Re: [PATCH 1/3] Add revision field for xt_entry

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* Re: [PATCH 1/3] Add revision field for xt_entry_target
@ 2015-03-18  2:47 Zhang, Chunyu
  2015-03-18  9:44 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 7+ messages in thread
From: Zhang, Chunyu @ 2015-03-18  2:47 UTC (permalink / raw)
  To: pablo@netfilter.org; +Cc: netfilter-devel@vger.kernel.org

hi Pablo

>On Fri, Feb 06, 2015 at 03:26:28PM +0800, Gao feng wrote:
>> This filed is useful if we want to add TARGET which
>> has revision for arptables rules.
>>
>> Also make sure xt_entry_target is consistent with
>> the definition in kernel.
>>
>> Signed-off-by: Gao feng <gaofeng@xxxxxxxxxxxxxx>
>> ---
>>  include/linux/netfilter_arp/arp_tables.h | 4 +++-
>>  1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h
>> index 0acda66..ccf8cd0 100644
>> --- a/include/linux/netfilter_arp/arp_tables.h
>> +++ b/include/linux/netfilter_arp/arp_tables.h
>> @@ -19,7 +19,7 @@
>> 
>>  #include <linux/netfilter_arp.h>
>> 
>> -#define ARPT_FUNCTION_MAXNAMELEN 30
>> +#define ARPT_FUNCTION_MAXNAMELEN 29
>>  #define ARPT_TABLE_MAXNAMELEN 32
>> 
>>  #define ARPT_DEV_ADDR_LEN_MAX 16
>> @@ -69,6 +69,8 @@ struct arpt_entry_target
>> 
>>                      /* Used by userspace */
>>                      char name[ARPT_FUNCTION_MAXNAMELEN];
>> +
>> +                    u_int8_t revision;
>
>This structure is not exposed to userspace and I don't find any client
>of it in this code:
>
>include/uapi/linux/netfilter_arp/arp_tables.h:#define arpt_entry_target xt_entry_target
>
>and arp_tables uses xt_entry_target all the time.
revision is used to mark_tg in kernel file : kernel-3.14/net/netfilter/xt_mark.c

static struct xt_target mark_tg_reg __read_mostly = {
        .name           = "MARK",
        .revision       = 2,
        .family         = NFPROTO_UNSPEC,
        .target         = mark_tg,
        .targetsize     = sizeof(struct xt_mark_tginfo2),
        .me             = THIS_MODULE,
};
>
>I guess you can get rid of this dead code. Then, update the cached
>copy and also include x_tables.h definition in the arptables tree.
do you mean ,   in arptable shoudle write like  xtables_target ?

iptables/extensions/libxt_MARK.c
static struct xtables_target mark_tg_reg[] = {
        {  
                .family        = NFPROTO_UNSPEC,
                .name          = "MARK",
                .version       = XTABLES_VERSION,
                .revision      = 0,
                .size          = XT_ALIGN(sizeof(struct xt_mark_target_info)),
                .userspacesize = XT_ALIGN(sizeof(struct xt_mark_target_info)),
                .help          = MARK_help,
                .print         = MARK_print_v0,
                .save          = MARK_save_v0,
                .x6_parse      = MARK_parse_v0,
                .x6_fcheck     = MARK_check,
                .x6_options    = MARK_opts,
        }, 
        {  
                .family        = NFPROTO_IPV4,
                .name          = "MARK",
                .version       = XTABLES_VERSION,
                .revision      = 1,
                .size          = XT_ALIGN(sizeof(struct xt_mark_target_info_v1)),
                .userspacesize = XT_ALIGN(sizeof(struct xt_mark_target_info_v1)),
                .help          = MARK_help,
                .print         = MARK_print_v1,
                .save          = MARK_save_v1,
                .x6_parse      = MARK_parse_v1,
                .x6_fcheck     = MARK_check,
                .x6_options    = MARK_opts,
        },
>
>>              } user;
>>              struct {
>>                      u_int16_t target_size;
>> --
>> 2.1.0
>> 

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH 1/3] Add revision field for xt_entry_target
  2015-03-18  2:47 [PATCH 1/3] Add revision field for xt_entry_target Zhang, Chunyu
@ 2015-03-18  9:44 ` Pablo Neira Ayuso
  2015-03-18  9:59   ` Zhang, Chunyu
  0 siblings, 1 reply; 7+ messages in thread
From: Pablo Neira Ayuso @ 2015-03-18  9:44 UTC (permalink / raw)
  To: Zhang, Chunyu; +Cc: netfilter-devel@vger.kernel.org

