[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <be584167d4096e238df5807ad0212234480c196c.camel@sipsolutions.net>
Date: Sun, 28 Apr 2019 21:53:47 +0200
From: Johannes Berg <johannes@...solutions.net>
To: Pablo Neira Ayuso <pablo@...filter.org>
Cc: netfilter-devel@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [PATCH RFC 4/4] netfilter: nf_tables: add netlink description
On Sat, 2019-04-27 at 12:57 +0200, Pablo Neira Ayuso wrote:
> But they all point to the same nested_policy, ie. these nested
> atributes represent instances of the same object class.
To some extent, yes.
> I think this is meaningful to userspace in terms of providing a
> description of the interface, rather than making it look.
Sure.
> Without the ID, it is not possible from userspace to see that MY_ATTR
> and MY_OTHER_ATTR refer to the same object, right?
There is an ID, and if you reference the same sub-policy multiple times
for nested / nested array attribute types (even at different levels of
nesting btw) then this sub-policy will only be dumped to userspace
multiple times, given an ID, and be referenced by that ID from the
appropriate attribute types in other root/sub-policies.
The only thing is that between kernel versions that ID may change as
it's computed while walking the policy graph, and that graph may change
and thus the walk may reach nodes in the graph in a different order and
thereby label them differently.
johannes
Powered by blists - more mailing lists