Patchwork [RFC] netfilter: don't assume NFPROTO_* are like PF_*

login
register
mail settings
Submitter Alban Crequy
Date May 14, 2012, 1:58 p.m.
Message ID <1337003909-2582-1-git-send-email-alban.crequy@collabora.co.uk>
Download mbox | patch
Permalink /patch/159025/
State Rejected
Headers show

Comments

Alban Crequy - May 14, 2012, 1:58 p.m.
With this patch, NFPROTO_* constants don't have the same values as PF_*
constants.

Benefit: it makes NFPROTO_NUMPROTO smaller and saves space as arrays are
smaller.

Issues: might have missed a conversion. I grepped NF_HOOK, nf_register_hook,
nf_register_hooks, and xt_hook_link. So it is probably fine.

NFPROTO_* constants were introduced by commit 7e9c6e.

Signed-off-by: Alban Crequy <alban.crequy@collabora.co.uk>
Reviewed-by: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
Reviewed-by: Vincent Sanders <vincent.sanders@collabora.co.uk>
---
 include/linux/netfilter.h |   10 +++++-----
 1 files changed, 5 insertions(+), 5 deletions(-)
Jan Engelhardt - May 14, 2012, 3:09 p.m.
On Monday 2012-05-14 15:58, Alban Crequy wrote:
>--- a/include/linux/netfilter.h
>+++ b/include/linux/netfilter.h
>@@ -62,11 +62,11 @@ enum nf_inet_hooks {
> 
> enum {
> 	NFPROTO_UNSPEC =  0,
>-	NFPROTO_IPV4   =  2,
>-	NFPROTO_ARP    =  3,
>-	NFPROTO_BRIDGE =  7,
>-	NFPROTO_IPV6   = 10,
>-	NFPROTO_DECNET = 12,
>+	NFPROTO_IPV4,
>+	NFPROTO_ARP,
>+	NFPROTO_BRIDGE,
>+	NFPROTO_IPV6,
>+	NFPROTO_DECNET,
> 	NFPROTO_NUMPROTO,
> };

This must not be changed under any circumstances. It is exported to
and used by userspace. (Except perhaps for NFPROTO_DECNET, which
refers to a quite dead protocol that I think no user parts have ever
used NFPROTO_DECNET.) I would consider it acceptable to change the
value for NFPROTO_DECNET if Pablo joins.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Alban Crequy - May 14, 2012, 3:42 p.m.
Le Mon, 14 May 2012 17:09:54 +0200 (CEST),
Jan Engelhardt <jengelh@inai.de> a écrit :

> 
> On Monday 2012-05-14 15:58, Alban Crequy wrote:
> >--- a/include/linux/netfilter.h
> >+++ b/include/linux/netfilter.h
> >@@ -62,11 +62,11 @@ enum nf_inet_hooks {
> > 
> > enum {
> > 	NFPROTO_UNSPEC =  0,
> >-	NFPROTO_IPV4   =  2,
> >-	NFPROTO_ARP    =  3,
> >-	NFPROTO_BRIDGE =  7,
> >-	NFPROTO_IPV6   = 10,
> >-	NFPROTO_DECNET = 12,
> >+	NFPROTO_IPV4,
> >+	NFPROTO_ARP,
> >+	NFPROTO_BRIDGE,
> >+	NFPROTO_IPV6,
> >+	NFPROTO_DECNET,
> > 	NFPROTO_NUMPROTO,
> > };
> 
> This must not be changed under any circumstances. It is exported to
> and used by userspace. (Except perhaps for NFPROTO_DECNET, which
> refers to a quite dead protocol that I think no user parts have ever
> used NFPROTO_DECNET.) I would consider it acceptable to change the
> value for NFPROTO_DECNET if Pablo joins.

Thanks for the review. I didn't realize it was exported to and used by
userspace. I would drop this patch then.

Alban
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Pablo Neira - May 14, 2012, 7:06 p.m.
On Mon, May 14, 2012 at 05:09:54PM +0200, Jan Engelhardt wrote:
> 
> On Monday 2012-05-14 15:58, Alban Crequy wrote:
> >--- a/include/linux/netfilter.h
> >+++ b/include/linux/netfilter.h
> >@@ -62,11 +62,11 @@ enum nf_inet_hooks {
> > 
> > enum {
> > 	NFPROTO_UNSPEC =  0,
> >-	NFPROTO_IPV4   =  2,
> >-	NFPROTO_ARP    =  3,
> >-	NFPROTO_BRIDGE =  7,
> >-	NFPROTO_IPV6   = 10,
> >-	NFPROTO_DECNET = 12,
> >+	NFPROTO_IPV4,
> >+	NFPROTO_ARP,
> >+	NFPROTO_BRIDGE,
> >+	NFPROTO_IPV6,
> >+	NFPROTO_DECNET,
> > 	NFPROTO_NUMPROTO,
> > };
> 
> This must not be changed under any circumstances. It is exported to
> and used by userspace. (Except perhaps for NFPROTO_DECNET, which
> refers to a quite dead protocol that I think no user parts have ever
> used NFPROTO_DECNET.) I would consider it acceptable to change the
> value for NFPROTO_DECNET if Pablo joins.

If there is some remote posibility to break userspace code, I won't
take the patch, sorry.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index 29734be..89afadb 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -62,11 +62,11 @@  enum nf_inet_hooks {
 
 enum {
 	NFPROTO_UNSPEC =  0,
-	NFPROTO_IPV4   =  2,
-	NFPROTO_ARP    =  3,
-	NFPROTO_BRIDGE =  7,
-	NFPROTO_IPV6   = 10,
-	NFPROTO_DECNET = 12,
+	NFPROTO_IPV4,
+	NFPROTO_ARP,
+	NFPROTO_BRIDGE,
+	NFPROTO_IPV6,
+	NFPROTO_DECNET,
 	NFPROTO_NUMPROTO,
 };