* [PATCH net-next v1 0/2] netlink: Add nftables spec w/ multi messages
@ 2024-03-27 18:16 Donald Hunter
2024-03-27 18:16 ` [PATCH net-next v1 1/2] doc/netlink/specs: Add draft nftables spec Donald Hunter
` (2 more replies)
0 siblings, 3 replies; 14+ messages in thread
From: Donald Hunter @ 2024-03-27 18:16 UTC (permalink / raw)
To: netdev, Jakub Kicinski, David S. Miller, Eric Dumazet,
Paolo Abeni, Jiri Pirko, Jacob Keller, Stanislav Fomichev
Cc: donald.hunter, Donald Hunter
This series adds a ynl spec for nftables and extends ynl with a --multi
command line option that makes it possible to send transactional batches
for nftables.
An example of usage is:
./tools/net/ynl/cli.py \
--spec Documentation/netlink/specs/nftables.yaml \
--multi batch-begin '{"res-id": 10}' \
--multi newtable '{"name": "test", "nfgen-family": 1}' \
--multi newchain '{"name": "chain", "table": "test", "nfgen-family": 1}' \
--multi batch-end '{"res-id": 10}'
Donald Hunter (2):
doc/netlink/specs: Add draft nftables spec
tools/net/ynl: Add multi message support to ynl
Documentation/netlink/specs/nftables.yaml | 1264 +++++++++++++++++++++
tools/net/ynl/cli.py | 22 +-
tools/net/ynl/lib/ynl.py | 47 +-
3 files changed, 1315 insertions(+), 18 deletions(-)
create mode 100644 Documentation/netlink/specs/nftables.yaml
--
2.44.0
^ permalink raw reply [flat|nested] 14+ messages in thread
* [PATCH net-next v1 1/2] doc/netlink/specs: Add draft nftables spec
2024-03-27 18:16 [PATCH net-next v1 0/2] netlink: Add nftables spec w/ multi messages Donald Hunter
@ 2024-03-27 18:16 ` Donald Hunter
2024-03-27 18:17 ` [PATCH net-next v1 2/2] tools/net/ynl: Add multi message support to ynl Donald Hunter
2024-03-27 22:45 ` [PATCH net-next v1 0/2] netlink: Add nftables spec w/ multi messages Pablo Neira Ayuso
2 siblings, 0 replies; 14+ messages in thread
From: Donald Hunter @ 2024-03-27 18:16 UTC (permalink / raw)
To: netdev, Jakub Kicinski, David S. Miller, Eric Dumazet,
Paolo Abeni, Jiri Pirko, Jacob Keller, Stanislav Fomichev
Cc: donald.hunter, Donald Hunter
Add a spec for nftables that has nearly complete coverage of the ops,
but limited coverage of rule types and subexpressions.
Signed-off-by: Donald Hunter <donald.hunter@gmail.com>
---
Documentation/netlink/specs/nftables.yaml | 1264 +++++++++++++++++++++
1 file changed, 1264 insertions(+)
create mode 100644 Documentation/netlink/specs/nftables.yaml
diff --git a/Documentation/netlink/specs/nftables.yaml b/Documentation/netlink/specs/nftables.yaml
new file mode 100644
index 000000000000..dff2a18f3d90
--- /dev/null
+++ b/Documentation/netlink/specs/nftables.yaml
@@ -0,0 +1,1264 @@
+# SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause)
+
+name: nftables
+protocol: netlink-raw
+protonum: 12
+
+doc:
+ Netfilter nftables configuration over netlink.
+
+definitions:
+ -
+ name: nfgenmsg
+ type: struct
+ members:
+ -
+ name: nfgen-family
+ type: u8
+ -
+ name: version
+ type: u8
+ -
+ name: res-id
+ byte-order: big-endian
+ type: u16
+ -
+ name: meta-keys
+ type: enum
+ entries:
+ - len
+ - protocol
+ - priority
+ - mark
+ - iif
+ - oif
+ - iifname
+ - oifname
+ - iftype
+ - oiftype
+ - skuid
+ - skgid
+ - nftrace
+ - rtclassid
+ - secmark
+ - nfproto
+ - l4-proto
+ - bri-iifname
+ - bri-oifname
+ - pkttype
+ - cpu
+ - iifgroup
+ - oifgroup
+ - cgroup
+ - prandom
+ - secpath
+ - iifkind
+ - oifkind
+ - bri-iifpvid
+ - bri-iifvproto
+ - time-ns
+ - time-day
+ - time-hour
+ - sdif
+ - sdifname
+ - bri-broute
+ -
+ name: cmp-ops
+ type: enum
+ entries:
+ - eq
+ - neq
+ - lt
+ - lte
+ - gt
+ - gte
+ -
+ name: object-type
+ type: enum
+ entries:
+ - unspec
+ - counter
+ - quota
+ - ct-helper
+ - limit
+ - connlimit
+ - tunnel
+ - ct-timeout
+ - secmark
+ - ct-expect
+ - synproxy
+ -
+ name: nat-range-flags
+ type: flags
+ entries:
+ - map-ips
+ - proto-specified
+ - proto-random
+ - persistent
+ - proto-random-fully
+ - proto-offset
+ - netmap
+ -
+ name: table-flags
+ type: flags
+ entries:
+ - dormant
+ - owner
+ - persist
+ -
+ name: chain-flags
+ type: flags
+ entries:
+ - base
+ - hw-offload
+ - binding
+ -
+ name: set-flags
+ type: flags
+ entries:
+ - anonymous
+ - constant
+ - interval
+ - map
+ - timeout
+ - eval
+ - object
+ - concat
+ - expr
+
+attribute-sets:
+ -
+ name: empty-attrs
+ attributes:
+ -
+ name: name
+ type: string
+ -
+ name: batch-attrs
+ attributes:
+ -
+ name: genid
+ type: u32
+ byte-order: big-endian
+ -
+ name: table-attrs
+ attributes:
+ -
+ name: name
+ type: string
+ doc: name of the table
+ -
+ name: flags
+ type: u32
+ byte-order: big-endian
+ doc: bitmask of flags
+ enum: table-flags
+ enum-as-flags: true
+ -
+ name: use
+ type: u32
+ byte-order: big-endian
+ doc: number of chains in this table
+ -
+ name: handle
+ type: u64
+ byte-order: big-endian
+ doc: numeric handle of the table
+ -
+ name: userdata
+ type: binary
+ doc: user data
+ -
+ name: chain-attrs
+ attributes:
+ -
+ name: table
+ type: string
+ doc: name of the table containing the chain
+ -
+ name: handle
+ type: u64
+ byte-order: big-endian
+ doc: numeric handle of the chain
+ -
+ name: name
+ type: string
+ doc: name of the chain
+ -
+ name: hook
+ type: nest
+ nested-attributes: nft-hook-attrs
+ doc: hook specification for basechains
+ -
+ name: policy
+ type: u32
+ byte-order: big-endian
+ doc: numeric policy of the chain
+ -
+ name: use
+ type: u32
+ byte-order: big-endian
+ doc: number of references to this chain
+ -
+ name: type
+ type: string
+ doc: type name of the chain
+ -
+ name: counters
+ type: nest
+ nested-attributes: nft-counter-attrs
+ doc: counter specification of the chain
+ -
+ name: flags
+ type: u32
+ byte-order: big-endian
+ doc: chain flags
+ enum: chain-flags
+ enum-as-flags: true
+ -
+ name: id
+ type: u32
+ byte-order: big-endian
+ doc: uniquely identifies a chain in a transaction
+ -
+ name: userdata
+ type: binary
+ doc: user data
+ -
+ name: counter-attrs
+ attributes:
+ -
+ name: bytes
+ type: u64
+ byte-order: big-endian
+ -
+ name: packets
+ type: u64
+ byte-order: big-endian
+ -
+ name: pad
+ type: pad
+ -
+ name: nft-hook-attrs
+ attributes:
+ -
+ name: num
+ type: u32
+ byte-order: big-endian
+ -
+ name: priority
+ type: s32
+ byte-order: big-endian
+ -
+ name: dev
+ type: string
+ doc: net device name
+ -
+ name: devs
+ type: nest
+ nested-attributes: hook-dev-attrs
+ doc: list of net devices
+ -
+ name: hook-dev-attrs
+ attributes:
+ -
+ name: name
+ type: string
+ multi-attr: true
+ -
+ name: nft-counter-attrs
+ attributes:
+ -
+ name: bytes
+ type: u64
+ -
+ name: packets
+ type: u64
+ -
+ name: rule-attrs
+ attributes:
+ -
+ name: table
+ type: string
+ doc: name of the table containing the rule
+ -
+ name: chain
+ type: string
+ doc: name of the chain containing the rule
+ -
+ name: handle
+ type: u64
+ byte-order: big-endian
+ doc: numeric handle of the rule
+ -
+ name: expressions
+ type: nest
+ nested-attributes: expr-list-attrs
+ doc: list of expressions
+ -
+ name: compat
+ type: nest
+ nested-attributes: rule-compat-attrs
+ doc: compatibility specifications of the rule
+ -
+ name: position
+ type: u64
+ byte-order: big-endian
+ doc: numeric handle of the previous rule
+ -
+ name: userdata
+ type: binary
+ doc: user data
+ -
+ name: id
+ type: u32
+ doc: uniquely identifies a rule in a transaction
+ -
+ name: position-id
+ type: u32
+ doc: transaction unique identifier of the previous rule
+ -
+ name: chain-id
+ type: u32
+ doc: add the rule to chain by ID, alternative to chain name
+ -
+ name: expr-list-attrs
+ attributes:
+ -
+ name: elem
+ type: nest
+ nested-attributes: expr-attrs
+ multi-attr: true
+ -
+ name: expr-attrs
+ attributes:
+ -
+ name: name
+ type: string
+ doc: name of the expression type
+ -
+ name: data
+ type: sub-message
+ sub-message: expr-ops
+ selector: name
+ doc: type specific data
+ -
+ name: rule-compat-attrs
+ attributes:
+ -
+ name: proto
+ type: binary
+ doc: numeric value of the handled protocol
+ -
+ name: flags
+ type: binary
+ doc: bitmask of flags
+ -
+ name: set-attrs
+ attributes:
+ -
+ name: table
+ type: string
+ doc: table name
+ -
+ name: name
+ type: string
+ doc: set name
+ -
+ name: flags
+ type: u32
+ enum: set-flags
+ byte-order: big-endian
+ doc: bitmask of enum nft_set_flags
+ -
+ name: key-type
+ type: u32
+ byte-order: big-endian
+ doc: key data type, informational purpose only
+ -
+ name: key-len
+ type: u32
+ byte-order: big-endian
+ doc: key data length
+ -
+ name: data-type
+ type: u32
+ byte-order: big-endian
+ doc: mapping data type
+ -
+ name: data-len
+ type: u32
+ byte-order: big-endian
+ doc: mapping data length
+ -
+ name: policy
+ type: u32
+ byte-order: big-endian
+ doc: selection policy
+ -
+ name: desc
+ type: nest
+ nested-attributes: set-desc-attrs
+ doc: set description
+ -
+ name: id
+ type: u32
+ doc: uniquely identifies a set in a transaction
+ -
+ name: timeout
+ type: u64
+ doc: default timeout value
+ -
+ name: gc-interval
+ type: u32
+ doc: garbage collection interval
+ -
+ name: userdata
+ type: binary
+ doc: user data
+ -
+ name: pad
+ type: pad
+ -
+ name: obj-type
+ type: u32
+ byte-order: big-endian
+ doc: stateful object type
+ -
+ name: handle
+ type: u64
+ byte-order: big-endian
+ doc: set handle
+ -
+ name: expr
+ type: nest
+ nested-attributes: expr-attrs
+ doc: set expression
+ multi-attr: true
+ -
+ name: expressions
+ type: nest
+ nested-attributes: set-list-attrs
+ doc: list of expressions
+ -
+ name: set-desc-attrs
+ attributes:
+ -
+ name: size
+ type: u32
+ byte-order: big-endian
+ doc: number of elements in set
+ -
+ name: concat
+ type: nest
+ nested-attributes: set-desc-concat-attrs
