Home » Mailing list archives » linux-netdev » 2009 » March » 8

Re: skbedit action chaining with other actions - will fail

Previous thread: MAC/PHY layer implementation questions by Rahul Jain on Saturday, March 7, 2009 - 4:15 pm. (1 message)

Next thread: Vaildate if i can use gmail to send a mail to LKML by Zhiyong Wu on Saturday, March 7, 2009 - 9:45 pm. (1 message)
[view original message]
From: Denys Fedoryschenko
Subject: skbedit action chaining with other actions - will fail
Date: Saturday, March 7, 2009 - 4:15 pm

If i am chaining skbedit with other action, packets will not come in next (by 
order) action. Here is example:

Command
    echo "filter add dev $2 parent ffff: protocol ip prio 10 u32 \
match u32 0 0 flowid 1:1 \
action skbedit priority 0x${lowid} \
action mirred egress redirect dev ifb0"

and for ipt example
    echo "filter add dev $2 parent ffff: protocol ip prio 10 u32 \
match u32 0 0 flowid 1:1 \
action ipt -j MARK --set-mark ${id} \
action mirred egress redirect dev ifb0"


Here is skbedit (mirred will fail)

filter protocol ip pref 10 u32 fh 801::800 order 2048 key ht 801 bkt 0 flowid 
1:1  (rule hit 569 success 569)
  match 00000000/00000000 at 0 (success 569 )
        action order 1:  skbedit priority :7 installed 121 sec used 8 sec       
Action statistics:
        Sent 103528 bytes 569 pkt (dropped 0, overlimits 0 requeues 0)
        rate 0bit 0pps backlog 0b 0p requeues 0

        action order 2: mirred (Egress Redirect to device ifb0) stolen
        index 706 ref 1 bind 1 installed 121 sec used 121 sec
        Action statistics:
        Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
        rate 0bit 0pps backlog 0b 0p requeues 0

But for example ipt works fine
filter protocol ip pref 10 u32 fh 801::800 order 2048 key ht 801 bkt 0 flowid 
1:1  (rule hit 5023 success 5023)
  match 00000000/00000000 at 0 (success 5023 )
        action order 1: tablename: mangle  hook: NF_IP_PRE_ROUTING
        target MARK xset 0x65/0xffffffff
        index 190508 ref 1 bind 1 installed 792 sec used 0 sec
        Action statistics:
        Sent 999442 bytes 5023 pkt (dropped 0, overlimits 0 requeues 0)
        rate 0bit 0pps backlog 0b 0p requeues 0

        action order 2: mirred (Egress Redirect to device ifb0) stolen
        index 190508 ref 1 bind 1 installed 792 sec used 0 sec
        Action statistics:
        Sent 999442 bytes 5023 pkt (dropped 0, overlimits 0 requeues 0)
        rate 0bit 0pps backlog 0b 0p requeues 0




--


[ message continues ]
[view original message]
From: Denys Fedoryschenko
Subject: Re: skbedit action chaining with other actions - will fail
Date: Saturday, March 7, 2009 - 5:20 pm

Sorry my mistake, discard

It should be
     echo "filter add dev $2 parent ffff: protocol ip prio 10 u32 \
 match u32 0 0 flowid 1:1 \
 action skbedit priority 0x${lowid} pipe \
 action mirred egress redirect dev ifb0"

(i forgot pipe)

ipt use another way of defining action (depends on return value of iptables).
--


[ message continues ]
Previous thread: MAC/PHY layer implementation questions by Rahul Jain on Saturday, March 7, 2009 - 4:15 pm. (1 message)

Next thread: Vaildate if i can use gmail to send a mail to LKML by Zhiyong Wu on Saturday, March 7, 2009 - 9:45 pm. (1 message)