[PATCH 0/2] Specify nf_queue max length from userspace

[PATCH 0/2] Specify nf_queue max length from userspace

[Eric Leblond]

[-- Attachment #1: Type: text/plain, Size: 474 bytes --]

Hi,

With libnetfilter_queue it was not anymore possible to specify the max
queue length from userspace. All needed framework was already in
nfnetlink_queue code and as queue instance has its own max length, it
was thus possible to specify max length on a per queue basis.

To be able to do so, I've added a new function nfq_set_queue_maxlen to
libnetfilter_queue and done needed modifications in nfnetlink_queue
code.

BR,
-- 
Eric Leblond <eric@inl.fr>
INL

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

[PATCH 1/2] Specify nf_queue max length from userspace

[Eric Leblond]

[-- Attachment #1.1: Type: text/plain, Size: 90 bytes --]

Attach patch is against current git kernel tree.

-- 
Eric Leblond <eric@inl.fr>
INL

[-- Attachment #1.2: specify-queue-max-length-from-userspace.txt --]
[-- Type: text/plain, Size: 1535 bytes --]

Signed-off-by: Eric Leblond <eric@inl.fr>


---

 include/linux/netfilter/nfnetlink_queue.h |    2 ++
 net/netfilter/nfnetlink_queue.c           |    7 ++++++-
 2 files changed, 8 insertions(+), 1 deletions(-)

1fb988dc51e2465500df50ff4e085f80acb7b6a3
diff --git a/include/linux/netfilter/nfnetlink_queue.h b/include/linux/netfilter/nfnetlink_queue.h
index 9e77437..ce32c54 100644
--- a/include/linux/netfilter/nfnetlink_queue.h
+++ b/include/linux/netfilter/nfnetlink_queue.h
@@ -67,6 +67,7 @@ struct nfqnl_msg_config_cmd {
 } __attribute__ ((packed));
 
 enum nfqnl_config_mode {
+	NFQNL_COPY_UNSPEC,
 	NFQNL_COPY_NONE,
 	NFQNL_COPY_META,
 	NFQNL_COPY_PACKET,
@@ -75,6 +76,7 @@ enum nfqnl_config_mode {
 struct nfqnl_msg_config_params {
 	u_int32_t	copy_range;
 	u_int8_t	copy_mode;	/* enum nfqnl_config_mode */
+	u_int32_t   queue_maxlen;
 } __attribute__ ((packed));
 
 
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 86a4ac3..6032ad5 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -935,8 +935,13 @@ nfqnl_recv_config(struct sock *ctnl, str
 			goto out_put;
 		}
 		params = NFA_DATA(nfqa[NFQA_CFG_PARAMS-1]);
-		nfqnl_set_mode(queue, params->copy_mode,
+		if (params->copy_mode != NFQNL_COPY_UNSPEC){
+			nfqnl_set_mode(queue, params->copy_mode,
 				ntohl(params->copy_range));
+		}
+		if (params->queue_maxlen) {
+			queue->queue_maxlen=ntohl(params->queue_maxlen);
+		}
 	}
 
 out_put:
-- 
1.3.3


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

[PATCH 2/2] [libnetfilter_queue] Specify nf_queue max length from userspace

[Eric Leblond]

[-- Attachment #1.1: Type: text/plain, Size: 96 bytes --]

Attached patch is against libnetfilter_queue svn.

BR,
-- 
Eric Leblond <eric@inl.fr>
INL

[-- Attachment #1.2: libnetfilter_queue-specify-queue-max-length-from-userspace.txt --]
[-- Type: text/x-patch, Size: 2300 bytes --]

Index: include/libnetfilter_queue/linux_nfnetlink_queue.h
===================================================================
--- include/libnetfilter_queue/linux_nfnetlink_queue.h	(révision 6470)
+++ include/libnetfilter_queue/linux_nfnetlink_queue.h	(copie de travail)
@@ -71,6 +71,7 @@
 } __attribute__ ((packed));
 
 enum nfqnl_config_mode {
+	NFQNL_COPY_UNSPEC,
 	NFQNL_COPY_NONE,
 	NFQNL_COPY_META,
 	NFQNL_COPY_PACKET,
@@ -79,6 +80,7 @@
 struct nfqnl_msg_config_params {
 	u_int32_t	copy_range;
 	u_int8_t	copy_mode;	/* enum nfqnl_config_mode */
+	u_int32_t   queue_maxlen;
 } __attribute__ ((packed));
 
