thr3ads.net - LARTC - [PATCH] Use nfmark as a key for u32 classifier [Nov 2004]

If this information is useful, please help other people find it:
Share via:

Catalin(ux aka Dino) BOIE

2004-Nov-05 11:38 UTC

[PATCH] Use nfmark as a key for u32 classifier

Hello!

I am glad to announce a patch for u32 to allow matches on nfmark.
The patch is non intrusive (few lines).

Why I did this? Because fw classifier cannot be used together with u32. 
For example, now, you cannot match a mark of 0x90 and a destination 
port of 80. I know you can do it with iptables to do the marking, but if 
you use Jamal actions to apply mark to policed packets, you need this.

All stuff can be found at http://kernel.umbrella.ro/ also.

Dave, please consider adding this patch.

Stephen, if Dave accepts the patch, please apply the iproute2 patch. Thank 
you.

Signed-off-by: Catalin(ux aka Dino) BOIE <catab at umbrella.ro>

Thank you for you time.
---
Catalin(ux aka Dino) BOIE
catab at deuroconsult.ro
http://kernel.umbrella.ro/

jamal

2004-Nov-05 15:50 UTC

head link

Re: [PATCH] Use nfmark as a key for u32 classifier

I think this is an ok midterm solution and should be applied.

One comment Catalin: Can you resend the patch  make this a selectable
choice via kconfig?
Eventually  - we should kill this + the indev choices on u32 and move it
up one so that we can have all filters capable of following filters from
other classifiers. As a matter of fact we already have this feature but
it is a little on the inefficient side at the moment.

cheers,
jamal 

On Fri, 2004-11-05 at 06:38, Catalin(ux aka Dino) BOIE
wrote:> Hello!
> 
> I am glad to announce a patch for u32 to allow matches on nfmark.
> The patch is non intrusive (few lines).
> 
> Why I did this? Because fw classifier cannot be used together with u32. 
> For example, now, you cannot match a mark of 0x90 and a destination 
> port of 80. I know you can do it with iptables to do the marking, but if 
> you use Jamal actions to apply mark to policed packets, you need this.
> 
> All stuff can be found at http://kernel.umbrella.ro/ also.
> 
> Dave, please consider adding this patch.
> 
> Stephen, if Dave accepts the patch, please apply the iproute2 patch. Thank 
> you.
> 
> Signed-off-by: Catalin(ux aka Dino) BOIE <catab at umbrella.ro>
> 
> Thank you for you time.
> ---
> Catalin(ux aka Dino) BOIE
> catab at deuroconsult.ro
> http://kernel.umbrella.ro/
-
To unsubscribe from this list: send the line "unsubscribe linux-net"
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Catalin(ux aka Dino) BOIE

2004-Nov-08 10:06 UTC

head link

Re: [PATCH] Use nfmark as a key for u32 classifier

> I think this is an ok midterm solution and should be applied.Thanks.
> One comment Catalin: Can you resend the patch  make this a selectable
> choice via kconfig?Yes, of course.
Also, as a bonus, I will add a mask. Something like this:
tc filter add dev eth0 protocol ip parent 1:0 prio 5 u32 \
 	match mark 0x0090 0xffff \
                           ^^^^^^
 	flowid 1:90

It''s ok?
> Eventually  - we should kill this + the indev choices on u32 and move it
> up one so that we can have all filters capable of following filters from
> other classifiers. As a matter of fact we already have this feature but
> it is a little on the inefficient side at the moment.
It will be very good. It will add the missing flexibility.
I''ll try to cook up something.
>
> cheers,
> jamal
>
> On Fri, 2004-11-05 at 06:38, Catalin(ux aka Dino) BOIE wrote:
>> Hello!
>>
>> I am glad to announce a patch for u32 to allow matches on nfmark.
>> The patch is non intrusive (few lines).
>>
>> Why I did this? Because fw classifier cannot be used together with u32.
>> For example, now, you cannot match a mark of 0x90 and a destination
>> port of 80. I know you can do it with iptables to do the marking, but
if
>> you use Jamal actions to apply mark to policed packets, you need this.
>>
>> All stuff can be found at http://kernel.umbrella.ro/ also.
>>
>> Dave, please consider adding this patch.
>>
>> Stephen, if Dave accepts the patch, please apply the iproute2 patch.
Thank
>> you.
>>
>> Signed-off-by: Catalin(ux aka Dino) BOIE <catab at umbrella.ro>
>>
>> Thank you for you time.
>> ---
>> Catalin(ux aka Dino) BOIE
>> catab at deuroconsult.ro
>> http://kernel.umbrella.ro/
>
---
Catalin(ux aka Dino) BOIE
catab at deuroconsult.ro
http://kernel.umbrella.ro/
-
To unsubscribe from this list: send the line "unsubscribe linux-net"
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patrick McHardy

2004-Nov-09 05:41 UTC

head link

Re: [PATCH] Use nfmark as a key for u32 classifier

Catalin(ux aka Dino) BOIE wrote:
> Hello!
>
> I am glad to announce a patch for u32 to allow matches on nfmark.
> The patch is non intrusive (few lines).
>
>------------------------------------------------------------------------
>
> 			if
((*(u32*)(ptr+key->off+(off2&key->offmask))^key->val)&key->mask)
{
>--- linux.orig/include/linux/pkt_cls.h	2004-10-19 00:53:07.000000000 +0300
>+++ linux/include/linux/pkt_cls.h	2004-11-05 11:00:27.000000000 +0200
>@@ -208,6 +208,7 @@ struct tc_u32_sel
> 	unsigned char		flags;
> 	unsigned char		offshift;
> 	unsigned char		nkeys;
>+	u32			mark;
>  
>^^ Please put this at the end to avoid breaking compatibility
with old tc binaries. BTW, nfmark if unsigned long, which is
64 bit on 64-bit architectures. Probably not worth fixing though,
everyone else got it wrong too.
> 
> 	__u16			offmask;
> 	__u16			off;
>  
>
Regards
Patrick

Possibly Parallel Threads

Search for more maybe matching threads

LARTC - Nov 2004 - [PATCH] Use nfmark as a key for u32 classifier

[PATCH] Use nfmark as a key for u32 classifier

Re: [PATCH] Use nfmark as a key for u32 classifier

Re: [PATCH] Use nfmark as a key for u32 classifier

Re: [PATCH] Use nfmark as a key for u32 classifier

Possibly Parallel Threads