From: Shmulik Ladkani <shmulik.ladkani@gmail.com>
To: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: "David S. Miller" <davem@davemloft.net>,
WANG Cong <xiyou.wangcong@gmail.com>,
Eric Dumazet <edumazet@google.com>,
netdev@vger.kernel.org
Subject: Re: [PATCH net-next 4/4] net/sched: act_mirred: Implement ingress actions
Date: Fri, 23 Sep 2016 18:40:30 +0300 [thread overview]
Message-ID: <20160923184030.75124289@halley> (raw)
In-Reply-To: <0037729a-a3fc-c1c9-a620-905c73e0b9d4@mojatatu.com>
On Fri, 23 Sep 2016 08:48:33 -0400 Jamal Hadi Salim <jhs@mojatatu.com> wrote:
> > Even today, one may create loops using existing 'egress redirect',
> > e.g. this rediculously errorneous construct:
> >
> > # ip l add v0 type veth peer name v0p
> > # tc filter add dev v0p parent ffff: basic \
> > action mirred egress redirect dev v0
>
> I think we actually recover from this one by eventually
> dropping (theres a ttl field).
[off topic]
Don't know about that :) cpu fan got very noisy, 3 of 4 cores at 100%,
and after one second I got:
# ip -s l show type veth
16: v0p@v0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether a2:64:ff:10:dd:85 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
71660305923 469890864 0 0 0 0
TX: bytes packets errors dropped carrier collsns
3509 24 0 0 0 0
17: v0@v0p: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether 52:a2:34:f6:7c:ec brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
3509 24 0 0 0 0
TX: bytes packets errors dropped carrier collsns
71660713017 469893555 0 0 0 0
> The other question is what to set skb->dev and skb->iif?
> Some information will be lost if you move around netdevs a
> bit.
[back to topic]
Good point.
Similarly to all constructs injecting skbs to device rx (bond/team,
vlan, macvlan, tunnels, ifb, __dev_forward_skb callers, etc..), we are
obligated to assign 'skb2->dev' as the new rx device.
Regarding 'skb2->skb_iif', original act_mirred code already has:
skb2->skb_iif = skb->dev->ifindex; <--- THIS IS ORIG DEV IIF
skb2->dev = dev; <--- THIS IS TARGET DEV
err = dev_queue_xmit(skb2);
I'm preserving this; OTOH the suggested modification in the patch is
- err = dev_queue_xmit(skb2);
+ if (tcf_mirred_act_direction(m->tcfm_eaction) & AT_EGRESS)
+ err = dev_queue_xmit(skb2);
+ else
+ netif_receive_skb(skb2);
now, the call to 'netif_receive_skb' will eventually override skb_iif to
the target RX dev's index, upon entry to __netif_receive_skb_core.
I think this IS the expected behavior - as done by other "rx injection"
constructs.
My doubts were around whether we should call 'dev_forward_skb' instead
of 'netif_receive_skb'.
The former does some things I assumed we're not interested of, like
testing 'is_skb_forwardable' and re-running 'eth_type_trans'.
OTOH, it DOES scrub the skb.
Maybe we should scrub it as well prior the netif_receive_skb call?
Thanks,
Shmulik
next prev parent reply other threads:[~2016-09-23 15:40 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-22 13:21 [PATCH net-next 0/4] act_mirred: Ingress actions support Shmulik Ladkani
2016-09-22 13:21 ` [PATCH net-next 1/4] net/sched: act_mirred: Rename tcfm_ok_push to tcfm_mac_header_xmit Shmulik Ladkani
2016-09-27 10:30 ` Daniel Borkmann
2016-09-27 18:24 ` Shmulik Ladkani
2016-09-22 13:21 ` [PATCH net-next 2/4] net/sched: act_mirred: Refactor detection whether dev needs xmit at mac header Shmulik Ladkani
2016-09-22 13:21 ` [PATCH net-next 3/4] net/sched: tc_mirred: Rename public predicates 'is_tcf_mirred_redirect' and 'is_tcf_mirred_mirror' Shmulik Ladkani
2016-09-22 13:21 ` [PATCH net-next 4/4] net/sched: act_mirred: Implement ingress actions Shmulik Ladkani
2016-09-22 14:54 ` Eric Dumazet
2016-09-22 18:27 ` Shmulik Ladkani
2016-09-22 18:42 ` Eric Dumazet
2016-09-22 23:40 ` Jamal Hadi Salim
2016-09-23 5:11 ` Shmulik Ladkani
2016-09-23 12:48 ` Jamal Hadi Salim
2016-09-23 15:40 ` Shmulik Ladkani [this message]
2016-09-25 0:20 ` Cong Wang
2016-09-25 13:05 ` Jamal Hadi Salim
2016-09-25 16:26 ` Daniel Borkmann
2016-09-25 18:33 ` Florian Westphal
2016-09-25 23:47 ` Jamal Hadi Salim
2016-09-25 23:31 ` Jamal Hadi Salim
2016-09-25 17:33 ` Shmulik Ladkani
2016-09-25 18:31 ` Florian Westphal
2016-09-26 1:15 ` Jamal Hadi Salim
2016-09-26 1:35 ` Florian Westphal
2016-09-26 1:40 ` Jamal Hadi Salim
2016-09-26 14:43 ` Hannes Frederic Sowa
2016-09-26 14:53 ` Daniel Borkmann
2016-09-26 15:12 ` Hannes Frederic Sowa
2016-09-26 15:53 ` Daniel Borkmann
2016-09-26 15:26 ` Shmulik Ladkani
2016-09-25 23:45 ` Jamal Hadi Salim
2016-09-25 0:07 ` Cong Wang
2016-09-25 13:39 ` Jamal Hadi Salim
2016-09-26 4:55 ` Cong Wang
2016-09-25 17:59 ` Shmulik Ladkani
2016-09-26 4:56 ` Cong Wang
2016-09-24 23:50 ` Cong Wang
2016-09-27 5:56 ` David Miller
2016-09-27 8:07 ` Shmulik Ladkani
2016-09-27 10:39 ` Daniel Borkmann
2016-09-27 13:44 ` David Miller
2016-09-27 14:18 ` Shmulik Ladkani
2016-09-27 14:47 ` Daniel Borkmann
2016-09-27 14:06 ` Jamal Hadi Salim
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160923184030.75124289@halley \
--to=shmulik.ladkani@gmail.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=jhs@mojatatu.com \
--cc=netdev@vger.kernel.org \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).