 
Index: include/libnetfilter_queue/libnetfilter_queue.h
===================================================================
--- include/libnetfilter_queue/libnetfilter_queue.h	(révision 6470)
+++ include/libnetfilter_queue/libnetfilter_queue.h	(copie de travail)
@@ -49,6 +49,9 @@
 extern int nfq_set_mode(struct nfq_q_handle *qh,
 			  u_int8_t mode, unsigned int len);
 
+int nfq_set_queue_maxlen(struct nfq_q_handle *qh,
+			u_int32_t queuelen);
+
 extern int nfq_set_verdict(struct nfq_q_handle *qh,
 			     u_int32_t id,
 			     u_int32_t verdict,
Index: src/libnetfilter_queue.c
===================================================================
--- src/libnetfilter_queue.c	(révision 6470)
+++ src/libnetfilter_queue.c	(copie de travail)
@@ -288,6 +288,26 @@
 	return nfnl_talk(qh->h->nfnlh, nmh, 0, 0, NULL, NULL, NULL);
 }
 
+int nfq_set_queue_maxlen(struct nfq_q_handle *qh,
+				u_int32_t queuelen)
+{
+	char buf[NFNL_HEADER_LEN
+		+NFA_LENGTH(sizeof(struct nfqnl_msg_config_params))];
+	struct nfqnl_msg_config_params params;
+	struct nlmsghdr *nmh = (struct nlmsghdr *) buf;
+
+	nfnl_fill_hdr(qh->h->nfnlssh, nmh, 0, AF_UNSPEC, qh->id,
+			NFQNL_MSG_CONFIG, NLM_F_REQUEST|NLM_F_ACK);
+
+	params.copy_range = 0;
+	params.copy_mode = NFQNL_COPY_UNSPEC;
+	params.queue_maxlen=htonl(queuelen);
+	nfnl_addattr_l(nmh, sizeof(buf), NFQA_CFG_PARAMS, &params,
+			sizeof(params));
+
+	return nfnl_talk(qh->h->nfnlh, nmh, 0, 0, NULL, NULL, NULL);
+}
+
 static int __set_verdict(struct nfq_q_handle *qh, u_int32_t id,
 		u_int32_t verdict, u_int32_t mark, int set_mark,
 		u_int32_t data_len, unsigned char *data)

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [PATCH 1/2] Specify nf_queue max length from userspace

[Pablo Neira Ayuso]

Hi Eric,

Eric Leblond wrote:
>  include/linux/netfilter/nfnetlink_queue.h |    2 ++
>  net/netfilter/nfnetlink_queue.c           |    7 ++++++-
>  2 files changed, 8 insertions(+), 1 deletions(-)
> 
> 1fb988dc51e2465500df50ff4e085f80acb7b6a3
> diff --git a/include/linux/netfilter/nfnetlink_queue.h b/include/linux/netfilter/nfnetlink_queue.h
> index 9e77437..ce32c54 100644
> --- a/include/linux/netfilter/nfnetlink_queue.h
> +++ b/include/linux/netfilter/nfnetlink_queue.h
> @@ -67,6 +67,7 @@ struct nfqnl_msg_config_cmd {
>  } __attribute__ ((packed));
>  
>  enum nfqnl_config_mode {
> +	NFQNL_COPY_UNSPEC,
>  	NFQNL_COPY_NONE,
>  	NFQNL_COPY_META,
>  	NFQNL_COPY_PACKET,

If you have to add new attributes, do it always at the end, in other 
words, just before NFQNL_COPY_MAX. Otherwise you're breaking backward 
compatibility. See that old binaries use COPY_NONE set to 0, but after 
applying your patch COPY_NONE is set to 1. Result: old binaries will no 
work with nfnetlink_queue anymore.

