From: Florian Westphal <fw@strlen.de>
To: Weiming Shi <bestswngs@gmail.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>,
"David S . Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Phil Sutter <phil@nwl.cc>, Simon Horman <horms@kernel.org>,
netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
netdev@vger.kernel.org, Xiang Mei <xmei5@asu.edu>
Subject: Re: [PATCH nf] netfilter: nft_fwd_netdev: use recursion counter in neigh egress path
Date: Thu, 9 Apr 2026 11:50:34 +0200 [thread overview]
Message-ID: <add2ajF5YGqd4MxZ@strlen.de> (raw)
In-Reply-To: <20260409053629.698822-2-bestswngs@gmail.com>
Weiming Shi <bestswngs@gmail.com> wrote:
> Fixes: f87b9464d152 ("netfilter: nft_fwd_netdev: Support egress hook")
> Reported-by: Xiang Mei <xmei5@asu.edu>
> Signed-off-by: Weiming Shi <bestswngs@gmail.com>
> ---
> include/net/netfilter/nf_dup_netdev.h | 4 ++++
> net/netfilter/nf_dup_netdev.c | 18 ++++++++++++++++++
> net/netfilter/nft_fwd_netdev.c | 7 +++++++
> 3 files changed, 29 insertions(+)
>
> diff --git a/include/net/netfilter/nf_dup_netdev.h b/include/net/netfilter/nf_dup_netdev.h
> index b175d271aec9..17362f76d1d1 100644
> --- a/include/net/netfilter/nf_dup_netdev.h
> +++ b/include/net/netfilter/nf_dup_netdev.h
> @@ -7,6 +7,10 @@
> void nf_dup_netdev_egress(const struct nft_pktinfo *pkt, int oif);
> void nf_fwd_netdev_egress(const struct nft_pktinfo *pkt, int oif);
>
> +bool nf_dup_netdev_has_recursed(void);
> +void nf_dup_netdev_recursion_inc(void);
> +void nf_dup_netdev_recursion_dec(void);
> +
> struct nft_offload_ctx;
> struct nft_flow_rule;
>
> diff --git a/net/netfilter/nf_dup_netdev.c b/net/netfilter/nf_dup_netdev.c
> index fab8b9011098..e2fe8bb6fe0d 100644
> --- a/net/netfilter/nf_dup_netdev.c
> +++ b/net/netfilter/nf_dup_netdev.c
> @@ -29,6 +29,24 @@ static u8 *nf_get_nf_dup_skb_recursion(void)
>
> #endif
>
> +bool nf_dup_netdev_has_recursed(void)
> +{
> + return *nf_get_nf_dup_skb_recursion() > NF_RECURSION_LIMIT;
> +}
> +EXPORT_SYMBOL_GPL(nf_dup_netdev_has_recursed);
I think thats a bit too heavy-handed.
nf_get_nf_dup_skb_recursion() fetches from pcpu counter or current->.
Can you move nf_get_nf_dup_skb_recursion to a shared header file
and make it inline instead of having a function call?
next prev parent reply other threads:[~2026-04-09 9:50 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-09 5:36 [PATCH nf] netfilter: nft_fwd_netdev: use recursion counter in neigh egress path Weiming Shi
2026-04-09 9:50 ` Florian Westphal [this message]
2026-04-09 10:11 ` Weiming Shi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=add2ajF5YGqd4MxZ@strlen.de \
--to=fw@strlen.de \
--cc=bestswngs@gmail.com \
--cc=coreteam@netfilter.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
--cc=phil@nwl.cc \
--cc=xmei5@asu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.