From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
Cc: Vincent Sanders <vincent.sanders@collabora.co.uk>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
"David S. Miller" <davem@davemloft.net>,
Alban Crequy <alban.crequy@collabora.co.uk>
Subject: Re: [PATCH net-next 13/15] netfilter: nfdbus: Add D-bus message parsing
Date: Wed, 4 Jul 2012 19:30:47 +0200 [thread overview]
Message-ID: <20120704173047.GA8864@1984> (raw)
In-Reply-To: <4FF1C1AF.9080104@collabora.co.uk>
On Mon, Jul 02, 2012 at 05:43:43PM +0200, Javier Martinez Canillas wrote:
> On 06/29/2012 07:11 PM, Pablo Neira Ayuso wrote:
> > On Fri, Jun 29, 2012 at 05:45:52PM +0100, Vincent Sanders wrote:
> >> From: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
> >>
> >> The netfilter D-Bus module needs to parse D-bus messages sent by
> >> applications to decide whether a peer can receive or not a D-Bus
> >> message. Add D-bus message parsing logic to be able to analyze.
> >
> > Not talking about the entire patchset, only about the part I'm
> > responsible for.
> >
> > I don't see why you think this belong to netfilter at all.
> >
> > This doesn't integrate into the existing filtering infrastructure,
> > neither it extends it in any way.
> >
>
> Hello Pablo,
>
> Thanks a lot for your feedback.
>
> This is the first of a set of patches that adds a netfilter module to parse
> D-Bus messages, the complete patch-set is:
>
> [PATCH 13/15] netfilter: nfdbus: Add D-bus message parsing
> [PATCH 14/15] netfilter: nfdbus: Add D-bus match rule implementation
> [PATCH 15/15] netfilter: add netfilter D-Bus module
>
> patches 13 and 14 just include D-Bus helper code to be used by the netfilter
> module (added on patch 15) and specially the dbus_filter netfilter hook function.
I see, the use of the netfilter hooks seems to be the only reason why
you consider these chunks belong to netfilter.
> For the next post version we will reorganize the patches so first the D-Bus
> netfilter module is added with an empty dbus_filter function and then added the
> D-Bus helper code.
>
> Also, we will move the nfdbus netfilter module to net/bus so is not inside the
> netfilter core code.
Yes, please, remove this stuff from my directory tree, I believe this
filtering infrastructure has not much to do with Netfilter itself.
It uses the connector to communicate kernel <-> userspace instead of
nfnetlink and, as said, it does neither integrate into existing
filtering kernel/userspace infrastructure nor integrates into it.
So, please, if you plan to give another try to this patchset, move
this to your net/bus directory as you propose and find a different
(better) name for the filtering part (just to avoid confusion in the
future).
Thanks.
next prev parent reply other threads:[~2012-07-04 17:30 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-06-29 16:45 AF_BUS socket address family Vincent Sanders
2012-06-29 16:45 ` [PATCH net-next 01/15] net: bus: Add " Vincent Sanders
2012-06-29 16:45 ` [PATCH net-next 02/15] net: bus: Add documentation for AF_BUS Vincent Sanders
2012-06-29 16:45 ` [PATCH net-next 03/15] net: bus: Add AF_BUS socket and address definitions Vincent Sanders
2012-06-29 16:45 ` [PATCH net-next 04/15] security: Add Linux Security Modules hook for AF_BUS sockets Vincent Sanders
2012-07-09 3:32 ` James Morris
2012-07-09 18:02 ` Paul Moore
2012-06-29 16:45 ` [PATCH net-next 05/15] security: selinux: Add AF_BUS socket SELinux hooks Vincent Sanders
2012-07-09 18:38 ` Paul Moore
2012-06-29 16:45 ` [PATCH net-next 06/15] netfilter: Add NFPROTO_BUS hook constant for AF_BUS socket family Vincent Sanders
2012-07-01 2:15 ` Jan Engelhardt
2012-06-29 16:45 ` [PATCH net-next 07/15] scm: allow AF_BUS sockets to send ancillary data Vincent Sanders
2012-06-29 16:45 ` [PATCH net-next 08/15] net: bus: Add implementation of Bus domain sockets Vincent Sanders
2012-06-29 16:45 ` [PATCH net-next 09/15] net: bus: Add garbage collector for AF_BUS sockets Vincent Sanders
2012-07-02 17:44 ` Ben Hutchings
2012-07-03 12:11 ` Alban Crequy
2012-06-29 16:45 ` [PATCH net-next 10/15] net: bus: Add the AF_BUS socket address family to KBuild Vincent Sanders
2012-06-29 16:45 ` [PATCH net-next 11/15] netlink: connector: implement cn_netlink_reply Vincent Sanders
2012-06-29 16:45 ` [PATCH net-next 12/15] netlink: connector: Add idx and val identifiers for netfilter D-Bus Vincent Sanders
2012-06-29 16:45 ` [PATCH net-next 13/15] netfilter: nfdbus: Add D-bus message parsing Vincent Sanders
2012-06-29 17:11 ` Pablo Neira Ayuso
2012-07-02 15:43 ` Javier Martinez Canillas
2012-07-04 17:30 ` Pablo Neira Ayuso [this message]
2012-07-05 17:54 ` Javier Martinez Canillas
2012-06-29 16:45 ` [PATCH net-next 14/15] netfilter: nfdbus: Add D-bus match rule implementation Vincent Sanders
2012-06-29 16:45 ` [PATCH net-next 15/15] netfilter: add netfilter D-Bus module Vincent Sanders
2012-06-29 18:16 ` AF_BUS socket address family Chris Friesen
2012-06-29 19:33 ` Ben Hutchings
2012-06-29 18:45 ` Casey Schaufler
2012-06-29 23:22 ` Vincent Sanders
2012-06-29 22:36 ` David Miller
2012-06-29 23:12 ` Vincent Sanders
2012-06-29 23:18 ` David Miller
2012-06-29 23:42 ` Vincent Sanders
2012-06-29 23:50 ` David Miller
2012-06-30 0:09 ` Vincent Sanders
2012-06-30 13:12 ` Alan Cox
2012-07-01 0:33 ` David Miller
2012-07-01 14:16 ` Alan Cox
2012-07-01 21:45 ` David Miller
2012-06-30 0:13 ` Benjamin LaHaise
2012-06-30 12:52 ` Alan Cox
2012-07-02 14:51 ` Vincent Sanders
2012-07-02 4:49 ` Chris Friesen
2012-07-05 21:06 ` Jan Engelhardt
2012-07-06 18:27 ` Chris Friesen
2012-06-30 20:41 ` Hans-Peter Jansen
2012-07-02 16:46 ` Alban Crequy
2012-07-05 7:59 ` Linus Walleij
2012-07-05 16:01 ` Daniel Walker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120704173047.GA8864@1984 \
--to=pablo@netfilter.org \
--cc=alban.crequy@collabora.co.uk \
--cc=davem@davemloft.net \
--cc=javier.martinez@collabora.co.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=vincent.sanders@collabora.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).