> @@ -75,6 +76,7 @@ enum nfqnl_config_mode {
>  struct nfqnl_msg_config_params {
>  	u_int32_t	copy_range;
>  	u_int8_t	copy_mode;	/* enum nfqnl_config_mode */
> +	u_int32_t   queue_maxlen;
>  } __attribute__ ((packed));

Same thing here. If you have to modify this structure, you need to 
create a new one called struct nfqnl_msg_config_params2. Since I don't 
like this option, I think that the best solution is to add a new 
attribute called NFQNL_CFG_QUEUE_MAXLEN.

-- 
The dawn of the fourth age of Linux firewalling is coming; a time of 
great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris

Re: [PATCH 1/2] Specify nf_queue max length from userspace

[Eric Leblond]

[-- Attachment #1: Type: text/plain, Size: 1862 bytes --]

Hi Pablo,

On Fri, 2006-06-16 at 14:36 +0200, Pablo Neira Ayuso wrote:
> Hi Eric,
> >  enum nfqnl_config_mode {
> > +	NFQNL_COPY_UNSPEC,
> >  	NFQNL_COPY_NONE,
> >  	NFQNL_COPY_META,
> >  	NFQNL_COPY_PACKET,
> 
> If you have to add new attributes, do it always at the end, in other 
> words, just before NFQNL_COPY_MAX. Otherwise you're breaking backward 
> compatibility. See that old binaries use COPY_NONE set to 0, but after 
> applying your patch COPY_NONE is set to 1. Result: old binaries will no 
> work with nfnetlink_queue anymore.

I agree with you on this point. But, as I know that second point was
also breaking compatibility, I've made the choice to put less
significant value first. It looks cleaner to me.

> > @@ -75,6 +76,7 @@ enum nfqnl_config_mode {
> >  struct nfqnl_msg_config_params {
> >  	u_int32_t	copy_range;
> >  	u_int8_t	copy_mode;	/* enum nfqnl_config_mode */
> > +	u_int32_t   queue_maxlen;
> >  } __attribute__ ((packed));
> 
> Same thing here. If you have to modify this structure, you need to 
> create a new one called struct nfqnl_msg_config_params2. Since I don't 
> like this option, I think that the best solution is to add a new 
> attribute called NFQNL_CFG_QUEUE_MAXLEN.

I also think this is the cleanest way not to loose binary compatibility.
But, as you notice it, it's ugly as queue max length is a param. The
user-basis of libnetfilter_queue is really small for the moment: Only
about two projects use it. There may be also some unpublished project
but it should hurt too much to break binary compatibility to have a
cleaner code.

In fact, I think that having only one attribute and one structure could
be used in the future to have a function that will be able to set copy
mode and queue length in one call and one message.

BR,
-- 
Eric Leblond <eric@inl.fr>
INL

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [PATCH 1/2] Specify nf_queue max length from userspace

[Pablo Neira Ayuso]

Eric Leblond wrote:
> Hi Pablo,
> 
> On Fri, 2006-06-16 at 14:36 +0200, Pablo Neira Ayuso wrote:
> 
>>Hi Eric,
>>
>>> enum nfqnl_config_mode {
>>>+	NFQNL_COPY_UNSPEC,
>>> 	NFQNL_COPY_NONE,
>>> 	NFQNL_COPY_META,
>>> 	NFQNL_COPY_PACKET,
>>
>>If you have to add new attributes, do it always at the end, in other 
>>words, just before NFQNL_COPY_MAX. Otherwise you're breaking backward 
>>compatibility. See that old binaries use COPY_NONE set to 0, but after 
>>applying your patch COPY_NONE is set to 1. Result: old binaries will no 
>>work with nfnetlink_queue anymore.
> 
> 
> I agree with you on this point. But, as I know that second point was
> also breaking compatibility, I've made the choice to put less
> significant value first. It looks cleaner to me.
> 
> 
>>>@@ -75,6 +76,7 @@ enum nfqnl_config_mode {
>>> struct nfqnl_msg_config_params {
>>> 	u_int32_t	copy_range;
>>> 	u_int8_t	copy_mode;	/* enum nfqnl_config_mode */
>>>+	u_int32_t   queue_maxlen;
>>> } __attribute__ ((packed));
>>
>>Same thing here. If you have to modify this structure, you need to 
>>create a new one called struct nfqnl_msg_config_params2. Since I don't 
>>like this option, I think that the best solution is to add a new 
>>attribute called NFQNL_CFG_QUEUE_MAXLEN.
> 
> 
> I also think this is the cleanest way not to loose binary compatibility.
> But, as you notice it, it's ugly as queue max length is a param. The
> user-basis of libnetfilter_queue is really small for the moment: Only
> about two projects use it. There may be also some unpublished project
> but it should hurt too much to break binary compatibility to have a
> cleaner code.

