From: Jiri Pirko <jiri@resnulli.us>
To: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Cc: netdev@vger.kernel.org, roopa@cumulusnetworks.com,
dsa@cumulusnetworks.com, xiyou.wangcong@gmail.com,
jhs@mojatatu.com
Subject: Re: [RFC net-next] net: sch_clsact: add support for global per-netns classifier mode
Date: Tue, 5 Sep 2017 16:23:30 +0200 [thread overview]
Message-ID: <20170905142330.GC7936@nanopsycho> (raw)
In-Reply-To: <20170905140750.GB7936@nanopsycho>
Tue, Sep 05, 2017 at 04:07:51PM CEST, jiri@resnulli.us wrote:
>Tue, Sep 05, 2017 at 02:48:21PM CEST, nikolay@cumulusnetworks.com wrote:
>>Hi all,
>>This RFC adds a new mode for clsact which designates a device's egress
>>classifier as global per netns. The packets that are not classified for
>>a particular device will be classified using the global classifier.
>>We have needed a global classifier for some time now for various
>>purposes and setting the single bridge or loopback/vrf device as the
>>global classifier device is acceptable for us. Doing it this way avoids
>>the act/cls device and queue dependencies.
>>
>>This is strictly an RFC patch just to show the intent, if we agree on
>>the details the proposed patch will have support for both ingress and
>>egress, and will be using a static key to avoid the fast path test when no
>>global classifier has been configured.
>>
>>Example (need a modified tc that adds TCA_OPTIONS when using q_clsact):
>>$ tc qdisc add dev lo clsact global
>>$ tc filter add dev lo egress protocol ip u32 match ip dst 4.3.2.1/32 action drop
>>
>>the last filter will be global for all devices that don't have a
>>specific egress_cl_list (i.e. have clsact configured).
>>
>>Any comments and thoughts would be greatly appreciated.
For the record, I think this "global" thing is a hack similar to
cls_u32 shared hashlists.
>
>Did you see my shared blocks work? I believe that it should resolve your
>usecase, in a generic way. You just have to bind the devices you need to
>the shared block. Please see the RFC:
>
>https://www.spinics.net/lists/netdev/msg444067.html
next prev parent reply other threads:[~2017-09-05 14:23 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-05 12:48 [RFC net-next] net: sch_clsact: add support for global per-netns classifier mode Nikolay Aleksandrov
2017-09-05 14:07 ` Jiri Pirko
2017-09-05 14:23 ` Jiri Pirko [this message]
2017-09-05 15:17 ` Roopa Prabhu
2017-09-05 18:18 ` Cong Wang
2017-09-05 18:25 ` Nikolay Aleksandrov
2017-09-05 22:01 ` Roopa Prabhu
2017-09-05 22:25 ` Jamal Hadi Salim
2017-09-06 4:09 ` Roopa Prabhu
2017-09-05 22:45 ` Daniel Borkmann
2017-09-05 23:12 ` Daniel Borkmann
2017-09-06 4:04 ` Roopa Prabhu
2017-09-06 7:24 ` Jiri Pirko
2017-09-06 14:19 ` Roopa Prabhu
2017-09-06 10:14 ` Nikolay Aleksandrov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170905142330.GC7936@nanopsycho \
--to=jiri@resnulli.us \
--cc=dsa@cumulusnetworks.com \
--cc=jhs@mojatatu.com \
--cc=netdev@vger.kernel.org \
--cc=nikolay@cumulusnetworks.com \
--cc=roopa@cumulusnetworks.com \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.