Re: Using skb->mark outside netfilter

[Antonio Quartulli <antonio@open-mesh.com>]

[-- Attachment #1: Type: text/plain, Size: 1729 bytes --]

Hi Jamal,

On Tue, May 07, 2013 at 06:04:18 -0700, Jamal Hadi Salim wrote:
> On 13-05-06 02:48 PM, Antonio Quartulli wrote:
> 
> >
> > Now to extend this mechanism network-wide (remember that the use case is a Layer2
> > mesh network set up with batman-adv) I'm going to introduce a mechanism in
> > batman-adv itself which is supposed to read and write the skb->mark field
> > so that the value contained when the packet is leaving one end can be restored
> > later on the other end of the intra-mesh communication (only if it matches a pre
> > configured one).
> > This would allow the remote node to perform the same filtering
> > operation as if the packet was locally generated.
> >
> 
> Nice idea.
> How do you encode the mark in the batman header?

The mark is not really encoded in the batman header.

Each node is configured with a mark value (the values have to be the same on
everynode in order to make the mechanism work correctly), then batman-adv will
advertise to the rest of the mesh which host is sending marked packets.

Receiving nodes will then restore the mark in the skb each time it is coming from
one of those advertised hosts.

A future feature may consists in carrying the mark directly into the header so
that batman-adv itself does not have to take care about the meaning of such
value but will just carry it (we still have to think about it...it is just an
idea now)

> >
> > To clarify the idea, here you have an ascii art representing a possible setup
> > and how the mark will be read and set:
> 
> Looks sane to me.
> 

Thanks a lot!
I will use it :)


Cheers,

-- 
Antonio Quartulli

..each of us alone is worth nothing..
Ernesto "Che" Guevara

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]