Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > The work queue for hw offload (or ndo ops) are not used. > > OK, but is it possible to combine this XDP approach with hardware > offload? Yes. We could disallow it if you prefer. Ordering is, for ingress packet processing: HW -> XDP -> nf flowtable -> classic forward path instead of: HW -> nf flowtable -> classic forward path For the existing design. > > If the xdp program can't handle it packet will be pushed up the stack, > > i.e. nf ingress hook will handle it next. > > Then, only very simple scenarios will benefit from this acceleration. Yes. I don't see a reason to worry about more complex things right now. E.g. PPPoE encap can be added later. Or do you think this has to be added right from the very beginning? I hope not. > > > My understand is that XDP is all about programmibility, if user > > > decides to go for XDP then simply fully implement the fast path is the > > > XDP framework? I know of software already does so and they are > > > perfectly fine with this approach. > > > > I don't understand, you mean no integration at all? > > I mean, fully implement a fastpath in XDP/BPF using the datastructures > that it provides. I think its very bad for netfilter.
