* [PATCH v2 net-next] netlink: specs: add conntrack dump and stats dump support
@ 2025-02-10 15:21 Florian Westphal
2025-02-10 18:39 ` Jakub Kicinski
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: Florian Westphal @ 2025-02-10 15:21 UTC (permalink / raw)
To: netdev; +Cc: netfilter-devel, donald.hunter, Florian Westphal
This adds support to dump the connection tracking table
("conntrack -L") and the conntrack statistics, ("conntrack -S").
Example conntrack dump:
tools/net/ynl/pyynl/cli.py --spec Documentation/netlink/specs/conntrack.yaml --dump get
[{'id': 59489769,
'mark': 0,
'nfgen-family': 2,
'protoinfo': {'protoinfo-tcp': {'tcp-flags-original': {'flags': {'maxack',
'sack-perm',
'window-scale'},
'mask': set()},
'tcp-flags-reply': {'flags': {'maxack',
'sack-perm',
'window-scale'},
'mask': set()},
'tcp-state': 'established',
'tcp-wscale-original': 7,
'tcp-wscale-reply': 8}},
'res-id': 0,
'secctx': {'secctx-name': 'system_u:object_r:unlabeled_t:s0'},
'status': {'assured',
'confirmed',
'dst-nat-done',
'seen-reply',
'src-nat-done'},
'timeout': 431949,
'tuple-orig': {'tuple-ip': {'ip-v4-dst': '34.107.243.93',
'ip-v4-src': '192.168.0.114'},
'tuple-proto': {'proto-dst-port': 443,
'proto-num': 6,
'proto-src-port': 37104}},
'tuple-reply': {'tuple-ip': {'ip-v4-dst': '192.168.0.114',
'ip-v4-src': '34.107.243.93'},
'tuple-proto': {'proto-dst-port': 37104,
'proto-num': 6,
'proto-src-port': 443}},
'use': 1,
'version': 0},
{'id': 3402229480,
Example stats dump:
tools/net/ynl/pyynl/cli.py --spec Documentation/netlink/specs/conntrack.yaml --dump get-stats
[{'chain-toolong': 0,
'clash-resolve': 3,
'drop': 0,
....
Changes since last iteration:
- Address comments from Donald Hunter, in particular, fixup "get" and
"get-stats" descriptions, the former operation supports both dump
and normal request (returns a single entry, if found), the latter
only supports dumps.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
Documentation/netlink/specs/conntrack.yaml | 643 +++++++++++++++++++++
1 file changed, 643 insertions(+)
create mode 100644 Documentation/netlink/specs/conntrack.yaml
diff --git a/Documentation/netlink/specs/conntrack.yaml b/Documentation/netlink/specs/conntrack.yaml
new file mode 100644
index 000000000000..840dc4504216
--- /dev/null
+++ b/Documentation/netlink/specs/conntrack.yaml
@@ -0,0 +1,643 @@
+# SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause)
+
+name: conntrack
+protocol: netlink-raw
+protonum: 12
+
+doc:
+ Netfilter connection tracking subsystem over nfnetlink
+
+definitions:
+ -
+ name: nfgenmsg
+ type: struct
+ members:
+ -
+ name: nfgen-family
+ type: u8
+ -
+ name: version
+ type: u8
+ -
+ name: res-id
+ byte-order: big-endian
+ type: u16
+ -
+ name: nf-ct-tcp-flags-mask
+ type: struct
+ members:
+ -
+ name: flags
+ type: u8
+ enum: nf-ct-tcp-flags
+ enum-as-flags: true
+ -
+ name: mask
+ type: u8
+ enum: nf-ct-tcp-flags
+ enum-as-flags: true
+ -
+ name: nf-ct-tcp-flags
+ type: flags
+ entries:
+ - window-scale
+ - sack-perm
+ - close-init
+ - be-liberal
+ - unacked
+ - maxack
+ - challenge-ack
+ - simultaneous-open
+ -
+ name: nf-ct-tcp-state
+ type: enum
+ entries:
+ - none
+ - syn-sent
+ - syn-recv
+ - established
+ - fin-wait
+ - close-wait
+ - last-ack
+ - time-wait
+ - close
+ - syn-sent2
+ - max
+ - ignore
+ - retrans
+ - unack
+ - timeout-max
+ -
+ name: nf-ct-sctp-state
+ type: enum
+ entries:
+ - none
+ - cloned
+ - cookie-wait
+ - cookie-echoed
+ - established
+ - shutdown-sent
+ - shutdown-received
+ - shutdown-ack-sent
+ - shutdown-heartbeat-sent
+ -
+ name: nf-ct-status
+ type: flags
+ entries:
+ - expected
+ - seen-reply
+ - assured
+ - confirmed
+ - src-nat
+ - dst-nat
+ - seq-adj
+ - src-nat-done
+ - dst-nat-done
+ - dying
+ - fixed-timeout
+ - template
+ - nat-clash
+ - helper
+ - offload
+ - hw-offload
+
+attribute-sets:
+ -
+ name: counter-attrs
+ attributes:
+ -
+ name: packets
+ type: u64
+ byte-order: big-endian
+ -
+ name: bytes
+ type: u64
+ byte-order: big-endian
+ -
+ name: packets-old
+ type: u32
+ -
+ name: bytes-old
+ type: u32
+ -
+ name: pad
+ type: pad
+ -
+ name: tuple-proto-attrs
+ attributes:
+ -
+ name: proto-num
+ type: u8
+ doc: l4 protocol number
+ -
+ name: proto-src-port
+ type: u16
+ byte-order: big-endian
+ doc: l4 source port
+ -
+ name: proto-dst-port
+ type: u16
+ byte-order: big-endian
+ doc: l4 source port
+ -
+ name: proto-icmp-id
+ type: u16
+ byte-order: big-endian
+ doc: l4 icmp id
+ -
+ name: proto-icmp-type
+ type: u8
+ -
+ name: proto-icmp-code
+ type: u8
+ -
+ name: proto-icmpv6-id
+ type: u16
+ byte-order: big-endian
+ doc: l4 icmp id
+ -
+ name: proto-icmpv6-type
+ type: u8
+ -
+ name: proto-icmpv6-code
+ type: u8
+ -
+ name: tuple-ip-attrs
+ attributes:
+ -
+ name: ip-v4-src
+ type: u32
+ byte-order: big-endian
+ display-hint: ipv4
+ doc: ipv4 source address
+ -
+ name: ip-v4-dst
+ type: u32
+ byte-order: big-endian
+ display-hint: ipv4
+ doc: ipv4 destination address
+ -
+ name: ip-v6-src
+ type: binary
+ checks:
+ min-len: 16
+ byte-order: big-endian
+ display-hint: ipv6
+ doc: ipv6 source address
+ -
+ name: ip-v6-dst
+ type: binary
+ checks:
+ min-len: 16
+ byte-order: big-endian
+ display-hint: ipv6
+ doc: ipv6 destination address
+ -
+ name: tuple-attrs
+ attributes:
+ -
+ name: tuple-ip
+ type: nest
+ nested-attributes: tuple-ip-attrs
+ doc: conntrack l3 information
+ -
+ name: tuple-proto
+ type: nest
+ nested-attributes: tuple-proto-attrs
+ doc: conntrack l4 information
+ -
+ name: tuple-zone
+ type: u16
+ byte-order: big-endian
+ doc: conntrack zone id
+ -
+ name: protoinfo-tcp-attrs
+ attributes:
+ -
+ name: tcp-state
+ type: u8
+ enum: nf-ct-tcp-state
+ doc: tcp connection state
+ -
+ name: tcp-wscale-original
+ type: u8
+ doc: window scaling factor in original direction
+ -
+ name: tcp-wscale-reply
+ type: u8
+ doc: window scaling factor in reply direction
+ -
+ name: tcp-flags-original
+ type: binary
+ struct: nf-ct-tcp-flags-mask
+ -
+ name: tcp-flags-reply
+ type: binary
+ struct: nf-ct-tcp-flags-mask
+ -
+ name: protoinfo-dccp-attrs
+ attributes:
+ -
+ name: dccp-state
+ type: u8
+ doc: dccp connection state
+ -
+ name: dccp-role
+ type: u8
+ -
+ name: dccp-handshake-seq
+ type: u64
+ byte-order: big-endian
+ -
+ name: dccp-pad
+ type: pad
+ -
+ name: protoinfo-sctp-attrs
+ attributes:
+ -
+ name: sctp-state
+ type: u8
+ doc: sctp connection state
+ enum: nf-ct-sctp-state
+ -
+ name: vtag-original
+ type: u32
+ byte-order: big-endian
+ -
+ name: vtag-reply
+ type: u32
+ byte-order: big-endian
+ -
+ name: protoinfo-attrs
+ attributes:
+ -
+ name: protoinfo-tcp
+ type: nest
+ nested-attributes: protoinfo-tcp-attrs
+ doc: conntrack tcp state information
+ -
+ name: protoinfo-dccp
+ type: nest
+ nested-attributes: protoinfo-dccp-attrs
+ doc: conntrack dccp state information
+ -
+ name: protoinfo-sctp
+ type: nest
+ nested-attributes: protoinfo-sctp-attrs
+ doc: conntrack sctp state information
+ -
+ name: help-attrs
+ attributes:
+ -
+ name: help-name
+ type: string
+ doc: helper name
+ -
+ name: nat-proto-attrs
+ attributes:
+ -
+ name: nat-port-min
+ type: u16
+ byte-order: big-endian
+ -
+ name: nat-port-max
+ type: u16
+ byte-order: big-endian
+ -
+ name: nat-attrs
+ attributes:
+ -
+ name: nat-v4-minip
+ type: u32
+ byte-order: big-endian
+ -
+ name: nat-v4-maxip
+ type: u32
+ byte-order: big-endian
+ -
+ name: nat-v6-minip
+ type: binary
+ -
+ name: nat-v6-maxip
+ type: binary
+ -
+ name: nat-proto
+ type: nest
+ nested-attributes: nat-proto-attrs
+ -
+ name: seqadj-attrs
+ attributes:
+ -
+ name: correction-pos
+ type: u32
+ byte-order: big-endian
+ -
+ name: offset-before
+ type: u32
+ byte-order: big-endian
+ -
+ name: offset-after
+ type: u32
+ byte-order: big-endian
+ -
+ name: secctx-attrs
+ attributes:
+ -
+ name: secctx-name
+ type: string
+ -
+ name: synproxy-attrs
+ attributes:
+ -
+ name: isn
+ type: u32
+ byte-order: big-endian
+ -
+ name: its
+ type: u32
+ byte-order: big-endian
+ -
+ name: tsoff
+ type: u32
+ byte-order: big-endian
+ -
+ name: conntrack-attrs
+ attributes:
+ -
+ name: tuple-orig
+ type: nest
+ nested-attributes: tuple-attrs
+ doc: conntrack l3+l4 protocol information, original direction
+ -
+ name: tuple-reply
+ type: nest
+ nested-attributes: tuple-attrs
+ doc: conntrack l3+l4 protocol information, reply direction
+ -
+ name: status
+ type: u32
+ byte-order: big-endian
+ enum: nf-ct-status
+ enum-as-flags: true
+ doc: conntrack flag bits
+ -
+ name: protoinfo
+ type: nest
+ nested-attributes: protoinfo-attrs
+ -
+ name: help
+ type: nest
+ nested-attributes: help-attrs
+ -
+ name: nat-src
+ type: nest
+ nested-attributes: nat-attrs
+ -
+ name: timeout
+ type: u32
+ byte-order: big-endian
+ -
+ name: mark
+ type: u32
+ byte-order: big-endian
+ -
+ name: counters-orig
+ type: nest
+ nested-attributes: counter-attrs
+ -
+ name: counters-reply
+ type: nest
+ nested-attributes: counter-attrs
+ -
+ name: use
+ type: u32
+ byte-order: big-endian
+ -
+ name: id
+ type: u32
+ byte-order: big-endian
+ -
+ name: nat-dst
+ type: nest
+ nested-attributes: nat-attrs
+ -
+ name: tuple-master
+ type: nest
+ nested-attributes: tuple-attrs
+ -
+ name: seq-adj-orig
+ type: nest
+ nested-attributes: seqadj-attrs
+ -
+ name: seq-adj-reply
+ type: nest
+ nested-attributes: seqadj-attrs
+ -
+ name: secmark
+ type: binary
+ doc: obsolete
+ -
+ name: zone
+ type: u16
+ byte-order: big-endian
+ doc: conntrack zone id
+ -
+ name: secctx
+ type: nest
+ nested-attributes: secctx-attrs
+ -
+ name: timestamp
+ type: u64
+ byte-order: big-endian
+ -
+ name: mark-mask
+ type: u32
+ byte-order: big-endian
+ -
+ name: labels
+ type: binary
+ -
+ name: labels mask
+ type: binary
+ -
+ name: synproxy
+ type: nest
+ nested-attributes: synproxy-attrs
+ -
+ name: filter
+ type: nest
+ nested-attributes: tuple-attrs
+ -
+ name: status-mask
+ type: u32
+ byte-order: big-endian
+ enum: nf-ct-status
+ enum-as-flags: true
+ doc: conntrack flag bits to change
+ -
+ name: timestamp-event
+ type: u64
+ byte-order: big-endian
+ -
+ name: conntrack-stats-attrs
+ attributes:
+ -
+ name: searched
+ type: u32
+ byte-order: big-endian
+ doc: obsolete
+ -
+ name: found
+ type: u32
+ byte-order: big-endian
+ -
+ name: new
+ type: u32
+ byte-order: big-endian
+ doc: obsolete
+ -
+ name: invalid
+ type: u32
+ byte-order: big-endian
+ doc: obsolete
+ -
+ name: ignore
+ type: u32
+ byte-order: big-endian
+ doc: obsolete
+ -
+ name: delete
+ type: u32
+ byte-order: big-endian
+ doc: obsolete
+ -
+ name: delete-list
+ type: u32
+ byte-order: big-endian
+ doc: obsolete
+ -
+ name: insert
+ type: u32
+ byte-order: big-endian
+ -
+ name: insert-failed
+ type: u32
+ byte-order: big-endian
+ -
+ name: drop
+ type: u32
+ byte-order: big-endian
+ -
+ name: early-drop
+ type: u32
+ byte-order: big-endian
+ -
+ name: error
+ type: u32
+ byte-order: big-endian
+ -
+ name: search-restart
+ type: u32
+ byte-order: big-endian
+ -
+ name: clash-resolve
+ type: u32
+ byte-order: big-endian
+ -
+ name: chain-toolong
+ type: u32
+ byte-order: big-endian
+
+operations:
+ enum-model: directional
+ list:
+ -
+ name: get
+ doc: get / dump entries
+ attribute-set: conntrack-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0x101
+ attributes:
+ - tuple-orig
+ - tuple-reply
+ - zone
+ reply:
+ value: 0x100
+ attributes:
+ - tuple-orig
+ - tuple-reply
+ - status
+ - protoinfo
+ - help
+ - nat-src
+ - nat-dst
+ - timeout
+ - mark
+ - counter-orig
+ - counter-reply
+ - use
+ - id
+ - nat-dst
+ - tuple-master
+ - seq-adj-orig
+ - seq-adj-reply
+ - zone
+ - secctx
+ - labels
+ - synproxy
+ dump:
+ request:
+ value: 0x101
+ attributes:
+ - nfgen-family
+ - mark
+ - filter
+ - status
+ - zone
+ reply:
+ value: 0x100
+ attributes:
+ - tuple-orig
+ - tuple-reply
+ - status
+ - protoinfo
+ - help
+ - nat-src
+ - nat-dst
+ - timeout
+ - mark
+ - counter-orig
+ - counter-reply
+ - use
+ - id
+ - nat-dst
+ - tuple-master
+ - seq-adj-orig
+ - seq-adj-reply
+ - zone
+ - secctx
+ - labels
+ - synproxy
+ -
+ name: get-stats
+ doc: dump pcpu conntrack stats
+ attribute-set: conntrack-stats-attrs
+ fixed-header: nfgenmsg
+ dump:
+ request:
+ value: 0x104
+ reply:
+ value: 0x104
+ attributes:
+ - searched
+ - found
+ - insert
+ - insert-failed
+ - drop
+ - early-drop
+ - error
+ - search-restart
+ - clash-resolve
+ - chain-toolong
--
2.48.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH v2 net-next] netlink: specs: add conntrack dump and stats dump support
2025-02-10 15:21 [PATCH v2 net-next] netlink: specs: add conntrack dump and stats dump support Florian Westphal
@ 2025-02-10 18:39 ` Jakub Kicinski
2025-02-10 20:27 ` Florian Westphal
2025-02-11 11:11 ` Donald Hunter
2025-02-13 4:10 ` patchwork-bot+netdevbpf
2 siblings, 1 reply; 8+ messages in thread
From: Jakub Kicinski @ 2025-02-10 18:39 UTC (permalink / raw)
To: Florian Westphal; +Cc: netdev, netfilter-devel, donald.hunter
On Mon, 10 Feb 2025 16:21:52 +0100 Florian Westphal wrote:
> This adds support to dump the connection tracking table
> ("conntrack -L") and the conntrack statistics, ("conntrack -S").
