Re: [PATCH 2/7] netfilter: xtables2: initial Netlink interface

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Jan Engelhardt <jengelh@medozas.de>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH 2/7] netfilter: xtables2: initial Netlink interface
Date: Tue, 14 Feb 2012 20:53:55 +0100	[thread overview]
Message-ID: <20120214195355.GC29165@1984> (raw)
In-Reply-To: <alpine.LNX.2.01.1202141638480.31395@frira.zrqbmnf.qr>

On Tue, Feb 14, 2012 at 04:56:01PM +0100, Jan Engelhardt wrote:
> 
> On Tuesday 2012-02-14 11:47, Pablo Neira Ayuso wrote:
> >>  include/linux/netfilter/nfnetlink_xtables.h |   20 ++++
> >>  net/netfilter/Kconfig                       |    8 ++
> >>  net/netfilter/Makefile                      |    1 +
> >>  net/netfilter/xt2_nfnetlink.c               |  153 +++++++++++++++++++++++++++
> >
> >I prefer if you call this nfnetlink_xtables.c following the same
> >naming convention.
> 
> (I dropped the '2' meanwhile) Hm I chose so as I planned to have
> at least another file, xt_compat.c. In that regard, it's more like
> what ipset/ has (also not nfnetlink_ipset). Should I pick a
> different header name then?

As said, I'd prefer to stick to nfnetlink_* naming. But I don't mind.

> >> +enum nfxt_msg_type {
> >> +	NFXTM_IDENTIFY = 1,
> >
> >I'd suggest: NFXT_MSG_NEW, NFXT_MSG_GET,...and so on.
> 
> The identifiers are already long enough IMO. Hence the choice
> to use NFXTM_ (msg), NFXTA_ (attr) and NFXTE_ (error codes).

OK

> >> +static struct nlmsghdr *
> >> +xtnetlink_fill(struct sk_buff *skb, const struct xtnetlink_pktref *old,
> >> +	       unsigned int flags)
> >> +{ [...]
> >> +	if (nlmsg == NULL) {
> >> +		nlmsg_cancel(skb, nlmsg);
> >> +		return ERR_PTR(-ENOBUFS);
> >
> >my experience is that it's better to use goto to handle errors.
> 
> There is just one error case here in this function,
> so goto was nowhere to be desired :)

OK

> >> +static int
> >> +xtnetlink_identify(struct sock *xtnl, struct sk_buff *iskb,
> >> +		   const struct nlmsghdr *imsg, const struct nlattr *const *ad)
> >> +{
> >> +	return netlink_dump_start(xtnl, iskb, imsg, xtnetlink_identify2,
> >> +				  NULL, 0);
> >
> >you have to check for NLM_F_DUMP. Otherwise, you are requesting one
> >single table. Please, see ctnetlink or nfnetlink_acct for reference.
> 
> identify returns auxiliary information about the implementation.
> For tables there is(will be) NFXTM_TABLE_DUMP.

Better use standard netlink flags like NLM_F_DUMP, NLM_F_REPLACE and
so on.

next prev parent reply	other threads:[~2012-02-14 19:53 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-01-19 16:26 xtables2 a8, netlink interface Jan Engelhardt
2012-01-19 16:26 ` [PATCH 1/7] netfilter: xtables2: initial table skeletal functions Jan Engelhardt
2012-01-20  0:23   ` Pablo Neira Ayuso
2012-01-20  9:23     ` Jan Engelhardt
2012-01-19 16:26 ` [PATCH 2/7] netfilter: xtables2: initial Netlink interface Jan Engelhardt
2012-02-14 10:47   ` Pablo Neira Ayuso
2012-02-14 15:56     ` Jan Engelhardt
2012-02-14 19:53       ` Pablo Neira Ayuso [this message]
2012-01-19 16:26 ` [PATCH 3/7] netfilter: xtables2: chain creation and deletion Jan Engelhardt
2012-02-14 11:07   ` Pablo Neira Ayuso
2012-01-19 16:26 ` [PATCH 4/7] netfilter: xtables2: chain renaming support Jan Engelhardt
2012-01-19 16:26 ` [PATCH 5/7] netfilter: xtables2: initial table replace support Jan Engelhardt
2012-01-19 16:26 ` [PATCH 6/7] netfilter: xtables2: transaction abort support Jan Engelhardt
2012-01-19 16:26 ` [PATCH 7/7] netfilter: xtables2: redirect writes into transaction buffer Jan Engelhardt
2012-01-20  0:56 ` xtables2 a8, netlink interface Stephen Hemminger
2012-01-20  8:33   ` Jan Engelhardt
2012-01-20  9:23     ` Dave Taht
2012-01-20 16:50       ` Stephen Hemminger
2012-01-21 14:10 ` Jozsef Kadlecsik
2012-01-21 15:53   ` Jan Engelhardt
2012-01-21 20:21     ` Jozsef Kadlecsik
2012-01-23 15:42       ` Jan Engelhardt
2012-01-23 19:48         ` Jozsef Kadlecsik

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120214195355.GC29165@1984 \
    --to=pablo@netfilter.org \
    --cc=jengelh@medozas.de \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).