Re: [PATCH nf-next] netfilter: xtables: Add snapshot of hardidletimer target

Florian Westphal <fw@xxxxxxxxx> · Thu, 30 Jan 2020 13:44:19 +0100

Subash Abhinov Kasiviswanathan <subashab@xxxxxxxxxxxxxx> wrote:
> From: Manoj Basapathi <manojbm@xxxxxxxxxxxxxx>
> 
> This is a snapshot of hardidletimer netfilter target.
> 
> This patch implements a hardidletimer Xtables target that can be
> used to identify when interfaces have been idle for a certain period
> of time.
> 
> Timers are identified by labels and are created when a rule is set
> with a new label. The rules also take a timeout value (in seconds) as
> an option. If more than one rule uses the same timer label, the timer
> will be restarted whenever any of the rules get a hit.
> 
> One entry for each timer is created in sysfs. This attribute contains
> the timer remaining for the timer to expire. The attributes are
> located under the xt_idletimer class:
> 
> /sys/class/xt_hardidletimer/timers/<label>
> 
> When the timer expires, the target module sends a sysfs notification
> to the userspace, which can then decide what to do (eg. disconnect to
> save power)
> 
> Compared to IDLETIMER, HARDIDLETIMER can send notifications when
> CPU is in suspend too, to notify the timer expiry.
> 
> v1->v2: Moved all functionality into IDLETIMER module to avoid
> code duplication per comment from Florian.
> 
> Signed-off-by: Manoj Basapathi <manojbm@xxxxxxxxxxxxxx>
> Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@xxxxxxxxxxxxxx>
> ---
>  include/uapi/linux/netfilter/xt_IDLETIMER.h |  3 +
>  net/netfilter/xt_IDLETIMER.c                | 85 ++++++++++++++++++++++++++---
>  2 files changed, 79 insertions(+), 9 deletions(-)
> 
> diff --git a/include/uapi/linux/netfilter/xt_IDLETIMER.h b/include/uapi/linux/netfilter/xt_IDLETIMER.h
> index 3c586a1..10a40bb 100644
> --- a/include/uapi/linux/netfilter/xt_IDLETIMER.h
> +++ b/include/uapi/linux/netfilter/xt_IDLETIMER.h
> @@ -33,12 +33,15 @@
>  #include <linux/types.h>
>  
>  #define MAX_IDLETIMER_LABEL_SIZE 28
> +#define XT_IDLETIMER_ALARM 0x01
>  
>  struct idletimer_tg_info {
>  	__u32 timeout;
>  
>  	char label[MAX_IDLETIMER_LABEL_SIZE];
>  
> +	__u8 timer_type;
> +

This breaks binary abi of idletimer_tg_info.

You will need to add a new target revision for this, i.e.
struct idletimer_tg_info_v1.

See net/netfilter/xt_CT.c for an example target that has
several revisions.