From mboxrd@z Thu Jan  1 00:00:00 1970
From: Liran Alon <liran.alon@oracle.com>
Subject: Re: [PATCH] net: dev_forward_skb(): Scrub packet's per-netns info
 only when crossing netns
Date: Thu, 15 Mar 2018 10:14:01 -0700 (PDT)
Message-ID: <0d84d286-9965-45cb-93c8-379ca1b2441e@default>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: <netdev@vger.kernel.org>, <mrv@mojatatu.com>,
        <daniel@iogearbox.net>, <davem@davemloft.net>,
        <linux-kernel@vger.kernel.org>, <yuval.shaia@oracle.com>,
        <idan.brown@oracle.com>
To: <shmulik.ladkani@gmail.com>
Return-path: <linux-kernel-owner@vger.kernel.org>
Content-Disposition: inline
Sender: linux-kernel-owner@vger.kernel.org
List-Id: netdev.vger.kernel.org


----- shmulik.ladkani@gmail.com wrote:

> On Thu, 15 Mar 2018 09:35:51 -0700 (PDT) Liran Alon
> <liran.alon@oracle.com> wrote:
> > ----- shmulik.ladkani@gmail.com wrote:
> >=20
> > > On Thu, 15 Mar 2018 08:01:03 -0700 (PDT) Liran Alon
> > > <liran.alon@oracle.com> wrote: =20
> > > >=20
> > > > I still think that default behavior should be to zero skb->mark
> only =20
> > > when skb =20
> > > > cross netdevs in different netns. =20
> > >=20
> > > But the previous default was scrub the mark in *both* xnet and
> > > non-xnet
> > > situations.
> > >=20
> > > Therefore, there might be users which RELY on this (strange)
> default
> > > behavior in their same-netns-veth-pair setups.
> > > Meaning, changing the default behavior might break their apps
> relying
> > > on
> > > the former default behavior.
> > >=20
> > > This is why the "disable mark scrubbing in non-xnet case" should
> be
> > > opt-in. =20
> >=20
> > We think the same.
> > The only difference is that I think this for now should be
> controllable
> > by a global /proc/sys/net/core file instead of giving a flexible
> per-netdev
> > control.
> > Because that is a larger change that could be done later.
>=20
> A flags attribute to veth newlink is a very scoped change.
> User controls this per veth creation.
> This is way more neat than /proc/sys/net and provides the desired
> granular
> control.
>=20
> Also, scoping this to veth has the advantage of not affecting the many
> other
> dev_forward_skb callers.

Agreed. But isn't this an issue also for the
many others (& future) callers of dev_forward_skb()?
This seems problematic to me.

This will kinda leave a kernel interface with broken default behavior
for backwards comparability.

A flag to netdev or /proc/sys/net/core to "fix" default behavior
will avoid this.

>=20
> Regards,
> Shmulik