From: Phil Sutter <phil@nwl.cc>
To: Florian Westphal <fw@strlen.de>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>,
netfilter-devel@vger.kernel.org, Eric Garver <e@erig.me>,
danw@redhat.com, aauren@gmail.com
Subject: Re: [iptables PATCH 3/4] Add --compat option to *tables-nft and *-nft-restore commands
Date: Wed, 31 May 2023 14:10:42 +0200 [thread overview]
Message-ID: <ZHc5QmQ/rrCQ7r8W@orbyte.nwl.cc> (raw)
In-Reply-To: <20230531112816.GA26130@breakpoint.cc>
On Wed, May 31, 2023 at 01:28:16PM +0200, Florian Westphal wrote:
> Phil Sutter <phil@nwl.cc> wrote:
> > Then I revived my "rule bytecode for output" approach and got it working
> > apart from lookup expression. But finally you axed it since it requires
> > kernel adjustments.
>
> Can you remind me what the problem with userdata is/was?
> Brief summary will hopefully be enough ...
>
> I agree text representation sucks due to two different formats, but what
> about storing binary blob (xt format) of the rule in userdata?
It requires updated binaries to support it on the receiver side. Or are
you suggesting the kernel to put the blob from userdata into
NFTA_RULE_EXPRESSIONS in dumps?
Cheers, Phil
next prev parent reply other threads:[~2023-05-31 12:10 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-05 18:34 [iptables PATCH 0/4] Implement a best-effort forward compat solution Phil Sutter
2023-05-05 18:34 ` [iptables PATCH 1/4] nft: Pass nft_handle to add_{target,action}() Phil Sutter
2023-05-05 18:34 ` [iptables PATCH 2/4] nft: Introduce and use bool nft_handle::compat Phil Sutter
2023-05-05 18:34 ` [iptables PATCH 3/4] Add --compat option to *tables-nft and *-nft-restore commands Phil Sutter
2023-05-31 0:16 ` Pablo Neira Ayuso
2023-05-31 9:02 ` Phil Sutter
2023-05-31 11:28 ` Florian Westphal
2023-05-31 12:10 ` Phil Sutter [this message]
2023-06-23 16:52 ` Phil Sutter
2023-05-05 18:34 ` [iptables PATCH 4/4] tests: Test compat mode Phil Sutter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZHc5QmQ/rrCQ7r8W@orbyte.nwl.cc \
--to=phil@nwl.cc \
--cc=aauren@gmail.com \
--cc=danw@redhat.com \
--cc=e@erig.me \
--cc=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).