> No objections to new year resolution of slimming the skb. > But: i am still concerned about the recursion that getting rid of > some of these bits could embolden. i.e my suggestion was infact to > restore some of those bits taken away by Florian after the ingress > redirect patches from Shmulik. > > The possibilities are: egress->egress, egress->ingress, > ingress->egress, ingress->ingress. The suggestion was > xmit_recursion with some skb magic would suffice. > Hannes promised around last netdevconf that he has a scheme to solve > it without using any extra skb state.
Are you referring to " Personally, I would only try to fix and warn against the easy to detect cases. It is easy enough to just create a loop with your local attached L2 which brings your box into a endless loop processing the same packet again and again. Because it is out of control of the kernel you cannot do anything at all. I would just care that we sometimes reschedule and don't do everything in one stack so we don't corrupt the machine and an admin has still a chance to solve the problem. " https://www.spinics.net/lists/netdev/msg397498.html That can be solved by extending act_mirred in the same way as Daniel did for bpf_redirect in a70b506efe89 ("bpf: enforce recursion limit on redirects").
