From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40043.outbound.protection.outlook.com [40.107.4.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 7D4C43B260 for ; Tue, 27 Sep 2016 22:56:38 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=darbyshire-bryant.me.uk; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=udcrcd+NzwruAx+iNxtomfO5T4+iVvdAU5Kg16D4m94=; b=IsuAOhuuFmvfY8qS9FWjXLLaFGTRGwR6E1I7ZzdMQDbeV0ZuHcSHE51ZupyoNmSNAvtVyXaDb2liU2sRy/vetEezMVUX5xTg4LpVNLXriQhErvVwQJDE0E2KGjwy4Z6A6PpozSHtaw9NxET9Vbsb0orw1oA2FHqXhpxUG8+tFZU= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=kevin@darbyshire-bryant.me.uk; Received: from [10.102.24.2] (109.159.227.69) by DBXPR07MB126.eurprd07.prod.outlook.com (10.242.138.152) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.629.8; Wed, 28 Sep 2016 02:56:35 +0000 To: Jonathan Morton References: <3a99770e-6350-471f-72b6-b209d7d77d75@darbyshire-bryant.me.uk> <8425FD26-5C1F-42B5-9087-01D81E1ED7F5@gmail.com> CC: From: Kevin Darbyshire-Bryant Message-ID: <3c28ec73-36e7-dfed-fad8-1a694d4ceeca@darbyshire-bryant.me.uk> Date: Wed, 28 Sep 2016 03:56:30 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0 MIME-Version: 1.0 In-Reply-To: <8425FD26-5C1F-42B5-9087-01D81E1ED7F5@gmail.com> Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [109.159.227.69] X-ClientProxiedBy: HE1PR10CA0005.EURPRD10.PROD.OUTLOOK.COM (10.167.243.143) To DBXPR07MB126.eurprd07.prod.outlook.com (10.242.138.152) X-MS-Office365-Filtering-Correlation-Id: 50bf2881-11a4-4fda-9932-08d3e74b0fb8 X-Microsoft-Exchange-Diagnostics: 1; DBXPR07MB126; 2:cpRSoEgUytwKEPBnmF0Zk4tO2JGzOfqc5NJFVVwvl7QZPccfTgiLVYp2x+OI5TtRBRXXzjUwidttkx8iOstPUK6xH3VGDm5lJQxXAWQSxfbeAH98PR/XoaHC45DkJZs+aRTh3IKbH9GaB5hc7tWQBoPbH0a+5Xup5wyTVcd2vMYKK+y1hIB86QNKZelJjPz+; 3:YSqpFAHCx0oldVAMBIyAsKPdD2XoeJj10Rbo5g+EcWIXjBGmTUgL3wFGVHYAjg/n0fDC4/+co7e7HQveHmGZQrJuXddqwngKwmtNVegOZwvOPoHSmlpzpeEvI5cMJYVv X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DBXPR07MB126; X-Microsoft-Exchange-Diagnostics: 1; DBXPR07MB126; 25:24zC2/K45zPSyHuoAlwgZ9rnOHUd3UT1O2ISxkhlInfkfXYRIkgMvtgZc1LmVVmbj90u1anHkFmR4/XMjIsCEk4goX8P7j6XgHO8tvb943JI8RgvatHJmx/olG6O7aGIKmcBJV96RJz/aK7ywBCSAZXKPozhFijIdgJFs7r4BH3M29tWPl4qzJ37djedy8e+t0BmTDkINjVNFOf3+9DI8W16pMb6+T4JDSO2qqKEugpzqdYwl4SkL5YNI+Z8mtSnqaj57ECd47YV5QGK0lrVyqEMl5Rmjy+nbkSVaPyUqXN4AwgtIlzCMiiDVMK0n/qpI7tNtrheyIEpMJtrW7cCW7IPNpvYgSDk0U2kdg8sq08PGxT4m3JTIRE4VRW8qtA3o+My8bZkjR9Adm7KLXUQtBo1ml4GJljk3Ky2W+rUM+vCL2X+xYHFN9FEpNkLPCPrrvgjtzRFBvQB+FHVs8+MicuFYVR7sKzgaHLGDEVxeuIYMHs3VT0wZ5cmSoFhpwCP2jLN6uoW9W4i9LwYNhn5osT3sRMmyN6MYnwsFVqOfzBH3AEu4Z2K9i9KHz0IYwbluwBDXQ0Z9rEaocD+Sd672uzK3LRSCSXU5F0HgIk7Lo70SUDYENglsDY/1/U02bpXi43MI7E7Ujbhuc33cXlJfEwyD3rK/H9MlhrtO/4e7XH9XMKwwk97iZp0yE+AK1vsegtKSwZTAMqjRYktMC6I1EqXITARC3fqQY/z+z5L6ikn9Dmm1BfNq6t0e303+8pMpX8QotC+u3n1oDJ14laYdd9qGoS80qyAXvxXu8Xc8tA3/dDUkPieMZSHX6dDOoF0 X-Microsoft-Exchange-Diagnostics: 1; DBXPR07MB126; 31:l3bojM0u2KvmzTLSBD4i/87/HkzX/l/Z2HR//EVk/8mGEfrF7vkPEWFnh5IxO4QBKoNnPPEb0hxipZCmVXQvBQ1zzjY0Ce+jvTcQiS+GIHqOozoKF/q2UGu2YLUr5NIrAn88lXoCUE54IyC3TNMqg68w9HAWRXS0bV4FEh2EpVxf3alXCeT0ovg5bKTfc6geMKk+GMUUWkpoeobhBB0QgUhjGwUoFmgfx4viHSP2Xm4=; 4:iQ+TxYRkyBpd2k3y77u6nob6b5zat0wUDvg68idVSbieuERL2YFQ3cZEBp2hlJv4Q0zFFoEiMN1ZcTqyP+0imU445v36bB+ncFg1HiMIkJJRF8KOb+k5C+MUL1d98YfTCqXCLQW7r1I/tt/8EWS+ppXOGcXi3SG0qLO0dRGJklOqN7qgskW3wu3KczcRdwUHKpnH1GaSJsTgPZt03WMWKQf7rBUBxPxxSfb2vxaGOSPDrs9b2nxhg6ajPiXGZUMMQikDyySShPpR7bh21MYhR4e9u6HCIzo1g+99ErIlqImNekCsAV6+fta5E9xCiYa+oMcTQwoDZ8B00nYXFbXIke2ujpDAQpEP/LSM233n9K5cf8qDZNoxLJe1WF9bC2fOhcbtd78AGbnqVkMEyQ1Q7RMuPl/8hSGzrOYXIkpn/0/hFwI1w8GbJrRR7KPPl82Lsda95QhtKfEi7GVnLARzzl5uxHmH1XJJnVg+y0EtcfE= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(166708455590820); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6042046)(6043046); SRVR:DBXPR07MB126; BCL:0; PCL:0; RULEID:; SRVR:DBXPR07MB126; X-Forefront-PRVS: 0079056367 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(6049001)(6009001)(7916002)(189002)(199003)(24454002)(50466002)(106356001)(5660300001)(76176999)(47776003)(6116002)(65956001)(66066001)(586003)(189998001)(23676002)(42882006)(105586002)(65826007)(64126003)(36756003)(2950100002)(68736007)(2906002)(110136003)(83506001)(4326007)(33646002)(6916009)(3846002)(92566002)(19580405001)(7846002)(19580395003)(86362001)(77096005)(2870700001)(31686004)(97736004)(81156014)(42186005)(1411001)(50986999)(7736002)(31696002)(305945005)(15975445007)(74482002)(81166006)(4001350100001)(8676002)(65806001)(54356999)(101416001); DIR:OUT; SFP:1101; SCL:1; SRVR:DBXPR07MB126; H:[10.102.24.2]; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: darbyshire-bryant.me.uk does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtEQlhQUjA3TUIxMjY7MjM6ZlMvNHZhQmFRRWcvRlJrN0FBUFBrL3kxNW1s?= =?utf-8?B?czFlcGpneENCNzhycFg2MzVidXdkSlcxb1U3K0tnTW5XdHhnNTNTNE5FVXhQ?= =?utf-8?B?azliOWUwY3B1Ym51U1pqMERzRXA1QXBvRnB3MWc5aEpUOC9tOWpPQlA5NjZs?= =?utf-8?B?UitYMG9PVVoyaEpwbVJMc2hMa29OdUwza1JvdTNFVnBlVy8xekFoNFpMR1B4?= =?utf-8?B?Qk82KytMazkwR0JoM01SMW5Pc2liQXp6VUJDQ0FnK3FQSTlyMm1pT3NTZjdF?= =?utf-8?B?NFRSOERRSit4a0NHZGJ5SW16aXFIdTA5UUF5c0xJaCsrY3VWRzZlQjNBVWY5?