On Fri, 2006-30-06 at 15:08 +0200, Thomas Graf wrote: > * jamal <[EMAIL PROTECTED]> 2006-06-29 21:11 > > Heres what it would look at ingress: > > > > step 0: coming from wire via eth0, > > dev=eth0, input_dev=eth0 > > > > step 1: redirect to ifb0, leaving redirect > > dev=ifb0, input_dev=eth0 > > > > step 2: leaving ifb0, coming back to ingress side of stack > > > > dev= eth0, input_dev=ifb0 > > That creates a nice loop on ingress. Upon reentering the > stack with skb->dev set to eth0 again we'll go through the > same ingress filters as the first time and we'll hit ifb0 > again over and over.
loops are taken care of by other metadata. > Are you suggesting everyone has to > insert a pass action matching input_dev in order to escape > the loop when using ifb? > This works, there are no loops. If you use a meta setter and changed input_dev to something that creates a loop it will still be caught when ttls expire. > > > When leaving ifb0 you want for... > > > ... egress: > > > skb->dev=to (eth0) skb->iif=from (ifb0) > > > ... ingress: > > > skb->dev=at (ifb0) skb->iif=from (eth0) > > > > > > > Yes, this is correct. I described the flow of the first one in the > > earlier email and the ingress side. > > How can it be correct if it differs from your description > above? What I described is what the patch changes it to. Double check again: it works as described above; your change messes it. > Looking closer at ifb it contains a race when updating > skb->dev. Preempt has to be disabled when updating skb->dev > before calling netif_rx() otherwise the device might disappear. > I am going to ignore the patch until we resolve the issue of iif vs input_dev. Why dont we discuss that? cheers, jamal - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
