From: Paolo Abeni <pabeni@redhat.com>
To: Roopa Prabhu <roopa@cumulusnetworks.com>,
davem@davemloft.net, netdev@vger.kernel.org
Cc: dsa@cumulusnetworks.com, nikolay@cumulusnetworks.com,
idosch@mellanox.com
Subject: Re: [PATCH net-next 4/5] ipv4: route: dissect flow in input path if fib rules need it
Date: Mon, 26 Feb 2018 10:10:50 +0100 [thread overview]
Message-ID: <1519636250.2733.11.camel@redhat.com> (raw)
In-Reply-To: <1519537482-6861-5-git-send-email-roopa@cumulusnetworks.com>
On Sat, 2018-02-24 at 21:44 -0800, Roopa Prabhu wrote:
> From: Roopa Prabhu <roopa@cumulusnetworks.com>
>
> Dissect flow in fwd path if fib rules require it. Controlled by
> a flag to avoid penatly for the common case. Flag is set when fib
> rules with sport, dport and proto match that require flow dissect
> are installed. Also passes the dissected hash keys to the multipath
> hash function when applicable to avoid dissecting the flow again.
> icmp packets will continue to use inner header for hash
> calculations (Thanks to Nikolay Aleksandrov for some review here).
>
> Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
> ---
> include/net/ip_fib.h | 2 +-
> include/net/netns/ipv4.h | 1 +
> net/ipv4/fib_rules.c | 6 ++++++
> net/ipv4/fib_semantics.c | 2 +-
> net/ipv4/route.c | 52 +++++++++++++++++++++++++++++++++++-------------
> 5 files changed, 47 insertions(+), 16 deletions(-)
>
> diff --git a/include/net/ip_fib.h b/include/net/ip_fib.h
> index f805243..5ada772 100644
> --- a/include/net/ip_fib.h
> +++ b/include/net/ip_fib.h
> @@ -371,7 +371,7 @@ int fib_sync_up(struct net_device *dev, unsigned int nh_flags);
>
> #ifdef CONFIG_IP_ROUTE_MULTIPATH
> int fib_multipath_hash(const struct fib_info *fi, const struct flowi4 *fl4,
> - const struct sk_buff *skb);
> + const struct sk_buff *skb, struct flow_keys *flkeys);
> #endif
> void fib_select_multipath(struct fib_result *res, int hash);
> void fib_select_path(struct net *net, struct fib_result *res,
> diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h
> index 44668c2..87b8fdc 100644
> --- a/include/net/netns/ipv4.h
> +++ b/include/net/netns/ipv4.h
> @@ -52,6 +52,7 @@ struct netns_ipv4 {
> #ifdef CONFIG_IP_MULTIPLE_TABLES
> struct fib_rules_ops *rules_ops;
> bool fib_has_custom_rules;
> + bool fib_rules_require_fldissect;
> struct fib_table __rcu *fib_main;
> struct fib_table __rcu *fib_default;
> #endif
> diff --git a/net/ipv4/fib_rules.c b/net/ipv4/fib_rules.c
> index 9d55c90..83aa786 100644
> --- a/net/ipv4/fib_rules.c
> +++ b/net/ipv4/fib_rules.c
> @@ -253,6 +253,11 @@ static int fib4_rule_configure(struct fib_rule *rule, struct sk_buff *skb,
> }
> #endif
>
> + if (rule->ip_proto ||
> + fib_rule_port_range_valid(&rule->sport_range) ||
> + fib_rule_port_range_valid(&rule->dport_range))
> + net->ipv4.fib_rules_require_fldissect = true;
> +
> rule4->src_len = frh->src_len;
> rule4->srcmask = inet_make_mask(rule4->src_len);
> rule4->dst_len = frh->dst_len;
What about using 'fib_rules_require_fldissect' to conditionally avoid
all the tests introduced by patch 2/5 ? Perhaps even using a static key
for that?
It would be great if the kernel would be able to clear this flag when
no more needed. I know it's not the current behaviour for other similar
flags, but I hope we can improve ;)
Both points above also apply to the ipv6 code path.
Thanks,
Paolo
next prev parent reply other threads:[~2018-02-26 9:10 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-25 5:44 [PATCH net-next 0/5] fib_rules: support sport, dport and ip proto match Roopa Prabhu
2018-02-25 5:44 ` [PATCH net-next 1/5] net: fib_rules: support for match on ip_proto, sport and dport Roopa Prabhu
2018-02-25 15:04 ` Nikolay Aleksandrov
2018-02-25 15:27 ` Nikolay Aleksandrov
2018-02-25 17:58 ` Roopa Prabhu
2018-02-26 3:08 ` David Ahern
2018-02-26 3:38 ` Roopa Prabhu
2018-02-25 5:44 ` [PATCH net-next 2/5] ipv4: fib_rules: support match on sport, dport and ip proto Roopa Prabhu
2018-02-25 5:44 ` [PATCH net-next 3/5] ipv6: fib6_rules: support for " Roopa Prabhu
2018-02-25 5:44 ` [PATCH net-next 4/5] ipv4: route: dissect flow in input path if fib rules need it Roopa Prabhu
2018-02-25 15:08 ` Nikolay Aleksandrov
2018-02-26 3:17 ` David Ahern
2018-02-26 9:10 ` Paolo Abeni [this message]
2018-02-26 15:36 ` Roopa Prabhu
2018-02-25 5:44 ` [PATCH net-next 5/5] ipv6: " Roopa Prabhu
2018-02-25 15:10 ` Nikolay Aleksandrov
2018-02-25 17:51 ` Roopa Prabhu
2018-02-26 3:19 ` David Ahern
2018-02-26 3:40 ` Roopa Prabhu
2018-02-26 3:20 ` [PATCH net-next 0/5] fib_rules: support sport, dport and ip proto match David Ahern
2018-02-26 3:39 ` Roopa Prabhu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1519636250.2733.11.camel@redhat.com \
--to=pabeni@redhat.com \
--cc=davem@davemloft.net \
--cc=dsa@cumulusnetworks.com \
--cc=idosch@mellanox.com \
--cc=netdev@vger.kernel.org \
--cc=nikolay@cumulusnetworks.com \
--cc=roopa@cumulusnetworks.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).