Fragmentation support for userspace datapath conntrack is added; both v4 and v6 are supported. See the patches for additional details.
v4->v5: Added a sub-feature to optionally dump fragmentation lists. This is useful for DOS forensics and debugging. The testing coverage was also extended including checking more counters and frag list occupancies. Fixed a few bugs: 1/ Handle dpdk mempool source restrictions for a batch of packets from multiple sources; this also brings in a purge frag list function to handle pathological cases of stuck frags. 2/ ipf_destroy was missing packet frees for frag lists. 3/ A setting of CS_INVALID was missing for expired packets - I mentioned this earlier for version 4. Some enhancements and coding standards changes for Patch 3. v3->v4: Add V6 support to the patches. Fix possible race cleanup bug when the user disables fragmentation and there are list occupancies, not cleaned up yet. Add missed orig tuple fields for copy from reassembled packet to fragments. Fix an fragment list increment check - shoiuld have been "> 0" rather then "!= 0". Fix max frags calculation in case of theoretical corner case. Add proper lock annotations. Made some other improvements while adding V6 support. v2->v3: Patch 2 was updated: Remove "XXX" todo items by implementing the ones needed, including realloc frag_list contexts to save memory. Fix related bug with max_frag_list_size when min_frag_size is reconfigured. Tighten ip_tot_len sanity check for reassembled packets which was more loose than intended. Add another sanity check for fragment ip_tot_len; even though it be redundant, add for completeness. v1->v2: Few fixes, improvements and cleanups. Darrell Ball (11): dp-packet: Add const qualifiers for checksum apis. flow: Enhance parse_ipv6_ext_hdrs. Userspace datapath: Add fragmentation handling. conntrack: Support fragmentation. ipf: Add command to enable fragmentation handling. ipf: Add set minimum fragment size command. ipf: Add set maximum fragments supported command. ipf: Add command to get fragmentation handling status. ipf: Enhance ipf_get_status. tests: Add missed local stack checks. tests: Enable fragmentation for userspace datapath. NEWS | 10 + include/sparse/netinet/ip6.h | 1 + lib/automake.mk | 2 + lib/conntrack.c | 10 +- lib/ct-dpif.c | 69 ++ lib/ct-dpif.h | 13 + lib/dp-packet.h | 4 +- lib/dpctl.c | 216 ++++++ lib/dpctl.man | 32 + lib/dpif-netdev.c | 83 +++ lib/dpif-netlink.c | 7 + lib/dpif-provider.h | 18 + lib/flow.c | 23 +- lib/flow.h | 3 +- lib/ipf.c | 1390 ++++++++++++++++++++++++++++++++++++++ lib/ipf.h | 86 +++ tests/system-kmod-macros.at | 30 +- tests/system-traffic.at | 45 +- tests/system-userspace-macros.at | 125 +++- 19 files changed, 2129 insertions(+), 38 deletions(-) create mode 100644 lib/ipf.c create mode 100644 lib/ipf.h -- 1.9.1 _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev