lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZGc9MHUkZ7nS7q+o@renaissance-vector> Date: Fri, 19 May 2023 11:11:12 +0200 From: Andrea Claudi <aclaudi@...hat.com> To: Vladimir Nikishkin <vladimir@...ishkin.pw> Cc: Stephen Hemminger <stephen@...workplumber.org>, netdev@...r.kernel.org, davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com, eng.alaamohamedsoliman.am@...il.com, gnault@...hat.com, razor@...ckwall.org, idosch@...dia.com, liuhangbin@...il.com, eyal.birger@...il.com, jtoppins@...hat.com Subject: Re: [PATCH iproute2-next v4] ip-link: add support for nolocalbypass in vxlan On Fri, May 19, 2023 at 11:50:03AM +0800, Vladimir Nikishkin wrote: > > Stephen Hemminger <stephen@...workplumber.org> writes: > > > On Thu, 18 May 2023 21:46:01 +0800 > > Vladimir Nikishkin <vladimir@...ishkin.pw> wrote: > > > >> + if (tb[IFLA_VXLAN_LOCALBYPASS]) { > >> + __u8 localbypass = rta_getattr_u8(tb[IFLA_VXLAN_LOCALBYPASS]); > >> + > >> + print_bool(PRINT_JSON, "localbypass", NULL, localbypass); > >> + if (localbypass) { > >> + print_string(PRINT_FP, NULL, "localbypass ", NULL); > >> + } else { > >> + print_string(PRINT_FP, NULL, "nolocalbypass ", NULL); > >> + } > >> + } > > > > You don't have to print anything if nolocalbypass. Use presence as > > a boolean in JSON. > > > > I.e. > > if (tb[IFLA_VXLAN_LOCALBYPASS] && > > rta_getattr_u8(tb[IFLA_VXLAN_LOCALBYPASS])) { > > print_bool(PRINT_ANY, "localbypass", "localbypass", true); > > } > > > > That is what other options do. > > Follows the best practices for changes to existing programs: your > > new feature should look like all the others. > > Sorry, I do not understand. I intended to do exactly that, and I copied > and adjusted for the option name the code currently used for the > "udpcsum" option. Which is exactly > > if (is_json_context()) { > print_bool(PRINT_ANY, "udp_csum", NULL, udp_csum); > } else { > if (!udp_csum) > fputs("no", f); > fputs("udpcsum ", f); > } > I just replaced that option name with [no]localbypass. Fairly > straightforward, prints noudpcsum or udpcsum. Later Andrea C > > Then Andrea Claudi suggested that print_bool knows about the json > context itself, so the outer check is not needed, so I removed that. > But the "model option" I used (really the simplest one), does have > output both when set to true, and when set to false. I have neither an > opinion on this nor an understanding what is better for scripting. But I > do not understand the suggestion "do like the other options do", when > seemingly, other options do what I suggest in the first place. > If I get Stephen corretly, he is simply suggesting that printing "nolocalbypass" is unnecessary. If you find don't find "localbypass" in the output, you know it's not enabled. Unfortunately iplink_vxlan does not work according to this logic, as you are pointing out, but there are several places where this happens, like link_gre6.c:543. So you can do that for "localbypass" here. Fixing old options, on the other hand, is not easy, as we may end up breaking user scripts relying on "no<whatever>" option. I can work on a patch for that, but we probably need some kind of deprecation warning to users. Stephen, what do you think?
Powered by blists - more mailing lists