From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.toke.dk (mail.toke.dk [IPv6:2001:470:dc45:1000::1]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id BD21C3B2A4 for ; Mon, 28 May 2018 18:19:18 -0400 (EDT) From: Toke =?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=toke.dk; s=20161023; t=1527545957; bh=BcXs/uW6tYopR2GeLAHrFTdgaXk1sLCusLt0yenWeTs=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=QHqm9UMIDlFcP+JmN6b4RuldkBiyjsBql7/rNwhYv7Nxg7O5ZD17wYyBIhmFX9KEN igIQwqjV/5A1yrTVJZj8oVpAco0jPuACdam6aQlblZd0Dekm5lW8n+hqmFhUeF1PZK jl1k/JMblwezYN/IqR16czX7pxBOZ2Ge6H8zDcYuT09V9yuuiTwJT278pC+3jb9RT7 lNGBQgQDXPlpXoONnWG1HSVbGjK0s8ee17CuR0YjlWy6w3+1aWhxXdR7WIvXSq2XKG 95X6KiVwz/6jTR/vCp2nA4MO/jIDDJZdFyojgP8zqmVymh2BHAkHM6v4ZyIX35O6hF 34CnLrulhY4rg== To: Pablo Neira Ayuso Cc: netdev@vger.kernel.org, cake@lists.bufferbloat.net, netfilter-devel@vger.kernel.org In-Reply-To: <20180528195101.7mceghxngz5jhawa@salvia> References: <152751762093.30935.15398977119837536494.stgit@alrua-kau> <152751766690.30935.18178441475189968162.stgit@alrua-kau> <20180528195101.7mceghxngz5jhawa@salvia> Date: Tue, 29 May 2018 00:19:18 +0200 X-Clacks-Overhead: GNU Terry Pratchett Message-ID: <878t83tod5.fsf@toke.dk> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [Cake] [PATCH net-next v16 5/8] sch_cake: Add NAT awareness to packet classifier X-BeenThere: cake@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Cake - FQ_codel the next generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 May 2018 22:19:18 -0000 Pablo Neira Ayuso writes: > On Mon, May 28, 2018 at 04:27:46PM +0200, Toke H=C3=B8iland-J=C3=B8rgense= n wrote: >> When CAKE is deployed on a gateway that also performs NAT (which is a >> common deployment mode), the host fairness mechanism cannot distinguish >> internal hosts from each other, and so fails to work correctly. >>=20 >> To fix this, we add an optional NAT awareness mode, which will query the >> kernel conntrack mechanism to obtain the pre-NAT addresses for each pack= et >> and use that in the flow and host hashing. >>=20 >> When the shaper is enabled and the host is already performing NAT, the c= ost >> of this lookup is negligible. However, in unlimited mode with no NAT bei= ng >> performed, there is a significant CPU cost at higher bandwidths. For this >> reason, the feature is turned off by default. >>=20 >> Cc: netfilter-devel@vger.kernel.org >> Signed-off-by: Toke H=C3=B8iland-J=C3=B8rgensen >> --- >> net/sched/sch_cake.c | 46 +++++++++++++++++++++++++++++++++++++++++++= +++ >> 1 file changed, 46 insertions(+) >>=20 >> diff --git a/net/sched/sch_cake.c b/net/sched/sch_cake.c >> index 68ac908470f1..fecd9caac0cc 100644 >> --- a/net/sched/sch_cake.c >> +++ b/net/sched/sch_cake.c >> @@ -71,6 +71,10 @@ >> #include >> #include >>=20=20 >> +#if IS_ENABLED(CONFIG_NF_CONNTRACK) >> +#include >> +#endif >> + >> #define CAKE_SET_WAYS (8) >> #define CAKE_MAX_TINS (8) >> #define CAKE_QUEUES (1024) >> @@ -516,6 +520,29 @@ static bool cobalt_should_drop(struct cobalt_vars *= vars, >> return drop; >> } >>=20=20 >> +static void cake_update_flowkeys(struct flow_keys *keys, >> + const struct sk_buff *skb) >> +{ >> +#if IS_ENABLED(CONFIG_NF_CONNTRACK) > > I would remove the ifdef, not really needed, it will simplify things. > > But I leave it to you to decide, this is not I deal breaker. If I remove it I get a bunch of 'incomplete type' errors when compiling. Besides, we use it to report an error to userspace when conntrack is disabled anyway, so might as well keep the whole thing ifdef'ed. -Toke