From: Libo Chen <clbchenlibo.chen-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
To: David Miller <davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>,
kaber-dcUjhNyLwpNeoWH0uzbU5w@public.gmane.org,
xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org,
Serge Hallyn
<serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>,
herbert-lOAM2aK0SrRLBo1qDEOMRrpzq4S04n8Q@public.gmane.org
Cc: jeff-o2qLIJkoznsdnm+yROfE0A@public.gmane.org,
netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
daniel.wagner-98C5kh4wR6ohFhg+JK9F0w@public.gmane.org,
LKML <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
honkiko-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
edumazet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org,
ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org,
cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
fbl-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
nhorman-2XuSBdqkA4R54TAoqtyWWQ@public.gmane.org,
"zhangwei(Jovi)"
<jovi.zhangwei-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
Subject: Re: cgroup filter on physics interface can't control container
Date: Wed, 18 Dec 2013 17:12:13 +0800 [thread overview]
Message-ID: <52B166ED.7020508@huawei.com> (raw)
In-Reply-To: <52A9A97F.20902-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
hello guys,
I said before "we can save sk_classid before skb_scrub_packet and
restore it after that" since skb->sk had been freed in
skb_scrub_packet(), so it is not reasonable. yes?
I have another idea.
commit:f84517253(cls_cgroup: Store classid in struct sock) introduces
sk_classid and put it in skb->sk pointer. can we put sk_classid form
struct sock to struct sk_buff? then sk_classid will not be affected
by dev_forward_skb()->skb_scrub_packet() ?
any comment are welcome!
thanks,
Libo
On 2013/12/12 20:18, Libo Chen wrote:
> ping...
>
> On 2013/12/9 10:32, Libo Chen wrote:
>> hello network hackers,
>>
>> A linux container was builded with veth pair(veth0 inside container, veth1 outside container),
>>
>> the config as below:
>>
>> lxc.network.type = veth
>> lxc.network.flags = up
>> lxc.network.link = br0 // base on eth0
>> lxc.network.name = eth0
>> lxc.network.ipv4 = 128.5.130.26/24
>>
>> then I use tc command with cgroup filter on veth0, it works well. But when setting on eth0, it doesn`t work.
>>
>> The reason is dev_forward_skb() in veth_xmit will call skb_scrub_packet and clean all information including skb->sk
>> in the skb, so if cls_cgroup_classify is working in serving softirq state, it will return failer, see below:
>>
>> if (in_serving_softirq()) {
>> /* If there is an sk_classid we'll use that. */
>> if (!skb->sk)
>> return -1;
>> classid = skb->sk->sk_classid;
>> }
>>
>>
>> Qdisc with cgroup filter on physics interface can not control a container network, it is disappointed.
>>
>> we can save sk_classid before skb_scrub_packet and restore it after that. Is it reasonable? or any way to achieve this?
>>
>> thanks,
>> Libo
>>
>
WARNING: multiple messages have this Message-ID (diff)
From: Libo Chen <clbchenlibo.chen@huawei.com>
To: David Miller <davem@davemloft.net>, <kaber@trash.net>,
<xemul@openvz.org>, Serge Hallyn <serge.hallyn@canonical.com>,
<ebiederm@xmission.com>, <herbert@gondor.apana.org.au>
Cc: <edumazet@google.com>, <fbl@redhat.com>, <ebiederm@xmission.com>,
<jeff@garzik.org>, <peterz@infradead.org>, <honkiko@gmail.com>,
<netdev@vger.kernel.org>, LKML <linux-kernel@vger.kernel.org>,
Li Zefan <lizefan@huawei.com>,
"zhangwei(Jovi)" <jovi.zhangwei@huawei.com>,
"Huang Qiang" <h.huangqiang@huawei.com>,
Wengmeiling <wengmeiling.weng@huawei.com>,
<containers@lists.linux-foundation.org>,
<cgroups@vger.kernel.org>, <daniel.wagner@bmw-carit.de>,
<nhorman@tuxdriver.com>
Subject: Re: cgroup filter on physics interface can't control container
Date: Wed, 18 Dec 2013 17:12:13 +0800 [thread overview]
Message-ID: <52B166ED.7020508@huawei.com> (raw)
In-Reply-To: <52A9A97F.20902@huawei.com>
hello guys,
I said before "we can save sk_classid before skb_scrub_packet and
restore it after that" since skb->sk had been freed in
skb_scrub_packet(), so it is not reasonable. yes?
I have another idea.
commit:f84517253(cls_cgroup: Store classid in struct sock) introduces
sk_classid and put it in skb->sk pointer. can we put sk_classid form
struct sock to struct sk_buff? then sk_classid will not be affected
by dev_forward_skb()->skb_scrub_packet() ?
any comment are welcome!
thanks,
Libo
On 2013/12/12 20:18, Libo Chen wrote:
> ping...
>
> On 2013/12/9 10:32, Libo Chen wrote:
>> hello network hackers,
>>
>> A linux container was builded with veth pair(veth0 inside container, veth1 outside container),
>>
>> the config as below:
>>
>> lxc.network.type = veth
>> lxc.network.flags = up
>> lxc.network.link = br0 // base on eth0
>> lxc.network.name = eth0
>> lxc.network.ipv4 = 128.5.130.26/24
>>
>> then I use tc command with cgroup filter on veth0, it works well. But when setting on eth0, it doesn`t work.
