On Fri, 2006-30-06 at 15:08 +0200, Thomas Graf wrote:

* jamal [off-list ref] 2006-06-29 21:11

quoted

Heres what it would look at ingress:

step 0: coming from wire via eth0,
dev=eth0, input_dev=eth0

step 1: redirect to ifb0, leaving redirect
dev=ifb0, input_dev=eth0

step 2: leaving ifb0, coming back to ingress side of stack

dev= eth0, input_dev=ifb0

That creates a nice loop on ingress. Upon reentering the
stack with skb->dev set to eth0 again we'll go through the
same ingress filters as the first time and we'll hit ifb0
again over and over. 

loops are taken care of by other metadata. 

Are you suggesting everyone has to
insert a pass action matching input_dev in order to escape
the loop when using ifb?

This works, there are no loops. If you use a meta setter and changed
input_dev to something that creates a loop it will still be caught when
ttls expire.

quoted

quoted

When leaving ifb0 you want for...
... egress:
   skb->dev=to (eth0) skb->iif=from (ifb0)
... ingress:
   skb->dev=at (ifb0) skb->iif=from (eth0)

Yes, this is correct. I described the flow of the first one in the
earlier email and the ingress side.

How can it be correct if it differs from your description
above? What I described is what the patch changes it to.

Double check again: it works as described above; your change messes it.

Looking closer at ifb it contains a race when updating
skb->dev. Preempt has to be disabled when updating skb->dev
before calling netif_rx() otherwise the device might disappear.

I am going to ignore the patch until we resolve the issue of iif vs
input_dev. Why dont we discuss that?

cheers,
jamal