Fri, Jun 29, 2018 at 02:12:21PM CEST, j...@mojatatu.com wrote: >On 29/06/18 04:39 AM, Jiri Pirko wrote: >> Fri, Jun 29, 2018 at 12:25:53AM CEST, xiyou.wangc...@gmail.com wrote: >> > On Thu, Jun 28, 2018 at 6:10 AM Jiri Pirko <j...@resnulli.us> wrote: >> > > Add a template of type flower allowing to insert rules matching on last >> > > 2 bytes of destination mac address: >> > > # tc chaintemplate add dev dummy0 ingress proto ip flower dst_mac >> > > 00:00:00:00:00:00/00:00:00:00:FF:FF >> > > >> > > The template is now showed in the list: >> > > # tc chaintemplate show dev dummy0 ingress >> > > chaintemplate flower chain 0 >> > > dst_mac 00:00:00:00:00:00/00:00:00:00:ff:ff >> > > eth_type ipv4 >> > > >> > > Add another template, this time for chain number 22: >> > > # tc chaintemplate add dev dummy0 ingress proto ip chain 22 flower >> > > dst_ip 0.0.0.0/16 >> > > # tc chaintemplate show dev dummy0 ingress >> > > chaintemplate flower chain 0 >> > > dst_mac 00:00:00:00:00:00/00:00:00:00:ff:ff >> > > eth_type ipv4 >> > > chaintemplate flower chain 22 >> > > eth_type ipv4 >> > > dst_ip 0.0.0.0/16 >> > >> > So, if I want to check the template of a chain, I have to use >> > 'tc chaintemplate... chain X'. >> > >> > If I want to check the filters in a chain, I have to use >> > 'tc filter show .... chain X'. >> > >> > If you introduce 'tc chain', it would just need one command: >> > `tc chain show ... X` which could list its template first and >> > followed by filters in this chain, something like: >> > >> > # tc chain show dev eth0 chain X >> > template: # could be none >> > .... >> > filter1 >> > ... >> > filter2 >> > ... >> > >> > Isn't it more elegant? >> >> Well, that is just another iproute2 command. It would use the same >> kernel uapi. Filters+templates. Sure, why not. Can be easily introduced. >> Let's do it in a follow-up iproute2 patch. >> > >Half a dozen or 6 - take your pick, really. >I would call the template an attribute as opposed to a stand alone >object i.e A chain of filters may have a template. If you have to >introduce a new object then Sridhar's suggested syntax seems appealing.
I think what I have makes sense. Maps nicely to what it really is inside kernel. What Cong proposes looks like nice extension of userspace app to do more things in one go. Will address that in followup iproute2 patch. > >cheers, >jamal
