[ovs-dev] [patch v3 8/9] tests: Add missed local stack check.

[Darrell Ball]

Signed-off-by: Darrell Ball 
---
 tests/system-traffic.at | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/system-traffic.at b/tests/system-traffic.at
index dbd5640..aee7391 100644
--- a/tests/system-traffic.at
+++ b/tests/system-traffic.at
@@ -2093,6 +2093,7 @@ AT_SETUP([conntrack - Fragmentation over vxlan])
 OVS_CHECK_VXLAN()
 CHECK_CONNTRACK()
 CHECK_CONNTRACK_FRAG()
+CHECK_CONNTRACK_LOCAL_STACK()
 
 OVS_TRAFFIC_VSWITCHD_START()
 ADD_BR([br-underlay])
-- 
1.9.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [patch v3 2/9] Userspace datapath: Add v4 fragmentation handling.

[Darrell Ball]

On 1/25/18, 6:07 PM, "ovs-dev-boun...@openvswitch.org on behalf of Darrell 
Ball"  wrote:

Fragmentation handling is added for supporting conntrack.
Presently, only v4 is supported, with v6 coming soon.
Fragmentation handling is disabled by default and enabled
via a user command implemented in a subsequent patch.

Signed-off-by: Darrell Ball 
---
 lib/automake.mk |   2 +
 lib/ipf.c   | 872 

 lib/ipf.h   |  53 
 3 files changed, 927 insertions(+)
 create mode 100644 lib/ipf.c
 create mode 100644 lib/ipf.h

diff --git a/lib/automake.mk b/lib/automake.mk
index 159319f..6ca6a1e 100644
--- a/lib/automake.mk
+++ b/lib/automake.mk
@@ -107,6 +107,8 @@ lib_libopenvswitch_la_SOURCES = \
lib/hmapx.h \
lib/id-pool.c \
lib/id-pool.h \
+   lib/ipf.c \
+   lib/ipf.h \
lib/jhash.c \
lib/jhash.h \
lib/json.c \
diff --git a/lib/ipf.c b/lib/ipf.c
new file mode 100644
index 000..969334a
--- /dev/null
+++ b/lib/ipf.c
@@ -0,0 +1,872 @@
+/*
+ * Copyright (c) 2018 Nicira, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.apache.org_licenses_LICENSE-2D2.0=DwICAg=uilaK90D4TOVoH58JNXRgQ=BVhFA09CGX7JQ5Ih-uZnsw=5yMLWew8DT45uDVolS3h78PpM9sFkVoldfI8Zx39M1I=CVfIsKHlF5ve4IsiPvVxQ-o1O9PjPq93hHvFNOIQ_F8=
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include "csum.h"
+#include "ipf.h"
+#include "openvswitch/hmap.h"
+#include "openvswitch/vlog.h"
+#include "ovs-atomic.h"
+#include "util.h"
+
+VLOG_DEFINE_THIS_MODULE(ipf);
+
+enum {
+IPV4_PACKET_MAX_SIZE = 65535
+};
+
+enum ipf_list_state {
+IPF_LIST_STATE_UNUSED,
+IPF_LIST_STATE_OTHER_SEEN,
+IPF_LIST_STATE_FIRST_SEEN,
+IPF_LIST_STATE_LAST_SEEN,
+IPF_LIST_STATE_FIRST_LAST_SEEN,
+IPF_LIST_STATE_COMPLETED,
+};
+
+enum ipf_list_type {
+IPF_FRAG_COMPLETED_LIST,
+IPF_FRAG_EXPIRY_LIST,
+};
+
+enum {
+IPF_INVALID_IDX = -1,
+FRAG_SIZE_LOWER_BOUND = 400,
+FRAG_SIZE_MIN_DEF = 1200,
+MAX_FRAGS_DEFAULT = 1000,
+NFRAG_UPPER_BOUND = 5000,
+};
+
+struct ipf_addr {
+union {
+ovs_16aligned_be32 ipv4;
+union ovs_16aligned_in6_addr ipv6;
+ovs_be32 ipv4_aligned;
+struct in6_addr ipv6_aligned;
+};
+};
+
+struct ipf_frag {
+struct dp_packet *pkt;
+uint16_t start_data_byte;
+uint16_t end_data_byte;
+};
+
+struct ipf_list_key {
+struct ipf_addr src_addr;
+struct ipf_addr dst_addr;
+uint32_t recirc_id;
+ovs_be16 dl_type;
+ovs_be16 ip_id;   /* V6 is 32 bits. */
+uint16_t zone;
+uint8_t nw_proto;
+};
+
+struct ipf_list {
+struct hmap_node node;
+struct ovs_list exp_node;
+struct ovs_list complete_node;
+struct ipf_frag *frag_list;
+struct ipf_list_key key;
+struct dp_packet *reass_execute_ctx;
+long long expiration;
+int last_sent_idx;
+int last_inuse_idx;
+int size;
+uint8_t state;
+};
+
+struct reassembled_pkt {
+struct ovs_list rp_list_node;
+struct dp_packet *pkt;
+struct ipf_list *list;
+};
+
+struct OVS_LOCKABLE ipf_lock {
+struct ovs_mutex lock;
+};
+
+static int max_frag_list_size;
+
+static struct hmap frag_lists OVS_GUARDED;
+static struct ovs_list frag_exp_list OVS_GUARDED;
+static struct ovs_list frag_complete_list OVS_GUARDED;
+static struct ovs_list reassembled_pkt_list OVS_GUARDED;
+
+static atomic_bool ifp_enabled;
+static atomic_uint nfrag_max;
+/* Will be clamped above 400 bytes; the value chosen should handle
+ * alg control packets of interest that use text encoding of mutable
+ * IP fields; meaning they should not be fragmented. */
+static atomic_uint min_frag_size;
+
+static atomic_count nfrag;
+static atomic_count nfrag_accepted;
+static 

[ovs-dev] Darlehen Geld für Einzelpersonen und Fachleute in weniger als 72 Stunden

[Klaus Peter]

Hallo,

Sind Sie in einer schwierigen Situation, für die Sie sich für ein
Darlehen suchen? Benötigen Sie eine Finanzierung, um eine Schuld zu
begleichen oder eine Aktivität zu finanzieren? Haben Sie einen
Verbraucherkredit, eine Hypothek, einen persönlichen Kredit, eine
Hypothek, Investition Darlehen, Schuldenkonsolidierung Darlehen oder
andere braucht?

Ich bin ein einzelner Investor. I zur Verfügung stellen die Kredit
kurz-, mittel- und langfristige. Ihr Finanzierungsbedingungen sind
sehr einfach und meine Zinssatz beträgt 3% pro Jahr.

Für alle Anfragen, bleibe ich zur Verfügung, um Ihre Fragen zu beantworten.

Danke, dass Sie mir per E-Mail an Sie von  :   klaus.peterschus...@outlook.de

Mit freundlichen Grüßen.

Peter Schuster

Financial Bank
https://firstfinancialsa.com/de
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [patch v3 0/9] Userspace datapath: Add fragmentation support.

[Darrell Ball]

Fragmentation support for userspace datapath conntrack is added;
see patches for additional details.

v2->v3: Patch 2 was updated:
Remove "XXX" todo items by implementing the ones needed,
including realloc frag_list contexts to save memory.
Fix related bug with max_frag_list_size when min_frag_size is
reconfigured.

Tighten ip_tot_len sanity check for reassembled packets which
was more loose than intended.

Add another sanity check for fragment ip_tot_len; even though
it be redundant, add for completeness.

v1->v2: Few fixes, improvements and cleanups.

Darrell Ball (9):
  dp-packet: Add const qualifiers for checksum apis.
  Userspace datapath: Add v4 fragmentation handling.
  conntrack: Support v4 fragmentation.
  ipf: Add command to enable fragmentation handling.
  ipf: Add set minimum fragment size command.
  ipf: Add set maximum fragments supported command.
  ipf: Add command to get fragmentation handling status.
  tests: Add missed local stack check.
  tests: Enable v4 fragmentation for userspace datapath.

 NEWS |  11 +-
 lib/automake.mk  |   2 +
 lib/conntrack.c  |   6 +
 lib/ct-dpif.c|  39 ++
 lib/ct-dpif.h|   7 +
 lib/dp-packet.h  |   4 +-
 lib/dpctl.c  | 134 ++
 lib/dpctl.man|  29 ++
 lib/dpif-netdev.c|  47 ++
 lib/dpif-netlink.c   |   4 +
 lib/dpif-provider.h  |  11 +
 lib/ipf.c| 921 +++
 lib/ipf.h|  65 +++
 tests/system-kmod-macros.at  |  14 +-
 tests/system-traffic.at  |  28 +-
 tests/system-userspace-macros.at |  36 +-
 16 files changed, 1338 insertions(+), 20 deletions(-)
 create mode 100644 lib/ipf.c
 create mode 100644 lib/ipf.h

-- 
1.9.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [patch v3 2/9] Userspace datapath: Add v4 fragmentation handling.

[Darrell Ball]

Fragmentation handling is added for supporting conntrack.
Presently, only v4 is supported, with v6 coming soon.
Fragmentation handling is disabled by default and enabled
via a user command implemented in a subsequent patch.

Signed-off-by: Darrell Ball 
---
 lib/automake.mk |   2 +
 lib/ipf.c   | 872 
 lib/ipf.h   |  53 
 3 files changed, 927 insertions(+)
 create mode 100644 lib/ipf.c
 create mode 100644 lib/ipf.h

diff --git a/lib/automake.mk b/lib/automake.mk
index 159319f..6ca6a1e 100644
--- a/lib/automake.mk
+++ b/lib/automake.mk
@@ -107,6 +107,8 @@ lib_libopenvswitch_la_SOURCES = \
lib/hmapx.h \
lib/id-pool.c \
lib/id-pool.h \
+   lib/ipf.c \
+   lib/ipf.h \
lib/jhash.c \
lib/jhash.h \
lib/json.c \
diff --git a/lib/ipf.c b/lib/ipf.c
new file mode 100644
index 000..969334a
--- /dev/null
+++ b/lib/ipf.c
@@ -0,0 +1,872 @@
+/*
+ * Copyright (c) 2018 Nicira, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include "csum.h"
+#include "ipf.h"
+#include "openvswitch/hmap.h"
+#include "openvswitch/vlog.h"
+#include "ovs-atomic.h"
+#include "util.h"
+
+VLOG_DEFINE_THIS_MODULE(ipf);
+
+enum {
+IPV4_PACKET_MAX_SIZE = 65535
+};
+
+enum ipf_list_state {
+IPF_LIST_STATE_UNUSED,
+IPF_LIST_STATE_OTHER_SEEN,
+IPF_LIST_STATE_FIRST_SEEN,
+IPF_LIST_STATE_LAST_SEEN,
+IPF_LIST_STATE_FIRST_LAST_SEEN,
+IPF_LIST_STATE_COMPLETED,
+};
+
+enum ipf_list_type {
+IPF_FRAG_COMPLETED_LIST,
+IPF_FRAG_EXPIRY_LIST,
+};
+
+enum {
+IPF_INVALID_IDX = -1,
+FRAG_SIZE_LOWER_BOUND = 400,
+FRAG_SIZE_MIN_DEF = 1200,
+MAX_FRAGS_DEFAULT = 1000,
+NFRAG_UPPER_BOUND = 5000,
+};
+
+struct ipf_addr {
+union {
+ovs_16aligned_be32 ipv4;
+union ovs_16aligned_in6_addr ipv6;
+ovs_be32 ipv4_aligned;
+struct in6_addr ipv6_aligned;
+};
+};
+
+struct ipf_frag {
+struct dp_packet *pkt;
+uint16_t start_data_byte;
+uint16_t end_data_byte;
+};
+
+struct ipf_list_key {
+struct ipf_addr src_addr;
+struct ipf_addr dst_addr;
+uint32_t recirc_id;
+ovs_be16 dl_type;
+ovs_be16 ip_id;   /* V6 is 32 bits. */
+uint16_t zone;
+uint8_t nw_proto;
+};
+
+struct ipf_list {
+struct hmap_node node;
+struct ovs_list exp_node;
+struct ovs_list complete_node;
+struct ipf_frag *frag_list;
+struct ipf_list_key key;
+struct dp_packet *reass_execute_ctx;
+long long expiration;
+int last_sent_idx;
+int last_inuse_idx;
+int size;
+uint8_t state;
+};
+
+struct reassembled_pkt {
+struct ovs_list rp_list_node;
+struct dp_packet *pkt;
+struct ipf_list *list;
+};
+
+struct OVS_LOCKABLE ipf_lock {
+struct ovs_mutex lock;
+};
+
+static int max_frag_list_size;
+
+static struct hmap frag_lists OVS_GUARDED;
+static struct ovs_list frag_exp_list OVS_GUARDED;
+static struct ovs_list frag_complete_list OVS_GUARDED;
+static struct ovs_list reassembled_pkt_list OVS_GUARDED;
+
+static atomic_bool ifp_enabled;
+static atomic_uint nfrag_max;
+/* Will be clamped above 400 bytes; the value chosen should handle
+ * alg control packets of interest that use text encoding of mutable
+ * IP fields; meaning they should not be fragmented. */
+static atomic_uint min_frag_size;
+
+static atomic_count nfrag;
+static atomic_count nfrag_accepted;
+static atomic_count nfrag_completed_sent;
+static atomic_count nfrag_expired_sent;
+static atomic_count nfrag_too_small;
+static atomic_count n_overlap_frag;
+
+static struct ipf_lock ipf_lock;
+
+static void ipf_lock_init(struct ipf_lock *lock)
+{
+ovs_mutex_init_adaptive(>lock);
+}
+
+static void ipf_lock_lock(struct ipf_lock *lock)
+OVS_ACQUIRES(lock)
+OVS_NO_THREAD_SAFETY_ANALYSIS
+{
+ovs_mutex_lock(>lock);
+}
+
+static void ipf_lock_unlock(struct ipf_lock *lock)
+OVS_RELEASES(lock)
+OVS_NO_THREAD_SAFETY_ANALYSIS
+{
+ovs_mutex_unlock(>lock);
+}
+
+static void ipf_lock_destroy(struct ipf_lock *lock)
+{
+ovs_mutex_destroy(>lock);
+}
+
+static bool
+ipf_get_enabled(void)
+{
+bool ifp_enabled_;
+atomic_read_relaxed(_enabled, _enabled_);
+return ifp_enabled_;
+}
+
+static uint32_t
+ipf_addr_hash_add(uint32_t hash, const struct ipf_addr *addr)
+{
+BUILD_ASSERT_DECL(sizeof *addr % 4 == 0);
+

[ovs-dev] [patch v3 5/9] ipf: Add set minimum fragment size command.

[Darrell Ball]

A new command "ovs-appctl dpctl/ipf-set-minfragment" is added
for userspace datapath conntrack fragmentation support.

Signed-off-by: Darrell Ball 
---
 NEWS|  2 ++
 lib/ct-dpif.c   |  8 
 lib/ct-dpif.h   |  1 +
 lib/dpctl.c | 31 +++
 lib/dpctl.man   |  6 ++
 lib/dpif-netdev.c   |  8 
 lib/dpif-netlink.c  |  1 +
 lib/dpif-provider.h |  2 ++
 lib/ipf.c   | 14 ++
 lib/ipf.h   |  3 +++
 10 files changed, 76 insertions(+)

diff --git a/NEWS b/NEWS
index c6bc75c..9b2d38b 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,8 @@ Post-v2.9.0
  * Add v4 fragmentation support for conntrack.
  * New "ovs-appctl dpctl/ipf-set-enabled" command for userspace datapath
conntrack fragmentation support.
+ * New "ovs-appctl dpctl/ipf-set-minfragment" command for userspace
+   datapath conntrack fragmentation support.
 
 v2.9.0 - xx xxx 
 
diff --git a/lib/ct-dpif.c b/lib/ct-dpif.c
index f8fc632..ecc8281 100644
--- a/lib/ct-dpif.c
+++ b/lib/ct-dpif.c
@@ -172,6 +172,14 @@ ct_dpif_ipf_change_enabled(struct dpif *dpif, bool enable)
 : EOPNOTSUPP);
 }
 
+int
+ct_dpif_ipf_set_min_frag(struct dpif *dpif, uint32_t min_frag)
+{
+return (dpif->dpif_class->ipf_set_min_frag
+? dpif->dpif_class->ipf_set_min_frag(dpif, min_frag)
+: EOPNOTSUPP);
+}
+
 void
 ct_dpif_entry_uninit(struct ct_dpif_entry *entry)
 {
diff --git a/lib/ct-dpif.h b/lib/ct-dpif.h
index 0737ad7..2844306 100644
--- a/lib/ct-dpif.h
+++ b/lib/ct-dpif.h
@@ -201,6 +201,7 @@ int ct_dpif_set_maxconns(struct dpif *dpif, uint32_t 
maxconns);
 int ct_dpif_get_maxconns(struct dpif *dpif, uint32_t *maxconns);
 int ct_dpif_get_nconns(struct dpif *dpif, uint32_t *nconns);
 int ct_dpif_ipf_change_enabled(struct dpif *, bool);
+int ct_dpif_ipf_set_min_frag(struct dpif *, uint32_t);
 void ct_dpif_entry_uninit(struct ct_dpif_entry *);
 void ct_dpif_format_entry(const struct ct_dpif_entry *, struct ds *,
   bool verbose, bool print_stats);
diff --git a/lib/dpctl.c b/lib/dpctl.c
index e0a2eee..98b1185 100644
--- a/lib/dpctl.c
+++ b/lib/dpctl.c
@@ -1775,6 +1775,35 @@ dpctl_ct_ipf_change_enabled(int argc, const char *argv[],
 return error;
 }
 
+static int
+dpctl_ct_ipf_set_min_frag(int argc, const char *argv[],
+  struct dpctl_params *dpctl_p)
+{
+struct dpif *dpif;
+int error = dpctl_ct_open_dp(argc, argv, dpctl_p, , 3);
+if (!error) {
+uint32_t min_fragment;
+if (ovs_scan(argv[argc - 1], "%"SCNu32, _fragment)) {
+error = ct_dpif_ipf_set_min_frag(dpif, min_fragment);
+
+if (!error) {
+dpctl_print(dpctl_p,
+"setting minimum fragment size successful");
+} else {
+dpctl_error(dpctl_p, error,
+"setting minimum fragment size failed");
+}
+} else {
+error = EINVAL;
+dpctl_error(dpctl_p, error,
+"parameter missing for minimum fragment size");
+}
+dpif_close(dpif);
+}
+
+return error;
+}
+
 /* Undocumented commands for unit testing. */
 
 static int
@@ -2076,6 +2105,8 @@ static const struct dpctl_command all_commands[] = {
 { "ct-get-nconns", "[dp]", 0, 1, dpctl_ct_get_nconns, DP_RO },
 { "ipf-set-enabled", "[dp] enabled", 1, 2,
dpctl_ct_ipf_change_enabled, DP_RW },
+{ "ipf-set-minfragment", "[dp] minfragment", 1, 2,
+   dpctl_ct_ipf_set_min_frag, DP_RW },
 { "help", "", 0, INT_MAX, dpctl_help, DP_RO },
 { "list-commands", "", 0, INT_MAX, dpctl_list_commands, DP_RO },
 
diff --git a/lib/dpctl.man b/lib/dpctl.man
index 14f0e9d..cffb53c 100644
--- a/lib/dpctl.man
+++ b/lib/dpctl.man
@@ -278,3 +278,9 @@ conntrack should not differentiate first and other 
fragments.
 Although, this would logically happen naturally anyways, it is
 mentioned for clarity.  If there is a need to differentiate between
 first and other fragments, do it after conntrack.
+.
+.TP
+\*(DX\fBipf\-set\-minfragment\fR [\fIdp\fR] \fBparam\fR
+Sets the minimum fragment size supported by the userspace datapath
+connection tracker.  The default value is 1200 and the clamped
+minimum is 400.
diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c
index 68b5d52..52562fc 100644
--- a/lib/dpif-netdev.c
+++ b/lib/dpif-netdev.c
@@ -5878,6 +5878,13 @@ dpif_netdev_ipf_change_enabled(struct dpif *dpif 
OVS_UNUSED, bool enable)
 return ipf_change_enabled(enable);
 }
 
+static int
+dpif_netdev_ipf_set_min_frag(struct dpif *dpif OVS_UNUSED,
+ uint32_t min_frag)
+{
+return ipf_set_min_frag(min_frag);
+}
+
 const struct dpif_class dpif_netdev_class = {
 "netdev",
 dpif_netdev_init,
@@ -5927,6 +5934,7 @@ const struct dpif_class dpif_netdev_class = {
 dpif_netdev_ct_get_maxconns,

[ovs-dev] [patch v3 7/9] ipf: Add command to get fragmentation handling status.

[Darrell Ball]

A new command "ovs-appctl dpctl/ipf-get-status" is added
for userspace datapath conntrack fragmentation support.
The command shows the configuration status as well as
fragment counters.

Signed-off-by: Darrell Ball 
---
 NEWS|  2 ++
 lib/ct-dpif.c   | 15 +++
 lib/ct-dpif.h   |  4 
 lib/dpctl.c | 41 +
 lib/dpctl.man   |  5 +
 lib/dpif-netdev.c   | 23 +++
 lib/dpif-netlink.c  |  1 +
 lib/dpif-provider.h |  5 +
 lib/ipf.c   | 15 +++
 lib/ipf.h   |  3 +++
 10 files changed, 114 insertions(+)

diff --git a/NEWS b/NEWS
index 0d37f8a..635f37f 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,8 @@ Post-v2.9.0
datapath conntrack fragmentation support.
  * New "ovs-appctl dpctl/ipf-set-maxfrags" command for userspace datapath
conntrack fragmentation support.
+ * New "ovs-appctl dpctl/ipf-get-status" command for userspace datapath
+   conntrack fragmentation support.
 
 v2.9.0 - xx xxx 
 
diff --git a/lib/ct-dpif.c b/lib/ct-dpif.c
index b3f9183..91d56ab 100644
--- a/lib/ct-dpif.c
+++ b/lib/ct-dpif.c
@@ -188,6 +188,21 @@ ct_dpif_ipf_set_nfrag_max(struct dpif *dpif, uint32_t 
max_frags)
 : EOPNOTSUPP);
 }
 
+int ct_dpif_ipf_get_status(struct dpif *dpif, bool *ipf_enabled,
+unsigned int *min_frag_size, unsigned int *nfrag_max,
+unsigned int *nfrag, unsigned int *nfrag_accepted,
+unsigned int *nfrag_completed_sent,
+unsigned int *nfrag_expired_sent, unsigned int *nfrag_too_small,
+unsigned int *n_overlap_frag)
+{
+return (dpif->dpif_class->ipf_get_status
+? dpif->dpif_class->ipf_get_status(dpif, ipf_enabled,
+min_frag_size, nfrag_max, nfrag, nfrag_accepted,
+nfrag_completed_sent, nfrag_expired_sent, nfrag_too_small,
+n_overlap_frag)
+: EOPNOTSUPP);
+}
+
 void
 ct_dpif_entry_uninit(struct ct_dpif_entry *entry)
 {
diff --git a/lib/ct-dpif.h b/lib/ct-dpif.h
index a2a82fe..70778a7 100644
--- a/lib/ct-dpif.h
+++ b/lib/ct-dpif.h
@@ -203,6 +203,10 @@ int ct_dpif_get_nconns(struct dpif *dpif, uint32_t 
*nconns);
 int ct_dpif_ipf_change_enabled(struct dpif *, bool);
 int ct_dpif_ipf_set_min_frag(struct dpif *, uint32_t);
 int ct_dpif_ipf_set_nfrag_max(struct dpif *, uint32_t);
+int ct_dpif_ipf_get_status(struct dpif *dpif, bool *, unsigned int *,
+   unsigned int *, unsigned int *, unsigned int *,
+   unsigned int *, unsigned int *, unsigned int *,
+   unsigned int *);
 void ct_dpif_entry_uninit(struct ct_dpif_entry *);
 void ct_dpif_format_entry(const struct ct_dpif_entry *, struct ds *,
   bool verbose, bool print_stats);
diff --git a/lib/dpctl.c b/lib/dpctl.c
index 0b2a5fc..bf3bd23 100644
--- a/lib/dpctl.c
+++ b/lib/dpctl.c
@@ -1833,6 +1833,46 @@ dpctl_ct_ipf_set_nfrag_max(int argc, const char *argv[],
 return error;
 }
 
+static int
+dpctl_ct_ipf_get_status(int argc, const char *argv[],
+struct dpctl_params *dpctl_p)
+{
+struct dpif *dpif;
+int error = dpctl_ct_open_dp(argc, argv, dpctl_p, , 2);
+if (!error) {
+bool ipf_enabled;
+unsigned int min_frag_size;
+unsigned int nfrag_max;
+unsigned int nfrag;
+unsigned int nfrag_accepted;
+unsigned int nfrag_completed_sent;
+unsigned int nfrag_expired_sent;
+unsigned int nfrag_too_small;
+unsigned int n_overlap_frag;
+error = ct_dpif_ipf_get_status(dpif, _enabled, _frag_size,
+_max, , _accepted, _completed_sent,
+_expired_sent, _too_small, _overlap_frag);
+
+if (!error) {
+dpctl_print(dpctl_p, "\tenabled: %u\n", ipf_enabled);
+dpctl_print(dpctl_p, "\tmin frag size: %u\n", min_frag_size);
+dpctl_print(dpctl_p, "\tmax num frags: %u\n", nfrag_max);
+dpctl_print(dpctl_p, "\tnum frag: %u\n", nfrag);
+dpctl_print(dpctl_p, "\tfrags accepted: %u\n", nfrag_accepted);
+dpctl_print(dpctl_p, "\tfrags completed: %u\n",
+nfrag_completed_sent);
+dpctl_print(dpctl_p, "\tfrags expired: %u\n", nfrag_expired_sent);
+dpctl_print(dpctl_p, "\tfrags too small: %u\n", nfrag_too_small);
+dpctl_print(dpctl_p, "\tfrags overlapped: %u\n", n_overlap_frag);
+} else {
+dpctl_error(dpctl_p, error, "ipf status could not be retrieved");
+}
+dpif_close(dpif);
+}
+
+return error;
+}
+
 /* Undocumented commands for unit testing. */
 
 static int
@@ -2138,6 +2178,7 @@ static const struct dpctl_command all_commands[] = {
dpctl_ct_ipf_set_min_frag, DP_RW },
 { "ipf-set-maxfrags", "[dp] maxfrags", 1, 2,
dpctl_ct_ipf_set_nfrag_max, DP_RW },
+{ "ipf-get-status", "[dp]", 0, 1, 

[ovs-dev] [patch v3 6/9] ipf: Add set maximum fragments supported command.

[Darrell Ball]

A new command "ovs-appctl dpctl/ipf-set-maxfrags" is added
for userspace datapath conntrack fragmentation support.

Signed-off-by: Darrell Ball 
---
 NEWS|  2 ++
 lib/ct-dpif.c   |  8 
 lib/ct-dpif.h   |  1 +
 lib/dpctl.c | 31 +++
 lib/dpctl.man   |  8 
 lib/dpif-netdev.c   |  8 
 lib/dpif-netlink.c  |  1 +
 lib/dpif-provider.h |  2 ++
 lib/ipf.c   | 10 ++
 lib/ipf.h   |  3 +++
 10 files changed, 74 insertions(+)

diff --git a/NEWS b/NEWS
index 9b2d38b..0d37f8a 100644
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,8 @@ Post-v2.9.0
conntrack fragmentation support.
  * New "ovs-appctl dpctl/ipf-set-minfragment" command for userspace
datapath conntrack fragmentation support.
+ * New "ovs-appctl dpctl/ipf-set-maxfrags" command for userspace datapath
+   conntrack fragmentation support.
 
 v2.9.0 - xx xxx 
 
diff --git a/lib/ct-dpif.c b/lib/ct-dpif.c
index ecc8281..b3f9183 100644
--- a/lib/ct-dpif.c
+++ b/lib/ct-dpif.c
@@ -180,6 +180,14 @@ ct_dpif_ipf_set_min_frag(struct dpif *dpif, uint32_t 
min_frag)
 : EOPNOTSUPP);
 }
 
+int
+ct_dpif_ipf_set_nfrag_max(struct dpif *dpif, uint32_t max_frags)
+{
+return (dpif->dpif_class->ipf_set_nfrag_max
+? dpif->dpif_class->ipf_set_nfrag_max(dpif, max_frags)
+: EOPNOTSUPP);
+}
+
 void
 ct_dpif_entry_uninit(struct ct_dpif_entry *entry)
 {
diff --git a/lib/ct-dpif.h b/lib/ct-dpif.h
index 2844306..a2a82fe 100644
--- a/lib/ct-dpif.h
+++ b/lib/ct-dpif.h
@@ -202,6 +202,7 @@ int ct_dpif_get_maxconns(struct dpif *dpif, uint32_t 
*maxconns);
 int ct_dpif_get_nconns(struct dpif *dpif, uint32_t *nconns);
 int ct_dpif_ipf_change_enabled(struct dpif *, bool);
 int ct_dpif_ipf_set_min_frag(struct dpif *, uint32_t);
+int ct_dpif_ipf_set_nfrag_max(struct dpif *, uint32_t);
 void ct_dpif_entry_uninit(struct ct_dpif_entry *);
 void ct_dpif_format_entry(const struct ct_dpif_entry *, struct ds *,
   bool verbose, bool print_stats);
diff --git a/lib/dpctl.c b/lib/dpctl.c
index 98b1185..0b2a5fc 100644
--- a/lib/dpctl.c
+++ b/lib/dpctl.c
@@ -1804,6 +1804,35 @@ dpctl_ct_ipf_set_min_frag(int argc, const char *argv[],
 return error;
 }
 
+static int
+dpctl_ct_ipf_set_nfrag_max(int argc, const char *argv[],
+   struct dpctl_params *dpctl_p)
+{
+struct dpif *dpif;
+int error = dpctl_ct_open_dp(argc, argv, dpctl_p, , 3);
+if (!error) {
+uint32_t nfrags_max;
+if (ovs_scan(argv[argc - 1], "%"SCNu32, _max)) {
+error = ct_dpif_ipf_set_nfrag_max(dpif, nfrags_max);
+
+if (!error) {
+dpctl_print(dpctl_p,
+"setting maximum fragments successful");
+} else {
+dpctl_error(dpctl_p, error,
+"setting maximum fragments failed");
+}
+} else {
+error = EINVAL;
+dpctl_error(dpctl_p, error,
+"parameter missing for maximum fragments");
+}
+dpif_close(dpif);
+}
+
+return error;
+}
+
 /* Undocumented commands for unit testing. */
 
 static int
@@ -2107,6 +2136,8 @@ static const struct dpctl_command all_commands[] = {
dpctl_ct_ipf_change_enabled, DP_RW },
 { "ipf-set-minfragment", "[dp] minfragment", 1, 2,
dpctl_ct_ipf_set_min_frag, DP_RW },
+{ "ipf-set-maxfrags", "[dp] maxfrags", 1, 2,
+   dpctl_ct_ipf_set_nfrag_max, DP_RW },
 { "help", "", 0, INT_MAX, dpctl_help, DP_RO },
 { "list-commands", "", 0, INT_MAX, dpctl_list_commands, DP_RO },
 
diff --git a/lib/dpctl.man b/lib/dpctl.man
index cffb53c..bce341a 100644
--- a/lib/dpctl.man
+++ b/lib/dpctl.man
@@ -284,3 +284,11 @@ first and other fragments, do it after conntrack.
 Sets the minimum fragment size supported by the userspace datapath
 connection tracker.  The default value is 1200 and the clamped
 minimum is 400.
+.
+.TP
+\*(DX\fBipf\-set\-maxfrags\fR [\fIdp\fR] \fBparam\fR
+Sets the maximum number of fragments tracked by the userspace datapath
+connection tracker.  The default value is 1000 and the clamped maximum
+is 5000.  Note that packet buffers can be held by the fragmentation
+module while fragments are incomplete, but will timeout after 15 seconds.
+Memory pool sizing should be set accordingly when fragmentation is enabled.
diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c
index 52562fc..8635208 100644
--- a/lib/dpif-netdev.c
+++ b/lib/dpif-netdev.c
@@ -5885,6 +5885,13 @@ dpif_netdev_ipf_set_min_frag(struct dpif *dpif 
OVS_UNUSED,
 return ipf_set_min_frag(min_frag);
 }
 
+static int
+dpif_netdev_ipf_set_nfrag_max(struct dpif *dpif OVS_UNUSED,
+  uint32_t max_frags)
+{
+return ipf_set_nfrag_max(max_frags);
+}
+
 const struct dpif_class dpif_netdev_class = {
 "netdev",
 dpif_netdev_init,
@@ 

[ovs-dev] [patch v3 4/9] ipf: Add command to enable fragmentation handling.

