[{"id":1798908,"web_url":"http://patchwork.ozlabs.org/comment/1798908/","msgid":"<20171103203249.GA25602@breakpoint.cc>","list_archive_url":null,"date":"2017-11-03T20:32:49","subject":"Re: [PATCH RFC,WIP 2/5] netfilter: add software flow offload\n\tinfrastructure","submitter":{"id":1025,"url":"http://patchwork.ozlabs.org/api/people/1025/","name":"Florian Westphal","email":"fw@strlen.de"},"content":"Pablo Neira Ayuso <pablo@netfilter.org> wrote:\n> +static int __init nf_flow_offload_module_init(void)\n> +{\n> +\tstruct rhashtable_params params = flow_offload_rhash_params;\n> +\tstruct nf_hook_ops flow_offload_hook = {\n> +\t\t.hook\t\t= nf_flow_offload_hook,\n> +\t\t.pf\t\t= NFPROTO_NETDEV,\n> +\t\t.hooknum\t= NF_NETDEV_INGRESS,\n> +\t\t.priority\t= -100,\n\nMagic number.  Should this be documented in nft?\n\nAlternatively we could reject NETDEV_INGRESS base chains from\nuserspace if prio < 0 to prevent userspace rules from messing\nwith this flow offlaod infrastructure.\n\nI guess the rationale of using auto-builtin hook is to avoid\nforcing users to configure this with nftables rules?\n\n> +\trtnl_lock();\n> +\tfor_each_netdev(&init_net, dev) {\n> +\t\tentry = kmalloc(sizeof(*entry), GFP_KERNEL);\n> +\t\tif (!entry) {\n> +\t\t\trtnl_unlock();\n> +\t\t\treturn -ENOMEM;\n\nThis would need error unwinding (Unregistering the already-registered\nhooks).\n\n> +\t\terr = nf_register_net_hook(&init_net, &entry->ops);\n> +\t\tif (err < 0)\n> +\t\t\treturn err;\n\nAnd here as well.","headers":{"Return-Path":"<netdev-owner@vger.kernel.org>","X-Original-To":"patchwork-incoming@ozlabs.org","Delivered-To":"patchwork-incoming@ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)","Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3yTDDg0QF9z9sP1\n\tfor <patchwork-incoming@ozlabs.org>;\n\tSat,  4 Nov 2017 07:33:23 +1100 (AEDT)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1752284AbdKCUdT (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);\n\tFri, 3 Nov 2017 16:33:19 -0400","from Chamillionaire.breakpoint.cc ([146.0.238.67]:37708 \"EHLO\n\tChamillionaire.breakpoint.cc\" rhost-flags-OK-OK-OK-OK)\n\tby vger.kernel.org with ESMTP id S1750772AbdKCUdS (ORCPT\n\t<rfc822;netdev@vger.kernel.org>); Fri, 3 Nov 2017 16:33:18 -0400","from fw by Chamillionaire.breakpoint.cc with local (Exim 4.84_2)\n\t(envelope-from <fw@strlen.de>)\n\tid 1eAie1-00082x-Eo; Fri, 03 Nov 2017 21:32:49 +0100"],"Date":"Fri, 3 Nov 2017 21:32:49 +0100","From":"Florian Westphal <fw@strlen.de>","To":"Pablo Neira Ayuso <pablo@netfilter.org>","Cc":"netfilter-devel@vger.kernel.org, netdev@vger.kernel.org","Subject":"Re: [PATCH RFC,WIP 2/5] netfilter: add software flow offload\n\tinfrastructure","Message-ID":"<20171103203249.GA25602@breakpoint.cc>","References":"<20171103152636.9967-1-pablo@netfilter.org>\n\t<20171103152636.9967-3-pablo@netfilter.org>","MIME-Version":"1.0","Content-Type":"text/plain; charset=us-ascii","Content-Disposition":"inline","In-Reply-To":"<20171103152636.9967-3-pablo@netfilter.org>","User-Agent":"Mutt/1.5.23 (2014-03-12)","Sender":"netdev-owner@vger.kernel.org","Precedence":"bulk","List-ID":"<netdev.vger.kernel.org>","X-Mailing-List":"netdev@vger.kernel.org"}}]