From: Sabrina Dubroca <sd@queasysnail.net>
To: netdev@vger.kernel.org
Cc: steffen.klassert@secunet.com, Sabrina Dubroca <sd@queasysnail.net>
Subject: [RFC PATCH ipsec-next 0/6] xfrm: start adding netlink extack support
Date: Thu, 11 Nov 2021 13:02:41 +0100 [thread overview]
Message-ID: <cover.1636450303.git.sd@queasysnail.net> (raw)
XFRM states and policies are complex objects, and there are many
reasons why the kernel can reject userspace's request to create
one. This series makes it a bit clearer by providing extended ack
messages for policy creation.
A few other operations that reuse the same helper functions are also
getting partial extack support in this series. More patches will
follow to complete extack support, in particular for state creation.
Note: The policy->share attribute seems to be entirely ignored in the
kernel outside of checking its value in verify_newpolicy_info(). There
are some (very) old comments in copy_from_user_policy and
copy_to_user_policy suggesting that it should at least be copied
to/from userspace. I don't know what it was intended for.
Sabrina Dubroca (6):
xfrm: propagate extack to all netlink doit handlers
xfrm: add extack support to verify_newpolicy_info
xfrm: add extack to verify_policy_dir
xfrm: add extack to validate_tmpl
xfrm: add extack to verify_policy_type
xfrm: add extack to verify_sec_ctx_len
net/xfrm/xfrm_user.c | 163 +++++++++++++++++++++++++++----------------
1 file changed, 103 insertions(+), 60 deletions(-)
--
2.33.1
next reply other threads:[~2021-11-11 12:03 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-11 12:02 Sabrina Dubroca [this message]
2021-11-11 12:02 ` [RFC PATCH ipsec-next 1/6] xfrm: propagate extack to all netlink doit handlers Sabrina Dubroca
2021-11-11 12:02 ` [RFC PATCH ipsec-next 2/6] xfrm: add extack support to verify_newpolicy_info Sabrina Dubroca
2021-11-11 12:02 ` [RFC PATCH ipsec-next 3/6] xfrm: add extack to verify_policy_dir Sabrina Dubroca
2021-11-11 12:02 ` [RFC PATCH ipsec-next 4/6] xfrm: add extack to validate_tmpl Sabrina Dubroca
2021-11-11 12:02 ` [RFC PATCH ipsec-next 5/6] xfrm: add extack to verify_policy_type Sabrina Dubroca
2021-11-11 12:02 ` [RFC PATCH ipsec-next 6/6] xfrm: add extack to verify_sec_ctx_len Sabrina Dubroca
2021-12-02 14:08 ` [RFC PATCH ipsec-next 0/6] xfrm: start adding netlink extack support Steffen Klassert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1636450303.git.sd@queasysnail.net \
--to=sd@queasysnail.net \
--cc=netdev@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.