Jakub Kicinski <kuba@xxxxxxxxxx> writes: > On Wed, 24 Jan 2024 09:37:31 +0000 Donald Hunter wrote: >> > Meaning if the key is not found in current scope we'll silently and >> > recursively try outer scopes? Did we already document that? >> > I remember we discussed it, can you share a link to that discussion? >> >> Yes, it silently tries outer scopes. The previous discussion is here: >> >> https://patchwork.kernel.org/project/netdevbpf/patch/20231130214959.27377-7-donald.hunter@xxxxxxxxx/#25622101 >> >> This is the doc patch that describes sub-messages: >> >> https://patchwork.kernel.org/project/netdevbpf/patch/20231215093720.18774-4-donald.hunter@xxxxxxxxx/ >> >> It doesn't mention searching outer scopes so I can add that to the docs. > > I'm a tiny bit worried about the mis-ordered case. If the selector attr > is after the sub-msg but outer scope has an attr of the same name we'll > silently use the wrong one. It shouldn't happen in practice but can we > notice the wrong ordering and error out cleanly? I was quite pleased with how simple the patch turned out to be when I used ChainMap, but it does have this weakness. In practice, the only place this could be a problem is with tc-act-attrs which has the same attribute name 'kind' in the nest and in tc-attrs at the top level. If you send a create message with ynl, you could omit the 'kind' attr in the 'act' nest and ynl would incorrectly resolve to the top level 'kind'. The kernel would reject the action with a missing 'kind' but the rest of payload would be encoded wrongly and/or could break ynl. My initial thought is that this might be better handled as input validation, e.g. adding 'required: true' to the spec for 'act/kind'. After using ynl for a while, I think it would help to specify required attributes for messages, nests and sub-messsages. It's very hard to discover the required attributes for families that don't provide extack responses for errors. Thoughts?
