Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1946332AbbHGWH5 (ORCPT ); Fri, 7 Aug 2015 18:07:57 -0400 Received: from mail-lb0-f178.google.com ([209.85.217.178]:32886 "EHLO mail-lb0-f178.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1946136AbbHGWHz (ORCPT ); Fri, 7 Aug 2015 18:07:55 -0400 MIME-Version: 1.0 In-Reply-To: References: <1438279963-29563-1-git-send-email-joestringer@nicira.com> <1438279963-29563-2-git-send-email-joestringer@nicira.com> <1438353294.20479.7.camel@redhat.com> <20150801191741.GA13837@pox.localdomain> From: Jesse Gross Date: Fri, 7 Aug 2015 15:07:31 -0700 Message-ID: Subject: Re: [PATCH net-next 1/9] openvswitch: Scrub packet in ovs_vport_receive() To: Joe Stringer Cc: Thomas Graf , Hannes Frederic Sowa , Linux Netdev List , Linux Kernel , Pablo Neira Ayuso , Patrick McHardy , Justin Pettit , Pravin Shelar , Andy Zhou , Florian Westphal Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2487 Lines: 48 On Tue, Aug 4, 2015 at 9:40 PM, Joe Stringer wrote: > On 1 August 2015 at 12:17, Thomas Graf wrote: >> On 07/31/15 at 10:51am, Joe Stringer wrote: >>> On 31 July 2015 at 07:34, Hannes Frederic Sowa wrote: >>> > In general, this shouldn't be necessary as the packet should already be >>> > scrubbed before they arrive here. >>> > >>> > Could you maybe add a WARN_ON and check how those skbs with conntrack >>> > data traverse the stack? I also didn't understand why make it dependent >>> > on the socket. >>> >>> OK, sure. One case I could think of is with an OVS internal port in >>> another namespace, directly attached to the bridge. I'll have a play >>> around with WARN_ON and see if I can come up with something more >>> trimmed down. >> >> The OVS internal port will definitely pass through an unscrubbed >> packet across namespaces. I think the proper thing to do would be >> to scrub but conditionally keep metadata. > > It's only "unscrubbed" when receiving from local stack at the moment. > Some pieces are cleared when handing towards the local stack, and > there's no configuration for that behaviour. Presumably internal port > transmit and receive should mirror each other? > > I don't have a specific use case either way. The remaining code for > this series handles this case correctly, it's just a matter of what > behaviour we're looking for. We could implement the flag as you say, I > presume that userspace would need to specify this during vport > creation and the default should work similar to the existing behaviour > (ie, keep metadata). One thing that's not entirely clear to me is > exactly which metadata should be represented by this flag and whether > the single flag is expressive enough. I would prefer not to have a flag as it seems unnecessarily complicated (doubly so if we try to have multiple flags to express different combinations). The use case for moving internal ports to different namespaces is pretty narrow, so it seems like we can just pick a set of metadata to keep and go with that. Mark seems the primary one to me. I also think that it would be better to use skb->dev to determine the original namespace rather than the socket. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/