Hi Alexey,
On 11.01.2013 17:59, Alexey Perevalov wrote:
I'm sorry for previous email with attachments.
It seems something went wrong with the patch, e.g. indention is wrong
and also I see '^M$' line endings. I assume you are sending your patches
through an exchange server which is likely not to work.
I would like to represent next version of patch I sent before
cgroup: "net_cls: traffic counter based on classification control cgroup"
The main idea is the same as was. It keeping counter in control groups,
but now uses atomic instead resource_counters.
+#if IS_ENABLED(CONFIG_NET_CLS_COUNTER)
+ if (copied > 0)
+ count_cls_rcv(current, copied, ifindex);
+#endif
+
release_sock(sk);
return copied;
Normally, distros will enable most config flags. Maybe you could use
a jump label to reduce the cost for the users which have
CONFIG_NET_CLS_COUNTER enabled and do not use it?
I have a performance measurement for this patch. It was done by lmbench
on physical machine.
Results are not so representative for 20 tests and some numbers are real
weird.
Could you explain in the commit message how your patch is designed? I
see you are using a RB tree. What's the purpose of it?
Daniel Wagner wrote what he is doing something similar, but using
namespaces.
I am trying a different approach on this problem using iptables. I am
playing around with a few patches which allow to install a iptables rule
which matches on the security context, e.g.
iptables -t mangle -A OUTPUT -m secmark --secctx \
unconfined_u:unconfined_r:foo_t:s0-s0:c0.c1023 -j MARK --set-mark 1
So far it looks promising, but as I me previous networking experience
is, that something will not work eventually.
Proposed by me approach is used in upcoming Tizen release, but little
bit different version.
Thanks,
Daniel
--
To unsubscribe from this list: send the line "unsubscribe cgroups" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
