On Wed, Jun 02, 2021 at 10:48:02AM +0200, Toke Høiland-Jørgensen wrote: > Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx> writes: > > >> > In general the garbage collection in any form doesn't scale. > >> > The conntrack logic doesn't need it. The cillium conntrack is a great > >> > example of how to implement a conntrack without GC. > >> > >> That is simply not a conntrack. We expire connections based on > >> its time, not based on the size of the map where it residents. > > > > Sounds like your goal is to replicate existing kernel conntrack > > as bpf program by doing exactly the same algorithm and repeating > > the same mistakes. Then add kernel conntrack functions to allow list > > of kfuncs (unstable helpers) and call them from your bpf progs. > > FYI, we're working on exactly this (exposing kernel conntrack to BPF). > Hoping to have something to show for our efforts before too long, but > it's still in a bit of an early stage... Just curious, what conntrack functions will be made callable to BPF?