Hi Florian!
Some unhappiness in the HTML doc generation coming from this spec:
/home/doc-build/testing/Documentation/networking/netlink_spec/ctnetlink.rst:68: WARNING: duplicate label conntrack-definition-nfgenmsg, other instance in /home/doc-build/testing/Documentation/networking/netlink_spec/conntrack.rst
/home/doc-build/testing/Documentation/networking/netlink_spec/ctnetlink.rst:81: WARNING: duplicate label conntrack-definition-nf-ct-tcp-flags-mask, other instance in /home/doc-build/testing/Documentation/networking/netlink_spec/conntrack.rst
/home/doc-build/testing/Documentation/networking/netlink_spec/ctnetlink.rst:93: WARNING: duplicate label conntrack-definition-nf-ct-tcp-flags, other instance in /home/doc-build/testing/Documentation/networking/netlink_spec/conntrack.rst
/home/doc-build/testing/Documentation/networking/netlink_spec/ctnetlink.rst:111: WARNING: duplicate label conntrack-definition-nf-ct-tcp-state, other instance in /home/doc-build/testing/Documentation/networking/netlink_spec/conntrack.rst
/home/doc-build/testing/Documentation/networking/netlink_spec/ctnetlink.rst:136: WARNING: duplicate label conntrack-definition-nf-ct-sctp-state, other instance in /home/doc-build/testing/Documentation/networking/netlink_spec/conntrack.rst
/home/doc-build/testing/Documentation/networking/netlink_spec/ctnetlink.rst:155: WARNING: duplicate label conntrack-definition-nf-ct-status, other instance in /home/doc-build/testing/Documentation/networking/netlink_spec/conntrack.rst
Could be either the codegen or the spec that's to blame..
--
pw-bot: cr
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v2 net-next] netlink: specs: add conntrack dump and stats dump support
2025-02-10 18:39 ` Jakub Kicinski
@ 2025-02-10 20:27 ` Florian Westphal
2025-02-10 20:54 ` Jakub Kicinski
0 siblings, 1 reply; 8+ messages in thread
From: Florian Westphal @ 2025-02-10 20:27 UTC (permalink / raw)
To: Jakub Kicinski; +Cc: Florian Westphal, netdev, netfilter-devel, donald.hunter
Jakub Kicinski <kuba@kernel.org> wrote:
> On Mon, 10 Feb 2025 16:21:52 +0100 Florian Westphal wrote:
> > This adds support to dump the connection tracking table
> > ("conntrack -L") and the conntrack statistics, ("conntrack -S").
>
> Hi Florian!
>
> Some unhappiness in the HTML doc generation coming from this spec:
>
> /home/doc-build/testing/Documentation/networking/netlink_spec/ctnetlink.rst:68: WARNING: duplicate label conntrack-definition-nfgenmsg, other instance in /home/doc-build/testing/Documentation/networking/netlink_spec/conntrack.rst
Looks like the tree has both v1 and v2 appliedto it.
v1 added 'ctnetlink.yaml', I renamed it to 'conntrack.yaml' in v2 as
thats what Donald requested.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v2 net-next] netlink: specs: add conntrack dump and stats dump support
2025-02-10 20:27 ` Florian Westphal
@ 2025-02-10 20:54 ` Jakub Kicinski
2025-02-12 18:20 ` Simon Horman
0 siblings, 1 reply; 8+ messages in thread
From: Jakub Kicinski @ 2025-02-10 20:54 UTC (permalink / raw)
To: Florian Westphal; +Cc: netdev, netfilter-devel, donald.hunter
On Mon, 10 Feb 2025 21:27:03 +0100 Florian Westphal wrote:
> Jakub Kicinski <kuba@kernel.org> wrote:
> > On Mon, 10 Feb 2025 16:21:52 +0100 Florian Westphal wrote:
> > > This adds support to dump the connection tracking table
> > > ("conntrack -L") and the conntrack statistics, ("conntrack -S").
> >
> > Hi Florian!
> >
> > Some unhappiness in the HTML doc generation coming from this spec:
> >
> > /home/doc-build/testing/Documentation/networking/netlink_spec/ctnetlink.rst:68: WARNING: duplicate label conntrack-definition-nfgenmsg, other instance in /home/doc-build/testing/Documentation/networking/netlink_spec/conntrack.rst
>
> Looks like the tree has both v1 and v2 appliedto it.
