{"id":809366,"url":"http://patchwork.ozlabs.org/api/1.2/patches/809366/?format=json","web_url":"http://patchwork.ozlabs.org/project/netfilter-devel/patch/1504475761-11454-1-git-send-email-pablo@netfilter.org/","project":{"id":26,"url":"http://patchwork.ozlabs.org/api/1.2/projects/26/?format=json","name":"Netfilter Development","link_name":"netfilter-devel","list_id":"netfilter-devel.vger.kernel.org","list_email":"netfilter-devel@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<1504475761-11454-1-git-send-email-pablo@netfilter.org>","list_archive_url":null,"date":"2017-09-03T21:55:59","name":"[nf-next,3/5] netlink: add NLM_F_NONREC flag for deletion requests","commit_ref":null,"pull_url":null,"state":"accepted","archived":false,"hash":"08f906b9e7482f3fa48d4c3b6a339de1d475b08f","submitter":{"id":1315,"url":"http://patchwork.ozlabs.org/api/1.2/people/1315/?format=json","name":"Pablo Neira Ayuso","email":"pablo@netfilter.org"},"delegate":{"id":6139,"url":"http://patchwork.ozlabs.org/api/1.2/users/6139/?format=json","username":"pablo","first_name":"Pablo","last_name":"Neira","email":"pablo@netfilter.org"},"mbox":"http://patchwork.ozlabs.org/project/netfilter-devel/patch/1504475761-11454-1-git-send-email-pablo@netfilter.org/mbox/","series":[{"id":1277,"url":"http://patchwork.ozlabs.org/api/1.2/series/1277/?format=json","web_url":"http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=1277","date":"2017-09-03T21:54:27","name":"[nf-next,1/5] netfilter: nf_tables: add nf_tables_updchain()","version":1,"mbox":"http://patchwork.ozlabs.org/series/1277/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/809366/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/809366/checks/","tags":{},"related":[],"headers":{"Return-Path":"<netfilter-devel-owner@vger.kernel.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netfilter-devel-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)","Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xlmyp73GVz9sPs\n\tfor <incoming@patchwork.ozlabs.org>;\n\tMon,  4 Sep 2017 07:56:34 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1752979AbdICV4R (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);\n\tSun, 3 Sep 2017 17:56:17 -0400","from mail.us.es ([193.147.175.20]:47194 \"EHLO mail.us.es\"\n\trhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP\n\tid S1752952AbdICV4Q (ORCPT <rfc822; netfilter-devel@vger.kernel.org>);\n\tSun, 3 Sep 2017 17:56:16 -0400","from antivirus1-rhel7.int (unknown [192.168.2.11])\n\tby mail.us.es (Postfix) with ESMTP id A412111D8F4\n\tfor <netfilter-devel@vger.kernel.org>;\n\tSun,  3 Sep 2017 23:55:49 +0200 (CEST)","from antivirus1-rhel7.int (localhost [127.0.0.1])\n\tby antivirus1-rhel7.int (Postfix) with ESMTP id 9485EB5024\n\tfor <netfilter-devel@vger.kernel.org>;\n\tSun,  3 Sep 2017 23:55:49 +0200 (CEST)","by antivirus1-rhel7.int (Postfix, from userid 99)\n\tid 894F3B502A; Sun,  3 Sep 2017 23:55:49 +0200 (CEST)","from antivirus1-rhel7.int (localhost [127.0.0.1])\n\tby antivirus1-rhel7.int (Postfix) with ESMTP id 67CCAB5024;\n\tSun,  3 Sep 2017 23:55:47 +0200 (CEST)","from 192.168.1.97 (192.168.1.97) by antivirus1-rhel7.int\n\t(F-Secure/fsigk_smtp/550/antivirus1-rhel7.int); \n\tSun, 03 Sep 2017 23:55:47 +0200 (CEST)","from salvia.here (unknown [31.4.193.113])\n\t(Authenticated sender: pneira@us.es)\n\tby entrada.int (Postfix) with ESMTPA id 1FB5D4265A24;\n\tSun,  3 Sep 2017 23:55:44 +0200 (CEST)"],"X-Spam-Checker-Version":"SpamAssassin 3.4.1 (2015-04-28) on\n\tantivirus1-rhel7.int","X-Spam-Level":"","X-Spam-Status":"No, score=-108.2 required=7.5 tests=ALL_TRUSTED,BAYES_50,\n\tSMTPAUTH_US2,USER_IN_WHITELIST autolearn=disabled version=3.4.1","X-Virus-Status":"clean(F-Secure/fsigk_smtp/550/antivirus1-rhel7.int)","X-SMTPAUTHUS":"auth mail.us.es","From":"Pablo Neira Ayuso <pablo@netfilter.org>","To":"netfilter-devel@vger.kernel.org","Cc":"davem@davemloft.net, netdev@vger.kernel.org","Subject":"[PATCH nf-next 3/5] netlink: add NLM_F_NONREC flag for deletion\n\trequests","Date":"Sun,  3 Sep 2017 23:55:59 +0200","Message-Id":"<1504475761-11454-1-git-send-email-pablo@netfilter.org>","X-Mailer":"git-send-email 2.1.4","X-Virus-Scanned":"ClamAV using ClamSMTP","Sender":"netfilter-devel-owner@vger.kernel.org","Precedence":"bulk","List-ID":"<netfilter-devel.vger.kernel.org>","X-Mailing-List":"netfilter-devel@vger.kernel.org"},"content":"In the last NFWS in Faro, Portugal, we discussed that netlink is lacking\nthe semantics to request non recursive deletions, ie. do not delete an\nobject iff it has child objects that hang from this parent object that\nthe user requests to be deleted.\n\nWe need this new flag to solve a problem for the iptables-compat\nbackward compatibility utility, that runs iptables commands using the\nexisting nf_tables netlink interface. Specifically, custom chains in\niptables cannot be deleted if there are rules in it, however, nf_tables\nallows to remove any chain that is populated with content. To sort out\nthis asymmetry, iptables-compat userspace sets this new NLM_F_NONREC\nflag to obtain the same semantics that iptables provides.\n\nThis new flag should only be used for deletion requests. Note this new\nflag value overlaps with the existing:\n\n* NLM_F_ROOT for get requests.\n* NLM_F_REPLACE for new requests.\n\nHowever, those flags should not ever be used in deletion requests.\n\nSigned-off-by: Pablo Neira Ayuso <pablo@netfilter.org>\n---\n@David: Please, acknowledge this if you think this is fine so I can\n        take this into the nf-next tree, given patches 4/5 and 5/5\n        depend on this. Thanks a lot!\n\n include/uapi/linux/netlink.h | 3 +++\n 1 file changed, 3 insertions(+)","diff":"diff --git a/include/uapi/linux/netlink.h b/include/uapi/linux/netlink.h\nindex f4fc9c9e123d..e8af60a7c56d 100644\n--- a/include/uapi/linux/netlink.h\n+++ b/include/uapi/linux/netlink.h\n@@ -69,6 +69,9 @@ struct nlmsghdr {\n #define NLM_F_CREATE\t0x400\t/* Create, if it does not exist\t*/\n #define NLM_F_APPEND\t0x800\t/* Add to end of list\t\t*/\n \n+/* Modifiers to DELETE request */\n+#define NLM_F_NONREC\t0x100\t/* Do not delete recursively\t*/\n+\n /* Flags for ACK message */\n #define NLM_F_CAPPED\t0x100\t/* request was capped */\n #define NLM_F_ACK_TLVS\t0x200\t/* extended ACK TVLs were included */\n","prefixes":["nf-next","3/5"]}