Re: [PATCH] net: dev_forward_skb(): Scrub packet's per-netns info only when crossing netns

[Liran Alon]

On 20/03/18 18:24, ebiederm@xxxxxxxxxxxx wrote:
> I don't believe the current behavior is a bug.
>
> I looked through the history.  Basically skb_scrub_packet
> started out as the scrubbing needed for crossing network
> namespaces.
>
> Then tunnels which needed 90% of the functionality started
> calling it, with the xnet flag added.  Because the tunnels
> needed to preserve their historic behavior.
>
> Then dev_forward_skb started calling skb_scrub_packet.
>
> A veth pair is supposed to give the same behavior as a cross-over
> cable plugged into two local nics.  A cross over cable won't
> preserve things like the skb mark.  So I don't see why anyone would
> expect a veth pair to preserve the mark.

I disagree with this argument.

I think that a skb crossing netns is what simulates a real packet 
crossing physical computers. Following your argument, why would 
skb->mark should be preserved when crossing netdevs on same netns via 
routing? But this does today preserve skb->mark.

Therefore, I do think that skb->mark should conceptually only be 
scrubbed when crossing netns. Regardless of the netdev used to cross it.

> Right now I don't see the point of handling packets that don't cross
> network namespace boundaries specially, other than to preserve backwards
> compatibility.
>
> Eric