[Cake] act_connmark-dscp

Kevin Darbyshire-Bryant kevin at darbyshire-bryant.me.uk
Mon Mar 11 13:46:13 EDT 2019


Hi All,

You find me in an incredibly frustrated, upset & depressed state of mind.

Those of you following the recent threads on using firewall conntrack marks may have realised I’ve come to an acceptance that CAKE is not really the ideal/upstream compatible place to do interesting things like copy DSCPs into fwmarks.  Instead it makes more sense to do it in a tc action, who knows it may even be acceptable to upstream.

I think it makes sense to do it as a new sub-function of act_connmark, since that is already restoring conntrack fw marks into skbs.

The logic of storing/restoring DSCPs to/from conntrack firewall marks is easy.  Where I’m absolutely stuck to the point of tears and depression is the whole ’netlink’ thing and also if I’m brutally honest with myself, my understanding of C.

I have the ‘functional’ logic & code, but the passing of switches to turn it on eludes me.  If I understand the existing code, it passes over a parameter structure containing the relevant parameters for connmark.  I don’t think I can extend that structure for backwards compatible reasons, so I thought I could pass another parameter structure say ‘DSCP’ and that would then fill a locally stored version of a similar structure….but, well I’m stuck/confused/at wits end/fed up/frustrated/angry with myself.

If anyone feels like helping out https://github.com/ldir-EDB0/linux-stable/tree/connmarkhack - it will also show the true horror of my lack of skill/direction etc, and I don’t want the idea to die just because I can’t code it.


Kevin


More information about the Cake mailing list