| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 21 May 2024 15:21:54 +0200
From: Lorenzo Bianconi <lorenzo@...nel.org>
To: Alexei Starovoitov <alexei.starovoitov@...il.com>
Cc: bpf <bpf@...r.kernel.org>, Pablo Neira Ayuso <pablo@...filter.org>,
Jozsef Kadlecsik <kadlec@...filter.org>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
netfilter-devel <netfilter-devel@...r.kernel.org>,
Network Development <netdev@...r.kernel.org>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>,
Lorenzo Bianconi <lorenzo.bianconi@...hat.com>,
Toke Høiland-Jørgensen <toke@...hat.com>,
Florian Westphal <fw@...len.de>,
Jesper Dangaard Brouer <hawk@...nel.org>,
Simon Horman <horms@...nel.org>, donhunte@...hat.com,
Kumar Kartikeya Dwivedi <memxor@...il.com>
Subject: Re: [PATCH bpf-next v2 2/4] netfilter: add
bpf_xdp_flow_offload_lookup kfunc
> On Sat, May 18, 2024 at 3:13 AM Lorenzo Bianconi <lorenzo@...nel.org> wrote:
[...]
>
> I think it needs to be KF_RET_NULL.
> And most likely KF_TRUSTED_ARGS as well.
ack, I will fix it in v2.
>
> Also the "offload" doesn't fit in the name.
> The existing code calls it "offload", because it's actually
> pushing the rules to HW (if I understand the code),
> but here it's just a lookup from xdp.
> So call it
> bpf_xdp_flow_lookup() ?
ack fine, I do not have a strong opinion on it. I will fix it in v2.
>
> Though "flow" is a bit too generic here.
> nf_flow maybe?
ack, I will fix it in v2.
Regards,
Lorenzo
>
> > +BTF_KFUNCS_END(nf_ft_kfunc_set)
> > +
> > +static const struct btf_kfunc_id_set nf_flow_offload_kfunc_set = {
> > + .owner = THIS_MODULE,
> > + .set = &nf_ft_kfunc_set,
> > +};
> > +
> > +int nf_flow_offload_register_bpf(void)
> > +{
> > + return register_btf_kfunc_id_set(BPF_PROG_TYPE_XDP,
> > + &nf_flow_offload_kfunc_set);
> > +}
> > +EXPORT_SYMBOL_GPL(nf_flow_offload_register_bpf);
> > diff --git a/net/netfilter/nf_flow_table_inet.c b/net/netfilter/nf_flow_table_inet.c
> > index 6eef15648b7b0..6175f7556919d 100644
> > --- a/net/netfilter/nf_flow_table_inet.c
> > +++ b/net/netfilter/nf_flow_table_inet.c
> > @@ -98,7 +98,7 @@ static int __init nf_flow_inet_module_init(void)
> > nft_register_flowtable_type(&flowtable_ipv6);
> > nft_register_flowtable_type(&flowtable_inet);
> >
> > - return 0;
> > + return nf_flow_offload_register_bpf();
> > }
> >
> > static void __exit nf_flow_inet_module_exit(void)
> > --
> > 2.45.1
> >
Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)
Powered by blists - more mailing lists