On Tue, Sep 5, 2017 at 3:25 PM, Jamal Hadi Salim <j...@mojatatu.com> wrote:
> On 17-09-05 06:01 PM, Roopa Prabhu wrote:
>
>>
>> yes, like Nikolay says we have been discussing this as well. Nikolay's
>> patch is a cleaver and most importantly non-invasive
>> way today given the anchor point for tc rules is a netdev. we have
>> also considered a separate implicit tc anchor device.
>> lo seemed like a good fit for all global rules given it is already
>> available. And it is not uncommon to hang off global
>> network config on the loopback interface.
>>
>
> IMO, Jiri has done all the necessary work already with the concept of
> blocks. We dont really need the netdev to be the attachment point.
>
> You can add to a block in many locations in the kernel by
> constructing the proper "coordinates" in the tcmsg.
> i.e this:
> tcmsg {
> unsigned char tcm_family;
> unsigned char tcm__pad1;
> unsigned short tcm__pad2;
> int tcm_ifindex;
> __u32 tcm_handle;
> __u32 tcm_parent;
> }
>
> If you were to set tcm_ifindex to -1 (since that is not a legit
> ifindex) then all we need to do is define a parent for a
> different location. Current locations tied to netdevs are:
> -----
> #define TC_H_ROOT (0xFFFFFFFFU)
> #define TC_H_INGRESS (0xFFFFFFF1U)
> #define TC_H_CLSACT TC_H_INGRESS
>
> #define TC_H_MIN_INGRESS 0xFFF2U
> #define TC_H_MIN_EGRESS 0xFFF3U
> -----
>
> You should be able to say add a location which maps to a pre-routing
> or post-routing etc; and this would work as well...
>
ok, interesting. Jiri's examples still showed netdev as attachment point.
we will explore some more. thanks.
