Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp20864433rwd;
        Thu, 29 Jun 2023 07:59:36 -0700 (PDT)
X-Google-Smtp-Source: APBJJlGs2ppI/b6emIONvkaTMUsc9qMqsU4/C8EaJgusFwlc244ea1bTJPvt/MS+dz4YqR1XH+qh
X-Received: by 2002:a17:902:dad1:b0:1b8:4485:6971 with SMTP id q17-20020a170902dad100b001b844856971mr4216961plx.60.1688050775674;
        Thu, 29 Jun 2023 07:59:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1688050775; cv=none;
        d=google.com; s=arc-20160816;
        b=Ylqo8cOFFBzsVYrIg8fnUXEapSjigedHB+PwLBQlA5VskeEJ8Zu3zlhAZoEOo6eAri
         7o57FtlKTJAaujbaZoX68HBUikohRPA/7Ix8AFEhQ2OXhZ/XCUV3u6lpztlwYWvmRSw/
         heNUroaYSgGXs3M1U5lAvYMtwloRNWinRSyqSHBNOL062Ar3pTGetDYIHscdB+ltxXbd
         v6NnAMD3ui0LesXEvaunEOP/yVEtOly0bJyATw8/su9pqfqlQN3OMXcOH5WSLUEbeuNu
         f0ackFGlkWPbJ4Z3YIBS/ehL1FA+SM8rSPkzhvUy6DVUL9uiB9Y5dEXLCubJ76imq3Op
         pqhA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:references:in-reply-to:subject:cc:to:from
         :dkim-signature;
        bh=h8R5NWbxG8vczdgWdFQsQrHOmepgax0uH77iAdWT6/Y=;
        fh=V27BX5VeziKkyyRDfdCjg7Xa+Xc6fj/OFbrZal4ox3k=;
        b=dmCP7fKDpK0fMi6xs3oFWmYfQ7MozPgBw962qvkvuIJmjAWz7sNFYyewRhLLAGtWaC
         4r1sQ4NL50DLxoidPTjMlqbxFDV5GUX31i8HwJG6ZWeIir3JEP4UFWRcXIGyYAYdtHEO
         1E0F2aShcFiK2ngDo85SDNtygYot3WPaYpAQe77rxVsW43lQOXQcK6QUSM/v4QfTUTAc
         8Eg+r9XsTjIc7mzeT0T+tzXlM9d0xfJd+nq8fC9q/JERj4ITN4KZ+HMzzL5TGd2xbHsb
         M1Iui9NbecQ16xNP5fAbXpMRtLnF0JyvOcz0c5PAsfaPQTRwOxxK3uxRbuIrMOzWo7nV
         E8FA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=SvKgEmJ2;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id 4-20020a170902ee4400b001b7fa4d1a7esi1325665plo.507.2023.06.29.07.59.22;
        Thu, 29 Jun 2023 07:59:35 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=SvKgEmJ2;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232178AbjF2Og4 (ORCPT <rfc822;aki.vanness@gmail.com>
        + 99 others); Thu, 29 Jun 2023 10:36:56 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34466 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231208AbjF2Ogt (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 29 Jun 2023 10:36:49 -0400
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EB7673595
        for <linux-kernel@vger.kernel.org>; Thu, 29 Jun 2023 07:35:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1688049339;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=h8R5NWbxG8vczdgWdFQsQrHOmepgax0uH77iAdWT6/Y=;
        b=SvKgEmJ23/JFk8w3EWorMgAsWunEXyovlF1SsCt3sFhOjWuFBaGkh7X4IC9f6M2c0PHvF6
        DRDun8y3YnywwY7jpJoCFNCWWiu/cZdp54kFiIZx902HCwdyRbrZ36TVvVr2nc3EnLJAA0
        seNNlXPHoXh3CpuQ2SCAGQrN6BhjFT8=
Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com
 [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-32-QXrMTTdjOxujQ9X9RGqzMw-1; Thu, 29 Jun 2023 10:35:38 -0400
X-MC-Unique: QXrMTTdjOxujQ9X9RGqzMw-1
Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-3fbb0fdd060so3980615e9.0
        for <linux-kernel@vger.kernel.org>; Thu, 29 Jun 2023 07:35:37 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1688049337; x=1690641337;
        h=content-transfer-encoding:mime-version:message-id:date:references
         :in-reply-to:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=h8R5NWbxG8vczdgWdFQsQrHOmepgax0uH77iAdWT6/Y=;
        b=ftdIi3UhgX/vQGbdw4MF4ss9XJ6sH1YZRb6nlUwRg2DZNLsR6arZuTbyz15bWOT8+v
         PHkCzXgB+twe3MDaJeh7kP3eClVpWUJusvjDFkgYomiuQhlGFC8PY+QjtW7QM6OJg6oR
         85EQ3DfBH13GWsO6lBQXaabLSsa96kwx2QMTTLx4Zu6dggpwg5XNodxcfBrLhqvt2GH2
         zU7+8dGaQu65hfjAEbwd7vP2068qUUFc2o++3QGMkH8TGtMDbA9Cszjy8ic/tR61Mk/+
         5bf5k11ijHdJcT8MJ1xgcsgeJRT+G7hX3S9CtVuQ2l78EZv2O5GSictJH6bQ9W2peIaV
         Leew==
X-Gm-Message-State: AC+VfDwE5nugykirJzRp47RuE7zcfgyo/dKeZTKgaozLmEc5yrXnsf73
        CjmqAf/TO8Vfy9vvS7RafpHcvrsTU3nPKGJBWXOnqsgaGx7697AuAVIShIRy5e95bv+wltpNDqa
        5WZtqFQ+q4VPI6+mwgfAr+9Z0
X-Received: by 2002:a7b:cd1a:0:b0:3fb:7184:53eb with SMTP id f26-20020a7bcd1a000000b003fb718453ebmr7354227wmj.18.1688049336967;
        Thu, 29 Jun 2023 07:35:36 -0700 (PDT)
X-Received: by 2002:a7b:cd1a:0:b0:3fb:7184:53eb with SMTP id f26-20020a7bcd1a000000b003fb718453ebmr7354206wmj.18.1688049336544;
        Thu, 29 Jun 2023 07:35:36 -0700 (PDT)
Received: from alrua-x1.borgediget.toke.dk ([45.145.92.2])
        by smtp.gmail.com with ESMTPSA id 14-20020a05600c020e00b003fba92fad35sm4237514wmi.26.2023.06.29.07.35.35
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 29 Jun 2023 07:35:36 -0700 (PDT)
Received: by alrua-x1.borgediget.toke.dk (Postfix, from userid 1000)
        id 5FF87BC0476; Thu, 29 Jun 2023 16:35:35 +0200 (CEST)
From:   Toke =?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen?= <toke@redhat.com>
To:     Florian Westphal <fw@strlen.de>
Cc:     Florian Westphal <fw@strlen.de>, Daniel Xu <dxu@dxuuu.xyz>,
        bpf@vger.kernel.org, netdev@vger.kernel.org,
        linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org,
        coreteam@netfilter.org, netfilter-devel@vger.kernel.org,
        daniel@iogearbox.net, dsahern@kernel.org
Subject: Re: [PATCH bpf-next 0/7] Support defragmenting IPv(4|6) packets in BPF
In-Reply-To: <20230629132141.GA10165@breakpoint.cc>
References: <cover.1687819413.git.dxu@dxuuu.xyz> <874jmthtiu.fsf@toke.dk>
 <20230627154439.GA18285@breakpoint.cc> <87o7kyfoqf.fsf@toke.dk>
 <20230629132141.GA10165@breakpoint.cc>
X-Clacks-Overhead: GNU Terry Pratchett
Date:   Thu, 29 Jun 2023 16:35:35 +0200
Message-ID: <87leg2fia0.fsf@toke.dk>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE,
        T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Florian Westphal <fw@strlen.de> writes:

> Toke H=C3=B8iland-J=C3=B8rgensen <toke@redhat.com> wrote:
>> Florian Westphal <fw@strlen.de> writes:
>> > For bpf a flag during link attachment seemed like the best way
>> > to go.
>>=20
>> Right, I wasn't disputing that having a flag to load a module was a good
>> idea. On the contrary, I was thinking we'd need many more of these
>> if/when BPF wants to take advantage of more netfilter code. Say, if a
>> BPF module wants to call into TPROXY, that module would also need go be
>> loaded and kept around, no?
>
> That seems to be a different topic that has nothing to do with
> either bpf_link or netfilter?
>
> If the program calls into say, TPROXY, then I'd expect that this needs
> to be handled via kfuncs, no? Or if I misunderstand, what do you mean
> by "call into TPROXY"?
>
> And if so, thats already handled at bpf_prog load time, not
> at link creation time, or do I miss something here?
>
> AFAIU, if prog uses such kfuncs, verifier will grab needed module ref
> and if module isn't loaded the kfuncs won't be found and program load
> fails.

...

> Or we are talking about implicit dependencies, where program doesn't
> call function X but needs functionality handled earlier in the pipeline?
>
> The only two instances I know where this is the case for netfilter
> is defrag + conntrack.

Well, I was kinda mixing the two cases above, sorry about that. The
"kfuncs locking the module" was not present in my mind when starting to
talk about that bit...

As for the original question, that's answered by your point above: If
those two modules are the only ones that are likely to need this, then a
flag for each is fine by me - that was the key piece I was missing (I'm
not a netfilter expert, as you well know).

Thanks for clarifying, and apologies for the muddled thinking! :)

-Toke