Eric W. Biederman wrote: > Patrick McHardy <kaber@xxxxxxxxx> writes: > >> In the layered case (macvlan -> eth0) its common behaviour to >> keep the mark however. But in case of different namespaces, >> I think macvlan should also clear the mark on the dev_queue_xmit() >> path since this is just a shortcut to looping the packets >> through veth. In fact probably both of them should also clear >> skb->priority so other namespaces don't accidentally misclassify >> packets. > > That is why I pushed for what is becoming dev_forward_skb. So that > we have one place where we can make all of those tweaks. It seems > like in every review we find another field that should be cleared/handled > specially. > > I don't quite follow what you intend with dev_queue_xmit when the macvlan > is in one namespace and the real physical device is in another. Are > you mentioning that the packet classifier runs in the namespace where > the primary device lives with packets from a different namespace? Exactly. And I think we should make sure that the namespace of the macvlan device can't (deliberately or accidentally) cause misclassification. _______________________________________________ Virtualization mailing list Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/virtualization
