On Thu, Apr 30, 2015 at 06:05:37AM +0200, Patrick McHardy wrote:
06:05:37AM
do you ever sleep? ;)
For the sake of completeness - on ingress, this alternativ means simply
ditching TC.
I'm sure 'ditching TC' doesn't mean to kill ingress qdisc
completely. Compatibility needs to be preserved.
Port qdisc ingress on top of the Netfilter ingress allows us to detach the
qdisc ingress filtering code from the core, so now it resides where it really
belongs.
The specific qdisc ingress static key is also gone since we now rely on the
generic netfilter hook static key infrastructure.
This
On Wed, Apr 29, 2015 at 11:53 AM, Pablo Neira Ayuso pa...@netfilter.org wrote:
diff --git a/net/sched/Kconfig b/net/sched/Kconfig
index 2274e72..23b57da 100644
--- a/net/sched/Kconfig
+++ b/net/sched/Kconfig
@@ -312,6 +312,7 @@ config NET_SCH_PIE
config NET_SCH_INGRESS
tristate
On 29.04, Cong Wang wrote:
On Wed, Apr 29, 2015 at 11:53 AM, Pablo Neira Ayuso pa...@netfilter.org
wrote:
diff --git a/net/sched/Kconfig b/net/sched/Kconfig
index 2274e72..23b57da 100644
--- a/net/sched/Kconfig
+++ b/net/sched/Kconfig
@@ -312,6 +312,7 @@ config NET_SCH_PIE
config
On Wed, Apr 29, 2015 at 10:27:05PM +0200, Daniel Borkmann wrote:
On 04/29/2015 08:53 PM, Pablo Neira Ayuso wrote:
Port qdisc ingress on top of the Netfilter ingress allows us to detach the
qdisc ingress filtering code from the core, so now it resides where it really
belongs.
Hm, but that
On 04/30/2015 01:32 AM, Pablo Neira Ayuso wrote:
...
Actually, the extra cost is roughly (getting inlined stuff away and
other non-relevant stuff):
`- nf_hook_slow()
`- [for each entry in hook list]
`- nf_iterate()
`- (*elemp)-hook()
Yep, agreed.
as part of the
On 30.04, Daniel Borkmann wrote:
I can also see there were also intentions to support userspace
queueing at some point since TC_ACT_QUEUED has been there since the
beginning. That should be possible at some point using this
infrastructure (once there are no further concerns on the
On 30.04, Daniel Borkmann wrote:
On 04/30/2015 02:37 AM, Patrick McHardy wrote:
On 30.04, Pablo Neira Ayuso wrote:
On the bugfix front, the illegal mangling of shared skb from actions
like stateless nat and bpf look also important to be addressed to me.
David already suggested to propagate
