Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp20864433rwd; Thu, 29 Jun 2023 07:59:36 -0700 (PDT) X-Google-Smtp-Source: APBJJlGs2ppI/b6emIONvkaTMUsc9qMqsU4/C8EaJgusFwlc244ea1bTJPvt/MS+dz4YqR1XH+qh X-Received: by 2002:a17:902:dad1:b0:1b8:4485:6971 with SMTP id q17-20020a170902dad100b001b844856971mr4216961plx.60.1688050775674; Thu, 29 Jun 2023 07:59:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688050775; cv=none; d=google.com; s=arc-20160816; b=Ylqo8cOFFBzsVYrIg8fnUXEapSjigedHB+PwLBQlA5VskeEJ8Zu3zlhAZoEOo6eAri 7o57FtlKTJAaujbaZoX68HBUikohRPA/7Ix8AFEhQ2OXhZ/XCUV3u6lpztlwYWvmRSw/ heNUroaYSgGXs3M1U5lAvYMtwloRNWinRSyqSHBNOL062Ar3pTGetDYIHscdB+ltxXbd v6NnAMD3ui0LesXEvaunEOP/yVEtOly0bJyATw8/su9pqfqlQN3OMXcOH5WSLUEbeuNu f0ackFGlkWPbJ4Z3YIBS/ehL1FA+SM8rSPkzhvUy6DVUL9uiB9Y5dEXLCubJ76imq3Op pqhA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:references:in-reply-to:subject:cc:to:from :dkim-signature; bh=h8R5NWbxG8vczdgWdFQsQrHOmepgax0uH77iAdWT6/Y=; fh=V27BX5VeziKkyyRDfdCjg7Xa+Xc6fj/OFbrZal4ox3k=; b=dmCP7fKDpK0fMi6xs3oFWmYfQ7MozPgBw962qvkvuIJmjAWz7sNFYyewRhLLAGtWaC 4r1sQ4NL50DLxoidPTjMlqbxFDV5GUX31i8HwJG6ZWeIir3JEP4UFWRcXIGyYAYdtHEO 1E0F2aShcFiK2ngDo85SDNtygYot3WPaYpAQe77rxVsW43lQOXQcK6QUSM/v4QfTUTAc 8Eg+r9XsTjIc7mzeT0T+tzXlM9d0xfJd+nq8fC9q/JERj4ITN4KZ+HMzzL5TGd2xbHsb M1Iui9NbecQ16xNP5fAbXpMRtLnF0JyvOcz0c5PAsfaPQTRwOxxK3uxRbuIrMOzWo7nV E8FA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=SvKgEmJ2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 4-20020a170902ee4400b001b7fa4d1a7esi1325665plo.507.2023.06.29.07.59.22; Thu, 29 Jun 2023 07:59:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=SvKgEmJ2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232178AbjF2Og4 (ORCPT + 99 others); Thu, 29 Jun 2023 10:36:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34466 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231208AbjF2Ogt (ORCPT ); Thu, 29 Jun 2023 10:36:49 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EB7673595 for ; Thu, 29 Jun 2023 07:35:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1688049339; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=h8R5NWbxG8vczdgWdFQsQrHOmepgax0uH77iAdWT6/Y=; b=SvKgEmJ23/JFk8w3EWorMgAsWunEXyovlF1SsCt3sFhOjWuFBaGkh7X4IC9f6M2c0PHvF6 DRDun8y3YnywwY7jpJoCFNCWWiu/cZdp54kFiIZx902HCwdyRbrZ36TVvVr2nc3EnLJAA0 seNNlXPHoXh3CpuQ2SCAGQrN6BhjFT8= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-32-QXrMTTdjOxujQ9X9RGqzMw-1; Thu, 29 Jun 2023 10:35:38 -0400 X-MC-Unique: QXrMTTdjOxujQ9X9RGqzMw-1 Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-3fbb0fdd060so3980615e9.0 for ; Thu, 29 Jun 2023 07:35:37 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688049337; x=1690641337; h=content-transfer-encoding:mime-version:message-id:date:references :in-reply-to:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=h8R5NWbxG8vczdgWdFQsQrHOmepgax0uH77iAdWT6/Y=; b=ftdIi3UhgX/vQGbdw4MF4ss9XJ6sH1YZRb6nlUwRg2DZNLsR6arZuTbyz15bWOT8+v PHkCzXgB+twe3MDaJeh7kP3eClVpWUJusvjDFkgYomiuQhlGFC8PY+QjtW7QM6OJg6oR 85EQ3DfBH13GWsO6lBQXaabLSsa96kwx2QMTTLx4Zu6dggpwg5XNodxcfBrLhqvt2GH2 zU7+8dGaQu65hfjAEbwd7vP2068qUUFc2o++3QGMkH8TGtMDbA9Cszjy8ic/tR61Mk/+ 5bf5k11ijHdJcT8MJ1xgcsgeJRT+G7hX3S9CtVuQ2l78EZv2O5GSictJH6bQ9W2peIaV Leew== X-Gm-Message-State: AC+VfDwE5nugykirJzRp47RuE7zcfgyo/dKeZTKgaozLmEc5yrXnsf73 