Re: [PATCH] Add tcindex to conntrack and add netfilter target/matches

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Florian Westphal <fw@strlen.de>
To: Luuk Paulussen <Luuk.Paulussen@alliedtelesis.co.nz>
Cc: "netfilter-devel@vger.kernel.org" <netfilter-devel@vger.kernel.org>
Subject: Re: [PATCH] Add tcindex to conntrack and add netfilter target/matches
Date: Sun, 6 Dec 2015 23:45:22 +0100	[thread overview]
Message-ID: <20151206224522.GA27161@breakpoint.cc> (raw)
In-Reply-To: <5664B698.8040904@alliedtelesis.co.nz>

Luuk Paulussen <Luuk.Paulussen@alliedtelesis.co.nz> wrote:
> Hi All,
> 
> I'm still hoping for some feedback on this.  I have some userspace 
> patches around this as well, (to set/show the tc_index in the 
> connection, and to add the marking/matching rules in iptables), but I am 
> holding off on sending them until I know what people think of this 
> idea/implementation first.

I can't say for sure since I don't know enough about tc.

However, AFAICS tc_index seems to be something that should be internal
to tc and not exposed/changeable via iptables.

> Basically it allows 16 bits of marking in skb and connmark for traffic
> control purposes using an existing field in the skb.

Why not extend cls_flow to allow matching ctmark directly via tc
filters instead of requiring conntrack->foo copy to skb->foo?

We also have -j CLASSIFY to set skb->priority and at least cls_flow
seems to be able to match on that (did not test it).

next prev parent reply	other threads:[~2015-12-06 22:45 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-12-03 21:59 Support marking/matching tc_index in netfilter Luuk Paulussen
2015-12-03 21:59 ` [PATCH] Add tcindex to conntrack and add netfilter target/matches Luuk Paulussen
2015-12-06 22:28   ` Luuk Paulussen
2015-12-06 22:45     ` Florian Westphal [this message]
2015-12-07  2:19       ` Luuk Paulussen
2015-12-07  3:05         ` Florian Westphal
2015-12-07  4:24           ` Luuk Paulussen
2015-12-09  9:07         ` Daniel Borkmann
2015-12-13 23:00           ` Luuk Paulussen
2015-12-14  9:50             ` Daniel Borkmann
  -- strict thread matches above, loose matches on Subject: below --
2015-12-16  0:20 Luuk Paulussen
2015-12-16  0:20 ` [PATCH] " Luuk Paulussen
2015-12-17  5:21   ` kbuild test robot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20151206224522.GA27161@breakpoint.cc \
    --to=fw@strlen.de \
    --cc=Luuk.Paulussen@alliedtelesis.co.nz \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.