From: Thomas Graf <tgraf@infradead.org>
To: Jan Engelhardt <jengelh@medozas.de>
Cc: Thomas Graf <tgraf@redhat.com>,
Jesper Dangaard Brouer <hawk@diku.dk>,
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>,
Netfilter Developer Mailing List
<netfilter-devel@vger.kernel.org>,
netfilter@vger.kernel.org,
Pablo Neira Ayuso <pablo@netfilter.org>
Subject: Re: Error reporting in Netlink (Re: Xtables2 Netlink spec)
Date: Thu, 16 Dec 2010 09:19:23 -0500 [thread overview]
Message-ID: <20101216141923.GB23297@canuck.infradead.org> (raw)
In-Reply-To: <alpine.LNX.2.01.1012161444410.16086@obet.zrqbmnf.qr>
On Thu, Dec 16, 2010 at 02:51:07PM +0100, Jan Engelhardt wrote:
> >Why not use nlattr to encode the error string? It would make error
> >messages easier to extend in the future. At some point we might want
> >to add an offset field which points into the original netlink
> >message describing the attribute which caused the failure.
>
> Is that a yes or a no?
The proposed solution at netconf involved appending the error string
directly. Inspired by your comment I realizezd that encoding the
error string as nlattr allow for additional attributes would be a
better implementation.
As for size limitations, even though most netlink protocols do it, I
don't see the point in appending the whole request message in a error
message. The header would be completely sufficient for all request/reply
based protocols. It is no problem for userspace to keep a copy of the
last request sent.
> Let's see, why does iproute2 not just do that, then? Because some
> things only the kernel knows about, so even if the parameters are
> correct from the userspace side of view, the kernel may reject the
> request nevertheless.
You are not the first to come up with this but it is still a pretty
lazy excuse. iproute2 could do a lot better than it does today and
it has been improved a lot over time. The main reason for the current
situation is the atomic nature of routing netlink requests handlers.
Checking for errors in an atomic context where no interface disappears
and no route can be removed while the request is being processed simply
makes checking for errors a lot easier.
This does not mean that userspace should have a card blanche for
sending bogus combinations of netlink attributes and expect the kernel
to always come up with a perfect verbose error message.
The kernel can still send ENODEV to indicate the specified network
device does not exist but it should only cover the case where the
interface disappeared between the userspace checking for its existance
and the request being processed.
next prev parent reply other threads:[~2010-12-16 14:19 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-24 22:29 Xtables2 Netlink spec Jan Engelhardt
2010-11-25 11:42 ` Pablo Neira Ayuso
2010-11-25 13:35 ` Jan Engelhardt
2010-11-25 14:21 ` Pablo Neira Ayuso
2010-11-25 21:46 ` Jan Engelhardt
2010-11-26 8:25 ` Pablo Neira Ayuso
2010-11-26 13:59 ` Jan Engelhardt
2010-11-26 19:48 ` Jozsef Kadlecsik
2010-11-26 19:55 ` Jan Engelhardt
2010-11-26 20:05 ` Jozsef Kadlecsik
2010-11-26 21:33 ` Jan Engelhardt
[not found] ` <alpine.DEB.2.00.1011270951330.20431@blackhole.kfki.hu>
2010-11-27 13:39 ` Jan Engelhardt
2010-11-27 17:04 ` Jozsef Kadlecsik
2010-11-27 17:35 ` Jan Engelhardt
2010-11-27 20:42 ` Jozsef Kadlecsik
2010-11-29 12:30 ` Pablo Neira Ayuso
2010-11-29 12:39 ` Jozsef Kadlecsik
2010-11-29 12:55 ` Pablo Neira Ayuso
2010-11-29 13:26 ` Jan Engelhardt
2010-11-29 13:49 ` Pablo Neira Ayuso
2010-11-29 12:23 ` Pablo Neira Ayuso
2010-11-27 11:10 ` Pablo Neira Ayuso
2010-11-26 15:27 ` Jan Engelhardt
2010-11-27 12:25 ` Pablo Neira Ayuso
2010-12-03 21:03 ` Jan Engelhardt
2010-12-07 7:49 ` Pablo Neira Ayuso
2010-12-07 13:30 ` Jan Engelhardt
2010-12-08 11:36 ` Pablo Neira Ayuso
2010-11-26 19:01 ` Jozsef Kadlecsik
2010-12-09 12:08 ` Pablo Neira Ayuso
2010-12-14 2:01 ` Jan Engelhardt
2010-12-14 2:16 ` James Nurmi
2010-12-14 3:46 ` Jan Engelhardt
2010-12-15 13:54 ` Pablo Neira Ayuso
2010-12-16 14:05 ` Thomas Graf
2010-12-16 14:22 ` Jan Engelhardt
2010-12-17 7:25 ` Thomas Graf
2010-12-17 9:35 ` Jan Engelhardt
2010-12-17 9:50 ` Pablo Neira Ayuso
2010-12-17 9:55 ` Pablo Neira Ayuso
2010-12-17 14:56 ` Jan Engelhardt
2010-12-15 4:55 ` Jan Engelhardt
2010-12-15 8:51 ` Jozsef Kadlecsik
2010-12-16 9:57 ` Jesper Dangaard Brouer
2010-12-16 12:51 ` Error reporting in Netlink (Re: Xtables2 Netlink spec) Jan Engelhardt
2010-12-16 13:43 ` Thomas Graf
2010-12-16 13:51 ` Jan Engelhardt
2010-12-16 14:19 ` Thomas Graf [this message]
2010-12-17 10:00 ` Pablo Neira Ayuso
2010-12-16 14:47 ` Jozsef Kadlecsik
2010-12-16 15:09 ` Jan Engelhardt
2010-12-16 23:31 ` Patrick McHardy
2010-12-17 6:58 ` Thomas Graf
2010-12-16 23:23 ` Patrick McHardy
2010-12-17 10:02 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20101216141923.GB23297@canuck.infradead.org \
--to=tgraf@infradead.org \
--cc=hawk@diku.dk \
--cc=jengelh@medozas.de \
--cc=kadlec@blackhole.kfki.hu \
--cc=netfilter-devel@vger.kernel.org \
--cc=netfilter@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=tgraf@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).