On Wed, Jun 02, 2021 at 11:24:36PM IST, Martin KaFai Lau wrote: > On Wed, Jun 02, 2021 at 10:48:02AM +0200, Toke Høiland-Jørgensen wrote: > > Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx> writes: > > > > >> > In general the garbage collection in any form doesn't scale. > > >> > The conntrack logic doesn't need it. The cillium conntrack is a great > > >> > example of how to implement a conntrack without GC. > > >> > > >> That is simply not a conntrack. We expire connections based on > > >> its time, not based on the size of the map where it residents. > > > > > > Sounds like your goal is to replicate existing kernel conntrack > > > as bpf program by doing exactly the same algorithm and repeating > > > the same mistakes. Then add kernel conntrack functions to allow list > > > of kfuncs (unstable helpers) and call them from your bpf progs. > > > > FYI, we're working on exactly this (exposing kernel conntrack to BPF). > > Hoping to have something to show for our efforts before too long, but > > it's still in a bit of an early stage... > Just curious, what conntrack functions will be made callable to BPF? Initially we're planning to expose the equivalent of nf_conntrack_in and nf_conntrack_confirm to XDP and TC programs (so XDP one works without an skb, and TC one works with an skb), to map these to higher level lookup/insert. -- Kartikeya
