From: Thomas Graf <tgraf@infradead.org>
To: Patrick McHardy <kaber@trash.net>
Cc: Jan Engelhardt <jengelh@medozas.de>,
"David S. Miller" <davem@davemloft.net>,
pablo@netfilter.org, netdev@vger.kernel.org
Subject: Re: Netlink limitations
Date: Mon, 8 Nov 2010 10:16:35 -0500 [thread overview]
Message-ID: <20101108151635.GA20629@canuck.infradead.org> (raw)
In-Reply-To: <4CD6DF37.6010800@trash.net>
On Sun, Nov 07, 2010 at 06:17:43PM +0100, Patrick McHardy wrote:
> On 07.11.2010 17:44, Jan Engelhardt wrote:
> > we mentioned it only briefly at the Netfilter workshop a few weeks ago,
> > but as I am trying to figure out how to use Netlink in Xtables,
> > Netlink's limitations really start ruining my day.
> >
> > The well-known issue is that NL messages the kernel is supposed to
> > receive have a max size of 64K, due to nlmsghdr's use of uint16_t. This
> > is very problematic because attributes can easily amass more than 64K.
> > Think of a chain full of rules, represented by a top-level attribute
> > that nests attributes. The problem is bidirectional, a table
> > dump has the same problem.
>
> Messages are not limited to 64k, individual attributes are. Holger
> started working on a nlattr32, which uses 32 bit for the length
> value.
Also, it is not required to pack everything in attributes. Your protocol
may specify that the whole message payload consists of chained attributes.
Alternatively you may as well split your attribut chain and dump them
as several messages.
If a large attribute container for nested attribtues is required, I agree
that nlattr32 is the way to go.
> That's somewhat similar to the nlattr32 idea, but a length of 0 makes
> more sense since that's currently not used. In that case the length
> would be read from a second length field which has 32 bits.
I agree. This makes perfect sense. I was just thinking wheter we want
to encode more information into the attribute header if we extend it
anyways.
next prev parent reply other threads:[~2010-11-08 15:16 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-07 16:44 Netlink limitations Jan Engelhardt
2010-11-07 17:17 ` Patrick McHardy
2010-11-08 15:16 ` Thomas Graf [this message]
2010-11-08 19:21 ` Jan Engelhardt
2010-11-08 23:36 ` Pablo Neira Ayuso
2010-11-09 9:27 ` Patrick McHardy
2010-11-09 14:49 ` Thomas Graf
2010-11-09 20:20 ` Jan Engelhardt
2010-11-09 21:40 ` Thomas Graf
2010-11-09 22:02 ` Jan Engelhardt
2010-11-09 23:35 ` Thomas Graf
2010-11-09 23:42 ` Jan Engelhardt
2010-11-09 23:54 ` Thomas Graf
2010-11-09 11:58 ` Jan Engelhardt
2010-11-09 12:10 ` Jan Engelhardt
2010-11-09 12:24 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20101108151635.GA20629@canuck.infradead.org \
--to=tgraf@infradead.org \
--cc=davem@davemloft.net \
--cc=jengelh@medozas.de \
--cc=kaber@trash.net \
--cc=netdev@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).