netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* Advice on user space application integration with tc
@ 2017-05-11 20:45 Morgan Yang
  2017-05-15 20:14 ` Cong Wang
  0 siblings, 1 reply; 5+ messages in thread
From: Morgan Yang @ 2017-05-11 20:45 UTC (permalink / raw)
  To: netdev

Hi All:

I want to build a solution that leverages the filtering and actions of
tc in kernel space, but have the ability to hook  to a userspace
application that can additional packet processing (such as payload
masking). I'm curious what are the best ways to go about doing that? I
have been looking into tc-skbmod and tc-pedit, but as good as they
are, they would require newer kernels. I have also tried using tc to
mirror filterd packets to a dummy or tap interface, and have the
userspace application pick up there, but the performance has been
supar. I'm hoping to have a solution that avoids the extra mirroring.
Much Thanks
Morgan Yang

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: Advice on user space application integration with tc
  2017-05-11 20:45 Advice on user space application integration with tc Morgan Yang
@ 2017-05-15 20:14 ` Cong Wang
  2017-05-15 20:39   ` Morgan Yang
       [not found]   ` <CAHV_CwaesEdmR+=Kr-O+NUCwGC4KNJZvXcDV3qNmji38OtZOeg@mail.gmail.com>
  0 siblings, 2 replies; 5+ messages in thread
From: Cong Wang @ 2017-05-15 20:14 UTC (permalink / raw)
  To: Morgan Yang; +Cc: Linux Kernel Network Developers

On Thu, May 11, 2017 at 1:45 PM, Morgan Yang <morgan.yang1982@gmail.com> wrote:
> Hi All:
>
> I want to build a solution that leverages the filtering and actions of
> tc in kernel space, but have the ability to hook  to a userspace
> application that can additional packet processing (such as payload
> masking). I'm curious what are the best ways to go about doing that? I
> have been looking into tc-skbmod and tc-pedit, but as good as they
> are, they would require newer kernels. I have also tried using tc to
> mirror filterd packets to a dummy or tap interface, and have the
> userspace application pick up there, but the performance has been
> supar. I'm hoping to have a solution that avoids the extra mirroring.


act pedit exists for a rather long time, I don't think you need a new
kernel to use it, unless of course you have a different definition of
"new kernel". ;)

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: Advice on user space application integration with tc
  2017-05-15 20:14 ` Cong Wang
@ 2017-05-15 20:39   ` Morgan Yang
  2017-05-16  8:25     ` Simon Horman
       [not found]   ` <CAHV_CwaesEdmR+=Kr-O+NUCwGC4KNJZvXcDV3qNmji38OtZOeg@mail.gmail.com>
  1 sibling, 1 reply; 5+ messages in thread
From: Morgan Yang @ 2017-05-15 20:39 UTC (permalink / raw)
  To: Cong Wang; +Cc: Linux Kernel Network Developers

I tried on both stock CentOS 7.3 and Ubuntu 16.04 and tc-skbmod was
not support (I built tc from the latest versions of iproute2). For
tc-pedit, examples from man tc-pedit such as "pedit ex munge" were not
supported, but "pedit munge offset" is.

On Mon, May 15, 2017 at 1:14 PM, Cong Wang <xiyou.wangcong@gmail.com> wrote:
> On Thu, May 11, 2017 at 1:45 PM, Morgan Yang <morgan.yang1982@gmail.com> wrote:
>> Hi All:
>>
>> I want to build a solution that leverages the filtering and actions of
>> tc in kernel space, but have the ability to hook  to a userspace
>> application that can additional packet processing (such as payload
>> masking). I'm curious what are the best ways to go about doing that? I
>> have been looking into tc-skbmod and tc-pedit, but as good as they
>> are, they would require newer kernels. I have also tried using tc to
>> mirror filterd packets to a dummy or tap interface, and have the
>> userspace application pick up there, but the performance has been
>> supar. I'm hoping to have a solution that avoids the extra mirroring.
>
>
> act pedit exists for a rather long time, I don't think you need a new
> kernel to use it, unless of course you have a different definition of
> "new kernel". ;)

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: Advice on user space application integration with tc
  2017-05-15 20:39   ` Morgan Yang
@ 2017-05-16  8:25     ` Simon Horman
  0 siblings, 0 replies; 5+ messages in thread
From: Simon Horman @ 2017-05-16  8:25 UTC (permalink / raw)
  To: Morgan Yang; +Cc: Cong Wang, Linux Kernel Network Developers

On Mon, May 15, 2017 at 01:39:27PM -0700, Morgan Yang wrote:
> I tried on both stock CentOS 7.3 and Ubuntu 16.04 and tc-skbmod was
> not support (I built tc from the latest versions of iproute2). For
> tc-pedit, examples from man tc-pedit such as "pedit ex munge" were not
> supported, but "pedit munge offset" is.

Please don't top-post on netdev.

Unless I understand things "pedit ex munge" uses new features of ped which
were introduced in v4.11. So yes, you would need a new kernel - or a
backport to an old one - in order to use that feature.

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: Advice on user space application integration with tc
       [not found]   ` <CAHV_CwaesEdmR+=Kr-O+NUCwGC4KNJZvXcDV3qNmji38OtZOeg@mail.gmail.com>
@ 2017-05-16 17:22     ` Cong Wang
  0 siblings, 0 replies; 5+ messages in thread
From: Cong Wang @ 2017-05-16 17:22 UTC (permalink / raw)
  To: Morgan Yang; +Cc: Linux Kernel Network Developers

On Mon, May 15, 2017 at 1:33 PM, Morgan Yang <morgan.yang1982@gmail.com> wrote:
> I tried on both stock CentOS 7.3 and Ubuntu 16.04 and tc-skbmod was not
> support (I built tc from the latest versions of iproute2). For tc-pedit,
> examples from man tc-pedit such as "pedit ex munge" were not supported, but
> "pedit munge offset" is.

act skbmod is new, it is introduced by:

commit 86da71b57383d40993cb90baafb3735cffe5d800
Author: Jamal Hadi Salim <jhs@mojatatu.com>
Date:   Mon Sep 12 20:13:09 2016 -0400

    net_sched: Introduce skbmod action

For pedit, "ex", as it implies, it is an extended feature which was
introduced in:

commit 71d0ed7079dffbc5cd0941d77d9b84e04109c9bb
Author: Amir Vadai <amir@vadai.me>
Date:   Tue Feb 7 09:56:07 2017 +0200

    net/act_pedit: Support using offset relative to the conventional
network headers

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-05-16 17:22 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-11 20:45 Advice on user space application integration with tc Morgan Yang
2017-05-15 20:14 ` Cong Wang
2017-05-15 20:39   ` Morgan Yang
2017-05-16  8:25     ` Simon Horman
     [not found]   ` <CAHV_CwaesEdmR+=Kr-O+NUCwGC4KNJZvXcDV3qNmji38OtZOeg@mail.gmail.com>
2017-05-16 17:22     ` Cong Wang

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).