Re: [net-next,v7,3/5] doc/netlink: nftables: Update attribute sets

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jakub Kicinski <kuba@kernel.org>
To: one-d-wide@protonmail.com
Cc: Jakub Kicinski <kuba@kernel.org>,
	phil@nwl.cc, netfilter-devel@vger.kernel.org,
	netdev@vger.kernel.org, pablo@netfilter.org,
	coreteam@netfilter.org, fw@strlen.de, donald.hunter@gmail.com
Subject: Re: [net-next,v7,3/5] doc/netlink: nftables: Update attribute sets
Date: Mon,  2 Feb 2026 19:19:02 -0800	[thread overview]
Message-ID: <20260203031902.934664-1-kuba@kernel.org> (raw)
In-Reply-To: <20260202093928.742879-4-one-d-wide@protonmail.com>

This is an AI-generated review of your patch. The human sending this
email has considered the AI review valid, or at least plausible.

For local reproduction steps see https://netdev-ai.bots.linux.dev/ai-local.html
---
doc/netlink: nftables: Update attribute sets

This commit adds new attribute sets (log-attrs, numgen-attrs, range-attrs,
compat-target-attrs, compat-match-attrs, compat-attrs), adds missing
attributes and checks, and fixes byte-order annotations for the nftables
netlink specification.

> diff --git a/Documentation/netlink/specs/nftables.yaml b/Documentation/netlink/specs/nftables.yaml
> index f15f825cb3a1..2ddf89c70124 100644
> --- a/Documentation/netlink/specs/nftables.yaml
> +++ b/Documentation/netlink/specs/nftables.yaml

[ ... ]

> +  -
> +    name: range-attrs
> +    attributes:
> +      # Mentioned in net/netfilter/nft_range.c
> +      -
> +        name: sreg
> +        doc: source register of data to compare
> +        type: u32
> +        byte-order: big-endian
> +        enum: registers
> +      -
> +        name: op
> +        doc: cmp operation
> +        type: u32
> +        byte-order: big-endian
> +        enum: range-ops
> +        checks:
> +          max: 256

Should this be max: 255? Looking at nft_range_init() in net/netfilter/nft_range.c,
the kernel uses nft_parse_u32_check(tb[NFTA_RANGE_OP], U8_MAX, &op), where U8_MAX
is 255. This spec would allow 256 which the kernel rejects with -ERANGE.

[ ... ]

> +  -
> +    name: compat-target-attrs
> +    header: linux/netfilter/nf_tables_compat.h
> +    attributes:
> +      -
> +        name: name
> +        type: string
> +        checks:
> +          max-len: 32
> +      -
> +        name: rev
> +        type: u32
> +        byte-order: big-endian
> +      -
> +        name: info
> +        type: binary
> +  -
> +    name: compat-match-attrs
> +    header: linux/netfilter/nf_tables_compat.h
> +    attributes:
> +      -
> +        name: name
> +        type: string
> +        checks:
> +          max-len: 32
> +      -
> +        name: rev
> +        type: u32
> +        byte-order: big-endian
> +        checks:
> +          max: 255

Should compat-target-attrs also have checks: max: 255 for its rev field? The
kernel's nft_target_policy uses NLA_POLICY_MAX(NLA_BE32, 255) for NFTA_TARGET_REV,
same as compat-match-attrs, but compat-target-attrs rev field above is missing
this check.
-- 
pw-bot: cr

next prev parent reply	other threads:[~2026-02-03  3:19 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-02-02  9:40 [PATCH net-next v7 0/5] doc/netlink: Expand nftables specification Remy D. Farley
2026-02-02  9:40 ` [PATCH net-next v7 1/5] doc/netlink: netlink-raw: Add max check Remy D. Farley
2026-02-02  9:40 ` [PATCH net-next v7 2/5] doc/netlink: nftables: Add definitions Remy D. Farley
2026-02-03  9:04   ` Donald Hunter
2026-02-02  9:41 ` [PATCH net-next v7 3/5] doc/netlink: nftables: Update attribute sets Remy D. Farley
2026-02-03  3:19   ` Jakub Kicinski [this message]
2026-02-02  9:41 ` [PATCH net-next v7 4/5] doc/netlink: nftables: Add sub-messages Remy D. Farley
2026-02-02  9:41 ` [PATCH net-next v7 5/5] doc/netlink: nftables: Fill out operation attributes Remy D. Farley
2026-02-03  3:19   ` [net-next,v7,5/5] " Jakub Kicinski

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260203031902.934664-1-kuba@kernel.org \
    --to=kuba@kernel.org \
    --cc=coreteam@netfilter.org \
    --cc=donald.hunter@gmail.com \
    --cc=fw@strlen.de \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=one-d-wide@protonmail.com \
    --cc=pablo@netfilter.org \
    --cc=phil@nwl.cc \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.