From: Florian Westphal <fw@strlen.de>
To: <netfilter-devel@vger.kernel.org>
Cc: Florian Westphal <fw@strlen.de>
Subject: [RFC libnftnl/nft 0/5] nftables: indicate presence of unsupported netlink attributes
Date: Mon, 7 Oct 2024 11:49:33 +0200 [thread overview]
Message-ID: <20241007094943.7544-1-fw@strlen.de> (raw)
This extends linftnl/nftables to indicate incomplete expressions/sets.
When using old nft binary that cannot list a new expression, nft already
prints an error with the name of the unknown expression.
Extend libnftnl to also make an annotation when a known expression has
an unknown attribute included in the dump, then extend nftables to also
display this to the user.
Debug out out will include the [incomplete] tag for each affected
expression.
Nftables will append '"# Unknown features used (old nft version?)"'
comment to the rule resp. the set defintion.
I added new APIs because existing nftnl_expr_get() can't be re-used,
inserting a new common attribute like NFTNL_EXPR_COMPLETE will break ABI.
It would make sense to also add
nftnl_XXX_complete functions for table, chains, objects and flowtables so we
have coverage for all supported types in one go, but I think its better
to first check for feedback before doing this.
libnftnl:
Florian Westphal (3):
expr: add and use incomplete tag
sets: add and use incomplete tag
libnftnl: add api to query dissection state
include/data_reg.h | 1 +
include/expr.h | 1 +
include/libnftnl/expr.h | 2 ++
include/libnftnl/set.h | 1 +
include/set.h | 1 +
src/expr.c | 6 ++++++
src/expr/bitwise.c | 8 +++++---
src/expr/byteorder.c | 9 ++++++---
src/expr/cmp.c | 9 ++++++---
src/expr/connlimit.c | 9 ++++++---
src/expr/counter.c | 9 ++++++---
src/expr/ct.c | 9 ++++++---
src/expr/data_reg.c | 19 +++++++++++++------
src/expr/dup.c | 9 ++++++---
src/expr/dynset.c | 9 ++++++---
src/expr/exthdr.c | 8 +++++---
src/expr/fib.c | 9 ++++++---
src/expr/flow_offload.c | 9 ++++++---
src/expr/fwd.c | 8 +++++---
src/expr/hash.c | 8 +++++---
src/expr/immediate.c | 8 +++++---
src/expr/inner.c | 8 +++++---
src/expr/last.c | 8 +++++---
src/expr/limit.c | 8 +++++---
src/expr/log.c | 8 +++++---
src/expr/lookup.c | 8 +++++---
src/expr/masq.c | 8 +++++---
src/expr/match.c | 8 +++++---
src/expr/meta.c | 6 ++++++
src/expr/nat.c | 8 +++++---
src/expr/numgen.c | 8 +++++---
src/expr/objref.c | 8 +++++---
src/expr/osf.c | 9 +++++----
src/expr/payload.c | 8 +++++---
src/expr/queue.c | 9 ++++++---
src/expr/quota.c | 8 +++++---
src/expr/range.c | 8 +++++---
src/expr/redir.c | 8 +++++---
src/expr/reject.c | 9 ++++++---
src/expr/rt.c | 9 ++++++---
src/expr/socket.c | 9 ++++++---
src/expr/synproxy.c | 16 ++++++++--------
src/expr/target.c | 9 ++++++---
src/expr/tproxy.c | 8 +++++---
src/expr/tunnel.c | 8 +++++---
src/expr/xfrm.c | 8 +++++---
src/libnftnl.map | 5 +++++
src/rule.c | 5 +++++
src/set.c | 6 ++++++
src/set_elem.c | 5 +++++
50 files changed, 259 insertions(+), 126 deletions(-)
nft:
Florian Westphal (2):
netlink: tell user if libnftnl detected unknown attributes/features
sets: inform user when set definition contains unknown attributes
include/netlink.h | 1 +
include/rule.h | 2 ++
src/netlink.c | 3 +++
src/netlink_delinearize.c | 24 ++++++++++++++++++++++++
src/rule.c | 5 +++++
5 files changed, 35 insertions(+)
--
2.45.2
next reply other threads:[~2024-10-07 10:23 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-07 9:49 Florian Westphal [this message]
2024-10-07 9:49 ` [PATCH libnftnl 1/5] expr: add and use incomplete tag Florian Westphal
2024-10-08 11:13 ` Pablo Neira Ayuso
2024-10-08 12:17 ` Florian Westphal
2024-10-08 14:43 ` Pablo Neira Ayuso
2024-10-08 16:11 ` Florian Westphal
2024-10-07 9:49 ` [PATCH libnftnl 2/5] sets: " Florian Westphal
2024-10-07 9:49 ` [PATCH libnftnl 3/5] libnftnl: add api to query dissection state Florian Westphal
2024-10-07 9:49 ` [PATCH nft 4/5] netlink: tell user if libnftnl detected unknown attributes/features Florian Westphal
2024-10-07 9:49 ` [PATCH nft 5/5] sets: inform user when set definition contains unknown attributes Florian Westphal
2024-10-16 17:07 ` [RFC libnftnl/nft 0/5] nftables: indicate presence of unsupported netlink attributes Phil Sutter
2024-10-16 18:34 ` Pablo Neira Ayuso
2024-10-16 19:04 ` Phil Sutter
2024-10-16 19:41 ` Jan Engelhardt
2024-10-16 19:28 ` Jan Engelhardt
2024-10-16 20:05 ` Phil Sutter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241007094943.7544-1-fw@strlen.de \
--to=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).