| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Aug 2008 10:56:15 -0700 From: "Ranjit Manomohan" <ranjitm@...gle.com> To: "Kim, Chei-Yol" <gauri@...i.re.kr> Cc: "Á¤¼ºÀÎ" <sijung@...i.re.kr>, "°µ¿Àç" <djkang@...i.re.kr>, netdev@...r.kernel.org, Containers@...ts.linux-foundation.org Subject: Re: Some question about your TC cgroups controller !! On Tue, Aug 19, 2008 at 11:31 PM, Kim, Chei-Yol <gauri@...i.re.kr> wrote: > Hello !! > I'm Chei-yol Kim, I work for ETRI(www.etri.re.kr) in Korea. > I have very interested in cgroup, their controllers and especially network > controller. > Before about a week ago, I send below mail to container mailing list. > If you don't mind, I hope hear your opion about that. > I think your TC cgroup idea is very good and efficient way of network > controller. > Can I ask your plan of TC cgroup patch? What is the future work of the TC > cgroup? If there are no objections to the current implementation, I have the following set of patches planned: 1) Supporting ingress packet classification based on cgroups 2) Supporting firewall functionality based on this (e.g. drop a packet at port 80 if not in the right cgroup) > If you think your patch has a problem, What is it? As you pointed out the split logic in configuration of this functionality (partially in cgroups and the rest with the tc tools) is something that I wanted to avoid. However when you look at the rich feature set provided by the linux networking stack to support traffic shaping and firewalls it becomes very tedious to duplicate all possible configuration options with cgroups. Hence the compromise in terms of user configuration complexity. We could always come up with simple utilities or scripts to make this easier if it becomes a serious concern. -Thanks, Ranjit > > I'm sorry for many question. > But If you share your thinking, it'll be great pleasure to me. > > I expect your answer and thank for reading this mail. > > - Kim, Chei-yol > > > > -----Original Message----- > From: containers-bounces@...ts.linux-foundation.org > [mailto:containers-bounces@...ts.linux-foundation.org] On Behalf Of Kim, > Chei-Yol > Sent: Wednesday, August 13, 2008 6:05 PM > To: Containers@...ts.linux-foundation.org > Subject: Opinion about cgroup network controller > > > > I'm interested in cgroup network controller. > > > > As I know, currently announced network controllers are two. > > > > One is Andrea's network throttle and the other is Ranjit's TC(Traffic > Control) cgroups subsystem(http://lkml.org/lkml/2008/7/22/361). > > > > Two implementations is totally different each other. > > > > > > > > Network throttle is quite same mechanism to io_throttle. so it just can > limit socket's rate. > > > > The most important drawback of it is that it can't support work-conserving > mode. > > > > If it were capable of work-conserving mode, it could guarantee the minimum > network rate. > > > > this point is very important. > > > > > > > > The other, ranjit's implementation is to let TC recognize the cgroup so that > administrator can > > > > adopt different rate or polish to each cgroups. TC is not easy to use > without much knowledge. > > > > Because of the using TC mechanism, user have to configure cgroup and TC > together. This is not same > > > > to other controller configuration. Other controllers are controlled by value > in the cgroup file. But > > > > ranjit's implementation have to control rate by tc configuration. This > difference is not good to user. > > > > > > > > As the result of this looking, the controller which can resolve these > problems would be needed now. > > > > This could support work-conserving mode and easy to use and configured like > other controllers. > > > > > > > > What do you think about this? > > > > > > > > I hope many comments. > > > > > > > > - Chei-yol > > > > _______________________________________________ > > Containers mailing list > > Containers@...ts.linux-foundation.org > > https://lists.linux-foundation.org/mailman/listinfo/containers > > > > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists