From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 51C0BC433FE for ; Wed, 20 Oct 2021 09:48:31 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 35E3B6135E for ; Wed, 20 Oct 2021 09:48:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230156AbhJTJuo (ORCPT ); Wed, 20 Oct 2021 05:50:44 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:47369 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230164AbhJTJuj (ORCPT ); Wed, 20 Oct 2021 05:50:39 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1634723301; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=qwhcV7+62mZC/QuDizoFELn4/8v9RpDLeJdqv9FXywc=; b=G78ZvvikD4PqvSHsX3XRTcKrM3voJKTTw/BWPQIV7+szQpMEYmgQ0ILVt/wuhNlOZCmQJ7 c52kayLw/2/vG7bLPFZPoPBET4UqQDdEjYLiSv5f6cbLh/2+AO33NoMb55h2Nql5Y++1bR MSStYPRqYrxzio0MvbYNib0ZF66GqPs= Received: from mail-ed1-f72.google.com (mail-ed1-f72.google.com [209.85.208.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-147-6qfIoawkNNmCSPqJwvgAYw-1; Wed, 20 Oct 2021 05:48:20 -0400 X-MC-Unique: 6qfIoawkNNmCSPqJwvgAYw-1 Received: by mail-ed1-f72.google.com with SMTP id g28-20020a50d0dc000000b003dae69dfe3aso20441354edf.7 for ; Wed, 20 Oct 2021 02:48:20 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version; bh=qwhcV7+62mZC/QuDizoFELn4/8v9RpDLeJdqv9FXywc=; b=0jop4T97bQVmpvHwR0OVvlCf24TpoEsJMObyrk8c2WAXQoFDXbTduBwRQPyrV2RWcC BU7b021AZ1CBJ+nHN78sEQwF0MknbXwamDDLCnj4f6kLkC06sSJPTdkd3fLGQQi832EH X8gudnPk9lUk3Q6pQ8UOOSP9POtCaCrQX8v25P0xd871+psFsvfwcftIy7DChE1WEPIS Dsil8cPfHfWhh5YEdv7UXZz1ZdzxtkDRjHtWlWxs1Ewa0R0FvIt8mGSsLK6bA20EUicK nT21+4M2APbmDccY5ol1XM7YxDgk/7+vYGrjVEq53+DvuzU0vNey64qwosAj5XUYXfsN dA3g== X-Gm-Message-State: AOAM531qndxhICXbVafC1Nx5Dzbn5e3jfr0FAXYjgnw9NsHoLnT4GpFd ZxLr/34O4OgHRRnZGBosjY+Az0XShNHt0E8wEHa5CZ685ndgorlBR+C9x58QkeUr3KPe+6ZMQpD h6x/O06rZTFUp X-Received: by 2002:a17:906:4a09:: with SMTP id w9mr44543695eju.419.1634723297474; Wed, 20 Oct 2021 02:48:17 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzAoxItpasgNrCGgFTGs0Me5gRR0AarUPeZTF7qRa7e84TjoB2m/fuRoRFa4DZXaYylJ8yv0Q== X-Received: by 2002:a17:906:4a09:: with SMTP id w9mr44543586eju.419.1634723296599; Wed, 20 Oct 2021 02:48:16 -0700 (PDT) Received: from alrua-x1.borgediget.toke.dk ([2a0c:4d80:42:443::2]) by smtp.gmail.com with ESMTPSA id e7sm959484edz.95.2021.10.20.02.48.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Oct 2021 02:48:15 -0700 (PDT) Received: by alrua-x1.borgediget.toke.dk (Postfix, from userid 1000) id 62278180262; Wed, 20 Oct 2021 11:48:15 +0200 (CEST) From: Toke =?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen?= To: Florian Westphal , Kumar Kartikeya Dwivedi Cc: Maxim Mikityanskiy , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Eric Dumazet , "David S. Miller" , Jakub Kicinski , Hideaki YOSHIFUJI , David Ahern , Jesper Dangaard Brouer , Nathan Chancellor , Nick Desaulniers , Brendan Jackman , Florent Revest , Joe Stringer , Lorenz Bauer , Tariq Toukan , netdev@vger.kernel.org, bpf@vger.kernel.org, clang-built-linux@googlegroups.com Subject: Re: [PATCH bpf-next 07/10] bpf: Add helpers to query conntrack info In-Reply-To: <20211020092844.GI28644@breakpoint.cc> References: <20211019144655.3483197-1-maximmi@nvidia.com> <20211019144655.3483197-8-maximmi@nvidia.com> <20211020035622.lgrxnrwfeak2e75a@apollo.localdomain> <20211020092844.GI28644@breakpoint.cc> X-Clacks-Overhead: GNU Terry Pratchett Date: Wed, 20 Oct 2021 11:48:15 +0200 Message-ID: <87h7dcf2n4.fsf@toke.dk> MIME-Version: 1.0 Content-Type: text/plain Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org Florian Westphal writes: > Kumar Kartikeya Dwivedi wrote: >> On Tue, Oct 19, 2021 at 08:16:52PM IST, Maxim Mikityanskiy wrote: >> > The new helpers (bpf_ct_lookup_tcp and bpf_ct_lookup_udp) allow to query >> > connection tracking information of TCP and UDP connections based on >> > source and destination IP address and port. The helper returns a pointer >> > to struct nf_conn (if the conntrack entry was found), which needs to be >> > released with bpf_ct_release. >> > >> > Signed-off-by: Maxim Mikityanskiy >> > Reviewed-by: Tariq Toukan >> >> The last discussion on this [0] suggested that stable BPF helpers for conntrack >> were not desired, hence the recent series [1] to extend kfunc support to modules >> and base the conntrack work on top of it, which I'm working on now (supporting >> both CT lookup and insert). > > This will sabotage netfilter pipeline and the way things work more and > more 8-( Why? > If you want to use netfilter with ebpf, please have a look at the RFC > I posted and lets work on adding a netfilter specific program type > that can run ebpf programs directly from any of the existing netfilter > hook points. Accelerating netfilter using BPF is a worthy goal in itself, but I also think having the ability to lookup into conntrack from XDP is useful for cases where someone wants to bypass the stack entirely (for accelerating packet forwarding, say). I don't think these goals are in conflict either, what makes you say they are? -Toke