Re: CONFIG_NET_TC_SKB_EXT

[Daniel Borkmann <daniel@iogearbox.net>]

On 9/21/19 12:56 AM, Jakub Kicinski wrote:
> On Sat, 21 Sep 2019 00:15:16 +0200, Daniel Borkmann wrote:
>> On 9/20/19 6:16 PM, Jakub Kicinski wrote:
>>> On Thu, 19 Sep 2019 15:13:55 +0000, Vlad Buslov wrote:
>>>> On Thu 19 Sep 2019 at 14:21, David Miller <davem@davemloft.net> wrote:
>>>>> As Linus pointed out, the Kconfig logic for CONFIG_NET_TC_SKB_EXT
>>>>> is really not acceptable.
>>>>>
>>>>> It should not be enabled by default at all.
>>>>>
>>>>> Instead the actual users should turn it on or depend upon it, which in
>>>>> this case seems to be OVS.
>>>>>
>>>>> Please fix this, thank you.
>>>>
>>>> Hi David,
>>>>
>>>> We are working on it, but Paul is OoO today. Is it okay if we send the
>>>> fix early next week?
>>>
>>> Doesn't really seem like we have too many ways forward here, right?
>>>
>>> How about this?
>>>    
>>> ------>8-----------------------------------
>>>
>>> net: hide NET_TC_SKB_EXT as a config option
>>>
>>> Linus points out the NET_TC_SKB_EXT config option looks suspicious.
>>> Indeed, it should really be selected to ensure correct OvS operation
>>> if TC offload is used. Hopefully those who care about TC-only and
>>> OvS-only performance disable the other one at compilation time.
>>>
>>> Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
>>> ---
>>>    net/openvswitch/Kconfig |  1 +
>>>    net/sched/Kconfig       | 13 +++----------
>>>    2 files changed, 4 insertions(+), 10 deletions(-)
>>>
>>> diff --git a/net/openvswitch/Kconfig b/net/openvswitch/Kconfig
>>> index 22d7d5604b4c..bd407ea7c263 100644
>>> --- a/net/openvswitch/Kconfig
>>> +++ b/net/openvswitch/Kconfig
>>> @@ -15,6 +15,7 @@ config OPENVSWITCH
>>>    	select NET_MPLS_GSO
>>>    	select DST_CACHE
>>>    	select NET_NSH
>>> +	select NET_TC_SKB_EXT if NET_CLS_ACT
>>>    	---help---
>>>    	  Open vSwitch is a multilayer Ethernet switch targeted at virtualized
>>>    	  environments.  In addition to supporting a variety of features
>>> diff --git a/net/sched/Kconfig b/net/sched/Kconfig
>>> index b3faafeafab9..f1062ef55098 100644
>>> --- a/net/sched/Kconfig
>>> +++ b/net/sched/Kconfig
>>> @@ -719,6 +719,7 @@ config NET_EMATCH_IPT
>>>    config NET_CLS_ACT
>>>    	bool "Actions"
>>>    	select NET_CLS
>>> +	select NET_TC_SKB_EXT if OPENVSWITCH
>>
>> But how would that make much of a difference :( Distros are still going to
>> enable all of this blindlessly. Given discussion in [0], could we just get
>> rid of this tasteless hack altogether which is for such a narrow use case
>> anyway?
> 
> Agreed.  I take it you're opposed to the use of skb extensions here
> in general?  Distros would have enabled NET_TC_SKB_EXT even when it
> was a config option.

Yeah, as it stands, motivation for this extension is to tie tc [HW] offload
and OVS to work together in case of recirculation ... from commit:

   Received packets will first travel though tc, and if they aren't stolen
   by it, like in the above rule, they will continue to OvS datapath.

   Since we already did some actions (action ct in this case) which might
   modify the packets, and updated action stats, we would like to continue
   the proccessing with the correct recirc_id in OvS (here recirc_id(2))
   where we left off.

I would perhaps see more of a point in an skb extension if there is rather
generic use and also out of the SW datapath (and I really doubt anyone is
seriously using tc + OVS combo for non-HW workloads). Right now this feels
like duck taping.

Adding new skb extensions should really have a strong justification behind
it (close but slightly less strict to how we treat adding new members to
skb itself).