diff options
| author |  Daniel Xu <dxu@dxuuu.xyz>
| 2022-09-07 10:40:40 -0600 |
|---|---|---|
| committer |  Alexei Starovoitov <ast@kernel.org>
| 2022-09-10 17:27:32 -0700 |
| commit | 864b656f82ccd433d3e38149c3673d295ad64bf6 (patch) | |
| tree | 1c4c3a628e740c3657756f4b8bc7c440bd948c84 /net/netfilter/nf_conntrack_core.c | |
| parent | bpf: Export btf_type_by_id() and bpf_log() (diff) | |
| download | linux-864b656f82ccd433d3e38149c3673d295ad64bf6.tar.gz linux-864b656f82ccd433d3e38149c3673d295ad64bf6.tar.bz2 linux-864b656f82ccd433d3e38149c3673d295ad64bf6.zip | |
bpf: Add support for writing to nf_conn:mark
Support direct writes to nf_conn:mark from TC and XDP prog types. This
is useful when applications want to store per-connection metadata. This
is also particularly useful for applications that run both bpf and
iptables/nftables because the latter can trivially access this metadata.
One example use case would be if a bpf prog is responsible for advanced
packet classification and iptables/nftables is later used for routing
due to pre-existing/legacy code.
Signed-off-by: Daniel Xu <dxu@dxuuu.xyz>
Link: https://lore.kernel.org/r/ebca06dea366e3e7e861c12f375a548cc4c61108.1662568410.git.dxu@dxuuu.xyz
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Diffstat (limited to 'net/netfilter/nf_conntrack_core.c')
| -rw-r--r-- | net/netfilter/nf_conntrack_core.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index da65c6e8eeeb..0195f60fc43b 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c @@ -2512,6 +2512,7 @@ static int kill_all(struct nf_conn *i, void *data) void nf_conntrack_cleanup_start(void) { + cleanup_nf_conntrack_bpf(); conntrack_gc_work.exiting = true; } |