Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp2978294ybl; Mon, 20 Jan 2020 13:13:59 -0800 (PST) X-Google-Smtp-Source: APXvYqz6z9sAxrp4XLPDDtBPiNBc3x9ksEe0I+owe3CCXmxXYPyH8QscUqYDr4aNHq5L9q4p2VWo X-Received: by 2002:aca:fcd1:: with SMTP id a200mr600220oii.74.1579554839285; Mon, 20 Jan 2020 13:13:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1579554839; cv=none; d=google.com; s=arc-20160816; b=tyqj7X/ShT+t1AiLuHy+2a5kV46VxJAiykRuvWgERj+Ae8eGa/Gho73rBbDx8rYkMI LNme1gXU37hlEfJ4wxsMB55OmQy+3h0LuABuvpe+pqzKZdcRf0hduEyBU8ypxkNBCt+u anQiarGBQrMd+y9wakoAHc1Ss4UDlczTowhGsf+XFL6S5GzKnaVGaXr4sfH+UMDBgCyk Od44PXckogwvmGrx96LiLJECR/rs6Tn/PJfQ+I2AAEK7bNirJZKwXwvKMHpKTm+IAXWV XI/D7MID3IbfKWJoyVXt5FAgsLe3rn+5AJg8OYfSy4SrB7RwosjeYvdC2Kd06fIhXrnr 3wtA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=89gDES4yJLmNib67asAzIlplYOKxyvJgFH6hNfM+80c=; b=RiQbEvdIgKyR6HObZB3u1ZcRvphcet6SPJS+xV8drZ7A+wTAO0TkktlaUICbBEVfJq NBAhWpu0v8bhxU6roBTiqMu/rwDSL/xc1oFBlVDjXMl9QUBYQh+tyn6qeeVCm224N45a brJnf1l6foKrGEGetKyi9is22d8U43un6jby5NIn9G0aQr3L8u86U2a+fZDU9oRH4TaH bPtcWRASqly/3vUJo5GZw4Iw/P2xvC/foQccL2/jCGCDF2DM9TlnIJ8qLuUzFYfvjTXd RUSBgRgYLXCWcVDlYPKgDunCQp8BT+GkRS6DAKO7GGNcq/ii2Nf1ymPCD74LlL88JIEe WBHA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f25si20133821otl.36.2020.01.20.13.13.46; Mon, 20 Jan 2020 13:13:59 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727076AbgATVLy (ORCPT + 99 others); Mon, 20 Jan 2020 16:11:54 -0500 Received: from www62.your-server.de ([213.133.104.62]:47586 "EHLO www62.your-server.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726586AbgATVLy (ORCPT ); Mon, 20 Jan 2020 16:11:54 -0500 Received: from sslproxy01.your-server.de ([88.198.220.130]) by www62.your-server.de with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89_1) (envelope-from ) id 1iteKb-0003tQ-OR; Mon, 20 Jan 2020 22:11:33 +0100 Received: from [178.197.248.27] (helo=pc-9.home) by sslproxy01.your-server.de with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1iteKa-00019l-UX; Mon, 20 Jan 2020 22:11:33 +0100 Subject: Re: [PATCH bpf-next] bpf: add bpf_ct_lookup_{tcp,udp}() helpers To: Matt Cover , John Fastabend Cc: Alexei Starovoitov , Martin KaFai Lau , Song Liu , Yonghong Song , Andrii Nakryiko , "David S. Miller" , Shuah Khan , Jakub Kicinski , Jesper Dangaard Brouer , Jakub Sitnicki , Quentin Monnet , Matthew Cover , Stanislav Fomichev , Andrey Ignatov , Lorenz Bauer , Jiong Wang , netdev@vger.kernel.org, bpf@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org References: <20200118000128.15746-1-matthew.cover@stackpath.com> <5e23c773d7a67_13602b2359ea05b824@john-XPS-13-9370.notmuch> From: Daniel Borkmann Message-ID: <360a11cd-2c41-159e-b92a-c7c1ec42767f@iogearbox.net> Date: Mon, 20 Jan 2020 22:11:31 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Authenticated-Sender: daniel@iogearbox.net X-Virus-Scanned: Clear (ClamAV 0.101.4/25701/Mon Jan 20 12:41:43 2020) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 1/20/20 9:10 PM, Matt Cover wrote: > On Mon, Jan 20, 2020 at 11:11 AM Matt Cover wrote: >> On Sat, Jan 18, 2020 at 8:05 PM John Fastabend wrote: >>> Matthew Cover wrote: >>>> Allow looking up an nf_conn. This allows eBPF programs to leverage >>>> nf_conntrack state for similar purposes to socket state use cases, >>>> as provided by the socket lookup helpers. This is particularly >>>> useful when nf_conntrack state is locally available, but socket >>>> state is not. >>>> >>>> Signed-off-by: Matthew Cover >>>> --- >>> >>> Couple coding comments below. Also looks like a couple build errors >>> so fix those up. I'm still thinking over this though. >> >> Thank you for taking the time to look this over. I will be looking >> into the build issues. > > Looks like I missed static inline on a couple functions when > nf_conntrack isn't builtin. I'll include the fix in v2. One of the big issues I'd see with this integration is that literally no-one will be able to use it unless they manually recompile their distro kernel with ct as builtin instead of module .. Have you considered writing a tcp/udp ct in plain bpf? Perhaps would make sense to have some sort of tools/lib/bpf/util/ with bpf prog library code that can be included.