Tue, Sep 05, 2017 at 02:48:21PM CEST, niko...@cumulusnetworks.com wrote: >Hi all, >This RFC adds a new mode for clsact which designates a device's egress >classifier as global per netns. The packets that are not classified for >a particular device will be classified using the global classifier. >We have needed a global classifier for some time now for various >purposes and setting the single bridge or loopback/vrf device as the >global classifier device is acceptable for us. Doing it this way avoids >the act/cls device and queue dependencies. > >This is strictly an RFC patch just to show the intent, if we agree on >the details the proposed patch will have support for both ingress and >egress, and will be using a static key to avoid the fast path test when no >global classifier has been configured. > >Example (need a modified tc that adds TCA_OPTIONS when using q_clsact): >$ tc qdisc add dev lo clsact global >$ tc filter add dev lo egress protocol ip u32 match ip dst 4.3.2.1/32 action >drop > >the last filter will be global for all devices that don't have a >specific egress_cl_list (i.e. have clsact configured). > >Any comments and thoughts would be greatly appreciated.
Did you see my shared blocks work? I believe that it should resolve your usecase, in a generic way. You just have to bind the devices you need to the shared block. Please see the RFC: https://www.spinics.net/lists/netdev/msg444067.html
