From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Stephane Bryant <stephane.ml.bryant@gmail.com>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH nf-next v3 2/3] netfilter: bridge: pass L2 header and VLAN as netlink attributes in queues to userspace
Date: Mon, 29 Feb 2016 13:40:32 +0100 [thread overview]
Message-ID: <20160229124032.GA15467@salvia> (raw)
In-Reply-To: <1455959230-3680-2-git-send-email-stephane.ml.bryant@gmail.com>
On Sat, Feb 20, 2016 at 10:07:09AM +0100, Stephane Bryant wrote:
> From: stephane <stephane.ml.bryant@gmail.com>
>
> -this creates 2 netlink attribute NLQA_VLAN and NLQA_L2HDR
> -these are filled up for the PF_BRIDGE family on the way to userspace
>
> Signed-off-by: Stephane Bryant <stephane.ml.bryant@gmail.com>
> ---
> include/uapi/linux/netfilter/nfnetlink_queue.h | 7 ++++
> net/netfilter/nfnetlink_queue.c | 53 ++++++++++++++++++++++++++
> 2 files changed, 60 insertions(+)
>
> diff --git a/include/uapi/linux/netfilter/nfnetlink_queue.h b/include/uapi/linux/netfilter/nfnetlink_queue.h
> index b67a853..211fcdc 100644
> --- a/include/uapi/linux/netfilter/nfnetlink_queue.h
> +++ b/include/uapi/linux/netfilter/nfnetlink_queue.h
> @@ -30,6 +30,11 @@ struct nfqnl_msg_packet_timestamp {
> __aligned_be64 usec;
> };
>
> +struct nfqnl_msg_vlan {
> + __be16 proto;
> + __u16 tci;
> +} __attribute__ ((packed));
Stephane, I'm very looking forward to having this update pushed
mainstream.
However, this I think it would be good if you can translate this to
use nested attributes.
See nla_nest_start() and nla_nest_end(). Then, add a new vlan
attributes for this:
enum nfqnl_vlan_attr {
NFQA_VLAN_UNSPEC,
NFQA_VLAN_PROTO,
NFQA_VLAN_TCI,
__NFQA_VLAN_MAX,
};
#define NFQA_VLAN_MAX (__NFQA_VLAN_MAX + 1)
Using structure to encapsulate netlink data is highly discouraged. I
know we're doing this already in old attribute but that we cannot
change since it's part of the ABI. But I would like that we start
doing this the right way for new attributes.
Let me know,
Thanks!
> +
> enum nfqnl_attr_type {
> NFQA_UNSPEC,
> NFQA_PACKET_HDR,
> @@ -50,6 +55,8 @@ enum nfqnl_attr_type {
> NFQA_UID, /* __u32 sk uid */
> NFQA_GID, /* __u32 sk gid */
> NFQA_SECCTX, /* security context string */
> + NFQA_VLAN, /* packet vlan info */
> + NFQA_L2HDR, /* full L2 header */
>
> __NFQA_MAX
> };
next prev parent reply other threads:[~2016-02-29 12:40 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-20 9:07 [PATCH nf-next v3 1/3] netfilter: bridge: add nf_afinfo to enable queuing to userspace Stephane Bryant
2016-02-20 9:07 ` [PATCH nf-next v3 2/3] netfilter: bridge: pass L2 header and VLAN as netlink attributes in queues " Stephane Bryant
2016-02-29 12:40 ` Pablo Neira Ayuso [this message]
2016-03-05 18:32 ` stéphane bryant
2016-02-20 9:07 ` [PATCH nf-next v3 3/3] netfilter: bridge: nf queue verdict to use NFQA_VLAN and NFQA_L2HDR Stephane Bryant
2016-02-20 9:56 ` Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160229124032.GA15467@salvia \
--to=pablo@netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=stephane.ml.bryant@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.