* [PATCH nf-next] nfqueue: enable to get skb->priority @ 2022-01-17 20:56 Nicolas Dichtel 2022-01-18 12:36 ` Florian Westphal 2022-02-04 5:15 ` Pablo Neira Ayuso 0 siblings, 2 replies; 16+ messages in thread From: Nicolas Dichtel @ 2022-01-17 20:56 UTC (permalink / raw) To: fw, pablo; +Cc: netfilter-devel, netdev, Nicolas Dichtel This info could be useful to improve traffic analysis. Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> --- include/uapi/linux/netfilter/nfnetlink_queue.h | 1 + net/netfilter/nfnetlink_queue.c | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/include/uapi/linux/netfilter/nfnetlink_queue.h b/include/uapi/linux/netfilter/nfnetlink_queue.h index aed90c4df0c8..ef7c97f21a15 100644 --- a/include/uapi/linux/netfilter/nfnetlink_queue.h +++ b/include/uapi/linux/netfilter/nfnetlink_queue.h @@ -61,6 +61,7 @@ enum nfqnl_attr_type { NFQA_SECCTX, /* security context string */ NFQA_VLAN, /* nested attribute: packet vlan info */ NFQA_L2HDR, /* full L2 header */ + NFQA_PRIORITY, /* skb->priority */ __NFQA_MAX }; diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index ea2d9c2a44cf..48d7a59c6482 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -402,6 +402,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, + nla_total_size(sizeof(u_int32_t)) /* ifindex */ #endif + nla_total_size(sizeof(u_int32_t)) /* mark */ + + nla_total_size(sizeof(u_int32_t)) /* priority */ + nla_total_size(sizeof(struct nfqnl_msg_packet_hw)) + nla_total_size(sizeof(u_int32_t)) /* skbinfo */ + nla_total_size(sizeof(u_int32_t)); /* cap_len */ @@ -559,6 +560,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, nla_put_be32(skb, NFQA_MARK, htonl(entskb->mark))) goto nla_put_failure; + if (entskb->priority && + nla_put_be32(skb, NFQA_PRIORITY, htonl(entskb->priority))) + goto nla_put_failure; + if (indev && entskb->dev && skb_mac_header_was_set(entskb) && skb_mac_header_len(entskb) != 0) { -- 2.33.0 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* Re: [PATCH nf-next] nfqueue: enable to get skb->priority 2022-01-17 20:56 [PATCH nf-next] nfqueue: enable to get skb->priority Nicolas Dichtel @ 2022-01-18 12:36 ` Florian Westphal 2022-02-04 5:15 ` Pablo Neira Ayuso 1 sibling, 0 replies; 16+ messages in thread From: Florian Westphal @ 2022-01-18 12:36 UTC (permalink / raw) To: Nicolas Dichtel; +Cc: fw, pablo, netfilter-devel, netdev Nicolas Dichtel <nicolas.dichtel@6wind.com> wrote: > This info could be useful to improve traffic analysis. Acked-by: Florian Westphal <fw@strlen.de> ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH nf-next] nfqueue: enable to get skb->priority 2022-01-17 20:56 [PATCH nf-next] nfqueue: enable to get skb->priority Nicolas Dichtel 2022-01-18 12:36 ` Florian Westphal @ 2022-02-04 5:15 ` Pablo Neira Ayuso 2022-02-04 5:16 ` Pablo Neira Ayuso 2022-02-04 10:26 ` [PATCH libnetfilter_queue] libnetfilter_queue: add support of skb->priority Nicolas Dichtel 1 sibling, 2 replies; 16+ messages in thread From: Pablo Neira Ayuso @ 2022-02-04 5:15 UTC (permalink / raw) To: Nicolas Dichtel; +Cc: fw, netfilter-devel, netdev On Mon, Jan 17, 2022 at 09:56:13PM +0100, Nicolas Dichtel wrote: > This info could be useful to improve traffic analysis. Applied. ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH nf-next] nfqueue: enable to get skb->priority 2022-02-04 5:15 ` Pablo Neira Ayuso @ 2022-02-04 5:16 ` Pablo Neira Ayuso 2022-02-04 10:21 ` [PATCH nf-next] nfqueue: enable to set skb->priority Nicolas Dichtel 2022-02-04 10:26 ` [PATCH libnetfilter_queue] libnetfilter_queue: add support of skb->priority Nicolas Dichtel 1 sibling, 1 reply; 16+ messages in thread From: Pablo Neira Ayuso @ 2022-02-04 5:16 UTC (permalink / raw) To: Nicolas Dichtel; +Cc: fw, netfilter-devel, netdev On Fri, Feb 04, 2022 at 06:15:20AM +0100, Pablo Neira Ayuso wrote: > On Mon, Jan 17, 2022 at 09:56:13PM +0100, Nicolas Dichtel wrote: > > This info could be useful to improve traffic analysis. > > Applied. Maybe allow to update this skbuff field from the verdict path too? I don't remember any read-only field like this in nfqueue. ^ permalink raw reply [flat|nested] 16+ messages in thread
* [PATCH nf-next] nfqueue: enable to set skb->priority 2022-02-04 5:16 ` Pablo Neira Ayuso @ 2022-02-04 10:21 ` Nicolas Dichtel 2022-02-04 11:59 ` Florian Westphal ` (2 more replies) 0 siblings, 3 replies; 16+ messages in thread From: Nicolas Dichtel @ 2022-02-04 10:21 UTC (permalink / raw) To: pablo; +Cc: fw, netfilter-devel, netdev, Nicolas Dichtel This is a follow up of the previous patch that enables to get skb->priority. It's now posssible to set it also. Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> --- net/netfilter/nfnetlink_queue.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 48d7a59c6482..8c15978d9258 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -1019,11 +1019,13 @@ static const struct nla_policy nfqa_verdict_policy[NFQA_MAX+1] = { [NFQA_CT] = { .type = NLA_UNSPEC }, [NFQA_EXP] = { .type = NLA_UNSPEC }, [NFQA_VLAN] = { .type = NLA_NESTED }, + [NFQA_PRIORITY] = { .type = NLA_U32 }, }; static const struct nla_policy nfqa_verdict_batch_policy[NFQA_MAX+1] = { [NFQA_VERDICT_HDR] = { .len = sizeof(struct nfqnl_msg_verdict_hdr) }, [NFQA_MARK] = { .type = NLA_U32 }, + [NFQA_PRIORITY] = { .type = NLA_U32 }, }; static struct nfqnl_instance * @@ -1104,6 +1106,9 @@ static int nfqnl_recv_verdict_batch(struct sk_buff *skb, if (nfqa[NFQA_MARK]) entry->skb->mark = ntohl(nla_get_be32(nfqa[NFQA_MARK])); + if (nfqa[NFQA_PRIORITY]) + entry->skb->priority = ntohl(nla_get_be32(nfqa[NFQA_PRIORITY])); + nfqnl_reinject(entry, verdict); } return 0; @@ -1230,6 +1235,9 @@ static int nfqnl_recv_verdict(struct sk_buff *skb, const struct nfnl_info *info, if (nfqa[NFQA_MARK]) entry->skb->mark = ntohl(nla_get_be32(nfqa[NFQA_MARK])); + if (nfqa[NFQA_PRIORITY]) + entry->skb->priority = ntohl(nla_get_be32(nfqa[NFQA_PRIORITY])); + nfqnl_reinject(entry, verdict); return 0; } -- 2.33.0 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* Re: [PATCH nf-next] nfqueue: enable to set skb->priority 2022-02-04 10:21 ` [PATCH nf-next] nfqueue: enable to set skb->priority Nicolas Dichtel @ 2022-02-04 11:59 ` Florian Westphal 2022-02-04 17:18 ` kernel test robot 2022-02-09 11:04 ` Pablo Neira Ayuso 2 siblings, 0 replies; 16+ messages in thread From: Florian Westphal @ 2022-02-04 11:59 UTC (permalink / raw) To: Nicolas Dichtel; +Cc: pablo, fw, netfilter-devel, netdev Nicolas Dichtel <nicolas.dichtel@6wind.com> wrote: > This is a follow up of the previous patch that enables to get > skb->priority. It's now posssible to set it also. Seems reasonable. Acked-by: Florian Westphal <fw@strlen.de> ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH nf-next] nfqueue: enable to set skb->priority 2022-02-04 10:21 ` [PATCH nf-next] nfqueue: enable to set skb->priority Nicolas Dichtel @ 2022-02-04 17:18 ` kernel test robot 2022-02-04 17:18 ` kernel test robot 2022-02-09 11:04 ` Pablo Neira Ayuso 2 siblings, 0 replies; 16+ messages in thread From: kernel test robot @ 2022-02-04 17:18 UTC (permalink / raw) To: Nicolas Dichtel, pablo Cc: kbuild-all, fw, netfilter-devel, netdev, Nicolas