From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Phil Sutter <phil@nwl.cc>,
netfilter-devel@vger.kernel.org, eric@regit.org
Subject: Re: [PATCH nft 3/3] src: add nft_ctx_netlink_init()
Date: Fri, 1 Sep 2017 12:58:59 +0200 [thread overview]
Message-ID: <20170901105859.GA1195@salvia> (raw)
In-Reply-To: <20170901105049.GN20614@orbyte.nwl.cc>
Hi Phil,
On Fri, Sep 01, 2017 at 12:50:49PM +0200, Phil Sutter wrote:
> Hi Pablo,
>
> On Fri, Sep 01, 2017 at 12:17:33PM +0200, Pablo Neira Ayuso wrote:
> > On Fri, Sep 01, 2017 at 12:14:07PM +0200, Pablo Neira Ayuso wrote:
> > > Add these two new functions to set up netlink sockets in the global
> > > context structure.
> >
> > We can alternatively call this nft_ctx_netlink_auto() if prefer.
> >
> > I'm just trying to skip the type/flag field for nft_ctx_alloc().
> >
> > Does this look acceptable to you to have this extra API to request
> > libnftables to deal with IO details too?
>
> I think we could do it in a simpler way:
>
> | /* create an mnl netlink socket object */
> | struct mnl_socket *netlink_open_sock(void);
> |
> | /* create nft context, optionally passing mnl socket object returned
> | * from netlink_open_sock()
> | * Calling nft_ctx_new(NULL) is equivalent to calling
> | * nft_ctx_new(netlink_open_sock())
> | */
> | static struct nft_ctx *nft_ctx_new(struct mnl_socket *nf_sock);
>
> This way we allow the application to control mnl_socket object, provide
> a simple API for applications which don't need that and at the same time
> always have ctx->nf_sock point to the socket so we can further simplify
> things.
>
> What do you think?
I don't want to expose the mnl_socket for the simple API.
Once we expose the socket, we're allowing people to modify behaviour
via setsockopt() toggles. Then, we'll have to tell people not to
modify socket options for the simple API, or it can be worst: someone
will try to fix this by adding lots of branches to deal with every
socket option combination in libnftables.
So this is an intentional design decision here.
For people willing to do their own netlink IO, we should push them to
use the advanced API.
next prev parent reply other threads:[~2017-09-01 10:59 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-01 10:14 [PATCH nft 1/3] src: move nf_sock into nft_ctx structure Pablo Neira Ayuso
2017-09-01 10:14 ` [PATCH nft 2/3] netlink: remove nfsock_open() Pablo Neira Ayuso
2017-09-01 10:14 ` [PATCH nft 3/3] src: add nft_ctx_netlink_init() Pablo Neira Ayuso
2017-09-01 10:17 ` Pablo Neira Ayuso
2017-09-01 10:50 ` Phil Sutter
2017-09-01 10:58 ` Pablo Neira Ayuso [this message]
2017-09-01 11:20 ` Phil Sutter
2017-09-01 12:28 ` Florian Westphal
2017-09-01 17:50 ` [PATCH nft 1/3] src: move nf_sock into nft_ctx structure Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170901105859.GA1195@salvia \
--to=pablo@netfilter.org \
--cc=eric@regit.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=phil@nwl.cc \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).