Ben Greear <gree...@candelatech.com> writes: > On 03/20/2018 09:44 AM, Liran Alon wrote: >> >> >> On 20/03/18 18:24, ebied...@xmission.com wrote: >>> >>> I don't believe the current behavior is a bug. >>> >>> I looked through the history. Basically skb_scrub_packet >>> started out as the scrubbing needed for crossing network >>> namespaces. >>> >>> Then tunnels which needed 90% of the functionality started >>> calling it, with the xnet flag added. Because the tunnels >>> needed to preserve their historic behavior. >>> >>> Then dev_forward_skb started calling skb_scrub_packet. >>> >>> A veth pair is supposed to give the same behavior as a cross-over >>> cable plugged into two local nics. A cross over cable won't >>> preserve things like the skb mark. So I don't see why anyone would >>> expect a veth pair to preserve the mark. >> >> I disagree with this argument. >> >> I think that a skb crossing netns is what simulates a real packet >> crossing physical computers. Following your argument, why would >> skb->mark should be preserved when crossing netdevs on same netns via >> routing? But this does today preserve skb->mark. >> >> Therefore, I do think that skb->mark should conceptually only be >> scrubbed when crossing netns. Regardless of the netdev used to cross >> it. > > It should be scrubbed in VETH as well. That is one way to make virtual > routers. Possibly > the newer VRF features will give another better way to do it, but you should > not break > things that used to work. > > Now, if you want to add a new feature that allows one to configure the kernel > (or VETH) for > a new behavior, then that might be something to consider. > >>> Right now I don't see the point of handling packets that don't cross >>> network namespace boundaries specially, other than to preserve backwards >>> compatibility. > > Well, backwards compat is a big deal all by itself!
Absolutely agreed. Eric
