From: "Toke Høiland-Jørgensen" <toke@kernel.org>
To: Florian Westphal <fw@strlen.de>,
Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: bpf@vger.kernel.org, netfilter-devel@vger.kernel.org,
Kumar Kartikeya Dwivedi <memxor@gmail.com>
Subject: Re: [RFC] bpf: add bpf_link support for BPF_NETFILTER programs
Date: Tue, 31 Jan 2023 17:19:09 +0100 [thread overview]
Message-ID: <878rhivfr6.fsf@toke.dk> (raw)
In-Reply-To: <20230131141815.GA6999@breakpoint.cc>
Florian Westphal <fw@strlen.de> writes:
>> The prog will get a defition of 'struct nf_hook_state' from vmlinux.h
>> or via private 'struct nf_hook_state___flavor' with few fields defined
>> that prog wants to use. CORE will deal with offset adjustments.
>> That's a lot less kernel code. No need for asm style ctx rewrites.
>> Just see how much kernel code we already burned on *convert_ctx_access().
>> We cannot remove this tech debt due to uapi.
>> When you pass struct nf_hook_state directly none of it is needed.
>
> Ok, thanks for pointing that out. I did not realize
> convert_ctx_access() conversions were frowned upon.
>
> I will pass a known/exposed struct then.
>
> I thought __sk_buff was required for direct packet access, I will look
> at this again.
Kartikeya implemented direct packet access for struct xdp_md passed as a
BTF ID for use in the XDP queueing RFC. You could have a look at that as
a reference for how to do this for an sk_buff as well:
https://git.kernel.org/pub/scm/linux/kernel/git/toke/linux.git/commit/?h=xdp-queueing-07&id=3b4f3caaf59f3b2a7b6b37dfad96b5e42347786a
It does involve a convert_ctx_access() function, though, but for the BTF
ID. Not sure if there's an easier way...
-Toke
prev parent reply other threads:[~2023-01-31 16:20 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-30 15:04 [RFC] bpf: add bpf_link support for BPF_NETFILTER programs Florian Westphal
2023-01-30 17:38 ` Toke Høiland-Jørgensen
2023-01-30 18:01 ` Florian Westphal
2023-01-30 21:10 ` Toke Høiland-Jørgensen
2023-01-30 21:44 ` Alexei Starovoitov
2023-01-31 14:18 ` Florian Westphal
2023-01-31 16:19 ` Toke Høiland-Jørgensen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=878rhivfr6.fsf@toke.dk \
--to=toke@kernel.org \
--cc=alexei.starovoitov@gmail.com \
--cc=bpf@vger.kernel.org \
--cc=fw@strlen.de \
--cc=memxor@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.