From mboxrd@z Thu Jan 1 00:00:00 1970 From: Liran Alon Subject: Re: [PATCH] net: dev_forward_skb(): Scrub packet's per-netns info only when crossing netns Date: Tue, 20 Mar 2018 18:44:54 +0200 Message-ID: <5AB13A86.9010607@ORACLE.COM> References: <0d84d286-9965-45cb-93c8-379ca1b2441e@default> <87tvta67gl.fsf@xmission.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: shmulik.ladkani@gmail.com, netdev@vger.kernel.org, mrv@mojatatu.com, daniel@iogearbox.net, davem@davemloft.net, linux-kernel@vger.kernel.org, yuval.shaia@ORACLE.COM, idan.brown@ORACLE.COM To: "Eric W. Biederman" Return-path: In-Reply-To: <87tvta67gl.fsf@xmission.com> Sender: linux-kernel-owner@vger.kernel.org List-Id: netdev.vger.kernel.org On 20/03/18 18:24, ebiederm@xmission.com wrote: > > I don't believe the current behavior is a bug. > > I looked through the history. Basically skb_scrub_packet > started out as the scrubbing needed for crossing network > namespaces. > > Then tunnels which needed 90% of the functionality started > calling it, with the xnet flag added. Because the tunnels > needed to preserve their historic behavior. > > Then dev_forward_skb started calling skb_scrub_packet. > > A veth pair is supposed to give the same behavior as a cross-over > cable plugged into two local nics. A cross over cable won't > preserve things like the skb mark. So I don't see why anyone would > expect a veth pair to preserve the mark. I disagree with this argument. I think that a skb crossing netns is what simulates a real packet crossing physical computers. Following your argument, why would skb->mark should be preserved when crossing netdevs on same netns via routing? But this does today preserve skb->mark. Therefore, I do think that skb->mark should conceptually only be scrubbed when crossing netns. Regardless of the netdev used to cross it. > > Right now I don't see the point of handling packets that don't cross > network namespace boundaries specially, other than to preserve backwards > compatibility. > > Eric >