Dichtel Hi Nicolas, Thank you for the patch! Yet something to improve: [auto build test ERROR on nf-next/master] url: https://github.com/0day-ci/linux/commits/Nicolas-Dichtel/nfqueue-enable-to-set-skb-priority/20220204-182222 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: x86_64-rhel-8.3 (https://download.01.org/0day-ci/archive/20220205/202202050128.hIk17NxG-lkp@intel.com/config) compiler: gcc-9 (Debian 9.3.0-22) 9.3.0 reproduce (this is a W=1 build): # https://github.com/0day-ci/linux/commit/6a71b6ea544796cb9976502dfd64361abb745cc5 git remote add linux-review https://github.com/0day-ci/linux git fetch --no-tags linux-review Nicolas-Dichtel/nfqueue-enable-to-set-skb-priority/20220204-182222 git checkout 6a71b6ea544796cb9976502dfd64361abb745cc5 # save the config file to linux build tree mkdir build_dir make W=1 O=build_dir ARCH=x86_64 SHELL=/bin/bash arch/x86/kvm/ net/netfilter/ If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <lkp@intel.com> All errors (new ones prefixed by >>): >> net/netfilter/nfnetlink_queue.c:1017:3: error: 'NFQA_PRIORITY' undeclared here (not in a function); did you mean 'FRA_PRIORITY'? 1017 | [NFQA_PRIORITY] = { .type = NLA_U32 }, | ^~~~~~~~~~~~~ | FRA_PRIORITY >> net/netfilter/nfnetlink_queue.c:1017:3: error: array index in initializer not of integer type net/netfilter/nfnetlink_queue.c:1017:3: note: (near initialization for 'nfqa_verdict_policy') net/netfilter/nfnetlink_queue.c:1023:3: error: array index in initializer not of integer type 1023 | [NFQA_PRIORITY] = { .type = NLA_U32 }, | ^~~~~~~~~~~~~ net/netfilter/nfnetlink_queue.c:1023:3: note: (near initialization for 'nfqa_verdict_batch_policy') vim +1017 net/netfilter/nfnetlink_queue.c 1009 1010 static const struct nla_policy nfqa_verdict_policy[NFQA_MAX+1] = { 1011 [NFQA_VERDICT_HDR] = { .len = sizeof(struct nfqnl_msg_verdict_hdr) }, 1012 [NFQA_MARK] = { .type = NLA_U32 }, 1013 [NFQA_PAYLOAD] = { .type = NLA_UNSPEC }, 1014 [NFQA_CT] = { .type = NLA_UNSPEC }, 1015 [NFQA_EXP] = { .type = NLA_UNSPEC }, 1016 [NFQA_VLAN] = { .type = NLA_NESTED }, > 1017 [NFQA_PRIORITY] = { .type = NLA_U32 }, 1018 }; 1019 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH nf-next] nfqueue: enable to set skb->priority @ 2022-02-04 17:18 ` kernel test robot 0 siblings, 0 replies; 16+ messages in thread From: kernel test robot @ 2022-02-04 17:18 UTC (permalink / raw) To: kbuild-all [-- Attachment #1: Type: text/plain, Size: 2519 bytes --] Hi Nicolas, Thank you for the patch! Yet something to improve: [auto build test ERROR on nf-next/master] url: https://github.com/0day-ci/linux/commits/Nicolas-Dichtel/nfqueue-enable-to-set-skb-priority/20220204-182222 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: x86_64-rhel-8.3 (https://download.01.org/0day-ci/archive/20220205/202202050128.hIk17NxG-lkp(a)intel.com/config) compiler: gcc-9 (Debian 9.3.0-22) 9.3.0 reproduce (this is a W=1 build): # https://github.com/0day-ci/linux/commit/6a71b6ea544796cb9976502dfd64361abb745cc5 git remote add linux-review https://github.com/0day-ci/linux git fetch --no-tags linux-review Nicolas-Dichtel/nfqueue-enable-to-set-skb-priority/20220204-182222 git checkout 6a71b6ea544796cb9976502dfd64361abb745cc5 # save the config file to linux build tree mkdir build_dir make W=1 O=build_dir ARCH=x86_64 SHELL=/bin/bash arch/x86/kvm/ net/netfilter/ If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <lkp@intel.com> All errors (new ones prefixed by >>): >> net/netfilter/nfnetlink_queue.c:1017:3: error: 'NFQA_PRIORITY' undeclared here (not in a function); did you mean 'FRA_PRIORITY'? 