Toke Høiland-Jørgensen <toke@xxxxxxxxxx> wrote: > > Support direct writes to nf_conn:mark from TC and XDP prog types. This > > is useful when applications want to store per-connection metadata. This > > is also particularly useful for applications that run both bpf and > > iptables/nftables because the latter can trivially access this metadata. > > > > One example use case would be if a bpf prog is responsible for advanced > > packet classification and iptables/nftables is later used for routing > > due to pre-existing/legacy code. > > > > Signed-off-by: Daniel Xu <dxu@xxxxxxxxx> > > Didn't we agree the last time around that all field access should be > using helper kfuncs instead of allowing direct writes to struct nf_conn? I don't see why ct->mark needs special handling. It might be possible we need to change accesses on nf/tc side to use READ/WRITE_ONCE though.
