All of lore.kernel.org
 help / color / mirror / Atom feed
From: Donald Hunter <donald.hunter@gmail.com>
To: Florian Westphal <fw@strlen.de>
Cc: <netdev@vger.kernel.org>,  <netfilter-devel@vger.kernel.org>
Subject: Re: [PATCH net-next] netlink: specs: add ctnetlink dump and stats dump support
Date: Fri, 07 Feb 2025 15:03:14 +0000	[thread overview]
Message-ID: <m2ed09yez1.fsf@gmail.com> (raw)
In-Reply-To: <20250207120516.17002-1-fw@strlen.de> (Florian Westphal's message of "Fri, 7 Feb 2025 13:05:11 +0100")

Florian Westphal <fw@strlen.de> writes:

> This adds support to dump the connection tracking table
> ("conntrack -L") and the conntrack statistics, ("conntrack -S").
>
> Example conntrack dump:
> tools/net/ynl/pyynl/cli.py --spec Documentation/netlink/specs/ctnetlink.yaml --dump ctnetlink-get
> [{'id': 59489769,
>   'mark': 0,
>   'nfgen-family': 2,
>   'protoinfo': {'protoinfo-tcp': {'tcp-flags-original': {'flags': {'maxack',
>                                                                    'sack-perm',
>                                                                    'window-scale'},
>                                                          'mask': set()},
>                                   'tcp-flags-reply': {'flags': {'maxack',
>                                                                 'sack-perm',
>                                                                 'window-scale'},
>                                                       'mask': set()},
>                                   'tcp-state': 'established',
>                                   'tcp-wscale-original': 7,
>                                   'tcp-wscale-reply': 8}},
>   'res-id': 0,
>   'secctx': {'secctx-name': 'system_u:object_r:unlabeled_t:s0'},
>   'status': {'assured',
>              'confirmed',
>              'dst-nat-done',
>              'seen-reply',
>              'src-nat-done'},
>   'timeout': 431949,
>   'tuple-orig': {'tuple-ip': {'ip-v4-dst': '34.107.243.93',
>                               'ip-v4-src': '192.168.0.114'},
>                  'tuple-proto': {'proto-dst-port': 443,
>                                  'proto-num': 6,
>                                  'proto-src-port': 37104}},
>   'tuple-reply': {'tuple-ip': {'ip-v4-dst': '192.168.0.114',
>                                'ip-v4-src': '34.107.243.93'},
>                   'tuple-proto': {'proto-dst-port': 37104,
>                                   'proto-num': 6,
>                                   'proto-src-port': 443}},
>   'use': 1,
>   'version': 0},
>  {'id': 3402229480,
>
> Example stats dump:
> tools/net/ynl/pyynl/cli.py --spec Documentation/netlink/specs/ctnetlink.yaml --dump ctnetlink-stats-get
> [{'chain-toolong': 0,
>   'clash-resolve': 3,
>   'drop': 0,
>  ....
>
> Signed-off-by: Florian Westphal <fw@strlen.de>
> ---
>  Documentation/netlink/specs/ctnetlink.yaml | 582 +++++++++++++++++++++
>  1 file changed, 582 insertions(+)
>  create mode 100644 Documentation/netlink/specs/ctnetlink.yaml

Can you change the filename to conntrack.yaml so that it matches the
family name. This helps ./tools/net/ynl/pyynl/cli.py --list-families
which is based on the filenames. It's also redundant to say netlink in
the filename since it is in the netlink/specs directory.

...

> +attribute-sets:
> +  -
> +    name: ctnetlink-counter-attrs

Not sure the ctnetlink- prefix is needed in all the attribute-set names.
I'd suggest keeping a prefix only for the toplevel attriubtes but change
the prefix to conntrack- for consistency.

...

> +  -
> +    name: ctnetlink-attrs
> +    attributes:

...

> +operations:
> +  enum-model: directional
> +  list:
> +    -
> +      name: ctnetlink-get

My preference is to drop the ctnetlink- prefix from the op names, to be
consistent with the other netlink specs.

> +      doc: get / dump entries
> +      attribute-set: ctnetlink-attrs
> +      fixed-header: nfgenmsg
> +      do:
> +        request:
> +          value: 0x101
> +          attributes:
> +            - name
> +        reply:
> +          value: 0x100
> +          attributes:
> +            - name

The usage is not specified correctly. You give a dump example so there
should be a dump: definition. The reply attributes should be enumerated.
If do: is supported then the request attributes should be enumerated.

Same for stats-get below.

> +    -
> +      name: ctnetlink-stats-get
> +      doc: dump pcpu conntrack stats
> +      attribute-set: ctnetlink-stats-attrs
> +      fixed-header: nfgenmsg
> +      do:
> +        request:
> +          value: 0x104
> +          attributes:
> +            - name
> +        reply:
> +          value: 0x104
> +          attributes:
> +            - name
> +

Thanks,
Donald.

      reply	other threads:[~2025-02-07 15:03 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-02-07 12:05 [PATCH net-next] netlink: specs: add ctnetlink dump and stats dump support Florian Westphal
2025-02-07 15:03 ` Donald Hunter [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=m2ed09yez1.fsf@gmail.com \
    --to=donald.hunter@gmail.com \
    --cc=fw@strlen.de \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.