On 6/16/19 2:04 PM, Stefano Brivio wrote:
> We could do this:
>
> - strict checking enabled (iproute2 >= 5.0.0):
> - in inet{,6}_dump_fib(): if NLM_F_MATCH is set, set
> filter->filter_set in any case
>
> - in fn_trie_dump_leaf() and rt6_dump_route(): use filter->filter_set
> to decide if we want to filter depending on RTM_F_CLONED being
> set/unset. If other filters (rt_type, dev, protocol) are not set,
> they are still wildcards (existing implementation)
>
> - no strict checking (iproute2 < 5.0.0):
> - we can't filter consistently, so apply no filters at all: dump all
> the routes (filter->filter_set not set), cached and uncached. That
> means more netlink messages, but no spam as iproute2 filters them
> anyway, and list/flush cache commands work again.
>
> I would drop 1/8, turn 2/8 and 6/8 into a straightforward:
>
> if (cb->strict_check) {
> err = ip_valid_fib_dump_req(net, nlh, &filter, cb);
> if (err < 0)
> return err;
> + if (nlh->nlmsg_flags & NLM_F_MATCH)
> + filter.filter_set = 1;
> } else if (nlmsg_len(nlh) >= sizeof(struct rtmsg)) {
> struct rtmsg *rtm = nlmsg_data(nlh);
>
> and other patches remain the same.
>
> What do you think?
>
With strict checking (5.0 and forward):
- RTM_F_CLONED NOT set means dump only FIB entries
- RTM_F_CLONED set means dump only exceptions
Without strict checking (old iproute2 on any kernel):
- dump all, userspace has to sort
Kernel side this can be handled with new field, dump_exceptions, in the
filter that defaults to true and then is reset in the strict path if the
flag is not set.