>
> v1 added 'ctnetlink.yaml', I renamed it to 'conntrack.yaml' in v2 as
> thats what Donald requested.
I see. We need to clean the HTML output more thoroughly in the CI 🤔️
I brought the patch back, let's see what happens on next run.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v2 net-next] netlink: specs: add conntrack dump and stats dump support
2025-02-10 15:21 [PATCH v2 net-next] netlink: specs: add conntrack dump and stats dump support Florian Westphal
2025-02-10 18:39 ` Jakub Kicinski
@ 2025-02-11 11:11 ` Donald Hunter
2025-02-13 4:10 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 8+ messages in thread
From: Donald Hunter @ 2025-02-11 11:11 UTC (permalink / raw)
To: Florian Westphal; +Cc: netdev, netfilter-devel
Florian Westphal <fw@strlen.de> writes:
> This adds support to dump the connection tracking table
> ("conntrack -L") and the conntrack statistics, ("conntrack -S").
>
> Example conntrack dump:
> tools/net/ynl/pyynl/cli.py --spec Documentation/netlink/specs/conntrack.yaml --dump get
Hi Florian,
Updates all look good, with one minor new point below.
Reviewed-by: Donald Hunter <donald.hunter@gmail.com>
> +operations:
> + enum-model: directional
> + list:
> + -
> + name: get
> + doc: get / dump entries
> + attribute-set: conntrack-attrs
> + fixed-header: nfgenmsg
> + do:
> + request:
> + value: 0x101
> + attributes:
> + - tuple-orig
> + - tuple-reply
> + - zone
> + reply:
> + value: 0x100
> + attributes:
To avoid duplicating the attribute list in the dump reply, you can
reference this definition:
@@ -565,7 +565,7 @@ operations:
- zone
reply:
value: 0x100
- attributes:
+ attributes: &entries-attrs
- tuple-orig
- tuple-reply
- status
@@ -598,28 +598,7 @@ operations:
- zone
reply:
value: 0x100
- attributes:
- - tuple-orig
- - tuple-reply
- - status
- - protoinfo
- - help
- - nat-src
- - nat-dst
- - timeout
- - mark
- - counter-orig
- - counter-reply
- - use
- - id
- - nat-dst
- - tuple-master
- - seq-adj-orig
- - seq-adj-reply
- - zone
- - secctx
- - labels
- - synproxy
+ attributes: *entries-attrs
-
name: get-stats
doc: dump pcpu conntrack stats
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v2 net-next] netlink: specs: add conntrack dump and stats dump support
2025-02-10 20:54 ` Jakub Kicinski
@ 2025-02-12 18:20 ` Simon Horman
2025-02-12 18:58 ` Jakub Kicinski
0 siblings, 1 reply; 8+ messages in thread
From: Simon Horman @ 2025-02-12 18:20 UTC (permalink / raw)
To: Jakub Kicinski; +Cc: Florian Westphal, netdev, netfilter-devel, donald.hunter
On Mon, Feb 10, 2025 at 12:54:38PM -0800, Jakub Kicinski wrote:
> On Mon, 10 Feb 2025 21:27:03 +0100 Florian Westphal wrote:
> > Jakub Kicinski <kuba@kernel.org> wrote:
> > > On Mon, 10 Feb 2025 16:21:52 +0100 Florian Westphal wrote:
> > > > This adds support to dump the connection tracking table
> > > > ("conntrack -L") and the conntrack statistics, ("conntrack -S").
> > >
> > > Hi Florian!
> > >
> > > Some unhappiness in the HTML doc generation coming from this spec:
> > >
> > > /home/doc-build/testing/Documentation/networking/netlink_spec/ctnetlink.rst:68: WARNING: duplicate label conntrack-definition-nfgenmsg, other instance in /home/doc-build/testing/Documentation/networking/netlink_spec/conntrack.rst
> >
> > Looks like the tree has both v1 and v2 appliedto it.
> >
> > v1 added 'ctnetlink.yaml', I renamed it to 'conntrack.yaml' in v2 as
> > thats what Donald requested.
>
> I see. We need to clean the HTML output more thoroughly in the CI 🤔️
> I brought the patch back, let's see what happens on next run.
It seems happy now.
Should I work on a fix for NIPA?
