Re: [PATCH 1/2] iptables: utils: Add bash completion

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Mar 02, 2016 at 01:24:01PM +0100, Mart Frauenlob wrote:
> On 02.03.2016 12:34, Pablo Neira Ayuso wrote:
> >On Thu, Feb 25, 2016 at 04:06:53PM +0100, Mart Frauenlob wrote:
> >>  utils/iptables_bash_completion/README.md |  290 ++++
> >>  utils/iptables_bash_completion/iptables  | 2426 ++++++++++++++++++++++++++++++
> >
> >This is fair good amount of work, but this is also quite a bit of
> >new shell code to be maintained in our trees.
> >
> >Moreover, I was told that, in the specific case of debian, there is a
> >package (bash-completion) where you place this.
> >
> >So sorry, I'm not applying this.
> 
> Hello Pablo,
> 
> what a pitty! :-/
> Before writing this patch, I've asked the developers of bash completion for
> inclusion.
> For them it's fair to big and specific to maintain.
> They were worried about iptables becoming deprecated and them having dead
> code in their package.
> The only chance for inclusion, and that's not granted too, is to
> additionally write a test suite with tools I don't have any knowledge about
> yet - and to sign up as maintainer there.
> So they recommended me to request inclusion in iptables.

I see.

> I think this is a good piece of work, probably the best featured bash
> completion ever, and I'd wish to get it distributed.
> My abilities in that matter are limited.
> 
> Of course I'd keep fixing bugs and add new iptables features (though I think
> there are not many to expect in the future, right?).
> If someone submits a bug report, I'll take care of it if anyhow possible.
> Just need to be notified by CC or so.

Then, my suggestion is to simplify this script in order to reduce the
maintainance burden.

One idea is to push into iptables some infrastructure so the script
can inquire iptables on available options. This would be simple C code
to be places on every extension to print the options. Then, add a tool
like iptables-completion that you can use to inquire what is possible
to get as options. Thus, we get a generic script that inquires
iptables, instead of having them all hardcoded into the script.

Would you explore this? I know Giuseppe Longo and Eric Leblond are
looking into this for nft following a similar approach.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux