* [nft] the -nnn switch
@ 2014-09-19 9:49 Arturo Borrero Gonzalez
2014-09-19 11:25 ` Patrick McHardy
0 siblings, 1 reply; 4+ messages in thread
From: Arturo Borrero Gonzalez @ 2014-09-19 9:49 UTC (permalink / raw)
To: Netfilter Development Mailing list; +Cc: Patrick McHardy, Pablo Neira Ayuso
Hi,
the -nnn switch in in nftables is IMO a bit annoying.
We are bounded to use that switch in every serious usage of nft.
Let me remember the current behaviour:
-n -> don't translate IP addresses to names.
-nn -> also, don't translate gids/uids to names.
-nnn -> also, don't translate port numbers to names.
default -> translate all numbers to names.
I propose here that before nftables goes absolutely mainstream we
change the behaviour to the opposite:
-n -> translate IP addresses to names.
-nn -> translate gids/uids to names.
-nnn -> translate port numbers to names.
default -> show all numerically.
What do you think?
regards.
--
Arturo Borrero González
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [nft] the -nnn switch
2014-09-19 9:49 [nft] the -nnn switch Arturo Borrero Gonzalez
@ 2014-09-19 11:25 ` Patrick McHardy
2014-09-22 9:54 ` Arturo Borrero Gonzalez
0 siblings, 1 reply; 4+ messages in thread
From: Patrick McHardy @ 2014-09-19 11:25 UTC (permalink / raw)
To: Arturo Borrero Gonzalez
Cc: Netfilter Development Mailing list, Pablo Neira Ayuso
On Fri, Sep 19, 2014 at 11:49:02AM +0200, Arturo Borrero Gonzalez wrote:
> Hi,
>
> the -nnn switch in in nftables is IMO a bit annoying.
> We are bounded to use that switch in every serious usage of nft.
>
> Let me remember the current behaviour:
>
> -n -> don't translate IP addresses to names.
> -nn -> also, don't translate gids/uids to names.
> -nnn -> also, don't translate port numbers to names.
> default -> translate all numbers to names.
>
> I propose here that before nftables goes absolutely mainstream we
> change the behaviour to the opposite:
>
> -n -> translate IP addresses to names.
> -nn -> translate gids/uids to names.
> -nnn -> translate port numbers to names.
> default -> show all numerically.
>
> What do you think?
That seems quite counter intuitive. I'd say the default should be not
to cause any network traffic for a regular system (not using LDAP or
whatever), which would be -n. So I would be fine with -n being the
default and adding an option to also translate hostnames.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [nft] the -nnn switch
2014-09-19 11:25 ` Patrick McHardy
@ 2014-09-22 9:54 ` Arturo Borrero Gonzalez
2014-09-22 10:04 ` Patrick McHardy
0 siblings, 1 reply; 4+ messages in thread
From: Arturo Borrero Gonzalez @ 2014-09-22 9:54 UTC (permalink / raw)
To: Patrick McHardy; +Cc: Netfilter Development Mailing list, Pablo Neira Ayuso
On 19 September 2014 13:25, Patrick McHardy <kaber@trash.net> wrote:
> On Fri, Sep 19, 2014 at 11:49:02AM +0200, Arturo Borrero Gonzalez wrote:
>> Hi,
>>
>> the -nnn switch in in nftables is IMO a bit annoying.
>> We are bounded to use that switch in every serious usage of nft.
>>
>> Let me remember the current behaviour:
>>
>> -n -> don't translate IP addresses to names.
>> -nn -> also, don't translate gids/uids to names.
>> -nnn -> also, don't translate port numbers to names.
>> default -> translate all numbers to names.
>>
>> I propose here that before nftables goes absolutely mainstream we
>> change the behaviour to the opposite:
>>
>> -n -> translate IP addresses to names.
>> -nn -> translate gids/uids to names.
>> -nnn -> translate port numbers to names.
>> default -> show all numerically.
>>
>> What do you think?
>
> That seems quite counter intuitive. I'd say the default should be not
> to cause any network traffic for a regular system (not using LDAP or
> whatever), which would be -n. So I would be fine with -n being the
> default and adding an option to also translate hostnames.
So, your proposal is to make the current '-n' the default? This is
what I've understood:
· default (no -n given): show IP addresses (no DNS names), show GID
names, port names
· -n: show DNS names, show GID names, port names
· -nn: show DNS names, show GID numbers, port names
· -nnn: show DNS names, show GID numbers, port numbers
That seems pretty counter intuitive to me, actually.
Whit that combination of options you can't show all numerically, which
I think it should be the default in fact.
--
Arturo Borrero González
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [nft] the -nnn switch
2014-09-22 9:54 ` Arturo Borrero Gonzalez
@ 2014-09-22 10:04 ` Patrick McHardy
0 siblings, 0 replies; 4+ messages in thread
From: Patrick McHardy @ 2014-09-22 10:04 UTC (permalink / raw)
To: Arturo Borrero Gonzalez
Cc: Netfilter Development Mailing list, Pablo Neira Ayuso
On Mon, Sep 22, 2014 at 11:54:57AM +0200, Arturo Borrero Gonzalez wrote:
> On 19 September 2014 13:25, Patrick McHardy <kaber@trash.net> wrote:
> > On Fri, Sep 19, 2014 at 11:49:02AM +0200, Arturo Borrero Gonzalez wrote:
> >> Hi,
> >>
> >> the -nnn switch in in nftables is IMO a bit annoying.
> >> We are bounded to use that switch in every serious usage of nft.
> >>
> >> Let me remember the current behaviour:
> >>
> >> -n -> don't translate IP addresses to names.
> >> -nn -> also, don't translate gids/uids to names.
> >> -nnn -> also, don't translate port numbers to names.
> >> default -> translate all numbers to names.
> >>
> >> I propose here that before nftables goes absolutely mainstream we
> >> change the behaviour to the opposite:
> >>
> >> -n -> translate IP addresses to names.
> >> -nn -> translate gids/uids to names.
> >> -nnn -> translate port numbers to names.
> >> default -> show all numerically.
> >>
> >> What do you think?
> >
> > That seems quite counter intuitive. I'd say the default should be not
> > to cause any network traffic for a regular system (not using LDAP or
> > whatever), which would be -n. So I would be fine with -n being the
> > default and adding an option to also translate hostnames.
>
> So, your proposal is to make the current '-n' the default? This is
> what I've understood:
>
> · default (no -n given): show IP addresses (no DNS names), show GID
> names, port names
> · -n: show DNS names, show GID names, port names
> · -nn: show DNS names, show GID numbers, port names
> · -nnn: show DNS names, show GID numbers, port numbers
>
> That seems pretty counter intuitive to me, actually.
>
> Whit that combination of options you can't show all numerically, which
> I think it should be the default in fact.
No, the -n option keeps its meaning, we default to -n and add an
option to counter it, lets say -N for this example.
No options or -n would be similar, -nn and -nnn would keep its meaning.
-N would counter the default and be like the current behaviour.
Translating local information like user and service names is very useful
in my opinion and I'd like to keep it the default.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-09-22 10:04 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-09-19 9:49 [nft] the -nnn switch Arturo Borrero Gonzalez
2014-09-19 11:25 ` Patrick McHardy
2014-09-22 9:54 ` Arturo Borrero Gonzalez
2014-09-22 10:04 ` Patrick McHardy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.