On Thu, Dec 08, 2022 at 10:40:22PM +0100, Pablo Neira Ayuso wrote:
> On Thu, Dec 01, 2022 at 05:39:10PM +0100, Phil Sutter wrote:
> > Sadly, '-C' is in use already for --change-counters (even though
> > ebtables-nft does not implement this), so add a long-option only. It is
> > needed for xlate testsuite in replay mode, which will use '--check'
> > instead of '-C'.
>
> Hm, yet another of those exotic deviations (from ip{6}tables) in
> ebtables.
>
> This -C is not supported by ebtables-nft, right? If so,
> according to manpage, ebtables -C takes start_nr[:end_nr].
>
> Maybe there is a chance to get this aligned with other ip{6}tables
> tools by checking if optarg is available? Otherwise, really check the
> ruleset?
>
> BTW, I'm re-reading the ebtables manpage, not sure how this feature -C
> was supposed to be used. Do you understand the usecase?
Yes, it's odd - so fits perfectly the rest of ebtables syntax. ;)
There are two ways to use it:
1) ebtables -C <CHAIN> <RULENO> <PCNT> <BCNT>
2) ebtables -C <CHAIN> <PCNT> <BCNT> <RULESPEC>
So I could check if the two parameters following the chain name are
numbers or not to distinguish between --change-counters and --check, but
it's ugly and with ebtables-nft not supporting one of them makes things
actually worse.
We need --check only for internal purposes, let's please just leave it
like this - there are much more important things to work on.
Cheers, Phil