CjmqAf/TO8Vfy9vvS7RafpHcvrsTU3nPKGJBWXOnqsgaGx7697AuAVIShIRy5e95bv+wltpNDqa 5WZtqFQ+q4VPI6+mwgfAr+9Z0 X-Received: by 2002:a7b:cd1a:0:b0:3fb:7184:53eb with SMTP id f26-20020a7bcd1a000000b003fb718453ebmr7354227wmj.18.1688049336967; Thu, 29 Jun 2023 07:35:36 -0700 (PDT) X-Received: by 2002:a7b:cd1a:0:b0:3fb:7184:53eb with SMTP id f26-20020a7bcd1a000000b003fb718453ebmr7354206wmj.18.1688049336544; Thu, 29 Jun 2023 07:35:36 -0700 (PDT) Received: from alrua-x1.borgediget.toke.dk ([45.145.92.2]) by smtp.gmail.com with ESMTPSA id 14-20020a05600c020e00b003fba92fad35sm4237514wmi.26.2023.06.29.07.35.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 29 Jun 2023 07:35:36 -0700 (PDT) Received: by alrua-x1.borgediget.toke.dk (Postfix, from userid 1000) id 5FF87BC0476; Thu, 29 Jun 2023 16:35:35 +0200 (CEST) From: Toke =?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen?= To: Florian Westphal Cc: Florian Westphal , Daniel Xu , bpf@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, coreteam@netfilter.org, netfilter-devel@vger.kernel.org, daniel@iogearbox.net, dsahern@kernel.org Subject: Re: [PATCH bpf-next 0/7] Support defragmenting IPv(4|6) packets in BPF In-Reply-To: <20230629132141.GA10165@breakpoint.cc> References: <874jmthtiu.fsf@toke.dk> <20230627154439.GA18285@breakpoint.cc> <87o7kyfoqf.fsf@toke.dk> <20230629132141.GA10165@breakpoint.cc> X-Clacks-Overhead: GNU Terry Pratchett Date: Thu, 29 Jun 2023 16:35:35 +0200 Message-ID: <87leg2fia0.fsf@toke.dk> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Florian Westphal writes: > Toke H=C3=B8iland-J=C3=B8rgensen wrote: >> Florian Westphal writes: >> > For bpf a flag during link attachment seemed like the best way >> > to go. >>=20 >> Right, I wasn't disputing that having a flag to load a module was a good >> idea. On the contrary, I was thinking we'd need many more of these >> if/when BPF wants to take advantage of more netfilter code. Say, if a >> BPF module wants to call into TPROXY, that module would also need go be >> loaded and kept around, no? > > That seems to be a different topic that has nothing to do with > either bpf_link or netfilter? > > If the program calls into say, TPROXY, then I'd expect that this needs > to be handled via kfuncs, no? Or if I misunderstand, what do you mean > by "call into TPROXY"? > > And if so, thats already handled at bpf_prog load time, not > at link creation time, or do I miss something here? > > AFAIU, if prog uses such kfuncs, verifier will grab needed module ref > and if module isn't loaded the kfuncs won't be found and program load > fails. ... > Or we are talking about implicit dependencies, where program doesn't > call function X but needs functionality handled earlier in the pipeline? > > The only two instances I know where this is the case for netfilter > is defrag + conntrack. Well, I was kinda mixing the two cases above, sorry about that. The "kfuncs locking the module" was not present in my mind when starting to talk about that bit... As for the original question, that's answered by your point above: If those two modules are the only ones that are likely to need this, then a flag for each is fine by me - that was the key piece I was missing (I'm not a netfilter expert, as you well know). Thanks for clarifying, and apologies for the muddled thinking! :) -Toke