From: jamal <hadi@cyberus.ca>
To: Shailabh Nagar <nagar@watson.ibm.com>
Cc: James Morris <jmorris@namei.org>,
Per Liden <per.liden@ericsson.com>, Jay Lan <jlan@engr.sgi.com>,
Thomas Graf <tgraf@suug.ch>,
"David S. Miller" <davem@davemloft.net>,
netdev@vger.kernel.org
Subject: Re: [DOC]: generic netlink
Date: Tue, 20 Jun 2006 09:19:12 -0400 [thread overview]
Message-ID: <1150809552.5270.5.camel@jzny2> (raw)
In-Reply-To: <4496C98E.8030407@watson.ibm.com>
On Mon, 2006-19-06 at 11:58 -0400, Shailabh Nagar wrote:
> jamal wrote:
[..]
> But I'm not too clear about what are the advantages of trying to limit the
> number of commands registered by a given exploiter of genetlink (say TIPC or taskstats),
> other than the conventional usage of netlink.
>
> e.g in the taskstats code, userspace needs to GET data on a per-pid and per-tgid basis
> from the kernel and supplies the specific pid or tgid. We could either have registered
> two commands (say GET_PID and GET_TGID) and then the parsing of the supplied uint32 would
> be implicit in the command. But we went with the model where we have only one GET command
> and the type of the parameter is specified via netlink attributes.
The idea is for fine grain access control(ACL) of what user process can
do (as managed by SELinux not genetlink). As an example even in your
case, you may wanna allow user program "shailab1" to be able to get
information on a groupid but not pid. We should be able to add that
level of granularity easily since we have flags per command.
> In our case, it didn't matter and since the type of data returned is very similar and so is
> the parameter supplied (pid/tgid), one GET suffices. But I'm wondering if userspace should
> consciously try and limit the commands or would it be better from a performance standpoint,
> to permit a reasonably larger "fan-out" to happen at the genetlink command level (for each exploiter).
> I guess this introduces more overhead for in-kernel structures (the linked list of command structures
> that needs to be kept around) while saving time on doing a second level of parsing within the
> exploiter-defined function that services the GET command.
>
> The "small" set model looks like a good compromise. Reducing number of commands to one is not a good
> idea IMHO....for reasons similar to why ioctl type syscalls aren't encouraged...since the genetlink
> layer anyway has code for demultiplexing, might as well use it and avoid an extra level of indirection.
>
indeed.
cheers,
jamal
next prev parent reply other threads:[~2006-06-20 13:19 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-06-19 13:41 [DOC]: generic netlink jamal
2006-06-19 15:13 ` James Morris
2006-06-19 15:28 ` jamal
2006-06-19 15:54 ` James Morris
2006-06-20 12:59 ` jamal
2006-06-19 15:58 ` Shailabh Nagar
2006-06-20 13:19 ` jamal [this message]
2006-06-19 22:37 ` Shailabh Nagar
2006-06-20 14:50 ` jamal
2006-07-11 23:57 ` Randy.Dunlap
2006-07-12 11:30 ` Jamal Hadi Salim
2006-07-12 15:16 ` Shailabh Nagar
2006-06-20 8:02 ` Thomas Graf
2006-06-20 15:01 ` jamal
2006-06-20 21:34 ` Thomas Graf
2006-06-22 19:07 ` jamal
2006-07-13 17:50 ` Randy.Dunlap
2006-07-14 11:43 ` Jamal Hadi Salim
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1150809552.5270.5.camel@jzny2 \
--to=hadi@cyberus.ca \
--cc=davem@davemloft.net \
--cc=jlan@engr.sgi.com \
--cc=jmorris@namei.org \
--cc=nagar@watson.ibm.com \
--cc=netdev@vger.kernel.org \
--cc=per.liden@ericsson.com \
--cc=tgraf@suug.ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).