lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240701195418.5b465d9c@kernel.org>
Date: Mon, 1 Jul 2024 19:54:18 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Paolo Abeni <pabeni@...hat.com>
Cc: netdev@...r.kernel.org, Jiri Pirko <jiri@...nulli.us>, Madhu Chittim
 <madhu.chittim@...el.com>, Sridhar Samudrala <sridhar.samudrala@...el.com>,
 Simon Horman <horms@...nel.org>, John Fastabend <john.fastabend@...il.com>,
 Sunil Kovvuri Goutham <sgoutham@...vell.com>, Jamal Hadi Salim
 <jhs@...atatu.com>
Subject: Re: [PATCH net-next 1/5] netlink: spec: add shaper YAML spec

On Mon, 01 Jul 2024 12:14:32 +0200 Paolo Abeni wrote:
> > > +      -
> > > +        name: shapers
> > > +        type: nest
> > > +        multi-attr: true
> > > +        nested-attributes: ns-info  
> > 
> > How do shapers differ from shaping attrs in this scope? :S  
> 
> the set() operation must configure multiple shapers with a single
> command - to allow the 'atomic configuration changes' need for Andrew's
> use-case.
> 
> Out-of-sheer ignorance on my side, the above was the most straight-
> forward way to provide set() with an array of shapers.
> 
> Do you mean there are better way to achieve the goal, or "just" that
> the documentation here is missing and _necessary_?

I see, I had a look at patch 2 now.
But that's really "Andrew's use-case" it doesn't cover deletion, right?
Sorry that I don't have a perfect suggestion either but it seems like
a half-measure. It's a partial support for transactions. If we want
transactions we should group ops like nftables. Have normal ops (add,
delete, modify) and control ops (start, commit) which clone the entire
tree, then ops change it, and commit presents new tree to the device.

Alternative would be to, instead of supporting transactions have some
form of a "complex instruction set". Most transformations will take a
set of inputs (+weights / prios), shaping params, and where to attach.

> > > +operations:
> > > +  list:
> > > +    -
> > > +      name: get
> > > +      doc: |
> > > +        Get / Dump information about a/all the shaper for a given device
> > > +      attribute-set: net_shaper
> > > +      flags: [ admin-perm ]  
> > 
> > Any reason why get is admin-perm ?  
> 
> Mostly a "better safe then sorry" approach and cargo-cult form other
> recent yaml changes the hard reasons. Fine to drop it, if there is
> agreement.

I thought we default to GET being non-privileged.
I think that's better, monitoring shouldn't require admin perm
and presumably those shapers may grow stats at some stage.
But no strong feelings.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