Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754926AbbKQVqy (ORCPT <rfc822;w@1wt.eu>);
	Tue, 17 Nov 2015 16:46:54 -0500
Received: from www62.your-server.de ([213.133.104.62]:49659 "EHLO
	www62.your-server.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750867AbbKQVqv (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Tue, 17 Nov 2015 16:46:51 -0500
Message-ID: <564BA036.4000602@iogearbox.net>
Date: Tue, 17 Nov 2015 22:46:30 +0100
From: Daniel Borkmann <daniel@iogearbox.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: Tejun Heo <tj@kernel.org>, davem@davemloft.net, pablo@netfilter.org,
        kaber@trash.net, kadlec@blackhole.kfki.hu, lizefan@huawei.com,
        hannes@cmpxchg.org
CC: netdev@vger.kernel.org, netfilter-devel@vger.kernel.org,
        coreteam@netfilter.org, cgroups@vger.kernel.org,
        linux-kernel@vger.kernel.org, kernel-team@fb.com,
        daniel.wagner@bmw-carit.de, nhorman@tuxdriver.com
Subject: Re: [PATCH 4/5] sock, cgroup: add sock->sk_cgroup
References: <1447789240-29394-1-git-send-email-tj@kernel.org> <1447789240-29394-5-git-send-email-tj@kernel.org>
In-Reply-To: <1447789240-29394-5-git-send-email-tj@kernel.org>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-Authenticated-Sender: daniel@iogearbox.net
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1840
Lines: 37

Hi Tejun,

On 11/17/2015 08:40 PM, Tejun Heo wrote:
...
> While it is possible to solve these issues from controller side by
> implementing hierarchical allowable ranges in both controllers, it
> would involve quite a bit of complexity in the controllers and further
> obfuscate network configuration as it becomes even more difficult to
> tell what's actually being configured looking from the network side.
> While not much can be done for v1 at this point, as membership
> handling is sane on cgroup v2, it'd be better to make cgroup matching
> behave like other network matches and classifiers than introducing
> further complications.
>
> In preparation, this patch adds sock->sk_cgroup which points to the
> associated cgroup.  A sock is associated on creation and stays
> associated to the same cgroup until freed; unfortunately, this ends up
> adding another cgroup field to struct sock on top of sk_cgrp_prioidx
> and sk_classid.  I tried to think of a way to somehow overload the
> existing fields but couldn't come up with a reasonable one.  For the
> longer term, the fields can be rearranged so that disabling prio and
> cls controllers reduce the size of the struct.

Do you see a way forward where the new behavior could be enabled f.e.
as an extra mount option (that long-term would be made default, while
deprecating the current behavior) on net_cls et al? There are various
more users at least on the net_cls side (nft and tc as well). Would be
really great, if sk_cgroup could abstract that somehow away for all of
them w/o adding a second version to all users.

Best,
Daniel
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/