Re: [PATCH 0/7] netlink recursive policy validation

linux-wireless.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Johannes Berg <johannes@sipsolutions.net>
To: linux-wireless@vger.kernel.org, netdev@vger.kernel.org
Subject: Re: [PATCH 0/7] netlink recursive policy validation
Date: Wed, 19 Sep 2018 14:15:09 +0200	[thread overview]
Message-ID: <1537359309.10305.39.camel@sipsolutions.net> (raw)
In-Reply-To: <20180919120900.28708-1-johannes@sipsolutions.net> (sfid-20180919_140946_949394_5F70870F)

Below is an example of a policy I just built using this.

This may seem rather complex, but that's because the problem is complex
- we want to be able to measure multiple different things (currently
only FTM though) with different peers, and some attributes are shared
(like channel, MAC address) whereas others are method-specific...

I'm sticking all of the measurement request into a single top-level
nl80211 attribute (NL80211_ATTR_PEER_MEASUREMENTS), then in there you
specify global parameters (elided) as well as an array of peers.

Each peer again contains some method-independent parameters (only "CHAN"
shown), as well as request data, which has some parts that are common
and some that are method dependent (yet another nesting level).

All of this gets validated - with the channel data exception in the
comment below - entirely without ever writing another line of code for
it. Yes, we'll still have to write some code to actually use it, but
then we need to worry much less about formatting there.

johannes


static const struct nla_policy
nl80211_pmsr_ftm_req_attr_policy[NL80211_PMSR_FTM_REQ_ATTR_MAX + 1] = {
/* ... */
};

static const struct nla_policy
nl80211_pmsr_req_data_policy[NL80211_PMSR_TYPE_MAX + 1] = {
	[NL80211_PMSR_TYPE_FTM] =
		NLA_POLICY_NESTED(NL80211_PMSR_FTM_REQ_ATTR_MAX,
				  nl80211_pmsr_ftm_req_attr_policy),
};

static const struct nla_policy
nl80211_pmsr_req_attr_policy[NL80211_PMSR_REQ_ATTR_MAX + 1] = {
	[NL80211_PMSR_REQ_ATTR_DATA] =
		NLA_POLICY_NESTED(NL80211_PMSR_TYPE_MAX,
				  nl80211_pmsr_req_data_policy),
/* ... */
};

static const struct nla_policy
nl80211_psmr_peer_attr_policy[NL80211_PMSR_PEER_ATTR_MAX + 1] = {
	/*
	 * we could specify this again to be the top-level policy,
	 * but that would open us up to recursion problems ...
	 */
	[NL80211_PMSR_PEER_ATTR_CHAN] = { .type = NLA_NESTED },
	[NL80211_PMSR_PEER_ATTR_REQ] =
		NLA_POLICY_NESTED(NL80211_PMSR_REQ_ATTR_MAX,
				  nl80211_pmsr_req_attr_policy),
/* ... */
};

static const struct nla_policy
nl80211_pmsr_attr_policy[NL80211_PMSR_ATTR_MAX + 1] = {
	[NL80211_PMSR_ATTR_PEERS] =
		NLA_POLICY_NESTED_ARRAY(NL80211_PMSR_PEER_ATTR_MAX,
					nl80211_psmr_peer_attr_policy),
/* ... */
};

static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
/* ... */
	[NL80211_ATTR_PEER_MEASUREMENTS] =
		NLA_POLICY_NESTED(NL80211_PMSR_FTM_REQ_ATTR_MAX,
				  nl80211_pmsr_attr_policy),
};

     prev parent reply	other threads:[~2018-09-19 17:53 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-09-19 12:08 [PATCH 0/7] netlink recursive policy validation Johannes Berg
2018-09-19 12:08 ` [PATCH 1/7] netlink: remove NLA_NESTED_COMPAT Johannes Berg
2018-09-19 12:08 ` [PATCH 2/7] netlink: make validation_data const Johannes Berg
2018-09-19 16:21   ` David Ahern
2018-09-19 12:08 ` [PATCH 3/7] netlink: set extack error message in nla_validate() Johannes Berg
2018-09-19 16:20   ` David Ahern
2018-09-19 16:31     ` Johannes Berg
2018-09-19 12:08 ` [PATCH 4/7] netlink: combine validate/parse functions Johannes Berg
2018-09-19 12:08 ` [PATCH 5/7] netlink: prepare validate extack setting for recursion Johannes Berg
2018-09-19 16:28   ` David Ahern
2018-09-19 16:36     ` Johannes Berg
2018-09-19 16:44       ` David Ahern
2018-09-19 19:08         ` Marcelo Ricardo Leitner
2018-09-19 19:09           ` Johannes Berg
2018-09-19 12:08 ` [PATCH 6/7] netlink: allow NLA_NESTED to specify nested policy to validate Johannes Berg
2018-09-19 12:09 ` [PATCH 7/7] netlink: add nested array policy validation Johannes Berg
2018-09-19 12:15 ` Johannes Berg [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1537359309.10305.39.camel@sipsolutions.net \
    --to=johannes@sipsolutions.net \
    --cc=linux-wireless@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).