Re: [PATCH libnftnl v3 1/2] set: Add support for NFTA_SET_DESC_CONCAT attributes

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Stefano Brivio <sbrivio@redhat.com>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org,
	"Florian Westphal" <fw@strlen.de>,
	"Kadlecsik József" <kadlec@blackhole.kfki.hu>,
	"Eric Garver" <eric@garver.life>, "Phil Sutter" <phil@nwl.cc>
Subject: Re: [PATCH libnftnl v3 1/2] set: Add support for NFTA_SET_DESC_CONCAT attributes
Date: Tue, 28 Jan 2020 21:17:52 +0100	[thread overview]
Message-ID: <20200128211752.00312b6a@redhat.com> (raw)
In-Reply-To: <20200128193016.42lnsncnvmypf62p@salvia>

On Tue, 28 Jan 2020 20:30:16 +0100
Pablo Neira Ayuso <pablo@netfilter.org> wrote:

> On Sun, Jan 19, 2020 at 02:35:25PM +0100, Stefano Brivio wrote:
> > If NFTNL_SET_DESC_CONCAT data is passed, pass that to the kernel
> > as NFTA_SET_DESC_CONCAT attributes: it describes the length of
> > single concatenated fields, in bytes.
> > 
> > Similarly, parse NFTA_SET_DESC_CONCAT attributes if received
> > from the kernel.
> > 
> > This is the libnftnl counterpart for nftables patch:
> >   src: Add support for NFTNL_SET_DESC_CONCAT
> > 
> > v3:
> >  - use NFTNL_SET_DESC_CONCAT and NFTA_SET_DESC_CONCAT instead of a
> >    stand-alone NFTA_SET_SUBKEY attribute (Pablo Neira Ayuso)
> >  - pass field length in bytes instead of bits, fields would get
> >    unnecessarily big otherwise
> > v2:
> >  - fixed grammar in commit message
> >  - removed copy of array bytes in nftnl_set_nlmsg_build_subkey_payload(),
> >    we're simply passing values to htonl() (Phil Sutter)
> > 
> > Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
> > ---
> >  include/libnftnl/set.h |   1 +
> >  include/set.h          |   2 +
> >  src/set.c              | 111 ++++++++++++++++++++++++++++++++++-------
> >  3 files changed, 95 insertions(+), 19 deletions(-)
> > 
> > diff --git a/include/libnftnl/set.h b/include/libnftnl/set.h
> > index db3fa686d60a..dcae354b76c4 100644
> > --- a/include/libnftnl/set.h
> > +++ b/include/libnftnl/set.h
> > @@ -24,6 +24,7 @@ enum nftnl_set_attr {
> >  	NFTNL_SET_ID,
> >  	NFTNL_SET_POLICY,
> >  	NFTNL_SET_DESC_SIZE,
> > +	NFTNL_SET_DESC_CONCAT,  
> 
> This one needs to be defined at the end to not break binary interface.

Hah, right, I just focused on not breaking kernel UAPI and didn't check
this. I'll move it.

> Compilation breaks for some reason:
> 
> In file included from ../include/internal.h:10,
>                  from gen.c:9:
> ../include/set.h:28:22: error: ‘NFT_REG32_COUNT’ undeclared here (not
> in a function); did you mean ‘NFT_REG32_15’?
>    28 |   uint8_t  field_len[NFT_REG32_COUNT];
>       |                      ^~~~~~~~~~~~~~~
>       |                      NFT_REG32_15

That's something that comes from kernel headers changes, now
commit f3a2181e16f1 ("netfilter: nf_tables: Support for sets with
multiple ranged fields"), this hunk:

diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index c13106496bd2..065218a20bb7 100644
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -48,6 +48,7 @@ enum nft_registers {
 
 #define NFT_REG_SIZE   16
 #define NFT_REG32_SIZE 4
+#define NFT_REG32_COUNT        (NFT_REG32_15 - NFT_REG32_00 + 1)
 
 /**
  * enum nft_verdicts - nf_tables internal verdicts

I didn't include those in userspace patches, following e.g. current
iproute2 practice. Let me know if I should actually submit that as
separate change -- I thought it would be more practical for you to sync
headers as needed.

-- 
Stefano

next prev parent reply	other threads:[~2020-01-28 20:18 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-01-19 13:35 [PATCH libnftnl v3 0/2] Attributes for concatenated ranges Stefano Brivio
2020-01-19 13:35 ` [PATCH libnftnl v3 1/2] set: Add support for NFTA_SET_DESC_CONCAT attributes Stefano Brivio
2020-01-28 19:30   ` Pablo Neira Ayuso
2020-01-28 20:17     ` Stefano Brivio [this message]
2020-01-28 21:27       ` Pablo Neira Ayuso
2020-01-19 13:35 ` [PATCH libnftnl v3 2/2] set_elem: Introduce support for NFTNL_SET_ELEM_KEY_END Stefano Brivio

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:c13106496bd dfblob:065218a20bb )
 OR (
bs:"Re: [PATCH libnftnl v3 1/2] set: Add support for NFTA_SET_DESC_CONCAT attributes" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200128211752.00312b6a@redhat.com \
    --to=sbrivio@redhat.com \
    --cc=eric@garver.life \
    --cc=fw@strlen.de \
    --cc=kadlec@blackhole.kfki.hu \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    --cc=phil@nwl.cc \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.