From: Pablo Neira Ayuso <pablo@netfilter.org>
To: David Miller <davem@davemloft.net>
Cc: kuba@kernel.org, netfilter-devel@vger.kernel.org, netdev@vger.kernel.org
Subject: Re: [PATCH net 2/5] netfilter: nf_tables: add position handle in event notification
Date: Thu, 30 Sep 2021 15:49:46 +0200 [thread overview]
Message-ID: <YVXAeheN9xpOWXWU@salvia> (raw)
In-Reply-To: <20210930.133522.917842602540469933.davem@davemloft.net>
On Thu, Sep 30, 2021 at 01:35:22PM +0100, David Miller wrote:
> From: Jakub Kicinski <kuba@kernel.org>
> Date: Wed, 29 Sep 2021 19:19:53 -0700
>
> > On Thu, 30 Sep 2021 01:04:57 +0200 Pablo Neira Ayuso wrote:
> >> Add position handle to allow to identify the rule location from netlink
> >> events. Otherwise, userspace cannot incrementally update a userspace
> >> cache through monitoring events.
> >>
> >> Skip handle dump if the rule has been either inserted (at the beginning
> >> of the ruleset) or appended (at the end of the ruleset), the
> >> NLM_F_APPEND netlink flag is sufficient in these two cases.
> >>
> >> Handle NLM_F_REPLACE as NLM_F_APPEND since the rule replacement
> >> expansion appends it after the specified rule handle.
> >>
> >> Fixes: 96518518cc41 ("netfilter: add nftables")
> >> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
> >
> > Let me defer to Dave on this one. Krzysztof K recently provided us with
> > this quote:
> >
> > "One thing that does bother [Linus] is developers who send him fixes in the
> > -rc2 or -rc3 time frame for things that never worked in the first place.
> > If something never worked, then the fact that it doesn't work now is not
> > a regression, so the fixes should just wait for the next merge window.
> > Those fixes are, after all, essentially development work."
> >
> > https://lwn.net/Articles/705245/
> >
> > Maybe the thinking has evolved since, but this patch strikes me as odd.
> > We forgot to put an attribute in netlink 8 years ago, and suddenly it's
> > urgent to fill it in? Something does not connect for me, certainly the
> > commit message should have explained things better...
>
> Agreed.
The aforementioned article says:
"In general, he said, if a fix applies to a feature that is not
currently being used, it should wait for the next development cycle"
This feature is being used by 'nft monitor', which is not
representing:
- insert rule
- add/insert rule with position handle
- create table/chain/set/map
commands in the correct way via netlink notifications.
I can rework the commit message to clarify this and resubmit.
next prev parent reply other threads:[~2021-09-30 13:49 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-29 23:04 [PATCH net 0/5] Netfilter fixes for net Pablo Neira Ayuso
2021-09-29 23:04 ` [PATCH net 1/5] netfilter: conntrack: fix boot failure with nf_conntrack.enable_hooks=1 Pablo Neira Ayuso
2021-09-29 23:04 ` [PATCH net 2/5] netfilter: nf_tables: add position handle in event notification Pablo Neira Ayuso
2021-09-30 2:19 ` Jakub Kicinski
2021-09-30 7:28 ` Pablo Neira Ayuso
2021-09-30 12:35 ` David Miller
2021-09-30 13:49 ` Pablo Neira Ayuso [this message]
2021-09-29 23:04 ` [PATCH net 3/5] netfilter: nf_tables: reverse order in rule replacement expansion Pablo Neira Ayuso
2021-09-29 23:04 ` [PATCH net 4/5] netfilter: nft_dynset: relax superfluous check on set updates Pablo Neira Ayuso
2021-09-29 23:05 ` [PATCH net 5/5] netfilter: nf_tables: honor NLM_F_CREATE and NLM_F_EXCL in event notification Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YVXAeheN9xpOWXWU@salvia \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.