From: Florian Westphal <fw@strlen.de>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Florian Westphal <fw@strlen.de>, netfilter-devel@vger.kernel.org
Subject: Re: [PATCH nft] datatype, meta: add new ifname_type for iifname/oifname
Date: Mon, 29 Feb 2016 14:19:23 +0100 [thread overview]
Message-ID: <20160229131923.GB7277@breakpoint.cc> (raw)
In-Reply-To: <20160229131202.GA16476@salvia>
Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> Hi Florian,
>
> On Fri, Feb 26, 2016 at 08:19:34PM +0100, Florian Westphal wrote:
> > String is an unqualified type and we do not have a data element to
> > derive the element size from at set creation time.
> >
> > Add a new string subtype -- iface_name -- and switch
> > meta iifname/oifname to use it instead of string.
> >
> > One can then define a named set for interface names with
> >
> > nft add set filter ifnames '{type iface_name; }'
>
> The problem is that unqualified types cannot be currently used because
> the have no specific length.
Yes.
>
> Carlos has been submitting patches for a while (he's on Cc) that it
> would be great to see in the tree at some point this week. Basically,
> he's introducing a TLV infrastructure to store metainformation in the
> USERDATA area.
>
> The idea is to use these new TLVs to include the length of this
> datatype. This allows us to interpret the data when dumping it from
> the kernel and transform it to object via set_delinearize().
Ok, but how do you plan to handle the key length?
Currently the kernel will -EINVAL in nf_tables_newset() because the
key length is 0 for unqualified types.
Since nft has no information on the element keys (yet) I don't see
how the TLV infrastructure helps in this case.
I'll wait for your patches.
next prev parent reply other threads:[~2016-02-29 13:19 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-26 19:19 [PATCH nft] datatype, meta: add new ifname_type for iifname/oifname Florian Westphal
2016-02-29 13:12 ` Pablo Neira Ayuso
2016-02-29 13:19 ` Florian Westphal [this message]
2016-03-01 10:11 ` Pablo Neira Ayuso
2016-03-01 11:00 ` Florian Westphal
2016-03-01 13:15 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160229131923.GB7277@breakpoint.cc \
--to=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.