From: Dan Siemon <dan@coverfire.com>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: netdev <netdev@vger.kernel.org>
Subject: Re: [PATCH] cls_flow: Add tunnel support to the flow classifier
Date: Sun, 23 Oct 2011 21:21:26 -0400 [thread overview]
Message-ID: <1319419287.20602.21.camel@ganymede> (raw)
In-Reply-To: <1318833623.2500.45.camel@edumazet-laptop>
[-- Attachment #1: Type: text/plain, Size: 2039 bytes --]
On Mon, 2011-10-17 at 08:40 +0200, Eric Dumazet wrote:
> Le dimanche 16 octobre 2011 à 19:06 -0400, Dan Siemon a écrit :
> > When used on an interface carrying tunneled traffic the flow classifier
> > can't look into the tunnels so all of the traffic within the tunnel is
> > treated as a single flow. This does not allow any type of intelligent
> > queuing to occur. This patch adds new keys to the flow classifier which
> > look inside the tunnel. Presently IP-IP, IP-IPv6, IPv6-IPv6 and IPv6-IP
> > tunnels are supported.
> >
> > If you are interested I have posted some background and experimental
> > results at:
> > http://www.coverfire.com/archives/2011/10/16/making-the-linux-flow-classifier-tunnel-aware/
> >
> > The related iproute2 patch can be found at the above URL as well.
> >
> > Signed-off-by: Dan Siemon <dan@coverfire.com>
> >
>
> Hi Dan
>
> You're adding a lot of code (omitting the diffstat :( ) for a specific
> usage, yet GRE tunnels are not supported.
Thanks for the review.
Are you arguing this use case isn't worth addressing or that there is a
more efficient way to implement this with less code?
> IPv6 part is also a bit limited : It assumes TCP/UDP headers are the
> first ones. Maybe its time to use ipv6_skip_exthdr() ?
I noticed this too but the existing src-proto and dst-proto don't handle
this case either. Maybe I can look into fixing those as well.
> Note also that if we pull (with pskb_network_may_pull()) too many bytes,
> we kill routing performance on paged frags devices, wich are now
> becoming very common.
I don't know what paged frag devices means but I trust you are correct :)
The existing keys also use pskb_network_may_pull(). Should they be changed as well?
> Adding tunnel support and deep packet inspection might require the use
> of skb_header_pointer() wich does the copy of needed data without
> requiring expensive reallocation of skb head.
I'll look into this but it may be a while before I have an updated
patch.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
next prev parent reply other threads:[~2011-10-24 1:21 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-16 23:06 [PATCH] cls_flow: Add tunnel support to the flow classifier Dan Siemon
2011-10-17 6:40 ` Eric Dumazet
2011-10-24 1:21 ` Dan Siemon [this message]
2011-10-24 3:14 ` Eric Dumazet
2011-10-24 3:59 ` Eric Dumazet
2011-10-24 22:36 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1319419287.20602.21.camel@ganymede \
--to=dan@coverfire.com \
--cc=eric.dumazet@gmail.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.