From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Florian Westphal <fw@strlen.de>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH nf-next 0/4] netfilter: use skb_drop_reason in more places
Date: Sat, 12 Oct 2024 18:45:51 +0200 [thread overview]
Message-ID: <Zwqnvy78DX0Mi_us@calendula> (raw)
In-Reply-To: <20241012155448.GB21920@breakpoint.cc>
On Sat, Oct 12, 2024 at 05:54:48PM +0200, Florian Westphal wrote:
> Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> > > Or do you mean using a different macro that always sets EPERM?
> >
> > Maybe remove SKB_DROP_REASON_NETFILTER_DROP from macro, so line is
> > shorter?
> >
> > NF_DROP_REASON(pkt->skb, -EPERM)
> >
> > And add a new macro for br_netfilter NF_BR_DROP_REASON which does not
> > always sets SKB_DROP_REASON_NETFILTER_DROP? (Pick a better name for
> > this new macro if you like).
>
> NF_DROP_REASON is already in the tree and currently most users use
> something other than SKB_DROP_REASON_NETFILTER_DROP.
>
> I did not yet add new enum values or a dedicated nf namespace
> (enum skb_drop_reason_subsys), because I did not see a reason and
> wasn't sure if we'd need sub-subsystems (nf_tables, conntrack, nat,
> whatever).
Does this mean values exposed through tracing infrastructure can
change or these are part of uapi? From what I read from you, I
understand it is possible to change SKB_DROP_REASON_NETFILTER_DROP to
a more specific sub-subsystem tag in the future without issues.
> If you like, I can add NF_FREE_SKB(skb, errno) and rework this
> set to use that?
Not strong about this. I was exploring if it should be possible to
remove (repetitive) information in the code that can be assumed to be
implicit, I still like the word "REASON" in the macro for grepping.
I think we can just move on with this series as-is if you prefer and
add new macros incrementally to refine.
next prev parent reply other threads:[~2024-10-12 16:45 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-02 15:55 [PATCH nf-next 0/4] netfilter: use skb_drop_reason in more places Florian Westphal
2024-10-02 15:55 ` [PATCH nf-next 1/4] netfilter: xt_nat: compact nf_nat_setup_info calls Florian Westphal
2024-10-02 15:55 ` [PATCH nf-next 2/4] netfilter: xt_nat: drop packet earlier Florian Westphal
2024-10-02 15:55 ` [PATCH nf-next 3/4] netfilter: nf_nat: use skb_drop_reason Florian Westphal
2024-10-02 15:55 ` [PATCH nf-next 4/4] netfilter: nf_tables: " Florian Westphal
2024-10-12 14:09 ` [PATCH nf-next 0/4] netfilter: use skb_drop_reason in more places Pablo Neira Ayuso
2024-10-12 14:42 ` Florian Westphal
2024-10-12 15:42 ` Pablo Neira Ayuso
2024-10-12 15:54 ` Florian Westphal
2024-10-12 16:45 ` Pablo Neira Ayuso [this message]
2024-10-12 20:38 ` Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zwqnvy78DX0Mi_us@calendula \
--to=pablo@netfilter.org \
--cc=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.