+ doc: description of field concatenation
+ multi-attr: true
+ -
+ name: set-desc-concat-attrs
+ attributes:
+ -
+ name: elem
+ type: nest
+ nested-attributes: set-field-attrs
+ -
+ name: set-field-attrs
+ attributes:
+ -
+ name: len
+ type: u32
+ byte-order: big-endian
+ -
+ name: set-list-attrs
+ attributes:
+ -
+ name: elem
+ type: nest
+ nested-attributes: expr-attrs
+ multi-attr: true
+ -
+ name: setelem-attrs
+ attributes:
+ -
+ name: key
+ type: nest
+ nested-attributes: data-attrs
+ doc: key value
+ -
+ name: data
+ type: nest
+ nested-attributes: data-attrs
+ doc: data value of mapping
+ -
+ name: flags
+ type: binary
+ doc: bitmask of nft_set_elem_flags
+ -
+ name: timeout
+ type: u64
+ doc: timeout value
+ -
+ name: expiration
+ type: u64
+ doc: expiration time
+ -
+ name: userdata
+ type: binary
+ doc: user data
+ -
+ name: expr
+ type: nest
+ nested-attributes: expr-attrs
+ doc: expression
+ -
+ name: objref
+ type: string
+ doc: stateful object reference
+ -
+ name: key-end
+ type: nest
+ nested-attributes: data-attrs
+ doc: closing key value
+ -
+ name: expressions
+ type: nest
+ nested-attributes: expr-list-attrs
+ doc: list of expressions
+ -
+ name: setelem-list-elem-attrs
+ attributes:
+ -
+ name: elem
+ type: nest
+ nested-attributes: setelem-attrs
+ multi-attr: true
+ -
+ name: setelem-list-attrs
+ attributes:
+ -
+ name: table
+ type: string
+ -
+ name: set
+ type: string
+ -
+ name: elements
+ type: nest
+ nested-attributes: setelem-list-elem-attrs
+ -
+ name: set-id
+ type: u32
+ -
+ name: gen-attrs
+ attributes:
+ -
+ name: id
+ type: u32
+ byte-order: big-endian
+ doc: ruleset generation id
+ -
+ name: proc-pid
+ type: u32
+ byte-order: big-endian
+ -
+ name: proc-name
+ type: string
+ -
+ name: obj-attrs
+ attributes:
+ -
+ name: table
+ type: string
+ doc: name of the table containing the expression
+ -
+ name: name
+ type: string
+ doc: name of this expression type
+ -
+ name: type
+ type: u32
+ enum: object-type
+ byte-order: big-endian
+ doc: stateful object type
+ -
+ name: data
+ type: sub-message
+ sub-message: obj-data
+ selector: type
+ doc: stateful object data
+ -
+ name: use
+ type: u32
+ byte-order: big-endian
+ doc: number of references to this expression
+ -
+ name: handle
+ type: u64
+ byte-order: big-endian
+ doc: object handle
+ -
+ name: pad
+ type: pad
+ -
+ name: userdata
+ type: binary
+ doc: user data
+ -
+ name: quota-attrs
+ attributes:
+ -
+ name: bytes
+ type: u64
+ byte-order: big-endian
+ -
+ name: flags # TODO
+ type: u32
+ byte-order: big-endian
+ -
+ name: pad
+ type: pad
+ -
+ name: consumed
+ type: u64
+ byte-order: big-endian
+ -
+ name: flowtable-attrs
+ attributes:
+ -
+ name: table
+ type: string
+ -
+ name: name
+ type: string
+ -
+ name: hook
+ type: nest
+ nested-attributes: flowtable-hook-attrs
+ -
+ name: use
+ type: u32
+ byte-order: big-endian
+ -
+ name: handle
+ type: u64
+ byte-order: big-endian
+ -
+ name: pad
+ type: pad
+ -
+ name: flags
+ type: u32
+ byte-order: big-endian
+ -
+ name: flowtable-hook-attrs
+ attributes:
+ -
+ name: num
+ type: u32
+ byte-order: big-endian
+ -
+ name: priority
+ type: u32
+ byte-order: big-endian
+ -
+ name: devs
+ type: nest
+ nested-attributes: hook-dev-attrs
+ -
+ name: expr-cmp-attrs
+ attributes:
+ -
+ name: sreg
+ type: u32
+ byte-order: big-endian
+ -
+ name: op
+ type: u32
+ byte-order: big-endian
+ enum: cmp-ops
+ -
+ name: data
+ type: nest
+ nested-attributes: data-attrs
+ -
+ name: data-attrs
+ attributes:
+ -
+ name: value
+ type: binary
+ # sub-type: u8
+ -
+ name: verdict
+ type: nest
+ nested-attributes: verdict-attrs
+ -
+ name: verdict-attrs
+ attributes:
+ -
+ name: code
+ type: u32
+ byte-order: big-endian
+ -
+ name: chain
+ type: string
+ -
+ name: chain-id
+ type: u32
+ -
+ name: expr-counter-attrs
+ attributes:
+ -
+ name: bytes
+ type: u64
+ doc: Number of bytes
+ -
+ name: packets
+ type: u64
+ doc: Number of packets
+ -
+ name: pad
+ type: pad
+ -
+ name: expr-flow-offload-attrs
+ attributes:
+ -
+ name: name
+ type: string
+ doc: Flow offload table name
+ -
+ name: expr-immediate-attrs
+ attributes:
+ -
+ name: dreg
+ type: u32
+ byte-order: big-endian
+ -
+ name: data
+ type: nest
+ nested-attributes: data-attrs
+ -
+ name: expr-meta-attrs
+ attributes:
+ -
+ name: dreg
+ type: u32
+ byte-order: big-endian
+ -
+ name: key
+ type: u32
+ byte-order: big-endian
+ enum: meta-keys
+ -
+ name: sreg
+ type: u32
+ byte-order: big-endian
+ -
+ name: expr-nat-attrs
+ attributes:
+ -
+ name: type
+ type: u32
+ byte-order: big-endian
+ -
+ name: family
+ type: u32
+ byte-order: big-endian
+ -
+ name: reg-addr-min
+ type: u32
+ byte-order: big-endian
+ -
+ name: reg-addr-max
+ type: u32
+ byte-order: big-endian
+ -
+ name: reg-proto-min
+ type: u32
+ byte-order: big-endian
+ -
+ name: reg-proto-max
+ type: u32
+ byte-order: big-endian
+ -
+ name: flags
+ type: u32
+ byte-order: big-endian
+ enum: nat-range-flags
+ enum-as-flags: true
+ -
+ name: expr-payload-attrs
+ attributes:
+ -
+ name: dreg
+ type: u32
+ byte-order: big-endian
+ -
+ name: base
+ type: u32
+ byte-order: big-endian
+ -
+ name: offset
+ type: u32
+ byte-order: big-endian
+ -
+ name: len
+ type: u32
+ byte-order: big-endian
+ -
+ name: sreg
+ type: u32
+ byte-order: big-endian
+ -
+ name: csum-type
+ type: u32
+ byte-order: big-endian
+ -
+ name: csum-offset
+ type: u32
+ byte-order: big-endian
+ -
+ name: csum-flags
+ type: u32
+ byte-order: big-endian
+ -
+ name: expr-tproxy-attrs
+ attributes:
+ -
+ name: family
+ type: u32
+ byte-order: big-endian
+ -
+ name: reg-addr
+ type: u32
+ byte-order: big-endian
+ -
+ name: reg-port
+ type: u32
+ byte-order: big-endian
+
+sub-messages:
+ -
+ name: expr-ops
+ formats:
+ -
+ value: bitwise # TODO
+ -
+ value: cmp
+ attribute-set: expr-cmp-attrs
+ -
+ value: counter
+ attribute-set: expr-counter-attrs
+ -
+ value: ct # TODO
+ -
+ value: flow_offload
+ attribute-set: expr-flow-offload-attrs
+ -
+ value: immediate
+ attribute-set: expr-immediate-attrs
+ -
+ value: lookup # TODO
+ -
+ value: meta
+ attribute-set: expr-meta-attrs
+ -
+ value: nat
+ attribute-set: expr-nat-attrs
+ -
+ value: payload
+ attribute-set: expr-payload-attrs
+ -
+ value: tproxy
+ attribute-set: expr-tproxy-attrs
+ -
+ name: obj-data
+ formats:
+ -
+ value: counter
+ attribute-set: counter-attrs
+ -
+ value: quota
+ attribute-set: quota-attrs
+
+operations:
+ enum-model: directional
+ list:
+ -
+ name: batch-begin
+ doc: Start a batch of operations
+ attribute-set: batch-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0x10
+ attributes:
+ - genid
+ reply:
+ value: 0x10
+ attributes:
+ - genid
+ -
+ name: batch-end
+ doc: Finish a batch of operations
+ attribute-set: batch-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0x11
+ attributes:
+ - genid
+ -
+ name: newtable
+ doc: Create a new table.
+ attribute-set: table-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0xa00
+ attributes:
+ - name
+ -
+ name: gettable
+ doc: Get / dump tables.
+ attribute-set: table-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0xa01
+ attributes:
+ - name
+ reply:
+ value: 0xa00
+ attributes:
+ - name
+ -
+ name: deltable
+ doc: Delete an existing table.
+ attribute-set: table-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0xa02
+ attributes:
+ - name
+ -
+ name: destroytable
+ doc: Delete an existing table with destroy semantics (ignoring ENOENT errors).
+ attribute-set: table-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0xa1a
+ attributes:
+ - name
+ -
+ name: newchain
+ doc: Create a new chain.
+ attribute-set: chain-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0xa03
+ attributes:
+ - name
+ -
+ name: getchain
+ doc: Get / dump chains.
+ attribute-set: chain-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0xa04
+ attributes:
+ - name
+ reply:
+ value: 0xa03
+ attributes:
+ - name
+ -
+ name: delchain
+ doc: Delete an existing chain.
+ attribute-set: chain-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0xa05
+ attributes:
+ - name
+ -
+ name: destroychain
+ doc: Delete an existing chain with destroy semantics (ignoring ENOENT errors).
+ attribute-set: chain-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0xa1b
+ attributes:
+ - name
+ -
+ name: newrule
+ doc: Create a new rule.
+ attribute-set: rule-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0xa06
+ attributes:
+ - name
+ -
+ name: getrule
+ doc: Get / dump rules.
+ attribute-set: rule-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0xa07
+ attributes:
+ - name
+ reply:
+ value: 0xa06
+ attributes:
+ - name
+ -
+ name: getrule-reset
+ doc: Get / dump rules and reset stateful expressions.
+ attribute-set: rule-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0xa19
+ attributes:
+ - name
+ reply:
+ value: 0xa06
+ attributes:
+ - name
+ -
+ name: delrule
+ doc: Delete an existing rule.
+ attribute-set: rule-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0xa08
+ attributes:
+ - name
+ -
+ name: destroyrule
+ doc: Delete an existing rule with destroy semantics (ignoring ENOENT errors).
+ attribute-set: rule-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0xa1c
+ attributes:
+ - name
+ -
+ name: newset
+ doc: Create a new set.
+ attribute-set: set-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0xa09
+ attributes:
+ - name
+ -
+ name: getset
+ doc: Get / dump sets.
+ attribute-set: set-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0xa0a
+ attributes:
+ - name
+ reply:
+ value: 0xa09
+ attributes:
+ - name
+ -
+ name: delset
+ doc: Delete an existing set.
