Daniel Xu <dxu@xxxxxxxxx> writes: > Support direct writes to nf_conn:mark from TC and XDP prog types. This > is useful when applications want to store per-connection metadata. This > is also particularly useful for applications that run both bpf and > iptables/nftables because the latter can trivially access this metadata. > > One example use case would be if a bpf prog is responsible for advanced > packet classification and iptables/nftables is later used for routing > due to pre-existing/legacy code. > > Signed-off-by: Daniel Xu <dxu@xxxxxxxxx> Didn't we agree the last time around that all field access should be using helper kfuncs instead of allowing direct writes to struct nf_conn? -Toke
