From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wr0-x244.google.com (mail-wr0-x244.google.com [IPv6:2a00:1450:400c:c0c::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 3F9943B29E for ; Wed, 23 May 2018 15:31:57 -0400 (EDT) Received: by mail-wr0-x244.google.com with SMTP id r13-v6so16179000wrj.10 for ; Wed, 23 May 2018 12:31:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=xStnNVPHQVgEo52c8P08cm1yQe9EsWXuzjkod8tMt5M=; b=F6CmNaHtDQf8eZN51cK8EM9XfDTgYJ3X2CvWur7+LGHlor+DrUozlUpyHTXCC1z2+0 fGSw0a8iQDSW0fB8x81Fb86/97wtlR2jKY2dQhboR5z394YZwXlMtDgUR60C91cuT3TV H6WM8EYCeUcJMpWwNSihrOB6xmOlkFLnBhdf4RU8iXi4cfKRH+CGcScqaXCePO6tXXlv K9wCXAbU7fPQZeV1ckI1Sj/vsskpGkbL4owfQ04aFnR2qKUGFWEYLBAN7n5/veDpGN1B bjbW4KZmSdJJzVogJAo6zF7y6ROQLSVeTBVHxco4Kky26MyLjYEazIL6Qem1SwsScpw9 DRZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=xStnNVPHQVgEo52c8P08cm1yQe9EsWXuzjkod8tMt5M=; b=JpjAd8lhatBbCBdhUFl8bSQvxtl7ZBS3r11+URl31FowQ3TeiGEUR8wF9Q6Uca5bf0 zGf5DfTQAHNhSJlVZm8BkGgqJzy42cN+cv6DLzQGigP+qcv7eCf7u6qLc5haPXeeyQY4 DY56QV9CiW9pVBbjnGUsQ3ZxkCkPVe1Db+BeClD2LC6HBVfRhPgyE+PMDpBso6RifvsP mxE1JbEpo+K15PB+6gVCOW/Mi/UML9wfWeyupF7hOjRhoNeXNmXoujW2pz9SdFoFG8Bx TuIOzc1Xs8RXraV3wrvMNCH0VEkLU6Vi4qPzCZtZjnQxfhNkbfK5jAZJHCAhLurUIFwt Gwng== X-Gm-Message-State: ALKqPwdVvRaiGG+cYToFAFsQmVsFurgEQT5jMpKIHIu7gAsh6jcb1FVH c1krWP9eHPFrVrDZ1e678fg= X-Google-Smtp-Source: AB8JxZqIfSrJFxddMSZN6QL9lxpIUu9O/I+sbZ2DPrc5BnobJb+3nmB6QEJau3HJx3w3a1XE2BjABg== X-Received: by 2002:a19:9a10:: with SMTP id c16-v6mr2492161lfe.60.1527103916266; Wed, 23 May 2018 12:31:56 -0700 (PDT) Received: from [192.168.239.216] (83-245-233-104-nat-p.elisa-mobile.fi. [83.245.233.104]) by smtp.gmail.com with ESMTPSA id t4-v6sm4625761lff.48.2018.05.23.12.31.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 23 May 2018 12:31:55 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\)) From: Jonathan Morton In-Reply-To: <20180523.144442.864194409238516747.davem@davemloft.net> Date: Wed, 23 May 2018 22:31:53 +0300 Cc: toke@toke.dk, cake@lists.bufferbloat.net, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Message-Id: <91739F64-20B7-4C56-A7A3-AB8C71B9437C@gmail.com> References: <152699741881.21931.11656377745581563912.stgit@alrua-kau> <152699745846.21931.4558451708304709296.stgit@alrua-kau> <20180523.144442.864194409238516747.davem@davemloft.net> To: David Miller X-Mailer: Apple Mail (2.3445.6.18) Subject: Re: [Cake] [PATCH net-next v15 4/7] sch_cake: Add NAT awareness to packet classifier X-BeenThere: cake@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Cake - FQ_codel the next generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 May 2018 19:31:57 -0000 > On 23 May, 2018, at 9:44 pm, David Miller wrote: >=20 > I'd much rather you do something NAT method agnostic, like save > or compute the necessary information on ingress and then later > use it on egress. We were under the impression that conntrack was the cleanest and most = correct way to convey this information between qdiscs. Frankly it's = difficult to see how else we could do it without major complications. Remember that it takes two different qdiscs to implement ingress and = egress on the same physical interface, and there's no obvious logical = link between them - especially since the ingress one has to be attached = to an ifb, not to the actual interface, because there's no native = support for ingress qdiscs. What's more, there's no information (besides conntrack) at ingress about = the "inside" address of NATted traffic. There might be some residual = information for egress traffic, but communicating that to the ingress = side feels very much like we need to reimplement something very like = conntrack. If not supporting "alternative" NAT mechanisms that don't register their = data in conntrack is the penalty, it's one I personally can live with. - Jonathan Morton