Lorenzo Bianconi <lorenzo@xxxxxxxxxx> wrote:
> thx for working on this, I tested this patch with the flowtable lookup kfunc
> I am working on (code is available here [0]) and it works properly.
Thanks!
> >
> > Do we need to support dev-in-multiple flowtables? I would like to
> > avoid this, this likely means the future "xdp" flag in nftables would
> > be restricted to "inet" family. Alternative would be to change the key to
> > 'device address plus protocol family', the xdp prog could derive that from the
> > packet data.
> >
> > Timeout handling. Should the XDP program even bother to refresh the
> > flowtable timeout?
>
> I was assuming the flowtable lookup kfunc can take care of it.
I'm worried about stale neigh cache, resp. making sure that it
gets renewed.
> > +struct nf_flowtable *nf_flowtable_by_dev(const struct net_device *dev)
> > +{
>
> I think this routine needs to be added to some include file (e.g.
> include/net/netfilter/nf_flow_table.h)
Right.
