|
Hey Julian,
Thanks a bunch for the nice explanation. It almost totally makes sense
to me.
- if netfilter connection tracking is used, ip_send_check is called
after ip_defrag and LVS has packet with valid IP csum.
Hey, I think with the new {nf|ct}-netlink framework you could ask for
that and then do your conditional check. But I doubt if it will be
faster then.
- while the stopgap in nf_hook_slow exists we can not notice that
the packet was fragmented, so it depends whether netfilter done
the job for us
Now, after introducing the Layer 8 factor (Julian) who
LOL! Maybe someone should update some RFC with OSI-L8 then :).
decided to test by removing the stopgap in nf_hook_slow(), you
see the result, with unpatched kernels the skbs are always linearized,
no matter ip_defrag is called for them.
So, we add unconditional ip_send_check when we know the
packet will be forwarded to another host. We can not know that
someone fixed the csum after ip_defrag.
2 Questions:
o Wouldn't it be nicer to have a bitfield in the struct skbuff which
indicates the csum status? But I guess then netfilter would need to
adapt a lot of code. But I see some nice unused fields in skbuff :)
o Shouldn't we do a conditional check for skb->summed? For example if it
is for the LOCAL_NODE feature.
We should really put the LVS hook out of the netfilter misery and call
it directly from the FIB :)
BTW, Julian, do you know how to export a struct to the slabinfo so it
doesn't show up in on of the size-{32,64,...} slabs? If I have multiple
size-128 slabs, I would like to differentiate them. For example like
arp_cache or skbuff_head_cache.
Best regards,
Roberto Nibali, ratz
--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc
|