1017 | [NFQA_PRIORITY] = { .type = NLA_U32 }, | ^~~~~~~~~~~~~ | FRA_PRIORITY >> net/netfilter/nfnetlink_queue.c:1017:3: error: array index in initializer not of integer type net/netfilter/nfnetlink_queue.c:1017:3: note: (near initialization for 'nfqa_verdict_policy') net/netfilter/nfnetlink_queue.c:1023:3: error: array index in initializer not of integer type 1023 | [NFQA_PRIORITY] = { .type = NLA_U32 }, | ^~~~~~~~~~~~~ net/netfilter/nfnetlink_queue.c:1023:3: note: (near initialization for 'nfqa_verdict_batch_policy') vim +1017 net/netfilter/nfnetlink_queue.c 1009 1010 static const struct nla_policy nfqa_verdict_policy[NFQA_MAX+1] = { 1011 [NFQA_VERDICT_HDR] = { .len = sizeof(struct nfqnl_msg_verdict_hdr) }, 1012 [NFQA_MARK] = { .type = NLA_U32 }, 1013 [NFQA_PAYLOAD] = { .type = NLA_UNSPEC }, 1014 [NFQA_CT] = { .type = NLA_UNSPEC }, 1015 [NFQA_EXP] = { .type = NLA_UNSPEC }, 1016 [NFQA_VLAN] = { .type = NLA_NESTED }, > 1017 [NFQA_PRIORITY] = { .type = NLA_U32 }, 1018 }; 1019 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH nf-next] nfqueue: enable to set skb->priority 2022-02-04 10:21 ` [PATCH nf-next] nfqueue: enable to set skb->priority Nicolas Dichtel 2022-02-04 11:59 ` Florian Westphal 2022-02-04 17:18 ` kernel test robot @ 2022-02-09 11:04 ` Pablo Neira Ayuso 2 siblings, 0 replies; 16+ messages in thread From: Pablo Neira Ayuso @ 2022-02-09 11:04 UTC (permalink / raw) To: Nicolas Dichtel; +Cc: fw, netfilter-devel, netdev On Fri, Feb 04, 2022 at 11:21:43AM +0100, Nicolas Dichtel wrote: > This is a follow up of the previous patch that enables to get > skb->priority. It's now posssible to set it also. Applied. ^ permalink raw reply [flat|nested] 16+ messages in thread
* [PATCH libnetfilter_queue] libnetfilter_queue: add support of skb->priority 2022-02-04 5:15 ` Pablo Neira Ayuso 2022-02-04 5:16 ` Pablo Neira Ayuso @ 2022-02-04 10:26 ` Nicolas Dichtel 2022-02-04 10:30 ` Nicolas Dichtel 1 sibling, 1 reply; 16+ messages in thread From: Nicolas Dichtel @ 2022-02-04 10:26 UTC (permalink / raw) To: pablo; +Cc: fw, netfilter-devel, netdev, Nicolas Dichtel Available since linux v5.18. Link: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id= Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> --- .../libnetfilter_queue/libnetfilter_queue.h | 3 +++ include/linux/netfilter/nfnetlink_queue.h | 16 +++++++++++++- src/libnetfilter_queue.c | 21 ++++++++++++++++++- 3 files changed, 38 insertions(+), 2 deletions(-) diff --git a/include/libnetfilter_queue/libnetfilter_queue.h b/include/libnetfilter_queue/libnetfilter_queue.h index a19122f10ec6..8a191dfdfeaf 100644 --- a/include/libnetfilter_queue/libnetfilter_queue.h +++ b/include/libnetfilter_queue/libnetfilter_queue.h @@ -96,6 +96,8 @@ extern struct nfqnl_msg_packet_hdr * extern uint32_t nfq_get_nfmark(struct nfq_data *nfad); +extern uint32_t nfq_get_priority(struct nfq_data *nfad); + extern int nfq_get_timestamp(struct nfq_data *nfad, struct timeval *tv); /* return 0 if not set */ @@ -132,6 +134,7 @@ enum { NFQ_XML_UID = (1 << 6), NFQ_XML_GID = (1 << 7), NFQ_XML_SECCTX = (1 << 8), + NFQ_XML_PRIORITY= (1 << 9), NFQ_XML_ALL = ~0U, }; diff --git a/include/linux/netfilter/nfnetlink_queue.h b/include/linux/netfilter/nfnetlink_queue.h index 8e2e4697ffb0..ef7c97f21a15 100644 --- a/include/linux/netfilter/nfnetlink_queue.h +++ b/include/linux/netfilter/nfnetlink_queue.h @@ -1,3 +1,4 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ #ifndef _NFNETLINK_QUEUE_H #define _NFNETLINK_QUEUE_H @@ -30,6 +31,14 @@ struct nfqnl_msg_packet_timestamp { __aligned_be64 usec; }; +enum