Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx> writes: > On Tue, Nov 27, 2018 at 09:24:05AM -0500, Aaron Conole wrote: >> >> 1. Introduce flowmap again, this time, basically having it close to a >> copy of the hashmap. Introduce a few function calls that allow an >> external module to easily manipulate all maps of that type to insert >> / remove / update entries. This makes it similar to, for example, >> devmap. > > what is a flowmap? > How is this flowmap different from existing hash, lpm and lru maps? The biggest difference is how relationship works. Normal map would have single key and single value. Flow map needs to have two keys "single-value," because there are two sets of flow tuples to track (forward and reverse direction). That means that when updating the k-v pairs, we need to ensure that the data is always consistent and up to date. Probably we could do that with the existing maps if we had some kind of allocation mechanism, too (so, keep a pointer to data from two keys - not sure if there's a way to do that in ebpf)? Still I need a way to get the conntrack information from netfilter (or really any other entity that will provide it) into the bpf map, whatever map type it takes. > 'close to a copy of hashmap'... why hashmap is not enough for your purpose? It might be (see the item 2. in that list). I'm trying to allow netfilter conntrack to update the bpf map so that the flow offload data is available, and make sure that when I look up a 5-tuple from the bpf program in the map, I get the appropriate flow-offload data (ie: forward direction addresses could be different from reverse direction so just swapping addresses / ports will not match). Like I wrote in the cover letter (but probably poorly, sorry for that), I want to forward packets into the stack until a connection is added to the table, and then push the packets directly to the places they need to go, doing the nat etc. That lets us use xdp as a fast forwarding path for connections, getting all of the advantage of helper modules to do the control / parsing, and all the advantage of xdp for packet movement. Maybe I don't see a better solution, though - or possibly there's a more generic approach that works better.
