On Thu, 5 Jul 2012, Mr Dash Four wrote: > The following series of 3 patches included in this set allow 'in' or > 'out' values to be specified for the 'iface' part of hash:net,iface set, > corresponding to the incoming and outgoing interface accordingly, thus > eliminating the discrepancy which, up until now, existed with the 'old' > format and also reinforcing much-needed consistency with the rest of the > netfilter/iptables terminology. > > For backwards compatibility, the 'old' format, comprising of 'src' > (incoming) and 'dst' (outgoing) direction parameter for the 'iface' part > of hash:net,iface is also supported. You have to introduce a new set type version whenever a new feature is added: in your patches there is no protection against mixed cases, when only the kernel or just the userspace is upgraded. Or one side is downgraded for whatever reason. You must handle the case of the list:set type: how should then the new "in", "out" be interpreted? Or should those be rejected? But then it'd mean that if someone used a hash:net,iface type as a member of list:set, then he is forced to use "src", "dst" only. It'd be much simpler to introduce the keywords as aliases, all over: "in" as "dst" and "out" as "src", and print them with hash:net,iface only. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