Actually, this is what happen when you attach kernel and userspace to a 
certain structure. Instead, I think that it is better to split 
structures into fields.

> In fact, I think that having only one attribute and one structure could
> be used in the future to have a function that will be able to set copy
> mode and queue length in one call and one message.

This is not true, you can still implement a function that sets the queue 
length and copy mode with the solution that I proposed.

-- 
The dawn of the fourth age of Linux firewalling is coming; a time of 
great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris

Re: [PATCH 1/2] Specify nf_queue max length from userspace

[Patrick McHardy]

Eric Leblond wrote:
> Attach patch is against current git kernel tree.
> 
> 
> 
> ------------------------------------------------------------------------
> 
> Signed-off-by: Eric Leblond <eric@inl.fr>
> 
> 
> ---
> 
>  include/linux/netfilter/nfnetlink_queue.h |    2 ++
>  net/netfilter/nfnetlink_queue.c           |    7 ++++++-
>  2 files changed, 8 insertions(+), 1 deletions(-)
> 
> 1fb988dc51e2465500df50ff4e085f80acb7b6a3
> diff --git a/include/linux/netfilter/nfnetlink_queue.h b/include/linux/netfilter/nfnetlink_queue.h
> index 9e77437..ce32c54 100644
> --- a/include/linux/netfilter/nfnetlink_queue.h
> +++ b/include/linux/netfilter/nfnetlink_queue.h
> @@ -67,6 +67,7 @@ struct nfqnl_msg_config_cmd {
>  } __attribute__ ((packed));
>  
>  enum nfqnl_config_mode {
> +	NFQNL_COPY_UNSPEC,
>  	NFQNL_COPY_NONE,
>  	NFQNL_COPY_META,
>  	NFQNL_COPY_PACKET,

Looks like an ABI breaker.

> @@ -75,6 +76,7 @@ enum nfqnl_config_mode {
>  struct nfqnl_msg_config_params {
>  	u_int32_t	copy_range;
>  	u_int8_t	copy_mode;	/* enum nfqnl_config_mode */
> +	u_int32_t   queue_maxlen;
>  } __attribute__ ((packed));

This too. Why not just use a new attribute?

Re: [PATCH 1/2] Specify nf_queue max length from userspace

[Eric Leblond]

[-- Attachment #1.1: Type: text/plain, Size: 769 bytes --]

Hi,

> > @@ -75,6 +76,7 @@ enum nfqnl_config_mode {
> >  struct nfqnl_msg_config_params {
> >  	u_int32_t	copy_range;
> >  	u_int8_t	copy_mode;	/* enum nfqnl_config_mode */
> > +	u_int32_t   queue_maxlen;
> >  } __attribute__ ((packed));
> 
> This too. Why not just use a new attribute?

I did not like the idea of having params split between two structures.
And as the user base is still small, I thought we may break ABI to have
something cleaner.
Pablo and you do not like the idea, I wrote a patch that should not
break the ABI (attached to the mail).
In fact, after introducing the new attribute, I just found it is in a
way cleaner than my initial one because code does not depend from a
structure.

