lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <m2plvcj27b.fsf@gmail.com>
Date: Fri, 29 Mar 2024 18:57:28 +0000
From: Donald Hunter <donald.hunter@...il.com>
To: Jakub Kicinski <kuba@...nel.org>
Cc: netdev@...r.kernel.org,  "David S. Miller" <davem@...emloft.net>,  Eric
 Dumazet <edumazet@...gle.com>,  Paolo Abeni <pabeni@...hat.com>,  Jiri
 Pirko <jiri@...nulli.us>,  Jacob Keller <jacob.e.keller@...el.com>,
  Stanislav Fomichev <sdf@...gle.com>,  donald.hunter@...hat.com
Subject: Re: [PATCH net-next v1 2/2] tools/net/ynl: Add multi message
 support to ynl

Jakub Kicinski <kuba@...nel.org> writes:

> On Fri, 29 Mar 2024 13:37:31 +0000 Donald Hunter wrote:
>> > We'd only support multiple "do" requests, I wonder if we should somehow
>> > call this out. Is --multi-do unnecessary extra typing?  
>> 
>> I prefer --multi but will update the help text to say "DO-OPERATIION"
>> and "... several do operations".
>
> Alright, technically doing multi-dump should also work, but maybe
> there's less of a benefit there, so we can keep the multi focused
> on do for now.
>
> Looking at the code again, are you sure we'll process all the responses
> not just the first one?
>
> Shouldn't this:
>
> +                    del reqs_by_seq[nl_msg.nl_seq]
>                      done = True
>
> be something like:
>
> 		del reqs_by_seq[nl_msg.nl_seq]
> 		done = len(reqs_by_seq) == 0
>

Hmm yes, that's a good catch. I need to check the DONE semantics for
these nftables batch operations.

> Would be good to add an example of multi executing some get operations.

I think this was a blind spot on my part because nftables doesn't
support batch for get operations:

https://elixir.bootlin.com/linux/latest/source/net/netfilter/nf_tables_api.c#L9092

I'll need to try using multi for gets without any batch messages and see how
everything behaves.

> My other concern is the formatting of the response. For mutli we should
> probably retain the indexes, e.g. 3 dos should produce an array with a
> length of 3, some of the entries may be None if the command only acked.
> Would that make sense?

As I said, a blind spot on my part - I didn't really think there was a
need to do anything for None responses but if get can work then an array
of responses will be needed.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