[ovs-discuss] PATCH lib/netdev-linux.c: Added IPv6 rate limiting support (Linux)

[Mike Bursell]

Rationale -
1.2.2 openvswitch only supports IPv4 rate limiting, though IPv6 traffic is 
correctly handled.
This 

Design description and rationale -
Created a new tc command to be called, and provided the relevant syntax for 
IPv6.  
Added a block to call the new command, and relevant debug output.

Testing -
Tested against XenServer 6.0 release.
---
 lib/netdev-linux.c |   20 +++++++++++++++++---
 1 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/lib/netdev-linux.c b/lib/netdev-linux.c
index 44167da..6f1e820 100644
--- a/lib/netdev-linux.c
+++ b/lib/netdev-linux.c
@@ -1544,7 +1544,8 @@ netdev_linux_set_advertisements(struct netdev *netdev, 
uint32_t advertise)
 }
 
 #define POLICE_ADD_CMD "/sbin/tc qdisc add dev %s handle ffff: ingress"
-#define POLICE_CONFIG_CMD "/sbin/tc filter add dev %s parent ffff: protocol ip 
prio 50 u32 match ip src 0.0.0.0/0 police rate %dkbit burst %dk mtu 65535 drop 
flowid :1"
+#define POLICE_CONFIG_CMD_IPV6 "/sbin/tc filter add dev %s parent ffff: 
protocol ipv6 prio 49 u32 match ip6 src 0::0/0 police rate %dkbit burst %dk mtu 
65535 drop flowid :1"
+#define POLICE_CONFIG_CMD_IPV4 "/sbin/tc filter add dev %s parent ffff: 
protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate %dkbit burst %dk mtu 
65535 drop flowid :2"
 
 /* Remove ingress policing from 'netdev'.  Returns 0 if successful, otherwise a
  * positive errno value.
@@ -1611,16 +1612,29 @@ netdev_linux_set_policing(struct netdev *netdev,
 
     netdev_linux_remove_policing(netdev);
     if (kbits_rate) {
+       /* This adds policing support for both IPv4 and IPv6.  They both share
+        * the same policy.
+        */
+       /* Try IPv6 first. */
         snprintf(command, sizeof(command), POLICE_ADD_CMD, netdev_name);
         if (system(command) != 0) {
             VLOG_WARN_RL(&rl, "%s: problem adding policing", netdev_name);
             return -1;
         }
 
-        snprintf(command, sizeof(command), POLICE_CONFIG_CMD, netdev_name,
+        snprintf(command, sizeof(command), POLICE_CONFIG_CMD_IPV6, netdev_name,
                 kbits_rate, kbits_burst);
         if (system(command) != 0) {
-            VLOG_WARN_RL(&rl, "%s: problem configuring policing",
+            VLOG_WARN_RL(&rl, "%s: problem configuring policing for IPv6",
+                    netdev_name);
+            return -1;
+        }
+
+       /* Try IPv4 second. */
+       snprintf(command, sizeof(command), POLICE_CONFIG_CMD_IPV4, netdev_name,
+                kbits_rate, kbits_burst);
+        if (system(command) != 0) {
+            VLOG_WARN_RL(&rl, "%s: problem configuring policing for IPv4",
                     netdev_name);
             return -1;
         }
-- 
1.7.5.4
_______________________________________________
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss