{"id":809361,"url":"http://patchwork.ozlabs.org/api/patches/809361/?format=json","web_url":"http://patchwork.ozlabs.org/project/netdev/patch/1504475761-11454-1-git-send-email-pablo@netfilter.org/","project":{"id":7,"url":"http://patchwork.ozlabs.org/api/projects/7/?format=json","name":"Linux network development","link_name":"netdev","list_id":"netdev.vger.kernel.org","list_email":"netdev@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<1504475761-11454-1-git-send-email-pablo@netfilter.org>","list_archive_url":null,"date":"2017-09-03T21:55:59","name":"[nf-next,3/5] netlink: add NLM_F_NONREC flag for deletion requests","commit_ref":null,"pull_url":null,"state":"changes-requested","archived":true,"hash":"08f906b9e7482f3fa48d4c3b6a339de1d475b08f","submitter":{"id":1315,"url":"http://patchwork.ozlabs.org/api/people/1315/?format=json","name":"Pablo Neira Ayuso","email":"pablo@netfilter.org"},"delegate":{"id":34,"url":"http://patchwork.ozlabs.org/api/users/34/?format=json","username":"davem","first_name":"David","last_name":"Miller","email":"davem@davemloft.net"},"mbox":"http://patchwork.ozlabs.org/project/netdev/patch/1504475761-11454-1-git-send-email-pablo@netfilter.org/mbox/","series":[{"id":1278,"url":"http://patchwork.ozlabs.org/api/series/1278/?format=json","web_url":"http://patchwork.ozlabs.org/project/netdev/list/?series=1278","date":"2017-09-03T21:55:59","name":null,"version":1,"mbox":"http://patchwork.ozlabs.org/series/1278/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/809361/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/809361/checks/","tags":{},"related":[],"headers":{"Return-Path":"","X-Original-To":"patchwork-incoming@ozlabs.org","Delivered-To":"patchwork-incoming@ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=)","Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xlmyZ6KBjz9sPs\n\tfor ;\n\tMon, 4 Sep 2017 07:56:22 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1753010AbdICV4R (ORCPT );\n\tSun, 3 Sep 2017 17:56:17 -0400","from mail.us.es ([193.147.175.20]:47196 \"EHLO mail.us.es\"\n\trhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP\n\tid S1752960AbdICV4Q (ORCPT );\n\tSun, 3 Sep 2017 17:56:16 -0400","from antivirus1-rhel7.int (unknown [192.168.2.11])\n\tby mail.us.es (Postfix) with ESMTP id AD01911D8F6\n\tfor ; Sun, 3 Sep 2017 23:55:49 +0200 (CEST)","from antivirus1-rhel7.int (localhost [127.0.0.1])\n\tby antivirus1-rhel7.int (Postfix) with ESMTP id 9C88DB5030\n\tfor ; Sun, 3 Sep 2017 23:55:49 +0200 (CEST)","by antivirus1-rhel7.int (Postfix, from userid 99)\n\tid 91DBCB502D; Sun, 3 Sep 2017 23:55:49 +0200 (CEST)","from antivirus1-rhel7.int (localhost [127.0.0.1])\n\tby antivirus1-rhel7.int (Postfix) with ESMTP id 67CCAB5024;\n\tSun, 3 Sep 2017 23:55:47 +0200 (CEST)","from 192.168.1.97 (192.168.1.97) by antivirus1-rhel7.int\n\t(F-Secure/fsigk_smtp/550/antivirus1-rhel7.int); \n\tSun, 03 Sep 2017 23:55:47 +0200 (CEST)","from salvia.here (unknown [31.4.193.113])\n\t(Authenticated sender: pneira@us.es)\n\tby entrada.int (Postfix) with ESMTPA id 1FB5D4265A24;\n\tSun, 3 Sep 2017 23:55:44 +0200 (CEST)"],"X-Spam-Checker-Version":"SpamAssassin 3.4.1 (2015-04-28) on\n\tantivirus1-rhel7.int","X-Spam-Level":"","X-Spam-Status":"No, score=-108.2 required=7.5 tests=ALL_TRUSTED,BAYES_50,\n\tSMTPAUTH_US2,USER_IN_WHITELIST autolearn=disabled version=3.4.1","X-Virus-Status":"clean(F-Secure/fsigk_smtp/550/antivirus1-rhel7.int)","X-SMTPAUTHUS":"auth mail.us.es","From":"Pablo Neira Ayuso ","To":"netfilter-devel@vger.kernel.org","Cc":"davem@davemloft.net, netdev@vger.kernel.org","Subject":"[PATCH nf-next 3/5] netlink: add NLM_F_NONREC flag for deletion\n\trequests","Date":"Sun, 3 Sep 2017 23:55:59 +0200","Message-Id":"<1504475761-11454-1-git-send-email-pablo@netfilter.org>","X-Mailer":"git-send-email 2.1.4","X-Virus-Scanned":"ClamAV using ClamSMTP","Sender":"netdev-owner@vger.kernel.org","Precedence":"bulk","List-ID":"","X-Mailing-List":"netdev@vger.kernel.org"},"content":"In the last NFWS in Faro, Portugal, we discussed that netlink is lacking\nthe semantics to request non recursive deletions, ie. do not delete an\nobject iff it has child objects that hang from this parent object that\nthe user requests to be deleted.\n\nWe need this new flag to solve a problem for the iptables-compat\nbackward compatibility utility, that runs iptables commands using the\nexisting nf_tables netlink interface. Specifically, custom chains in\niptables cannot be deleted if there are rules in it, however, nf_tables\nallows to remove any chain that is populated with content. To sort out\nthis asymmetry, iptables-compat userspace sets this new NLM_F_NONREC\nflag to obtain the same semantics that iptables provides.\n\nThis new flag should only be used for deletion requests. Note this new\nflag value overlaps with the existing:\n\n* NLM_F_ROOT for get requests.\n* NLM_F_REPLACE for new requests.\n\nHowever, those flags should not ever be used in deletion requests.\n\nSigned-off-by: Pablo Neira Ayuso \n---\n@David: Please, acknowledge this if you think this is fine so I can\n take this into the nf-next tree, given patches 4/5 and 5/5\n depend on this. Thanks a lot!\n\n include/uapi/linux/netlink.h | 3 +++\n 1 file changed, 3 insertions(+)","diff":"diff --git a/include/uapi/linux/netlink.h b/include/uapi/linux/netlink.h\nindex f4fc9c9e123d..e8af60a7c56d 100644\n--- a/include/uapi/linux/netlink.h\n+++ b/include/uapi/linux/netlink.h\n@@ -69,6 +69,9 @@ struct nlmsghdr {\n #define NLM_F_CREATE\t0x400\t/* Create, if it does not exist\t*/\n #define NLM_F_APPEND\t0x800\t/* Add to end of list\t\t*/\n \n+/* Modifiers to DELETE request */\n+#define NLM_F_NONREC\t0x100\t/* Do not delete recursively\t*/\n+\n /* Flags for ACK message */\n #define NLM_F_CAPPED\t0x100\t/* request was capped */\n #define NLM_F_ACK_TLVS\t0x200\t/* extended ACK TVLs were included */\n","prefixes":["nf-next","3/5"]}