Re: [PATCH v2 24/27] network: add an nftables backend for network driver's firewall construction

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 4/23/24 1:42 PM, Daniel P. Berrangé wrote:
On Tue, Apr 23, 2024 at 01:27:05PM -0400, Laine Stump wrote:
[...]

On 4/23/24 7:15 AM, Daniel P. Berrangé wrote:

What are the uniqueness guarantees of handle numbers.

Each table has a monotonically increasing counter (I'd assume at least 32
bits), so it shouldn't be a problem.

But WAIT!!! - While typing this reply I've discovered something new!

Until about 45 minutes ago, I had assumed there was a single systemwide
counter. But based on your question, I asked egarver who told me that there
is a counter for each table. And we create our own tables (called "libvirt",
for both ip and ip6). I just tried manually deleting the libvirt table, and
in that case the counter does start over from 0! :-O

Oh, that's not terrible at all, as the unique constraint is thus

   ("libvirt", <handle>)

which eliminates any risk of us accidentally deleting stuff belonging
to the sysadmin or another app. If someone else creates a table
called 'libvirt' they get to keep all the broken pieces :-)


I can't decide if this is a case of "Ooh! We'd better try to protect against
this!", or "Well, you deliberately broke it, so you get to pick up the
pieces!"

The latter.


Exxxcelllent! </MrBurns>
_______________________________________________
Devel mailing list -- devel@xxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxx




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux