From: Johannes Berg <johannes@sipsolutions.net>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org, netdev@vger.kernel.org
Subject: Re: [PATCH RFC 4/4] netfilter: nf_tables: add netlink description
Date: Sun, 28 Apr 2019 21:53:47 +0200 [thread overview]
Message-ID: <be584167d4096e238df5807ad0212234480c196c.camel@sipsolutions.net> (raw)
In-Reply-To: <20190427105741.nfxy56bkr62hupml@salvia>
On Sat, 2019-04-27 at 12:57 +0200, Pablo Neira Ayuso wrote:
> But they all point to the same nested_policy, ie. these nested
> atributes represent instances of the same object class.
To some extent, yes.
> I think this is meaningful to userspace in terms of providing a
> description of the interface, rather than making it look.
Sure.
> Without the ID, it is not possible from userspace to see that MY_ATTR
> and MY_OTHER_ATTR refer to the same object, right?
There is an ID, and if you reference the same sub-policy multiple times
for nested / nested array attribute types (even at different levels of
nesting btw) then this sub-policy will only be dumped to userspace
multiple times, given an ID, and be referenced by that ID from the
appropriate attribute types in other root/sub-policies.
The only thing is that between kernel versions that ID may change as
it's computed while walking the policy graph, and that graph may change
and thus the walk may reach nodes in the graph in a different order and
thereby label them differently.
johannes
next prev parent reply other threads:[~2019-04-28 19:53 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-07 1:37 [PATCH RFC 0/4] Netlink bus descriptions Pablo Neira Ayuso
2018-02-07 1:37 ` [PATCH RFC 1/4] netlink: add NLA_PAD definition Pablo Neira Ayuso
2019-03-29 10:44 ` Johannes Berg
2018-02-07 1:37 ` [PATCH RFC 2/4] netlink: add generic object description infrastructure Pablo Neira Ayuso
2018-02-08 1:28 ` Randy Dunlap
2018-02-08 16:21 ` Pablo Neira Ayuso
2019-03-29 10:48 ` Johannes Berg
2018-02-07 1:37 ` [PATCH RFC 3/4] netfilter: nfnetlink: add support for netlink descriptions Pablo Neira Ayuso
2018-02-07 1:37 ` [PATCH RFC 4/4] netfilter: nf_tables: add netlink description Pablo Neira Ayuso
2019-03-29 10:59 ` Johannes Berg
2019-04-11 19:26 ` Pablo Neira Ayuso
2019-04-12 11:56 ` Johannes Berg
2019-04-26 16:42 ` Pablo Neira Ayuso
2019-04-26 17:17 ` Johannes Berg
2019-04-26 17:28 ` Johannes Berg
2019-04-26 18:04 ` Pablo Neira Ayuso
2019-04-26 19:14 ` Johannes Berg
2019-04-26 19:20 ` Pablo Neira Ayuso
2019-04-26 19:37 ` Johannes Berg
2019-04-26 19:46 ` Johannes Berg
2019-04-27 10:57 ` Pablo Neira Ayuso
2019-04-28 19:53 ` Johannes Berg [this message]
2019-04-27 10:52 ` Pablo Neira Ayuso
2019-04-28 19:51 ` Johannes Berg
2019-04-26 20:47 ` Michal Kubecek
2019-04-26 20:51 ` Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=be584167d4096e238df5807ad0212234480c196c.camel@sipsolutions.net \
--to=johannes@sipsolutions.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).