From: Petr Machata <petrm@nvidia.com>
To: <netdev@vger.kernel.org>
Cc: David Ahern <dsahern@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>,
Ido Schimmel <idosch@nvidia.com>,
"Petr Machata" <petrm@nvidia.com>
Subject: [PATCH net-next v2 0/3] nexthop: More fine-grained policies for netlink message validation
Date: Wed, 20 Jan 2021 16:44:09 +0100 [thread overview]
Message-ID: <cover.1611156111.git.petrm@nvidia.com> (raw)
There is currently one policy that covers all attributes for next hop
object management. Actual validation is then done in code, which makes it
unobvious which attributes are acceptable when, and indeed that everything
is rejected as necessary.
In this series, split rtm_nh_policy to several policies that cover various
aspects of the next hop object configuration, and instead of open-coding
the validation, defer to nlmsg_parse(). This should make extending the next
hop code simpler as well, which will be relevant in near future for
resilient hashing implementation.
This was tested by running tools/testing/selftests/net/fib_nexthops.sh.
Additionally iproute2 was tweaked to issue "nexthop list id" as an
RTM_GETNEXTHOP dump request, instead of a straight get to test that
unexpected attributes are indeed rejected.
In patch #1, convert attribute validation in nh_valid_get_del_req().
In patch #2, convert nh_valid_dump_req().
In patch #3, rtm_nh_policy is cleaned up and renamed to rtm_nh_policy_new,
because after the above two patches, that is the only context that it is
used in.
v2:
- Patches #1, #2 and #3:
- Do not specify size of the policy array. Use ARRAY_SIZE instead
of NHA_MAX
- Patch #2:
- Convert manual setting of true to nla_get_flag().
Petr Machata (3):
nexthop: Use a dedicated policy for nh_valid_get_del_req()
nexthop: Use a dedicated policy for nh_valid_dump_req()
nexthop: Specialize rtm_nh_policy
net/ipv4/nexthop.c | 105 +++++++++++++++++++--------------------------
1 file changed, 43 insertions(+), 62 deletions(-)
--
2.26.2
next reply other threads:[~2021-01-20 17:27 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-20 15:44 Petr Machata [this message]
2021-01-20 15:44 ` [PATCH net-next v2 1/3] nexthop: Use a dedicated policy for nh_valid_get_del_req() Petr Machata
2021-01-21 4:26 ` David Ahern
2021-01-20 15:44 ` [PATCH net-next v2 2/3] nexthop: Use a dedicated policy for nh_valid_dump_req() Petr Machata
2021-01-21 4:27 ` David Ahern
2021-01-20 15:44 ` [PATCH net-next v2 3/3] nexthop: Specialize rtm_nh_policy Petr Machata
2021-01-21 4:29 ` David Ahern
2021-01-21 5:10 ` [PATCH net-next v2 0/3] nexthop: More fine-grained policies for netlink message validation patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1611156111.git.petrm@nvidia.com \
--to=petrm@nvidia.com \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=idosch@nvidia.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).