From: Daniel Borkmann <daniel@iogearbox.net>
To: Luuk Paulussen <Luuk.Paulussen@alliedtelesis.co.nz>,
Florian Westphal <fw@strlen.de>
Cc: "netfilter-devel@vger.kernel.org" <netfilter-devel@vger.kernel.org>
Subject: Re: [PATCH] Add tcindex to conntrack and add netfilter target/matches
Date: Wed, 09 Dec 2015 10:07:21 +0100 [thread overview]
Message-ID: <5667EF49.8060707@iogearbox.net> (raw)
In-Reply-To: <5664ECCC.1030104@alliedtelesis.co.nz>
On 12/07/2015 03:19 AM, Luuk Paulussen wrote:
> On 12/07/2015 11:45 AM, Florian Westphal wrote:
>> Luuk Paulussen <Luuk.Paulussen@alliedtelesis.co.nz> wrote:
>>> Hi All,
>>>
>>> I'm still hoping for some feedback on this. I have some userspace
>>> patches around this as well, (to set/show the tc_index in the
>>> connection, and to add the marking/matching rules in iptables), but I am
>>> holding off on sending them until I know what people think of this
>>> idea/implementation first.
>> I can't say for sure since I don't know enough about tc.
>>
>> However, AFAICS tc_index seems to be something that should be internal
>> to tc and not exposed/changeable via iptables.
> tc_index is a mark that can be set by certain configurable ingress
> schedulers (dsmark, GRED, ingress) for later classification via the
> tcindex classifer. This just adds an alternative mechanism for setting
> this mark if those schedulers aren't being used.
Fwiw, tc_index can be read/written by cls_bpf (and you can also apply masks
on that field if needed).
> * dsmark sets the tc_index value based on the incoming DSCP value
> * ingress sets the tc_index value based on other rules (e.g. mark set
> via iptables)
> * New code sets tc_index directly based on iptables classification or
> restoring saved value.
next prev parent reply other threads:[~2015-12-09 9:07 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-03 21:59 Support marking/matching tc_index in netfilter Luuk Paulussen
2015-12-03 21:59 ` [PATCH] Add tcindex to conntrack and add netfilter target/matches Luuk Paulussen
2015-12-06 22:28 ` Luuk Paulussen
2015-12-06 22:45 ` Florian Westphal
2015-12-07 2:19 ` Luuk Paulussen
2015-12-07 3:05 ` Florian Westphal
2015-12-07 4:24 ` Luuk Paulussen
2015-12-09 9:07 ` Daniel Borkmann [this message]
2015-12-13 23:00 ` Luuk Paulussen
2015-12-14 9:50 ` Daniel Borkmann
-- strict thread matches above, loose matches on Subject: below --
2015-12-16 0:20 Luuk Paulussen
2015-12-16 0:20 ` [PATCH] " Luuk Paulussen
2015-12-17 5:21 ` kbuild test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5667EF49.8060707@iogearbox.net \
--to=daniel@iogearbox.net \
--cc=Luuk.Paulussen@alliedtelesis.co.nz \
--cc=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.