From: Pablo Neira Ayuso <pablo@netfilter.org>
To: "Toke Høiland-Jørgensen" <toke@toke.dk>
Cc: netdev@vger.kernel.org, cake@lists.bufferbloat.net,
netfilter-devel@vger.kernel.org
Subject: Re: [Cake] [PATCH net-next v16 5/8] sch_cake: Add NAT awareness to packet classifier
Date: Mon, 28 May 2018 21:51:01 +0200 [thread overview]
Message-ID: <20180528195101.7mceghxngz5jhawa@salvia> (raw)
In-Reply-To: <152751766690.30935.18178441475189968162.stgit@alrua-kau>
On Mon, May 28, 2018 at 04:27:46PM +0200, Toke Høiland-Jørgensen wrote:
> When CAKE is deployed on a gateway that also performs NAT (which is a
> common deployment mode), the host fairness mechanism cannot distinguish
> internal hosts from each other, and so fails to work correctly.
>
> To fix this, we add an optional NAT awareness mode, which will query the
> kernel conntrack mechanism to obtain the pre-NAT addresses for each packet
> and use that in the flow and host hashing.
>
> When the shaper is enabled and the host is already performing NAT, the cost
> of this lookup is negligible. However, in unlimited mode with no NAT being
> performed, there is a significant CPU cost at higher bandwidths. For this
> reason, the feature is turned off by default.
>
> Cc: netfilter-devel@vger.kernel.org
> Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
> ---
> net/sched/sch_cake.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 46 insertions(+)
>
> diff --git a/net/sched/sch_cake.c b/net/sched/sch_cake.c
> index 68ac908470f1..fecd9caac0cc 100644
> --- a/net/sched/sch_cake.c
> +++ b/net/sched/sch_cake.c
> @@ -71,6 +71,10 @@
> #include <net/tcp.h>
> #include <net/flow_dissector.h>
>
> +#if IS_ENABLED(CONFIG_NF_CONNTRACK)
> +#include <net/netfilter/nf_conntrack_core.h>
> +#endif
> +
> #define CAKE_SET_WAYS (8)
> #define CAKE_MAX_TINS (8)
> #define CAKE_QUEUES (1024)
> @@ -516,6 +520,29 @@ static bool cobalt_should_drop(struct cobalt_vars *vars,
> return drop;
> }
>
> +static void cake_update_flowkeys(struct flow_keys *keys,
> + const struct sk_buff *skb)
> +{
> +#if IS_ENABLED(CONFIG_NF_CONNTRACK)
I would remove the ifdef, not really needed, it will simplify things.
But I leave it to you to decide, this is not I deal breaker.
next prev parent reply other threads:[~2018-05-28 19:51 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-28 14:27 [Cake] [PATCH net-next v16 0/8] sched: Add Common Applications Kept Enhanced (cake) qdisc Toke Høiland-Jørgensen
2018-05-28 14:27 ` [Cake] [PATCH net-next v16 1/8] " Toke Høiland-Jørgensen
2018-05-28 14:27 ` [Cake] [PATCH net-next v16 5/8] sch_cake: Add NAT awareness to packet classifier Toke Høiland-Jørgensen
2018-05-28 19:51 ` Pablo Neira Ayuso [this message]
2018-05-28 22:19 ` Toke Høiland-Jørgensen
2018-05-28 14:27 ` [Cake] [PATCH net-next v16 6/8] sch_cake: Add DiffServ handling Toke Høiland-Jørgensen
2018-05-28 14:27 ` [Cake] [PATCH net-next v16 4/8] netfilter: Add nf_ct_get_tuple_skb callback Toke Høiland-Jørgensen
2018-05-28 19:49 ` Pablo Neira Ayuso
2018-05-28 21:28 ` Toke Høiland-Jørgensen
2018-05-30 6:11 ` kbuild test robot
2018-05-30 8:33 ` kbuild test robot
2018-05-28 14:27 ` [Cake] [PATCH net-next v16 3/8] sch_cake: Add optional ACK filter Toke Høiland-Jørgensen
2018-05-28 14:27 ` [Cake] [PATCH net-next v16 2/8] sch_cake: Add ingress mode Toke Høiland-Jørgensen
2018-05-28 14:27 ` [Cake] [PATCH net-next v16 7/8] sch_cake: Add overhead compensation support to the rate shaper Toke Høiland-Jørgensen
2018-05-28 14:27 ` [Cake] [PATCH net-next v16 8/8] sch_cake: Conditionally split GSO segments Toke Høiland-Jørgensen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cake.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180528195101.7mceghxngz5jhawa@salvia \
--to=pablo@netfilter.org \
--cc=cake@lists.bufferbloat.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=toke@toke.dk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox