linux-hardened/Documentation/networking/tc-actions-env-rules.txt

31 lines
1.2 KiB
Text
Raw Normal View History

The "enviromental" rules for authors of any new tc actions are:
1) If you stealeth or borroweth any packet thou shalt be branching
from the righteous path and thou shalt cloneth.
For example if your action queues a packet to be processed later,
or intentionally branches by redirecting a packet, then you need to
clone the packet.
There are certain fields in the skb tc_verd that need to be reset so we
avoid loops, etc. A few are generic enough that skb_act_clone()
resets them for you, so invoke skb_act_clone() rather than skb_clone().
2) If you munge any packet thou shalt call pskb_expand_head in the case
someone else is referencing the skb. After that you "own" the skb.
You must also tell us if it is ok to munge the packet (TC_OK2MUNGE),
this way any action downstream can stomp on the packet.
3) Dropping packets you don't own is a no-no. You simply return
TC_ACT_SHOT to the caller and they will drop it.
The "enviromental" rules for callers of actions (qdiscs etc) are:
*) Thou art responsible for freeing anything returned as being
TC_ACT_SHOT/STOLEN/QUEUED. If none of TC_ACT_SHOT/STOLEN/QUEUED is
returned, then all is great and you don't need to do anything.
Post on netdev if something is unclear.