Netdev Archive on
help / color / mirror / Atom feed
From: Jamal Hadi Salim <>
To: Cong Wang <>
Cc: David Miller <>,
	Linux Kernel Network Developers <>,
	Jiri Pirko <>,
	Ariel Levkovich <>
Subject: Re: [PATCH net-next 1/1] net/sched: Introduce skb hash classifier
Date: Mon, 17 Aug 2020 07:19:17 -0400	[thread overview]
Message-ID: <> (raw)
In-Reply-To: <>

On 2020-08-16 2:59 p.m., Cong Wang wrote:
> On Thu, Aug 13, 2020 at 5:52 AM Jamal Hadi Salim <> wrote:

>> How do you know whether to use hash or mark or both
>> for that specific key?
> Hmm, you can just unconditionally pass skb->hash and skb->mark,
> no? Something like:
> if (filter_parameter_has_hash) {
>      match skb->hash with cls->param_hash
> }
> if (filter_parameter_has_mark) {
>      match skb->mark with cls->param_mark
> }
> fw_classify() uses skb->mark unconditionally anyway, without checking
> whether it is set or not first.

There is no ambiguity of intent in the fw case, there is only one field.
In the case of having multiple fields it is ambigious if you 
unconditionally look.

Example: policy says to match skb mark of 5 and hash of 3.
If packet arrives with skb->mark is 5 and skb->hash is 3
very clearly matched the intent of the policy.
If packet arrives withj skb->mark 7 and hash 3 it clearly
did not match the intent. etc.

> But if filters were put in a global hashtable, the above would be
> much harder to implement.

Ok, yes. My assumption has been you will have some global shared
structure where all filters will be installed on.

I think i may have misunderstood all along what you were saying
which is:

a) add the rules so they are each _independent with different
    priorities_ in a chain.

b)  when i do lookup for packet arrival, i will only see a filter
  that matches "match mark 5 and hash 3" (meaning there is no
  ambiguity on intent). If packet data doesnt match policy then
  i will iterate to another filter on the chain list with lower

Am i correct in my understanding?

If i am - then we still have a problem with lookup scale in presence
of a large number of filters since essentially this approach
is linear lookup (similar problem iptables has). I am afraid
a hash table or something with similar principle goals is needed.

>> You can probably do some trick but I cant think of a cheap way to
>> achieve this goal. Of course this issue doesnt exist if you have
>> separate classifiers.
>> 2) If you decide tomorrow to add tcindex/prio etc, you will have to
>> rework this as well.
>> #2 is not as a big deal as #1.
> Well, I think #2 is more serious than #1, if we have to use a hashtable.
> (If we don't have to, then it would be much easier to extend, of course.)

In both cases youd have to extend the existing code.


  reply	other threads:[~2020-08-17 11:20 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-08-07 22:28 Jamal Hadi Salim
2020-08-09 18:15 ` Cong Wang
2020-08-09 23:41   ` Jamal Hadi Salim
2020-08-11 23:25     ` Cong Wang
2020-08-12 21:07       ` Marcelo Ricardo Leitner
2020-08-13 12:52       ` Jamal Hadi Salim
2020-08-16 18:59         ` Cong Wang
2020-08-17 11:19           ` Jamal Hadi Salim [this message]
2020-08-17 19:47             ` Cong Wang
2020-08-19  9:48               ` Jamal Hadi Salim

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \ \ \
    --subject='Re: [PATCH net-next 1/1] net/sched: Introduce skb hash classifier' \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).