subject:"\[iovisor\-dev\] \[PATCH RFC\] bpf\: add connection tracking helper functions"

Re: [iovisor-dev] [PATCH RFC] bpf: add connection tracking helper functions

2017-09-04 Thread William Tu via iovisor-dev

On Sun, Sep 3, 2017 at 3:26 PM, Thomas Graf wrote: > On 1 September 2017 at 04:30, William Tu via iovisor-dev > wrote: > > This patch adds two BPF conntrack helper functions, bpf_ct_lookup() > > and bpf_ct_commit(), to enable the possibility of BPF

Re: [iovisor-dev] [PATCH RFC] bpf: add connection tracking helper functions

2017-09-04 Thread Daniel Borkmann via iovisor-dev

On 09/01/2017 01:30 PM, William Tu wrote: This patch adds two BPF conntrack helper functions, bpf_ct_lookup() and bpf_ct_commit(), to enable the possibility of BPF stateful firewall. There are two ways to implement BPF conntrack. One way is to not rely on helpers but implement the conntrack

Re: [iovisor-dev] [PATCH RFC] bpf: add connection tracking helper functions

2017-09-03 Thread Thomas Graf via iovisor-dev

On 1 September 2017 at 04:30, William Tu via iovisor-dev wrote: > This patch adds two BPF conntrack helper functions, bpf_ct_lookup() > and bpf_ct_commit(), to enable the possibility of BPF stateful firewall. > > There are two ways to implement BPF conntrack. One

Re: [iovisor-dev] [PATCH RFC] bpf: add connection tracking helper functions

2017-09-03 Thread William Tu via iovisor-dev

Hi Alexei, Thanks, I do see the lockdep complain now. I will switch to use GFP_ATOMIC. William On Sat, Sep 2, 2017 at 8:20 AM, William Tu wrote: > > > On Fri, Sep 1, 2017 at 10:53 PM, Alexei Starovoitov < > alexei.starovoi...@gmail.com> wrote: > >> On Fri, Sep 1, 2017 at

Re: [iovisor-dev] [PATCH RFC] bpf: add connection tracking helper functions

2017-09-01 Thread Alexei Starovoitov via iovisor-dev

On Fri, Sep 1, 2017 at 4:30 AM, William Tu wrote: > + > + /* TODO: conntrack expectation */ > + > + nf_ct_zone_init(, info->zone_id, > + NF_CT_DEFAULT_ZONE_DIR, 0); > + tmpl = nf_ct_tmpl_alloc(net, , GFP_KERNEL); did you test with

[iovisor-dev] [PATCH RFC] bpf: add connection tracking helper functions

2017-09-01 Thread William Tu via iovisor-dev

This patch adds two BPF conntrack helper functions, bpf_ct_lookup() and bpf_ct_commit(), to enable the possibility of BPF stateful firewall. There are two ways to implement BPF conntrack. One way is to not rely on helpers but implement the conntrack state table using BPF maps. So conntrack is

Re: [iovisor-dev] [PATCH RFC] bpf: add connection tracking helper functions

Re: [iovisor-dev] [PATCH RFC] bpf: add connection tracking helper functions

Re: [iovisor-dev] [PATCH RFC] bpf: add connection tracking helper functions

Re: [iovisor-dev] [PATCH RFC] bpf: add connection tracking helper functions

Re: [iovisor-dev] [PATCH RFC] bpf: add connection tracking helper functions

[iovisor-dev] [PATCH RFC] bpf: add connection tracking helper functions

6 matches

Site Navigation

Mail list logo

Footer information