From: Andi Kleen <andi@firstfloor.org>
To: Lorenzo Colitti <lorenzo@google.com>
Cc: Matt Bennett <Matt.Bennett@alliedtelesis.co.nz>,
"netdev\@vger.kernel.org" <netdev@vger.kernel.org>,
Luuk Paulussen <Luuk.Paulussen@alliedtelesis.co.nz>,
davem@davemloft.net
Subject: Re: Increasing skb->mark size
Date: Tue, 01 Dec 2015 11:13:29 -0800 [thread overview]
Message-ID: <87610ivv6u.fsf@tassilo.jf.intel.com> (raw)
In-Reply-To: <CAKD1Yr3URKzAooiNH7i4kHVR0-TQjEAkQEdqjarAm6uxH7u-Mw@mail.gmail.com> (Lorenzo Colitti's message of "Sun, 29 Nov 2015 17:37:11 +0900")
Lorenzo Colitti <lorenzo@google.com> writes:
> On Wed, Nov 25, 2015 at 5:32 AM, Matt Bennett
> <Matt.Bennett@alliedtelesis.co.nz> wrote:
>> I'm emailing this list for feedback on the feasibility of increasing
>> skb->mark or adding a new field for marking. Perhaps this extension
>> could be done under a new CONFIG option.
>
> 64-bit marks (both skb->mark and sk->sk_mark) would be useful for
> hosts doing complex policy routing as well. Current Android releases
> use 20 of the 32 bits. If the mark were 64 bits, we could put the UID
> in it, and stop using ip rules to implement per-UID routing.
This would be be great. I've recently ran into some issues with
the overhead of the Android firewall setup.
So basically you need 4 extra bytes in sk_buff. How about:
- shrinking skb->priority to 2 byte
- skb_iff is either skb->dev->iff or 0. so it could be replaced with a
single bit flag for the 0 case.
-Andi
--
ak@linux.intel.com -- Speaking for myself only
next prev parent reply other threads:[~2015-12-01 19:13 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-24 20:32 Increasing skb->mark size Matt Bennett
2015-11-24 20:36 ` Florian Westphal
2015-11-24 20:56 ` Matt Bennett
2015-11-26 4:44 ` Luuk Paulussen
2015-11-30 2:08 ` Florian Westphal
2015-11-30 2:10 ` Lorenzo Colitti
2015-11-30 2:24 ` Florian Westphal
2015-11-29 8:37 ` Lorenzo Colitti
2015-11-30 1:58 ` David Miller
2015-11-30 4:10 ` Luuk Paulussen
2015-11-30 4:49 ` David Miller
2015-12-01 0:12 ` Luuk Paulussen
2015-12-01 3:55 ` David Miller
2015-12-01 4:57 ` Luuk Paulussen
2015-12-01 19:13 ` Andi Kleen [this message]
2015-12-01 22:09 ` Daniel Borkmann
2015-12-02 2:58 ` Andi Kleen
2015-12-02 5:42 ` David Ahern
2015-12-02 17:29 ` David Miller
2015-12-02 3:57 ` Lorenzo Colitti
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87610ivv6u.fsf@tassilo.jf.intel.com \
--to=andi@firstfloor.org \
--cc=Luuk.Paulussen@alliedtelesis.co.nz \
--cc=Matt.Bennett@alliedtelesis.co.nz \
--cc=davem@davemloft.net \
--cc=lorenzo@google.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.