From: Patrick McHardy <kaber@trash.net>
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: Netfilter Development Mailinglist
<netfilter-devel@lists.netfilter.org>,
Pablo Neira Ayuso <pablo@netfilter.org>
Subject: Re: NFNL_NFA_NEST
Date: Wed, 21 Mar 2007 11:13:41 +0100 [thread overview]
Message-ID: <46010555.3010300@trash.net> (raw)
In-Reply-To: <Pine.LNX.4.64.0703211014200.4799@blackhole.kfki.hu>
Jozsef Kadlecsik wrote:
> On Wed, 21 Mar 2007, Patrick McHardy wrote:
>
>> One of the worst mistakes in nfnetlink in my opinion was the
>> introduction of the NFNL_NFA_NEST bit. It prevents us from
>> using a large part of the generic netlink stuff, since that
>> just interprets it as a really huge attribute type. Since
>> its not used even for anything, this is really annoying.
>
>
> Pablo helped me to work on porting ipset from sockopt to nfnetlink
> (which is still not finished yet :-() and I nagged Pablo a lot to use
> nesting, primarily to hide sub-module details at netlink message level
> from the ipset core. For example when adding/deleting/testing a set, the
> netlink message looks like this:
>
> <set name>
> <set type>
> <nested: set type specific data>
>
> so that the core is not burdened by module-dependent details.
>
> The other place where I wanted to use nesting is to send a bunch of the
> same type data in one netlink message instead of sending every one of
> them in separated messages: I shudder to send ~370 netlink messages
> instead of a single one in order to pass that number of IP addresses.
I don't want to remove the ability to nest attributes, just the
NFNL_NFA_NEST bit on nested attributes (ORed in nfa_type):
#define NFA_NEST(skb, type) \
({ struct nfattr *__start = (struct nfattr *) (skb)->tail; \
NFA_PUT(skb, (NFNL_NFA_NEST | type), 0, NULL); \
__start; })
Or did I misunderstand you and you actually use this for something?
next prev parent reply other threads:[~2007-03-21 10:13 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-03-21 5:08 NFNL_NFA_NEST Patrick McHardy
2007-03-21 10:04 ` NFNL_NFA_NEST Jozsef Kadlecsik
2007-03-21 10:13 ` Patrick McHardy [this message]
2007-03-21 10:39 ` NFNL_NFA_NEST Jozsef Kadlecsik
2007-03-21 22:54 ` NFNL_NFA_NEST Pablo Neira Ayuso
2007-03-22 11:00 ` NFNL_NFA_NEST Patrick McHardy
2007-03-22 13:18 ` NFNL_NFA_NEST Pablo Neira Ayuso
2007-03-22 13:29 ` NFNL_NFA_NEST Patrick McHardy
2007-03-22 16:44 ` NFNL_NFA_NEST Pablo Neira Ayuso
2007-03-22 17:01 ` NFNL_NFA_NEST Patrick McHardy
2007-03-23 12:18 ` NFNL_NFA_NEST Pablo Neira Ayuso
2007-03-23 12:55 ` NFNL_NFA_NEST Pablo Neira Ayuso
2007-03-23 13:01 ` NFNL_NFA_NEST Patrick McHardy
2007-03-23 13:00 ` NFNL_NFA_NEST Patrick McHardy
2007-03-23 17:37 ` NFNL_NFA_NEST Pablo Neira Ayuso
2007-03-24 10:49 ` NFNL_NFA_NEST Patrick McHardy
2007-03-24 11:30 ` NFNL_NFA_NEST Pablo Neira Ayuso
2007-03-24 14:37 ` NFNL_NFA_NEST Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46010555.3010300@trash.net \
--to=kaber@trash.net \
--cc=kadlec@blackhole.kfki.hu \
--cc=netfilter-devel@lists.netfilter.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.