From: jamal <hadi@cyberus.ca>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>,
Masahide NAKAMURA <nakam@linux-ipv6.org>,
Patrick McHardy <kaber@trash.net>, netdev <netdev@oss.sgi.com>
Subject: Re: [7/7] [IPSEC] Add XFRMA_SA/XFRMA_POLICY for delete notification
Date: Sun, 08 May 2005 20:06:39 -0400 [thread overview]
Message-ID: <1115597200.19561.215.camel@localhost.localdomain> (raw)
In-Reply-To: <20050508214049.GA14415@gondor.apana.org.au>
On Mon, 2005-09-05 at 07:40 +1000, Herbert Xu wrote:
> On Sun, May 08, 2005 at 09:56:33AM -0400, jamal wrote:
> >
> > Why would someone need to deduce whether it has been deleted by index or
> > selector?
>
> It isn't just about deducing the message. It's about sending a delete
> message in the same format as we would receive them. As it is the
> delete message sent would be not be accepted if you sent it back to the
>
If you enumerate all netlink messages, you will see this is not always
the case. It is a nice but not a necessary condition; infact, not even
what you generate with that patch is _the same_ message that was sent
(you add new TLVs in the response that didnt exist in user->kernel).
What is necessary is that if i look at the event i know exactly what was
deleted. If i have such detail, i can build the message that was sent
from user->kernel to delete the object (because i know exactly what was
deleted).
As an example:
I can derive the xfrm_usersa_id that was sent to the kernel if the event
sent me xfrm_usersa_info and therefore build the same a message that
will delete _exactly_ the same object.
It does get worse on occasion (I can point at tc filters) - where you
really cant derive the deleted object.
> > If yes, how do you distinguish the two cases when you are sending the
> > netlink event?
>
> Using the byid attribute that *you* introduced :)
>
Ok, theres no inconsistency then.
> > It doesnt seem to me what you provided in the patch produces exactly the
> > same thing that was sent by user space back in the event.
>
> That's not the point. The point is if you send exactly the same
> message to the kernel, even with the RTAs attached, the kernel
> would accept it and perform the deletion if there is a matching
> policy.
So you are depending on the kernel not checking for the extra TLVs you
send?;->
Refer to what i said above.
>
> > Heres what i will say so we can put this to rest:
> > The patch is unneeded (i hate to use strong words like bogus - but it is
> > getting close to that), but if you feel strongly about it just lets have
> > it well documented and provide the iproute2 patch as well.
>
> I'll leave the decision up to Dave.
Like i said: I think its extraneous stuff that is unneeded(what is in
there at the moment is sufficient detail) - but because theres no
inconsistency, i will not squirm in pain if it is included. I am
agreeing to disagree essentially ;->
cheers,
jamal
next prev parent reply other threads:[~2005-05-09 0:06 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-04-05 12:03 PATCH: IPSEC xfrm events jamal
2005-04-05 12:07 ` Herbert Xu
2005-04-05 12:19 ` jamal
2005-04-05 12:24 ` Arnaldo Carvalho de Melo
2005-04-09 10:54 ` [1/4] [IPSEC] Improve xfrm to pfkey SA state conversion Herbert Xu
2005-04-09 11:12 ` [2/4] [IPSEC] Kill spurious hard expire messages Herbert Xu
2005-04-09 11:15 ` [3/4] [IPSEC] Turn km_event.data into a union Herbert Xu
2005-04-10 7:48 ` [4/4] [IPSEC] Set byid for km_event in xfrm_get_policy Herbert Xu
2005-04-10 9:02 ` [5/*] [IPSEC] Use XFRM_MSG_* instead of XFRM_SAP_* Herbert Xu
2005-04-10 9:38 ` [6/*] [IPSEC] Add xfrm_userpolicy_delete for xfrm_user notification Herbert Xu
2005-04-10 14:15 ` [5/*] [IPSEC] Use XFRM_MSG_* instead of XFRM_SAP_* jamal
2005-04-10 21:28 ` Herbert Xu
2005-04-11 5:45 ` Masahide NAKAMURA
2005-04-11 11:26 ` jamal
2005-04-12 8:17 ` Masahide NAKAMURA
2005-04-12 13:37 ` jamal
2005-04-13 5:07 ` Masahide NAKAMURA
2005-04-09 12:30 ` [2/4] [IPSEC] Kill spurious hard expire messages jamal
2005-04-09 19:29 ` Herbert Xu
2005-04-09 20:03 ` Herbert Xu
2005-04-10 14:10 ` jamal
2005-04-10 21:27 ` Herbert Xu
2005-04-11 11:20 ` jamal
2005-04-11 11:30 ` Herbert Xu
2005-04-11 11:57 ` jamal
2005-04-11 12:08 ` Herbert Xu
2005-05-07 7:14 ` [0/7] [IPSEC] IPsec event notification Herbert Xu
2005-05-07 7:18 ` [1/7] [IPSEC] Add complete xfrm " Herbert Xu
2005-05-07 7:18 ` Herbert Xu
2005-05-07 7:19 ` [2/7] [IPSEC] Fix xfrm to pfkey SA state conversion Herbert Xu
2005-05-07 7:20 ` [3/7] [IPSEC] Kill spurious hard expire messages Herbert Xu
2005-05-07 7:21 ` [4/7] [IPSEC] Turn km_event.data into a union Herbert Xu
[not found] ` <20050507072216.GF5753@gondor.apana.org.au>
[not found] ` <20050507072251.GG5753@gondor.apana.org.au>
[not found] ` <20050507072349.GH5753@gondor.apana.org.au>
2005-05-07 12:04 ` [7/7] [IPSEC] Add XFRMA_SA/XFRMA_POLICY for delete notification jamal
2005-05-07 12:25 ` Herbert Xu
2005-05-07 12:46 ` jamal
2005-05-07 19:35 ` Herbert Xu
2005-05-08 13:56 ` jamal
2005-05-08 21:40 ` Herbert Xu
2005-05-09 0:06 ` jamal [this message]
2005-05-07 14:51 ` [1/7] [IPSEC] Add complete xfrm event notification Patrick McHardy
2005-05-07 19:42 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1115597200.19561.215.camel@localhost.localdomain \
--to=hadi@cyberus.ca \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=kaber@trash.net \
--cc=nakam@linux-ipv6.org \
--cc=netdev@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).