Can netfilter-ebpf modify packets ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Hello everyone,

I've noticed that it's not possible to modify packets via netfilter-ebpf right now. I'm curious if this is by design.

Currently, I've observed some issues, such as:

1. The dynptr obtained through bpf_dynptr_from_skb in the netfilter-ebpf prog is read-only. 2. In addition to modification, applications may also need to delete or append some data in the skb, which dynptr_write cannot meet. 3. Modifying packets involves recalculating csum, or updating transparent header, etc. 4. The BPF_PROG_TYPE_SCHED_ACT provides a large number of helpers that can meet various packet modification scenarios. However, due to arg_type type checks(ARG_PTR_TO_CTX), we cannot use them directly in netfilter yet.

Looking forward to any feedback.

Best wishes,
D. Wythe




[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux