| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 May 2023 12:32:24 +0200 From: Andrea Claudi <aclaudi@...hat.com> To: Vladimir Nikishkin <vladimir@...ishkin.pw> Cc: Stephen Hemminger <stephen@...workplumber.org>, Ido Schimmel <idosch@...sch.org>, dsahern@...il.com, netdev@...r.kernel.org, davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com, eng.alaamohamedsoliman.am@...il.com, gnault@...hat.com, razor@...ckwall.org, idosch@...dia.com, liuhangbin@...il.com, eyal.birger@...il.com, jtoppins@...hat.com Subject: Re: [PATCH iproute2-next v5] ip-link: add support for nolocalbypass in vxlan On Tue, May 23, 2023 at 05:52:30PM +0800, Vladimir Nikishkin wrote: > > Andrea Claudi <aclaudi@...hat.com> writes: > > > On Mon, May 22, 2023 at 08:32:16AM -0700, Stephen Hemminger wrote: > >> On Mon, 22 May 2023 09:15:34 +0300 > >> Ido Schimmel <idosch@...sch.org> wrote: > >> > >> > On Sun, May 21, 2023 at 12:47:41PM -0700, Stephen Hemminger wrote: > >> > > On Sun, 21 May 2023 22:23:25 +0300 > >> > > Ido Schimmel <idosch@...sch.org> wrote: > >> > > > >> > > > + if (tb[IFLA_VXLAN_LOCALBYPASS]) > >> > > > + print_bool(PRINT_ANY, "localbypass", "localbypass ", > >> > > > + rta_getattr_u8(tb[IFLA_VXLAN_LOCALBYPASS])) > >> > > > >> > > That will not work for non json case. It will print localbypass whether it is set or not. > >> > > The third argument is a format string used in the print routine. > >> > > >> > Yea, replied too late... > >> > > >> > Anyway, my main problem is with the JSON output. Looking at other > >> > boolean VXLAN options, we have at least 3 different formats: > >> > > >> > 1. Only print when "true" for both JSON and non-JSON output. Used for > >> > "external", "vnifilter", "proxy", "rsc", "l2miss", "l3miss", > >> > "remcsum_tx", "remcsum_rx". > >> > > >> > 2. Print when both "true" and "false" for both JSON and non-JSON output. > >> > Used for "udp_csum", "udp_zero_csum6_tx", "udp_zero_csum6_rx". > >> > > >> > 3. Print JSON when both "true" and "false" and non-JSON only when > >> > "false". Used for "learning". > >> > > >> > I don't think we should be adding another format. We need to decide: > >> > > >> > 1. What is the canonical format going forward? > >> > > >> > 2. Do we change the format of existing options? > >> > > >> > My preference is: > >> > > >> > 1. Format 2. Can be implemented in a common helper used for all VXLAN > >> > options. > >> > > >> > 2. Yes. It makes all the boolean options consistent and avoids future > >> > discussions such as this where a random option is used for a new option. > >> > >> A fourth option is to us print_null(). The term null is confusing and people > >> seem to avoid it. But it is often used by python programmers as way to represent > >> options. That would be my preferred option but others seem to disagree. > >> > >> Option #2 is no good. Any printing of true/false in non-JSON output is a diveregence > >> from the most common practice across iproute2. > >> > >> That leaves #3 as the correct and best output. > >> > >> FYI - The iproute2 maintainers are David Ahern and me. The kernel bits have > >> other subsystem maintainers. > >> > > > > Just to make sure I understand correctly, this means we are printing > > "nolocalbypass" in non-JSON output because it's the non-default > > settings, right? > > > > If this is correct, then if we have another option in the future that > > comes disabled by default, this means we are going to print it in > > non-JSON output when enabled. > > > > As the primary consumer of non-JSON output are humans, I am a bit > > concerned since a succession of enabled/noenabled options is awkward and > > difficult to read, in my opinion. > > > > Wouldn't it be better to have non-JSON print out options only when > > enabled, regardless of their default value? > > Sorry, what is "enabled" and what is "disabled by default"? > I think this is a major source of confusion. > > If the option is "nolocalbypass", it is "disabled by default". > If the option is "localbypass", it is "enabled by default". > > Intuitively, it seems that everything that is "default" should be > considered disabled, hence the actual option is "nolocalbypass", an by > default it is disabled, and hence not printed. Its opposite requires > explicitly adding a command-line parameter, and hence the "enabled" > state is "nolocalbypass". I think this is the logic that Stephen is > proposing. > This is indeed confusing, let me try to be more clear. Let's start considering that we have a single place to store this info, tb[IFLA_VXLAN_LOCALBYPASS], and this is either true or false. So, after: localbypass = rta_getattr_u8(tb[IFLA_VXLAN_LOCALBYPASS]); you expect localbypass to be true if the user does not modify it, and you print "nolocalbypass" when instead it is changed to false. Fine. Now, let's have another option, tb[IFLA_VXLAN_MYOPTION]. Using: myoption = rta_getattr_u8(tb[IFLA_VXLAN_MYOPTION]); I expect myoption to be false without user intervention, because this is how this new option work. I'll print this out only when the user toogle this to true. Now, if we decide to print only what happens when the user toogle the option with a command-line parameter, we may have: nolocalbypass myoption nooption2 option3 nooption4 ... which seems to me awkward and difficult to read. Instead, printing only when true: myoption option3 This simply says "myoption and option3 are enabled, all the rest is disabled". It seems to me much more easier to read and understand. > > -- > Your sincerely, > Vladimir Nikishkin (MiEr, lockywolf) > (Laptop) > -- > Fastmail. >
Powered by blists - more mailing lists