[Bug 1716] The -s option does not always exclude stateful information for sets
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Thu Oct 26 14:18:19 CEST 2023
https://bugzilla.netfilter.org/show_bug.cgi?id=1716
--- Comment #5 from Phil Sutter <phil at nwl.cc> ---
(In reply to Pablo Neira Ayuso from comment #4)
> Added Phil to Cc.
>
> (In reply to Pablo Neira Ayuso from comment #1)
> > Not related to this report but it should be possible to strip off 'timeout'
> > when it is the same as the default set timeout, to avoid repetitive printing
> > of the same timeout for every element, ie. only expires would be shown. In
> > such case, if -s/--stateful is specified, then expires would not be not
> > shown.
> >
> > For the record, 'expires' is stripped off from -s/--stateful since:
> >
> > commit 37988cf255e51efba0d81dbc43eb4f0a41e99813
> > Author: Varsha Rao <rvarsha016 at gmail.com>
> > Date: Tue Jun 6 11:55:40 2017 +0530
> >
> > src: Remove expire information from list stateless ruleset.
>
> Hm, -s/--stateful skips 'expires' in the listing.
The long-option form of '-s' is '--stateless'. I guess you are aware, but the
typo might confuse readers.
AIUI, a set element's expires value is (part of) it's state, while its timeout
value is not. The latter is similar to the set's timeout value, just a
"configuration detail". Therefore, --stateless option should strip expires
value but keep timeout value.
> I had a recent discussion with Phil on what 'nft reset' should be resetting.
> Now 'nft reset' only resets stateful objects that are declared in the
> ruleset, not timeouts.
>
> Probably this needs to be changed to get things aligned and provide an
> option not to print the 'expires' part of the timeout to keep things
> consistent.
It is your decision to make, I deliberately included the expires value into set
element reset.
Cheers, Phil
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20231026/f155450b/attachment.html>
More information about the netfilter-buglog
mailing list