from open editor
- commit
- go to top of stack again, merge
- repeat from step 2 until patch at top is empty

Its works quite fast since the merging goes really painlessly.
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] iptables-restore: renames --test to --dry-run

[Jan Engelhardt]

On Nov 8 2007 00:08, Hervé Eychenne wrote:
>
>- the -d option is generally used (as a debug switch). The one-letter
>  equivalent of --dry-run is generally -n.

-n is commonly used for "numeric", e.g. 134.76.13.21 for output
rather than linux01.org

-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] iptables-restore: renames --test to --dry-run

[Herve Eychenne]

On Thu, Nov 08, 2007 at 10:02:12AM +0100, Jan Engelhardt wrote:

> On Nov 8 2007 00:08, Hervé Eychenne wrote:
> >
> >- the -d option is generally used (as a debug switch). The one-letter
> >  equivalent of --dry-run is generally -n.

> -n is commonly used for "numeric", e.g. 134.76.13.21 for output
> rather than linux01.org

Yes, but I don't see any use of a --numeric option for iptables-restore
(or even iptables-save)... If no use, no confusion.

 Herve

-- 
 _
(°=  Hervé Eychenne
//)  Homepage:          http://www.eychenne.org/
v_/_ WallFire project:  http://www.wallfire.org/
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] iptables-restore: renames --test to --dry-run

[Peter Warasin]

[-- Attachment #1: Type: text/plain, Size: 473 bytes --]

Jan Engelhardt wrote:
> On Nov 8 2007 00:08, Hervé Eychenne wrote:
>> - the -d option is generally used (as a debug switch). The one-letter
>>  equivalent of --dry-run is generally -n.

i agree

> -n is commonly used for "numeric", e.g. 134.76.13.21 for output
> rather than linux01.org

-n is currently used for --noflush, probably renaming to -f (?)

peter

-- 
:: e n d i a n
:: open source - open minds

:: peter warasin
:: http://www.endian.com   :: peter@endian.com

[-- Attachment #2: peter.vcf --]
[-- Type: text/x-vcard, Size: 279 bytes --]

begin:vcard
fn:Peter Warasin
n:;Peter Warasin
org:Endian GmbH/Srl
adr:;;Pillhof 47;Frangart/Frangarto;BZ;I-39010;Italien/Italia
email;internet:peter@endian.com
tel;work:+39 0471 631763
tel;fax:+39 0471 631764
x-mozilla-html:FALSE
url:http://www.endian.com
version:2.1
end:vcard

Re: [PATCH] iptables-restore: renames --test to --dry-run

[Herve Eychenne]

On Thu, Nov 08, 2007 at 11:07:04AM +0100, Peter Warasin wrote:

> > -n is commonly used for "numeric", e.g. 134.76.13.21 for output
> > rather than linux01.org

> -n is currently used for --noflush, probably renaming to -f (?)

Well, stupid me, I should have looked at my old patch.
As I said, we should really avoid renaming existing options, as
it would break third-party tools.
If the plan is to bring testing mode to iptables-restore and
iptables (via a libiptc implementation), the "testing mode" option
should be the same in both commands. -n is already used, so I propose
-S/--simulate or -T/--testing.

 Herve

-- 
 _
(°=  Hervé Eychenne
//)  Homepage:          http://www.eychenne.org/
v_/_ WallFire project:  http://www.wallfire.org/
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] iptables-restore: renames --test to --dry-run

[Amin Azez]

* Peter Warasin wrote, On 07/11/07 21:25:
> Hi
> 
> The following patch renames the option --test (-t) to --dry-run (-d)
> in order to free the letter 't' for --table, which makes the options
> more consistent regarding the other *tables tools, where -t is always
> --table.


Get rid of -t if you have to, but I think it is good to keep --test as
well as --dry-run

Sam