From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
Cc: Vincent Sanders <vincent.sanders@collabora.co.uk>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
"David S. Miller" <davem@davemloft.net>,
Alban Crequy <alban.crequy@collabora.co.uk>
Subject: Re: [PATCH net-next 13/15] netfilter: nfdbus: Add D-bus message parsing
Date: Wed, 4 Jul 2012 19:30:47 +0200 [thread overview]
Message-ID: <20120704173047.GA8864@1984> (raw)
In-Reply-To: <4FF1C1AF.9080104@collabora.co.uk>
On Mon, Jul 02, 2012 at 05:43:43PM +0200, Javier Martinez Canillas wrote:
> On 06/29/2012 07:11 PM, Pablo Neira Ayuso wrote:
> > On Fri, Jun 29, 2012 at 05:45:52PM +0100, Vincent Sanders wrote:
> >> From: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
> >>
> >> The netfilter D-Bus module needs to parse D-bus messages sent by
> >> applications to decide whether a peer can receive or not a D-Bus
> >> message. Add D-bus message parsing logic to be able to analyze.
> >
> > Not talking about the entire patchset, only about the part I'm
> > responsible for.
> >
> > I don't see why you think this belong to netfilter at all.
> >
> > This doesn't integrate into the existing filtering infrastructure,
> > neither it extends it in any way.
> >
>
> Hello Pablo,
>
> Thanks a lot for your feedback.
>
> This is the first of a set of patches that adds a netfilter module to parse
> D-Bus messages, the complete patch-set is:
>
> [PATCH 13/15] netfilter: nfdbus: Add D-bus message parsing
> [PATCH 14/15] netfilter: nfdbus: Add D-bus match rule implementation
> [PATCH 15/15] netfilter: add netfilter D-Bus module
>
> patches 13 and 14 just include D-Bus helper code to be used by the netfilter
> module (added on patch 15) and specially the dbus_filter netfilter hook function.
I see, the use of the netfilter hooks seems to be the only reason why
you consider these chunks belong to netfilter.
> For the next post version we will reorganize the patches so first the D-Bus
> netfilter module is added with an empty dbus_filter function and then added the
> D-Bus helper code.
>
> Also, we will move the nfdbus netfilter module to net/bus so is not inside the
> netfilter core code.
Yes, please, remove this stuff from my directory tree, I believe this
filtering infrastructure has not much to do with Netfilter itself.
It uses the connector to communicate kernel <-> userspace instead of
nfnetlink and, as said, it does neither integrate into existing
filtering kernel/userspace infrastructure nor integrates into it.
So, please, if you plan to give another try to this patchset, move
this to your net/bus directory as you propose and find a different
(better) name for the filtering part (just to avoid confusion in the
future).
Thanks.
next prev parent reply other threads:[~2012-07-04 17:30 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-06-29 16:45 AF_BUS socket address family Vincent Sanders
2012-06-29 16:45 ` [PATCH net-next 01/15] net: bus: Add " Vincent Sanders
2012-06-29 16:45 ` [PATCH net-next 02/15] net: bus: Add documentation for AF_BUS Vincent Sanders
2012-06-29 16:45 ` [PATCH net-next 03/15] net: bus: Add AF_BUS socket and address definitions Vincent Sanders
2012-06-29 16:45 ` [PATCH net-next 04/15] security: Add Linux Security Modules hook for AF_BUS sockets Vincent Sanders
2012-07-09 3:32 ` James Morris
2012-07-09 18:02 ` Paul Moore
2012-06-29 16:45 ` [PATCH net-next 05/15] security: selinux: Add AF_BUS socket SELinux hooks Vincent Sanders
2012-07-09 18:38 ` Paul Moore
2012-06-29 16:45 ` [PATCH net-next 06/15] netfilter: Add NFPROTO_BUS hook constant for AF_BUS socket family Vincent Sanders
2012-07-01 2:15 ` Jan Engelhardt
2012-06-29 16:45 ` [PATCH net-next 07/15] scm: allow AF_BUS sockets to send ancillary data Vincent Sanders
2012-06-29 16:45 ` [PATCH net-next 08/15] net: bus: Add implementation of Bus domain sockets Vincent Sanders
2012-06-29 16:45 ` [PATCH net-next 09/15] net: bus: Add garbage collector for AF_BUS sockets Vincent Sanders
2012-07-02 17:44 ` Ben Hutchings
2012-07-03 12:11 ` Alban Crequy
2012-06-29 16:45 ` [PATCH net-next 10/15] net: bus: Add the AF_BUS socket address family to KBuild Vincent Sanders
2012-06-29 16:45 ` [PATCH net-next 11/15] netlink: connector: implement cn_netlink_reply Vincent Sanders
2012-06-29 16:45 ` [PATCH net-next 12/15] netlink: connector: Add idx and val identifiers for netfilter D-Bus Vincent Sanders
2012-06-29 16:45 ` [PATCH net-next 13/15] netfilter: nfdbus: Add D-bus message parsing Vincent Sanders
2012-06-29 17:11 ` Pablo Neira Ayuso
2012-07-02 15:43 ` Javier Martinez Canillas
2012-07-04 17:30 ` Pablo Neira Ayuso [this message]
2012-07-05 17:54 ` Javier Martinez Canillas
2012-06-29 16:45 ` [PATCH net-next 14/15] netfilter: nfdbus: Add D-bus match rule implementation Vincent Sanders
2012-06-29 16:45 ` [PATCH net-next 15/15] netfilter: add netfilter D-Bus module Vincent Sanders
2012-06-29 18:16 ` AF_BUS socket address family Chris Friesen
2012-06-29 19:33 ` Ben Hutchings
2012-06-29 18:45 ` Casey Schaufler
2012-06-29 23:22 ` Vincent Sanders
2012-06-29 22:36 ` David Miller
2012-06-29 23:12 ` Vincent Sanders
2012-06-29 23:18 ` David Miller
2012-06-29 23:42 ` Vincent Sanders
2012-06-29 23:50 ` David Miller
2012-06-30 0:09 ` Vincent Sanders
2012-06-30 13:12 ` Alan Cox
2012-07-01 0:33 ` David Miller
2012-07-01 14:16 ` Alan Cox
2012-07-01 21:45 ` David Miller
2012-06-30 0:13 ` Benjamin LaHaise
2012-06-30 12:52 ` Alan Cox
2012-07-02 14:51 ` Vincent Sanders
2012-07-02 4:49 ` Chris Friesen
2012-07-05 21:06 ` Jan Engelhardt
2012-07-06 18:27 ` Chris Friesen
2012-06-30 20:41 ` Hans-Peter Jansen
2012-07-02 16:46 ` Alban Crequy
2012-07-05 7:59 ` Linus Walleij
2012-07-05 16:01 ` Daniel Walker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120704173047.GA8864@1984 \
--to=pablo@netfilter.org \
--cc=alban.crequy@collabora.co.uk \
--cc=davem@davemloft.net \
--cc=javier.martinez@collabora.co.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=vincent.sanders@collabora.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.