nfqnl_vlan_attr { + NFQA_VLAN_UNSPEC, + NFQA_VLAN_PROTO, /* __be16 skb vlan_proto */ + NFQA_VLAN_TCI, /* __be16 skb htons(vlan_tci) */ + __NFQA_VLAN_MAX, +}; +#define NFQA_VLAN_MAX (__NFQA_VLAN_MAX - 1) + enum nfqnl_attr_type { NFQA_UNSPEC, NFQA_PACKET_HDR, @@ -49,7 +58,10 @@ enum nfqnl_attr_type { NFQA_EXP, /* nfnetlink_conntrack.h */ NFQA_UID, /* __u32 sk uid */ NFQA_GID, /* __u32 sk gid */ - NFQA_SECCTX, + NFQA_SECCTX, /* security context string */ + NFQA_VLAN, /* nested attribute: packet vlan info */ + NFQA_L2HDR, /* full L2 header */ + NFQA_PRIORITY, /* skb->priority */ __NFQA_MAX }; @@ -111,5 +123,7 @@ enum nfqnl_attr_config { #define NFQA_SKB_CSUMNOTREADY (1 << 0) /* packet is GSO (i.e., exceeds device mtu) */ #define NFQA_SKB_GSO (1 << 1) +/* csum not validated (incoming device doesn't support hw checksum, etc.) */ +#define NFQA_SKB_CSUM_NOTVERIFIED (1 << 2) #endif /* _NFNETLINK_QUEUE_H */ diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c index a1701431d5d9..b5a3b399f5ea 100644 --- a/src/libnetfilter_queue.c +++ b/src/libnetfilter_queue.c @@ -1017,6 +1017,18 @@ uint32_t nfq_get_nfmark(struct nfq_data *nfad) return ntohl(nfnl_get_data(nfad->data, NFQA_MARK, uint32_t)); } +/** + * nfq_get_priority - get the packet priority + * \param nfad Netlink packet data handle passed to callback function + * + * \return the packet priority currently assigned to the given queued packet. + */ +EXPORT_SYMBOL +uint32_t nfq_get_priority(struct nfq_data *nfad) +{ + return ntohl(nfnl_get_data(nfad->data, NFQA_PRIORITY, uint32_t)); +} + /** * nfq_get_timestamp - get the packet timestamp * \param nfad Netlink packet data handle passed to callback function @@ -1403,6 +1415,7 @@ do { \ * - NFQ_XML_PHYSDEV: include the physical device information * - NFQ_XML_PAYLOAD: include the payload (in hexadecimal) * - NFQ_XML_TIME: include the timestamp + * - NFQ_XML_PRIORITY: include the packet priority * - NFQ_XML_ALL: include all the logging information (all flags set) * * You can combine this flags with an binary OR. @@ -1416,7 +1429,7 @@ int nfq_snprintf_xml(char *buf, size_t rem, struct nfq_data *tb, int flags) { struct nfqnl_msg_packet_hdr *ph; struct nfqnl_msg_packet_hw *hwph; - uint32_t mark, ifi; + uint32_t mark, ifi, priority; uint32_t uid, gid; int size, offset = 0, len = 0, ret; unsigned char *data; @@ -1507,6 +1520,12 @@ int nfq_snprintf_xml(char *buf, size_t rem, struct nfq_data *tb, int flags) SNPRINTF_FAILURE(size, rem, offset, len); } + priority = nfq_get_priority(tb); + if (priority && (flags & NFQ_XML_PRIORITY)) { + size = snprintf(buf + offset, rem, "<priority>%u</priority>", priority); + SNPRINTF_FAILURE(size, rem, offset, len); + } + ifi = nfq_get_indev(tb); if (ifi && (flags & NFQ_XML_DEV)) { size = snprintf(buf + offset, rem, "<indev>%u</indev>", ifi); -- 2.33.0 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* Re: [PATCH libnetfilter_queue] libnetfilter_queue: add support of skb->priority 2022-02-04 10:26 ` [PATCH libnetfilter_queue] libnetfilter_queue: add support of skb->priority Nicolas Dichtel @ 2022-02-04 10:30 ` Nicolas Dichtel 2022-02-04 12:01 ` Florian Westphal 0 siblings, 1 reply; 16+ messages in thread From: Nicolas Dichtel @ 2022-02-04 10:30 UTC (permalink / raw) To: pablo; +Cc: fw, netfilter-devel, netdev Le 04/02/2022 à 11:26, Nicolas Dichtel a écrit : > Available since linux v5.18. > > Link: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id= > Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> > --- Should I send another patch for the 'set' part? In this case, a nfq_set_verdict3(). The name is a bit ugly ;-) Any suggestions? ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH libnetfilter_queue] libnetfilter_queue: add support of skb->priority 2022-02-04 10:30 ` Nicolas Dichtel @ 2022-02-04 12:01 ` Florian Westphal 2022-02-04 14:20 ` Pablo Neira Ayuso 0 siblings, 1 reply; 16+ messages in thread From: Florian Westphal @ 2022-02-04 12:01 UTC (permalink / raw) To: Nicolas Dichtel; +Cc: pablo, fw, netfilter-devel, netdev Nicolas Dichtel <nicolas.dichtel@6wind.com> wrote: > > Le 04/02/2022 à 11:26, Nicolas Dichtel a écrit : > > Available since linux v5.18. > > > > Link: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id= > > Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> > > --- > > Should I send another patch for the 'set' part? > In this case, a nfq_set_verdict3(). The name is a bit ugly ;-) > Any suggestions? I think we should just let the old api die and tell users to use the mnl interface, that allows to add the new attribute as soon as its available. ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH libnetfilter_queue] libnetfilter_queue: add support of skb->priority 2022-02-04 12:01 ` Florian Westphal @ 2022-02-04 14:20 ` Pablo Neira Ayuso 2022-02-23 9:01 ` Nicolas Dichtel 0 siblings, 1 reply; 16+ messages in thread From: Pablo Neira Ayuso @ 2022-02-04 14:20 UTC (permalink / raw) To: Florian Westphal; +Cc: Nicolas Dichtel, netfilter-devel, netdev On Fri, Feb 04, 2022 at 01:01:26PM +0100, Florian Westphal wrote: > Nicolas Dichtel <nicolas.dichtel@6wind.com> wrote: > > > > Le 04/02/2022 à 11:26, Nicolas Dichtel a écrit : > > > Available since linux v5.18. > > > > > > Link: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id= > > > Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> > > > --- > > > > Should I send another patch for the 'set' part? > > In this case, a nfq_set_verdict3(). The name is a bit ugly ;-) > > Any suggestions? > > I think we should just let the old api die and tell users > to use the mnl interface, that allows to add the new attribute > as soon as its available. We have to provide a simple API based on mnl which ressembles the existing old API. Feedback in these years is that there are a users that do not need to know about netlink details / advanced handling. ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH libnetfilter_queue] libnetfilter_queue: add support of skb->priority 2022-02-04 14:20 ` Pablo Neira Ayuso @ 2022-02-23 9:01 ` Nicolas Dichtel 2022-02-23 10:24 ` Pablo Neira Ayuso 0 siblings, 1 reply; 16+ messages in thread From: Nicolas Dichtel @ 2022-02-23 9:01 UTC (permalink / raw) To: Pablo Neira Ayuso, Florian Westphal; +Cc: netfilter-devel, netdev Le 04/02/2022 à 15:20, Pablo Neira Ayuso a écrit : > On Fri, Feb 04, 2022 at 01:01:26PM +0100, Florian Westphal wrote: >> Nicolas Dichtel <nicolas.dichtel@6wind.com> wrote: >>> >>> Le 04/02/2022 à 11:26, Nicolas Dichtel a écrit : >>>> Available since linux v5.18. >>>> >>>> Link: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id= >>>> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> >>>> --- >>> >>> Should I send another patch for the 'set' part? >>> In this case, a nfq_set_verdict3(). The name is a bit ugly ;-) >>> Any suggestions? >> >> I think we should just let the old api die and tell users >> to use the mnl interface, that allows to add the new attribute >> as soon as its available. > > We have to provide a simple API based on mnl which ressembles the > existing old API. > > Feedback in these years is that there are a users that do not need to > know about netlink details / advanced