[Darrell Ball]

A new command "ovs-appctl dpctl/ipf-set-enabled" is added to
enable/disable userspace datapath conntrack fragmentation support.

Signed-off-by: Darrell Ball 
---
 NEWS|  2 ++
 lib/ct-dpif.c   |  8 
 lib/ct-dpif.h   |  1 +
 lib/dpctl.c | 31 +++
 lib/dpctl.man   | 10 ++
 lib/dpif-netdev.c   |  8 
 lib/dpif-netlink.c  |  1 +
 lib/dpif-provider.h |  2 ++
 lib/ipf.c   | 10 ++
 lib/ipf.h   |  3 +++
 10 files changed, 76 insertions(+)

diff --git a/NEWS b/NEWS
index 137c511..c6bc75c 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,8 @@ Post-v2.9.0
 
- Userspace datapath:
  * Add v4 fragmentation support for conntrack.
+ * New "ovs-appctl dpctl/ipf-set-enabled" command for userspace datapath
+   conntrack fragmentation support.
 
 v2.9.0 - xx xxx 
 
diff --git a/lib/ct-dpif.c b/lib/ct-dpif.c
index 5fa3a97..f8fc632 100644
--- a/lib/ct-dpif.c
+++ b/lib/ct-dpif.c
@@ -164,6 +164,14 @@ ct_dpif_get_nconns(struct dpif *dpif, uint32_t *nconns)
 : EOPNOTSUPP);
 }
 
+int
+ct_dpif_ipf_change_enabled(struct dpif *dpif, bool enable)
+{
+return (dpif->dpif_class->ipf_change_enabled
+? dpif->dpif_class->ipf_change_enabled(dpif, enable)
+: EOPNOTSUPP);
+}
+
 void
 ct_dpif_entry_uninit(struct ct_dpif_entry *entry)
 {
diff --git a/lib/ct-dpif.h b/lib/ct-dpif.h
index 09e7698..0737ad7 100644
--- a/lib/ct-dpif.h
+++ b/lib/ct-dpif.h
@@ -200,6 +200,7 @@ int ct_dpif_flush(struct dpif *, const uint16_t *zone,
 int ct_dpif_set_maxconns(struct dpif *dpif, uint32_t maxconns);
 int ct_dpif_get_maxconns(struct dpif *dpif, uint32_t *maxconns);
 int ct_dpif_get_nconns(struct dpif *dpif, uint32_t *nconns);
+int ct_dpif_ipf_change_enabled(struct dpif *, bool);
 void ct_dpif_entry_uninit(struct ct_dpif_entry *);
 void ct_dpif_format_entry(const struct ct_dpif_entry *, struct ds *,
   bool verbose, bool print_stats);
diff --git a/lib/dpctl.c b/lib/dpctl.c
index 87f0412..e0a2eee 100644
--- a/lib/dpctl.c
+++ b/lib/dpctl.c
@@ -1746,6 +1746,35 @@ dpctl_ct_get_nconns(int argc, const char *argv[],
 return error;
 }
 
+static int
+dpctl_ct_ipf_change_enabled(int argc, const char *argv[],
+struct dpctl_params *dpctl_p)
+{
+struct dpif *dpif;
+int error = dpctl_ct_open_dp(argc, argv, dpctl_p, , 3);
+if (!error) {
+uint32_t enabled;
+if (ovs_scan(argv[argc - 1], "%"SCNu32, )) {
+error = ct_dpif_ipf_change_enabled(dpif, enabled);
+
+if (!error) {
+dpctl_print(dpctl_p,
+"changing fragmentation enabled successful");
+} else {
+dpctl_error(dpctl_p, error,
+"changing fragmentation enabled failed");
+}
+} else {
+error = EINVAL;
+dpctl_error(dpctl_p, error,
+"parameter missing: 0 for disabled or 1 for enabled");
+}
+dpif_close(dpif);
+}
+
+return error;
+}
+
 /* Undocumented commands for unit testing. */
 
 static int
@@ -2045,6 +2074,8 @@ static const struct dpctl_command all_commands[] = {
 { "ct-set-maxconns", "[dp] maxconns", 1, 2, dpctl_ct_set_maxconns, DP_RW },
 { "ct-get-maxconns", "[dp]", 0, 1, dpctl_ct_get_maxconns, DP_RO },
 { "ct-get-nconns", "[dp]", 0, 1, dpctl_ct_get_nconns, DP_RO },
+{ "ipf-set-enabled", "[dp] enabled", 1, 2,
+   dpctl_ct_ipf_change_enabled, DP_RW },
 { "help", "", 0, INT_MAX, dpctl_help, DP_RO },
 { "list-commands", "", 0, INT_MAX, dpctl_list_commands, DP_RO },
 
diff --git a/lib/dpctl.man b/lib/dpctl.man
index 9e9d2dc..14f0e9d 100644
--- a/lib/dpctl.man
+++ b/lib/dpctl.man
@@ -268,3 +268,13 @@ Only supported for userspace datapath.
 \*(DX\fBct\-get\-nconns\fR [\fIdp\fR]
 Read the current number of connection tracker connections.
 Only supported for userspace datapath.
+.
+.TP
+\*(DX\fBipf\-set\-enabled\fR [\fIdp\fR] \fBparam\fR
+Enables or disables fragmentation handling for the userspace datapath
+connection tracker.  Disabled by default.  When fragmentation
+handling is enabled, the rules for handling fragments before entering
+conntrack should not differentiate first and other fragments.
+Although, this would logically happen naturally anyways, it is
+mentioned for clarity.  If there is a need to differentiate between
+first and other fragments, do it after conntrack.
diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c
index ba62128..68b5d52 100644
--- a/lib/dpif-netdev.c
+++ b/lib/dpif-netdev.c
@@ -47,6 +47,7 @@
 #include "flow.h"
 #include "hmapx.h"
 #include "id-pool.h"
+#include "ipf.h"
 #include "latch.h"
 #include "netdev.h"
 #include "netdev-vport.h"
@@ -5871,6 +5872,12 @@ dpif_netdev_ct_get_nconns(struct dpif *dpif, uint32_t 
*nconns)
 return conntrack_get_nconns(>conntrack, 

[ovs-dev] [patch v3 3/9] conntrack: Support v4 fragmentation.

[Darrell Ball]

The conntrack module now calls fragmentation support apis.

Signed-off-by: Darrell Ball 
---
 NEWS| 3 ++-
 lib/conntrack.c | 6 ++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index d7d585b..137c511 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,7 @@
 Post-v2.9.0
 
-
+   - Userspace datapath:
+ * Add v4 fragmentation support for conntrack.
 
 v2.9.0 - xx xxx 
 
diff --git a/lib/conntrack.c b/lib/conntrack.c
index 562e767..427d9bf 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -30,6 +30,7 @@
 #include "ct-dpif.h"
 #include "dp-packet.h"
 #include "flow.h"
+#include "ipf.h"
 #include "netdev.h"
 #include "odp-netlink.h"
 #include "openvswitch/hmap.h"
@@ -340,6 +341,7 @@ conntrack_init(struct conntrack *ct)
 atomic_init(>n_conn_limit, DEFAULT_N_CONN_LIMIT);
 latch_init(>clean_thread_exit);
 ct->clean_thread = ovs_thread_create("ct_clean", clean_thread_main, ct);
+ipf_init();
 }
 
 /* Destroys the connection tracker 'ct' and frees all the allocated memory. */
@@ -382,6 +384,7 @@ conntrack_destroy(struct conntrack *ct)
 hindex_destroy(>alg_expectation_refs);
 ct_rwlock_unlock(>resources_lock);
 ct_rwlock_destroy(>resources_lock);
+ipf_destroy();
 }
 
 static unsigned hash_to_bucket(uint32_t hash)
@@ -1308,6 +1311,7 @@ conntrack_execute(struct conntrack *ct, struct 
dp_packet_batch *pkt_batch,
   const struct nat_action_info_t *nat_action_info,
   long long now)
 {
+ipf_preprocess_conntrack(pkt_batch, now, dl_type, zone, ct->hash_basis);
 
 struct dp_packet *packet;
 struct conn_lookup_ctx ctx;
@@ -1322,6 +1326,8 @@ conntrack_execute(struct conntrack *ct, struct 
dp_packet_batch *pkt_batch,
 setlabel, nat_action_info, tp_src, tp_dst, helper);
 }
 
+ipf_postprocess_conntrack(pkt_batch, now);
+
 return 0;
 }
 
-- 
1.9.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [patch v3 1/9] dp-packet: Add const qualifiers for checksum apis.

[Darrell Ball]

Signed-off-by: Darrell Ball 
---
 lib/dp-packet.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/dp-packet.h b/lib/dp-packet.h
index b4b721c..61d4cd4 100644
--- a/lib/dp-packet.h
+++ b/lib/dp-packet.h
@@ -637,7 +637,7 @@ dp_packet_mbuf_init(struct dp_packet *p OVS_UNUSED)
 }
 
 static inline bool
-dp_packet_ip_checksum_valid(struct dp_packet *p OVS_UNUSED)
+dp_packet_ip_checksum_valid(const struct dp_packet *p OVS_UNUSED)
 {
 #ifdef DPDK_NETDEV
 return (p->mbuf.ol_flags & PKT_RX_IP_CKSUM_MASK) ==
@@ -648,7 +648,7 @@ dp_packet_ip_checksum_valid(struct dp_packet *p OVS_UNUSED)
 }
 
 static inline bool
-dp_packet_ip_checksum_bad(struct dp_packet *p OVS_UNUSED)
+dp_packet_ip_checksum_bad(const struct dp_packet *p OVS_UNUSED)
 {
 #ifdef DPDK_NETDEV
 return (p->mbuf.ol_flags & PKT_RX_IP_CKSUM_MASK) ==
-- 
1.9.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH] openvswitch/types.h: Drop the member name in initializer macro

[Shashank Ram]

MSVC++ compiler does not allow initializing a struct while
explicitly initializing a member in the struct.

