On 8/8/24 19:09, Jacob Tanenbaum wrote:
> Created a new column in the southbound database to hardcode a human readable
> description for flows. This first use is describing why the flow is dropping
> packets.
> The new column is called flow_desc and will create southbound database
> entries like this
>
> _uuid : 20f1897b-477e-47ae-a32c-c546d83ec097
> actions :
> "sample(probability=65535,collector_set=123,obs_domain=1,obs_point=$cookie);
> /* drop */"
> controller_meter : []
> external_ids : {source="northd.c:8721", stage-name=ls_in_l2_unknown}
> flow_desc : "No L2 destination"
> logical_datapath : []
> logical_dp_group : ee3c3db5-98a2-4f34-8a84-409deae140a7
> match : "outport == \"none\""
> pipeline : ingress
> priority : 50
> table_id : 27
> tags : {}
> hash : 0
>
> future work includes entering more flow_desc for more flows and adding
> flow_desc to the actions as a comment.
>
> Signed-off-by: Jacob Tanenbaum <[email protected]>
> Suggested-by: Dumitru Ceara <[email protected]>
> Reported-at: https://issues.redhat.com/browse/FDP-307
> Acked-by: Ales Musil <[email protected]>
>
> ---
Thanks, Jacob and Ales!
I only have a minor comment below. I think that can be fixed up when
this patch is merged so there's probably no need to send v9.
Acked-by: Dumitru Ceara <[email protected]>
[...]
> @@ -9405,31 +9409,36 @@ build_lswitch_lflows_admission_control(struct
> ovn_datapath *od,
> ovs_assert(od->nbs);
>
> /* Default action for recirculated ICMP error 'packet too big'. */
> - ovn_lflow_add(lflows, od, S_SWITCH_IN_CHECK_PORT_SEC, 105,
> - "((ip4 && icmp4.type == 3 && icmp4.code == 4) ||"
> - " (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&"
> - " flags.tunnel_rx == 1", debug_drop_action(), lflow_ref);
> + ovn_lflow_add_drop_with_desc(
> + lflows, od, S_SWITCH_IN_CHECK_PORT_SEC, 105,
> + "((ip4 && icmp4.type == 3 && icmp4.code == 4) ||"
> + " (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&"
> + " flags.tunnel_rx == 1", "ICMP: packet too big", lflow_ref);
>
> /* Logical VLANs not supported. */
> if (!is_vlan_transparent(od)) {
> /* Block logical VLANs. */
> - ovn_lflow_add(lflows, od, S_SWITCH_IN_CHECK_PORT_SEC, 100,
> - "vlan.present", debug_drop_action(),
> - lflow_ref);
> + ovn_lflow_add_drop_with_desc(
> + lflows, od, S_SWITCH_IN_CHECK_PORT_SEC,
> + 100, "vlan.present",
> + "VLANs blocked due to vlan-passthru option",
> + lflow_ref);
> }
>
> /* Broadcast/multicast source address is invalid. */
> - ovn_lflow_add(lflows, od, S_SWITCH_IN_CHECK_PORT_SEC, 100,
> - "eth.src[40]", debug_drop_action(),
> - lflow_ref);
> + ovn_lflow_add_drop_with_desc(
> + lflows, od, S_SWITCH_IN_CHECK_PORT_SEC, 100,
> + "eth.src[40]", "Incoming Broadcast/multicast source" \
Nit: no need for "\".
> + " address is invalid", lflow_ref);
>
Regards,
Dumitru
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
