| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Nov 2016 16:26:44 +0000
From: Yotam Gigi <yotamg@...lanox.com>
To: Roopa Prabhu <roopa@...ulusnetworks.com>,
Jiri Pirko <jiri@...nulli.us>
CC: "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"davem@...emloft.net" <davem@...emloft.net>,
Ido Schimmel <idosch@...lanox.com>,
Elad Raz <eladr@...lanox.com>,
Nogah Frankel <nogahf@...lanox.com>,
Or Gerlitz <ogerlitz@...lanox.com>,
"jhs@...atatu.com" <jhs@...atatu.com>,
"geert+renesas@...der.be" <geert+renesas@...der.be>,
"stephen@...workplumber.org" <stephen@...workplumber.org>,
"xiyou.wangcong@...il.com" <xiyou.wangcong@...il.com>,
"linux@...ck-us.net" <linux@...ck-us.net>,
"john.fastabend@...il.com" <john.fastabend@...il.com>,
"simon.horman@...ronome.com" <simon.horman@...ronome.com>
Subject: RE: [patch net-next v2 5/8] Introduce sample tc action
>-----Original Message-----
>From: Roopa Prabhu [mailto:roopa@...ulusnetworks.com]
>Sent: Wednesday, November 16, 2016 6:15 PM
>To: Jiri Pirko <jiri@...nulli.us>
>Cc: netdev@...r.kernel.org; davem@...emloft.net; Yotam Gigi
><yotamg@...lanox.com>; Ido Schimmel <idosch@...lanox.com>; Elad Raz
><eladr@...lanox.com>; Nogah Frankel <nogahf@...lanox.com>; Or Gerlitz
><ogerlitz@...lanox.com>; jhs@...atatu.com; geert+renesas@...der.be;
>stephen@...workplumber.org; xiyou.wangcong@...il.com; linux@...ck-us.net;
>john.fastabend@...il.com; simon.horman@...ronome.com
>Subject: Re: [patch net-next v2 5/8] Introduce sample tc action
>
>On 11/14/16, 7:00 AM, Jiri Pirko wrote:
>> From: Yotam Gigi <yotamg@...lanox.com>
>>
>> This action allow the user to sample traffic matched by tc classifier.
>> The sampling consists of choosing packets randomly, truncating them,
>> adding some informative metadata regarding the interface and the original
>> packet size and mark them with specific mark, to allow further tc rules to
>> match and process. The marked sample packets are then injected into the
>> device ingress qdisc using netif_receive_skb.
>>
>> The packets metadata is packed using the ife encapsulation protocol, and
>> the outer packet's ethernet dest, source and eth_type, along with the
>> rate, mark and the optional truncation size can be configured from
>> userspace.
>>
>> Example:
>> To sample ingress traffic from interface eth1, and redirect the sampled
>> the sampled packets to interface dummy0, one may use the commands:
>>
>> tc qdisc add dev eth1 handle ffff: ingress
>>
>> tc filter add dev eth1 parent ffff: \
>> matchall action sample rate 12 mark 17
>
>Yotham, I am guessing in the future if one does not want to use mark,
>the sample api is extensible to allow for other actions to be added.
>This is from the general concern we had on using mark: some may not want to use
>mark.
>As long as the api is extensible to allow an alternate way in the future,
> we should be good. (We would prefer to not go down the path of having to
>introduce
>a new 'action sample' if this limits us in some way).
The code is extensible - if one does want to add another action to sample, he
totally can :)
By the way, one of the reasons we removed the patches for now is that we
consider adding mirroring functionality to it instead of heaving two tc-rules.
>
>>
>> tc filter add parent ffff: dev eth1 protocol all \
>> u32 match mark 17 0xff \
>> action mirred egress redirect dev dummy0
>>
>
>thanks.
Powered by blists - more mailing lists