From: Amir Vadai <amir@vadai.me>
To: Jiri Benc <jbenc@redhat.com>
Cc: Stephen Hemminger <stephen@networkplumber.org>,
"David S. Miller" <davem@davemloft.net>,
netdev@vger.kernel.org, Or Gerlitz <ogerlitz@mellanox.com>,
Hadar Har-Zion <hadarh@mellanox.com>,
Roi Dayan <roid@mellanox.com>
Subject: Re: [PATCH iproute2 0/2] tc/cls_flower: Support for ip tunnel metadata set/release/classify
Date: Thu, 24 Nov 2016 17:06:33 +0200 [thread overview]
Message-ID: <20161124150633.GA27727@office.localdomain> (raw)
In-Reply-To: <20161124143856.43fa54d6@griffin>
On Thu, Nov 24, 2016 at 02:38:56PM +0100, Jiri Benc wrote:
> On Mon, 21 Nov 2016 12:20:54 +0200, Amir Vadai wrote:
> > $ tc filter add dev vxlan0 protocol ip parent ffff: \
> > flower \
> > enc_src_ip 11.11.0.2 \
> > enc_dst_ip 11.11.0.1 \
> > enc_key_id 11 \
> > dst_ip 11.11.11.1 \
> > action tunnel_key release \
> > action mirred egress redirect dev vnet0
>
> I really hate the "action tunnel_key release". This just exposes the
> kernel internal implementation detail (dst_metadata) to the user. Why
> should the user care about explicit releasing of the tunnel key? This
> should happen automatically. Users do not care about our internal
> implementation.
I see.
So you mean to just unconditionally call skb_dst_drop() from
act_mirred()?
>
> > $ tc filter add dev net0 protocol ip parent ffff: \
> > flower \
> > ip_proto 1 \
> > dst_ip 11.11.11.2 \
> > action tunnel_key set \
> > src_ip 11.11.0.1 \
> > dst_ip 11.11.0.2 \
> > id 11 \
> > action mirred egress redirect dev vxlan0
>
> Do you see the asymmetry? This is not called "alloc tunnel_key", and
> rightly so. It's very reasonable to call this "set", as it is what the
> action looks like to the user.
>
> The only argument for the existence of an explicit "release" (we should
> rather call it "unset" in such case, though) is forwarding between two
> tunnels, where metadata from the first tunnel will be used for
> encapsulation done by the second tunnel. Or a similar case when there's
> classification based on the tunnel metadata done on the mirred
> interface. Somewhat corner cases, though. If we want to support them,
> then let's call the action "unset" and not "release". And in any case,
> it should not be mandatory to specify it, which should be made clear
> in the documentation (including examples where it is needed - basically
> only when forwarding between tunnels).
The use case we already have that uses the release action is the
hardware offload support, which is already in the kernel.
It is using the "tunnel_key release" action to signal the hardware to
strip off the ip tunnel headers.
I need to go over this again and see how can we make it work without the
release/unset action.
>
> Jiri
next prev parent reply other threads:[~2016-11-24 15:06 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-21 10:20 [PATCH iproute2 0/2] tc/cls_flower: Support for ip tunnel metadata set/release/classify Amir Vadai
2016-11-21 10:20 ` [PATCH iproute2 1/2] tc/cls_flower: Classify packet in ip tunnels Amir Vadai
2016-11-21 10:20 ` [PATCH iproute2 2/2] tc/act_tunnel: Introduce ip tunnel action Amir Vadai
2016-11-21 23:50 ` Rosen, Rami
2016-11-22 7:50 ` Amir Vadai
2016-11-24 13:38 ` [PATCH iproute2 0/2] tc/cls_flower: Support for ip tunnel metadata set/release/classify Jiri Benc
2016-11-24 15:06 ` Amir Vadai [this message]
2016-11-24 15:33 ` Jiri Benc
2016-11-27 10:35 ` Amir Vadai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161124150633.GA27727@office.localdomain \
--to=amir@vadai.me \
--cc=davem@davemloft.net \
--cc=hadarh@mellanox.com \
--cc=jbenc@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=ogerlitz@mellanox.com \
--cc=roid@mellanox.com \
--cc=stephen@networkplumber.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).