On Tue, Apr 09, 2019 at 04:03:26PM +0200, Florian Westphal wrote: > Phil Sutter <phil@xxxxxx> wrote: > > Could we maybe find a middle ground where nft still does these > > optimizations but prints warnings so users are notified? We might even > > introduce -W flag to customize behaviour (-W all (default), -W error > > (strict mode), -W none (suppress any non-fatal output on stderr)). > > I like this proposal. > > One of the broken tproxy test cases (it prints warning) does this: > > ip daddr 0.0.0.0/0 Yes, sorry, that's my fault. > .. and that is always true and could be removed. > Different "problem" of course, but it shows that there is ample > opportunity for pruning irrelevant expressions. > > And breaking scripts every time we decide that something is > "silly" is a bad decision, imo. Agreed, this case is slightly bit corner case as they should _not_ be doing enclosing single element in brackets in their scripts. But I get your point, better adopt a more conservative approach ;-) > I suspect users will complain about { 1.2.3.4 } being illegal > "just because". I'll explore the warning idea, it can be an initial step before we can fully disallow this, so users don't complain about sudden breakage :-) Thanks for your feedback!