<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Aug 21, 2018, at 1:25 PM, Toke Høiland-Jørgensen <<a href="mailto:toke@toke.dk" class="">toke@toke.dk</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class=""><blockquote type="cite" class=""><blockquote type="cite" class="">The next simplest fix is to ignore the flow ID override unless we're<br class="">in "flows" mode. We can then make valid assumptions about what should<br class="">go into the host tables.<br class=""><br class="">The *right* fix, if we want to maximise functionality, would be to<br class="">pass the result struct by reference into cake_hash(), where it can<br class="">override the *host* IDs (not the flow ID). Users can then choose<br class="">between using the override as a flow ID (by setting "hosts" mode<br class="">instead of "flows"), or retaining the default host-isolation semantics<br class="">with a revised definition of "host".<br class=""></blockquote><br class="">Ah, making it possible to override both host and flow mode is a great<br class="">idea! I guess we could use the major/minor distinction in the class to<br class="">steer this. I'll see if I can't integrate this.<br class=""></blockquote><br class="">So, I implemented this; in the latest commit on github it is again<br class="">possible to override the flow hashing by setting the class ID with a TC<br class="">filter; and the host hash can be overridden by setting the major number<br class="">of the class ID. In my testing the hangs from before are gone, but if<br class="">anyone else wants to test, please do!<br class=""><br class="">I'll write up a description of the filter overrides in the man page, and<br class="">submit the change upstream as well...<br class=""></div></div></blockquote></div><div class=""><br class=""></div><div class=""><div class="">Well that’s good timing for me as I’m wrapping up a small utility/eBPF to classify an arbitrary username to either MAC or IP. Here’s the work in progress, which is not done yet as flow fairness is still under construction, and I haven’t gotten my IPv6 support to pass the rather stubborn eBPF verifier: <a href="https://github.com/heistp/tc-users" class="">https://github.com/heistp/tc-users</a></div><div class=""><br class=""></div><div class="">With your new code Toke:</div><div class="">- I so far haven’t seen my VM either crash or suddenly fill its disk with logs, which is a bonus. :)</div><div class="">- With the new major/minor ID distinction, I’d probably use major for the user and minor for the flow hash?</div><div class=""><br class=""></div><div class="">Another thing I haven’t looked into yet is that when fq_codel is the qdisc, the eBPF action is only called "once in a while” (start of a new flow?) With cake it’s called for every single packet, which is what I expected to happen, but very different behavior.</div><div class=""><br class=""></div></div><div class="">Lastly, if anyone has time to review even just a little code for what is or is not good or idiomatic C, post an issue and I’d appreciate it. Yes, I yield to the ‘goto’ proponents when it comes to error handling and resource de-allocation. :)</div><div class=""><br class=""></div><div class="">Pete</div><div class=""><br class=""></div></body></html>