On Wed, Mar 18, 2015 at 02:47:33AM +0000, Zhang, Chunyu wrote:
> >> diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h
> >> index 0acda66..ccf8cd0 100644
> >> --- a/include/linux/netfilter_arp/arp_tables.h
> >> +++ b/include/linux/netfilter_arp/arp_tables.h
> >> @@ -19,7 +19,7 @@
> >> 
> >>  #include <linux/netfilter_arp.h>
> >> 
> >> -#define ARPT_FUNCTION_MAXNAMELEN 30
> >> +#define ARPT_FUNCTION_MAXNAMELEN 29
> >>  #define ARPT_TABLE_MAXNAMELEN 32
> >> 
> >>  #define ARPT_DEV_ADDR_LEN_MAX 16
> >> @@ -69,6 +69,8 @@ struct arpt_entry_target
> >> 
> >>                      /* Used by userspace */
> >>                      char name[ARPT_FUNCTION_MAXNAMELEN];
> >> +
> >> +                    u_int8_t revision;
> >
> >This structure is not exposed to userspace and I don't find any client
> >of it in this code:
> >
> >include/uapi/linux/netfilter_arp/arp_tables.h:#define arpt_entry_target xt_entry_target
> >
> >and arp_tables uses xt_entry_target all the time.
>
> revision is used to mark_tg in kernel file : kernel-3.14/net/netfilter/xt_mark.c

Forget it, I got confused by the net/netfilter/xt_repldata.h trickery,
sorry. Please, resubmit this patch once you have extended the
userspace arp mark extension to exactly mirror what mark can do in
iptables/ip6tables.

Thanks.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Re: [PATCH 1/3] Add revision field for xt_entry_target
  2015-03-18  9:44 ` Pablo Neira Ayuso
@ 2015-03-18  9:59   ` Zhang, Chunyu
  2015-03-18 10:07     ` Pablo Neira Ayuso
  0 siblings, 1 reply; 7+ messages in thread
From: Zhang, Chunyu @ 2015-03-18  9:59 UTC (permalink / raw)
  To: pablo@netfilter.org; +Cc: netfilter-devel@vger.kernel.org


hi pablo
>From: netfilter-devel-owner
>Date: 2015-03-18
>To: Zhang, Chunyu/章 春宇
>Subject: Re: [PATCH 1/3] Add revision field for xt_entry_target
>
>On Wed, Mar 18, 2015 at 02:47:33AM +0000, Zhang, Chunyu wrote:
>> >> diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h
>> >> index 0acda66..ccf8cd0 100644
>> >> --- a/include/linux/netfilter_arp/arp_tables.h
>> >> +++ b/include/linux/netfilter_arp/arp_tables.h
>> >> @@ -19,7 +19,7 @@
>> >> 
>> >>  #include <linux/netfilter_arp.h>
>> >> 
>> >> -#define ARPT_FUNCTION_MAXNAMELEN 30
>> >> +#define ARPT_FUNCTION_MAXNAMELEN 29
>> >>  #define ARPT_TABLE_MAXNAMELEN 32
>> >> 
>> >>  #define ARPT_DEV_ADDR_LEN_MAX 16
>> >> @@ -69,6 +69,8 @@ struct arpt_entry_target
>> >> 
>> >>                      /* Used by userspace */
>> >>                      char name[ARPT_FUNCTION_MAXNAMELEN];
>> >> +
>> >> +                    u_int8_t revision;
>> >
>> >This structure is not exposed to userspace and I don't find any client
>> >of it in this code:
>> >
>> >include/uapi/linux/netfilter_arp/arp_tables.h:#define arpt_entry_target xt_entry_target
>> >
>> >and arp_tables uses xt_entry_target all the time.
>>
>> revision is used to mark_tg in kernel file : kernel-3.14/net/netfilter/xt_mark.c
>
>Forget it, I got confused by the net/netfilter/xt_repldata.h trickery,
>sorry. Please, resubmit this patch once you have extended the
>userspace arp mark extension to exactly mirror what mark can do in
>iptables/ip6tables.
ok, i will do it for revision
also add --and-mark and --or-mark
maybe too many code to add.
>
>Thanks.
>--
>To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
>the body of a message to majordomo@vger.kernel.org
>More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Re: [PATCH 1/3] Add revision field for xt_entry_target
  2015-03-18  9:59   ` Zhang, Chunyu
@ 2015-03-18 10:07     ` Pablo Neira Ayuso
  2015-03-18 10:10       ` Zhang, Chunyu
  0 siblings, 1 reply; 7+ messages in thread
From: Pablo Neira Ayuso @ 2015-03-18 10:07 UTC (permalink / raw)
  To: Zhang, Chunyu; +Cc: netfilter-devel@vger.kernel.org

On Wed, Mar 18, 2015 at 09:59:59AM +0000, Zhang, Chunyu wrote:
> >Please, resubmit this patch once you have extended the
> >userspace arp mark extension to exactly mirror what mark can do in
> >iptables/ip6tables.
>
> ok, i will do it for revision
> also add --and-mark and --or-mark
> maybe too many code to add.

Please, add exactly the same:

"MARK target options:\n"
"  --set-mark value                   Set nfmark value\n"
"  --and-mark value                   Binary AND the nfmark with value\n"
"  --or-mark  value                   Binary OR  the nfmark with value\n");

We'll have arptables-compat over nftables ready soon, and things get
easier for us if we get arptables in sync with iptables.

