On Fri, Mar 24, 2023 at 11:22 AM Florian Westphal <fw@xxxxxxxxx> wrote: > > Stanislav Fomichev <sdf@xxxxxxxxxx> wrote: > > > I'm not sure what you mean by "whole story" but netfilter kernel modules > > > register via a priority value as well. As well as the modules the kernel > > > ships. So there's that to consider. > > > > Sorry for not being clear. What I meant here is that we'd have to > > export those existing priorities in the UAPI headers and keep those > > numbers stable. Otherwise it seems impossible to have a proper interop > > between those fixed existing priorities and new bpf modules? > > (idk if that's a real problem or I'm overthinking) > > They are already in uapi and exported. Oh, nice, then probably keeping those prios is the way to go. Up to you on whether to explore the alternative (before/after) or not. Agree with Daniel that it probably requires reworking netfilter internals and it's not really justified here.
