Re: [net-next,v7,3/5] doc/netlink: nftables: Update attribute sets

public inbox for netdev@vger.kernel.org
 help / color / mirror / Atom feed

From: Jakub Kicinski <kuba@kernel.org>
To: one-d-wide@protonmail.com
Cc: Jakub Kicinski <kuba@kernel.org>,
	phil@nwl.cc, netfilter-devel@vger.kernel.org,
	netdev@vger.kernel.org, pablo@netfilter.org,
	coreteam@netfilter.org, fw@strlen.de, donald.hunter@gmail.com
Subject: Re: [net-next,v7,3/5] doc/netlink: nftables: Update attribute sets
Date: Mon,  2 Feb 2026 19:19:02 -0800	[thread overview]
Message-ID: <20260203031902.934664-1-kuba@kernel.org> (raw)
In-Reply-To: <20260202093928.742879-4-one-d-wide@protonmail.com>

This is an AI-generated review of your patch. The human sending this
email has considered the AI review valid, or at least plausible.

For local reproduction steps see https://netdev-ai.bots.linux.dev/ai-local.html
---
doc/netlink: nftables: Update attribute sets

This commit adds new attribute sets (log-attrs, numgen-attrs, range-attrs,
compat-target-attrs, compat-match-attrs, compat-attrs), adds missing
attributes and checks, and fixes byte-order annotations for the nftables
netlink specification.

> diff --git a/Documentation/netlink/specs/nftables.yaml b/Documentation/netlink/specs/nftables.yaml
> index f15f825cb3a1..2ddf89c70124 100644
> --- a/Documentation/netlink/specs/nftables.yaml
> +++ b/Documentation/netlink/specs/nftables.yaml

[ ... ]

> +  -
> +    name: range-attrs
> +    attributes:
> +      # Mentioned in net/netfilter/nft_range.c
> +      -
> +        name: sreg
> +        doc: source register of data to compare
> +        type: u32
> +        byte-order: big-endian
> +        enum: registers
> +      -
> +        name: op
> +        doc: cmp operation
> +        type: u32
> +        byte-order: big-endian
> +        enum: range-ops
> +        checks:
> +          max: 256

Should this be max: 255? Looking at nft_range_init() in net/netfilter/nft_range.c,
the kernel uses nft_parse_u32_check(tb[NFTA_RANGE_OP], U8_MAX, &op), where U8_MAX
is 255. This spec would allow 256 which the kernel rejects with -ERANGE.

[ ... ]

> +  -
> +    name: compat-target-attrs
> +    header: linux/netfilter/nf_tables_compat.h
> +    attributes:
> +      -
> +        name: name
> +        type: string
> +        checks:
> +          max-len: 32
> +      -
> +        name: rev
> +        type: u32
> +        byte-order: big-endian
> +      -
> +        name: info
> +        type: binary
> +  -
> +    name: compat-match-attrs
> +    header: linux/netfilter/nf_tables_compat.h
> +    attributes:
> +      -
> +        name: name
> +        type: string
> +        checks:
> +          max-len: 32
> +      -
> +        name: rev
> +        type: u32
> +        byte-order: big-endian
> +        checks:
> +          max: 255

Should compat-target-attrs also have checks: max: 255 for its rev field? The
kernel's nft_target_policy uses NLA_POLICY_MAX(NLA_BE32, 255) for NFTA_TARGET_REV,
same as compat-match-attrs, but compat-target-attrs rev field above is missing
this check.
-- 
pw-bot: cr

next prev parent reply	other threads:[~2026-02-03  3:19 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-02-02  9:40 [PATCH net-next v7 0/5] doc/netlink: Expand nftables specification Remy D. Farley
2026-02-02  9:40 ` [PATCH net-next v7 1/5] doc/netlink: netlink-raw: Add max check Remy D. Farley
2026-02-02  9:40 ` [PATCH net-next v7 2/5] doc/netlink: nftables: Add definitions Remy D. Farley
2026-02-03  9:04   ` Donald Hunter
2026-02-02  9:41 ` [PATCH net-next v7 3/5] doc/netlink: nftables: Update attribute sets Remy D. Farley
2026-02-03  3:19   ` Jakub Kicinski [this message]
2026-02-02  9:41 ` [PATCH net-next v7 4/5] doc/netlink: nftables: Add sub-messages Remy D. Farley
2026-02-02  9:41 ` [PATCH net-next v7 5/5] doc/netlink: nftables: Fill out operation attributes Remy D. Farley
2026-02-03  3:19   ` [net-next,v7,5/5] " Jakub Kicinski

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260203031902.934664-1-kuba@kernel.org \
    --to=kuba@kernel.org \
    --cc=coreteam@netfilter.org \
    --cc=donald.hunter@gmail.com \
    --cc=fw@strlen.de \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=one-d-wide@protonmail.com \
    --cc=pablo@netfilter.org \
    --cc=phil@nwl.cc \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox