From: Ranjit Manomohan
Date: Wed Sep 10 2008 - 19:15:18 EST

On Wed, Sep 10, 2008 at 4:00 PM, David Miller <davem@xxxxxxxxxxxxx> wrote:
> From: "Ranjit Manomohan" <ranjitm@xxxxxxxxxx>
> Date: Wed, 10 Sep 2008 15:56:55 -0700
>> That is correct for ingress, for egress the sk is already available in
>> the skb so should be fine.
> That is not something you can rely upon, even for egress, %100 of the time.
> Some forms of reallocation and mangling might decide to orphan the SKB
> and thus drop the skb->sk reference before you see the packet. And they
> are absolutely free to do this.
> Just grep for skb_orphan().
> Therefore, it is absolutely something you should not rely upon for
> correct operation.

Thats fine and we do not rely on this. Those packets would just not be
classified, the cgroup classid is only a hint and used when available
(which is most of the time).

> Like I said from the beginning, Thomas's approach is the superior one.

It would leave a lot of packets (like acks) unaccounted for and these
do take up a significant portion of network packets transmitted on a
high speed link). I am ok with Thomas' simpler approach too, just
pointing out that it is not as accurate as the proposed alternative.


