Re: [PATCH v4 net-next 2/2] tc: add 'needs_l2' flag to ingress qdisc

public inbox for netdev@vger.kernel.org 
 help / color / mirror / Atom feed

From: Jamal Hadi Salim <jhs@mojatatu•com>
To: Alexei Starovoitov <ast@plumgrid•com>,
	"David S. Miller" <davem@davemloft•net>
Cc: Eric Dumazet <edumazet@google•com>,
	Daniel Borkmann <daniel@iogearbox•net>,
	Thomas Graf <tgraf@suug•ch>, Jiri Pirko <jiri@resnulli•us>,
	netdev@vger•kernel.org
Subject: Re: [PATCH v4 net-next 2/2] tc: add 'needs_l2' flag to ingress qdisc
Date: Mon, 13 Apr 2015 10:16:01 -0400	[thread overview]
Message-ID: <552BCFA1.7020502@mojatatu.com> (raw)
In-Reply-To: <1428708792-5872-2-git-send-email-ast@plumgrid.com>

On 04/10/15 19:33, Alexei Starovoitov wrote:
> TC classifers and actions attached to ingress and egress qdiscs see
> inconsistent skb->data. For ingress L2 header is already pulled, whereas
> for egress it's present. Introduce an optional flag for ingress qdisc
> which if set will cause ingress to push L2 header before calling
> into classifiers/actions and pull L2 back afterwards.
>
> The cls_bpf/act_bpf are now marked as 'needs_l2'. The users can use them
> on ingress qdisc created with 'needs_l2' flag and on any egress qdisc.
> The use of them with vanilla ingress is disallowed.
>
> The ingress_l2 qdisc can only be attached to devices that provide headers_ops.
>
> When ingress is not enabled static_key avoids *(skb->dev->ingress_queue)
>
> When ingress is enabled the difference old vs new to reach qdisc spinlock:
> old:
> *(skb->dev->ingress_queue), if, *(rxq->qdisc), if, *(rxq->qdisc), if
> new:
> *(skb->dev->ingress_queue), if, *(rxq->qdisc), if, if
>
> This patch provides a foundation to use ingress_l2+cls_bpf to filter
> interesting traffic and mirror small part of it to a different netdev for
> capturing. This approach is significantly faster than traditional af_packet,
> since skb_clone is called after filtering. dhclient and other tap-based tools
> may consider switching to this style.
>

Alexei,
I want to support this work but i am having difficulties. I see your
point as i hope you see mine. In my opinion, it is a stalemate.
We need Dave to make the call.

To repeat what i said earlier:
The only known user at this point is bpf. cls_bpf and cls_act could both
look at the AT field, find where they are being invoked from and react
accordingly. This is not very hard for a coder to do and the user
injecting the policy doesnt need to know about it.
If you do that then i think you need to also inform users downstream
from bpf that they should expect to see the packet at the Link header
and not the network header.


cheers,
jamal

PS:- note that __netif_receive_skb_core() at the beginning is what sets 
all these headers.

next prev parent reply	other threads:[~2015-04-13 14:16 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-04-10 23:33 [PATCH v4 net-next 1/2] net: introduce skb_postpush_rcsum() helper Alexei Starovoitov
2015-04-10 23:33 ` [PATCH v4 net-next 2/2] tc: add 'needs_l2' flag to ingress qdisc Alexei Starovoitov
2015-04-11  6:46   ` Daniel Borkmann
2015-04-13 14:16   ` Jamal Hadi Salim [this message]
2015-04-13 17:37     ` Alexei Starovoitov
2015-04-11  6:40 ` [PATCH v4 net-next 1/2] net: introduce skb_postpush_rcsum() helper Daniel Borkmann
  -- strict thread matches above, loose matches on Subject: below --
2015-04-11  0:45 [PATCH v4 net-next 2/2] tc: add 'needs_l2' flag to ingress qdisc Cong Wang
2015-04-11  1:39 ` Alexei Starovoitov
2015-04-11  6:53 ` Daniel Borkmann
2015-04-13 22:44   ` Cong Wang
2015-04-14  0:57     ` Alexei Starovoitov
2015-04-14 18:05       ` David Miller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=552BCFA1.7020502@mojatatu.com \
    --to=jhs@mojatatu$(echo .)com \
    --cc=ast@plumgrid$(echo .)com \
    --cc=daniel@iogearbox$(echo .)net \
    --cc=davem@davemloft$(echo .)net \
    --cc=edumazet@google$(echo .)com \
    --cc=jiri@resnulli$(echo .)us \
    --cc=netdev@vger$(echo .)kernel.org \
    --cc=tgraf@suug$(echo .)ch \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox