From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jiri Pirko Subject: Re: [patch net-next 2/3] netfilter: ip6_tables: use reasm skb for matching Date: Tue, 5 Nov 2013 19:21:26 +0100 Message-ID: <20131105182126.GC2438@minipsycho.orion> References: <1383649333-6321-1-git-send-email-jiri@resnulli.us> <1383649333-6321-3-git-send-email-jiri@resnulli.us> <20131105133205.GC15370@breakpoint.cc> <20131105134118.GA5818@macbook.localnet> <20131105150115.GB2438@minipsycho.orion> <20131105153921.GD15370@breakpoint.cc> <20131105181923.GB7435@macbook.localnet> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Florian Westphal , netdev@vger.kernel.org, davem@davemloft.net, pablo@netfilter.org, netfilter-devel@vger.kernel.org, yoshfuji@linux-ipv6.org, kadlec@blackhole.kfki.hu, mleitner@redhat.com, kuznet@ms2.inr.ac.ru, jmorris@namei.org, wensong@linux-vs.org, horms@verge.net.au, ja@ssi.bg, edumazet@google.com, pshelar@nicira.com, jasowang@redhat.com, alexander.h.duyck@intel.com, coreteam@netfilter.org To: Patrick McHardy Return-path: Content-Disposition: inline In-Reply-To: <20131105181923.GB7435@macbook.localnet> Sender: netfilter-devel-owner@vger.kernel.org List-Id: netdev.vger.kernel.org Tue, Nov 05, 2013 at 07:19:24PM CET, kaber@trash.net wrote: >On Tue, Nov 05, 2013 at 04:39:21PM +0100, Florian Westphal wrote: >> Jiri Pirko wrote: >> > Tue, Nov 05, 2013 at 02:41:19PM CET, kaber@trash.net wrote: >> > >executing the rules on the reassembled packet multiple times, one >> > >for each fragment. >> > >> [..] >> > End even though, the matching is now done for each fragment skb anyway. The >> > change is only to do it on different skb. I see no erformance or any >> > other problem in that. >> >> One problem that comes to mind is that nfacct or quota match will >> now account num_of_fragments * length_of_reassemled_skb bytes. > >indeed. The easiest way to fix all this (and, btw, also the >pskb_expand_head() oops which is currently reported by multiple people) >is to get rid of all the fragmentation handling and simply use the >reassembled skb. Okay. That will resolve the skb->sk rewrite problem as well. I will prepare a patch.