BR,
-- 
Eric Leblond <eric@inl.fr>
INL

[-- Attachment #1.2: specify-queue-max-length-from-userspace.patch --]
[-- Type: text/x-patch, Size: 1224 bytes --]

------------------------------------------------------------------------
 
Signed-off-by: Eric Leblond <eric@inl.fr>
 
 
---
diff --git a/include/linux/netfilter/nfnetlink_queue.h b/include/linux/netfilter/nfnetlink_queue.h
index 9e77437..22ffac0 100644
--- a/include/linux/netfilter/nfnetlink_queue.h
+++ b/include/linux/netfilter/nfnetlink_queue.h
@@ -82,6 +82,7 @@ enum nfqnl_attr_config {
 	NFQA_CFG_UNSPEC,
 	NFQA_CFG_CMD,			/* nfqnl_msg_config_cmd */
 	NFQA_CFG_PARAMS,		/* nfqnl_msg_config_params */
+	NFQA_CFG_QUEUE_MAXLEN,		/* u_int32_t */
 	__NFQA_CFG_MAX
 };
 #define NFQA_CFG_MAX (__NFQA_CFG_MAX-1)
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 86a4ac3..936c86b 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -939,6 +939,14 @@ nfqnl_recv_config(struct sock *ctnl, str
 				ntohl(params->copy_range));
 	}
 
+	if (nfqa[NFQA_CFG_QUEUE_MAXLEN-1]) {
+		u_int32_t *queue_maxlen;
+		queue_maxlen = NFA_DATA(nfqa[NFQA_CFG_QUEUE_MAXLEN-1]);
+		spin_lock_bh(&queue->lock);
+		queue->queue_maxlen = ntohl(*queue_maxlen);
+		spin_unlock_bh(&queue->lock);
+	}
+
 out_put:
 	instance_put(queue);
 	return ret;

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

[PATCH 2/2] Specify nf_queue max length from userspace

[Eric Leblond]

[-- Attachment #1.1: Type: text/plain, Size: 1495 bytes --]

Hi,

Please found attached to this mail a libnetfilter_queue patch related to
my previous mail and patch.

BR,

On Mon, 2006-06-19 at 18:26 +0200, Patrick McHardy wrote:
> Eric Leblond wrote:
> > Attach patch is against current git kernel tree.
> > 
> > 
> > 
> > ------------------------------------------------------------------------
> > 
> > Signed-off-by: Eric Leblond <eric@inl.fr>
> > 
> > 
> > ---
> > 
> >  include/linux/netfilter/nfnetlink_queue.h |    2 ++
> >  net/netfilter/nfnetlink_queue.c           |    7 ++++++-
> >  2 files changed, 8 insertions(+), 1 deletions(-)
> > 
> > 1fb988dc51e2465500df50ff4e085f80acb7b6a3
> > diff --git a/include/linux/netfilter/nfnetlink_queue.h b/include/linux/netfilter/nfnetlink_queue.h
> > index 9e77437..ce32c54 100644
> > --- a/include/linux/netfilter/nfnetlink_queue.h
> > +++ b/include/linux/netfilter/nfnetlink_queue.h
> > @@ -67,6 +67,7 @@ struct nfqnl_msg_config_cmd {
> >  } __attribute__ ((packed));
> >  
> >  enum nfqnl_config_mode {
> > +	NFQNL_COPY_UNSPEC,
> >  	NFQNL_COPY_NONE,
> >  	NFQNL_COPY_META,
> >  	NFQNL_COPY_PACKET,
> 
> Looks like an ABI breaker.
> 
> > @@ -75,6 +76,7 @@ enum nfqnl_config_mode {
> >  struct nfqnl_msg_config_params {
> >  	u_int32_t	copy_range;
> >  	u_int8_t	copy_mode;	/* enum nfqnl_config_mode */
> > +	u_int32_t   queue_maxlen;
> >  } __attribute__ ((packed));
> 
> This too. Why not just use a new attribute?
-- 
Eric Leblond <eric@inl.fr>
INL

[-- Attachment #1.2: libnetfilter_queue-specify-queue-max-length-from-userspace.patch --]
[-- Type: text/x-patch, Size: 2712 bytes --]

