From: Florian Westphal <fw@strlen.de>
To: Christoph Anton Mitterer <mail@christoph.anton.mitterer.name>
Cc: netfilter-devel@vger.kernel.org, pablo@netfilter.org
Subject: Re: [PATCH v3 1/6] doc: fix/improve documentation of verdicts
Date: Mon, 20 Oct 2025 11:28:25 +0200 [thread overview]
Message-ID: <aPYAuQ89M7Z7doVJ@strlen.de> (raw)
In-Reply-To: <20251019014000.49891-2-mail@christoph.anton.mitterer.name>
Christoph Anton Mitterer <mail@christoph.anton.mitterer.name> wrote:
> +*drop*:: Immediately drop the packet and terminate ruleset evaluation.
> + This means no further evaluation of any chains and it’s thus – unlike with
> + *accept* – not possible to again change the ultimate fate of the packet in any
> + later chain.
> +
> +
> +Terminate ruleset evaluation and drop the packet. This occurs
Hmm, looks like something went wrong during a rebase?
Why are there 2 blank lines followed by a rephrase of the first
sentence?
> +For example, a *reject* also immediately terminates the evaluation of the
> +current rule as well as of all chains, overrules any *accept* from any other chains and can itself not be
> +overruled, while the various NAT statements may be overruled by other *drop*
> +verdict respectively statements that imply this.
I totally dislike this sorry :-(
There is no overruling, there is no 'verdict state tracking'.
Or would you say that a qdisc that dropped a packet overruled a nft accept
verdict...?
Sorry for spinning on this again and again.
Its important to me that users understand that packets traverse through netfilter hooks
one after another until a drop verdict is seen or there are no more hooks.
In a way, *accept* moves packet to the next basechain/hook, but thats
all there is to it.
All this talk about *overrule* makes it sound much more complicated than it is.
Can you re-send this patch standalone, without this pragraph?
Or perhaps just the 'For example, a *reject* also immediately *drops*
the packet'.
I did not spot anything else other than the format nit above.
next prev parent reply other threads:[~2025-10-20 9:28 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-25 0:07 nft manpage/wiki issues and improvement ideas Christoph Anton Mitterer
2025-09-25 7:35 ` Pablo Neira Ayuso
2025-09-25 20:37 ` Christoph Anton Mitterer
2025-09-26 1:52 ` [PATCH 0/7] doc: miscellaneois improvements Christoph Anton Mitterer
2025-09-26 1:52 ` [PATCH 1/7] doc: clarify evaluation of chains Christoph Anton Mitterer
2025-09-26 1:52 ` [PATCH 2/7] doc: fix/improve documentation of verdicts Christoph Anton Mitterer
2025-09-30 10:50 ` Florian Westphal
2025-10-02 14:50 ` Christoph Anton Mitterer
2025-10-02 15:21 ` Florian Westphal
2025-10-10 23:06 ` Christoph Anton Mitterer
2025-09-26 1:52 ` [PATCH 3/7] doc: minor improvements with respect to the term “ruleset” Christoph Anton Mitterer
2025-09-26 1:52 ` [PATCH 4/7] doc: add overall description of the ruleset evaluation Christoph Anton Mitterer
2025-09-30 11:50 ` Florian Westphal
2025-10-10 23:07 ` Christoph Anton Mitterer
2025-09-26 1:52 ` [PATCH 5/7] doc: add some more documentation on bitmasks Christoph Anton Mitterer
2025-09-30 11:51 ` Florian Westphal
2025-09-30 11:53 ` Florian Westphal
2025-09-26 1:52 ` [PATCH 6/7] doc: describe include’s collation order to be that of the C locale Christoph Anton Mitterer
2025-09-26 1:52 ` [PATCH 7/7] doc: describe how values match sets Christoph Anton Mitterer
2025-09-26 2:32 ` nft manpage/wiki issues and improvement ideas Christoph Anton Mitterer
2025-10-11 0:23 ` [PATCH v2 0/7] doc: miscellaneous improvements Christoph Anton Mitterer
2025-10-11 0:23 ` [PATCH v2 1/7] doc: clarify evaluation of chains Christoph Anton Mitterer
2025-10-15 11:46 ` Florian Westphal
2025-10-11 0:23 ` [PATCH v2 2/7] doc: fix/improve documentation of verdicts Christoph Anton Mitterer
2025-10-15 11:42 ` Florian Westphal
2025-10-17 2:30 ` Christoph Anton Mitterer
2025-10-18 13:25 ` Florian Westphal
2025-10-19 0:11 ` Christoph Anton Mitterer
2025-10-11 0:23 ` [PATCH v2 3/7] doc: minor improvements with respect to the term “ruleset” Christoph Anton Mitterer
2025-10-15 11:51 ` Florian Westphal
2025-10-11 0:24 ` [PATCH v2 4/7] doc: add overall description of the ruleset evaluation Christoph Anton Mitterer
2025-10-20 9:39 ` Florian Westphal
2025-10-20 23:48 ` Christoph Anton Mitterer
2025-10-11 0:24 ` [PATCH v2 5/7] doc: add some more documentation on bitmasks Christoph Anton Mitterer
2025-10-18 13:32 ` Florian Westphal
2025-10-19 1:31 ` Christoph Anton Mitterer
2025-10-11 0:24 ` [PATCH v2 6/7] doc: describe include’s collation order to be that of the C locale Christoph Anton Mitterer
2025-10-18 13:35 ` Florian Westphal
2025-10-18 22:13 ` Christoph Anton Mitterer
2025-10-11 0:24 ` [PATCH v2 7/7] doc: describe how values match sets Christoph Anton Mitterer
2025-10-18 13:51 ` Florian Westphal
2025-10-19 1:50 ` Christoph Anton Mitterer
2025-10-19 1:38 ` [PATCH v3 0/6] doc: miscellaneous improvements Christoph Anton Mitterer
2025-10-19 1:38 ` [PATCH v3 1/6] doc: fix/improve documentation of verdicts Christoph Anton Mitterer
2025-10-20 9:28 ` Florian Westphal [this message]
2025-10-20 22:13 ` Christoph Anton Mitterer
2025-10-19 1:38 ` [PATCH v3 2/6] doc: minor improvements with respect to the term “ruleset” Christoph Anton Mitterer
2025-10-20 9:04 ` Florian Westphal
2025-10-19 1:38 ` [PATCH v3 3/6] doc: add overall description of the ruleset evaluation Christoph Anton Mitterer
2025-10-19 1:38 ` [PATCH v3 4/6] doc: add more documentation on bitmasks and sets Christoph Anton Mitterer
2025-10-20 9:06 ` Florian Westphal
2025-10-20 21:57 ` Christoph Anton Mitterer
2025-10-20 22:18 ` Florian Westphal
2025-10-20 23:51 ` Christoph Anton Mitterer
2025-10-19 1:38 ` [PATCH v3 5/6] doc: describe include’s collation order to be that of the C locale Christoph Anton Mitterer
2025-10-19 1:38 ` [PATCH v3 6/6] doc: minor improvements the `reject` statement Christoph Anton Mitterer
2025-10-20 23:49 ` [PATCH v4 0/5] doc: miscellaneous improvements Christoph Anton Mitterer
2025-10-20 23:49 ` [PATCH v4 1/5] doc: fix/improve documentation of verdicts Christoph Anton Mitterer
2025-10-20 23:49 ` [PATCH v4 2/5] doc: add overall description of the ruleset evaluation Christoph Anton Mitterer
2025-10-20 23:49 ` [PATCH v4 3/5] doc: add more documentation on bitmasks and sets Christoph Anton Mitterer
2025-10-20 23:49 ` [PATCH v4 4/5] doc: describe include’s collation order to be that of the C locale Christoph Anton Mitterer
2025-10-20 23:49 ` [PATCH v4 5/5] doc: minor improvements the `reject` statement Christoph Anton Mitterer
2025-10-22 14:34 ` Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aPYAuQ89M7Z7doVJ@strlen.de \
--to=fw@strlen.de \
--cc=mail@christoph.anton.mitterer.name \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).