From: Gao feng <gaofeng-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
To: Libo Chen
<clbchenlibo.chen-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>,
Cong Wang
<xiyou.wangcong-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Cc: Simon Horman <horms-/R6kz+dDXgpPR4JQBCEnsQ@public.gmane.org>,
Patrick McHardy <kaber-dcUjhNyLwpNeoWH0uzbU5w@public.gmane.org>,
Linux Kernel Network Developers
<netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
jasowang-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
Serge Hallyn
<serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org>,
pshelar-l0M0P4e3n4LQT0dZR+AlfA@public.gmane.org,
Eric Dumazet <edumazet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
David Miller <davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>,
LKML <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org
Subject: Re: [RFC PATCH net-next 0/4] net_cls for sys container
Date: Mon, 06 Jan 2014 16:42:40 +0800 [thread overview]
Message-ID: <52CA6C80.9060002@cn.fujitsu.com> (raw)
In-Reply-To: <52CA614D.6040702-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
On 01/06/2014 03:54 PM, Libo Chen wrote:
> On 2014/1/3 13:20, Cong Wang wrote:
>> On Thu, Jan 2, 2014 at 7:11 PM, Libo Chen <clbchenlibo.chen-hv44wF8Li93QT0dZR+AlfA@public.gmane.org> wrote:
>>> Hi guys,
>>>
>>> Now, lxc created with veth can not be under control by
>>> cls_cgroup.
>>>
>>> the former discussion:
>>> http://lkml.indiana.edu/hypermail/linux/kernel/1312.1/00214.html
>>>
>>> In short, because cls_cgroup relys classid attached to sock
>>> filter skb, but sock will be cleared inside dev_forward_skb()
>>> in veth_xmit().
>>
>>
>> So what are you trying to achieve here?
>
> sys container using veth can be controlled by cls_cgroup basing on physic network interface
>
It's a problem about virtual nic, not container/net namespace.
If veth device is running in host. the skb is transmitted firstly by veth device and then delivered
by physical device. if you set both qdisc rule on veth and physical device. which qdisc rule will take
effect?
In your patch, both qdisc rule are effective. it looks strange.
WARNING: multiple messages have this Message-ID (diff)
From: Gao feng <gaofeng@cn.fujitsu.com>
To: Libo Chen <clbchenlibo.chen@huawei.com>,
Cong Wang <xiyou.wangcong@gmail.com>
Cc: David Miller <davem@davemloft.net>,
Jamal Hadi Salim <jhs@mojatatu.com>,
Li Zefan <lizefan@huawei.com>, Eric Dumazet <edumazet@google.com>,
pshelar@nicira.com, jasowang@redhat.com,
Simon Horman <horms@verge.net.au>,
Serge Hallyn <serge.hallyn@ubuntu.com>,
Linux Kernel Network Developers <netdev@vger.kernel.org>,
cgroups@vger.kernel.org, containers@lists.linux-foundation.org,
Patrick McHardy <kaber@trash.net>,
xemul@openvz.org, LKML <linux-kernel@vger.kernel.org>
Subject: Re: [RFC PATCH net-next 0/4] net_cls for sys container
Date: Mon, 06 Jan 2014 16:42:40 +0800 [thread overview]
Message-ID: <52CA6C80.9060002@cn.fujitsu.com> (raw)
In-Reply-To: <52CA614D.6040702@huawei.com>
On 01/06/2014 03:54 PM, Libo Chen wrote:
> On 2014/1/3 13:20, Cong Wang wrote:
>> On Thu, Jan 2, 2014 at 7:11 PM, Libo Chen <clbchenlibo.chen@huawei.com> wrote:
>>> Hi guys,
>>>
>>> Now, lxc created with veth can not be under control by
>>> cls_cgroup.
>>>
>>> the former discussion:
>>> http://lkml.indiana.edu/hypermail/linux/kernel/1312.1/00214.html
>>>
>>> In short, because cls_cgroup relys classid attached to sock
>>> filter skb, but sock will be cleared inside dev_forward_skb()
>>> in veth_xmit().
>>
>>
>> So what are you trying to achieve here?
>
> sys container using veth can be controlled by cls_cgroup basing on physic network interface
>
It's a problem about virtual nic, not container/net namespace.
If veth device is running in host. the skb is transmitted firstly by veth device and then delivered
by physical device. if you set both qdisc rule on veth and physical device. which qdisc rule will take
effect?
In your patch, both qdisc rule are effective. it looks strange.
next prev parent reply other threads:[~2014-01-06 8:42 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-03 3:11 [RFC PATCH net-next 0/4] net_cls for sys container Libo Chen
2014-01-03 3:11 ` Libo Chen
2014-01-03 3:11 ` Libo Chen
[not found] ` <52C62A44.4070304-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2014-01-03 5:20 ` Cong Wang
2014-01-03 5:20 ` Cong Wang
[not found] ` <CAM_iQpW0+Ftvk=QBE+0yMNW00VkBee1+yAEmbPkT+zjij9RX-Q-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-01-06 7:54 ` Libo Chen
2014-01-06 7:54 ` Libo Chen
2014-01-06 7:54 ` Libo Chen
2014-01-06 7:54 ` Libo Chen
[not found] ` <52CA614D.6040702-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2014-01-06 8:42 ` Gao feng [this message]
2014-01-06 8:42 ` Gao feng
[not found] ` <52CA6C80.9060002-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2014-01-06 10:06 ` Libo Chen
2014-01-06 10:06 ` Libo Chen
2014-01-06 10:06 ` Libo Chen
[not found] ` <52CA8026.4010106-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2014-01-15 0:50 ` Eric W. Biederman
2014-01-15 0:50 ` Eric W. Biederman
2014-01-15 0:50 ` Eric W. Biederman
2014-01-03 5:20 ` Cong Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52CA6C80.9060002@cn.fujitsu.com \
--to=gaofeng-bthxqxjhjhxqfuhtdcdx3a@public.gmane.org \
--cc=cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=clbchenlibo.chen-hv44wF8Li93QT0dZR+AlfA@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org \
--cc=edumazet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=horms-/R6kz+dDXgpPR4JQBCEnsQ@public.gmane.org \
--cc=jasowang-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=kaber-dcUjhNyLwpNeoWH0uzbU5w@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=pshelar-l0M0P4e3n4LQT0dZR+AlfA@public.gmane.org \
--cc=serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org \
--cc=xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
--cc=xiyou.wangcong-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.