Hello Arturo,
Dne pátek 26. ledna 2018 19:43:18 CET, Arturo Borrero Gonzalez napsal(a):
> My suggestion is to simply create one variable per value:
>
> define INET_IFACES_VLAN43 = { bond0.x, bond3.y}
> define INET_IFACES_VLAN3 = { bond3.x, bond3.y}
> define XXX_VLAN43 = xxx
> define XXX_VLAN3 = xxx
>
> you could generate such a file, something like 'defines.nft' and
> include it once in your main ruleset file.
that is exactly the boilerplate that we are trying to avoid. By using
consistent (and non-unique) variable names we are able to freely move the
rules from one customer to another without rewriting every use of a variable
every time. We also do not want to build a code-generating harness in bash (or
any other language) since that would sort of defeat the purpose of scripting
in nftables in my eyes. the redefine keyword was just my first idea to solve the
problem of a single flat variable scope. There may be a better approach but I
think that if nftables wants to have scripting capabilities, some kind of
variable scoping (even in flat notation) and more ubiquitous variable use
within rules is necessary.
I event went so far and made some experimental patches that allowed me to use
string variables and string concatenation in places like interface names and
rule targets. With that I was able to create very generic rules and I tied
them to a customer/VLAN just by changing one or two constants in the header of
a file (e.g. the VLAN number). Of course, I had to use redefine in the header.
--
S pozdravem,
David Fabian
Cluster Design, s.r.o.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
