According to net, sched: add clsact qdisc you add filter on ingress and egress after adding clsact,e.g.
➜ tc qdisc add dev foo clsact
➜ tc qdisc show dev foo
➜ tc filter add dev foo ingress bpf da obj bar.o sec ingress
➜ tc filter add dev foo egress bpf da obj bar.o sec egress
➜ tc filter show dev foo ingress
filter protocol all pref 49152 bpf
filter protocol all pref 49152 bpf handle 0x1 bar.o:[ingress] direct-action
➜ tc filter show dev foo egress
filter protocol all pref 49152 bpf
filter protocol all pref 49152 bpf handle 0x1 bar.o:[egress] direct-action
But wait, what is that egress in the last tc command call? Let's examine it as a qdisc
tc qdisc show dev foo egress
res: What is "egress"? Try "tc qdisc help"
So what is it, if it's not a qdisc identifiable by name?
I've used strace to get to know what netlink message is sent into the kernel:
strace -o strace.out tc filter show dev foo egress && cat strace.out | grep sendmsg
What I've got:
sendmsg(3, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000},
msg_namelen=12, msg_iov=[{iov_base=[{nlmsg_len=36, nlmsg_type=RTM_GETTFILTER,
nlmsg_flags=NLM_F_REQUEST|NLM_F_DUMP, nlmsg_seq=1682363678, nlmsg_pid=0},
{tcm_family=AF_UNSPEC, tcm_ifindex=if_nametoindex("foo"), tcm_handle=0, tcm_parent=4294967283,
tcm_info=0}], iov_len=36}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 36
where tcm_parent=4294967283=0xfffffff3
So, egress is idetified by ffff:fff3
and it's true:
tc filter show dev foo parent ffff:fff3
shows the filter.
But who owns that ffff:fff3 while if I try to check that out I get amazing results:
➜ tc qdisc show dev foo handle ffff:fff0
qdisc clsact ffff: parent ffff:fff1
➜ tc qdisc show dev foo handle ffff:fff3
qdisc clsact ffff: parent ffff:fff1
➜ tc qdisc show dev foo handle ffff:fff35
qdisc clsact ffff: parent ffff:fff1
Can anyone explain it to me what is going on here?