>>
>> The reason is dev_forward_skb() in veth_xmit will call skb_scrub_packet and clean all information including skb->sk
>> in the skb, so if cls_cgroup_classify is working in serving softirq state, it will return failer, see below:
>>
>> if (in_serving_softirq()) {
>> /* If there is an sk_classid we'll use that. */
>> if (!skb->sk)
>> return -1;
>> classid = skb->sk->sk_classid;
>> }
>>
>>
>> Qdisc with cgroup filter on physics interface can not control a container network, it is disappointed.
>>
>> we can save sk_classid before skb_scrub_packet and restore it after that. Is it reasonable? or any way to achieve this?
>>
>> thanks,
>> Libo
>>
>
WARNING: multiple messages have this Message-ID (diff)
From: Libo Chen <clbchenlibo.chen-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
To: David Miller <davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>,
<kaber-dcUjhNyLwpNeoWH0uzbU5w@public.gmane.org>,
<xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>,
Serge Hallyn
<serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>,
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>,
<herbert-lOAM2aK0SrRLBo1qDEOMRrpzq4S04n8Q@public.gmane.org>
Cc: jeff-o2qLIJkoznsdnm+yROfE0A@public.gmane.org,
netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
daniel.wagner-98C5kh4wR6ohFhg+JK9F0w@public.gmane.org,
LKML <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
honkiko-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
edumazet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org,
ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org,
cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
fbl-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
nhorman-2XuSBdqkA4R54TAoqtyWWQ@public.gmane.org,
"zhangwei\(Jovi\)"
<jovi.zhangwei-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
Subject: Re: cgroup filter on physics interface can't control container
Date: Wed, 18 Dec 2013 17:12:13 +0800 [thread overview]
Message-ID: <52B166ED.7020508@huawei.com> (raw)
In-Reply-To: <52A9A97F.20902-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
hello guys,
I said before "we can save sk_classid before skb_scrub_packet and
restore it after that" since skb->sk had been freed in
skb_scrub_packet(), so it is not reasonable. yes?
I have another idea.
commit:f84517253(cls_cgroup: Store classid in struct sock) introduces
sk_classid and put it in skb->sk pointer. can we put sk_classid form
struct sock to struct sk_buff? then sk_classid will not be affected
by dev_forward_skb()->skb_scrub_packet() ?
any comment are welcome!
thanks,
Libo
On 2013/12/12 20:18, Libo Chen wrote:
> ping...
>
> On 2013/12/9 10:32, Libo Chen wrote:
>> hello network hackers,
>>
>> A linux container was builded with veth pair(veth0 inside container, veth1 outside container),
>>
>> the config as below:
>>
>> lxc.network.type = veth
>> lxc.network.flags = up
>> lxc.network.link = br0 // base on eth0
>> lxc.network.name = eth0
>> lxc.network.ipv4 = 128.5.130.26/24
>>
>> then I use tc command with cgroup filter on veth0, it works well. But when setting on eth0, it doesn`t work.
>>
>> The reason is dev_forward_skb() in veth_xmit will call skb_scrub_packet and clean all information including skb->sk
>> in the skb, so if cls_cgroup_classify is working in serving softirq state, it will return failer, see below:
>>
>> if (in_serving_softirq()) {
>> /* If there is an sk_classid we'll use that. */
>> if (!skb->sk)
>> return -1;
>> classid = skb->sk->sk_classid;
>> }
>>
>>
>> Qdisc with cgroup filter on physics interface can not control a container network, it is disappointed.
>>
>> we can save sk_classid before skb_scrub_packet and restore it after that. Is it reasonable? or any way to achieve this?
>>
>> thanks,
>> Libo
>>
>
next prev parent reply other threads:[~2013-12-18 9:12 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-09 2:32 cgroup filter on physics interface can't container Libo Chen
[not found] ` <52A52BBF.6030105-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-12-12 12:18 ` cgroup filter on physics interface can't control container Libo Chen
2013-12-12 12:18 ` Libo Chen
2013-12-12 12:18 ` Libo Chen
[not found] ` <52A9A97F.20902-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-12-18 9:12 ` Libo Chen [this message]
2013-12-18 9:12 ` Libo Chen
2013-12-18 9:12 ` Libo Chen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52B166ED.7020508@huawei.com \
--to=clbchenlibo.chen-hv44wf8li93qt0dzr+alfa@public.gmane.org \
--cc=cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=daniel.wagner-98C5kh4wR6ohFhg+JK9F0w@public.gmane.org \
--cc=davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=edumazet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=fbl-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=herbert-lOAM2aK0SrRLBo1qDEOMRrpzq4S04n8Q@public.gmane.org \
--cc=honkiko-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=jeff-o2qLIJkoznsdnm+yROfE0A@public.gmane.org \
--cc=jovi.zhangwei-hv44wF8Li93QT0dZR+AlfA@public.gmane.org \
--cc=kaber-dcUjhNyLwpNeoWH0uzbU5w@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=nhorman-2XuSBdqkA4R54TAoqtyWWQ@public.gmane.org \
--cc=serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org \
--cc=xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.