On 16-07-19 09:21 AM, Daniel Borkmann wrote:
True, the 32 bit chunks are more generic and as such you need to put more effort in user space to handle them, but at the same time gain more flexibility w/o having to have a module for each and every proto.
I dont see anything wrong with using pedit as a first step; even if you did what Cong said he would do _i wont use it_ given the choice against skbmod. I think we are going in circles now in this discussion. You probably didnt mean to say module per protocol above since we only have one action module [no different than what ebtables or openvswitch does. It may have more justifiable extensions in the future].
But apart from this, neither pedit nor tcf_skbmod_run() here handle checksum complete, so you'll potentially get false positives wrt csum corruption and drops as a result when using either of the two.
pedit maybe tricky. Any suggestions? On tcf_skbmod_run, mostly ignorance: while doing only ethernet updates; is it still needed to do the checksum complete? cheers, jamal
