On Thu, Aug 8, 2024 at 3:01 PM Dumitru Ceara <[email protected]> wrote:
>
> On 8/8/24 19:09, Jacob Tanenbaum wrote:
> > Created a new column in the southbound database to hardcode a human readable
> > description for flows. This first use is describing why the flow is
> > dropping packets.
> > The new column is called flow_desc and will create southbound database
> > entries like this
> >
> > _uuid : 20f1897b-477e-47ae-a32c-c546d83ec097
> > actions :
> > "sample(probability=65535,collector_set=123,obs_domain=1,obs_point=$cookie);
> > /* drop */"
> > controller_meter : []
> > external_ids : {source="northd.c:8721", stage-name=ls_in_l2_unknown}
> > flow_desc : "No L2 destination"
> > logical_datapath : []
> > logical_dp_group : ee3c3db5-98a2-4f34-8a84-409deae140a7
> > match : "outport == \"none\""
> > pipeline : ingress
> > priority : 50
> > table_id : 27
> > tags : {}
> > hash : 0
> >
> > future work includes entering more flow_desc for more flows and adding
> > flow_desc to the actions as a comment.
> >
> > Signed-off-by: Jacob Tanenbaum <[email protected]>
> > Suggested-by: Dumitru Ceara <[email protected]>
> > Reported-at: https://issues.redhat.com/browse/FDP-307
> > Acked-by: Ales Musil <[email protected]>
> >
> > ---
>
> Thanks, Jacob and Ales!
>
> I only have a minor comment below. I think that can be fixed up when
> this patch is merged so there's probably no need to send v9.
>
> Acked-by: Dumitru Ceara <[email protected]>
Thanks. Applied to main after addressing the comment below.
Numan
>
> [...]
>
> > @@ -9405,31 +9409,36 @@ build_lswitch_lflows_admission_control(struct
> > ovn_datapath *od,
> > ovs_assert(od->nbs);
> >
> > /* Default action for recirculated ICMP error 'packet too big'. */
> > - ovn_lflow_add(lflows, od, S_SWITCH_IN_CHECK_PORT_SEC, 105,
> > - "((ip4 && icmp4.type == 3 && icmp4.code == 4) ||"
> > - " (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&"
> > - " flags.tunnel_rx == 1", debug_drop_action(), lflow_ref);
> > + ovn_lflow_add_drop_with_desc(
> > + lflows, od, S_SWITCH_IN_CHECK_PORT_SEC, 105,
> > + "((ip4 && icmp4.type == 3 && icmp4.code == 4) ||"
> > + " (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&"
> > + " flags.tunnel_rx == 1", "ICMP: packet too big", lflow_ref);
> >
> > /* Logical VLANs not supported. */
> > if (!is_vlan_transparent(od)) {
> > /* Block logical VLANs. */
> > - ovn_lflow_add(lflows, od, S_SWITCH_IN_CHECK_PORT_SEC, 100,
> > - "vlan.present", debug_drop_action(),
> > - lflow_ref);
> > + ovn_lflow_add_drop_with_desc(
> > + lflows, od, S_SWITCH_IN_CHECK_PORT_SEC,
> > + 100, "vlan.present",
> > + "VLANs blocked due to vlan-passthru option",
> > + lflow_ref);
> > }
> >
> > /* Broadcast/multicast source address is invalid. */
> > - ovn_lflow_add(lflows, od, S_SWITCH_IN_CHECK_PORT_SEC, 100,
> > - "eth.src[40]", debug_drop_action(),
> > - lflow_ref);
> > + ovn_lflow_add_drop_with_desc(
> > + lflows, od, S_SWITCH_IN_CHECK_PORT_SEC, 100,
> > + "eth.src[40]", "Incoming Broadcast/multicast source" \
>
> Nit: no need for "\".
>
> > + " address is invalid", lflow_ref);
> >
>
> Regards,
> Dumitru
>
> _______________________________________________
> dev mailing list
> [email protected]
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
