From: Joe Stringer <joe@wand.net.nz>
To: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Joe Stringer <joe@wand.net.nz>,
Eric Dumazet <eric.dumazet@gmail.com>,
Florian Westphal <fw@strlen.de>, netdev <netdev@vger.kernel.org>,
john fastabend <john.fastabend@gmail.com>,
Daniel Borkmann <daniel@iogearbox.net>,
Lorenz Bauer <lmb@cloudflare.com>,
Jakub Sitnicki <jakub@cloudflare.com>,
Paolo Abeni <pabeni@redhat.com>
Subject: Re: Removing skb_orphan() from ip_rcv_core()
Date: Tue, 25 Jun 2019 11:29:05 -0700 [thread overview]
Message-ID: <CAOftzPhkMWqUFi4_Q8W-fVM-WFEes++RpiiwTdOeVrQZ7T6FZw@mail.gmail.com> (raw)
In-Reply-To: <f69a7930-6e8a-d717-0aa4-a63ea6e7b5e0@mojatatu.com>
On Tue, Jun 25, 2019 at 4:07 AM Jamal Hadi Salim <jhs@mojatatu.com> wrote:
>
> On 2019-06-24 11:26 p.m., Joe Stringer wrote:
> [..]
> >
> > I haven't got as far as UDP yet, but I didn't see any need for a
> > dependency on netfilter.
>
> I'd be curious to see what you did. My experience, even for TCP is
> the socket(transparent/tproxy) lookup code (to set skb->sk either
> listening or established) is entangled in
> CONFIG_NETFILTER_SOMETHING_OR_OTHER. You have to rip it out of
> there (in the tproxy tc action into that code). Only then can you
> compile out netfilter.
> I didnt bother to rip out code for udp case.
> i.e if you needed udp to work with the tc action,
> youd have to turn on NF. But that was because we had
> no need for udp transparent proxying.
> IOW:
> There is really no reason, afaik, for tproxy code to only be
> accessed if netfilter is compiled in. Not sure i made sense.
Oh, I see. Between the existing bpf_skc_lookup_tcp() and
bpf_sk_lookup_tcp() helpers in BPF, plus a new bpf_sk_assign() helper
and a little bit of lookup code using the appropriate tproxy ports
etc. from the BPF side, I was able to get it working. One could
imagine perhaps wrapping all this logic up in a higher level
"bpf_sk_lookup_tproxy()" helper call or similar, but I didn't go that
direction given that the BPF socket primitives seemed to provide the
necessary functionality in a more generic manner.
prev parent reply other threads:[~2019-06-25 18:29 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-21 17:58 Removing skb_orphan() from ip_rcv_core() Joe Stringer
2019-06-21 20:59 ` Florian Westphal
2019-06-25 3:17 ` Joe Stringer
2019-06-25 6:37 ` Eric Dumazet
2019-06-25 9:35 ` Daniel Borkmann
2019-06-25 17:03 ` Eric Dumazet
2019-06-25 18:20 ` Joe Stringer
2019-06-22 0:36 ` Eric Dumazet
2019-06-24 14:47 ` Jamal Hadi Salim
2019-06-24 16:49 ` Eric Dumazet
2019-06-25 10:55 ` Jamal Hadi Salim
2019-06-25 3:26 ` Joe Stringer
2019-06-25 11:06 ` Jamal Hadi Salim
2019-06-25 18:29 ` Joe Stringer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAOftzPhkMWqUFi4_Q8W-fVM-WFEes++RpiiwTdOeVrQZ7T6FZw@mail.gmail.com \
--to=joe@wand.net.nz \
--cc=daniel@iogearbox.net \
--cc=eric.dumazet@gmail.com \
--cc=fw@strlen.de \
--cc=jakub@cloudflare.com \
--cc=jhs@mojatatu.com \
--cc=john.fastabend@gmail.com \
--cc=lmb@cloudflare.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.