From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Elad Yifee <eladwf@gmail.com>
Cc: Jozsef Kadlecsik <kadlec@netfilter.org>,
Florian Westphal <fw@strlen.de>, Phil Sutter <phil@nwl.cc>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Simon Horman <horms@kernel.org>,
netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH net-next RFC] netfilter: flowtable: add CT metadata action for nft flowtables
Date: Thu, 25 Sep 2025 00:51:07 +0200 [thread overview]
Message-ID: <aNR12z5OQzsC0yKl@calendula> (raw)
In-Reply-To: <CA+SN3spZ7Q4zqpgiDbdE5T7pb8PWceUf5bGH+oHLEz6XhT9H+g@mail.gmail.com>
On Wed, Sep 17, 2025 at 08:33:49PM +0300, Elad Yifee wrote:
> On Wed, Sep 17, 2025 at 11:18 AM Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> > Just to make sure we are on the same page: Software plane has to match
> > the capabilities of the hardware offload plan, new features must work
> > first in the software plane, then extend the hardware offload plane to
> > support it.
>
> Thanks - I see what you meant now.
>
> This isn’t a new feature that needs to be implemented in software
> first. We’re not introducing new user semantics, matches, or actions
> in nft/TC. no datapath changes (including the flowtable software
> offload fast path). The change only surfaces existing CT state
> (mark/labels/dir) as FLOW_ACTION_CT_METADATA at the hardware offload
> boundary so drivers can use it for per-flow QoS, or simply ignore it.
>
> When a flow stays in software, behavior remains exactly as today,
> software QoS continues to use existing tools (nft/TC setting
> skb->priority/mark, qdiscs, etc.). There’s no SW-HW mismatch
> introduced here.
You have to show me there is no mismatch.
This is exposing the current ct mark/label to your hardware, the
flowtable infrastructure (the software representation) makes no use of
this information from the flowtable datapath, can you explain how you
plan to use this?
Thanks.
next prev parent reply other threads:[~2025-09-24 22:51 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-12 16:30 [PATCH net-next RFC] netfilter: flowtable: add CT metadata action for nft flowtables Elad Yifee
2025-09-13 20:52 ` Florian Westphal
2025-09-14 6:40 ` Elad Yifee
2025-09-16 16:49 ` Elad Yifee
2025-09-16 22:39 ` Pablo Neira Ayuso
2025-09-17 3:10 ` Elad Yifee
2025-09-17 8:18 ` Pablo Neira Ayuso
2025-09-17 17:33 ` Elad Yifee
2025-09-24 22:51 ` Pablo Neira Ayuso [this message]
2025-09-27 13:55 ` Elad Yifee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aNR12z5OQzsC0yKl@calendula \
--to=pablo@netfilter.org \
--cc=coreteam@netfilter.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=eladwf@gmail.com \
--cc=fw@strlen.de \
--cc=horms@kernel.org \
--cc=kadlec@netfilter.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=phil@nwl.cc \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).