From: Michal Kubecek <mkubecek@suse.cz>
To: netdev@vger.kernel.org
Cc: Thomas Haller <thaller@redhat.com>,
"David S. Miller" <davem@davemloft.net>,
Johannes Berg <johannes@sipsolutions.net>,
David Ahern <dsahern@gmail.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH net-next v2 3/3] netlink: add validation of NLA_F_NESTED flag
Date: Tue, 23 Jul 2019 11:09:08 +0200 [thread overview]
Message-ID: <20190723090908.GA2204@unicorn.suse.cz> (raw)
In-Reply-To: <0fc58a4883f6656208b9250876e53d723919e342.camel@redhat.com>
On Tue, Jul 23, 2019 at 10:57:54AM +0200, Thomas Haller wrote:
> Does this flag and strict validation really provide any value?
> Commonly a netlink message is a plain TLV blob, and the meaning
> depends entirely on the policy.
>
> What I mean is that for example
>
> NLA_PUT_U32 (msg, ATTR_IFINDEX, (uint32_t) ifindex)
> NLA_PUT_STRING (msg, ATTR_IFNAME, "net")
>
> results in a 4 bytes payload that does not encode whether the data is
> a number or a string.
>
> Why is it valuable in this case to encode additional type information
> inside the message, when it's commonly not done and also not
> necessary?
One big advantage of having nested attributes explicitly marked is that
it allows parsers not aware of the semantics to recognize nested
attributes and parse their inner structure.
This is very important e.g. for debugging purposes as without the flag,
wireshark can only recurse into nested attributes if it understands the
protocol and knows they are nested, otherwise it displays them only as
an opaque blob (which is what happens for most netlink based protocols).
Another example is mnl_nlmsg_fprintf() function from libmnl which is
also a valuable debugging aid but without NLA_F_NESTED flags it cannot
show message structure properly.
Michal Kubecek
next prev parent reply other threads:[~2019-07-23 9:09 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-02 14:15 [PATCH net-next v2 0/3] netlink: strict attribute checking follow-up Michal Kubecek
2019-05-02 14:15 ` [PATCH net-next v2 1/3] genetlink: do not validate dump requests if there is no policy Michal Kubecek
2019-05-02 14:15 ` [PATCH net-next v2 2/3] netlink: set bad attribute also on maxtype check Michal Kubecek
2019-05-02 14:15 ` [PATCH net-next v2 3/3] netlink: add validation of NLA_F_NESTED flag Michal Kubecek
2019-05-02 15:30 ` Johannes Berg
2019-05-02 22:56 ` David Ahern
2019-07-23 8:57 ` Thomas Haller
2019-07-23 9:09 ` Michal Kubecek [this message]
2019-07-23 9:28 ` Thomas Haller
2019-07-25 2:46 ` David Ahern
2019-07-23 18:02 ` Stephen Hemminger
2019-07-23 18:17 ` Johannes Berg
2019-05-04 5:27 ` [PATCH net-next v2 0/3] netlink: strict attribute checking follow-up David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190723090908.GA2204@unicorn.suse.cz \
--to=mkubecek@suse.cz \
--cc=davem@davemloft.net \
--cc=dsahern@gmail.com \
--cc=johannes@sipsolutions.net \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=thaller@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox