<html>
<head>
<base href="https://bugzilla.netfilter.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - Element "flow tables" should not be syntactically unique..."
href="https://bugzilla.netfilter.org/show_bug.cgi?id=1137">1137</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>Element "flow tables" should not be syntactically unique...
</td>
</tr>
<tr>
<th>Product</th>
<td>nftables
</td>
</tr>
<tr>
<th>Version</th>
<td>unspecified
</td>
</tr>
<tr>
<th>Hardware</th>
<td>All
</td>
</tr>
<tr>
<th>OS</th>
<td>All
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>enhancement
</td>
</tr>
<tr>
<th>Priority</th>
<td>P5
</td>
</tr>
<tr>
<th>Component</th>
<td>kernel
</td>
</tr>
<tr>
<th>Assignee</th>
<td>pablo@netfilter.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>rwhite@pobox.com
</td>
</tr></table>
<p>
<div>
<pre>So this doesn't rate a bug, but it did confuse me.
Flow tables are always named, but they don't conform to the way sets, maps, and
dictionaries work in terms of "add" and "delete" and all that.
They are also "flow tables" instead of one word like "flows" or "throttle" or
something.
It seems weird to just have these break the syntactic expectations.
I think, long-term, that picking a one word designation like "rate" or "gauge"
and making them syntactically similar to sets with a type and flags at the
table level, and using @name syntax or having them be unnamed in place, would
make much more sense.
It's especially confusing since "list map tablename mapname" and "list flow
table tablename flowname" are so similar in function but have a different word
count and are not orthogonal to add and delete and clear etc.
So if they were just like sets this would be so much less confusing.
table ip example {
gauge dhcp_throttle {
type ipv4_addr . inet_service
flags whatever, whateverelse
}
On 03/22/17 16:25, Pablo Neira Ayuso wrote:
<span class="quote">> This would provide a way to restore flow table between reboots, so we
> could even per populate them with elements.</span >
chain dhcp_traffic {
gauge { ip saddr limit over 200/day } drop
gauge @dhcp_throttle { ip saddr . udp dport limit 3/second } accept
}
}
On 03/22/17 16:25, Pablo Neira Ayuso wrote:
<span class="quote">> This would resolve the inconsistency, yes.</span >
<span class="quote">> I would still stick to 'flow table' instead of 'gauge'. I was never
> comfortable with the fact that we overload 'table' with more semantics
> (given we already have tables in nf_tables).</span >
On 03/22/17 16:50, neal.p.murphy wrote:
<span class="quote">> Instead of gauge, would meter, track, watch, or measure work better (and be a little more self-documenting)?</span ></pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are watching all bug changes.</li>
</ul>
</body>
</html>