Hi Anders, 2016-10-20 20:36 GMT+08:00 Anders K. Pedersen | Cohaesio <akp@xxxxxxxxxxxx>: [...] > Well, the suggested userspace implementation doesn't allow a rule that > would hit this warning. It is required to use 'ether type ip ... rt ip > nexthop' or 'ether type ip6 ... rt ip6 nexthop', when nexthop is used > from the inet table. > > So I found it reasonable to generate a warning if such a rule somehow > got configured anyway, but if you still feel that it should be removed, > I can do that. I think WARN_ON was used to hint that maybe there's a bug in kernel. It is not appropriate to warn the user's wrong configuration. >> switch (priv->key) { >> case NFT_RT_NEXTHOP: >> switch (pkt->pf) >> ... >> default: >> return nft_rt_get_eval(expr, regs, pkt); >> } > > My thinking was that for future rt sub-expressions, it will probably > make sense to move > > const struct rtable *rt = skb_rtable(skb); > > if (!rt) > goto err; > > outside the inner switch statement, so it doesn't need to be duplicated > for each sub-expression. And ditto for the IPV6 part. > If so, for future rt sub-expressions extension, I think the following codes maybe better? switch (pkt->pf) case IPV4: nft_rt_ipv4_get_eval(); break; case IPV6: nft_rt_ipv6_get_eval(); break; This can reduce the duplicate codes. Just a suggestion:) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html