On 20/03/18 18:24, ebied...@xmission.com wrote:
I don't believe the current behavior is a bug.
I looked through the history. Basically skb_scrub_packet
started out as the scrubbing needed for crossing network
namespaces.
Then tunnels which needed 90% of the functionality started
calling it, with the xnet flag added. Because the tunnels
needed to preserve their historic behavior.
Then dev_forward_skb started calling skb_scrub_packet.
A veth pair is supposed to give the same behavior as a cross-over
cable plugged into two local nics. A cross over cable won't
preserve things like the skb mark. So I don't see why anyone would
expect a veth pair to preserve the mark.
I disagree with this argument.
I think that a skb crossing netns is what simulates a real packet
crossing physical computers. Following your argument, why would
skb->mark should be preserved when crossing netdevs on same netns via
routing? But this does today preserve skb->mark.
Therefore, I do think that skb->mark should conceptually only be
scrubbed when crossing netns. Regardless of the netdev used to cross it.
Right now I don't see the point of handling packets that don't cross
network namespace boundaries specially, other than to preserve backwards
compatibility.
Eric
