Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp17880411rwd; Tue, 27 Jun 2023 08:39:17 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4EOXVh04yRyjWAyHCFZONs3pHiVN0uvTNmcjcahSsMNfdxj/le5U0Xj900jpfRYRPVJvYB X-Received: by 2002:a17:907:3da7:b0:991:e695:cb7 with SMTP id he39-20020a1709073da700b00991e6950cb7mr4072790ejc.68.1687880356943; Tue, 27 Jun 2023 08:39:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1687880356; cv=none; d=google.com; s=arc-20160816; b=QzxiVJp0UCL2nvVBq1JtYCgGFdHjDpIy0Guk/BxOgzXtTWIsgilgc8afc5mh6lGTi1 kxLltuR13wW5FV4PRCo4F87A1oDo9R+TFw4bLILpNNHg1aeCMx2c5tb+6VZ/Fvq7YUvF nchqob9mVFasSreDTAly5Q6IEXHNEqUuU3ziJ4NGWWHli3BbFg4w2Vj+J/7Lb9eIMyZu l4OSgIh8PIG7GIaFFruW2DSnI/+xOTMOXmMDen9hm9QvZ90+1t49Y+AO5daYL7CI4rKt 2zfXHuMLM5qRzxC6lm+eWdF+D1aYFakaqdAlCPEkOjWTA+nD4kmY5SYvt0448xO7ROQP 1c/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:feedback-id:dkim-signature:dkim-signature; bh=J3c7xEg1YYI1wbRJy4qEuZ+boAxMySi5/DoIOAO5gmQ=; fh=f88Z3DcHIzUWHsZJG3q0cYxsZDrG1A+Tdyyymdp0AJ0=; b=fBMhl05P4mCGs1HSYfTKlwU+DKGNM5C5qzcvuD8J1db4qzGtbh2A07hQqlB8w7h9K+ 77/dQrcn+bd3R4Udk5axhXKl59BAkMWFqYI912MqxvaBy5Y/R4vyn7bGx972hoMnpgq9 qq3efABoBqvTa+YGWRAjdot7tQ+PmIfYMkKjiiEqlcgpBd9C4AsyPgP42dHWzV71I690 hX3mIgYNSh6B6aUjmRiJMyvZIAmhjxxzaUKHntdUB9h2KQYPcmmgHTUSSQhDOjU2tRIP Xur8D3+UBaYeEWq/QH/Hyw8tRSpkiUv12riuGuvTE0GdT6yswU8GwKONEbw+mUmIuQgc Oi2Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@dxuuu.xyz header.s=fm1 header.b=hz+vJUg6; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=A29GD4T+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e11-20020a170906c00b00b0096f81ae0ac9si4405405ejz.34.2023.06.27.08.38.47; Tue, 27 Jun 2023 08:39:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@dxuuu.xyz header.s=fm1 header.b=hz+vJUg6; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=A29GD4T+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232177AbjF0OyF (ORCPT + 99 others); Tue, 27 Jun 2023 10:54:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54242 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231854AbjF0Oxs (ORCPT ); Tue, 27 Jun 2023 10:53:48 -0400 Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com [64.147.123.24]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 267A4FA; Tue, 27 Jun 2023 07:51:51 -0700 (PDT) Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id 076803200902; Tue, 27 Jun 2023 10:51:49 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Tue, 27 Jun 2023 10:51:50 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dxuuu.xyz; h=cc :cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to; s=fm1; t= 1687877509; x=1687963909; bh=J3c7xEg1YYI1wbRJy4qEuZ+boAxMySi5/Do IOAO5gmQ=; b=hz+vJUg6/cZg8YDhve5zDRJlNDDz7L3F3NrNUBFBV7BRIVCY/cO yudg+iwgFub4Y2o/zqIA/jswngiWu1DT8Jtxii5L/zV/tI7xKQMHIDfjpziFGnf6 GP9WqzvTGneYGh0KxDj5Mgj0oVPZgiEUIhiZ0iwlOXwgt9X1SSdmBUm3rQvNli8Q W8Mgh17/B455eXKqfEsS4kjEw1tVnvqlUnBxElvl6AW61PvnKkA2+28lc0RiJbLo CcFMZ0Ec+tvHXrIrB8Hz7uZ/IVQsDk38cuBOokKNrPWdsbAGQvYpSVk88JcQcoiV jDvm4fvt/sJq9F9J0lvtjbvb2gMlopxHI6Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t= 