* Advice on user space application integration with tc
@ 2017-05-11 20:45 Morgan Yang
2017-05-15 20:14 ` Cong Wang
0 siblings, 1 reply; 5+ messages in thread
From: Morgan Yang @ 2017-05-11 20:45 UTC (permalink / raw)
To: netdev
Hi All:
I want to build a solution that leverages the filtering and actions of
tc in kernel space, but have the ability to hook to a userspace
application that can additional packet processing (such as payload
masking). I'm curious what are the best ways to go about doing that? I
have been looking into tc-skbmod and tc-pedit, but as good as they
are, they would require newer kernels. I have also tried using tc to
mirror filterd packets to a dummy or tap interface, and have the
userspace application pick up there, but the performance has been
supar. I'm hoping to have a solution that avoids the extra mirroring.
Much Thanks
Morgan Yang
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Advice on user space application integration with tc
2017-05-11 20:45 Advice on user space application integration with tc Morgan Yang
@ 2017-05-15 20:14 ` Cong Wang
2017-05-15 20:39 ` Morgan Yang
[not found] ` <CAHV_CwaesEdmR+=Kr-O+NUCwGC4KNJZvXcDV3qNmji38OtZOeg@mail.gmail.com>
0 siblings, 2 replies; 5+ messages in thread
From: Cong Wang @ 2017-05-15 20:14 UTC (permalink / raw)
To: Morgan Yang; +Cc: Linux Kernel Network Developers
On Thu, May 11, 2017 at 1:45 PM, Morgan Yang <morgan.yang1982@gmail.com> wrote:
> Hi All:
>
> I want to build a solution that leverages the filtering and actions of
> tc in kernel space, but have the ability to hook to a userspace
> application that can additional packet processing (such as payload
> masking). I'm curious what are the best ways to go about doing that? I
> have been looking into tc-skbmod and tc-pedit, but as good as they
> are, they would require newer kernels. I have also tried using tc to
> mirror filterd packets to a dummy or tap interface, and have the
> userspace application pick up there, but the performance has been
> supar. I'm hoping to have a solution that avoids the extra mirroring.
act pedit exists for a rather long time, I don't think you need a new
kernel to use it, unless of course you have a different definition of
"new kernel". ;)
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Advice on user space application integration with tc
2017-05-15 20:14 ` Cong Wang
@ 2017-05-15 20:39 ` Morgan Yang
2017-05-16 8:25 ` Simon Horman
[not found] ` <CAHV_CwaesEdmR+=Kr-O+NUCwGC4KNJZvXcDV3qNmji38OtZOeg@mail.gmail.com>
1 sibling, 1 reply; 5+ messages in thread
From: Morgan Yang @ 2017-05-15 20:39 UTC (permalink / raw)
To: Cong Wang; +Cc: Linux Kernel Network Developers
I tried on both stock CentOS 7.3 and Ubuntu 16.04 and tc-skbmod was
not support (I built tc from the latest versions of iproute2). For
tc-pedit, examples from man tc-pedit such as "pedit ex munge" were not
supported, but "pedit munge offset" is.
On Mon, May 15, 2017 at 1:14 PM, Cong Wang <xiyou.wangcong@gmail.com> wrote:
> On Thu, May 11, 2017 at 1:45 PM, Morgan Yang <morgan.yang1982@gmail.com> wrote:
>> Hi All:
>>
>> I want to build a solution that leverages the filtering and actions of
>> tc in kernel space, but have the ability to hook to a userspace
>> application that can additional packet processing (such as payload
>> masking). I'm curious what are the best ways to go about doing that? I
>> have been looking into tc-skbmod and tc-pedit, but as good as they
>> are, they would require newer kernels. I have also tried using tc to
>> mirror filterd packets to a dummy or tap interface, and have the
>> userspace application pick up there, but the performance has been
>> supar. I'm hoping to have a solution that avoids the extra mirroring.
>
>
> act pedit exists for a rather long time, I don't think you need a new
> kernel to use it, unless of course you have a different definition of
> "new kernel". ;)
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Advice on user space application integration with tc
2017-05-15 20:39 ` Morgan Yang
@ 2017-05-16 8:25 ` Simon Horman
0 siblings, 0 replies; 5+ messages in thread
From: Simon Horman @ 2017-05-16 8:25 UTC (permalink / raw)
To: Morgan Yang; +Cc: Cong Wang, Linux Kernel Network Developers
On Mon, May 15, 2017 at 01:39:27PM -0700, Morgan Yang wrote:
> I tried on both stock CentOS 7.3 and Ubuntu 16.04 and tc-skbmod was
> not support (I built tc from the latest versions of iproute2). For
> tc-pedit, examples from man tc-pedit such as "pedit ex munge" were not
> supported, but "pedit munge offset" is.
Please don't top-post on netdev.
Unless I understand things "pedit ex munge" uses new features of ped which
were introduced in v4.11. So yes, you would need a new kernel - or a
backport to an old one - in order to use that feature.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Advice on user space application integration with tc
[not found] ` <CAHV_CwaesEdmR+=Kr-O+NUCwGC4KNJZvXcDV3qNmji38OtZOeg@mail.gmail.com>
@ 2017-05-16 17:22 ` Cong Wang
0 siblings, 0 replies; 5+ messages in thread
From: Cong Wang @ 2017-05-16 17:22 UTC (permalink / raw)
To: Morgan Yang; +Cc: Linux Kernel Network Developers
On Mon, May 15, 2017 at 1:33 PM, Morgan Yang <morgan.yang1982@gmail.com> wrote:
> I tried on both stock CentOS 7.3 and Ubuntu 16.04 and tc-skbmod was not
> support (I built tc from the latest versions of iproute2). For tc-pedit,
> examples from man tc-pedit such as "pedit ex munge" were not supported, but
> "pedit munge offset" is.
act skbmod is new, it is introduced by:
commit 86da71b57383d40993cb90baafb3735cffe5d800
Author: Jamal Hadi Salim <jhs@mojatatu.com>
Date: Mon Sep 12 20:13:09 2016 -0400
net_sched: Introduce skbmod action
For pedit, "ex", as it implies, it is an extended feature which was
introduced in:
commit 71d0ed7079dffbc5cd0941d77d9b84e04109c9bb
Author: Amir Vadai <amir@vadai.me>
Date: Tue Feb 7 09:56:07 2017 +0200
net/act_pedit: Support using offset relative to the conventional
network headers
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-05-16 17:22 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-11 20:45 Advice on user space application integration with tc Morgan Yang
2017-05-15 20:14 ` Cong Wang
2017-05-15 20:39 ` Morgan Yang
2017-05-16 8:25 ` Simon Horman
[not found] ` <CAHV_CwaesEdmR+=Kr-O+NUCwGC4KNJZvXcDV3qNmji38OtZOeg@mail.gmail.com>
2017-05-16 17:22 ` Cong Wang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).