From: Patrick McHardy <kaber@trash.net>
To: Dirk <biecie547@gmail.com>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: Use connection tracking to store private data for rate shaping algorithms?
Date: Thu, 16 Dec 2010 13:31:12 +0100 [thread overview]
Message-ID: <4D0A0690.4000309@trash.net> (raw)
In-Reply-To: <AANLkTik6sRQ=Pju6krQnUEf7qkhZ0j-cb+CdgmsoHoCf@mail.gmail.com>
Am 30.11.2010 16:18, schrieb Dirk:
> Hello,
>
>
> We are developing some some more advanced TCP rate shaping algorithms
> ( http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=1261834&tag=1 )
> and would like to implement it as a (GPL) kernel module. The goal is
> to have a high performant module that can 'shape' traffic for 10 000's
> of hosts and users on individual base and also minimize shaping
> overhead (drop/retransmits/latency) on the network.
Sounds interesting.
> Our current solution uses a custom developed iptables target that
> already performs traffic policing for 10'000s of simultaneous users (
> http://tnc2007.terena.org/programme/presentations/showbeb6.html ).
> Since policing is not an ideal way to regulate bandwidth, we want to
> improve it :-)
>
>
> However, in order to function correctly, we need to keep some extra
> information for each flow (both tcp and udp) through the device:
> - few statistics (two 64bit integers)
> - shaping/rate state information (four 64bit integers)
>
> This information should be set/accessible from a kernel tc qdisc module.
>
> My idea was to use the connection tracking framework to keep track of
> connection states (which is also required by the algorithms) and
> somehow extend it to also store the extra information.
That sounds reasonable. I've implemented TCP rate control about 9
years ago and did the same.
> I have found there is an extension infrastructure for nf_conntrack (
> http://www.mail-archive.com/git-commits-head@vger.kernel.org/msg15798.html
> ), but it does not seem a module is intended to register itself
> without modifying nf_ct_ext_id in /nf_conntrack_extend.h. Since that
> would require a kernel recompile, it is not really an option.
>
> Since we're not (yet) familiar with the connection tracking code: what
> would be the best way to accomplish this?
You can't add data to the conntrack structure (neither directly nor
through extensions) without recompiling the kernel. I'd suggest to
use ct extensions, require a recompile for now and then merge your
module upstream once it's finished.
prev parent reply other threads:[~2010-12-16 12:31 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-30 15:18 Use connection tracking to store private data for rate shaping algorithms? Dirk
2010-12-09 11:00 ` Pablo Neira Ayuso
2010-12-16 12:31 ` Patrick McHardy [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D0A0690.4000309@trash.net \
--to=kaber@trash.net \
--cc=biecie547@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).