Hi Florian,
thanks for working on this, here my comments.
On 14 September 2016 at 19:45, Florian Westphal <fw@xxxxxxxxx> wrote:
> Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
>> On Mon, Sep 12, 2016 at 09:00:25PM +0200, Florian Westphal wrote:
>> > Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
>> > > fib lookup ip daddr . oif
>> > >
>> > > As you are basically looking for the route based on IPv4 address and
>> > > the output interface, so this boils down to:
>> > >
>> > > fib lookup $expr $flags
>> >
>> > How would the kernel disentangle the register data?
>>
>> What I'm proposing is to represent this as a concatenation, since this
>> represents the tuple that you use to look up for route.
>>
>> > (i.e., how do i know where in the sreg e.g. the daddr is
>> > that i need to stuff in the flowi struct?)
>>
>> You can iterate over the concatenation compound from the
>> netlink_linearize path, it is just a list of expressions. Then, you
>> can set the NFTA_FIB_* netlink attribute using them.
>
> I found this to be ugly and cumbersome, I'd propose following
> syntax instead:
>
> FIB fib_type fib_family '{' fib_addr fib_key_flags '}'
>
> The {} are needed because I'd like to use 'mark' and 'oif' in flags but
> these can also be expressions, i.e. I need something that tells
> the parser when end of FIB flags are reached (so instead of { }
> it could also use single ';' or something else ...)
>
> This gives following examples:
>
> fib oif { saddr } # ip route get $saddr, place ifindex into register)
> fib oif { saddr mark,saddr,oif } # same, but populate flowi .saddr,mark,oif
> members as well
>
> fib oif { daddr mark,saddr,oif } # same, except that flowi.daddr is set
> # to iph->daddr)
>
Using {} in the syntax for something which is not a set or a map seems
a bit confusing to me.
I'm sorry I have no sensible alternatives ATM.
--
Arturo Borrero González
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