handling. If I understand well, libnetfilter_queue is deprecated? If this is right, maybe it could be advertised on the project page: https://netfilter.org/projects/libnetfilter_queue/index.html Regards, Nicolas ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH libnetfilter_queue] libnetfilter_queue: add support of skb->priority 2022-02-23 9:01 ` Nicolas Dichtel @ 2022-02-23 10:24 ` Pablo Neira Ayuso 2022-02-23 14:03 ` Nicolas Dichtel 0 siblings, 1 reply; 16+ messages in thread From: Pablo Neira Ayuso @ 2022-02-23 10:24 UTC (permalink / raw) To: Nicolas Dichtel; +Cc: Florian Westphal, netfilter-devel, netdev On Wed, Feb 23, 2022 at 10:01:48AM +0100, Nicolas Dichtel wrote: > > Le 04/02/2022 à 15:20, Pablo Neira Ayuso a écrit : > > On Fri, Feb 04, 2022 at 01:01:26PM +0100, Florian Westphal wrote: > >> Nicolas Dichtel <nicolas.dichtel@6wind.com> wrote: > >>> > >>> Le 04/02/2022 à 11:26, Nicolas Dichtel a écrit : > >>>> Available since linux v5.18. > >>>> > >>>> Link: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id= > >>>> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> > >>>> --- > >>> > >>> Should I send another patch for the 'set' part? > >>> In this case, a nfq_set_verdict3(). The name is a bit ugly ;-) > >>> Any suggestions? > >> > >> I think we should just let the old api die and tell users > >> to use the mnl interface, that allows to add the new attribute > >> as soon as its available. > > > > We have to provide a simple API based on mnl which ressembles the > > existing old API. > > > > Feedback in these years is that there are a users that do not need to > > know about netlink details / advanced handling. > > If I understand well, libnetfilter_queue is deprecated? This library is not deprecated. > If this is right, maybe it could be advertised on the project page: > https://netfilter.org/projects/libnetfilter_queue/index.html Documentation already mentions this: https://netfilter.org/projects/libnetfilter_queue/doxygen/html/ ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH libnetfilter_queue] libnetfilter_queue: add support of skb->priority 2022-02-23 10:24 ` Pablo Neira Ayuso @ 2022-02-23 14:03 ` Nicolas Dichtel 0 siblings, 0 replies; 16+ messages in thread From: Nicolas Dichtel @ 2022-02-23 14:03 UTC (permalink / raw) To: Pablo Neira Ayuso; +Cc: Florian Westphal, netfilter-devel, netdev Le 23/02/2022 à 11:24, Pablo Neira Ayuso a écrit : [snip] >> If I understand well, libnetfilter_queue is deprecated? > > This library is not deprecated. Oh ok, sorry for my misunderstanding. So my patch is relevant? ^ permalink raw reply [flat|nested] 16+ messages in thread
end of thread, other threads:[~2022-02-23 14:03 UTC | newest] Thread overview: 16+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2022-01-17 20:56 [PATCH nf-next] nfqueue: enable to get skb->priority Nicolas Dichtel 2022-01-18 12:36 ` Florian Westphal 2022-02-04 5:15 ` Pablo Neira Ayuso 2022-02-04 5:16 ` Pablo Neira Ayuso 2022-02-04 10:21 ` [PATCH nf-next] nfqueue: enable to set skb->priority Nicolas Dichtel 2022-02-04 11:59 ` Florian Westphal 2022-02-04 17:18 ` kernel test robot 2022-02-04 17:18 ` kernel test robot 2022-02-09 11:04 ` Pablo Neira Ayuso 2022-02-04 10:26 ` [PATCH libnetfilter_queue] libnetfilter_queue: add support of skb->priority Nicolas Dichtel 2022-02-04 10:30 ` Nicolas Dichtel 2022-02-04 12:01 ` Florian Westphal 2022-02-04 14:20 ` Pablo Neira Ayuso 2022-02-23 9:01 ` Nicolas Dichtel 2022-02-23 10:24 ` Pablo Neira Ayuso 2022-02-23 14:03 ` Nicolas Dichtel
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.