All of lore.kernel.org
 help / color / mirror / Atom feed
From: Alexei Starovoitov <ast@plumgrid.com>
To: Willem de Bruijn <willemb@google.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>,
	Daniel Borkmann <dborkman@redhat.com>,
	"David S. Miller" <davem@davemloft.net>,
	Network Development <netdev@vger.kernel.org>,
	linux-kernel <linux-kernel@vger.kernel.org>,
	netfilter-devel <netfilter-devel@vger.kernel.org>
Subject: Re: [PATCH net-next] net: filter: rename 'struct sk_filter' to 'struct bpf_prog'
Date: Fri, 25 Jul 2014 11:58:44 -0700	[thread overview]
Message-ID: <CAMEtUuzf9j6xF7dtN=pWH0T8wgRok0ZXKjZeUnrvCHYMSQpkXQ@mail.gmail.com> (raw)
In-Reply-To: <CA+FuTSeK3BCqa+4nXe8WwvqNH86pK36=uwvfnkiA-EsN_gnEkA@mail.gmail.com>

On Fri, Jul 25, 2014 at 11:50 AM, Willem de Bruijn <willemb@google.com> wrote:
> On Fri, Jul 25, 2014 at 2:43 PM, Alexei Starovoitov <ast@plumgrid.com> wrote:
>> On Fri, Jul 25, 2014 at 11:32 AM, Willem de Bruijn <willemb@google.com> wrote:
>>>>> This follows a convention in include/uapi/linux/netfilter/*.h that
>>>>> likely predates the introduction of uapi. A search for "Used
>>>>> internally by the kernel" shows many more examples. I should not have
>>>>> included filter.h, however. The common behavior when using pointers
>>>>> to kernel-internal structures is to have a forward declaration. I suggest
>>>>> making that change, instead of changing to void *. This avoids having
>>>>> to add casts where xt_bpf_info is used in net/netfilter/xt_bpf.c:
>>>>
>>>> that will not avoid typecast.
>>>> Either 'void *' approach or extra 'struct sk_filter;' approach, both need
>>>> type casts to 'struct bpf_prog' in xt_bpf.c
>>>> (because of SK_RUN_FILTER macro)
>>>> Therefore I prefer extra 'struct sk_filter;' approach.
>>>
>>> I hadn't noticed that your patch makes the same change that I
>>> proposed. Nothing in userspace should touch that pointer, so it is
>>> fine to change its type to struct bpf_prog* at the same time. No need
>>> for typecasts.
>>
>> really? I don't think it's a good idea to expose kernel struct type
>> to user space. How is it even going to compile?
>
> a forward declaration.
>
>> #include <linux/filter.h> brings different files in kernel and in user space.
>> struct bpf_prog is undefined in user space and compiler will complain.
>> Adding 'struct bpf_prog;' will be ugly.
>> imo the lesser evil is adding 'struct sk_filter;' and doing type casts
>> in kernel.
>
> but the exact same argument applies to sk_filter. If that struct is
> renamed everywhere else, then the result will only be more confusing.
> A forward declaration is the standard workaround to all such cases in
> include/uapi/linux/netfilter. See for instance xt_connlimit.h. This is
> sufficient to allow userspace build to succeed, without exposing any
> kernel structure detail. If you don't even want to leak the name, then
> let's make it void *. Keeping a declaration for sk_filter, while
> sk_filter is renamed everywhere else is the least good option, in my
> opinion.

well, since you the author of this bit and you're ok with 'void *', I'm ok
with it too :) Just typecast in kernel is still needed because of
SK_RUN_FILTER() macro...

  reply	other threads:[~2014-07-25 18:58 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-07-25  8:04 [PATCH net-next] net: filter: rename 'struct sk_filter' to 'struct bpf_prog' Alexei Starovoitov
2014-07-25 11:25 ` Daniel Borkmann
2014-07-25 11:54   ` Pablo Neira Ayuso
2014-07-25 13:00     ` Daniel Borkmann
2014-07-25 17:24       ` Alexei Starovoitov
2014-07-25 22:17         ` Pablo Neira Ayuso
2014-07-27  5:41           ` Alexei Starovoitov
2014-07-28 21:45             ` Pablo Neira Ayuso
2014-07-29  0:12               ` David Miller
2014-07-29  1:12               ` Alexei Starovoitov
2014-07-29  1:16                 ` David Miller
2014-07-25 13:53     ` Willem de Bruijn
2014-07-25 17:27       ` Alexei Starovoitov
2014-07-25 18:32         ` Willem de Bruijn
2014-07-25 18:43           ` Alexei Starovoitov
2014-07-25 18:50             ` Willem de Bruijn
2014-07-25 18:58               ` Alexei Starovoitov [this message]
2014-07-25 19:02                 ` Alexei Starovoitov
2014-07-25 22:20               ` Pablo Neira Ayuso

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAMEtUuzf9j6xF7dtN=pWH0T8wgRok0ZXKjZeUnrvCHYMSQpkXQ@mail.gmail.com' \
    --to=ast@plumgrid.com \
    --cc=davem@davemloft.net \
    --cc=dborkman@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    --cc=willemb@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.