Re: [PATCH net-next v2 2/3] netfilter: nfnetlink: Handle ACK flags for batch messages

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Donald Hunter <donald.hunter@gmail.com>
Cc: netdev@vger.kernel.org, Jakub Kicinski <kuba@kernel.org>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Paolo Abeni <pabeni@redhat.com>, Jiri Pirko <jiri@resnulli.us>,
	Jacob Keller <jacob.e.keller@intel.com>,
	Jozsef Kadlecsik <kadlec@netfilter.org>,
	netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
	donald.hunter@redhat.com
Subject: Re: [PATCH net-next v2 2/3] netfilter: nfnetlink: Handle ACK flags for batch messages
Date: Thu, 11 Apr 2024 01:13:13 +0200	[thread overview]
Message-ID: <ZhcdCUA2yJ56xdbj@calendula> (raw)
In-Reply-To: <20240410221108.37414-3-donald.hunter@gmail.com>

On Wed, Apr 10, 2024 at 11:11:07PM +0100, Donald Hunter wrote:
> The NLM_F_ACK flag is not processed for nfnetlink batch messages.

Let me clarify: It is not processed for the begin and end marker
netlink message, but it is processed for command messages.

> This is a problem for ynl which wants to receive an ack for every
> message it sends. Add processing for ACK and provide responses when
> requested.

NLM_F_ACK is regarded for the specific command messages that are
contained in the batch, that is:

batch begin
command
command
...
command
batch end

Thus, NLM_F_ACK can be set on for the command messages and it is not
ignore in that case.

May I ask why do you need this? Is it to make your userspace tool happy?

> I have checked that iproute2, pyroute2 and systemd are unaffected by
> this change since none of them use NLM_F_ACK for batch begin/end.
> I also ran a search on github and did not spot any usage that would
> break.
> 
> Signed-off-by: Donald Hunter <donald.hunter@gmail.com>
> ---
>  net/netfilter/nfnetlink.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
> index c9fbe0f707b5..37762941c288 100644
> --- a/net/netfilter/nfnetlink.c
> +++ b/net/netfilter/nfnetlink.c
> @@ -427,6 +427,9 @@ static void nfnetlink_rcv_batch(struct sk_buff *skb, struct nlmsghdr *nlh,
>  
>  	nfnl_unlock(subsys_id);
>  
> +	if (nlh->nlmsg_flags & NLM_F_ACK)
> +		nfnl_err_add(&err_list, nlh, 0, &extack);
> +
>  	while (skb->len >= nlmsg_total_size(0)) {
>  		int msglen, type;
>  
> @@ -463,6 +466,8 @@ static void nfnetlink_rcv_batch(struct sk_buff *skb, struct nlmsghdr *nlh,
>  			goto done;
>  		} else if (type == NFNL_MSG_BATCH_END) {
>  			status |= NFNL_BATCH_DONE;
> +			if (nlh->nlmsg_flags & NLM_F_ACK)
> +				nfnl_err_add(&err_list, nlh, 0, &extack);

if (status == NFNL_BATCH_DONE) should probably be a better place for
this. I would like to have userspace that uses this, I don't have a
usecase at this moment for this new code.

Thanks.

>  			goto done;
>  		} else if (type < NLMSG_MIN_TYPE) {
>  			err = -EINVAL;
> -- 
> 2.43.0
>

next prev parent reply	other threads:[~2024-04-10 23:13 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-04-10 22:11 [PATCH net-next v2 0/3] netlink: Add nftables spec w/ multi messages Donald Hunter
2024-04-10 22:11 ` [PATCH net-next v2 1/3] doc/netlink/specs: Add draft nftables spec Donald Hunter
2024-04-10 22:11 ` [PATCH net-next v2 2/3] netfilter: nfnetlink: Handle ACK flags for batch messages Donald Hunter
2024-04-10 23:13   ` Pablo Neira Ayuso [this message]
2024-04-11 10:03     ` Donald Hunter
2024-04-10 22:11 ` [PATCH net-next v2 3/3] tools/net/ynl: Add multi message support to ynl Donald Hunter
2024-04-11 17:25   ` Jakub Kicinski
2024-04-12  9:53     ` Donald Hunter

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZhcdCUA2yJ56xdbj@calendula \
    --to=pablo@netfilter.org \
    --cc=coreteam@netfilter.org \
    --cc=davem@davemloft.net \
    --cc=donald.hunter@gmail.com \
    --cc=donald.hunter@redhat.com \
    --cc=edumazet@google.com \
    --cc=jacob.e.keller@intel.com \
    --cc=jiri@resnulli.us \
    --cc=kadlec@netfilter.org \
    --cc=kuba@kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pabeni@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.