From: Ryoga Saito <proelbtn@gmail.com>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Andrea Mayer <andrea.mayer@uniroma2.it>,
davem@davemloft.net, yoshfuji@linux-ipv6.org, dsahern@kernel.org,
kuba@kernel.org, netfilter-devel@vger.kernel.org,
Stefano Salsano <stefano.salsano@uniroma2.it>,
Paolo Lungaroni <paolo.lungaroni@uniroma2.it>
Subject: Re: [PATCH] net: Add netfilter hooks to track SRv6-encapsulated flows
Date: Mon, 19 Jul 2021 19:12:46 +0900 [thread overview]
Message-ID: <0B18A029-E4B5-4D74-AE9E-C617E5325190@gmail.com> (raw)
In-Reply-To: <20210715221342.GA19921@salvia>
Hi Pablo
I would like your comments for it.
I have 2 implementation ideas about fixing this patch:
1.) fix only coding style pointed out in previous mail
2.) add sysctl parameter and change NF_HOOK to NF_HOOK_COND for user to
select behavior of hook call
I believed SRv6 encaps/decaps operations should be tracked with conntrack
like any other virtual net-device based tunneling protocols (e.g. VXLAN,
IPIP), even if the forwarding performance slows down because occurred by
lack of considerations. and any other tunnels also have this overhead.
Therefore, I support 1st idea. However, 2nd idea is ok if the overhead
caused by adding new hook isn't acceptable.
Ryoga
next prev parent reply other threads:[~2021-07-19 10:12 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-06 5:25 [PATCH] net: Add netfilter hooks to track SRv6-encapsulated flows Ryoga Saito
2021-07-08 1:31 ` Andrea Mayer
2021-07-08 13:38 ` Pablo Neira Ayuso
2021-07-08 16:32 ` Andrea Mayer
[not found] ` <CALPAGbJt_rb_r3M2AEJ_6VRsG+zXrEOza0U-6SxFGsERGipT4w@mail.gmail.com>
2021-07-08 20:52 ` Ryoga Saito
2021-07-09 18:48 ` Andrea Mayer
2021-07-11 7:12 ` Ryoga Saito
2021-07-12 23:31 ` Andrea Mayer
2021-07-15 22:13 ` Pablo Neira Ayuso
2021-07-19 10:12 ` Ryoga Saito [this message]
2021-07-26 21:29 ` Pablo Neira Ayuso
2021-07-19 11:55 ` Andrea Mayer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0B18A029-E4B5-4D74-AE9E-C617E5325190@gmail.com \
--to=proelbtn@gmail.com \
--cc=andrea.mayer@uniroma2.it \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=kuba@kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=paolo.lungaroni@uniroma2.it \
--cc=stefano.salsano@uniroma2.it \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.