On Mon, Jun 04, 2018 at 01:30:45PM +0200, Pablo Neira Ayuso wrote:
> On Mon, Jun 04, 2018 at 12:10:49PM +0200, Arturo Borrero Gonzalez wrote:
> > On 4 June 2018 at 11:58, Máté Eckl <ecklm94@xxxxxxxxx> wrote:
> > > What I'm not sure of is:
> > > - Are these token values considered user-friendly or usable?
> > > - Is printing of these values with their names desired?
> > >
> > > What do you think?
> > >
> > > -- 8< --
> > > This patch adds the possibility to use textual names to set the chain priority
> > > to basic values so that numeric values do not need to be learnt any more for
> > > basic usage.
> > >
> > > Example:
> > > nft> add table inet x
> > > nft> add chain inet x y {type filter hook prerouting priority PRIO_MANGLE ;}
> > > nft> list ruleset
> > > table inet x {
> > > chain y {
> > > type filter hook prerouting priority -150; policy accept;
> > > }
> > > }
> > >
> >
> > I believe the idea is good. But also, you should print the friendly
> > names instead of the magic numbers :-P
>
> Right, symmetry is desired thing in this.
>
> it would be cool if we could print based on approximate matching, eg.
>
> -150 would be printed as "mangle".
>
> but:
>
> -149 would be printed as "mangle + 1"
>
> so people could do arithmetics based on the tags.
I didn't think this so deeply, but this is a nice idea.
On the print side, however, there must be a border until which we print it like this. I
mean mangle + 75 carries hardly more information than -75 (in this case, the
user should have a clue about the actual values to know, what he/she is doing), so
probably only values like mangle +- 10 should be printed like this.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
