From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.toke.dk (mail.toke.dk [52.28.52.200]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 49C3A3BA8E for ; Wed, 30 May 2018 16:47:56 -0400 (EDT) From: Toke =?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=toke.dk; s=20161023; t=1527713274; bh=cR6YX2dJA4ztOdUidgMrunSgoTUEHSIlnE73fWh+Pxk=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=bE70XQsytuphLAd2qyaRnRSJufHCbAt+iwuQTfyWTMasvRW/x0QaSq7pLNvKQG+UV WgxQusclypGs96Tx9DRQKqhEkxthHg48TiJHI1NYk/tcRfjcgk+Xg2hxvAvn30r0h6 h/t/UFHC1sjXuQ4kldLT6zy9fsCZL5MjNNEVne1/7fT8uuB8D5rbAk5CnedoBb0TJZ B8gGMiFnOp9aq2w2x5rBQytkCkMboEhPusnUuFSJpjobotnzbWts+aQASQADphnsIj +I6gjdyOdtIstW6Am0ndNelLEU8Z6wkliGNmIk2Fi9vJKFkzyVR7y6YMnpEpQoX2Um HncX0Vf86BrBA== To: Dave Taht Cc: Georgios Amanakis , Cake List In-Reply-To: References: <87muwyy34k.fsf@toke.dk> <87tvqoc3vl.fsf@toke.dk> <87r2lsc2dm.fsf@toke.dk> Date: Wed, 30 May 2018 22:47:57 +0200 X-Clacks-Overhead: GNU Terry Pratchett Message-ID: <87h8moc1ky.fsf@toke.dk> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [Cake] Fwd: Does the latest cake support "tc filter"? X-BeenThere: cake@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Cake - FQ_codel the next generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 May 2018 20:47:56 -0000 Dave Taht writes: > On Wed, May 30, 2018 at 1:30 PM, Toke H=C3=B8iland-J=C3=B8rgensen wrote: >> Dave Taht writes: >> >>> I am very interested in collecting use cases and howtos as to how to >>> use this feature. >> >> Well, with tc-bpf you can write a BPF program to do any processing you >> like, and select diffserv tin and/or flow queue based on that... :) > > I guess "why", is also a good pre-requisite. 'Why not' is surely a better one ;) Off the top of my head, putting things into queues based on some other parameter than what cake knows. For instance, an ISP could create a BPF map with the IP addresses of their customers and use that to give each their own queue. Or, longer term, we could extend Cake to have a configurable number of *tins*, and the same mechanism could be used to give each customer a whole set of queues, in a single instance > My own thought for bpf was that it could be used to more actively > identify "bad guys" as a front > end to cake, dropping packets and never hitting it - but then I > realized that that would muck with the inbound shaper mode, yet again. If you want to drop packets really fast (DDOS protection, for instance), you'd want to do it in the ethernet driver using XDP. That can cheerfully throw away packets at 40 Gbps line rates with minimum-sized floods. If you're trying to protect yourself against a DDOS, an inbound shaper is presumably not going to help you anyway, since DDOS attacks generally don't use congestion control... -Toke