On Sunday 2020-06-21 05:24, Florian Westphal wrote: >Eugene Crosser <crosser@xxxxxxxxxxx> wrote: >> > No, nft already has "< $value" logic. >> > The only missing piece of the puzzle is a way to populate an nft >> > register with the "size per segment" value. >> >> I don't think that it works. `skb_gso_network_seglen()` gives the (same for all >> segments) segment length _only_ when `shinfo->gso_size != GSO_BY_FRAGS`. If we >> were to expose maximum segment length for skbs with `gso_size == GSO_BY_FRAGS`, >> we'd need a new function that basically replicates the functionality of >> `skb_gso_size_check()` and performs `skb_walk_frags()`, only instead of >> returning `false` on first violation finds and then returns the maximum >> encoutered value. > >Yes. > >> That means we'd need to introduce a new function for the sole purpose of making >> the proposed check fit in the "less-equal-greater" model. > >Yes and no. > >> And the only practical >> use of the feature is to check "fits-doesn't fit" anyway. > >Why? Maybe someone wants to collect statistics on encountered packet >size or something like that. Possibly so, but you would not want to penalize users who do want the short-circuiting behavior when they are not interested in the statistics.
