From: Florian Westphal <fw@strlen.de>
To: David Wang <00107082@163.com>
Cc: Daniel Xu <dxu@dxuuu.xyz>,
Pablo Neira Ayuso <pablo@netfilter.org>,
Jozsef Kadlecsik <kadlec@netfilter.org>,
Florian Westphal <fw@strlen.de>,
netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
linux-kernel@vger.kernel.org, bpf@vger.kernel.org
Subject: Re: [PATCH] uapi/netfilter: Change netfilter hook verdict code definition from macro to enum
Date: Thu, 28 Sep 2023 13:53:59 +0200 [thread overview]
Message-ID: <20230928115359.GB27208@breakpoint.cc> (raw)
In-Reply-To: <19d2362f.5c85.18a6647817b.Coremail.00107082@163.com>
David Wang <00107082@163.com> wrote:
Hello,
> At 2023-09-06 00:38:02, "Daniel Xu" <dxu@dxuuu.xyz> wrote:
> >Hi David,
> >
> >On Mon, Sep 04, 2023 at 09:02:02PM +0800, David Wang wrote:
>
> >> #include <linux/in6.h>
> >>
> >> /* Responses from hook functions. */
> >> -#define NF_DROP 0
> >> -#define NF_ACCEPT 1
> >> -#define NF_STOLEN 2
> >> -#define NF_QUEUE 3
> >> -#define NF_REPEAT 4
> >> -#define NF_STOP 5 /* Deprecated, for userspace nf_queue compatibility. */
> >> -#define NF_MAX_VERDICT NF_STOP
> >> +enum {
> >> + NF_DROP = 0,
> >> + NF_ACCEPT = 1,
> >> + NF_STOLEN = 2,
> >> + NF_QUEUE = 3,
> >> + NF_REPEAT = 4,
> >> + NF_STOP = 5, /* Deprecated, for userspace nf_queue compatibility. */
> >> + NF_MAX_VERDICT = NF_STOP,
> >> +};
> >
> >Switching from macro to enum works for almost all use cases, but not
> >all. If someone if #ifdefing the symbols (which is plausible) this
> >change would break them.
> >
> >I think I've seen some other networking code define both enums and
> >macros. But it was a little ugly. Not sure if that is acceptable here or
> >not.
> >
> >[...]
> >
> >Thanks,
> >Daniel
>
>
> Thanks for the review~
> I do not have a strong reasoning to deny the possibility of breaking unexpected usage of this macros,
>
> but I also agree that it is ugly to use both enum and macro at the same time.
>
> Kind of don't know how to proceed from here now...
I was about to apply this as-is, but Pablo Neira would prefer to
keep the defines as well.
So, as a compromise, I would suggest to just *add*
/* verdicts available to BPF are exported via vmlinux.h */
enum {
NF_DROP = 0,
NF_ACCEPT = 1,
};
#define NF_DROP 0
...
This way BTF won't have the other verdicts, but ATM those
cannot be used in BPF programs anyway.
Would you mind making a new version of the patch?
Otherwise I can mangle it locally here as needed.
next prev parent reply other threads:[~2023-09-28 11:54 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-04 13:02 [PATCH] uapi/netfilter: Change netfilter hook verdict code definition from macro to enum David Wang
2023-09-04 13:02 ` David Wang
2023-09-05 16:38 ` Daniel Xu
2023-09-05 16:57 ` David Wang
2023-09-07 2:21 ` Duncan Roe
2023-09-07 18:44 ` Florian Westphal
2023-09-28 11:53 ` Florian Westphal [this message]
2023-10-16 9:22 ` David Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230928115359.GB27208@breakpoint.cc \
--to=fw@strlen.de \
--cc=00107082@163.com \
--cc=bpf@vger.kernel.org \
--cc=coreteam@netfilter.org \
--cc=dxu@dxuuu.xyz \
--cc=kadlec@netfilter.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.