* Suggestion: Default (else) value for maps, dictionaries, and Verdicts
@ 2017-03-16 23:55 Robert White
2017-03-17 10:14 ` Pablo Neira Ayuso
0 siblings, 1 reply; 3+ messages in thread
From: Robert White @ 2017-03-16 23:55 UTC (permalink / raw)
To: netfilter
Being able to set (and preferably modify at runtime) a default value to
be returned/evaluated/executed for the various search-and-do lists
(sets) would be extremely helpful.
You can kind of fake it with a verdict set of goto(s) and a subsequent
unconditional goto but that's branchtastically elaborate.
So the existence of a possible default would be value-attached flag
(just like timeout is a flag with a value).
I don't have the familiarity with the whole stack (nft, library, and
kernel state machine) necessary to offer a patch at this time since it
would take a nudge of all three to be able to test it all.
-- Rob White.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Suggestion: Default (else) value for maps, dictionaries, and Verdicts
2017-03-16 23:55 Suggestion: Default (else) value for maps, dictionaries, and Verdicts Robert White
@ 2017-03-17 10:14 ` Pablo Neira Ayuso
2017-03-17 23:17 ` Robert White
0 siblings, 1 reply; 3+ messages in thread
From: Pablo Neira Ayuso @ 2017-03-17 10:14 UTC (permalink / raw)
To: Robert White; +Cc: netfilter
On Thu, Mar 16, 2017 at 11:55:35PM +0000, Robert White wrote:
> Being able to set (and preferably modify at runtime) a default value to be
> returned/evaluated/executed for the various search-and-do lists (sets) would
> be extremely helpful.
I guess you refer to some sort of catch-all case, if we find no
matching in the set.
> You can kind of fake it with a verdict set of goto(s) and a subsequent
> unconditional goto but that's branchtastically elaborate.
>
> So the existence of a possible default would be value-attached flag (just
> like timeout is a flag with a value).
>
> I don't have the familiarity with the whole stack (nft, library, and kernel
> state machine) necessary to offer a patch at this time since it would take a
> nudge of all three to be able to test it all.
Please, add an entry to the netfilter's bugzilla, so we can keep an
eye on this.
Thanks!
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Suggestion: Default (else) value for maps, dictionaries, and Verdicts
2017-03-17 10:14 ` Pablo Neira Ayuso
@ 2017-03-17 23:17 ` Robert White
0 siblings, 0 replies; 3+ messages in thread
From: Robert White @ 2017-03-17 23:17 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter
On 03/17/17 10:14, Pablo Neira Ayuso wrote:
> I guess you refer to some sort of catch-all case, if we find no
> matching in the set.
Yes, exactly.
> Please, add an entry to the netfilter's bugzilla, so we can keep an
> eye on this.
Done.
https://bugzilla.netfilter.org/show_bug.cgi?id=1132
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-03-17 23:17 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-03-16 23:55 Suggestion: Default (else) value for maps, dictionaries, and Verdicts Robert White
2017-03-17 10:14 ` Pablo Neira Ayuso
2017-03-17 23:17 ` Robert White
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.