On Tuesday 2020-06-16 17:54, Eugene Crosser wrote: >>> 2. Is it correct that "new generation" `nft` filtering infrastructure >>> does not support dynamically loadable extensions at all? (We need a >>> custom kernel module because we need access to the fields in the skb >>> that are not exposed to `nft` [..] >> >> Why not make a patch to publicly expose the skb's data via nft_meta? >> No more custom modules, no more userspace modifications [..] > >For our particular use case, we are running the skb through the kernel >function `skb_validate_network_len()` with custom mtu size [..] I find no such function in the current or past kernels. Perhaps you could post the code of the module(s) you already have, and we can assess if it, or the upstream ideals, can be massaged to make the code stick.
