From: Thomas Graf <tgraf@suug.ch>
To: "David S. Miller" <davem@davemloft.net>
Cc: hadi@cyberus.ca, kaber@trash.net, netdev@oss.sgi.com
Subject: Re: [RFC] string matching ematch
Date: Thu, 27 Jan 2005 15:20:29 +0100 [thread overview]
Message-ID: <20050127142029.GR31837@postel.suug.ch> (raw)
In-Reply-To: <20050126152609.59e1a15e.davem@davemloft.net>
* David S. Miller <20050126152609.59e1a15e.davem@davemloft.net> 2005-01-26 15:26
> On Wed, 26 Jan 2005 22:41:19 +0100
> Thomas Graf <tgraf@suug.ch> wrote:
>
> > I'm not sure if mixing stateful with stateless stuff is such of a good
> > idea. I think it should be separated and have stateful filters only be
> > executed when the flow matters, not packets.
>
> I think keeping things totally stateless would be the best
> idea.
Yes, I think so too.
I'm still thinking about pskbs in the background and the problem gets
more serious with this. So far, even with the multi byte ematch, all
filters were focusing on header content even if they were able to read
from any offset.
Our goal must of course be to to avoid lineraization for as many cases
as possible, therefore I think it would be worth making all matchers
aware of pskbs without linearization. In case the packet goes though
the pedit or ipt action later on then we definitely need to take further
actions but these should be special cases.
For the string matching it is fairly easy, we can check for partial
matches at the end and begin of every fragment. The multi byte
ematch could be splitted into two paths, a fast path using memcmp
directly on the skb data for linear skbs and a "slow" path for
non-linear skbs fetching the needed byte sequence from the relevant
fragments first. The cmp ematch and u32 ematch and classifier could
fetch the needed bucket via a function tcf_read_at_offset taking
an offset and the length of the bucket {8|16|32} which iterates
over the fragments as needed. I know, for most cases it is not needed
but it shouldn't cost us too much.
Thoughts?
next prev parent reply other threads:[~2005-01-27 14:20 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-26 15:07 [RFC] string matching ematch Thomas Graf
2005-01-26 21:03 ` David S. Miller
2005-01-26 21:41 ` Thomas Graf
2005-01-26 23:26 ` David S. Miller
2005-01-27 14:20 ` Thomas Graf [this message]
2005-01-27 20:17 ` Pablo Neira
2005-01-27 20:51 ` Thomas Graf
2005-01-31 13:59 ` jamal
2005-02-01 1:26 ` Pablo Neira
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050127142029.GR31837@postel.suug.ch \
--to=tgraf@suug.ch \
--cc=davem@davemloft.net \
--cc=hadi@cyberus.ca \
--cc=kaber@trash.net \
--cc=netdev@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).