nft: Add support named counters and handlers. #58
Conversation
bunert
force-pushed
the
bunert/handle-and-counter-support
branch
2 times, most recently
from
844ee9d
to
0085ba4
Compare
|
Hi @bunert , thank you for the contribution. What is odd is that I cannot run the tests though GitHub. Usually for new contributors it asks to run it. |
There was a problem hiding this comment.
Thank you very much for the contribution!
It will be great if you can add some text in the commit message that describes why this is useful (the reasoning).
I will not insist on the next point, but if you are able to split the PR into more commits it will be great. It will just help with the review.
I identified 3 topics of changes (each can potentially be a commit):
- Fixing doc.
- Adding the named counter.
- Adding handlers to the table and chain.
If this last request complicates things for you, I'll be fine with no doing it.
nft/config/config_test.go
Outdated
| @@ -23,7 +23,7 @@ import ( | |||
| "fmt" | |||
| "testing" | |||
|
|
|||
| assert "github.com/stretchr/testify/require" | |||
| "github.com/stretchr/testify/assert" | |||
There was a problem hiding this comment.
Why this has changed? It changes the behavior of the tests.
There was a problem hiding this comment.
Renaming require as assert seems unintentional, I removed the rename.
| @@ -32,4 +32,5 @@ const ( | |||
| type Table struct { | |||
| Family string `json:"family"` | |||
| Name string `json:"name"` | |||
| Handle *int `json:"handle,omitempty"` | |||
There was a problem hiding this comment.
A handle has been added to the table and chain, could you please reason for adding them?
Most of the PR is about counters, and while it also merit a reasoning for adding, it seems pretty trivial (to me at least).
On the other hand, the reasoning for adding the handle to the tables and chains is less trivial.
There was a problem hiding this comment.
For me, there is no reason to omit the handlers when reading the config. And it allows executing nft with the obtained handlers which is a use case for us.
There was a problem hiding this comment.
Fair enough.
The fact that the tables and chains have their name unique made the use of handlers redundant when writing the configuration for me.
But if you find it useful, there is indeed no reason to omit it.
Do you know what will happen if one uses the original handler but changes the name of the table/chain? Will it fail to apply the configuration (a scenario when a user reads the config, changed the chain name and applied back).
bunert
force-pushed
the
bunert/handle-and-counter-support
branch
from
0085ba4
to
208ff48
Compare
Changes: - doc typo - require package renamed to assert - field name in struct literal - error check in test cleanup Signed-off-by: Tobias Buner <buner@anapaya.net>
Adding handlers to nftables structs and adjusted the test comparison function to remove them. Having the handlers in place when retrieving the configuration can be useful to execute the nft binary directly with the retrieved handlers. The rules already include the handle, this adds support for handlers in tables and chains. Signed-off-by: Tobias Buner <buner@anapaya.net>
Currently, only anonymous counters in rules are supported. This adds support also for named counters on the table level. Signed-off-by: Tobias Buner <buner@anapaya.net>
bunert
force-pushed
the
bunert/handle-and-counter-support
branch
from
208ff48
to
60dd966
Compare
There was a problem hiding this comment.
Thank you, this looks really great!
There are a few inline comments, nothing major.
The build fails on the formatting of the imports: https://github.com/networkplumbing/go-nft/actions/runs/5738880629/job/15587712456?pr=58#step:5:11
| @@ -23,7 +23,7 @@ import ( | |||
| "fmt" | |||
| "testing" | |||
|
|
|||
| assert "github.com/stretchr/testify/require" | |||
| "github.com/stretchr/testify/require" | |||
There was a problem hiding this comment.
The rename was intentional [1] to use the more common assert word but behave like the testify require semantics.
This is the convention through the project and I would prefer to keep it.
I guess it is a bag I carry from other testing frameworks and different languages.
[1] 5d1c9c8
| }, | ||
| }, | ||
| }) | ||
| require.NoError(t, err) |
There was a problem hiding this comment.
This is a best effort operation, I do not think it fits asserting.
Perhaps we should make sure everything stops if this somehow happens (i.e. panic in an explicit manner). Continuing without this succeeding means the tests are dependent and the results are unpredictable.
Another alternative is to log it.
Have you seen cases this is failing?
| test(t) | ||
| }) | ||
| } | ||
|
|
||
| func flushRuleset() { |
There was a problem hiding this comment.
I find it easier to read it when it is not inlined.
What is the reason you inlined it?
| @@ -32,4 +32,5 @@ const ( | |||
| type Table struct { | |||
| Family string `json:"family"` | |||
| Name string `json:"name"` | |||
| Handle *int `json:"handle,omitempty"` | |||
There was a problem hiding this comment.
Fair enough.
The fact that the tables and chains have their name unique made the use of handlers redundant when writing the configuration for me.
But if you find it useful, there is indeed no reason to omit it.
Do you know what will happen if one uses the original handler but changes the name of the table/chain? Will it fail to apply the configuration (a scenario when a user reads the config, changed the chain name and applied back).
| if c.Name != "" { | ||
| return json.Marshal(c.Name) | ||
| } | ||
| type counter Counter |
There was a problem hiding this comment.
You used a different naming convention from the existing.
This is a bit confusing, but not a blocker for sure.
|
@bunert , if you can, it will help if you add this new change in the CHANGELOG so it will be ready for the next release. (as a new commit in the end) Something like: |
|
@bunert , can I assist you with anything here? |
|
Sorry, I don't have the time right now and we worked around the missing handlers for now. I hope to find some time to update it soon, sorry for the inconvenience. |
Fixing docs typo and some minor code cleanup (package rename, field name in struct literal, error check in test cleanup).
Adding handlers to nftables structs (test comparison function removes them). Having the handlers in place when retrieving the configuration can be useful to execute the nft binary directly with the retrieved handlers. The rules already include the handle, this adds support for handlers in tables and chains.
Adding support for named counters. Currently, only anonymous counters in rules are supported.