mbox series

[nft,0/9] Support wildcard netdev hooks and events

Message ID 20241002193853.13818-1-phil@nwl.cc
Headers show
Series Support wildcard netdev hooks and events | expand

Message

Phil Sutter Oct. 2, 2024, 7:38 p.m. UTC
This series is the second (and last?) step of enabling support for
name-based and wildcard interface hooks in user space. It depends on the
previously sent series for libnftnl.

Patches 1-4 are fallout, fixing for deficits in different areas.

Patches 5 and 6 extend parser and serializer to accept and correctly
pass interface wildcards on to the kernel.

Patch 7 adjusts shell test cases to the different behaviour (removed
interfaces no longer disappearing from hook specs), mostly stored dump
adjustments.

Patches 8 and 9 extend nft monitor to print NEWDEV/DELDEV events and
extend the monitor testsuite to cover the code.

Phil Sutter (9):
  json: Support typeof in set and map types
  tests: py: Fix for storing payload into missing file
  monitor: Recognize flowtable add/del events
  tests: monitor: Run in own netns
  mnl: Support simple wildcards in netdev hooks
  parser_bison: Accept ASTERISK_STRING in flowtable_expr_member
  tests: shell: Adjust to ifname-based flowtables
  tests: monitor: Support running external commands
  monitor: Support NFT_MSG_(NEW|DEL)DEV events

 doc/libnftables-json.adoc                     |   7 +-
 include/json.h                                |  20 +++
 include/linux/netfilter/nf_tables.h           |  10 ++
 include/netlink.h                             |   1 +
 include/rule.h                                |   1 +
 src/json.c                                    |  46 ++++++-
 src/mnl.c                                     |  19 ++-
 src/monitor.c                                 | 125 ++++++++++++++++++
 src/parser_bison.y                            |  11 +-
 src/parser_json.c                             |  15 +++
 src/rule.c                                    |  15 +++
 tests/monitor/run-tests.sh                    |  72 +++++++++-
 tests/monitor/testcases/chain-netdev.t        |  66 +++++++++
 tests/monitor/testcases/flowtable-simple.t    |  66 +++++++++
 tests/monitor/testcases/map-expr.t            |   2 +-
 tests/monitor/testcases/set-concat-interval.t |   3 +
 tests/py/nft-test.py                          |   5 +-
 .../chains/dumps/netdev_chain_0.json-nft      |  17 +++
 .../testcases/chains/dumps/netdev_chain_0.nft |   3 +
 .../netdev_chain_dormant_autoremove.json-nft  |   5 +-
 .../dumps/netdev_chain_dormant_autoremove.nft |   2 +-
 .../dumps/0012flowtable_variable_0.json-nft   |  10 +-
 .../dumps/0012flowtable_variable_0.nft        |   4 +-
 .../testcases/json/dumps/netdev.json-nft      |  13 ++
 tests/shell/testcases/json/dumps/netdev.nft   |   3 +
 .../listing/dumps/0020flowtable_0.json-nft    |   6 +-
 .../listing/dumps/0020flowtable_0.nft         |   2 +
 .../maps/dumps/0012map_concat_0.json-nft      |  21 ++-
 .../maps/dumps/0017_map_variable_0.json-nft   |  18 ++-
 .../maps/dumps/named_limits.json-nft          |  55 ++++++--
 .../dumps/typeof_maps_add_delete.json-nft     |   9 +-
 .../maps/dumps/typeof_maps_update_0.json-nft  |   9 +-
 .../maps/dumps/vmap_timeout.json-nft          |  22 ++-
 .../packetpath/dumps/set_lookups.json-nft     |  42 ++++--
 .../sets/dumps/0048set_counters_0.json-nft    |   9 +-
 .../testcases/sets/dumps/inner_0.json-nft     |  34 ++++-
 .../set_element_timeout_updates.json-nft      |   9 +-
 tests/shell/testcases/transactions/0050rule_1 |  19 ---
 .../transactions/dumps/0050rule_1.json-nft    |  11 --
 .../transactions/dumps/0050rule_1.nft         |   0
 40 files changed, 706 insertions(+), 101 deletions(-)
 create mode 100644 tests/monitor/testcases/chain-netdev.t
 create mode 100644 tests/monitor/testcases/flowtable-simple.t
 delete mode 100755 tests/shell/testcases/transactions/0050rule_1
 delete mode 100644 tests/shell/testcases/transactions/dumps/0050rule_1.json-nft
 delete mode 100644 tests/shell/testcases/transactions/dumps/0050rule_1.nft

Comments

Florian Westphal Oct. 31, 2024, 10:08 p.m. UTC | #1
Phil Sutter <phil@nwl.cc> wrote:
> This series is the second (and last?) step of enabling support for
> name-based and wildcard interface hooks in user space. It depends on the
> previously sent series for libnftnl.
> 
> Patches 1-4 are fallout, fixing for deficits in different areas.

These look good, happy to see typeof support on json side, feel free to
push them out.
Pablo Neira Ayuso Oct. 31, 2024, 10:13 p.m. UTC | #2
On Thu, Oct 31, 2024 at 11:08:23PM +0100, Florian Westphal wrote:
> Phil Sutter <phil@nwl.cc> wrote:
> > This series is the second (and last?) step of enabling support for
> > name-based and wildcard interface hooks in user space. It depends on the
> > previously sent series for libnftnl.
> > 
> > Patches 1-4 are fallout, fixing for deficits in different areas.
> 
> These look good, happy to see typeof support on json side, feel free to
> push them out.

Ack for 1-4 in this series, thanks.
Phil Sutter Nov. 6, 2024, 10:01 a.m. UTC | #3
On Wed, Oct 02, 2024 at 09:38:44PM +0200, Phil Sutter wrote:
> This series is the second (and last?) step of enabling support for
> name-based and wildcard interface hooks in user space. It depends on the
> previously sent series for libnftnl.
> 
> Patches 1-4 are fallout, fixing for deficits in different areas.

Applied these four patches.