From: Daniel Borkmann <daniel@iogearbox.net>
To: Alexei Starovoitov <ast@plumgrid.com>,
"David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>, Thomas Graf <tgraf@suug.ch>,
Jiri Pirko <jiri@resnulli.us>,
Jamal Hadi Salim <jhs@mojatatu.com>,
netdev@vger.kernel.org
Subject: Re: [PATCH v4 net-next 2/2] tc: add 'needs_l2' flag to ingress qdisc
Date: Sat, 11 Apr 2015 08:46:58 +0200 [thread overview]
Message-ID: <5528C362.4070207@iogearbox.net> (raw)
In-Reply-To: <1428708792-5872-2-git-send-email-ast@plumgrid.com>
On 04/11/2015 01:33 AM, Alexei Starovoitov wrote:
> TC classifers and actions attached to ingress and egress qdiscs see
> inconsistent skb->data. For ingress L2 header is already pulled, whereas
> for egress it's present. Introduce an optional flag for ingress qdisc
> which if set will cause ingress to push L2 header before calling
> into classifiers/actions and pull L2 back afterwards.
>
> The cls_bpf/act_bpf are now marked as 'needs_l2'. The users can use them
> on ingress qdisc created with 'needs_l2' flag and on any egress qdisc.
> The use of them with vanilla ingress is disallowed.
>
> The ingress_l2 qdisc can only be attached to devices that provide headers_ops.
>
> When ingress is not enabled static_key avoids *(skb->dev->ingress_queue)
>
> When ingress is enabled the difference old vs new to reach qdisc spinlock:
> old:
> *(skb->dev->ingress_queue), if, *(rxq->qdisc), if, *(rxq->qdisc), if
> new:
> *(skb->dev->ingress_queue), if, *(rxq->qdisc), if, if
>
> This patch provides a foundation to use ingress_l2+cls_bpf to filter
> interesting traffic and mirror small part of it to a different netdev for
> capturing. This approach is significantly faster than traditional af_packet,
> since skb_clone is called after filtering. dhclient and other tap-based tools
> may consider switching to this style.
>
> Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Yes, that's the suggested alternative for the constraints we're having.
Looks good to me, thanks!
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
next prev parent reply other threads:[~2015-04-11 6:47 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-10 23:33 [PATCH v4 net-next 1/2] net: introduce skb_postpush_rcsum() helper Alexei Starovoitov
2015-04-10 23:33 ` [PATCH v4 net-next 2/2] tc: add 'needs_l2' flag to ingress qdisc Alexei Starovoitov
2015-04-11 6:46 ` Daniel Borkmann [this message]
2015-04-13 14:16 ` Jamal Hadi Salim
2015-04-13 17:37 ` Alexei Starovoitov
2015-04-11 6:40 ` [PATCH v4 net-next 1/2] net: introduce skb_postpush_rcsum() helper Daniel Borkmann
-- strict thread matches above, loose matches on Subject: below --
2015-04-11 0:45 [PATCH v4 net-next 2/2] tc: add 'needs_l2' flag to ingress qdisc Cong Wang
2015-04-11 1:39 ` Alexei Starovoitov
2015-04-11 6:53 ` Daniel Borkmann
2015-04-13 22:44 ` Cong Wang
2015-04-14 0:57 ` Alexei Starovoitov
2015-04-14 18:05 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5528C362.4070207@iogearbox.net \
--to=daniel@iogearbox.net \
--cc=ast@plumgrid.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=jhs@mojatatu.com \
--cc=jiri@resnulli.us \
--cc=netdev@vger.kernel.org \
--cc=tgraf@suug.ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).