From: Florian Westphal <fw@strlen.de>
To: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
Cc: Florian Westphal <fw@strlen.de>,
Pablo Neira Ayuso <pablo@netfilter.org>,
Christoph Paasch <cpaasch@apple.com>,
Netfilter <netfilter-devel@vger.kernel.org>,
Paolo Abeni <pabeni@redhat.com>,
netdev@vger.kernel.org, daniel@iogearbox.net, willemb@google.com
Subject: Re: [PATCH nf] netfilter: nf_reject: init skb->dev for reset packet
Date: Thu, 6 Jun 2024 16:38:16 +0200 [thread overview]
Message-ID: <20240606143816.GC9890@breakpoint.cc> (raw)
In-Reply-To: <6661c788553a4_37c46c294fc@willemb.c.googlers.com.notmuch>
Willem de Bruijn <willemdebruijn.kernel@gmail.com> wrote:
> > I named the copypasta as nf_skb_get_hash. If placed in sk_buff.h:
> > net_get_hash_net()?
> > skb_get_hash()?
>
> Still passing an skb too, so skb_get_hash_net()?
Sounds good to me.
> > And if either of that exists, maybe then use
> > skb_get_hash_symmetric_net(net, skb)
>
> If symmetric is equally good for nft, that would be preferable, as it
> avoids the extra function. But I suppose it aliases the two flow
> directions, which may be exactly what you don't want?
It would actually be fine, but the more important part is that
skb->hash is set.
For the trace id, I want a stable identifier that won't change
(e.g. when nat rewrites addresses).
This currently works because skb_get_hash computes it at most once.
skb_get_hash_symmetric_net() will be used from nft_hash.c as
__skb_get_hash_symmetric "replacement".
Pablo, you can drop this patch, I will try the 'pass net to dissector'
route.
next prev parent reply other threads:[~2024-06-06 14:38 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-04 12:03 [PATCH nf] netfilter: nf_reject: init skb->dev for reset packet Florian Westphal
[not found] ` <FF8A506F-6F0F-440E-9F52-B27D05731B77@apple.com>
2024-06-05 18:14 ` Florian Westphal
2024-06-05 18:38 ` Pablo Neira Ayuso
2024-06-05 19:08 ` Florian Westphal
2024-06-05 19:45 ` Pablo Neira Ayuso
2024-06-05 21:38 ` Willem de Bruijn
2024-06-05 22:16 ` Pablo Neira Ayuso
2024-06-06 1:54 ` Willem de Bruijn
2024-06-06 6:20 ` Pablo Neira Ayuso
2024-06-06 8:39 ` Florian Westphal
2024-06-06 9:26 ` Florian Westphal
2024-06-06 13:04 ` Florian Westphal
2024-06-06 14:09 ` Willem de Bruijn
2024-06-06 14:15 ` Florian Westphal
2024-06-06 14:28 ` Willem de Bruijn
2024-06-06 14:38 ` Florian Westphal [this message]
2024-06-06 14:43 ` Willem de Bruijn
2024-06-06 14:52 ` Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240606143816.GC9890@breakpoint.cc \
--to=fw@strlen.de \
--cc=cpaasch@apple.com \
--cc=daniel@iogearbox.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
--cc=willemb@google.com \
--cc=willemdebruijn.kernel@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.