On 1/16/19 19:47, Neal P. Murphy wrote:
On Wed, 16 Jan 2019 20:39:13 +0100
Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
On Wed, Jan 16, 2019 at 08:29:12PM +0100, Florian Westphal wrote:
Mikhail Morfikov <mmorfikov@xxxxxxxxx> wrote:
# nft -f rules.nft
rules.nft:21:1-26: Error: Could not process rule: No such file or directory
delete table ip testtable
^^^^^^^^^^^^^^^^^^^^^^^^^^
I have a question. Basically, when you create a table or a chain
you can use "add" or "create", and only the second option will
return an error if the table/chain you wanted to create already
exists. But in the case of deleting tables/chains, which don't
exist, there's only one option -- return an error.
Good point.
Pablo, do you think we should NOT abort/error in case of -ENOENT
on table delete?
We can find a way to introduce this new semantics, eg. "destroy table"
vs. "delete table", where destroy ignores ENOENT, but we'll need to
explore how to express this in netlink, because so far it is not
possible IIRC.
Or borrow an existing semantic from rm, if possible: 'delete -f table ...' or maybe 'delete-f table ...'
FWIW ipset(8) used "-exist" for this.
