Re: [nf-next] netfilter: extend SRH match to support matching previous, next and last SID

From: Florian Westphal
Date: Mon Apr 23 2018 - 16:08:56 EST

Next message: Alexei Starovoitov: "Re: [PATCH 0/3] bpf: Store/dump license string for loaded program"
Previous message: Kees Cook: "Re: [PATCH] rave-sp: Remove VLA"
In reply to: Ahmed Abdelsalam: "Re: [nf-next] netfilter: extend SRH match to support matching previous, next and last SID"
Next in thread: Ahmed Abdelsalam: "Re: [nf-next] netfilter: extend SRH match to support matching previous, next and last SID"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ahmed Abdelsalam <amsalam20@xxxxxxxxx> wrote:
> > > @@ -50,6 +62,12 @@ struct ip6t_srh {
> > > __u8 segs_left;
> > > __u8 last_entry;
> > > __u16 tag;
> > > + struct in6_addr psid_addr;
> > > + struct in6_addr nsid_addr;
> > > + struct in6_addr lsid_addr;
> > > + struct in6_addr psid_msk;
> > > + struct in6_addr nsid_msk;
> > > + struct in6_addr lsid_msk;
> >
> > This is changing something exposed through UAPI, so you will need a
> > new revision for this.
>
> Could you please advice what should be done in this case?

You need to add
struct ip6t_srh_v1 {
/* copy of struct ip6t_srh here */

/* new fields go here */
};

Look at xt_conntrack.c, conntrack_mt_reg[] for an example of
multi-revision match.

You can probably re-origanise code to avoid too much duplication.
See 5a786232eb69a1f870ddc0cfd69d5bdef241a2ea in nf.git for an example,
it makes v0 into a v1 struct at runtime and re-uses new v1 code
for old v0.

Next message: Alexei Starovoitov: "Re: [PATCH 0/3] bpf: Store/dump license string for loaded program"
Previous message: Kees Cook: "Re: [PATCH] rave-sp: Remove VLA"
In reply to: Ahmed Abdelsalam: "Re: [nf-next] netfilter: extend SRH match to support matching previous, next and last SID"
Next in thread: Ahmed Abdelsalam: "Re: [nf-next] netfilter: extend SRH match to support matching previous, next and last SID"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]