Received: by 10.213.65.68 with SMTP id h4csp39639imn;
        Thu, 15 Mar 2018 08:56:32 -0700 (PDT)
X-Google-Smtp-Source: AG47ELvENGl9OD/qearm7j1QNKQpUT2KsYSTNlm3oGyoJbrEnS+yobcQQcKgOXL+6CoDvrHhTHJ8
X-Received: by 2002:a17:902:7088:: with SMTP id z8-v6mr8694489plk.174.1521129392881;
        Thu, 15 Mar 2018 08:56:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1521129392; cv=none;
        d=google.com; s=arc-20160816;
        b=dD40XzR1wkTyUUj0S3PSi7LnJfC6HO0ETe7aMd7CigzPWjqzM0cF7kXAoPQEQ7f4op
         pc+WCUkvEoeCNqaK5pWEP+rdwgL6Q9UN8ml+znItkYO1ffNr1atl9JcASkYSh3LiRZMb
         ld2ojTRP9ANqDv5BhVDlm20ypY/p5IJZtfSIJfwXxXIBUQfw7Kd/e21JJ9qvgMjy9rxV
         bhRka/ioqV1J3ty9JSTlCLYYKVl8fkxJrY03xeTHbAWyvWEAo3CT5aBwX8wC6sCO8TBt
         o0REzAYii0Eg7UiQdBlSUf1w9sXXXOoYP0b+3UWT0Ndp3fkW53DG1bugTHsQgLYgRm0k
         X41w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:subject:cc:to:from:date
         :dkim-signature:arc-authentication-results;
        bh=X5FwpPnNXs1YfUTEEe6+WWDRQ+95RXLgTXPthzoi3Nw=;
        b=ZeFRwKSYVAIEbcPWiob2zvIMVAU+UtiVjevCysu+z5z5lVUrgJstwJA9DAkRPA2yhJ
         hQ6lInHZuLDXXVDvE4bNDWvnvATeB/8Vwf8JW0fpbdUB5U3yZAVqIH1icn+fS12oOYvN
         Avg0V8rcTU6xTg8TLmMQ+xQlmnXbAnYawvo7gM8hccx5vGwLS/ut88Y59J1SKUaYpBuq
         l7osRM4qesVMjQu0fO8j4iqDtIrZtxILeqJ+xPXMS1wN5NnXom5zCBanG+n3H8TfNzI6
         f83J6zT1CdPvH6u04IO1NYxKAsbD0p0uQ4tp5v1xOvAX9PckLtCSMrokByg8atDDJ2Ht
         rOqg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=f+2vS+Jd;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 184si3998376pfd.345.2018.03.15.08.56.18;
        Thu, 15 Mar 2018 08:56:32 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=f+2vS+Jd;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S932866AbeCOPy7 (ORCPT <rfc822;mahoosoft4you@gmail.com>
        + 99 others); Thu, 15 Mar 2018 11:54:59 -0400
Received: from mail-wm0-f66.google.com ([74.125.82.66]:53468 "EHLO
        mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S932395AbeCOPy5 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 15 Mar 2018 11:54:57 -0400
Received: by mail-wm0-f66.google.com with SMTP id e194so11358650wmd.3;
        Thu, 15 Mar 2018 08:54:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=date:from:to:cc:subject:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=X5FwpPnNXs1YfUTEEe6+WWDRQ+95RXLgTXPthzoi3Nw=;
        b=f+2vS+Jderaj3sVxwbR8xYHqtPFE8Q910yOovDdniUWM8qkuPQY8hTaC2s6l4/vnsh
         c35e9l1p2XiF5RIW24oZhn9+NNNV4sZ3sgaf+vriY5C8NAZaUrS+JxBtxvQzVITP5VPd
         91g/PEyFJAIUZkIjmQguwfNZ7gbCdr2lf9Kj4+D9N/cq09w4Uayge7qFc2eKRxtsvGC2
         jso0rlcobS5VV7ZGRJeRWSK4aYkR9i6FZZfgIUGMVeklI/Te+hKbe5AJhh5NwMZb8hLq
         x/rcnftqFkhZmlW6ulpCsJglJLvawS0ma2Ok40pKnkntMqA2VuffQwy6eULvMg2Nl8DZ
         8abQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=X5FwpPnNXs1YfUTEEe6+WWDRQ+95RXLgTXPthzoi3Nw=;
        b=nzjEfmOTALlFcW7tcstb0NZH8jk83yyJmowl735WmebRJsnlCdjdfcvrfIZJVHCWlH
         sdQ1movfsVk+mPIFI2IyZkrDdH9plO89yTiQz7tx5qWjYyN050gmvlrHzbdupcQCH0yQ
         R9U3r2CPfvBihYxAFO/djEhOIkYXwVFvE/grybSA0chXeWaS/6y5oW+6lo+tfmSBNNaF
         Wrj8uJZLZc/K5TYFKRAxxDGsHtcB1Fmd91P75t0iW8NZe5uZ3BxMa9ymO5PV2jV5BEY8
         BuNoBb3TmhnftBTzGQlqyW1Op3ElWE4aPn7VOtjryIK/zkQn67wR1V4qPtNSbIx+wNu5
         mgsQ==
X-Gm-Message-State: AElRT7FjCm6xIAWl5sCoAsnfuLWHU18hv4k7hhmR70dwtYZ7zZkg4kbI
        3R+/ms6h5+zlnhyZFVuPPdg=
X-Received: by 10.28.195.68 with SMTP id t65mr3145404wmf.40.1521129296326;
        Thu, 15 Mar 2018 08:54:56 -0700 (PDT)
Received: from halley ([141.226.179.122])
        by smtp.gmail.com with ESMTPSA id g38sm9888133wra.77.2018.03.15.08.54.54
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 15 Mar 2018 08:54:55 -0700 (PDT)
Date:   Thu, 15 Mar 2018 17:54:44 +0200
From:   Shmulik Ladkani <shmulik.ladkani@gmail.com>
To:     Daniel Borkmann <daniel@iogearbox.net>
Cc:     Liran Alon <liran.alon@oracle.com>, davem@davemloft.net,
        netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
        idan.brown@oracle.com, Yuval Shaia <yuval.shaia@oracle.com>
Subject: Re: [PATCH] net: dev_forward_skb(): Scrub packet's per-netns info
 only when crossing netns
Message-ID: <20180315175444.02d70f23@halley>
In-Reply-To: <cd0b73e3-2cde-1442-4312-566c69571e8a@iogearbox.net>
References: <1520953642-8145-1-git-send-email-liran.alon@oracle.com>
        <20180315112150.58586758@halley>
        <a673c689-ec30-61f6-9238-6b1773788201@iogearbox.net>
        <20180315145038.16df4fea@halley>
        <cd0b73e3-2cde-1442-4312-566c69571e8a@iogearbox.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, 15 Mar 2018 16:13:39 +0100 Daniel Borkmann <daniel@iogearbox.net> wrote:
> On 03/15/2018 01:50 PM, Shmulik Ladkani wrote:
> > 
> > It would be beneficial to have the mark preserved when skb is injected
> > to the slave device's rx path (especially when it's on the same netns).  
> 
> Right, I think also here the easiest would be to have a BPF_F_PRESERVE_MARK
> flag to opt-in in general case (xnet/non-xnet)

Sounds okay to me.

> But lets presume for a sec you would _not_ scrub it, then how are users
> supposed to make use of this? The feature/bug may not be critical enough
> (well, otherwise it wouldn't have been like this for long time) for stable,
> so to write an app relying on it the behavior will change from kernel A to
> kernel B, where you need to end up having a full blown veth run-time test
> in order to figure it out before you can use it, not really useful either.

Let's assume BPF_F_PRESERVE_MARK is a feature then, which is available only
in new kernels.
As said, this flag will not be honored by older kernels.

But your "run-time test" argument is true for every new flag-bit
introduced to bpf functions, for example:
 BPF_F_SEQ_NUMBER was added after other skb_set_tunnel_key flags,
 Same for BPF_F_INVALIDATE_HASH (skb_store_bytes), BPF_F_MARK_ENFORCE
 (l4_csum_replace) and others.

With every flag addition, the flag mask validation in the corresponding
bpf function has been relaxed to support it.

Why is BPF_F_PRESERVE_MARK any different from any previous flag addition?

Thanks,
Shmulik