1687877509; x=1687963909; bh=J3c7xEg1YYI1wbRJy4qEuZ+boAxMySi5/Do IOAO5gmQ=; b=A29GD4T+i5IqDhXAoTc3X1F9q08SZiK4F/dqN2gK6eClwF+xUsc Rb0kKaF8UXdrQWfWsfMX81NxWhJ4C37Yzn0VGKYaUF6ug2i8EYo7Musc3OhnuKSX lsMwf5JynptvrqXgKjpDtbKF0V3Bb3iwxDy+q9Eu+/1nHbsSoEeL5h7SeS/19n3g OHxElU34m3xpbnt5F0o1UE6pUc9uucx3wzW5PgnjUtetc2HZRcmxZLBJFlHFcGMN xrIOcU2UGUdIoRihQVhfe/MwciVfteHECfgqJzrjGzz3qYXsnI9l8dn+yRLLktf7 6IMfDTEJRTQam69e+SHFs9Rz2N718k/vZVQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedviedrtddtgdeflecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenfg hrlhcuvffnffculdejtddmnecujfgurhepfffhvfevuffkfhggtggugfgjsehtkefstddt tddunecuhfhrohhmpeffrghnihgvlhcuighuuceougiguhesugiguhhuuhdrgiihiieqne cuggftrfgrthhtvghrnhepudefiedtieehffeuffelffegheegjeekteekgfdtkeefjeeh ffejtdfgkeeiteelnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilh hfrhhomhepugiguhesugiguhhuuhdrgiihii X-ME-Proxy: Feedback-ID: i6a694271:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 27 Jun 2023 10:51:48 -0400 (EDT) Date: Tue, 27 Jun 2023 08:51:47 -0600 From: Daniel Xu To: Toke =?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen?= Cc: bpf@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, coreteam@netfilter.org, netfilter-devel@vger.kernel.org, fw@strlen.de, daniel@iogearbox.net, dsahern@kernel.org Subject: Re: [PATCH bpf-next 0/7] Support defragmenting IPv(4|6) packets in BPF Message-ID: References: <874jmthtiu.fsf@toke.dk> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <874jmthtiu.fsf@toke.dk> X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS, SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Toke, Thanks for taking a look at the patchset. On Tue, Jun 27, 2023 at 04:25:13PM +0200, Toke H?iland-J?rgensen wrote: > > The basic idea is we bump a refcnt on the netfilter defrag module and > > then run the bpf prog after the defrag module runs. This allows bpf > > progs to transparently see full, reassembled packets. The nice thing > > about this is that progs don't have to carry around logic to detect > > fragments. > > One high-level comment after glancing through the series: Instead of > allocating a flag specifically for the defrag module, why not support > loading (and holding) arbitrary netfilter modules in the UAPI? If we > need to allocate a new flag every time someone wants to use a netfilter > module along with BPF we'll run out of flags pretty quickly :) I don't have enough context on netfilter in general to say if it'd be generically useful -- perhaps Florian can comment on that. However, I'm not sure such a mechanism removes the need for a flag. The netfilter defrag modules still need to be called into to bump the refcnt. The module could export some kfuncs to inc/dec the refcnt, but it'd be rather odd for prog code to think about the lifetime of the attachment (as inc/dec for _each_ prog execution seems wasteful and slow). AFAIK all the other resource acquire/release APIs are for a single prog execution. So a flag for link attach feels the most natural to me. We could always add a flag2 field or something right? [...] Thanks, Daniel