Re: Some query on ingress policing

[Asim Shankar <asimshankar@xxxxxxxxx>]

> I was going thro the packet journey thro the network stack in Linux.
> Now if I want enable ingress policing, it looks like packet
> classification and policing should happen in netif_rx (i.e in the
> interrupt context) before packet is queued on to the input queue am I
> missing something.

My understanding is that ingress policing (the
qdisc_ingress->enqueue() call) is done in the softint. See
netif_receive_skb() for a call to ing_filter().

Alternatively, if CONFIG_NET_CLS_ACT=n and CONFIG_NETFILTER=y then the
policing happens as an NF_IP_PRE_ROUTING netfilter hook instead.

Also, netif_rx() is not the single point of entry for skb's to the
stack. NAPI drivers are polled for packets, so packets aren't always
picked up from the NIC in the interrupt context.

Hope that helps,

-- Asim