On Sat, Dec 11, 2021 at 07:35:58PM +0100, Toke Høiland-Jørgensen wrote: > Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> writes: > > > On Fri, Dec 10, 2021 at 09:01:29PM +0530, Kumar Kartikeya Dwivedi wrote: > >> On Fri, Dec 10, 2021 at 08:39:14PM IST, Pablo Neira Ayuso wrote: > >> > On Fri, Dec 10, 2021 at 06:32:28PM +0530, Kumar Kartikeya Dwivedi wrote: > >> > [...] > >> > > net/netfilter/nf_conntrack_core.c | 252 ++++++++++++++++++++++++++++++ > >> > > 7 files changed, 497 insertions(+), 1 deletion(-) > >> > > > >> > [...] > >> > > diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c > >> > > index 770a63103c7a..85042cb6f82e 100644 > >> > > --- a/net/netfilter/nf_conntrack_core.c > >> > > +++ b/net/netfilter/nf_conntrack_core.c > >> > > >> > Please, keep this new code away from net/netfilter/nf_conntrack_core.c > >> > >> Ok. Can it be a new file under net/netfilter, or should it live elsewhere? > > > > IPVS and OVS use conntrack for already quite a bit of time and they > > keep their code in their respective folders. > > Those are users, though. OK, I see this as a yet user of the conntrack infrastructure. > This is adding a different set of exported functions, like a BPF > version of EXPORT_SYMBOL(). We don't put those outside the module > where the code lives either... OVS and IPVS uses Kconfig to enable the conntrack module as a dependency. Then, add module that is loaded when conntrack is used. > I can buy not wanting to bloat nf_conntrack_core.c, but what's the > problem with adding a net/netfilter_nf_conntrack_bpf.c that gets linked > into the same kmod? I might be missing the reason why this can't be done in self-contained way here.
