Suggestion: Default (else) value for maps, dictionaries, and Verdicts

Linux Netfilter discussions
 help / color / mirror / Atom feed

* Suggestion: Default (else) value for maps, dictionaries, and Verdicts
@ 2017-03-16 23:55 Robert White
  2017-03-17 10:14 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 3+ messages in thread
From: Robert White @ 2017-03-16 23:55 UTC (permalink / raw)
  To: netfilter@vger.kernel.org

Being able to set (and preferably modify at runtime) a default value to 
be returned/evaluated/executed for the various search-and-do lists 
(sets) would be extremely helpful.

You can kind of fake it with a verdict set of goto(s) and a subsequent 
unconditional goto but that's branchtastically elaborate.

So the existence of a possible default would be value-attached flag 
(just like timeout is a flag with a value).

I don't have the familiarity with the whole stack (nft, library, and 
kernel state machine) necessary to offer a patch at this time since it 
would take a nudge of all three to be able to test it all.

-- Rob White.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Suggestion: Default (else) value for maps, dictionaries, and Verdicts
  2017-03-16 23:55 Suggestion: Default (else) value for maps, dictionaries, and Verdicts Robert White
@ 2017-03-17 10:14 ` Pablo Neira Ayuso
  2017-03-17 23:17   ` Robert White
  0 siblings, 1 reply; 3+ messages in thread
From: Pablo Neira Ayuso @ 2017-03-17 10:14 UTC (permalink / raw)
  To: Robert White; +Cc: netfilter@vger.kernel.org

On Thu, Mar 16, 2017 at 11:55:35PM +0000, Robert White wrote:
> Being able to set (and preferably modify at runtime) a default value to be
> returned/evaluated/executed for the various search-and-do lists (sets) would
> be extremely helpful.

I guess you refer to some sort of catch-all case, if we find no
matching in the set.

> You can kind of fake it with a verdict set of goto(s) and a subsequent
> unconditional goto but that's branchtastically elaborate.
> 
> So the existence of a possible default would be value-attached flag (just
> like timeout is a flag with a value).
> 
> I don't have the familiarity with the whole stack (nft, library, and kernel
> state machine) necessary to offer a patch at this time since it would take a
> nudge of all three to be able to test it all.

Please, add an entry to the netfilter's bugzilla, so we can keep an
eye on this.

Thanks!

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Suggestion: Default (else) value for maps, dictionaries, and Verdicts
  2017-03-17 10:14 ` Pablo Neira Ayuso
@ 2017-03-17 23:17   ` Robert White
  0 siblings, 0 replies; 3+ messages in thread
From: Robert White @ 2017-03-17 23:17 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: netfilter@vger.kernel.org

On 03/17/17 10:14, Pablo Neira Ayuso wrote:
> I guess you refer to some sort of catch-all case, if we find no
> matching in the set.

Yes, exactly.

> Please, add an entry to the netfilter's bugzilla, so we can keep an
> eye on this.

Done.

https://bugzilla.netfilter.org/show_bug.cgi?id=1132



^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2017-03-17 23:17 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-03-16 23:55 Suggestion: Default (else) value for maps, dictionaries, and Verdicts Robert White
2017-03-17 10:14 ` Pablo Neira Ayuso
2017-03-17 23:17   ` Robert White

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox