Hello everyone,
I've noticed that it's not possible to modify packets via netfilter-ebpf
right now. I'm curious if this is by design.
Currently, I've observed some issues, such as:
1. The dynptr obtained through bpf_dynptr_from_skb in the netfilter-ebpf
prog is read-only.
2. In addition to modification, applications may also need to delete or
append some data in the skb, which dynptr_write cannot meet.
3. Modifying packets involves recalculating csum, or updating
transparent header, etc.
4. The BPF_PROG_TYPE_SCHED_ACT provides a large number of helpers that
can meet various packet modification scenarios. However, due to arg_type
type checks(ARG_PTR_TO_CTX), we cannot use them directly in netfilter yet.
Looking forward to any feedback.
Best wishes,
D. Wythe