= =?utf-8?B?ekJnajhVWGFHQ1R1ZFMxa3JWdXFNTy92WWplOFl3UzdCbERJaytQeW4yZUVF?= =?utf-8?B?cUNia0VuNFJBdzFMaEcwWU4wL29iT1M1Y1RVbERIUTNuVTFFdFRRRklycHk3?= =?utf-8?B?SXZLTlA0dTJZMk9vYXhTaVZDSzVPSG92RlMyNTVzR0dDRUpoSjlEOWh6Vkw4?= =?utf-8?B?YlVheFdKd3BMMHNSV2xBWkh4NGZKOHRDdnI1MmpJelFiMEhMVkdiSkZMUUJN?= =?utf-8?B?d1pXR1FUTVZHeWtnSWl3Q3RIc2FEYkxOVDQ1NWg1eHc5Y3BWamdPTVRnR3JY?= =?utf-8?B?dW1RaTZzRTZrUzVyeWp2M1Y3SDJ2Z0M5NGhreGRXL0EyVGpZekJyYTZobVNX?= =?utf-8?B?cHlIeldaNGdlaHRoS1JNRE1CSWx3MFptVnFJZzFUai80WFdwNU5KR1VnemZr?= =?utf-8?B?Y3hIYUJzeXFtSlpkT3RCeWlsRXRtNWw3QmJRaFM2ZUp6WmlDUTRKeGRKck5J?= =?utf-8?B?NFZKemV0Yko1djg4bmV3ZURGdjNoT21QVnArdWlXSU5ESDRtbUF1UmplRTVI?= =?utf-8?B?N1Jzd0k0VlF3OVhyaklYQkV2Ris5WTJQbHh4dTFSODU2M1I1TW5EWXdJYzM5?= =?utf-8?B?NnhZdTlKdms1K0x3SEZsUHF0TDZUSitBQVNBdnQ1YnZhc1VBV0VFMmZrMDc5?= =?utf-8?B?Q0cyZGR2OXo3NFlzdHRESFZKdCswNEtKZUFFc29vZlhHTjZsNC9xaDArWUFl?= =?utf-8?B?VGloc0trQXhmS05hTFBHVGQzTklZUWRLai9vMXVmbXRWWTFmTURJbW9RdDUr?= =?utf-8?B?b3BMSzJTSUdvd3oxdU1YZlJra2hTVllUZnpGZE5JZ01xM25LcTFFT2JNN0J0?= =?utf-8?B?NDRXWDhrM3NXUXZwYjJKUjJoN1hiWXpBaXMzWE5TMzg5OGRla2RwYWxVRG1i?= =?utf-8?B?d0Q2c1RMTko3TURBd1RqQ1ZHWnhRd3NsZzZ3ai9tWVFjZmxvSVNhYVNuTDRF?= =?utf-8?B?TTZYT0RZREM1Tmp3OTZrMDdRMzhRWDJzRnNHVno4OW9SNUlhSldQMnB6S1NS?= =?utf-8?B?TXZORlBiRjVLa0VBQjk5MGNyRFk1Rnpqa0ZvaFhWWThWUkd4c0tNYi8zdWo3?= =?utf-8?B?bTZUMHdHQzAxTU9ERmpRM3E0REF2NSs0MHNmeXUrK2xKbVBRcUsyYTNSWTdo?= =?utf-8?B?Q0YzdmJtUWJGVk5HdUVTSnl0c0Q2SHY1NHhveGpJSStjdGtJTTZTRFVqczNO?= =?utf-8?B?LzZKSDdqVXRmVExGbWF3QlQ3RytucjJCeXZpZDlnTFZUb0Zsamo5YkVydkxo?= =?utf-8?B?QTlIRit2RGY0ODdaTWwrUnBVRGtXaHJoRUgwSTg3cHBoUllKTWJMNlBuUWZs?= =?utf-8?B?Wnk1ODAvUGFYN0FjTzVFbVE4ajAvMi94WXE1RmVXQ2Q1MG5wU2hud3IzaDlr?= =?utf-8?B?cjJUL3ZNOXpRRUNiSnNVQTV4V2ZMa2JqWG9QTVdwNms2WFBaMElGZW8yRXJx?= =?utf-8?B?VE56bjlmTmIwTnNTTkt6YkJxMUp0ZEZ2V2tsMWh2clNQWFpGMEdQS0VNU09l?= =?utf-8?Q?2FgVcizrqs=3D?= X-Microsoft-Exchange-Diagnostics: 1; DBXPR07MB126; 6:QOaS9rMsLuXPOn3YkroFEjlcVyA2KvRN83oLl2ufNoHU4Oy8ifFGr2w1Mcm/4gkRyu4wT+cglGH+1aUPJWJRH8T4OVQQ9h7GwZbDq/PxZ1JsUkOA6cgtiiejPDUPNM6Z+y935UnwVphYuRtf5ZgRXlNe4YllSnadeRwcWt7dUXKQVMuZOtOE6AJ9dIx4hUiK/5zOnyLePmkq+M6vTO3hpvhMCf7mFsCvAADgliBlEAB1u53XcMV0L51NgQZQXHMx+yhiuY2eGq7yTbaBZijMcI4NKBKMPATDtBdOtZKYLTolBJh3tryU9UaTInLIVF5h; 5:4NfwZFaHrRkifqju0H0YR5MGbgh8aUQ2qlu3nLpwRxj8J1O6NLK0ZWMUsF+Sv2qbIkfpiO/bm1rBu+AFCY/r7rktkUhbC1lVLXY6JhaJnTyp3arO/lT7g3o8lTMIv2Oe7xvPHlpS59gUkbertaxnNw==; 24:443lUG9tM6tJ2y0200cjugYu5nmnEfSo56OiWXkSFokolQcy630S/DzZ2KvzJFY22oNL4cewDtUo0Y9OTsI8rT+xkbRFAwi0tAxDm2mkpP4=; 