On Monday 2020-06-22 01:52, Florian Westphal wrote:
>Jan Engelhardt <jengelh@xxxxxxx> wrote:
>> >Why? Maybe someone wants to collect statistics on encountered packet
>> >size or something like that.
>>
>> Possibly so, but you would not want to penalize users who do
>> want the short-circuiting behavior when they are not interested
>> in the statistics.
>
>What short-circuit behaviour?
>
>The difference we're talking about is:
>*reg = get_gso_segment_or_nh_len(skb);
>vs.
>if (!skb_is_gso(skb) || get_gso_segment_len(skb) <= priv->len))
> regs->verdict.code = NFT_BREAK;
I was under the impression the discussion had steered on
*reg1 = skb_gso_size_check(skb, skb_gso_validate_network_len(skb, priv->len));
verdict = *reg1 ? NFT_CONTINUE : NFT_BREAK;
vs.
*reg1 = 0;
skb_walk_frags(skb, iter)
*reg1 += seg_len + skb_headlen(iter);
// and leave reg1 for the next nft op (lt/gt/feeding it to a counter/etc.)
