On Fri, Jan 10, 2014 at 03:32:52PM +0100, Pablo Neira Ayuso wrote: > On Fri, Jan 10, 2014 at 01:58:01PM +0000, Patrick McHardy wrote: > > On Fri, Jan 10, 2014 at 02:54:35PM +0100, Pablo Neira Ayuso wrote: > > > On Fri, Jan 10, 2014 at 01:43:43PM +0000, Patrick McHardy wrote: > > > > On Fri, Jan 10, 2014 at 02:33:06PM +0100, Kristian Evensen wrote: > > > > > Hi, > > > > > > > > > > On Fri, Jan 10, 2014 at 2:27 PM, Patrick McHardy <kaber@xxxxxxxxx> wrote: > > > > > > No, I'm refering to the (ab)use of the expression. Anything not returning > > > > > > data is not an expression but a statement. > > > > > > > > > > Ok, then I follow :) I followed the naming in meta, but I agree. What > > > > > would be a good naming convetion? I thought of something like > > > > > nft_expr_stmt_*. It is a bit clumsy, but it is at least clear that the > > > > > struct can be used to represent both an expression and a statement. > > > > > > > > nft_ct_stmt? This is what we use in nftables f.i. in case of meta. > > > > > > Perhaps nft_ct_instr? So we can identify this as the nftables > > > instruction-set. > > > > Well, expressions also belong to the instruction set. A statement is > > is one (more specific) case of an instruction, as are expressions. > > Why introduce new terminology that isn't used anywhere else so far > > if statement is the exact description of what this is and is already > > used by nftables. > > So are you proposing to add a new object for statements in > libnftables? That will require a new infrastructure which would be > very similar to what we have in the current expressions. Well, the infrastructure should be pretty small. In fact you could probably map everything to expressions internally (although I don't think adding new infrastructure would be much effort), I would just rather not create an API that confuses fundamental types. > To that extend, that would also require a new infrastructure in the > kernel so we also have statements there. I think one of the good > things of the nf_tables kernel side is that we didn't make any > distinction between matches/targets (or call it > expressions/statements). In the kernel that was deliberate and is only internal to the kernel (well, and libraries and so on). I considered it, but I think in the kernel its more important to keep the code base and APIs as small as possible. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
