On Wed, Jun 27, 2018 at 12:39 PM Cong Wang <xiyou.wangcong@xxxxxxxxx> wrote: > > Let me rephrase why I don't like this patchset: > > 1. Let's forget about TSQ for a moment, skb_orphan() before leaving > the stack is not just reasonable but also aligning to network isolation > design. You can't claim skb_orphan() is broken from beginning, it is > designed in this way and it is intentional. > > 2. Now, let's consider the current TSQ behavior (without any patch): > > 2a. For packets leaving the host or just leaving the stack to another > netns, there is no difference, and this should be expected from user's > point of view, because I don't need to think about its destination to > decide how I should configure tcp_limit_output_bytes. > > 2b. The hidden pipeline behind TSQ is well defined, that is, any > queues in between L4 and L2, most importantly qdisc. I can easily > predict the number of queues my packets will go through with a > given configuration. This also aligns with 2a. > > 2c. Isolation is respected as it should. TCP sockets in this netns > won't be influenced by any factor in another netns. > > Now with your patchset: > > 2a. There is an apparent difference for packets leaving the host > and for packets just leaving this stack. > > 2b. You extend the pipeline to another netns's L3, which means > the number of queues is now unpredictable. > > 2c. Isolation is now slightly broken, the other netns could influence > the source netns. > > I don't see you have any good argument on any of these 3 points. No one finishes reading this. I will send a revert with quote of the above. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
