From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Phil Sutter <phil@nwl.cc>,
netfilter-devel@vger.kernel.org, Florian Westphal <fw@strlen.de>,
Dan Winship <danwinship@redhat.com>
Subject: Re: [nft PATCH] table: Embed creating nft version into userdata
Date: Thu, 28 Aug 2025 16:45:44 +0200 [thread overview]
Message-ID: <aLBrmD240kxqrNPr@calendula> (raw)
In-Reply-To: <aLBfSlle-zZqLygE@orbyte.nwl.cc>
On Thu, Aug 28, 2025 at 03:53:14PM +0200, Phil Sutter wrote:
> On Thu, Aug 28, 2025 at 02:53:29PM +0200, Pablo Neira Ayuso wrote:
> > Hi Phil,
> >
> > I know this is applied, but one late question.
> >
> > On Wed, Aug 13, 2025 at 07:07:19PM +0200, Phil Sutter wrote:
> > > @@ -806,6 +815,29 @@ static int table_parse_udata_cb(const struct nftnl_udata *attr, void *data)
> > > return 0;
> > > }
> > >
> > > +static int version_cmp(const struct nftnl_udata **ud)
> > > +{
> > > + const char *udbuf;
> > > + size_t i;
> > > +
> > > + /* netlink attribute lengths checked by table_parse_udata_cb() */
> > > + if (ud[NFTNL_UDATA_TABLE_NFTVER]) {
> > > + udbuf = nftnl_udata_get(ud[NFTNL_UDATA_TABLE_NFTVER]);
> > > + for (i = 0; i < sizeof(nftversion); i++) {
> > > + if (nftversion[i] != udbuf[i])
> > > + return nftversion[i] - udbuf[i];
> > > + }
> > > + }
> > > + if (ud[NFTNL_UDATA_TABLE_NFTBLD]) {
> > > + udbuf = nftnl_udata_get(ud[NFTNL_UDATA_TABLE_NFTBLD]);
> > > + for (i = 0; i < sizeof(nftbuildstamp); i++) {
> > > + if (nftbuildstamp[i] != udbuf[i])
> > > + return nftbuildstamp[i] - udbuf[i];
> > > + }
> > > + }
> >
> > One situation I was considering:
> >
> > 1.0.6.y (build today) in the host
> > 1.1.5 (build n days ago) in the container
> >
> > This will display the warning.
> >
> > I suggested to use build time only when version is the same?
> >
> > If the scenario is nftables in the host injects tables into container,
> > then host binary will likely be updated more often.
> >
> > IIUC, the build time here will actually determine when the warning is
> > emitted, regardless the version.
>
> It should not:
>
> Here's version_cmp() pseudo-code:
>
> | for attr in NFTNL_UDATA_TABLE_NFTVER, NFTNL_UDATA_TABLE_NFTBLD:
> | for idx in len(attr):
> | if local_data[idx] != attr[idx]:
> | return local_data[idx] - attr[idx];
>
> This algorithm considers following bytes only if all previous ones were
> identical. Precedence is from highest order version bytes to lowest
> order build bytes (data is therefore stored in Big Endian).
>
> So your version 1.1.5 will always be "newer" than 1.0.6.y, no matter the
> build date, due to minor version 1 > 0.
Ah, I misread this smart function, thanks for clarifying.
next prev parent reply other threads:[~2025-08-28 14:45 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-13 17:07 [nft PATCH] table: Embed creating nft version into userdata Phil Sutter
2025-08-13 17:21 ` Phil Sutter
2025-08-27 22:46 ` Pablo Neira Ayuso
2025-08-28 10:48 ` Phil Sutter
2025-08-28 12:53 ` Pablo Neira Ayuso
2025-08-28 13:53 ` Phil Sutter
2025-08-28 14:45 ` Pablo Neira Ayuso [this message]
2025-09-08 12:03 ` Pablo Neira Ayuso
2025-09-08 12:07 ` Pablo Neira Ayuso
-- strict thread matches above, loose matches on Subject: below --
2025-08-08 12:46 Phil Sutter
2025-08-11 18:58 ` Pablo Neira Ayuso
2025-08-12 13:06 ` Phil Sutter
2025-08-12 13:17 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aLBrmD240kxqrNPr@calendula \
--to=pablo@netfilter.org \
--cc=danwinship@redhat.com \
--cc=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=phil@nwl.cc \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.