lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 18 Jul 2016 22:51:05 +0200
From:	Daniel Borkmann <daniel@...earbox.net>
To:	"Liang, Kan" <kan.liang@...el.com>,
	"davem@...emloft.net" <davem@...emloft.net>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"intel-wired-lan@...ts.osuosl.org" <intel-wired-lan@...ts.osuosl.org>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>
CC:	"Kirsher, Jeffrey T" <jeffrey.t.kirsher@...el.com>,
	"mingo@...hat.com" <mingo@...hat.com>,
	"peterz@...radead.org" <peterz@...radead.org>,
	"kuznet@....inr.ac.ru" <kuznet@....inr.ac.ru>,
	"jmorris@...ei.org" <jmorris@...ei.org>,
	"yoshfuji@...ux-ipv6.org" <yoshfuji@...ux-ipv6.org>,
	"kaber@...sh.net" <kaber@...sh.net>,
	"akpm@...ux-foundation.org" <akpm@...ux-foundation.org>,
	"keescook@...omium.org" <keescook@...omium.org>,
	"viro@...iv.linux.org.uk" <viro@...iv.linux.org.uk>,
	"gorcunov@...nvz.org" <gorcunov@...nvz.org>,
	"john.stultz@...aro.org" <john.stultz@...aro.org>,
	"aduyck@...antis.com" <aduyck@...antis.com>,
	"ben@...adent.org.uk" <ben@...adent.org.uk>,
	"decot@...glers.com" <decot@...glers.com>,
	"Brandeburg, Jesse" <jesse.brandeburg@...el.com>,
	"andi@...stfloor.org" <andi@...stfloor.org>,
	"tj@...nel.org" <tj@...nel.org>
Subject: Re: [RFC PATCH 00/30] Kernel NET policy

On 07/18/2016 08:30 PM, Liang, Kan wrote:
>> On 07/18/2016 08:55 AM, kan.liang@...el.com wrote:
[...]
>> On a higher level picture, why for example, a new cgroup in combination
>> with tc shouldn't be the ones resolving these policies on resource usage?
>
> The NET policy doesn't support cgroup yet, but it's on my todo list.
> The granularity for the device resource is per queue. The packet will be
> redirected to the specific queue.
> I'm not sure if cgroup with tc can do that.

Did you have a look at sch_mqprio, which can be used along with either
netprio cgroup or netcls cgroup plus tc on clsact's egress side to set
the priority for mqprio mappings from application side? At leats ixgbe,
i40e, fm10k have offload support for it and a number of other nics. You
could also use cls_bpf for making the prio assignment if you need to
involve also other meta data from the skb (like mark or prio derived from
sockets, etc). Maybe it doesn't cover all of what you need, but could be
a start to extend upon?

Thanks,
Daniel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