From: Florian Westphal <fw@strlen.de>
To: Christoph Anton Mitterer <calestyo@scientia.org>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: bug: nft -n still shows "resolved" values for iif and oif
Date: Thu, 25 Sep 2025 18:45:29 +0200 [thread overview]
Message-ID: <aNVxqaP7iZpeMh6S@strlen.de> (raw)
In-Reply-To: <658f160530a48d923a345334fca2729c879762de.camel@scientia.org>
Christoph Anton Mitterer <calestyo@scientia.org> wrote:
> On Thu, 2025-09-25 at 16:42 +0200, Florian Westphal wrote:
> > Christoph Anton Mitterer <calestyo@scientia.org> wrote:
> > > IMO especially for iif/oif, which hardcode the iface ID rather than
> > > name, it would IMO be rather important to show the real value (that
> > > is
> > > the ID) and not the resolved one.
> >
> > Seems like a bad idea. Existing method will make
> > sure that if the device is renamed the output will change.
>
> But AFAIU only when it's renamed, not when it's e.g. removed and then
> brought back?
Sure, only when renamed. When you remove it raw value is shown
and it won't match anymore.
> I mean sometimes (admittedly rarely) I unload for example my wifi
> driver modules and reload them (when the driver or firmware got in a
> weird state and doesn't seem to recover).
> Then my wifi iface would get a new ID, wouldn't id?
Sure but why do you use iif with a interface that gets removed in
between?
> Maybe one could make iif/oif a special case... where the numeric value
> is written and in a comment "(current: <name>)"?
I find that even worse compared to new command line option and i don't
see what added value it would provide or what confusion it would avoid.
iif and iifname are not the same and people should not expect them to
be.
If you use iif, then you specifically ask to continue matching on rename
of the interface, whereas iifname would stop matching.
If you use iifname, then you ask to match when interfaces get brought up
and down dynamically, e.g. ppp/dialup or virtual vpn interfaces.
Really, just use iifname if in doubt.
next prev parent reply other threads:[~2025-09-25 16:45 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-24 21:48 bug: nft -n still shows "resolved" values for iif and oif Christoph Anton Mitterer
2025-09-25 12:36 ` Fernando Fernandez Mancera
2025-09-25 14:07 ` Pablo Neira Ayuso
2025-09-26 10:27 ` Fernando Fernandez Mancera
2025-09-25 15:48 ` Christoph Anton Mitterer
2025-09-25 14:42 ` Florian Westphal
2025-09-25 15:53 ` Christoph Anton Mitterer
2025-09-25 16:45 ` Florian Westphal [this message]
2025-09-25 20:44 ` Christoph Anton Mitterer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aNVxqaP7iZpeMh6S@strlen.de \
--to=fw@strlen.de \
--cc=calestyo@scientia.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).