------------------------------------------------------------------------
 
Signed-off-by: Eric Leblond <eric@inl.fr>
 
 
---


Index: include/libnetfilter_queue/linux_nfnetlink_queue.h
===================================================================
--- include/libnetfilter_queue/linux_nfnetlink_queue.h	(révision 6470)
+++ include/libnetfilter_queue/linux_nfnetlink_queue.h	(copie de travail)
@@ -1,13 +1,13 @@
 #ifndef _NFNETLINK_QUEUE_H
 #define _NFNETLINK_QUEUE_H
 
-#include <linux/types.h>
-#include <libnfnetlink/linux_nfnetlink.h>
-
 #ifndef aligned_u64
 #define aligned_u64 unsigned long long __attribute__((aligned(8)))
 #endif
 
+#include <linux/types.h>
+#include <libnfnetlink/linux_nfnetlink.h>
+
 enum nfqnl_msg_types {
 	NFQNL_MSG_PACKET,		/* packet from kernel to userspace */
 	NFQNL_MSG_VERDICT,		/* verdict from userspace to kernel */
@@ -86,6 +86,7 @@
 	NFQA_CFG_UNSPEC,
 	NFQA_CFG_CMD,			/* nfqnl_msg_config_cmd */
 	NFQA_CFG_PARAMS,		/* nfqnl_msg_config_params */
+	NFQA_CFG_QUEUE_MAXLEN,		/* u_int32_t */
 	__NFQA_CFG_MAX
 };
 #define NFQA_CFG_MAX (__NFQA_CFG_MAX-1)
Index: include/libnetfilter_queue/libnetfilter_queue.h
===================================================================
--- include/libnetfilter_queue/libnetfilter_queue.h	(révision 6470)
+++ include/libnetfilter_queue/libnetfilter_queue.h	(copie de travail)
@@ -49,6 +49,9 @@
 extern int nfq_set_mode(struct nfq_q_handle *qh,
 			  u_int8_t mode, unsigned int len);
 
+int nfq_set_queue_maxlen(struct nfq_q_handle *qh,
+			u_int32_t queuelen);
+
 extern int nfq_set_verdict(struct nfq_q_handle *qh,
 			     u_int32_t id,
 			     u_int32_t verdict,
Index: src/libnetfilter_queue.c
===================================================================
--- src/libnetfilter_queue.c	(révision 6470)
+++ src/libnetfilter_queue.c	(copie de travail)
@@ -288,6 +288,23 @@
 	return nfnl_talk(qh->h->nfnlh, nmh, 0, 0, NULL, NULL, NULL);
 }
 
+int nfq_set_queue_maxlen(struct nfq_q_handle *qh,
+				u_int32_t queuelen)
+{
+	char buf[NFNL_HEADER_LEN
+		+NFA_LENGTH(sizeof(struct nfqnl_msg_config_params))];
+	u_int32_t queue_maxlen = htonl(queuelen);
+	struct nlmsghdr *nmh = (struct nlmsghdr *) buf;
+
+	nfnl_fill_hdr(qh->h->nfnlssh, nmh, 0, AF_UNSPEC, qh->id,
+			NFQNL_MSG_CONFIG, NLM_F_REQUEST|NLM_F_ACK);
+
+	nfnl_addattr_l(nmh, sizeof(buf), NFQA_CFG_QUEUE_MAXLEN, &queue_maxlen,
+			sizeof(queue_maxlen));
+
+	return nfnl_talk(qh->h->nfnlh, nmh, 0, 0, NULL, NULL, NULL);
+}
+
 static int __set_verdict(struct nfq_q_handle *qh, u_int32_t id,
 		u_int32_t verdict, u_int32_t mark, int set_mark,
 		u_int32_t data_len, unsigned char *data)

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [PATCH 1/2] Specify nf_queue max length from userspace

[Patrick McHardy]

Eric Leblond wrote:
> I did not like the idea of having params split between two structures.
> And as the user base is still small, I thought we may break ABI to have
> something cleaner.
> Pablo and you do not like the idea, I wrote a patch that should not
> break the ABI (attached to the mail).
> In fact, after introducing the new attribute, I just found it is in a
> way cleaner than my initial one because code does not depend from a
> structure.

Yes, that is better. I still would prefer to have all configuration
attributes nested under some common attribute .. but I can't see a
clean way to do that right now. Let me think about this some more.