netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Eyal Birger <eyal.birger@gmail.com>
To: Tom Parkin <tparkin@katalix.com>
Cc: jchapman@katalix.com, netdev@vger.kernel.org
Subject: Re: [RFC PATCH net-next 0/3] support "flow-based" datapath in l2tp
Date: Wed, 29 Sep 2021 13:03:21 +0300	[thread overview]
Message-ID: <1fe9bf2a-0650-a9ee-b91d-febcf3d22612@gmail.com> (raw)
In-Reply-To: <20210929094514.15048-1-tparkin@katalix.com>

Hi Tom,

On 29/09/2021 12:45, Tom Parkin wrote:
...
>        The skb is then redirected to the tunnel virtual netdev: tc rules
>        can then be added to match traffic based on the session ID and
>        redirect it to the correct interface:
> 
>              tc qdisc add dev l2tpt1 handle ffff: ingress
>              tc filter add dev l2tpt1 \
>                      parent ffff: \
>                      flower enc_key_id 1 \
>                      action mirred egress redirect dev eth0
> 
>        In the case that no tc rule matches an incoming packet, the tunnel
>        virtual device implements an rx handler which swallows the packet
>        in order to prevent it continuing through the network stack.

There are other ways to utilize the tunnel key on rx, e.g. in ip rules.

IMHO it'd be nicer if the decision to drop would be an administrator 
decision which they can implement using a designated tc drop rule.

Eyal.

  parent reply	other threads:[~2021-09-29 10:03 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-09-29  9:45 [RFC PATCH net-next 0/3] support "flow-based" datapath in l2tp Tom Parkin
2021-09-29  9:45 ` [RFC PATCH net-next 1/3] net/l2tp: add virtual tunnel device Tom Parkin
2021-09-29  9:45 ` [RFC PATCH net-next 2/3] net/l2tp: add flow-based session create API Tom Parkin
2021-09-29  9:45 ` [RFC PATCH net-next 3/3] net/l2tp: add netlink attribute to enable flow-based session creation Tom Parkin
2021-09-29 10:03 ` Eyal Birger [this message]
2021-10-01  8:40   ` [RFC PATCH net-next 0/3] support "flow-based" datapath in l2tp Tom Parkin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1fe9bf2a-0650-a9ee-b91d-febcf3d22612@gmail.com \
    --to=eyal.birger@gmail.com \
    --cc=jchapman@katalix.com \
    --cc=netdev@vger.kernel.org \
    --cc=tparkin@katalix.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).