Thanks.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Re: [PATCH 1/3] Add revision field for xt_entry_target
  2015-03-18 10:07     ` Pablo Neira Ayuso
@ 2015-03-18 10:10       ` Zhang, Chunyu
  0 siblings, 0 replies; 7+ messages in thread
From: Zhang, Chunyu @ 2015-03-18 10:10 UTC (permalink / raw)
  To: pablo@netfilter.org; +Cc: netfilter-devel@vger.kernel.org



>From: Pablo Neira Ayuso
>Date: 2015-03-18
>To: Zhang, Chunyu/章 春宇
>Subject: Re: Re: [PATCH 1/3] Add revision field for xt_entry_target
>
>On Wed, Mar 18, 2015 at 09:59:59AM +0000, Zhang, Chunyu wrote:
>> >Please, resubmit this patch once you have extended the
>> >userspace arp mark extension to exactly mirror what mark can do in
>> >iptables/ip6tables.
>>
>> ok, i will do it for revision
>> also add --and-mark and --or-mark
>> maybe too many code to add.
>
>Please, add exactly the same:
>
>"MARK target options:\n"
>"  --set-mark value                   Set nfmark value\n"
>"  --and-mark value                   Binary AND the nfmark with value\n"
>"  --or-mark  value                   Binary OR  the nfmark with value\n");
ok, got it!

thanks.
>
>We'll have arptables-compat over nftables ready soon, and things get
>easier for us if we get arptables in sync with iptables.
>
>Thanks.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [PATCH 1/3] Add revision field for xt_entry_target
@ 2015-02-06  7:26 Gao feng
  2015-02-11 15:52 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 7+ messages in thread
From: Gao feng @ 2015-02-06  7:26 UTC (permalink / raw)
  To: netfilter-devel; +Cc: pablo, Gao feng

This filed is useful if we want to add TARGET which
has revision for arptables rules.

Also make sure xt_entry_target is consistent with
the definition in kernel.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
---
 include/linux/netfilter_arp/arp_tables.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h
index 0acda66..ccf8cd0 100644
--- a/include/linux/netfilter_arp/arp_tables.h
+++ b/include/linux/netfilter_arp/arp_tables.h
@@ -19,7 +19,7 @@
 
 #include <linux/netfilter_arp.h>
 
-#define ARPT_FUNCTION_MAXNAMELEN 30
+#define ARPT_FUNCTION_MAXNAMELEN 29
 #define ARPT_TABLE_MAXNAMELEN 32
 
 #define ARPT_DEV_ADDR_LEN_MAX 16
@@ -69,6 +69,8 @@ struct arpt_entry_target
 
 			/* Used by userspace */
 			char name[ARPT_FUNCTION_MAXNAMELEN];
+
+			u_int8_t revision;
 		} user;
 		struct {
 			u_int16_t target_size;
-- 
2.1.0


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* Re: [PATCH 1/3] Add revision field for xt_entry_target
  2015-02-06  7:26 Gao feng
@ 2015-02-11 15:52 ` Pablo Neira Ayuso
  0 siblings, 0 replies; 7+ messages in thread
From: Pablo Neira Ayuso @ 2015-02-11 15:52 UTC (permalink / raw)
  To: Gao feng; +Cc: netfilter-devel

On Fri, Feb 06, 2015 at 03:26:28PM +0800, Gao feng wrote:
> This filed is useful if we want to add TARGET which
> has revision for arptables rules.
> 
> Also make sure xt_entry_target is consistent with
> the definition in kernel.
> 
> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
> ---
>  include/linux/netfilter_arp/arp_tables.h | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h
> index 0acda66..ccf8cd0 100644
> --- a/include/linux/netfilter_arp/arp_tables.h
> +++ b/include/linux/netfilter_arp/arp_tables.h
> @@ -19,7 +19,7 @@
>  
>  #include <linux/netfilter_arp.h>
>  
> -#define ARPT_FUNCTION_MAXNAMELEN 30
> +#define ARPT_FUNCTION_MAXNAMELEN 29
>  #define ARPT_TABLE_MAXNAMELEN 32
>  
>  #define ARPT_DEV_ADDR_LEN_MAX 16
> @@ -69,6 +69,8 @@ struct arpt_entry_target
>  
>  			/* Used by userspace */
>  			char name[ARPT_FUNCTION_MAXNAMELEN];
> +
> +			u_int8_t revision;

This structure is not exposed to userspace and I don't find any client
of it in this code:

include/uapi/linux/netfilter_arp/arp_tables.h:#define arpt_entry_target xt_entry_target

and arp_tables uses xt_entry_target all the time.

I guess you can get rid of this dead code. Then, update the cached
copy and also include x_tables.h definition in the arptables tree.

>  		} user;
>  		struct {
>  			u_int16_t target_size;
> -- 
> 2.1.0
> 

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2015-03-18 10:10 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-03-18  2:47 [PATCH 1/3] Add revision field for xt_entry_target Zhang, Chunyu
2015-03-18  9:44 ` Pablo Neira Ayuso
2015-03-18  9:59   ` Zhang, Chunyu
2015-03-18 10:07     ` Pablo Neira Ayuso
2015-03-18 10:10       ` Zhang, Chunyu
  -- strict thread matches above, loose matches on Subject: below --
2015-02-06  7:26 Gao feng
2015-02-11 15:52 ` Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).