On Thu, Apr 30, 2015 at 11:24:57AM +0200, Daniel Borkmann wrote: > On 04/30/2015 08:02 AM, Alexei Starovoitov wrote: > ... > >My point is that I agree that cleanup of ingress qdisc is needed. > >I disagree with drastic measures. > >Just add your nf_hook to ingress and let's see how things evolve. > >We have rx_handler and all of ptype hooks in there. One can argue > >that rx_handler overlaps with nf_hook too ? ;) > >We cannot generalize them all under one 'hook' infra. > >nf needs to do nf_hook_state_init() and pass it around which > >no one else needs. That's the cost others should not pay. > > +1 Actually, the state object can be useful to resolve the major bug in actions that mangle skbs in an illegal way, as we can use it to pass back to the ingress path the new skb_shared_check()'ed skb. The genericity that they state object introduces comes with a cost, no doubt, but it helps to extend things later on and resolve tricky situation like the one above without large patches to propagate new state information that you need all over the code. Regarding the performance argument that is repeating over and over again, we all here are quite aware here that there's is a *good room for improvement* in qdisc ingress itself... -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
