Hi Toke, On Mon, Aug 15, 2022, at 4:25 PM, Toke Høiland-Jørgensen wrote: > Daniel Xu <dxu@xxxxxxxxx> writes: > >> Support direct writes to nf_conn:mark from TC and XDP prog types. This >> is useful when applications want to store per-connection metadata. This >> is also particularly useful for applications that run both bpf and >> iptables/nftables because the latter can trivially access this metadata. >> >> One example use case would be if a bpf prog is responsible for advanced >> packet classification and iptables/nftables is later used for routing >> due to pre-existing/legacy code. >> >> Signed-off-by: Daniel Xu <dxu@xxxxxxxxx> > > Didn't we agree the last time around that all field access should be > using helper kfuncs instead of allowing direct writes to struct nf_conn? Sorry, I was not aware of those discussions. Do you have a link handy? I received the suggestion to enable direct writes here: https://lore.kernel.org/bpf/CAP01T74aWUW-iyPCV_VfASO6YqfAZmnkYQMN2B4L8ngMMgnAcw@xxxxxxxxxxxxxx/ . Thanks, Daniel
