On Mon, Aug 19, 2013 at 03:04:01PM +0300, Tomasz Bursztyka wrote:
> Hi,
>
> Here are the patches that refactors how rules are parsed. So now it's done in one unique place for all operations.
>
> And it adds a function to reset the counters with -Z since it's trivial to do so with such parsing strategy.
>
> Tomasz Bursztyka (5):
> nft: Parse fully and properly at once a rule into a cs
> nft: Refactor firewall printing so it reuses already parsed cs struct
> nft: Refactor rule deletion so it compares both cs structure
> xtables: nft: Complete refactoring on how rules are saved
I have collapsed these four patches in one single, we need that the
repository remains consistent between patches, that includes that new
functions need to have a client in the same patch.
The patch that I applied includes several things that I manually
fixed.
* IPv6 address printing was not working.
* Remove -4/-6 from the xtables-save output, we need exactly the same
output like iptables-save. It is only shown in xtables-events.
* Fix match/target aliasing, this one was not so obvious, as it's a
relatively new thing.
* Some coding style issue, this is prefered:
function(a, b, c, d,
e, f, g);
rather than:
function(a, b, c, d,
e, f, g);
I like that we saved 300 LOC with this. I have also applied one patch
to fix the wrong interpretation of the flags with IPv6.
> nft: Add a function to reset the counters of an existing rule
Also applied this one.
Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