+ attribute-set: set-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0xa0b
+ attributes:
+ - name
+ -
+ name: destroyset
+ doc: Delete an existing set with destroy semantics (ignoring ENOENT errors).
+ attribute-set: set-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0xa1d
+ attributes:
+ - name
+ -
+ name: newsetelem
+ doc: Create a new set element.
+ attribute-set: setelem-list-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0xa0c
+ attributes:
+ - name
+ -
+ name: getsetelem
+ doc: Get / dump set elements.
+ attribute-set: setelem-list-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0xa0d
+ attributes:
+ - name
+ reply:
+ value: 0xa0c
+ attributes:
+ - name
+ -
+ name: getsetelem-reset
+ doc: Get / dump set elements and reset stateful expressions.
+ attribute-set: setelem-list-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0xa21
+ attributes:
+ - name
+ reply:
+ value: 0xa0c
+ attributes:
+ - name
+ -
+ name: delsetelem
+ doc: Delete an existing set element.
+ attribute-set: setelem-list-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0xa0e
+ attributes:
+ - name
+ -
+ name: destroysetelem
+ doc: Delete an existing set element with destroy semantics.
+ attribute-set: setelem-list-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0xa1e
+ attributes:
+ - name
+ -
+ name: getgen
+ doc: Get / dump rule-set generation.
+ attribute-set: gen-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0xa10
+ attributes:
+ - name
+ reply:
+ value: 0xa0f
+ attributes:
+ - name
+ -
+ name: newobj
+ doc: Create a new stateful object.
+ attribute-set: obj-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0xa12
+ attributes:
+ - name
+ -
+ name: getobj
+ doc: Get / dump stateful objects.
+ attribute-set: obj-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0xa13
+ attributes:
+ - name
+ reply:
+ value: 0xa12
+ attributes:
+ - name
+ -
+ name: delobj
+ doc: Delete an existing stateful object.
+ attribute-set: obj-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0xa14
+ attributes:
+ - name
+ -
+ name: destroyobj
+ doc: Delete an existing stateful object with destroy semantics.
+ attribute-set: obj-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0xa1f
+ attributes:
+ - name
+ -
+ name: newflowtable
+ doc: Create a new flow table.
+ attribute-set: flowtable-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0xa16
+ attributes:
+ - name
+ -
+ name: getflowtable
+ doc: Get / dump flow tables.
+ attribute-set: flowtable-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0xa17
+ attributes:
+ - name
+ reply:
+ value: 0xa16
+ attributes:
+ - name
+ -
+ name: delflowtable
+ doc: Delete an existing flow table.
+ attribute-set: flowtable-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0xa18
+ attributes:
+ - name
+ -
+ name: destroyflowtable
+ doc: Delete an existing flow table with destroy semantics.
+ attribute-set: flowtable-attrs
+ fixed-header: nfgenmsg
+ do:
+ request:
+ value: 0xa20
+ attributes:
+ - name
+
+mcast-groups:
+ list:
+ -
+ name: mgmt
--
2.44.0
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH net-next v1 2/2] tools/net/ynl: Add multi message support to ynl
2024-03-27 18:16 [PATCH net-next v1 0/2] netlink: Add nftables spec w/ multi messages Donald Hunter
2024-03-27 18:16 ` [PATCH net-next v1 1/2] doc/netlink/specs: Add draft nftables spec Donald Hunter
@ 2024-03-27 18:17 ` Donald Hunter
2024-03-29 0:57 ` Jakub Kicinski
2024-03-27 22:45 ` [PATCH net-next v1 0/2] netlink: Add nftables spec w/ multi messages Pablo Neira Ayuso
2 siblings, 1 reply; 14+ messages in thread
From: Donald Hunter @ 2024-03-27 18:17 UTC (permalink / raw)
To: netdev, Jakub Kicinski, David S. Miller, Eric Dumazet,
Paolo Abeni, Jiri Pirko, Jacob Keller, Stanislav Fomichev
Cc: donald.hunter, Donald Hunter
Add a "--multi <op> <json>" command line to ynl that makes it possible
to add several operations to a single netlink request payload. The
--multi command line option is repeated for each operation.
This is used by the nftables family for transaction batches. For
example:
./tools/net/ynl/cli.py \
--spec Documentation/netlink/specs/nftables.yaml \
--multi batch-begin '{"res-id": 10}' \
--multi newtable '{"name": "test", "nfgen-family": 1}' \
--multi newchain '{"name": "chain", "table": "test", "nfgen-family": 1}' \
--multi batch-end '{"res-id": 10}'
Signed-off-by: Donald Hunter <donald.hunter@gmail.com>
---
tools/net/ynl/cli.py | 22 ++++++++++++++++---
tools/net/ynl/lib/ynl.py | 47 +++++++++++++++++++++++++++-------------
2 files changed, 51 insertions(+), 18 deletions(-)
diff --git a/tools/net/ynl/cli.py b/tools/net/ynl/cli.py
index f131e33ac3ee..1b8f87b472ba 100755
--- a/tools/net/ynl/cli.py
+++ b/tools/net/ynl/cli.py
@@ -19,13 +19,23 @@ class YnlEncoder(json.JSONEncoder):
def main():
- parser = argparse.ArgumentParser(description='YNL CLI sample')
+ description = """
+ YNL CLI utility - a general purpose netlink utility that uses YNL specs
+ to drive protocol encoding and decoding.
+ """
+ epilog = """
+ The --multi option can be repeated to include several operations
+ in the same netlink payload.
+ """
+
+ parser = argparse.ArgumentParser(description=description,
+ epilog=epilog)
parser.add_argument('--spec', dest='spec', type=str, required=True)
parser.add_argument('--schema', dest='schema', type=str)
parser.add_argument('--no-schema', action='store_true')
parser.add_argument('--json', dest='json_text', type=str)
- parser.add_argument('--do', dest='do', type=str)
- parser.add_argument('--dump', dest='dump', type=str)
+ parser.add_argument('--do', dest='do', metavar='OPERATION', type=str)
+ parser.add_argument('--dump', dest='dump', metavar='OPERATION', type=str)
parser.add_argument('--sleep', dest='sleep', type=int)
parser.add_argument('--subscribe', dest='ntf', type=str)
parser.add_argument('--replace', dest='flags', action='append_const',
@@ -40,6 +50,8 @@ def main():
parser.add_argument('--output-json', action='store_true')
parser.add_argument('--dbg-small-recv', default=0, const=4000,
action='store', nargs='?', type=int)
+ parser.add_argument('--multi', dest='multi', nargs=2, action='append',
+ metavar=('OPERATION', 'JSON_TEXT'), type=str)
args = parser.parse_args()
def output(msg):
@@ -73,6 +85,10 @@ def main():
if args.dump:
reply = ynl.dump(args.dump, attrs)
output(reply)
+ if args.multi:
+ ops = [ (item[0], json.loads(item[1]), args.flags) for item in args.multi ]
+ reply = ynl.do_multi(ops)
+ output(reply)
except NlError as e:
print(e)
exit(1)
diff --git a/tools/net/ynl/lib/ynl.py b/tools/net/ynl/lib/ynl.py
index 557ef5a22b7d..cecd89db7d58 100644
--- a/tools/net/ynl/lib/ynl.py
+++ b/tools/net/ynl/lib/ynl.py
@@ -927,16 +927,11 @@ class YnlFamily(SpecFamily):
return op['do']['request']['attributes'].copy()
- def _op(self, method, vals, flags=None, dump=False):
- op = self.ops[method]
-
+ def _encode_message(self, op, vals, flags, req_seq):
nl_flags = Netlink.NLM_F_REQUEST | Netlink.NLM_F_ACK
for flag in flags or []:
nl_flags |= flag
- if dump:
- nl_flags |= Netlink.NLM_F_DUMP
- req_seq = random.randint(1024, 65535)
msg = self.nlproto.message(nl_flags, op.req_value, 1, req_seq)
if op.fixed_header:
msg += self._encode_struct(op.fixed_header, vals)
@@ -944,8 +939,20 @@ class YnlFamily(SpecFamily):
for name, value in vals.items():
msg += self._add_attr(op.attr_set.name, name, value, search_attrs)
msg = _genl_msg_finalize(msg)
+ return msg
- self.sock.send(msg, 0)
+ def _ops(self, ops):
+ reqs_by_seq = {}
+ req_seq = random.randint(1024, 65535)
+ payload = b''
+ for (method, vals, flags) in ops:
+ op = self.ops[method]
+ msg = self._encode_message(op, vals, flags, req_seq)
+ reqs_by_seq[req_seq] = (op, msg)
+ payload += msg
+ req_seq += 1
+
+ self.sock.send(payload, 0)
done = False
rsp = []
@@ -954,8 +961,9 @@ class YnlFamily(SpecFamily):
nms = NlMsgs(reply, attr_space=op.attr_set)
self._recv_dbg_print(reply, nms)
for nl_msg in nms:
- if nl_msg.extack:
- self._decode_extack(msg, op, nl_msg.extack)
+ if nl_msg.extack and nl_msg.nl_seq in reqs_by_seq:
+ (req_op, req_msg) = reqs_by_seq[nl_msg.nl_seq]
+ self._decode_extack(req_msg, req_op, nl_msg.extack)
if nl_msg.error:
raise NlError(nl_msg)
@@ -963,13 +971,15 @@ class YnlFamily(SpecFamily):
if nl_msg.extack:
print("Netlink warning:")
print(nl_msg)
+ del reqs_by_seq[nl_msg.nl_seq]
done = True
break
decoded = self.nlproto.decode(self, nl_msg)
+ rsp_op = self.rsp_by_value[decoded.cmd()]
# Check if this is a reply to our request
- if nl_msg.nl_seq != req_seq or decoded.cmd() != op.rsp_value:
+ if nl_msg.nl_seq not in reqs_by_seq or decoded.cmd() != rsp_op.rsp_value:
if decoded.cmd() in self.async_msg_ids:
self.handle_ntf(decoded)
continue
@@ -977,19 +987,26 @@ class YnlFamily(SpecFamily):
print('Unexpected message: ' + repr(decoded))
continue
- rsp_msg = self._decode(decoded.raw_attrs, op.attr_set.name)
+ rsp_msg = self._decode(decoded.raw_attrs, rsp_op.attr_set.name)
if op.fixed_header:
- rsp_msg.update(self._decode_struct(decoded.raw, op.fixed_header))
+ rsp_msg.update(self._decode_struct(decoded.raw, rsp_op.fixed_header))
rsp.append(rsp_msg)
if not rsp:
return None
- if not dump and len(rsp) == 1:
+ if not Netlink.NLM_F_DUMP in flags and len(rsp) == 1:
return rsp[0]
return rsp
+ def _op(self, method, vals, flags):
+ ops = [(method, vals, flags)]
+ return self._ops(ops)
+
def do(self, method, vals, flags=None):
- return self._op(method, vals, flags)
+ return self._op(method, vals, flags or [])
def dump(self, method, vals):
- return self._op(method, vals, [], dump=True)
+ return self._op(method, vals, [Netlink.NLM_F_DUMP])
+
+ def do_multi(self, ops):
+ return self._ops(ops)
--
2.44.0
^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: [PATCH net-next v1 0/2] netlink: Add nftables spec w/ multi messages
2024-03-27 18:16 [PATCH net-next v1 0/2] netlink: Add nftables spec w/ multi messages Donald Hunter
2024-03-27 18:16 ` [PATCH net-next v1 1/2] doc/netlink/specs: Add draft nftables spec Donald Hunter
2024-03-27 18:17 ` [PATCH net-next v1 2/2] tools/net/ynl: Add multi message support to ynl Donald Hunter
@ 2024-03-27 22:45 ` Pablo Neira Ayuso
2024-03-28 15:33 ` Donald Hunter
2 siblings, 1 reply; 14+ messages in thread
From: Pablo Neira Ayuso @ 2024-03-27 22:45 UTC (permalink / raw)
To: Donald Hunter
Cc: netdev, Jakub Kicinski, David S. Miller, Eric Dumazet,
Paolo Abeni, Jiri Pirko, Jacob Keller, Stanislav Fomichev,
donald.hunter
Please, Cc netfilter-devel@vger.kernel.org for netfilter related stuff.
On Wed, Mar 27, 2024 at 06:16:58PM +0000, Donald Hunter wrote:
> This series adds a ynl spec for nftables and extends ynl with a --multi
> command line option that makes it possible to send transactional batches
> for nftables.
>
> An example of usage is:
>
> ./tools/net/ynl/cli.py \
> --spec Documentation/netlink/specs/nftables.yaml \
> --multi batch-begin '{"res-id": 10}' \
> --multi newtable '{"name": "test", "nfgen-family": 1}' \
> --multi newchain '{"name": "chain", "table": "test", "nfgen-family": 1}' \
> --multi batch-end '{"res-id": 10}'
>
> Donald Hunter (2):
> doc/netlink/specs: Add draft nftables spec
> tools/net/ynl: Add multi message support to ynl
>
> Documentation/netlink/specs/nftables.yaml | 1264 +++++++++++++++++++++
> tools/net/ynl/cli.py | 22 +-
> tools/net/ynl/lib/ynl.py | 47 +-
> 3 files changed, 1315 insertions(+), 18 deletions(-)
> create mode 100644 Documentation/netlink/specs/nftables.yaml
>
> --
> 2.44.0
>
>
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH net-next v1 0/2] netlink: Add nftables spec w/ multi messages
2024-03-27 22:45 ` [PATCH net-next v1 0/2] netlink: Add nftables spec w/ multi messages Pablo Neira Ayuso
@ 2024-03-28 15:33 ` Donald Hunter
0 siblings, 0 replies; 14+ messages in thread
From: Donald Hunter @ 2024-03-28 15:33 UTC (permalink / raw)
To: Pablo Neira Ayuso
Cc: netdev, Jakub Kicinski, David S. Miller, Eric Dumazet,
Paolo Abeni, Jiri Pirko, Jacob Keller, Stanislav Fomichev,
donald.hunter
Pablo Neira Ayuso <pablo@netfilter.org> writes:
> Please, Cc netfilter-devel@vger.kernel.org for netfilter related stuff.
Okay, should I resend then?
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH net-next v1 2/2] tools/net/ynl: Add multi message support to ynl
2024-03-27 18:17 ` [PATCH net-next v1 2/2] tools/net/ynl: Add multi message support to ynl Donald Hunter
@ 2024-03-29 0:57 ` Jakub Kicinski
2024-03-29 13:37 ` Donald Hunter
0 siblings, 1 reply; 14+ messages in thread
From: Jakub Kicinski @ 2024-03-29 0:57 UTC (permalink / raw)
To: Donald Hunter
Cc: netdev, David S. Miller, Eric Dumazet, Paolo Abeni, Jiri Pirko,
Jacob Keller, Stanislav Fomichev, donald.hunter
On Wed, 27 Mar 2024 18:17:00 +0000 Donald Hunter wrote:
> - parser = argparse.ArgumentParser(description='YNL CLI sample')
> + description = """
> + YNL CLI utility - a general purpose netlink utility that uses YNL specs
YNL specs is intentional or should have been YAML? :)
> + to drive protocol encoding and decoding.
> + """
> + epilog = """
> + The --multi option can be repeated to include several operations
> + in the same netlink payload.
> + """
> +
> + parser = argparse.ArgumentParser(description=description,
> + epilog=epilog)
> parser.add_argument('--spec', dest='spec', type=str, required=True)
> parser.add_argument('--schema', dest='schema', type=str)
> parser.add_argument('--no-schema', action='store_true')
> parser.add_argument('--json', dest='json_text', type=str)
> - parser.add_argument('--do', dest='do', type=str)
> - parser.add_argument('--dump', dest='dump', type=str)
> + parser.add_argument('--do', dest='do', metavar='OPERATION', type=str)
> + parser.add_argument('--dump', dest='dump', metavar='OPERATION', type=str)
> parser.add_argument('--sleep', dest='sleep', type=int)
> parser.add_argument('--subscribe', dest='ntf', type=str)
> parser.add_argument('--replace', dest='flags', action='append_const',
> @@ -40,6 +50,8 @@ def main():
> parser.add_argument('--output-json', action='store_true')
> parser.add_argument('--dbg-small-recv', default=0, const=4000,
> action='store', nargs='?', type=int)
> + parser.add_argument('--multi', dest='multi', nargs=2, action='append',
> + metavar=('OPERATION', 'JSON_TEXT'), type=str)
We'd only support multiple "do" requests, I wonder if we should somehow
call this out. Is --multi-do unnecessary extra typing?
Code itself looks pretty good!
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH net-next v1 2/2] tools/net/ynl: Add multi message support to ynl
2024-03-29 0:57 ` Jakub Kicinski
@ 2024-03-29 13:37 ` Donald Hunter
2024-03-29 15:43 ` Jakub Kicinski
0 siblings, 1 reply; 14+ messages in thread
From: Donald Hunter @ 2024-03-29 13:37 UTC (permalink / raw)
To: Jakub Kicinski
Cc: netdev, David S. Miller, Eric Dumazet, Paolo Abeni, Jiri Pirko,
Jacob Keller, Stanislav Fomichev, donald.hunter
Jakub Kicinski <kuba@kernel.org> writes:
> On Wed, 27 Mar 2024 18:17:00 +0000 Donald Hunter wrote:
>> - parser = argparse.ArgumentParser(description='YNL CLI sample')
>> + description = """
>> + YNL CLI utility - a general purpose netlink utility that uses YNL specs
>
> YNL specs is intentional or should have been YAML? :)
I'm not sure it was intentional, but YAML is definitely better :-)
>> + to drive protocol encoding and decoding.
>> + """
>> + epilog = """
>> + The --multi option can be repeated to include several operations
>> + in the same netlink payload.
>> + """
>> +
>> + parser = argparse.ArgumentParser(description=description,
>> + epilog=epilog)
>> parser.add_argument('--spec', dest='spec', type=str, required=True)
>> parser.add_argument('--schema', dest='schema', type=str)
>> parser.add_argument('--no-schema', action='store_true')
>> parser.add_argument('--json', dest='json_text', type=str)
>> - parser.add_argument('--do', dest='do', type=str)
>> - parser.add_argument('--dump', dest='dump', type=str)
>> + parser.add_argument('--do', dest='do', metavar='OPERATION', type=str)
>> + parser.add_argument('--dump', dest='dump', metavar='OPERATION', type=str)
>> parser.add_argument('--sleep', dest='sleep', type=int)
>> parser.add_argument('--subscribe', dest='ntf', type=str)
>> parser.add_argument('--replace', dest='flags', action='append_const',
>> @@ -40,6 +50,8 @@ def main():
>> parser.add_argument('--output-json', action='store_true')
>> parser.add_argument('--dbg-small-recv', default=0, const=4000,
>> action='store', nargs='?', type=int)
>> + parser.add_argument('--multi', dest='multi', nargs=2, action='append',
>> + metavar=('OPERATION', 'JSON_TEXT'), type=str)
>
> We'd only support multiple "do" requests, I wonder if we should somehow
> call this out. Is --multi-do unnecessary extra typing?
I prefer --multi but will update the help text to say "DO-OPERATIION"
and "... several do operations".
> Code itself looks pretty good!
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH net-next v1 2/2] tools/net/ynl: Add multi message support to ynl
2024-03-29 13:37 ` Donald Hunter
@ 2024-03-29 15:43 ` Jakub Kicinski
2024-03-29 18:57 ` Donald Hunter
0 siblings, 1 reply; 14+ messages in thread
From: Jakub Kicinski @ 2024-03-29 15:43 UTC (permalink / raw)
To: Donald Hunter
Cc: netdev, David S. Miller, Eric Dumazet, Paolo Abeni, Jiri Pirko,
Jacob Keller, Stanislav Fomichev, donald.hunter
On Fri, 29 Mar 2024 13:37:31 +0000 Donald Hunter wrote:
> > We'd only support multiple "do" requests, I wonder if we should somehow
> > call this out. Is --multi-do unnecessary extra typing?
>
> I prefer --multi but will update the help text to say "DO-OPERATIION"
> and "... several do operations".
Alright, technically doing multi-dump should also work, but maybe
there's less of a benefit there, so we can keep the multi focused
on do for now.
Looking at the code again, are you sure we'll process all the responses
not just the first one?
Shouldn't this:
+ del reqs_by_seq[nl_msg.nl_seq]
done = True
be something like:
del reqs_by_seq[nl_msg.nl_seq]
done = len(reqs_by_seq) == 0
?
Would be good to add an example of multi executing some get operations.
My other concern is the formatting of the response. For mutli we should
probably retain the indexes, e.g. 3 dos should produce an array with a
length of 3, some of the entries may be None if the command only acked.
Would that make sense?
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH net-next v1 2/2] tools/net/ynl: Add multi message support to ynl
2024-03-29 15:43 ` Jakub Kicinski
@ 2024-03-29 18:57 ` Donald Hunter
2024-03-29 21:01 ` Donald Hunter
0 siblings, 1 reply; 14+ messages in thread
From: Donald Hunter @ 2024-03-29 18:57 UTC (permalink / raw)
To: Jakub Kicinski
Cc: netdev, David S. Miller, Eric Dumazet, Paolo Abeni, Jiri Pirko,
Jacob Keller, Stanislav Fomichev, donald.hunter
Jakub Kicinski <kuba@kernel.org> writes:
> On Fri, 29 Mar 2024 13:37:31 +0000 Donald Hunter wrote:
>> > We'd only support multiple "do" requests, I wonder if we should somehow
>> > call this out. Is --multi-do unnecessary extra typing?
>>
>> I prefer --multi but will update the help text to say "DO-OPERATIION"
>> and "... several do operations".
>
> Alright, technically doing multi-dump should also work, but maybe
> there's less of a benefit there, so we can keep the multi focused
> on do for now.
>
> Looking at the code again, are you sure we'll process all the responses
> not just the first one?
>
> Shouldn't this:
>
> + del reqs_by_seq[nl_msg.nl_seq]
> done = True
>
> be something like:
>
> del reqs_by_seq[nl_msg.nl_seq]
> done = len(reqs_by_seq) == 0
>
Hmm yes, that's a good catch. I need to check the DONE semantics for
these nftables batch operations.
> Would be good to add an example of multi executing some get operations.
I think this was a blind spot on my part because nftables doesn't
support batch for get operations:
https://elixir.bootlin.com/linux/latest/source/net/netfilter/nf_tables_api.c#L9092
I'll need to try using multi for gets without any batch messages and see how
everything behaves.
> My other concern is the formatting of the response. For mutli we should
> probably retain the indexes, e.g. 3 dos should produce an array with a
> length of 3, some of the entries may be None if the command only acked.
> Would that make sense?
As I said, a blind spot on my part - I didn't really think there was a
need to do anything for None responses but if get can work then an array
of responses will be needed.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH net-next v1 2/2] tools/net/ynl: Add multi message support to ynl
@ 2024-03-29 21:01 ` Donald Hunter
0 siblings, 0 replies; 14+ messages in thread
From: Donald Hunter @ 2024-03-29 21:01 UTC (permalink / raw)
To: Jakub Kicinski
Cc: netdev, David S. Miller, Eric Dumazet, Paolo Abeni, Jiri Pirko,
Jacob Keller, Stanislav Fomichev, donald.hunter
On Fri, 29 Mar 2024 at 18:58, Donald Hunter <donald.hunter@gmail.com> wrote:
>
> Jakub Kicinski <kuba@kernel.org> writes:
>
> > Looking at the code again, are you sure we'll process all the responses
> > not just the first one?
> >
> > Shouldn't this:
> >
> > + del reqs_by_seq[nl_msg.nl_seq]
> > done = True
> >
> > be something like:
> >
> > del reqs_by_seq[nl_msg.nl_seq]
> > done = len(reqs_by_seq) == 0
> >
>
> Hmm yes, that's a good catch. I need to check the DONE semantics for
> these nftables batch operations.
Well that's a problem:
./tools/net/ynl/cli.py \
--spec Documentation/netlink/specs/nftables.yaml \
--multi batch-begin '{"res-id": 10}' \
--multi newtable '{"name": "test", "nfgen-family": 1}' \
--multi newchain '{"name": "chain", "table": "test", "nfgen-family": 1}' \
--multi batch-end '{"res-id": 10}'
Adding: 20778
Adding: 20779
Adding: 20780
Adding: 20781
Done: 20779
Done: 20780
There's no response for 'batch-begin' or 'batch-end'. We may need a
per op spec property to tell us if a request will be acknowledged.
> > Would be good to add an example of multi executing some get operations.
>
> I think this was a blind spot on my part because nftables doesn't
> support batch for get operations:
>
> https://elixir.bootlin.com/linux/latest/source/net/netfilter/nf_tables_api.c#L9092
>
> I'll need to try using multi for gets without any batch messages and see how
> everything behaves.
Okay, so it can be made to work. Will incorporate into the next revision:
./tools/net/ynl/cli.py \
--spec Documentation/netlink/specs/nftables.yaml \
--multi gettable '{"name": "test", "nfgen-family": 1}' \
--multi getchain '{"name": "chain", "table": "test", "nfgen-family": 1}'
[{'flags': set(),
'handle': 10,
'name': 'test',
'nfgen-family': 1,
'res-id': 200,
'use': 1,
'version': 0},
{'handle': 1,
'name': 'chain',
'nfgen-family': 1,
'res-id': 200,
'table': 'test',
'use': 0,
'version': 0}]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH net-next v1 2/2] tools/net/ynl: Add multi message support to ynl
@ 2024-03-29 21:01 ` Donald Hunter
0 siblings, 0 replies; 14+ messages in thread
From: Donald Hunter @ 2024-03-29 21:01 UTC (permalink / raw)
To: Jakub Kicinski
Cc: netdev, David S. Miller, Eric Dumazet, Paolo Abeni, Jiri Pirko,
Jacob Keller, Stanislav Fomichev, donald.hunter
On Fri, 29 Mar 2024 at 18:58, Donald Hunter <donald.hunter@gmail.com> wrote:
>
> Jakub Kicinski <kuba@kernel.org> writes:
>
> > Looking at the code again, are you sure we'll process all the responses
> > not just the first one?
> >
> > Shouldn't this:
> >
> > + del reqs_by_seq[nl_msg.nl_seq]
> > done = True
> >
> > be something like:
> >
> > del reqs_by_seq[nl_msg.nl_seq]
> > done = len(reqs_by_seq) == 0
> >
>
> Hmm yes, that's a good catch. I need to check the DONE semantics for
> these nftables batch operations.
Well that's a problem:
./tools/net/ynl/cli.py \
--spec Documentation/netlink/specs/nftables.yaml \
--multi batch-begin '{"res-id": 10}' \
--multi newtable '{"name": "test", "nfgen-family": 1}' \
--multi newchain '{"name": "chain", "table": "test", "nfgen-family": 1}' \
--multi batch-end '{"res-id": 10}'
Adding: 20778
Adding: 20779
Adding: 20780
Adding: 20781
Done: 20779
Done: 20780
There's no response for 'batch-begin' or 'batch-end'. We may need a
per op spec property to tell us if a request will be acknowledged.
> > Would be good to add an example of multi executing some get operations.
>
> I think this was a blind spot on my part because nftables doesn't
> support batch for get operations:
>
> https://elixir.bootlin.com/linux/latest/source/net/netfilter/nf_tables_api.c#L9092
>
> I'll need to try using multi for gets without any batch messages and see how
> everything behaves.
Okay, so it can be made to work. Will incorporate into the next revision:
./tools/net/ynl/cli.py \
--spec Documentation/netlink/specs/nftables.yaml \
--multi gettable '{"name": "test", "nfgen-family": 1}' \
--multi getchain '{"name": "chain", "table": "test", "nfgen-family": 1}'
[{'flags': set(),
'handle': 10,
'name': 'test',
'nfgen-family': 1,
'res-id': 200,
'use': 1,
'version': 0},
{'handle': 1,
'name': 'chain',
'nfgen-family': 1,
'res-id': 200,
'table': 'test',
'use': 0,
'version': 0}]
X-sender: <netdev+bounces-83462-steffen.klassert=secunet.com@vger.kernel.org>
X-Receiver: <steffen.klassert@secunet.com> ORCPT=rfc822;steffen.klassert@secunet.com NOTIFY=NEVER; X-ExtendedProps=BQAVABYAAgAAAAUAFAARAPDFCS25BAlDktII2g02frgPADUAAABNaWNyb3NvZnQuRXhjaGFuZ2UuVHJhbnNwb3J0LkRpcmVjdG9yeURhdGEuSXNSZXNvdXJjZQIAAAUAagAJAAEAAAAAAAAABQAWAAIAAAUAQwACAAAFAEYABwADAAAABQBHAAIAAAUAEgAPAGIAAAAvbz1zZWN1bmV0L291PUV4Y2hhbmdlIEFkbWluaXN0cmF0aXZlIEdyb3VwIChGWURJQk9IRjIzU1BETFQpL2NuPVJlY2lwaWVudHMvY249U3RlZmZlbiBLbGFzc2VydDY4YwUACwAXAL4AAACheZxkHSGBRqAcAp3ukbifQ049REI2LENOPURhdGFiYXNlcyxDTj1FeGNoYW5nZSBBZG1pbmlzdHJhdGl2ZSBHcm91cCAoRllESUJPSEYyM1NQRExUKSxDTj1BZG1pbmlzdHJhdGl2ZSBHcm91cHMsQ049c2VjdW5ldCxDTj1NaWNyb3NvZnQgRXhjaGFuZ2UsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZWN1bmV0LERDPWRlBQAOABEABiAS9uuMOkqzwmEZDvWNNQUAHQAPAAwAAABtYngtZXNzZW4tMDIFADwAAgAADwA2AAAATWljcm9zb2Z0LkV4Y2hhbmdlLlRyYW5zcG9ydC5NYWlsUmVjaXBpZW50LkRpc3BsYXlOYW1lDwARAAAAS2xhc3NlcnQsIFN0ZWZmZW4FAAwAAgAABQBsAAIAAAUAWAAXAEoAAADwxQktuQQJQ5LSCNoNNn64Q049S2xhc3NlcnQgU3RlZmZlbixPVT1Vc2VycyxPVT1NaWdyYXRpb24sREM9c2VjdW5ldCxEQz1kZQUAJgACAAEFACIADwAxAAAAQXV0b1Jlc3BvbnNlU3VwcHJlc3M6IDANClRyYW5zbWl0SGlzdG9yeTogRmFsc2UNCg8ALwAAAE1pY3Jvc29mdC5FeGNoYW5nZS5UcmFuc3BvcnQuRXhwYW5zaW9uR3JvdXBUeXBlDwAVAAAATWVtYmVyc0dyb3VwRXhwYW5zaW9uBQAjAAIAAQ==
X-CreatedBy: MSExchange15
X-HeloDomain: b.mx.secunet.com
X-ExtendedProps: BQBjAAoAxkamlidQ3AgFAGEACAABAAAABQA3AAIAAA8APAAAAE1pY3Jvc29mdC5FeGNoYW5nZS5UcmFuc3BvcnQuTWFpbFJlY2lwaWVudC5Pcmdhbml6YXRpb25TY29wZREAAAAAAAAAAAAAAAAAAAAAAAUASQACAAEFAAQAFCABAAAAHAAAAHN0ZWZmZW4ua2xhc3NlcnRAc2VjdW5ldC5jb20FAAYAAgABBQApAAIAAQ8ACQAAAENJQXVkaXRlZAIAAQUAAgAHAAEAAAAFAAMABwAAAAAABQAFAAIAAQUAYgAKABgAAADMigAABQBkAA8AAwAAAEh1Yg==
X-Source: SMTP:Default MBX-ESSEN-02
X-SourceIPAddress: 62.96.220.37
X-EndOfInjectedXHeaders: 16461
Received: from cas-essen-02.secunet.de (10.53.40.202) by
mbx-essen-02.secunet.de (10.53.40.198) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2507.37; Fri, 29 Mar 2024 22:01:56 +0100
Received: from b.mx.secunet.com (62.96.220.37) by cas-essen-02.secunet.de
(10.53.40.202) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend
Transport; Fri, 29 Mar 2024 22:01:56 +0100
Received: from localhost (localhost [127.0.0.1])
by b.mx.secunet.com (Postfix) with ESMTP id 3E45A2032C
for <steffen.klassert@secunet.com>; Fri, 29 Mar 2024 22:01:56 +0100 (CET)
X-Virus-Scanned: by secunet
X-Spam-Flag: NO
X-Spam-Score: -2.749
X-Spam-Level:
X-Spam-Status: No, score=-2.749 tagged_above=-999 required=2.1
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001,
FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249,
MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_NONE=-0.0001,
SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: a.mx.secunet.com (amavisd-new);
dkim=pass (2048-bit key) header.d=gmail.com
Received: from b.mx.secunet.com ([127.0.0.1])
by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id fLkgBUKcTaam for <steffen.klassert@secunet.com>;
Fri, 29 Mar 2024 22:01:55 +0100 (CET)
Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=147.75.48.161; helo=sy.mirrors.kernel.org; envelope-from=netdev+bounces-83462-steffen.klassert=secunet.com@vger.kernel.org; receiver=steffen.klassert@secunet.com
DKIM-Filter: OpenDKIM Filter v2.11.0 b.mx.secunet.com CEC86200BB
Authentication-Results: b.mx.secunet.com;
dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ho+OjBNb"
Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org [147.75.48.161])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by b.mx.secunet.com (Postfix) with ESMTPS id CEC86200BB
for <steffen.klassert@secunet.com>; Fri, 29 Mar 2024 22:01:54 +0100 (CET)
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by sy.mirrors.kernel.org (Postfix) with ESMTPS id 19968B2427F
for <steffen.klassert@secunet.com>; Fri, 29 Mar 2024 21:01:51 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
by smtp.subspace.kernel.org (Postfix) with ESMTP id 9F65213791F;
Fri, 29 Mar 2024 21:01:23 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ho+OjBNb"
X-Original-To: netdev@vger.kernel.org
Received: from mail-oa1-f45.google.com (mail-oa1-f45.google.com [209.85.160.45])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id 92C8954BCC
for <netdev@vger.kernel.org>; Fri, 29 Mar 2024 21:01:21 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.45
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1711746083; cv=none; b=UYQIxJbF0iMH3ZsdAKsR2WhSOeVLknz6XBqGSZdIqglT4g0x+m1+iQAJgbpeDx4K/GP6IKrlLH6vUPW6kiO0E+mH+NyxvPsUhWQ2SDOSQlNMqnuxKt6p8AImZ9ZLnPja0WglzYtRgaxLdCFXDb/++aF693jqKAp/aq43EgHoYI0=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1711746083; c=relaxed/simple;
bh=1F336ycsZ/DeFmR3ip4gKdMLUxslUjLhibn8LWK2nsQ=;
h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:
To:Cc:Content-Type; b=dqczGxbj+vc5Ex8+YOql2W5MFQyEyJDvs+VvKZxCZX/YbWFRDEeuR5cJnie4QDZZdUKkWF4hgxcR/Gn3m5DexMqEqSVK1Agq4Gr2DSCmglk4vO609sLx9zCF9KTbdIqb0rfTy0Qw8GBCP3KZDb0Qs3tYWRyoxcTbXU+z3FW17iA=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ho+OjBNb; arc=none smtp.client-ip=209.85.160.45
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com
Received: by mail-oa1-f45.google.com with SMTP id 586e51a60fabf-2218a0f55e1so1281980fac.1
for <netdev@vger.kernel.org>; Fri, 29 Mar 2024 14:01:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1711746080; x=1712350880; darn=vger.kernel.org;
h=cc:to:subject:message-id:date:from:in-reply-to:references
:mime-version:from:to:cc:subject:date:message-id:reply-to;
bh=yf52Uh55Alu6R/Ag5oOPyX9j+A5vWytrrN0jiumVZ90=;
b=ho+OjBNbnc3h384Al3xJv2eDnLkMbeh8PklqJBE+HkNQYmq+u3NA3WEUXY6ntS1oum
BbDLftW/w1L3bnRUkzfKGFj6NOD91Ao5B7w8TbHmTTWygGGJMaI5oluhe6pXWRKlcwQE
eal66+QsD61hUSz7DafBrrpV7r44uiME3jzCun3upnTJCiz+CzfvihUtTLxPyGFkXtzB
2XpAMIxS+WY4coIS9d3qLyHgN1MUdr9S9ZepzVwPYxull2EILd3FX8/YV0IsDk1Olzh8
4VhId5UWqiDJuZFox6GjK+EahBBbT5idHwBSumTfjPybPSAbMGWWeY+vfuxETCQO+JPu
21+A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1711746080; x=1712350880;
h=cc:to:subject:message-id:date:from:in-reply-to:references
:mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=yf52Uh55Alu6R/Ag5oOPyX9j+A5vWytrrN0jiumVZ90=;
b=mmXVo9v3DV+2/oxtG3OebzaU3GXy2AOrXBmmxq3it5M9egIWB6464eze8fJefK6BIP
4pVPO0njIslLwBaciyjuicRAS0q5IO2vziESOt8OJMs7B+cupw3i+uzxiQ07vrsp/ok0
KgXjIm7hYGtVo/vW2SYeLFBgtjr8wsYTLK30/iJ8DKvuIO07W4Vy215kpZfuDl1NGbWb
zuTwYiVaKaQ1nwPZCV5BHV9cEVqsFYmN0p892Jpnt2Hrtpd8GRxNXMIWRGoy3UPYuE5P
crdfjhOsuna/vY51d/Vdscks5gpZjbvLR3v/IZZ2W4enAtVGjnilS3Up6N69FPesoi6d
9hFQ==
X-Gm-Message-State: AOJu0Yxy1Z1OQwgYOlgx6qQOrRpezxRv9fa1TVH11l25zaM22mXmBbSm
AeQFFbIL2e6QZxC+BatQg1inIxrP8xE3ArNrMah7H0eVgXvXHFwIXqQ0/+4c6/0T85Bl/6xNwxN
aa6cs7TpBTZPmb37LWn9+9ETHiq3WJK4j0cHKkg==
X-Google-Smtp-Source: AGHT+IFNOkfSs1BURB1rlpqe3TL2grutEAtJuWGFXQ3+Z6VLEkc3CSL1O9fqzu1ibdOxjluwMoca7IZvOR8xkQpFSqc=
X-Received: by 2002:a05:6870:6124:b0:229:eb17:3c19 with SMTP id
s36-20020a056870612400b00229eb173c19mr3037666oae.35.1711746080466; Fri, 29
Mar 2024 14:01:20 -0700 (PDT)
Precedence: bulk
X-Mailing-List: netdev@vger.kernel.org
List-Id: <netdev.vger.kernel.org>
List-Subscribe: <mailto:netdev+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:netdev+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
References: <20240327181700.77940-1-donald.hunter@gmail.com>
<20240327181700.77940-3-donald.hunter@gmail.com> <20240328175729.15208f4a@kernel.org>
<m234s9jh0k.fsf@gmail.com> <20240329084346.7a744d1e@kernel.org> <m2plvcj27b.fsf@gmail.com>
In-Reply-To: <m2plvcj27b.fsf@gmail.com>
From: Donald Hunter <donald.hunter@gmail.com>
Date: Fri, 29 Mar 2024 21:01:09 +0000
Message-ID: <CAD4GDZw0RW3B2n5vC-q-XLpQ_bCg0iP13qvOa=cjK37CPLJsKg@mail.gmail.com>
Subject: Re: [PATCH net-next v1 2/2] tools/net/ynl: Add multi message support
to ynl
To: Jakub Kicinski <kuba@kernel.org>
Cc: netdev@vger.kernel.org, "David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>, Paolo Abeni <pabeni@redhat.com>, Jiri Pirko <jiri@resnulli.us>,
Jacob Keller <jacob.e.keller@intel.com>, Stanislav Fomichev <sdf@google.com>, donald.hunter@redhat.com
Content-Type: text/plain; charset="UTF-8"
Return-Path: netdev+bounces-83462-steffen.klassert=secunet.com@vger.kernel.org
X-MS-Exchange-Organization-OriginalArrivalTime: 29 Mar 2024 21:01:56.2893
(UTC)
X-MS-Exchange-Organization-Network-Message-Id: 474836ca-b8ec-45fc-ee52-08dc503377c7
X-MS-Exchange-Organization-OriginalClientIPAddress: 62.96.220.37
X-MS-Exchange-Organization-OriginalServerIPAddress: 10.53.40.202
X-MS-Exchange-Organization-Cross-Premises-Headers-Processed: cas-essen-02.secunet.de
X-MS-Exchange-Organization-OrderedPrecisionLatencyInProgress: LSRV=mbx-essen-02.secunet.de:TOTAL-HUB=0.213|SMR=0.137(SMRDE=0.005|SMRC=0.131(SMRCL=0.102|X-SMRCR=0.131))|CAT=0.075(CATOS=0.001
|CATRESL=0.026(CATRESLP2R=0.018)|CATORES=0.045(CATRS=0.045(CATRS-Index
Routing Agent=0.043 )));2024-03-29T21:01:56.520Z
X-MS-Exchange-Forest-ArrivalHubServer: mbx-essen-02.secunet.de
X-MS-Exchange-Organization-AuthSource: cas-essen-02.secunet.de
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-FromEntityHeader: Internet
X-MS-Exchange-Organization-OriginalSize: 10422
X-MS-Exchange-Organization-HygienePolicy: Standard
X-MS-Exchange-Organization-MessageLatency: SRV=cas-essen-02.secunet.de:TOTAL-FE=0.017|SMR=0.007(SMRPI=0.004(SMRPI-FrontendProxyAgent=0.004))|SMS=0.011
X-MS-Exchange-Organization-Recipient-Limit-Verified: True
X-MS-Exchange-Organization-TotalRecipientCount: 1
X-MS-Exchange-Organization-Rules-Execution-History: 0b0cf904-14ac-4724-8bdf-482ee6223cf2%%%fd34672d-751c-45ae-a963-ed177fcabe23%%%d8080257-b0c3-47b4-b0db-23bc0c8ddb3c%%%95e591a2-5d7d-4afa-b1d0-7573d6c0a5d9%%%f7d0f6bc-4dcc-4876-8c5d-b3d6ddbb3d55%%%16355082-c50b-4214-9c7d-d39575f9f79b
X-MS-Exchange-Forest-RulesExecuted: mbx-essen-02
X-MS-Exchange-Organization-RulesExecuted: mbx-essen-02
X-MS-Exchange-Forest-IndexAgent-0: AQ0CZW4AAV0FAAAPAAADH4sIAAAAAAAEAL1UbW8bRRDei31+ucRNhU
DwCUZB6Frh2G4EahK1pUgFtVCoBJXyoVTR+m5sL77bde/26lhV/x0/
jJld27HbUFEqYZ3vZmbn5Zm3/ev6Ew0/FqoLRyfwiyzgaHD0DUgLt4
5Pvz3uwgOjZZbCw0pbLOBO6tjexLH3x7lUWS8x+T2YF8biaSe6Rw/8
JKfVEH5WidLlVMEd4uT9KRYas54pxqytLJYr9Xvw2Jip0mOOaycIiU
kR5Fgq3QVZICxMBWVFxBzjLINZYRIsS5BEs3qB5czoEkvvTBsLf1al
dzVSBVFG43fu0Gv8PjFVluqYVZSDsTr5Gq74pZhRjBfl+XBxXuKLZz
o7z8txjz7EPfeGV/6oWgh34WlR4UaMIUJpcqTQlHGmprgJ4EMjL0Nm
qG9sGN6Eu3dhsArD34d5Dgssu1QBaWOqJYyNSSGRNpn04BFoxBSsgW
SCydRV8sGTX3+AEnOprUpKGJmC/dBJiaBHVg4zLGHI9mBmWEirqCe9
TtSJztA1ahmHukeq+Smf9PrWmKzsa7T9hc76SaZ6swX80YlcMoeH5Q
wTmsGkylFb55J1M6WnfT4iy2Xk3kLm2YZhXmVWeTiHQxwrDfGrAxqU
Q5UenMKtwev4LWWNc+eLNbXMkfQOaErtQRcO9GiM+nAkc5Ut2P5q82
QifaCVuROwvXP8ng49eNTpW9A70fdpStNzStt6+/bxNnuyxR4Pttlb
nYhWGteqa4YVO9HTCRZIbdJmvVXcaYg3KhnDpYDQxT04Q8jlws+M7E
TUfRoBcL2jbhNrFzxLluegKkGNaAxoOiuqBcwVCWklZDLVZp5hOsbU
TQ3P9hnvKZ+64SQXMqUIGvBC5jPqlBmBrxVeYFJZXiheLRij3R5CN/
OPeN311C09zCUP45BGKSWkhu8IyBcwk4WlgImsNsc6NVjSdcFOymo2
M6zjJp1rsx1sdalNrJ2Vp/0+ZupCFb2hMTy2fFn26Vtd9DPJs9AvTV
Uk6DaA/iOV0cVKU33uI5/LmeolXz4+GZwcrbLgK3C1nrZYUEU5b1+H
JR5KT1m65CwVa7GEmtOVKceUjOSMEWFi5uwPX2Kx8JfRECfyJfqlfT
KViy5VE5SlW0FzE3JJ1zIFnZtiSk3nximdmILqQbkQzYDoptB4Yam/
L1VJBflf9pxS/pDVJfMPWt1O9OxVPMrkuIxPqbT2xs0uR4gnVOoMY1
5aL2DnxMbsKl6KNryxppf6dY95M5emNI+Xx9Qyri0JBq9Z8moj1HYk
l8Z7hnIZvwHThx+8Hf4591eIHVGriXAnELv0MF2vM1sLhQhFs8FPqx
GITx0digYph6JDREtE9UDsi5DkNX5fb4rWzspDyML6im7QkWfbYt8L
6e287bfJj/iKhQwg9B4IT9sT/P6iLpp1sU+0U/78ncqf1V3oS4WgFQ
gRiI4DwGgDseMReoJ0HBJGRf5rLs2WaNM7Evv1lUlTXAsD8bHT9M+O
6NBpJxA3xTVK0FsRTiJCjt4IRbsWiAYjpChU6n2ns1cXLXpIZ080Gk
Hbwbu2Pgo5dPtKhZAzJQDNbbek01r265+JetDYJtq+X4SZe7oE3Nyh
viyjNNbdDFblJZr0PUFvelxlWp7dE5+Ezqq+bo2o+Sgkd73jvkfiI7
IiiWfXtHdIBJm0GN6ur6qvNlkRjt9oGkXTjxMduflsurmKyNbTziFV
MlzD4NKtWry2dYn7VjYjjkUmDY9hnax7M7Zd59B7aFEf//Uk/Nd2k5
xw7hLrWtxyTna3dS7HoCZEjYet4eXNIPJO1pou0N67zR2M3Ted/A02
dvMXaQwAAAEKzwI8P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPS
J1dGYtMTYiPz4NCjxFbWFpbFNldD4NCiAgPFZlcnNpb24+MTUuMC4w
LjA8L1ZlcnNpb24+DQogIDxFbWFpbHM+DQogICAgPEVtYWlsIFN0YX
J0SW5kZXg9IjQ1IiBQb3NpdGlvbj0iU2lnbmF0dXJlIj4NCiAgICAg
IDxFbWFpbFN0cmluZz5kb25hbGQuaHVudGVyQGdtYWlsLmNvbTwvRW
1haWxTdHJpbmc+DQogICAgPC9FbWFpbD4NCiAgICA8RW1haWwgU3Rh
cnRJbmRleD0iOTkiPg0KICAgICAgPEVtYWlsU3RyaW5nPmt1YmFAa2
VybmVsLm9yZzwvRW1haWxTdHJpbmc+DQogICAgPC9FbWFpbD4NCiAg
PC9FbWFpbHM+DQo8L0VtYWlsU2V0PgELgQM8P3htbCB2ZXJzaW9uPS
IxLjAiIGVuY29kaW5nPSJ1dGYtMTYiPz4NCjxVcmxTZXQ+DQogIDxW
ZXJzaW9uPjE1LjAuMC4wPC9WZXJzaW9uPg0KICA8VXJscz4NCiAgIC
A8VXJsIFN0YXJ0SW5kZXg9IjMwNiIgVHlwZT0iVXJsIj4NCiAgICAg
IDxVcmxTdHJpbmc+bmxfbXNnLm5sPC9VcmxTdHJpbmc+DQogICAgPC
9Vcmw+DQogICAgPFVybCBTdGFydEluZGV4PSIxMzY3IiBQb3NpdGlv
bj0iT3RoZXIiIFR5cGU9IlVybCI+DQogICAgICA8VXJsU3RyaW5nPm
h0dHBzOi8vZWxpeGlyLmJvb3RsaW4uY29tL2xpbnV4L2xhdGVzdC9z
b3VyY2UvbmV0L25ldGZpbHRlci9uZl90YWJsZXNfYXBpLmMjTDkwOT
I8L1VybFN0cmluZz4NCiAgICA8L1VybD4NCiAgPC9VcmxzPg0KPC9V
cmxTZXQ+AQydBzw/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9In
V0Zi0xNiI/Pg0KPENvbnRhY3RTZXQ+DQogIDxWZXJzaW9uPjE1LjAu
MC4wPC9WZXJzaW9uPg0KICA8Q29udGFjdHM+DQogICAgPENvbnRhY3
QgU3RhcnRJbmRleD0iMzAiIFBvc2l0aW9uPSJTaWduYXR1cmUiPg0K
ICAgICAgPFBlcnNvbiBTdGFydEluZGV4PSIzMCIgUG9zaXRpb249Il
NpZ25hdHVyZSI+DQogICAgICAgIDxQZXJzb25TdHJpbmc+RG9uYWxk
IEh1bnRlcjwvUGVyc29uU3RyaW5nPg0KICAgICAgPC9QZXJzb24+DQ
ogICAgICA8RW1haWxzPg0KICAgICAgICA8RW1haWwgU3RhcnRJbmRl
eD0iNDUiIFBvc2l0aW9uPSJTaWduYXR1cmUiPg0KICAgICAgICAgID
xFbWFpbFN0cmluZz5kb25hbGQuaHVudGVyQGdtYWlsLmNvbTwvRW1h
aWxTdHJpbmc+DQogICAgICAgIDwvRW1haWw+DQogICAgICA8L0VtYW
lscz4NCiAgICAgIDxDb250YWN0U3RyaW5nPkRvbmFsZCBIdW50ZXIg
Jmx0O2RvbmFsZC5odW50ZXJAZ21haWwuY29tPC9Db250YWN0U3RyaW
5nPg0KICAgIDwvQ29udGFjdD4NCiAgICA8Q29udGFjdCBTdGFydElu
ZGV4PSI4MyI+DQogICAgICA8UGVyc29uIFN0YXJ0SW5kZXg9IjgzIj
4NCiAgICAgICAgPFBlcnNvblN0cmluZz5KYWt1YiBLaWNpbnNraTwv
UGVyc29uU3RyaW5nPg0KICAgICAgPC9QZXJzb24+DQogICAgICA8RW
1haWxzPg0KICAgICAgICA8RW1haWwgU3RhcnRJbmRleD0iOTkiPg0K
ICAgICAgICAgIDxFbWFpbFN0cmluZz5rdWJhQGtlcm5lbC5vcmc8L0
VtYWlsU3RyaW5nPg0KICAgICAgICA8L0VtYWlsPg0KICAgICAgPC9F
bWFpbHM+DQogICAgICA8Q29udGFjdFN0cmluZz5KYWt1YiBLaWNpbn
NraSAmbHQ7a3ViYUBrZXJuZWwub3JnPC9Db250YWN0U3RyaW5nPg0K
ICAgIDwvQ29udGFjdD4NCiAgPC9Db250YWN0cz4NCjwvQ29udGFjdF
NldD4BDs8BUmV0cmlldmVyT3BlcmF0b3IsMTAsMjtSZXRyaWV2ZXJP
cGVyYXRvciwxMSwyO1Bvc3REb2NQYXJzZXJPcGVyYXRvciwxMCwxO1
Bvc3REb2NQYXJzZXJPcGVyYXRvciwxMSwwO1Bvc3RXb3JkQnJlYWtl
ckRpYWdub3N0aWNPcGVyYXRvciwxMCwzO1Bvc3RXb3JkQnJlYWtlck
RpYWdub3N0aWNPcGVyYXRvciwxMSwwO1RyYW5zcG9ydFdyaXRlclBy b2R1Y2VyLDIwLDE3
X-MS-Exchange-Forest-IndexAgent: 1 3252
X-MS-Exchange-Forest-EmailMessageHash: 130014E9
X-MS-Exchange-Forest-Language: en
X-MS-Exchange-Organization-Processed-By-Journaling: Journal Agent
On Fri, 29 Mar 2024 at 18:58, Donald Hunter <donald.hunter@gmail.com> wrote:
>
> Jakub Kicinski <kuba@kernel.org> writes:
>
> > Looking at the code again, are you sure we'll process all the responses
> > not just the first one?
> >
> > Shouldn't this:
> >
> > + del reqs_by_seq[nl_msg.nl_seq]
> > done = True
> >
> > be something like:
> >
> > del reqs_by_seq[nl_msg.nl_seq]
> > done = len(reqs_by_seq) == 0
> >
>
> Hmm yes, that's a good catch. I need to check the DONE semantics for
> these nftables batch operations.
Well that's a problem:
./tools/net/ynl/cli.py \
--spec Documentation/netlink/specs/nftables.yaml \
--multi batch-begin '{"res-id": 10}' \
--multi newtable '{"name": "test", "nfgen-family": 1}' \
--multi newchain '{"name": "chain", "table": "test", "nfgen-family": 1}' \
--multi batch-end '{"res-id": 10}'
Adding: 20778
Adding: 20779
Adding: 20780
Adding: 20781
Done: 20779
Done: 20780
There's no response for 'batch-begin' or 'batch-end'. We may need a
per op spec property to tell us if a request will be acknowledged.
> > Would be good to add an example of multi executing some get operations.
>
> I think this was a blind spot on my part because nftables doesn't
> support batch for get operations:
>
> https://elixir.bootlin.com/linux/latest/source/net/netfilter/nf_tables_api.c#L9092
>
> I'll need to try using multi for gets without any batch messages and see how
> everything behaves.
Okay, so it can be made to work. Will incorporate into the next revision:
./tools/net/ynl/cli.py \
--spec Documentation/netlink/specs/nftables.yaml \
--multi gettable '{"name": "test", "nfgen-family": 1}' \
--multi getchain '{"name": "chain", "table": "test", "nfgen-family": 1}'
[{'flags': set(),
'handle': 10,
'name': 'test',
'nfgen-family': 1,
'res-id': 200,
'use': 1,
'version': 0},
{'handle': 1,
'name': 'chain',
'nfgen-family': 1,
'res-id': 200,
'table': 'test',
'use': 0,
'version': 0}]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH net-next v1 2/2] tools/net/ynl: Add multi message support to ynl
@ 2024-03-29 21:46 ` Jakub Kicinski
0 siblings, 0 replies; 14+ messages in thread
From: Jakub Kicinski @ 2024-03-29 21:46 UTC (permalink / raw)
To: Donald Hunter, Pablo Neira Ayuso
Cc: netdev, David S. Miller, Eric Dumazet, Paolo Abeni, Jiri Pirko,
Jacob Keller, Stanislav Fomichev, donald.hunter, fw
On Fri, 29 Mar 2024 21:01:09 +0000 Donald Hunter wrote:
> There's no response for 'batch-begin' or 'batch-end'. We may need a
> per op spec property to tell us if a request will be acknowledged.
:(
Pablo, could we possibly start processing the ACK flags on those
messages? Maybe the existing user space doesn't set ACK so nobody
would notice?
I don't think the messages are otherwise marked as special from
the "netlink layer" perspective.
> > I think this was a blind spot on my part because nftables doesn't
> > support batch for get operations:
> >
> > https://elixir.bootlin.com/linux/latest/source/net/netfilter/nf_tables_api.c#L9092
> >
> > I'll need to try using multi for gets without any batch messages and see how
> > everything behaves.
>
> Okay, so it can be made to work. Will incorporate into the next revision:
Great!
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH net-next v1 2/2] tools/net/ynl: Add multi message support to ynl
@ 2024-03-29 21:46 ` Jakub Kicinski
0 siblings, 0 replies; 14+ messages in thread
From: Jakub Kicinski @ 2024-03-29 21:46 UTC (permalink / raw)
To: Donald Hunter, Pablo Neira Ayuso
Cc: netdev, David S. Miller, Eric Dumazet, Paolo Abeni, Jiri Pirko,
Jacob Keller, Stanislav Fomichev, donald.hunter, fw
On Fri, 29 Mar 2024 21:01:09 +0000 Donald Hunter wrote:
> There's no response for 'batch-begin' or 'batch-end'. We may need a
> per op spec property to tell us if a request will be acknowledged.
:(
Pablo, could we possibly start processing the ACK flags on those
messages? Maybe the existing user space doesn't set ACK so nobody
would notice?
I don't think the messages are otherwise marked as special from
the "netlink layer" perspective.
> > I think this was a blind spot on my part because nftables doesn't
> > support batch for get operations:
> >
> > https://elixir.bootlin.com/linux/latest/source/net/netfilter/nf_tables_api.c#L9092
> >
> > I'll need to try using multi for gets without any batch messages and see how
> > everything behaves.
>
> Okay, so it can be made to work. Will incorporate into the next revision:
Great!
X-sender: <netdev+bounces-83467-peter.schumann=secunet.com@vger.kernel.org>
X-Receiver: <peter.schumann@secunet.com> ORCPT=rfc822;peter.schumann@secunet.com
X-CreatedBy: MSExchange15
X-HeloDomain: mbx-dresden-01.secunet.de
X-ExtendedProps: BQBjAAoA+UemlidQ3AgFADcAAgAADwA8AAAATWljcm9zb2Z0LkV4Y2hhbmdlLlRyYW5zcG9ydC5NYWlsUmVjaXBpZW50Lk9yZ2FuaXphdGlvblNjb3BlEQAAAAAAAAAAAAAAAAAAAAAADwA/AAAATWljcm9zb2Z0LkV4Y2hhbmdlLlRyYW5zcG9ydC5EaXJlY3RvcnlEYXRhLk1haWxEZWxpdmVyeVByaW9yaXR5DwADAAAATG93
X-Source: SMTP:Default MBX-ESSEN-02
X-SourceIPAddress: 10.53.40.199
X-EndOfInjectedXHeaders: 8081
Received: from mbx-dresden-01.secunet.de (10.53.40.199) by
mbx-essen-02.secunet.de (10.53.40.198) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2507.37; Fri, 29 Mar 2024 22:46:52 +0100
Received: from b.mx.secunet.com (62.96.220.37) by cas-essen-02.secunet.de
(10.53.40.202) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend
Transport; Fri, 29 Mar 2024 22:46:52 +0100
Received: from localhost (localhost [127.0.0.1])
by b.mx.secunet.com (Postfix) with ESMTP id 2117320396
for <peter.schumann@secunet.com>; Fri, 29 Mar 2024 22:46:52 +0100 (CET)
X-Virus-Scanned: by secunet
X-Spam-Flag: NO
X-Spam-Score: -3.099
X-Spam-Level:
X-Spam-Status: No, score=-3.099 tagged_above=-999 required=2.1
tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.099, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MAILING_LIST_MULTI=-1,
RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Authentication-Results: a.mx.secunet.com (amavisd-new);
dkim=pass (2048-bit key) header.d=kernel.org
Received: from b.mx.secunet.com ([127.0.0.1])
by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id lWTysdRw2TI3 for <peter.schumann@secunet.com>;
Fri, 29 Mar 2024 22:46:51 +0100 (CET)
Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=147.75.48.161; helo=sy.mirrors.kernel.org; envelope-from=netdev+bounces-83467-peter.schumann=secunet.com@vger.kernel.org; receiver=peter.schumann@secunet.com
DKIM-Filter: OpenDKIM Filter v2.11.0 b.mx.secunet.com 6BFD82032C
Authentication-Results: b.mx.secunet.com;
dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="bI+U+9iL"
Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org [147.75.48.161])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by b.mx.secunet.com (Postfix) with ESMTPS id 6BFD82032C
for <peter.schumann@secunet.com>; Fri, 29 Mar 2024 22:46:50 +0100 (CET)
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by sy.mirrors.kernel.org (Postfix) with ESMTPS id 20389B21C05
for <peter.schumann@secunet.com>; Fri, 29 Mar 2024 21:46:46 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
by smtp.subspace.kernel.org (Postfix) with ESMTP id 0A40D13BC09;
Fri, 29 Mar 2024 21:46:42 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="bI+U+9iL"
X-Original-To: netdev@vger.kernel.org
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id DA80785926
for <netdev@vger.kernel.org>; Fri, 29 Mar 2024 21:46:40 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1711748801; cv=none; b=hLKYXnQEay5o+2wB5f0ryqS+rZ4ZW/pWleHMXwjhbqTEO9laLXYaP0C6ZTYGVrNw+Tt5OVQ/RQaNUat82Rt+EhBBWWqzcvErd7KDsFj0u4E1bDi1tepghJvI1eyyM+7gjw9B2Jl5hWUWRNj3KHwymj9hNAeWQKdXyYcIelmzd6g=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1711748801; c=relaxed/simple;
bh=WYrLnd5VJ+w8tGoOoxXgy3WX373NxHkTc+nBr5+yjG4=;
h=Date:From:To:Cc:Subject:Message-ID:In-Reply-To:References:
MIME-Version:Content-Type; b=Da0PmiKj4OjIEt8CupTNYdDoBOgmm/fmvFKxeKWlbCItOgbA0gtxxxkd4hPTd3TIzWfN6pUedIOpwdyyZE0XgLyjFKerPpbHIyQsmI5+UNZ2pzKJU7SOGYeO/z+jep+WWfr4R1gtnmwquWEj0SLan7cV63m1nEY70J0ZSUYgjHc=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=bI+U+9iL; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1BAFCC433C7;
Fri, 29 Mar 2024 21:46:40 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
s=k20201202; t=1711748800;
bh=WYrLnd5VJ+w8tGoOoxXgy3WX373NxHkTc+nBr5+yjG4=;
h=Date:From:To:Cc:Subject:In-Reply-To:References:From;
b=bI+U+9iL3hiAq1i9X3EfgmszunTmib3XIbrxUXRflu3eiFNobwQTe80Nf79MnqiG8
t3e98Rgu7Jq4Mk3ZE4Fdq4v43fw9On7zw5k3qEWPs63RVIGvHxkkIqzruRT0wC46jl
9q2y63dRk0GsdQxnFxFqQ44B8lisQgn22oS7gpVRPtSnINNdrbZMtXLzpz7n7rYzER
WwmL/vzkFrdHEj9I9WpPRcCiHv3J4pPbcwn/oyA4gO058KPdy3NpRp992LZOHjmd3M
ax2/pQcD7XZi71fGhCFm+oewMT3YFpCaojmdBqcEOVTku7zALR43tPlo8iANKnkNbS
495lKCzcWHj0w==
Date: Fri, 29 Mar 2024 14:46:39 -0700
From: Jakub Kicinski <kuba@kernel.org>
To: Donald Hunter <donald.hunter@gmail.com>, Pablo Neira Ayuso
<pablo@netfilter.org>
Cc: netdev@vger.kernel.org, "David S. Miller" <davem@davemloft.net>, Eric
Dumazet <edumazet@google.com>, Paolo Abeni <pabeni@redhat.com>, Jiri Pirko
<jiri@resnulli.us>, Jacob Keller <jacob.e.keller@intel.com>, Stanislav
Fomichev <sdf@google.com>, donald.hunter@redhat.com, fw@strlen.de
Subject: Re: [PATCH net-next v1 2/2] tools/net/ynl: Add multi message
support to ynl
Message-ID: <20240329144639.0b42dc19@kernel.org>
In-Reply-To: <CAD4GDZw0RW3B2n5vC-q-XLpQ_bCg0iP13qvOa=cjK37CPLJsKg@mail.gmail.com>
References: <20240327181700.77940-1-donald.hunter@gmail.com>
<20240327181700.77940-3-donald.hunter@gmail.com>
<20240328175729.15208f4a@kernel.org>
<m234s9jh0k.fsf@gmail.com>
<20240329084346.7a744d1e@kernel.org>
<m2plvcj27b.fsf@gmail.com>
<CAD4GDZw0RW3B2n5vC-q-XLpQ_bCg0iP13qvOa=cjK37CPLJsKg@mail.gmail.com>
Precedence: bulk
X-Mailing-List: netdev@vger.kernel.org
List-Id: <netdev.vger.kernel.org>
List-Subscribe: <mailto:netdev+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:netdev+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Return-Path: netdev+bounces-83467-peter.schumann=secunet.com@vger.kernel.org
X-MS-Exchange-Organization-OriginalArrivalTime: 29 Mar 2024 21:46:52.1893
(UTC)
X-MS-Exchange-Organization-Network-Message-Id: e724de8b-c62a-42f5-a116-08dc5039bea9
X-MS-Exchange-Organization-OriginalClientIPAddress: 62.96.220.37
X-MS-Exchange-Organization-OriginalServerIPAddress: 10.53.40.202
X-MS-Exchange-Organization-Cross-Premises-Headers-Processed: cas-essen-02.secunet.de
X-MS-Exchange-Organization-OrderedPrecisionLatencyInProgress: LSRV=cas-essen-02.secunet.de:TOTAL-FE=0.008|SMR=0.008(SMRPI=0.006(SMRPI-FrontendProxyAgent=0.006));2024-03-29T21:46:52.198Z
X-MS-Exchange-Forest-ArrivalHubServer: mbx-essen-02.secunet.de
X-MS-Exchange-Organization-AuthSource: cas-essen-02.secunet.de
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-OriginalSize: 7533
X-MS-Exchange-Organization-Transport-Properties: DeliveryPriority=Low
X-MS-Exchange-Organization-Prioritization: 2:ShadowRedundancy
X-MS-Exchange-Organization-IncludeInSla: False:ShadowRedundancy
On Fri, 29 Mar 2024 21:01:09 +0000 Donald Hunter wrote:
> There's no response for 'batch-begin' or 'batch-end'. We may need a
> per op spec property to tell us if a request will be acknowledged.
:(
Pablo, could we possibly start processing the ACK flags on those
messages? Maybe the existing user space doesn't set ACK so nobody
would notice?
I don't think the messages are otherwise marked as special from
the "netlink layer" perspective.
> > I think this was a blind spot on my part because nftables doesn't
> > support batch for get operations:
> >
> > https://elixir.bootlin.com/linux/latest/source/net/netfilter/nf_tables_api.c#L9092
> >
> > I'll need to try using multi for gets without any batch messages and see how
> > everything behaves.
>
> Okay, so it can be made to work. Will incorporate into the next revision:
Great!
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH net-next v1 2/2] tools/net/ynl: Add multi message support to ynl
2024-03-29 21:46 ` Jakub Kicinski
(?)
@ 2024-03-29 22:12 ` Pablo Neira Ayuso
-1 siblings, 0 replies; 14+ messages in thread
From: Pablo Neira Ayuso @ 2024-03-29 22:12 UTC (permalink / raw)
To: Jakub Kicinski
Cc: Donald Hunter, netdev, David S. Miller, Eric Dumazet,
Paolo Abeni, Jiri Pirko, Jacob Keller, Stanislav Fomichev,
donald.hunter, fw, netfilter-devel
On Fri, Mar 29, 2024 at 02:46:39PM -0700, Jakub Kicinski wrote:
> On Fri, 29 Mar 2024 21:01:09 +0000 Donald Hunter wrote:
> > There's no response for 'batch-begin' or 'batch-end'. We may need a
> > per op spec property to tell us if a request will be acknowledged.
>
> :(
>
> Pablo, could we possibly start processing the ACK flags on those
> messages? Maybe the existing user space doesn't set ACK so nobody
> would notice?
>
> I don't think the messages are otherwise marked as special from
> the "netlink layer" perspective.
It is possible to explore this. I don't have a use-case for NLM_F_ACK
and the begin marker message at this stage.
Thanks.
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2024-03-31 16:43 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-03-27 18:16 [PATCH net-next v1 0/2] netlink: Add nftables spec w/ multi messages Donald Hunter
2024-03-27 18:16 ` [PATCH net-next v1 1/2] doc/netlink/specs: Add draft nftables spec Donald Hunter
2024-03-27 18:17 ` [PATCH net-next v1 2/2] tools/net/ynl: Add multi message support to ynl Donald Hunter
2024-03-29 0:57 ` Jakub Kicinski
2024-03-29 13:37 ` Donald Hunter
2024-03-29 15:43 ` Jakub Kicinski
2024-03-29 18:57 ` Donald Hunter
2024-03-29 21:01 ` Donald Hunter
2024-03-29 21:01 ` Donald Hunter
2024-03-29 21:46 ` Jakub Kicinski
2024-03-29 21:46 ` Jakub Kicinski
2024-03-29 22:12 ` Pablo Neira Ayuso
2024-03-27 22:45 ` [PATCH net-next v1 0/2] netlink: Add nftables spec w/ multi messages Pablo Neira Ayuso
2024-03-28 15:33 ` Donald Hunter
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.