netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* skbedit action chaining with other actions - will fail
@ 2009-03-07 23:15 Denys Fedoryschenko
  2009-03-08  0:20 ` Denys Fedoryschenko
  0 siblings, 1 reply; 2+ messages in thread
From: Denys Fedoryschenko @ 2009-03-07 23:15 UTC (permalink / raw)
  To: netdev@vger.kernel.org, alexander.h.duyck, shemminger

If i am chaining skbedit with other action, packets will not come in next (by 
order) action. Here is example:

Command
    echo "filter add dev $2 parent ffff: protocol ip prio 10 u32 \
match u32 0 0 flowid 1:1 \
action skbedit priority 0x${lowid} \
action mirred egress redirect dev ifb0"

and for ipt example
    echo "filter add dev $2 parent ffff: protocol ip prio 10 u32 \
match u32 0 0 flowid 1:1 \
action ipt -j MARK --set-mark ${id} \
action mirred egress redirect dev ifb0"


Here is skbedit (mirred will fail)

filter protocol ip pref 10 u32 fh 801::800 order 2048 key ht 801 bkt 0 flowid 
1:1  (rule hit 569 success 569)
  match 00000000/00000000 at 0 (success 569 )
        action order 1:  skbedit priority :7 installed 121 sec used 8 sec       
Action statistics:
        Sent 103528 bytes 569 pkt (dropped 0, overlimits 0 requeues 0)
        rate 0bit 0pps backlog 0b 0p requeues 0

        action order 2: mirred (Egress Redirect to device ifb0) stolen
        index 706 ref 1 bind 1 installed 121 sec used 121 sec
        Action statistics:
        Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
        rate 0bit 0pps backlog 0b 0p requeues 0

But for example ipt works fine
filter protocol ip pref 10 u32 fh 801::800 order 2048 key ht 801 bkt 0 flowid 
1:1  (rule hit 5023 success 5023)
  match 00000000/00000000 at 0 (success 5023 )
        action order 1: tablename: mangle  hook: NF_IP_PRE_ROUTING
        target MARK xset 0x65/0xffffffff
        index 190508 ref 1 bind 1 installed 792 sec used 0 sec
        Action statistics:
        Sent 999442 bytes 5023 pkt (dropped 0, overlimits 0 requeues 0)
        rate 0bit 0pps backlog 0b 0p requeues 0

        action order 2: mirred (Egress Redirect to device ifb0) stolen
        index 190508 ref 1 bind 1 installed 792 sec used 0 sec
        Action statistics:
        Sent 999442 bytes 5023 pkt (dropped 0, overlimits 0 requeues 0)
        rate 0bit 0pps backlog 0b 0p requeues 0





^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: skbedit action chaining with other actions - will fail
  2009-03-07 23:15 skbedit action chaining with other actions - will fail Denys Fedoryschenko
@ 2009-03-08  0:20 ` Denys Fedoryschenko
  0 siblings, 0 replies; 2+ messages in thread
From: Denys Fedoryschenko @ 2009-03-08  0:20 UTC (permalink / raw)
  To: netdev@vger.kernel.org; +Cc: alexander.h.duyck, shemminger

Sorry my mistake, discard

It should be
     echo "filter add dev $2 parent ffff: protocol ip prio 10 u32 \
 match u32 0 0 flowid 1:1 \
 action skbedit priority 0x${lowid} pipe \
 action mirred egress redirect dev ifb0"

(i forgot pipe)

ipt use another way of defining action (depends on return value of iptables).

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2009-03-08  0:21 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-03-07 23:15 skbedit action chaining with other actions - will fail Denys Fedoryschenko
2009-03-08  0:20 ` Denys Fedoryschenko

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).