From: Thomas Graf <tgraf@suug.ch>
To: jamal <hadi@cyberus.ca>
Cc: "David S. Miller" <davem@davemloft.net>, netdev@oss.sgi.com
Subject: Re: [PKT_SCHED]: Allow using nfmark as key in U32 classifier.
Date: Fri, 31 Dec 2004 12:08:36 +0100 [thread overview]
Message-ID: <20041231110836.GD32419@postel.suug.ch> (raw)
In-Reply-To: <1104469111.1049.219.camel@jzny.localdomain>
* jamal <1104469111.1049.219.camel@jzny.localdomain> 2004-12-30 23:58
> On Thu, 2004-12-30 at 12:43, Thomas Graf wrote:
> > * jamal <1104335620.1025.22.camel@jzny.localdomain> 2004-12-29 10:53
>
> > > If i store some ID that would tell me "IP" when i dump then i can pretty
> > > print it in english in user space using ip_print().
> >
> > Understood, we could store a map in userspace mapping those IDs to
> > pretty english match descriptions. I think avoiding to hardcode those
> > ids but rather just hold it for userspace is the best thing.
>
> We may be in sync:
> I was thinking of just teaching tc to stash something there that it
> understands on how to translate. Thinking about it now, this may not
> be sufficient: perhaps we need a few bits in the selector to identify
> the owner who installed the rule to begin with. Then it would be safe to
> interpret the meaning of the ID (by the same app). Did you say there
> were some unused bits in the selector?
Right, but why not do this in userspace by having a global map
somewhere in a file? A u32 config could have been modified by
multiple pids and it would get really messy to store a pid for
every possible changeable item.
> I think all you need really is to say "this match starts at IP" i.e such
> a definition is global.
> handles per rule already exist - and you can actually specify them when
> installing a rule. Are those insufficient?
Those are absolutely sufficient. I was thinking of giving a match a
16bit ID which can be used for both, identifying and mapping, i.e:
__u8 kind; /* match type, for lookup in matchers table */
__u8 flags; /* Invert Flag + Relations */
__u16 handle; /* must be unique per selector, may be autogenerated */
I want to have those matches be as small as possible, so no nested
TLVs but rather this u32 + matcher specific data form a TLV together.
A selector consists of a TLV array of such matches. The first TLV,
type=1 becomes a header with the possibility to transfer classifier
specific options (such as hash table configuration for u32).
> Why not make the always-true to be an extended match? actually a u32
> match of 0 0 is always true. Those hashes are quiet tricky/flexible;
> i would rather we clone u32 and call it something else then speacilize
> it.
Agreed, I don't want to change u32 but I want to introduce ematches
in u32 as well so we can benefit from the hashing but for those who
don't need hashing u32 is already bloat so we can do a simple
always-true classifier which does nothing more than evaluating the
ematches. I want to have the u32 match be a ematch as well so the
always-true classifier would become a u32 alternative but without
the hashing overhead.
> Both sound very appealing. You plan to do them as extended matches,
> correct?
Excatly.
> KMP can be used for something like virus scanning? does it
> maintain state?
It requires the following parameters:
- start offset
- end offset
- pattern
- prefix table
and then will simply start at `start` and scans until `end` looking
for pattern with the help of the prefix table. Again, I'm not sure what
you mean by state ;->
next prev parent reply other threads:[~2004-12-31 11:08 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <200412270715.iBR7Fffe026855@hera.kernel.org>
2004-12-27 12:16 ` [PKT_SCHED]: Allow using nfmark as key in U32 classifier Thomas Graf
2004-12-28 13:20 ` jamal
2004-12-28 13:40 ` Thomas Graf
2004-12-28 13:59 ` jamal
2004-12-28 14:50 ` Thomas Graf
2004-12-28 15:55 ` jamal
2004-12-28 16:11 ` Thomas Graf
2004-12-28 16:36 ` jamal
2004-12-28 16:51 ` jamal
2004-12-28 19:26 ` Thomas Graf
2004-12-28 21:14 ` jamal
2004-12-28 22:10 ` Thomas Graf
2004-12-28 23:06 ` jamal
2004-12-28 23:19 ` Thomas Graf
2004-12-28 23:39 ` jamal
2004-12-29 0:09 ` Thomas Graf
2004-12-29 1:13 ` jamal
2004-12-29 12:48 ` Thomas Graf
2004-12-29 14:20 ` jamal
2004-12-29 15:01 ` Thomas Graf
2004-12-29 15:53 ` jamal
2004-12-30 17:43 ` Thomas Graf
2004-12-31 4:58 ` jamal
2004-12-31 11:08 ` Thomas Graf [this message]
2004-12-31 14:59 ` jamal
2004-12-31 15:39 ` Thomas Graf
2004-12-31 16:44 ` jamal
2004-12-31 17:32 ` jamal
2004-12-31 18:11 ` Thomas Graf
2004-12-31 18:19 ` Thomas Graf
2004-12-31 20:51 ` jamal
2005-01-01 12:10 ` Thomas Graf
2005-01-01 23:29 ` jamal
2005-01-02 0:06 ` Thomas Graf
2005-01-03 14:36 ` jamal
2005-01-03 15:02 ` Thomas Graf
2005-01-03 15:55 ` jamal
2005-01-03 16:26 ` Thomas Graf
2005-01-01 18:32 ` Thomas Graf
2005-01-01 23:42 ` jamal
2005-01-02 0:13 ` Thomas Graf
2005-01-03 14:39 ` jamal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20041231110836.GD32419@postel.suug.ch \
--to=tgraf@suug.ch \
--cc=davem@davemloft.net \
--cc=hadi@cyberus.ca \
--cc=netdev@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).