On Mon, Nov 28, 2016 at 5:14 PM, Gao Feng <f...@ikuai8.com> wrote:
>
> Hi Mahesh,
>
> On Tue, Nov 29, 2016 at 3:26 AM, Mahesh Bandewar (महेश बंडेवार)
> <mahe...@google.com> wrote:
> > On Sun, Nov 27, 2016 at 3:18 AM, <f...@ikuai8.com> wrote:
> >> From: Gao Feng <f...@ikuai8.com>
> >>
> >> It is better to use NF_IP_PRI_LAST instead of INT_MAX as hook priority.
> >> The former is good at readability and easier to maintain.
> >>
> > This IPvlan hook has to be "absolute" last hook and at this moment
> > NF_IP_PRI_LAST is set as INT_MAX so it's not altering anything.
>
> Yes. It is same now.
> So I prefer to use NF_IP_PRI_LAST than INT_MAX.
> Because the nf_hook_ops belongs to the netfilter module. i think the
> ipvlan codes should follow its rule.
> Since netfilter has defined some specific priority enum value, why
> don't we follow it?
>
Making changes only to IPvlan is problem-prone as I have explained earlier.
> >
> > If for whatever reasons the value of NF_IP_PRI_LAST changes, there
> > could be random IPvlan failure. Since that possibility cannot be
> > denied and there are several places INT_MAX is still used as hook
> > priority, I don't see any gain in having this patch in fact there
> > could be future (possible) downside.
>
> If the netfilter module changed the value of NF_IP_PRI_LAST, it may
> decrease it and add one check for the hook priority.
> As a result, the ipvlan may fail to register because of invalid priority.
>
> When use INT_MAX not NF_IP_PRI_LAST, there is one assumption that the
> hook priority is never changed.
> I think it is not good as two different modules.
>
> Regards
> Feng
>
> >
> >> Signed-off-by: Gao Feng <f...@ikuai8.com>
> >> ---
> >> v2: Add the lost header file. It is added in local but not in v1 patch
> >> v1: Inital patch
> >>
> >> drivers/net/ipvlan/ipvlan_main.c | 5 +++--
> >> 1 file changed, 3 insertions(+), 2 deletions(-)
> >>
> >> diff --git a/drivers/net/ipvlan/ipvlan_main.c
> >> b/drivers/net/ipvlan/ipvlan_main.c
> >> index ab90b22..01c7446 100644
> >> --- a/drivers/net/ipvlan/ipvlan_main.c
> >> +++ b/drivers/net/ipvlan/ipvlan_main.c
> >> @@ -7,6 +7,7 @@
> >> *
> >> */
> >>
> >> +#include "linux/netfilter_ipv4.h"
> >> #include "ipvlan.h"
> >>
> >> static u32 ipvl_nf_hook_refcnt = 0;
> >> @@ -16,13 +17,13 @@
> >> .hook = ipvlan_nf_input,
> >> .pf = NFPROTO_IPV4,
> >> .hooknum = NF_INET_LOCAL_IN,
> >> - .priority = INT_MAX,
> >> + .priority = NF_IP_PRI_LAST,
> >> },
> >> {
> >> .hook = ipvlan_nf_input,
> >> .pf = NFPROTO_IPV6,
> >> .hooknum = NF_INET_LOCAL_IN,
> >> - .priority = INT_MAX,
> >> + .priority = NF_IP_PRI_LAST,
> >> },
> >> };
> >>
> >> --
> >> 1.9.1
> >>
> >>
>
>
