-
- Downloads
bpf: Add support for writing to nf_conn:mark
Support direct writes to nf_conn:mark from TC and XDP prog types. This is useful when applications want to store per-connection metadata. This is also particularly useful for applications that run both bpf and iptables/nftables because the latter can trivially access this metadata. One example use case would be if a bpf prog is responsible for advanced packet classification and iptables/nftables is later used for routing due to pre-existing/legacy code. Signed-off-by:Daniel Xu <dxu@dxuuu.xyz> Link: https://lore.kernel.org/r/ebca06dea366e3e7e861c12f375a548cc4c61108.1662568410.git.dxu@dxuuu.xyz Signed-off-by:
Alexei Starovoitov <ast@kernel.org>
Showing
- include/net/netfilter/nf_conntrack_bpf.h 23 additions, 0 deletionsinclude/net/netfilter/nf_conntrack_bpf.h
- net/core/filter.c 54 additions, 0 deletionsnet/core/filter.c
- net/netfilter/nf_conntrack_bpf.c 65 additions, 1 deletionnet/netfilter/nf_conntrack_bpf.c
- net/netfilter/nf_conntrack_core.c 1 addition, 0 deletionsnet/netfilter/nf_conntrack_core.c
Loading
Please register or sign in to comment