From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-vk0-x233.google.com (mail-vk0-x233.google.com [IPv6:2607:f8b0:400c:c05::233]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 107F921F76F for ; Thu, 10 Dec 2015 03:45:01 -0800 (PST) Received: by vkca188 with SMTP id a188so78870800vkc.0 for ; Thu, 10 Dec 2015 03:45:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=9H4oX+fFJ7nUHziBBBU3mqRBIV/ilSje3ZXVQnckR/0=; b=x7WtwnKwjcsmnCo/GXUOVVNnNyGrl4u/8JEpL/KdxfkPn52+TnU2m9ss4q+v94Ehhl +3SRTyQSghkNmL9KTJ0smfMMXTn/n5Yrq2pISZSsaWXkEy9Sz4UE69UbrNGwDs2R1Y4l n82T2Csmg869xcoXTgcWpq+o/c05H+3qAD2kDS/wYyqAH9mbL8HMuEAV6T1HUK3tD0QY 0Q5u3tYpfO19naY+8Wn3IDgwmPkYwBln+RhuzpfOvjI9hkrg7BQf5+PbNnpF69G67dTP IXGL6aiqpdKMB/gIFuwsRpYoJXnI9j6Rp8oKE/epuEWLzfgiFEypo9swwmBxX2Ou0dMS nZrQ== MIME-Version: 1.0 X-Received: by 10.129.41.200 with SMTP id p191mr4150825ywp.160.1449747900229; Thu, 10 Dec 2015 03:45:00 -0800 (PST) Received: by 10.37.112.6 with HTTP; Thu, 10 Dec 2015 03:45:00 -0800 (PST) In-Reply-To: <56695F78.5020802@darbyshire-bryant.me.uk> References: <5664173D.40808@darbyshire-bryant.me.uk> <56695F78.5020802@darbyshire-bryant.me.uk> Date: Thu, 10 Dec 2015 12:45:00 +0100 Message-ID: From: Dave Taht To: Kevin Darbyshire-Bryant Content-Type: text/plain; charset=UTF-8 Cc: cake@lists.bufferbloat.net Subject: Re: [Cake] dscp & tunneling X-BeenThere: cake@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Cake - FQ_codel the next generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Dec 2015 11:45:24 -0000 On Thu, Dec 10, 2015 at 12:18 PM, Kevin Darbyshire-Bryant wrote: > > > On 06/12/15 11:08, Kevin Darbyshire-Bryant wrote: >> So there I was pondering the problem of getting the IPv6 DSCP coding >> onto the outer IPv4 packets of my '6in4' tunnel (kindly provided for >> free by Hurricane Electric) when I stumbled across this in a man page: >> >> >> ip tunnel { add | change | del | show | prl } [ NAME ] >> [ mode MODE ] [ remote ADDR ] [ local ADDR ] >> [ [i|o]seq ] [ [i|o]key KEY ] [ [i|o]csum ] ] >> [ encaplimit ELIM ] [ ttl TTL ] >> [ tos TOS ] [ flowlabel FLOWLABEL ] >> [ prl-default ADDR ] [ prl-nodefault ADDR ] [ prl-delete >> ADDR ] >> [ [no]pmtudisc ] [ dev PHYS_DEV ] [ dscp inherit ] >> >> dscp inherit - just what I need! Unfortunately it turns out it's for >> 'things being tunnelled over ipv6' and not 'ipv6 being tunnelled over >> ipv4'. Aaaarrghhh! So close. > Of course I'm a complete muppet! This would be a fairly pointless > exercise as cake has already classified the tunnel as it's a single flow > (from my router to the tunnel server) and no amount of dscp bit fiddling > from inner to outer headers is going to make different parts of the > tunnel flow move to different cake tins. Oh I am stupid. Sigh. No... for the hashing part, the skb_dissect routines in the kernel already pull apart the stuff inside ip, ipv6, and gre *version 0) tunnels and give you a hash based on the inner headers. So you do end up with more than one hashed flow in the ipv6 tunnel. (this was not the case at least as far back as 3.6, but it was one of the first things we fixed) - see approximately line 458 in net/core/flow_dissector.c. The dscp is hopefully, with inherit, copied back and forth correctly, although it is worrisome on some other OSes regarding dealing with the ecn bits. VPNs like ipsec or openvpn are not handled this way, not enough data. Arguably you could pull apart some forms of tinc (stalled out research project) in a really sane way... > I'm going to persist with my dscp 'dye' option (wash cleans, dye > 'colours' the packets with certain dscp codes per tin - wash/dye - > geddit? I'll fetch my coat) > >> >> >> >> _______________________________________________ >> Cake mailing list >> Cake@lists.bufferbloat.net >> https://lists.bufferbloat.net/listinfo/cake > > > > _______________________________________________ > Cake mailing list > Cake@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cake >