Re: [PATCH net-2.6.26] netlink: make socket filters work on netlink

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: hadi@cyberus.ca
Cc: David Miller <davem@davemloft.net>,
	shemminger@vyatta.com, netdev@vger.kernel.org
Subject: Re: [PATCH net-2.6.26] netlink: make socket filters work on netlink
Date: Wed, 02 Apr 2008 14:07:30 +0200	[thread overview]
Message-ID: <47F37702.1080702@trash.net> (raw)
In-Reply-To: <1207136533.4451.132.camel@localhost>

jamal wrote:
> On Wed, 2008-02-04 at 12:00 +0200, Patrick McHardy wrote:
> 
>> No, in the case of events its supposed to be set to the pid of the
>> socket that caused the event. Check out qdisc_notify() or rtmsg_ifa()
>> for example.
> 
> nod - however, there is inconsistency;
> for example if rtmsg_ifa() was in the code path of something invoked by
> ioctl, the pid of the event will be 0. Alexey almost chewed my head off
> when i tried to change that. His (valid) explanation was, if iirc:
> a) that the pid belonged to the source - and 0 means "kernel". 

Yes, for ioctl it can't carry anything but zero because it
should contains the netlink socket pid, not the process ID,
which obviously doesn't exist in that case.

> b) The pid could also be some negative number (even in qdisc_notify) if
> you have multiple netlink sockets in one process (resolvable if you
> getname())

True, but that doesn't really matter. You also can't assume that
a positive number matches the process ID.

> c) what happens when processid goes to > 32-bit?

Wouldn't be a problem, its the netlink socket pids, which are 32
bit no matter what.

> 
>> nlmsg_seq is already used by userspace to match responses to requests,
>> so that probably wouldn't work very well.
> 
> True, and thats what made me suggest earlier that if i had two sockets
> in my app, one listening and the other sending (the way quagga does for
> example), and that the app has a setting which says "all my netlink
> messages to the kernel would have sequence 0x1234" - then the listening
> socket could be told to set bpf to filter out any events with sequence
> 0x1234. This overcomes all of #a, #b and #c above but i admit it is
> equally weak as using pids because it relies on the fact that only one
> app is targeting something in the kernel with sequence 0x1234. You could
> do it if you owned the box.
> As one step further - route messages "proto" field on the other hand
> overcomes that challenge of multiple applications ambiguity. of course
> this has other challenges as well (ex: several apps claiming to be zebra
> or if you intentionaly want to run multiple quaggas for VRs but wanted
> to distinguish who added the route).

In my opinion we should try to set nlmsg_pid properly since thats
whats defined as unique identifier for netlink sockets.

next prev parent reply	other threads:[~2008-04-02 12:07 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-03-21 18:05 [PATCH net-2.6.26] netlink: make socket filters work on netlink Stephen Hemminger
2008-03-21 22:47 ` David Miller
2008-03-26 20:19 ` Patrick McHardy
2008-03-31 19:33   ` Stephen Hemminger
2008-03-31 19:40     ` Patrick McHardy
2008-03-31 19:46       ` Stephen Hemminger
2008-03-31 20:07       ` David Miller
2008-03-31 20:15         ` Patrick McHardy
2008-03-31 21:49           ` jamal
2008-04-01 11:52             ` Patrick McHardy
2008-04-01 14:04               ` jamal
2008-04-02 10:00                 ` Patrick McHardy
2008-04-02 11:21                   ` Thomas Graf
2008-04-02 12:01                     ` jamal
2008-04-02 12:09                       ` Patrick McHardy
2008-04-02 12:25                         ` jamal
2008-04-02 12:45                           ` Patrick McHardy
2008-04-02 13:10                             ` jamal
2008-04-02 14:28                               ` Thomas Graf
2008-04-02 18:12                                 ` jamal
2008-04-02 12:03                     ` Patrick McHardy
2008-04-02 14:09                       ` Thomas Graf
2008-04-02 11:42                   ` jamal
2008-04-02 12:07                     ` Patrick McHardy [this message]
2008-04-02 14:05                       ` Thomas Graf

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=47F37702.1080702@trash.net \
    --to=kaber@trash.net \
    --cc=davem@davemloft.net \
    --cc=hadi@cyberus.ca \
    --cc=netdev@vger.kernel.org \
    --cc=shemminger@vyatta.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.