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v2 net-next] netlink: specs: add conntrack dump and stats dump support
2025-02-12 18:20 ` Simon Horman
@ 2025-02-12 18:58 ` Jakub Kicinski
0 siblings, 0 replies; 8+ messages in thread
From: Jakub Kicinski @ 2025-02-12 18:58 UTC (permalink / raw)
To: Simon Horman; +Cc: Florian Westphal, netdev, netfilter-devel, donald.hunter
On Wed, 12 Feb 2025 18:20:07 +0000 Simon Horman wrote:
> > > Looks like the tree has both v1 and v2 appliedto it.
> > >
> > > v1 added 'ctnetlink.yaml', I renamed it to 'conntrack.yaml' in v2 as
> > > thats what Donald requested.
> >
> > I see. We need to clean the HTML output more thoroughly in the CI 🤔️
> > I brought the patch back, let's see what happens on next run.
>
> It seems happy now.
>
> Should I work on a fix for NIPA?
I'm not gonna say no :)
The problem is a bit broader than just this exact instance.
In general we don't clean up build artifacts to take advantage
of incremental builds. So when files move or get renamed the old
artifacts are left in place occasionally causing issues.
I wonder what the best fix is. Feels like wiping the tree clean
periodically (once a day or two?) could be best? Something like
creating a local file, once that file is more than 2 days old
wipe the tree pristine clean by all means possible, and then
create the file again?
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v2 net-next] netlink: specs: add conntrack dump and stats dump support
2025-02-10 15:21 [PATCH v2 net-next] netlink: specs: add conntrack dump and stats dump support Florian Westphal
2025-02-10 18:39 ` Jakub Kicinski
2025-02-11 11:11 ` Donald Hunter
@ 2025-02-13 4:10 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 8+ messages in thread
From: patchwork-bot+netdevbpf @ 2025-02-13 4:10 UTC (permalink / raw)
To: Florian Westphal; +Cc: netdev, netfilter-devel, donald.hunter
Hello:
This patch was applied to netdev/net-next.git (main)
by Jakub Kicinski <kuba@kernel.org>:
On Mon, 10 Feb 2025 16:21:52 +0100 you wrote:
> This adds support to dump the connection tracking table
> ("conntrack -L") and the conntrack statistics, ("conntrack -S").
>
> Example conntrack dump:
> tools/net/ynl/pyynl/cli.py --spec Documentation/netlink/specs/conntrack.yaml --dump get
> [{'id': 59489769,
> 'mark': 0,
> 'nfgen-family': 2,
> 'protoinfo': {'protoinfo-tcp': {'tcp-flags-original': {'flags': {'maxack',
> 'sack-perm',
> 'window-scale'},
> 'mask': set()},
> 'tcp-flags-reply': {'flags': {'maxack',
> 'sack-perm',
> 'window-scale'},
> 'mask': set()},
> 'tcp-state': 'established',
> 'tcp-wscale-original': 7,
> 'tcp-wscale-reply': 8}},
> 'res-id': 0,
> 'secctx': {'secctx-name': 'system_u:object_r:unlabeled_t:s0'},
> 'status': {'assured',
> 'confirmed',
> 'dst-nat-done',
> 'seen-reply',
> 'src-nat-done'},
> 'timeout': 431949,
> 'tuple-orig': {'tuple-ip': {'ip-v4-dst': '34.107.243.93',
> 'ip-v4-src': '192.168.0.114'},
> 'tuple-proto': {'proto-dst-port': 443,
> 'proto-num': 6,
> 'proto-src-port': 37104}},
> 'tuple-reply': {'tuple-ip': {'ip-v4-dst': '192.168.0.114',
> 'ip-v4-src': '34.107.243.93'},
> 'tuple-proto': {'proto-dst-port': 37104,
> 'proto-num': 6,
> 'proto-src-port': 443}},
> 'use': 1,
> 'version': 0},
> {'id': 3402229480,
>
> [...]
Here is the summary with links:
- [v2,net-next] netlink: specs: add conntrack dump and stats dump support
https://git.kernel.org/netdev/net-next/c/23fc9311a526
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2025-04-01 8:28 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-02-10 15:21 [PATCH v2 net-next] netlink: specs: add conntrack dump and stats dump support Florian Westphal
2025-02-10 18:39 ` Jakub Kicinski
2025-02-10 20:27 ` Florian Westphal
2025-02-10 20:54 ` Jakub Kicinski
2025-02-12 18:20 ` Simon Horman
2025-02-12 18:58 ` Jakub Kicinski
2025-02-11 11:11 ` Donald Hunter
2025-02-13 4:10 ` patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).