From: Libo Chen <clbchenlibo.chen@huawei.com>
To: David Miller <davem@davemloft.net>, <kaber@trash.net>,
<xemul@openvz.org>, Serge Hallyn <serge.hallyn@canonical.com>,
<ebiederm@xmission.com>
Cc: <edumazet@google.com>, <fbl@redhat.com>, <ebiederm@xmission.com>,
<jeff@garzik.org>, <edumazet@google.com>, <peterz@infradead.org>,
<honkiko@gmail.com>, <netdev@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
Li Zefan <lizefan@huawei.com>,
"zhangwei(Jovi)" <jovi.zhangwei@huawei.com>,
Huang Qiang <h.huangqiang@huawei.com>,
Wengmeiling <wengmeiling.weng@huawei.com>
Subject: cgroup filter on physics interface can't container
Date: Mon, 9 Dec 2013 10:32:31 +0800 [thread overview]
Message-ID: <52A52BBF.6030105@huawei.com> (raw)
hello network hackers,
A linux container was builded with veth pair(veth0 inside container, veth1 outside container),
the config as below:
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0 // base on eth0
lxc.network.name = eth0
lxc.network.ipv4 = 128.5.130.26/24
then I use tc command with cgroup filter on veth0, it works well. But when setting on eth0, it doesn`t work.
The reason is dev_forward_skb() in veth_xmit will call skb_scrub_packet and clean all information including skb->sk
in the skb, so if cls_cgroup_classify is working in serving softirq state, it will return failer, see below:
if (in_serving_softirq()) {
/* If there is an sk_classid we'll use that. */
if (!skb->sk)
return -1;
classid = skb->sk->sk_classid;
}
Qdisc with cgroup filter on physics interface can not control a container network, it is disappointed.
we can save sk_classid before skb_scrub_packet and restore it after that. Is it reasonable? or any way to achieve this?
thanks,
Libo
next reply other threads:[~2013-12-09 2:41 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-09 2:32 Libo Chen [this message]
[not found] ` <52A52BBF.6030105-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-12-12 12:18 ` cgroup filter on physics interface can't control container Libo Chen
2013-12-12 12:18 ` Libo Chen
2013-12-12 12:18 ` Libo Chen
[not found] ` <52A9A97F.20902-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-12-18 9:12 ` Libo Chen
2013-12-18 9:12 ` Libo Chen
2013-12-18 9:12 ` Libo Chen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52A52BBF.6030105@huawei.com \
--to=clbchenlibo.chen@huawei.com \
--cc=davem@davemloft.net \
--cc=ebiederm@xmission.com \
--cc=edumazet@google.com \
--cc=fbl@redhat.com \
--cc=h.huangqiang@huawei.com \
--cc=honkiko@gmail.com \
--cc=jeff@garzik.org \
--cc=jovi.zhangwei@huawei.com \
--cc=kaber@trash.net \
--cc=linux-kernel@vger.kernel.org \
--cc=lizefan@huawei.com \
--cc=netdev@vger.kernel.org \
--cc=peterz@infradead.org \
--cc=serge.hallyn@canonical.com \
--cc=wengmeiling.weng@huawei.com \
--cc=xemul@openvz.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.