Message ID | 1369091340-29211-1-git-send-email-eric@regit.org |
---|---|
State | Accepted |
Headers | show |
Hi Eric, On Tue, May 21, 2013 at 01:09:00AM +0200, Eric Leblond wrote: > Knowing the rule handle is necessary to be able to delete a single > rule. It was not displayed till now in the output and it was thus > impossible to remove a single rule. > This patch modify the listing output to add a comment containing > the handle. Thanks for the patch. Could you add some option, eg. -a/--handle, so the handle is shown only if we invoke: nft -a list table filter We also support: nft list table filter > rule-set-file nft -f rule-set-file And the handle number will not be of any use there. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Eric Leblond <eric@regit.org> schrieb: >Knowing the rule handle is necessary to be able to delete a single >rule. It was not displayed till now in the output and it was thus >impossible to remove a single rule. >This patch modify the listing output to add a comment containing >the handle. > >Signed-off-by: Eric Leblond <eric@regit.org> >--- > src/rule.c | 2 ++ > 1 file changed, 2 insertions(+) > >diff --git a/src/rule.c b/src/rule.c >index 9d9eaee..b2d7844 100644 >--- a/src/rule.c >+++ b/src/rule.c >@@ -13,6 +13,7 @@ > #include <stdio.h> > #include <stdint.h> > #include <string.h> >+#include <inttypes.h> > > #include <statement.h> > #include <rule.h> >@@ -136,6 +137,7 @@ void rule_print(const struct rule *rule) > printf(" "); > stmt->ops->print(stmt); > } >+ printf(" # handle %" PRIu64, rule->handle.handle); > printf("\n"); > } > The output is supposed to be parsable again and should also remain as readable as possible. I discussed this with Pablo, we agreed on adding a command line switch for this. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Tue, 21 May 2013, Eric Leblond wrote: > Knowing the rule handle is necessary to be able to delete a single > rule. It was not displayed till now in the output and it was thus > impossible to remove a single rule. The current iptables system supports deleting a specific rule by simply specifying iptables -D [...] instead of equivilant iptables -A [...] Would it be possible to keep this semantics in nftables? Hilsen Jesper Brouer -- ------------------------------------------------------------------- MSc. Master of Computer Science Dept. of Computer Science, University of Copenhagen Author of http://www.adsl-optimizer.dk ------------------------------------------------------------------- -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Wed, May 22, 2013 at 03:53:26PM +0200, Jesper Dangaard Brouer wrote: > > On Tue, 21 May 2013, Eric Leblond wrote: > > >Knowing the rule handle is necessary to be able to delete a single > >rule. It was not displayed till now in the output and it was thus > >impossible to remove a single rule. > > The current iptables system supports deleting a specific rule by > simply specifying iptables -D [...] instead of equivilant iptables > -A [...] > > Would it be possible to keep this semantics in nftables? Yes, I wanted to add that feature myself. Implementation would be similar to what we do in iptables, IOW we'd compare either the netlink commands constructed from the rule specification or the internal expression representation, whatever seems better suited. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/src/rule.c b/src/rule.c index 9d9eaee..b2d7844 100644 --- a/src/rule.c +++ b/src/rule.c @@ -13,6 +13,7 @@ #include <stdio.h> #include <stdint.h> #include <string.h> +#include <inttypes.h> #include <statement.h> #include <rule.h> @@ -136,6 +137,7 @@ void rule_print(const struct rule *rule) printf(" "); stmt->ops->print(stmt); } + printf(" # handle %" PRIu64, rule->handle.handle); printf("\n"); }
Knowing the rule handle is necessary to be able to delete a single rule. It was not displayed till now in the output and it was thus impossible to remove a single rule. This patch modify the listing output to add a comment containing the handle. Signed-off-by: Eric Leblond <eric@regit.org> --- src/rule.c | 2 ++ 1 file changed, 2 insertions(+)