From: Thomas Graf <tgraf@infradead.org>
To: Jan Engelhardt <jengelh@medozas.de>
Cc: Patrick McHardy <kaber@trash.net>,
"David S. Miller" <davem@davemloft.net>,
pablo@netfilter.org, netdev@vger.kernel.org
Subject: Re: Netlink limitations
Date: Tue, 9 Nov 2010 16:40:39 -0500 [thread overview]
Message-ID: <20101109214039.GA11005@canuck.infradead.org> (raw)
In-Reply-To: <alpine.LNX.2.01.1011092113420.10710@obet.zrqbmnf.qr>
On Tue, Nov 09, 2010 at 09:20:09PM +0100, Jan Engelhardt wrote:
> What's more, there is no way to specify a remote host in sockaddr_nl
> right now, so all communication is necessarily being local - that is,
> unless you add a hidden forwarder in kernel space that transparently
> tunnels it into IPv6 or something.
That's fine. I don't expect the kernel to send netlink message to
other machines directly but rather have a userspace daemon handle
this.
> I do not believe that encoding the attribute type into the protocol
> itself is going to be such a big win. You still need a local
> authoritative database (struct nla_policy[] or some representation of
> it, nevermind I'm thinking "XML-DTD"-like) to do the verification
> against because some NL messages may be purposely forged. If you have
> an nlattr that says it is a string, how do you know that it is in
> fact a string rather than a blob that happens to have a trailing \0.
True, we will never be able to verify the contents of attributes but
what we can do is give the sender the ability to specify what type of
attribute he was meant to send. This can be a big advantage as it
limits the possibliy of misinterpreting messages which may have been
corrupted because we can match the expected attribute type against
the attribute type supplied by the sender. Of course this doesn't
protect against forged messages at all, we will never be able to do
that.
The addition won't be a revolution but it the increased header size,
8 vs. 12 bytes isn't a big deal and gives us some additional room to
work with in the future.
struct nlattr_ext {
u16 oldlen; /* 0 */
u16 kind; /* TCA_* */
u8 type; /* NLA_U32 */
u8 flags; /* NLA_F_* */
u16 reserved;
u32 length;
};
There has been more than one debate whether to share nla_policy between
kernel and userspace. There is nothing which prevents people from doing
so. But typically the semantics between kernel->userspace and vice versa
are slightly different and require a different policy to be applied.
next prev parent reply other threads:[~2010-11-09 21:41 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-07 16:44 Netlink limitations Jan Engelhardt
2010-11-07 17:17 ` Patrick McHardy
2010-11-08 15:16 ` Thomas Graf
2010-11-08 19:21 ` Jan Engelhardt
2010-11-08 23:36 ` Pablo Neira Ayuso
2010-11-09 9:27 ` Patrick McHardy
2010-11-09 14:49 ` Thomas Graf
2010-11-09 20:20 ` Jan Engelhardt
2010-11-09 21:40 ` Thomas Graf [this message]
2010-11-09 22:02 ` Jan Engelhardt
2010-11-09 23:35 ` Thomas Graf
2010-11-09 23:42 ` Jan Engelhardt
2010-11-09 23:54 ` Thomas Graf
2010-11-09 11:58 ` Jan Engelhardt
2010-11-09 12:10 ` Jan Engelhardt
2010-11-09 12:24 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20101109214039.GA11005@canuck.infradead.org \
--to=tgraf@infradead.org \
--cc=davem@davemloft.net \
--cc=jengelh@medozas.de \
--cc=kaber@trash.net \
--cc=netdev@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).