| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Apr 2019 20:04:30 +0200
From: Pablo Neira Ayuso <pablo@...filter.org>
To: Johannes Berg <johannes@...solutions.net>
Cc: netfilter-devel@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [PATCH RFC 4/4] netfilter: nf_tables: add netlink description
On Fri, Apr 26, 2019 at 07:28:15PM +0200, Johannes Berg wrote:
> On Fri, 2019-04-26 at 19:17 +0200, Johannes Berg wrote:
> >
> > Ideally, we'd add this as
> >
> > {
> > .cmd = XYZ,
> > .doit = do_xyz,
> > .dumpit = dump_xyz,
> > .attrs = { ATTR_A, ATTR_B, ATTR_C, ATTR_D },
> > }
> >
> > but of course there's no good way to express this in C, you'd have to
> > build an out-of-line array and point to it.
>
> Actually, it's possibly even more complicated. After all, it is possible
> that you have an ATTR_N, that is nested, and that contains certain sub-
> attributes (ATTR_N_A, ATTR_N_B, ...) of which only some are valid for
> the operation X, but a different subset is valid for operation Y.
I solved this in my patchset through the object ID. So each command
points to an object ID, then such object ID comes with a list of
attributes.
If we use the list policies that you propose, then it's just an extra
enumeration to maintain for each command. And many commands will
likely reuse the same object ID.
Powered by blists - more mailing lists