lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 15 Aug 2022 16:41:11 -0600 From: "Daniel Xu" <dxu@...uu.xyz> To: Toke Høiland-Jørgensen <toke@...nel.org>, "bpf@...r.kernel.org" <bpf@...r.kernel.org>, "Alexei Starovoitov" <ast@...nel.org>, "Daniel Borkmann" <daniel@...earbox.net>, "Andrii Nakryiko" <andrii@...nel.org>, "Kumar Kartikeya Dwivedi" <memxor@...il.com> Cc: pablo@...filter.org, fw@...len.de, netfilter-devel@...r.kernel.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH bpf-next 2/3] bpf: Add support for writing to nf_conn:mark Hi Toke, On Mon, Aug 15, 2022, at 4:25 PM, Toke Høiland-Jørgensen wrote: > Daniel Xu <dxu@...uu.xyz> writes: > >> Support direct writes to nf_conn:mark from TC and XDP prog types. This >> is useful when applications want to store per-connection metadata. This >> is also particularly useful for applications that run both bpf and >> iptables/nftables because the latter can trivially access this metadata. >> >> One example use case would be if a bpf prog is responsible for advanced >> packet classification and iptables/nftables is later used for routing >> due to pre-existing/legacy code. >> >> Signed-off-by: Daniel Xu <dxu@...uu.xyz> > > Didn't we agree the last time around that all field access should be > using helper kfuncs instead of allowing direct writes to struct nf_conn? Sorry, I was not aware of those discussions. Do you have a link handy? I received the suggestion to enable direct writes here: https://lore.kernel.org/bpf/CAP01T74aWUW-iyPCV_VfASO6YqfAZmnkYQMN2B4L8ngMMgnAcw@mail.gmail.com/ . Thanks, Daniel
Powered by blists - more mailing lists