This series aims to implement the ct() action for the dpif-netdev datapath.
The bulk of the code is in the new conntrack module: it contains some packet
parsing code, some lookup tables and the logic to implements all the ct bits.
The conntrack module is helped by conntrack-tcp, for TCP window and flags
tracking: the bulk of the code of this submodule is from the FreeBSD's pf
subsystem, therefore is BSD licensed.
The rest of the series integrates the connection tracker with the rest of
OVS: the ct() action is implemented in dpif-netdev, and the debugging
interfaces required by dpctl/{dump,flush}-conntrack are implemented.
Besides adding some unit tests, this series ports the existing conntrack
system test to the userspace datapath. Some small modifications are
required to pass the testsuite, and some tests still have to be skipped.
This can also be downloaded at:
https://github.com/ddiproietto/ovs/tree/userconntrack_20160726
Any feedback is appreciated, thanks.
v4 -> v5:
* Rebase: hmap.h is moved, include ct_* field in some unit tests,
skip and adapt to the new ct dump format the OVN tests.
* Style and typo fixes.
* Add coverage counter to detect long cleanup.
* Use ovs_barrier instead of pthread_barrier in test (fix compilation
on OS X).
* Fix dumping tcp state in the reply direction.
* Squash together flow_compose improvements (checksum and udp_len).
v3 -> v4:
* Rebase: use struct dp_packet_batch, add extra ct_ fields in some
new tests, use struct hmap_pos, skip some new system NAT tests.
* Style and typo fixes.
* Add OVS_NOT_REACHED() in switch in process_one().
* New commit: use dl_type from flow or matching megaflow.
v2 -> v3:
* Rebased.
* Squashed commits for flushing (in dpif-netdev and conntrack).
* Squashed commits for dumping (in dpif-netdev and conntrack).
* Use adaptive mutex instead of spinlock: this prevents livelock
if the cleanup thread is executed on the same CPU as a forwarding
thread. Performance impact in minimal.
* Validate L3 and L4 checksum.
* Use proper L3 and L4 checksum in hardcoded packets in system and unit
tests.
* Consider ICMPv6 as well as ICMP in l4_protos and conn_key_to_tuple.
* Mention conntrack in NEWS and FAQ.md.
* Use uint16_t for ct_state.
* Fix possible NULL dereference for conn in process_one().
* Add OVS_U128_MIN, OVS_U128_ZERO.
* Use HMAP_FOR_EACH_POP.
* Check that UDP length is valid.
* Style fix: prefer 'sizeof *object' instead of 'sizeof type'
* Don't accept packets from/to UDP/TCP port 0.
* Use defines for timeouts.
* Check expiration inside lookup loop in conn_key_lookup().
* Limit the number of connections.
* Simplify case if tcp_get_wscale().
* Introduce general INT_MOD_* macros for comparisons in modular arithmetic.
* Improve comments.
* New cleanup mechanism: we keep connections in an ordered list and we have
a separate thread to performs the cleanup. This doesn't block the main
thread for long intervals anymore.
* Correctly fill UDP length and UDP/TCP/ICMP checksums in flow_compose():
it's useful to write testcases for the connection tracker.
* Added system test with ICMP traffic through the connection tracker.
* Track ICMP type and code.
v1 -> v2:
* Fixed bug in tcp_get_wscale(), related to TCP options parsing.
* Changed names of ICMP constants: now they're different from Linux and
FreeBSD.
* Fixed bug in parse_ipv6_ext_hdrs().
* Used ALWAYS_INLINE in parse_vlan and parse_ethertype, to avoid a
performance regression in miniflow_extract().
* Updated copyright info in COPYING and debian/copyright.in.
* Rebased.
* Changed batching strategy in conntrack_execute() to allow a newly
created connection to be picked up by packets in the same batch.
* Added an ovs-test module to throw pcap files at the connection tracker.
* Added a workaround for the userspace testsuite on new kernels and a tcp
non-conntrack test.
Daniele Di Proietto (16):
packets: Define ICMP types.
flow: Export parse_ipv6_ext_hdrs().
flow: Introduce parse_dl_type().
conntrack: New userspace connection tracker.
conntrack: Periodically delete expired connections.
tests: Add very simple conntrack benchmark.
tests: Add test-conntrack pcap test.
dpif-netdev: Execute conntrack action.
dpif-netdev: Implement conntrack dump functions.
dpif-netdev: Implement conntrack flush interface.
flow: Generate checksum and udp_len in flow_compose().
tests: Add conntrack ofproto-dpif tests.
system-tests: Run conntrack tests with userspace.
system-tests: Add ping through conntrack test.
conntrack: Track ICMP type and code.
conntrack: Add 'dl_type' parameter to conntrack_execute().
COPYING | 1 +
FAQ.md | 2 +-
NEWS | 2 +
debian/copyright.in | 4 +
include/openvswitch/types.h | 4 +
lib/automake.mk | 6 +
lib/conntrack-icmp.c | 105 ++++
lib/conntrack-other.c | 86 +++
lib/conntrack-private.h | 114 ++++
lib/conntrack-tcp.c | 498 +++++++++++++++
lib/conntrack.c | 1235 ++++++++++++++++++++++++++++++++++++++
lib/conntrack.h | 204 +++++++
lib/ct-dpif.c | 24 +-
lib/ct-dpif.h | 3 +-
lib/dpif-netdev.c | 150 ++++-
lib/flow.c | 216 ++++---
lib/flow.h | 4 +
lib/netlink-conntrack.c | 2 +-
lib/packets.h | 14 +-
lib/util.h | 9 +
tests/automake.mk | 1 +
tests/dpif-netdev.at | 16 +-
tests/ofproto-dpif.at | 900 +++++++++++++++++++++++----
tests/pmd.at | 2 +-
tests/system-kmod-macros.at | 28 +
tests/system-ovn.at | 10 +-
tests/system-traffic.at | 146 ++++-
tests/system-userspace-macros.at | 45 +-
tests/test-conntrack.c | 283 +++++++++
29 files changed, 3856 insertions(+), 258 deletions(-)
create mode 100644 lib/conntrack-icmp.c
create mode 100644 lib/conntrack-other.c
create mode 100644 lib/conntrack-private.h
create mode 100644 lib/conntrack-tcp.c
create mode 100644 lib/conntrack.c
create mode 100644 lib/conntrack.h
create mode 100644 tests/test-conntrack.c
--
2.8.1
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
