On Fri, Apr 12, 2019 at 01:56:22PM +0200, Johannes Berg wrote: > > > I'd actually be happy to *just* expose the policy with all its nested > > > elements/objects in there. That'd probably be also almost enough for > > > you? > > > > Exposing commands is also important, I know of people poking for > > commands to see if they are available or not. > > Alright, well, generic netlink already exposes the commands :-) How are you going to relate this with the policy description? Could you post a schema of the netlink attribute hierarchy of your policy descriptions? > > I think we should full description to userspace, not only policies. > > I guess the way I see it, they're all pieces of the puzzle. The policy > is good for both code in the kernel and for exposing it. The command > list is already exposed. > > What now we're missing, in a sense, is which commands take which > attributes. This would actually *also* be a good thing for validation in > the kernel, but I haven't really found a good way to encode it yet. > Doing a bitmap isn't really feasible, and doing a list is difficult to > type out. > > Perhaps if we do end up going with your code generation idea then we can > do this more easily. > > > > Except we don't have an "object ID" (and obviously also that we can use > > > the same data to actually parse/validate messages, and so don't end up > > > with bad situations of nldesc saying one thing and the policy another.) > > > > The object ID is needed by userspace, to build a flat table, and look > > up for the nested IDs, to express the graph. We can probably place > > this in the policy. > > I don't really understand the object ID. This object ID is a policy nest ID. The idea is to expose an array of nest IDs (object IDs), then this array contains the attributes that this nest contains and if there are nested attributes, then in case of nested attributed, the nest ID that describe this attribute. The idea is to make it easy for userspace to build this table, and then userspace performs lookups based on this object ID (policy nest ID). > Say you have a top-level "filter" attribute (I'm completely making up > things here). > > Now this filter "object" can have a number of attributes, and that's > captured by the nested policy there? > > IOW - the code I wrote until now would expose > > policy 0: attribute filter: nested with attrs from policy 1 > policy 1: attribute abc: NLA_U8 > policy 1: attribute xyz: NLA_U32 > > etc. > > > This would be incomplete, since commands are an essential part too, > > and relation of attributes with commands are also too. > > Agree. Still, I think it solves much of the problem, like I said above - > all are parts of the puzzle. > > With generic netlink we have a list of commands already. That should be > easy to add elsewhere, though generic netlink has the advantage of > having the list of commands (and their handlers) as *data*, which I > think is expressed *code* in rtnetlink now? But that can either be fixed > or you just carry a separate list of commands there. > > With the policy export I wrote we have the policy, and if you set it up > properly with all the nested sub-policies for each attribute etc. > > So I agree - we're missing "this command uses these attributes", but > again I don't think the object description is actually the right > solution here, because you *also* want to enforce that in some way. > > I feel the generic netlink model where the command handlers etc. are not > code but data is superior here because it lets us add things like that > relatively easily, though of course we haven't actually done it now. > > So basically - my main concern with this bus description stuff you've > done here is that it duplicates all the data and needs to be maintained > separately from what should be the same data used for enforcement. My idea was to provide a description of netlink, then a compiler tool that would autogenerate the policy structures and the UAPI headers from this bus description. Yes, it sounds too futuristic to autogenerate code in the kernel, but other projects do already.