7:cACwp5RDOcmVDRvBhRk8waf2UOFrAhVT1PQudxJQc6ee27KJAc+Eq3rp0jOWZY/u2nvBVQwTKisuum0gPD/iLwSO1rdwv5P8mVSp8jyIVwikHrbVRF7xTtXuqLrE6/WxzuwMFC8bW2L+QGatvWOOAO6OJcwudiWspRnWhOkBYjtXMSlVSUISNvnldSREYNRYrv8eGMIK9XuCeuffk+2eCIoB44G12iOFWWlFgkcpobJLcvt53ZNe+cJjrLChmhygudmYiu02uWaKQq4Pg9V4QtBwwztYLb9bez+ApZQCGpHD+17G6h03qyxCmV+nR2Hu SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: darbyshire-bryant.me.uk X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Sep 2016 02:56:35.8171 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBXPR07MB126 Subject: Re: [Cake] de-natting & host fairness X-BeenThere: cake@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Cake - FQ_codel the next generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Sep 2016 02:56:38 -0000 On 28/09/16 00:08, Jonathan Morton wrote: > >> On 26 Sep, 2016, at 06:20, Kevin Darbyshire-Bryant >> wrote: >> >> Another github user 'tegularius' presented some beautifully crafted >> code that did the lookups in a much neater way. Originally it too >> had an 'ingress' lookup problem. This was worked on and I hacked >> some conditional 'denat' options into cake & tc. >> >> For your 'delight' a denat cake >> https://github.com/kdarbyshirebryant/sch_cake/tree/natoptions along >> with a matching tc >> https://github.com/kdarbyshirebryant/tc-adv/tree/denat > > As I’m now at the stage of trying to merge this, I’m going to make > some executive design decisions: > > - De-NAT IPv4 packets only. I think it’s safe to assume that IPv6 > NAT will be rare, and in any case will typically preserve host > distinctions. This eliminates switch blocks in favour of simple if > blocks. Agree completely. The IPv6 stuff was inherited/for completeness but anyone doing many to one host masquerading with IPv6 really needs a slap! > > - Don’t bother with the distinction between src-NAT and dst-NAT > lookups. The full lookup has to be done anyway and then masked off, > the use-case for the limited functionality is nebulous, and all we’re > doing is adding a lot of nasty conditional branches to the fast > path. I winced at every condition as it was being put in believe me! It is horrible and I think now is a left over from when I was trying to understand how/why things weren't being translated as expected. I still don't completely trust it, but that's what testing is for :-) > > This in turn reduces the configuration interface for the feature to a > flag, which I’ll call “nat”. Agreed. Does this need to be another variable/parameter or could it be the next bit along in the flow type?