Not allowed:
static const struct eth_addr a = {{ .ea= { 0xff, 0xff, 0xff, 0xff,
0xff, 0xff }}};

Alowed:
static const struct eth_addr b  = {{{ 0xff, 0xff, 0xff, 0xff, 0xff,
  0xff }}};
*An extra curly brace is required for GCC in case the struct contains
a union.

Signed-off-by: Shashank Ram 
Tested-by: Yi-Hung Wei 
---
 include/openvswitch/types.h | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/include/openvswitch/types.h b/include/openvswitch/types.h
index b8b4fa9..45e7079 100644
--- a/include/openvswitch/types.h
+++ b/include/openvswitch/types.h
@@ -171,7 +171,7 @@ struct eth_addr {
 /* Ethernet address constant, e.g. ETH_ADDR_C(01,23,45,67,89,ab) is
  * 01:23:45:67:89:ab. */
 #define ETH_ADDR_C(A,B,C,D,E,F) \
-{ { .ea = { 0x##A, 0x##B, 0x##C, 0x##D, 0x##E, 0x##F } } }
+{ { { 0x##A, 0x##B, 0x##C, 0x##D, 0x##E, 0x##F } } }

 /* Similar to struct eth_addr, for EUI-64 addresses. */
 struct eth_addr64 {
@@ -184,8 +184,7 @@ struct eth_addr64 {
 /* EUI-64 address constant, e.g. ETH_ADDR_C(01,23,45,67,89,ab,cd,ef) is
  * 01:23:45:67:89:ab:cd:ef. */
 #define ETH_ADDR64_C(A,B,C,D,E,F,G,H) \
-{ { .ea64 = { 0x##A, 0x##B, 0x##C, 0x##D, \
-  0x##E, 0x##F, 0x##G, 0x##H} } }
+{ { { 0x##A, 0x##B, 0x##C, 0x##D, 0x##E, 0x##F, 0x##G, 0x##H } } }

 #ifdef __cplusplus
 }
--
2.9.3.windows.2

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] gre: strip gre-tso offload flags

[Gregory Rose]

On 12/28/2017 8:45 PM, we...@ucloud.cn wrote:

From: wenxu 

if the gro enable, ipgre receive a gre-tso package. After pop
the gre-tunnel the encapsulation and GSO_ENCAP flags should be
striped. or the packet encap again and will be dropped in
ovs_iptunnel_handle_offloads

Signed-off-by: wenxu 
---
  datapath/linux/compat/ip_gre.c | 2 ++
  1 file changed, 2 insertions(+)

diff --git a/datapath/linux/compat/ip_gre.c b/datapath/linux/compat/ip_gre.c
index 03c5435..94fdaa9 100644
--- a/datapath/linux/compat/ip_gre.c
+++ b/datapath/linux/compat/ip_gre.c
@@ -140,6 +140,8 @@ static int ipgre_rcv(struct sk_buff *skb, const struct 
tnl_ptk_info *tpi)
__be64 tun_id;
int err;
  
+		if (iptunnel_pull_offloads(skb))

+   return PACKET_REJECT;
  
  		skb_pop_mac_header(skb);

flags = tpi->flags & (TUNNEL_CSUM | TUNNEL_KEY);


Sorry for the delay Wenxu but I finally got to it.

Tested-by: Greg Rose 
Reviewed-by: Greg Rose 

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] gre: strip gre-tso offload flags

[Ben Pfaff]

On Thu, Jan 25, 2018 at 10:16:23AM -0800, Gregory Rose wrote:
> On 12/28/2017 8:45 PM, we...@ucloud.cn wrote:
> >From: wenxu 
> >
> >if the gro enable, ipgre receive a gre-tso package. After pop
> >the gre-tunnel the encapsulation and GSO_ENCAP flags should be
> >striped. or the packet encap again and will be dropped in
> >ovs_iptunnel_handle_offloads
> >
> >Signed-off-by: wenxu 
> >---
> >  datapath/linux/compat/ip_gre.c | 2 ++
> >  1 file changed, 2 insertions(+)
> >
> >diff --git a/datapath/linux/compat/ip_gre.c b/datapath/linux/compat/ip_gre.c
> >index 03c5435..94fdaa9 100644
> >--- a/datapath/linux/compat/ip_gre.c
> >+++ b/datapath/linux/compat/ip_gre.c
> >@@ -140,6 +140,8 @@ static int ipgre_rcv(struct sk_buff *skb, const struct 
> >tnl_ptk_info *tpi)
> > __be64 tun_id;
> > int err;
> >+if (iptunnel_pull_offloads(skb))
> >+return PACKET_REJECT;
> > skb_pop_mac_header(skb);
> > flags = tpi->flags & (TUNNEL_CSUM | TUNNEL_KEY);
> 
> Sorry for the delay Wenxu but I finally got to it.
> 
> Tested-by: Greg Rose 
> Reviewed-by: Greg Rose 

Thanks wenxu and Greg.  I applied this to master and branch-2.9.  If it
should be backported further, please let me know.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] checkpatch.py: Add check for "xxx" in comments.

[Stokes, Ian]

> > On Jan 24, 2018, at 9:14 AM, Ben Pfaff  wrote:
> >
> > On Wed, Jan 24, 2018 at 01:55:18PM +, Stokes, Ian wrote:
> >>> -Original Message-
> >>> From: ovs-dev-boun...@openvswitch.org [mailto:ovs-dev-
> >>> boun...@openvswitch.org] On Behalf Of Justin Pettit
> >>> Sent: Wednesday, January 24, 2018 2:31 AM
> >>> To: d...@openvswitch.org
> >>> Subject: [ovs-dev] [PATCH] checkpatch.py: Add check for "xxx" in
> comments.
> >>>
> >>> "xxx" is often used to indicate items that the developer wanted to
> >>> look at again before committing.  Flag those as a warning.
> >>
> >> Does this mean that code that contains 'xxx' should not be accepted? I
> guess ideally we'd want a clean run from the checkpatch script when
> submitting/reviewing patches.
> >
> > I guess that clean "checkpatch" is ideal, but I apply a lot of patches
> > that do give checkpatch warnings because checkpatch isn't perfect.  I
> > think of checkpatch as something that raises possible issues that a
> > human should look at.
> 
> Yes, this was my thinking too.  I don't think we should have a prohibition
> against using "xxx", but I do usually see it in patches as something that
> was left behind unintentionally.  That said, my personal preference would
> be to not have that often in the codebase, since it usually indicates
> something half-baked, and more often than not, seems to be something no
> one comes back to address later on.

I'd agree, I guess there should be a valid explanation as to why it hasn't been 
implemented in the associated XXX comment. It'll definitely help to raise it as 
a point of discussion during the review. Sounds good to me.

Ian

> 
> --Justin
> 

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] openvswitch/types.h: Drop the member name in initializer macro

[Ben Pfaff]

On Thu, Jan 25, 2018 at 10:12:08AM -0800, Shashank Ram wrote:
> MSVC++ compiler does not allow initializing a struct while
> explicitly initializing a member in the struct.
> 
> Not allowed:
> static const struct eth_addr a = {{ .ea= { 0xff, 0xff, 0xff, 0xff,
> 0xff, 0xff }}};
> 
> Alowed:
> static const struct eth_addr b  = {{{ 0xff, 0xff, 0xff, 0xff, 0xff,
>   0xff }}};
> *An extra curly brace is required for GCC in case the struct contains
> a union.
> 
> Signed-off-by: Shashank Ram 
> Tested-by: Yi-Hung Wei 

Applied to master and branch-2.9, thanks!
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH v2] Fix incorrect handling of return value.

[Ben Pfaff]

On Thu, Jan 25, 2018 at 09:12:36AM +0800, huanglili wrote:
> From: Lili Huang 
> 
> The value cookie_offset should be 'size_t' type.
> 
> Signed-off-by: Lili Huang 

Applied, thanks.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] checkpatch.py: Add check for "xxx" in comments.

[Justin Pettit]

> On Jan 25, 2018, at 10:26 AM, Stokes, Ian  wrote:
> 
>> Yes, this was my thinking too.  I don't think we should have a prohibition
>> against using "xxx", but I do usually see it in patches as something that
>> was left behind unintentionally.  That said, my personal preference would
>> be to not have that often in the codebase, since it usually indicates
>> something half-baked, and more often than not, seems to be something no
>> one comes back to address later on.
> 
> I'd agree, I guess there should be a valid explanation as to why it hasn't 
> been implemented in the associated XXX comment. It'll definitely help to 
> raise it as a point of discussion during the review. Sounds good to me.

Great.  Thanks!

--Justin



___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH] ovs-atomic: Fix typo in comment.

[Ben Pfaff]

Signed-off-by: Ben Pfaff 
---
 lib/ovs-atomic.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/ovs-atomic.h b/lib/ovs-atomic.h
index 75560935f963..4664eefaf3a1 100644
--- a/lib/ovs-atomic.h
+++ b/lib/ovs-atomic.h
@@ -300,7 +300,7 @@
  * bool atomic_flag_test_and_set_explicit(atomic_flag *object,
  *memory_order);
  *
- * Atomically sets '*object', respsecting the given memory order (or
+ * Atomically sets '*object', respecting the given memory order (or
  * memory_order_seq_cst for atomic_flag_test_and_set()).  Returns the
  * previous value of the flag (false for clear, true for set).
  *
-- 
2.10.2

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] checkpatch.py: Add check for "xxx" in comments.

[Aaron Conole]

Justin Pettit  writes:

>> On Jan 25, 2018, at 10:26 AM, Stokes, Ian  wrote:
>> 
>>> Yes, this was my thinking too.  I don't think we should have a prohibition
>>> against using "xxx", but I do usually see it in patches as something that
>>> was left behind unintentionally.  That said, my personal preference would
>>> be to not have that often in the codebase, since it usually indicates
>>> something half-baked, and more often than not, seems to be something no
>>> one comes back to address later on.
>> 
>> I'd agree, I guess there should be a valid explanation as to why it
>> hasn't been implemented in the associated XXX comment. It'll
>> definitely help to raise it as a point of discussion during the
>> review. Sounds good to me.
>
> Great.  Thanks!

Because more voices of support are better - I am in favor of this
change.

I agree with the sentiment that checkpatch is meant to help bring things
to light that humans sometimes glaze over (we all develop our own way of
'reading' code - for me I just don't *see* whitespace anymore, so
checkpatch helps me self enforce it).  I don't think I'd ever trust a
machine, even one as snazzy as checkpatch, with true veto power over a
change.  In that vein, this helps draw the eye to "hey there's really
something incomplete here - perhaps it is worth taking a closer look."

Especially since I have been known to leave things behind - and having
the checkpatch hook catch it for me early is better.

All that long winded response to simply:

Acked-by: Aaron Conole 


On a side note - I was really happy to see that the in-comment tracking
worked for most of the cases I tried.  The only one that didn't catch
is:

  /*
   XXX : something here
   */

but I don't think it's worth trying to solve that :)

> --Justin
>
>
>
> ___
> dev mailing list
> d...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] Hardware Acceleration in OVS-DPDK

[Chandran, Sugesh]

Hi All,

As discussed in the last hardware acceleration meeting, I am setting up the 
follow up call to discuss about submitting a RFC patch series on OVS-DPDK full 
hardware acceleration solution.
This time I am scheduling the call  at PRC time zone friendly.

Agenda for the Call
1)  DPDK changes that Intel is working on to support Full offload.(RTE_FLOW 
changes, port-rep)
2)  Proposed OVS changes for the full acceleration. How it can leverage the 
proposed DPDK APIs. Also look at how these changes will work with hardware from 
different vendors
3)  How the proposal is going to interfere the existing partial offload 
solution.


MOM of last call can be found at following link. Minutes will be captures in 
the same doc.

https://docs.google.com/document/d/1KeQB5NIUph721uuk1f1wMy4QXwSWxlzDaumd_bWX6YI/edit?usp=sharing


.
--> Join Skype Meeting
  Trouble Joining? Try Skype Web 
App
Join by phone
+1(916)356-2663 (or your local bridge access #) Choose bridge 
5.
 (Global)   English (United States)
Find a local number

Conference ID: 241032418
 Forgot your dial-in PIN? 
|Help

[!OC([1033])!]
.

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] rhel: Change depmod configuration

[Aaron Conole]

Hi Greg,

Greg Rose  writes:

> A previous patch added post install and post uninstall scripts which
> use the weak-modules utility to make sure that openvswitch kernel
> modules are copied to the correct kernel directory.  While this
> patch did fix some issues there are two remaining issues we have
> found.
>
> 1) In the case where the OS is running kernel X and the openvswitch
>kernel modules have been previously installed correctly and are
>working without a problem and then updating to Kernel X.1 we find
>that the correct openvswitch kernel module no longer loads.
> 2) In the case where a kernel module rpm has been built against an
>older kernel but installed on a newer kernel then the correct
>openvswitch kernel module will not load.
>
> This patch changes the weak-modules parameter to --add-kernel instead
> of --add-modules. This fixes the problem in case 1.  In addition
> we modify the openvswitch depmod configuration file installed to the
> /etc/depmod.d directory and prepend a "01" to the name of the file.
> We then insert the first line of the file with a search path that
> will find weak-updates first. This change along with the change
> to the weak-modules utility parameters fixes the problem in case 2.
>
> I also modified the kernel module configuration file for both the
> rhel6 and rhel7/fedora specs to use a common "01openvswitch.conf"
> file name format.
>
> Cc: Flavio Leitner 
> Co-authored-by: Gurucharan Shetty 
> Signed-off-by: Greg Rose 
> ---

Nit: The co-authored-by requires a signoff (according to the
contributing guide) from the author.

I didn't look at the contents of the patch since I'm not as familiar
with weak-updates as I probably should be (more of a dkms fan, myself).

-Aaron
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] checkpatch.py: Add check for "xxx" in comments.

[Justin Pettit]

> On Jan 25, 2018, at 12:36 PM, Aaron Conole  wrote:
> 
> Because more voices of support are better - I am in favor of this
> change.
> 
> I agree with the sentiment that checkpatch is meant to help bring things
> to light that humans sometimes glaze over (we all develop our own way of
> 'reading' code - for me I just don't *see* whitespace anymore, so
> checkpatch helps me self enforce it).  I don't think I'd ever trust a
> machine, even one as snazzy as checkpatch, with true veto power over a
> change.  In that vein, this helps draw the eye to "hey there's really
> something incomplete here - perhaps it is worth taking a closer look."
> 
> Especially since I have been known to leave things behind - and having
> the checkpatch hook catch it for me early is better.
> 
> All that long winded response to simply:
> 
> Acked-by: Aaron Conole 

Thanks!  I pushed this to master.

> On a side note - I was really happy to see that the in-comment tracking
> worked for most of the cases I tried.  The only one that didn't catch
> is:
> 
>  /*
>   XXX : something here
>   */
> 
> but I don't think it's worth trying to solve that :)

Thanks.  The patch that initiated it had a couple variations, which made me 
work harder on it than I probably would have.  I agree that it has some room 
for improvement, though.  :-)

--Justin


___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] rhel: Change depmod configuration

[Gregory Rose]

On 1/25/2018 12:58 PM, Aaron Conole wrote:

Hi Greg,

Greg Rose  writes:


A previous patch added post install and post uninstall scripts which
use the weak-modules utility to make sure that openvswitch kernel
modules are copied to the correct kernel directory.  While this
patch did fix some issues there are two remaining issues we have
found.

1) In the case where the OS is running kernel X and the openvswitch
kernel modules have been previously installed correctly and are
working without a problem and then updating to Kernel X.1 we find
that the correct openvswitch kernel module no longer loads.
2) In the case where a kernel module rpm has been built against an
older kernel but installed on a newer kernel then the correct
openvswitch kernel module will not load.

This patch changes the weak-modules parameter to --add-kernel instead
of --add-modules. This fixes the problem in case 1.  In addition
we modify the openvswitch depmod configuration file installed to the
/etc/depmod.d directory and prepend a "01" to the name of the file.
We then insert the first line of the file with a search path that
will find weak-updates first. This change along with the change
to the weak-modules utility parameters fixes the problem in case 2.

I also modified the kernel module configuration file for both the
rhel6 and rhel7/fedora specs to use a common "01openvswitch.conf"
file name format.

Cc: Flavio Leitner 
Co-authored-by: Gurucharan Shetty 
Signed-off-by: Greg Rose 
---

Nit: The co-authored-by requires a signoff (according to the
contributing guide) from the author.


Oops.  I'll send  V2 with that fixed after more review time.  I'm hoping 
Flavio can review it

since he reviewed the initial patches.

Thanks,

- Greg



I didn't look at the contents of the patch since I'm not as familiar
with weak-updates as I probably should be (more of a dkms fan, myself).

-Aaron


___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [RFC] netdev-dpdk: Update amount of mbufs requested.

[Stokes, Ian]

> -Original Message-
> From: Kevin Traynor [mailto:ktray...@redhat.com]
> Sent: Tuesday, January 23, 2018 6:43 PM
> To: d...@openvswitch.org; Wojciechowicz, RobertX
> ; venkatesan.prad...@ericsson.com;
> jan.scheur...@ericsson.com; Stokes, Ian ;
> i.maxim...@samsung.com; Kavanagh, Mark B ;
> acon...@redhat.com; f...@redhat.com
> Cc: Kevin Traynor ; Fischetti, Antonio
> 
> Subject: [RFC] netdev-dpdk: Update amount of mbufs requested.
> 
> As each DPDK port now has its own mempool, it means depending on the
> amount of ports and their configuration we can now require a lot more
> memory than previously needed.
> 
> Reduce the amount of extra mbufs requested for each port and set as a
> minimum the amount of mbufs that are needed when the queues, caches and
> inflight buffers associated with that port are full.
> 

Thanks for this Kevin, I understand you had only compile tested this so I ran 
it through the vsperf integration test suite and there were issues found 
effecting existing features.

Ian.
> CC: Antonio Fischetti 
> CC: Robert Wojciechowicz 
> Fixes: d555d9bded5f ("netdev-dpdk: Create separate memory pool for each
> port.")
> Reported-by: Venkatesan Pradeep 
> Signed-off-by: Kevin Traynor 
> ---
>  lib/netdev-dpdk.c | 23 ---
>  1 file changed, 12 insertions(+), 11 deletions(-)
> 
> diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c index ac2e38e..0c72ab9
> 100644
> --- a/lib/netdev-dpdk.c
> +++ b/lib/netdev-dpdk.c
> @@ -92,9 +92,8 @@ static struct vlog_rate_limit rl =
> VLOG_RATE_LIMIT_INIT(5, 20);
>  #define NETDEV_DPDK_MAX_PKT_LEN 9728
> 
> -/* Min number of packets in the mempool.  OVS tries to allocate a mempool
> with
> - * roughly estimated number of mbufs: if this fails (because the system
> doesn't
> - * have enough hugepages) we keep halving the number until the allocation
> - * succeeds or we reach MIN_NB_MBUF */
> -#define MIN_NB_MBUF  (4096 * 4)
> + /*
> +  * Amount of additional packets requested with the minimum for port
> mempool.
> +  */
> +#define NB_MBUF_ADD  (4096)
>  #define MP_CACHE_SZ  RTE_MEMPOOL_CACHE_MAX_SIZE
> 
> @@ -518,5 +517,5 @@ dpdk_mp_create(struct netdev_dpdk *dev, int mtu)
>  const char *netdev_name = netdev_get_name(>up);
>  int socket_id = dev->requested_socket_id;
> -uint32_t n_mbufs;
> +uint32_t n_mbufs, min_mbufs;
>  uint32_t hash = hash_string(netdev_name, 0);
>  struct rte_mempool *mp = NULL;
> @@ -529,8 +528,9 @@ dpdk_mp_create(struct netdev_dpdk *dev, int mtu)
>   * + 
>   */
> -n_mbufs = dev->requested_n_rxq * dev->requested_rxq_size
> -  + dev->requested_n_txq * dev->requested_txq_size
> -  + MIN(RTE_MAX_LCORE, dev->requested_n_rxq) *
> NETDEV_MAX_BURST
> -  + MIN_NB_MBUF;
> +min_mbufs = dev->requested_n_rxq * dev->requested_rxq_size
> ++ dev->requested_n_txq * dev->requested_txq_size
> ++ MIN(RTE_MAX_LCORE, dev->requested_n_rxq) *
> NETDEV_MAX_BURST
> ++ MIN(RTE_MAX_LCORE, dev->requested_n_rxq) * MP_CACHE_SZ;
> +n_mbufs = min_mbufs + NB_MBUF_ADD;
> 
>  ovs_mutex_lock(_mp_mutex);
> @@ -579,5 +579,6 @@ dpdk_mp_create(struct netdev_dpdk *dev, int mtu)
>   mp_name, n_mbufs);
>  }
> -} while (!mp && rte_errno == ENOMEM && (n_mbufs /= 2) >=
> MIN_NB_MBUF);
> +n_mbufs = n_mbufs == min_mbufs ? 0 : MAX(min_mbufs, n_mbufs / 2);
> +} while (!mp && rte_errno == ENOMEM && n_mbufs);
> 
>  ovs_mutex_unlock(_mp_mutex);
> --
> 1.8.3.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] Finanzas prácticas para no financieros

[Dirija sus finanzas de su empresa con éxito]

Conozca y dirija sus finanzas de su empresa con éxito 

Finanzas prácticas para no financieros
14 de Febrero- CP. Hugo Coca Chávez - 9am- 8pm

Fundamentar la toma de decisiones financieras a través del conocimiento de 
distintas herramientas que permiten resolver problemas personales y 
empresariales, analizar la información financiera básica de la empresa por 
medio de diversas herramientas para determinar su productividad, liquidez y 
rentabilidad, es de vital importancia para apoyar la toma de decisiones en la 
organización. 

BENEFICIOS DE ASISTIR: 

- Comprender qué son las finanzas y cuál es su importancia en la operación del 
negocio. 
-Entenderá cómo se formulan los estados financieros. 
-Sabrá cómo aplicar las técnicas del análisis financiero para determinar las 
fortalezas y las debilidades de su operación productiva. 
-Aprenderá a sobre los costos, su manejo y control, así como las opciones de 
inversión y rentabilidad. 

¿Requiere la información a la Brevedad? responda este email con la palabra: 
Finanzas + nombre - teléfono - correo.


centro telefónico:018002120744 


 


___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] Actualización para compradores profesionales

[Asegure su lugar]

 

En línea y en Vivo / Para todo su Equipo con una sola Conexión 

Cómo ser el mejor COMPRADOR
Actualización para compradores profesionales
08 de febrero - Online en Vivo - 10:00 a 13:00 y de 15:00 a 18:00 Hrs   
 
En el pasado, un comprador solo adquiría mercancía…pero ahora ya no. Se espera 
que también, aparte de solicitar pedidos… negocie para conseguir precios más 
bajos y un servicio mejor… sepa exactamente lo que debe incluirse en un 
contrato…. y tenga ideas innovadoras para reducir los costos y garantizar la 
calidad de las entregas. 

TEMARIO: 

1. Técnicas de predicción. 

2. Las necesidades de la empresa. 

3. Evaluación de proveedores.

4. ¿Qué se puede negociar?

- Y mucho más. 




 
¿Requiere la información a la Brevedad?
responda este email con la palabra: Comprador.
Junto con los siguientes datos:
Nombre:
Teléfono:
Empresa:
centro telefónico: 018002129393


Lic. Manuel Ravell 
Líder de Proyecto


 
¿Demasiados mensajes en su cuenta? Responda este mensaje indicando que solo 
desea recibir CALENDARIO y sólo recibirá un correo al mes. Si desea cancelar la 
suscripción, solicite su BAJA..
 

 

 



___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] mbuf pool sizing

[Kevin Traynor]

On 01/24/2018 10:19 AM, Venkatesan Pradeep wrote:
> Hi Kevin,
> 
> My primary concern is that someone upgrading to OVS2.9 may find that 
> configurations that were previously working fine no longer do because the 
> memory dimensioned for OVS may not be sufficient. It could be argued that 
> since the shared mempool method allocates a fixed number of buffers it may 
> not be enough in all cases  but the fact remains that existing deployments 
> that are working just fine may have issues after upgrading and that needs to 
> be addressed.
> 
> Even with the per-port allocation scheme we can only have a rough estimate. 
> RxQ buffer sizing is adequate but TxQ  buffer sizing is not for the following 
> reasons:
> 
> 1)The estimate should consider the possibility of packets from one port 
> being stuck on all other port txqs and so the *worst case * TxQ buffer sizing 
> for stolen packets should really be the Sigma of (dev->requested_n_txq * 
> dev->requested_txq_size) for every other port. This will bloat up the pool 
> size. Also when a new port is added or an existing port’s queue attributes 
> are changed, every other port’s mempool has to be resized and that may fail.  
> A high value for MIN_NB_MBUF is likely helping to cover the shortfall.
> 2)Currently, In the case of tx to vhostuser queues, packets are always 
> copied and so in the above calculation we need to consider only physical dpdk 
> ports. I haven’t looked closely at the proposed zero-copy change but I assume 
> if that is enabled we would have to take into account the queue size for 
> vhostuser ports as well.
> 3) For cloned packets (dev->requested_n_txq * dev->requested_txq_size) would 
> suffice
> 4) Tx batching would add a bit more to the estimate
>

I completely agree with everything you said above and thanks for
pointing out those additional cases.

> That said, unless the TxQs are drained slowly in comparison to the rate at 
> which the packets are enqueued, the queue occupancy may never be high enough 
> to justify the worst case allocation estimate and lots of memory will be 
> wasted. 
> 
> Shared mempool does have an advantage since it allows more efficient sharing 
> of the mbufs but yes using a one-size-fits-all approach won’t work in all 
> cases. Even when different MTUs are involved, if the values are close enough 
> the associated ports will share the memory pools and we may only need a small 
> number of memory pools. Perhaps making the size configurable or even having 
> them grow dynamically when the usage goes high would be something to consider?
> 

It could be a good solution, but the problem now is, it is too late for
a big change like that for OVS 2.9.

For the time being, how about just adding in the mbuf core cache
(because we know we will want to use that) and changing MIN_NB_MBUF to
(4096 * 2) to cover for the other cases where tx queues/tx batching etc
may hold some? That should make it ~20 ports per socket before the user
would require additional memory.

Kevin.

diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c
index ac2e38e..7959e3f 100644
--- a/lib/netdev-dpdk.c
+++ b/lib/netdev-dpdk.c
@@ -96,5 +96,5 @@ static struct vlog_rate_limit rl =
VLOG_RATE_LIMIT_INIT(5, 20);
  * have enough hugepages) we keep halving the number until the allocation
  * succeeds or we reach MIN_NB_MBUF */
-#define MIN_NB_MBUF  (4096 * 4)
+#define MIN_NB_MBUF  (4096 * 2)
 #define MP_CACHE_SZ  RTE_MEMPOOL_CACHE_MAX_SIZE

@@ -532,4 +532,5 @@ dpdk_mp_create(struct netdev_dpdk *dev, int mtu)
   + dev->requested_n_txq * dev->requested_txq_size
   + MIN(RTE_MAX_LCORE, dev->requested_n_rxq) * NETDEV_MAX_BURST
+  + MIN(RTE_MAX_LCORE, dev->requested_n_rxq) * MP_CACHE_SZ
   + MIN_NB_MBUF;



> Regards,
> 
> Pradeep
> 
> 
> -Original Message-
> From: Kevin Traynor [mailto:ktray...@redhat.com] 
> Sent: Wednesday, January 24, 2018 12:15 AM
> To: Venkatesan Pradeep ; 
> ovs-dev@openvswitch.org; ovs-disc...@openvswitch.org; Robert Wojciechowicz 
> ; Ian Stokes ; Ilya 
> Maximets ; Kavanagh, Mark B 
> 
> Subject: Re: [ovs-dev] mbuf pool sizing
> 
> On 01/23/2018 11:42 AM, Kevin Traynor wrote:
>> On 01/17/2018 07:48 PM, Venkatesan Pradeep wrote:
>>> Hi,
>>>
>>> Assuming that all ports use the same MTU,  in OVS2.8 and earlier, a 
>>> single mempool of 256K buffers (MAX_NB_MBUF = 4096 * 64) will be 
>>> created and shared by all the ports
>>>
>>> With the OVS2.9 mempool patches, we have port specific allocation and the 
>>> number of mbufs created for each port is based on the following formula 
>>> (with a lower limit of MIN_NB_MBUF = 4096*4)
>>>n_mbufs = dev->requested_n_rxq * dev->requested_rxq_size
>>>   + dev->requested_n_txq * dev->requested_txq_size
>>>   + MIN(RTE_MAX_LCORE, 

[ovs-dev] [PATCH 1/5] ofproto: Fix double-unref of temporary rule when learning.

[Ben Pfaff]

When ofproto_flow_mod_init() accepts a rule, it takes ownership of it and
either unrefs it on error or transfers ownership to the struct it
initializes on success, but ofproto_flow_mod_init_for_learn() was unref-ing
it a second time if it reported an error.

Signed-off-by: Ben Pfaff 
---
 ofproto/ofproto-provider.h |  5 -
 ofproto/ofproto.c  | 16 ++--
 2 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/ofproto/ofproto-provider.h b/ofproto/ofproto-provider.h
index 9dc73c482119..ae4af4525705 100644
--- a/ofproto/ofproto-provider.h
+++ b/ofproto/ofproto-provider.h
@@ -1874,7 +1874,10 @@ struct rule_criteria {
 /* flow_mod with execution context. */
 struct ofproto_flow_mod {
 /* Allocated by 'init' phase, may be freed after 'start' phase, as these
- * are not needed for 'revert' nor 'finish'. */
+ * are not needed for 'revert' nor 'finish'.
+ *
+ * This structure owns a reference to 'temp_rule' (if it is nonnull) that
+ * must be eventually be released with ofproto_rule_unref().  */
 struct rule *temp_rule;
 struct rule_criteria criteria;
 struct cls_conjunction *conjs;
diff --git a/ofproto/ofproto.c b/ofproto/ofproto.c
index d42acd747acc..76d96a6f93f3 100644
--- a/ofproto/ofproto.c
+++ b/ofproto/ofproto.c
@@ -4948,15 +4948,14 @@ ofproto_rule_create(struct ofproto *ofproto, struct 
cls_rule *cr,
 
 /* Initialize 'ofm' for a learn action.  If the rule already existed, reference
  * to that rule is taken, otherwise a new rule is created.  'ofm' keeps the
- * rule reference in both.  This does not take the global 'ofproto_mutex'. */
+ * rule reference in both.  This does not take the global 'ofproto_mutex'.
+ */
 enum ofperr
 ofproto_flow_mod_init_for_learn(struct ofproto *ofproto,
 const struct ofputil_flow_mod *fm,
 struct ofproto_flow_mod *ofm)
 OVS_EXCLUDED(ofproto_mutex)
 {
-enum ofperr error;
-
 /* Reject flow mods that do not look like they were generated by a learn
  * action. */
 if (fm->command != OFPFC_MODIFY_STRICT || fm->table_id == OFPTT_ALL
@@ -4997,13 +4996,7 @@ ofproto_flow_mod_init_for_learn(struct ofproto *ofproto,
 }
 }
 
-/* Initialize ofproto_flow_mod for future use. */
-error = ofproto_flow_mod_init(ofproto, ofm, fm, rule);
-if (error) {
-ofproto_rule_unref(rule);
-return error;
-}
-return 0;
+return ofproto_flow_mod_init(ofproto, ofm, fm, rule);
 }
 
 enum ofperr
@@ -7558,6 +7551,9 @@ ofproto_flow_mod_uninit(struct ofproto_flow_mod *ofm)
 }
 }
 
+/* Initializes 'ofm' with 'ofproto', 'fm', and 'rule'.  'rule' may be null, but
+ * if it is nonnull then the caller must own a reference to it, which on
+ * success is transferred to 'ofm' and on failure is unreffed. */
 static enum ofperr
 ofproto_flow_mod_init(struct ofproto *ofproto, struct ofproto_flow_mod *ofm,
   const struct ofputil_flow_mod *fm, struct rule *rule)
-- 
2.10.2

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 5/5] ovs-vswitchd: Avoid or suppress memory leak warning for glibc aio.

[Ben Pfaff]

The asynchronous IO library in glibc starts threads that show up as memory
leaks in valgrind.  This commit attempts to avoid the warnings by flushing
all the asynchronous I/O to the log file before exiting.  This only does
part of the job for glibc since it keeps the threads around for some
undefined idle time before killing them, so in addition this commit adds a
valgrind suppression to stop displaying these warnings in any case.

Signed-off-by: Ben Pfaff 
---
 include/openvswitch/vlog.h |  1 +
 lib/vlog.c | 10 ++
 tests/glibc.supp   |  9 +
 vswitchd/ovs-vswitchd.c|  1 +
 4 files changed, 21 insertions(+)

diff --git a/include/openvswitch/vlog.h b/include/openvswitch/vlog.h
index 3a4042113a36..98d477911acc 100644
--- a/include/openvswitch/vlog.h
+++ b/include/openvswitch/vlog.h
@@ -146,6 +146,7 @@ void vlog_set_syslog_target(const char *target);
 /* Initialization. */
 void vlog_init(void);
 void vlog_enable_async(void);
+void vlog_disable_async(void);
 
 /* Functions for actual logging. */
 void vlog(const struct vlog_module *, enum vlog_level, const char *format, ...)
diff --git a/lib/vlog.c b/lib/vlog.c
index 6e87665fcd11..f286950431ff 100644
--- a/lib/vlog.c
+++ b/lib/vlog.c
@@ -836,6 +836,16 @@ vlog_enable_async(void)
 ovs_mutex_unlock(_file_mutex);
 }
 
+void
+vlog_disable_async(void)
+{
+ovs_mutex_lock(_file_mutex);
+log_async = false;
+async_append_destroy(log_writer);
+log_writer = NULL;
+ovs_mutex_unlock(_file_mutex);
+}
+
 /* Print the current logging level for each module. */
 char *
 vlog_get_levels(void)
diff --git a/tests/glibc.supp b/tests/glibc.supp
index 948ee013f458..031f8bde0f77 100644
--- a/tests/glibc.supp
+++ b/tests/glibc.supp
@@ -15,3 +15,12 @@
fun:set_up_timer
 }
 
+{
+   aio
+   Memcheck:Leak
+   fun:calloc
+   ...
+   fun:allocate_stack
+   ...
+   fun:__aio_create_helper_thread
+}
diff --git a/vswitchd/ovs-vswitchd.c b/vswitchd/ovs-vswitchd.c
index 53e511999594..12cb5d494d41 100644
--- a/vswitchd/ovs-vswitchd.c
+++ b/vswitchd/ovs-vswitchd.c
@@ -136,6 +136,7 @@ main(int argc, char *argv[])
 bridge_exit(cleanup);
 unixctl_server_destroy(unixctl);
 service_stop();
+vlog_disable_async();
 ovsrcu_exit();
 
 return 0;
-- 
2.10.2

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH branch-2.8 1/1] tc flower: reorder tunnel encap/decap actions

[John Hurley]

The tc_flower conversion struct does not consider the order of actions.
If an OvS rule matches on a tunnel (decap) and outputs to a new tunnel,
the netlink conversion to TC will add the set tunnel key action before the
unset, leading to an incorrect TC rule. This patch reorders the netlink
generation to ensure a decap is done before an encap if both exist.

Patch was committed to master. Backport to branch 2.8 requested by Simon
Horman.

Signed-off-by: John Hurley 
Reviewed-by: Simon Horman 
---
 lib/tc.c | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/lib/tc.c b/lib/tc.c
index 5c36d0d..6f8cd1b 100644
--- a/lib/tc.c
+++ b/lib/tc.c
@@ -921,6 +921,11 @@ nl_msg_put_flower_acts(struct ofpbuf *request, struct 
tc_flower *flower)
 {
 uint16_t act_index = 1;
 
+if (flower->tunnel.tunnel) {
+act_offset = nl_msg_start_nested(request, act_index++);
+nl_msg_put_act_tunnel_key_release(request);
+nl_msg_end_nested(request, act_offset);
+}
 if (flower->set.set) {
 act_offset = nl_msg_start_nested(request, act_index++);
 nl_msg_put_act_tunnel_key_set(request, flower->set.id,
@@ -931,11 +936,6 @@ nl_msg_put_flower_acts(struct ofpbuf *request, struct 
tc_flower *flower)
   flower->set.tp_dst);
 nl_msg_end_nested(request, act_offset);
 }
-if (flower->tunnel.tunnel) {
-act_offset = nl_msg_start_nested(request, act_index++);
-nl_msg_put_act_tunnel_key_release(request);
-nl_msg_end_nested(request, act_offset);
-}
 if (flower->vlan_pop) {
 act_offset = nl_msg_start_nested(request, act_index++);
 nl_msg_put_act_pop_vlan(request);
-- 
1.9.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH v2 0/4] Check size of packets before sending

[Marcelo Ricardo Leitner]

On Thu, Jan 25, 2018 at 03:31:05PM +1100, Daniel Axtens wrote:
> There are a few ways we can send packets that are too large to a
> network driver.
> 
> When non-GSO packets are forwarded, we validate their size, based on
> the MTU of the destination device. However, when GSO packets are
> forwarded, we do not validate their size. We implicitly assume that
> when they are segmented, the resultant packets will be correctly
> sized.
...

Patchset LGTM, but I also think it's risky merging this one in by now.

  Marcelo
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 2/5] ofproto: Avoid use-after-free on error path in ofproto_flow_mod_learn().

[Ben Pfaff]

In the case where the learned flow limit has been reached (below_limit ==
false), ofproto_flow_mod_uninit() would unref ofm->temp_rule (which is
also in the 'rule' local variable) before dereferencing rule->flow_cookie
for the log message.  This fixes the problem.

(The greatest likely consequence of this bug was logging the wrong cookie
value.)

Signed-off-by: Ben Pfaff 
---
 ofproto/ofproto.c | 10 --
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/ofproto/ofproto.c b/ofproto/ofproto.c
index 76d96a6f93f3..1b80a327ac18 100644
--- a/ofproto/ofproto.c
+++ b/ofproto/ofproto.c
@@ -5141,15 +5141,13 @@ ofproto_flow_mod_learn(struct ofproto_flow_mod *ofm, 
bool keep_ref,
 ofproto_flow_mod_learn_finish(ofm, NULL);
 }
 } else {
+static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
+VLOG_INFO_RL(, "Learn limit for flow %"PRIu64" reached.",
+ rule->flow_cookie);
+
 ofproto_flow_mod_uninit(ofm);
 }
 ovs_mutex_unlock(_mutex);
-
-if (!below_limit) {
-static struct vlog_rate_limit learn_rl = VLOG_RATE_LIMIT_INIT(1, 
5);
-VLOG_INFO_RL(_rl, "Learn limit for flow %"PRIu64" reached.",
- rule->flow_cookie);
-}
 }
 
 if (!keep_ref && below_limit) {
-- 
2.10.2

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 4/5] ovs-vswitchd: Fire RCU callbacks before exit to reduce memory leak warnings.

[Ben Pfaff]

ovs-vswitchd makes extensive use of RCU to defer freeing memory past the
latest time that it could be in use by a thread.  Until now, ovs-vswitchd
has not waited for RCU callbacks to fire before exiting.  This meant that
in many cases, when ovs-vswitchd exits, many blocks of memory are stuck in
RCU callback queues, which valgrind often reports as "possible" memory
leaks.

This commit adds a new function ovsrcu_exit() that waits and fires as many
RCU callbacks as it reasonably can.  It can only do so for the thread that
calls it and the thread that calls the callbacks, but generally speaking
ovs-vswitchd shuts down other threads before it exits anyway, so this is
pretty good.

In my testing this eliminates most valgrind warnings for tests that run
ovs-vswitchd.  This ought to make it easier to distinguish new leaks that
are real from existing non-leaks.

Signed-off-by: Ben Pfaff 
---
 lib/ovs-rcu.c   | 55 +++--
 lib/ovs-rcu.h   |  2 ++
 vswitchd/ovs-vswitchd.c |  2 ++
 3 files changed, 57 insertions(+), 2 deletions(-)

diff --git a/lib/ovs-rcu.c b/lib/ovs-rcu.c
index 05a46d4524e3..ebc8120f0fd3 100644
--- a/lib/ovs-rcu.c
+++ b/lib/ovs-rcu.c
@@ -19,6 +19,7 @@
 #include "ovs-rcu.h"
 #include "fatal-signal.h"
 #include "guarded-list.h"
+#include "latch.h"
 #include "openvswitch/list.h"
 #include "ovs-thread.h"
 #include "openvswitch/poll-loop.h"
@@ -58,6 +59,9 @@ static struct ovs_mutex ovsrcu_threads_mutex;
 static struct guarded_list flushed_cbsets;
 static struct seq *flushed_cbsets_seq;
 
+static struct latch postpone_exit;
+static struct ovs_barrier postpone_barrier;
+
 static void ovsrcu_init_module(void);
 static void ovsrcu_flush_cbset__(struct ovsrcu_perthread *, bool);
 static void ovsrcu_flush_cbset(struct ovsrcu_perthread *);
@@ -111,6 +115,8 @@ ovsrcu_quiesced(void)
 } else {
 static struct ovsthread_once once = OVSTHREAD_ONCE_INITIALIZER;
 if (ovsthread_once_start()) {
+latch_init(_exit);
+ovs_barrier_init(_barrier, 2);
 ovs_thread_create("urcu", ovsrcu_postpone_thread, NULL);
 ovsthread_once_done();
 }
@@ -232,6 +238,49 @@ ovsrcu_synchronize(void)
 ovsrcu_quiesce_end();
 }
 
+/* Waits until as many postponed callbacks as possible have executed.
+ *
+ * As a side effect, stops the background thread that calls the callbacks and
+ * prevents it from being restarted.  This means that this function should only
+ * be called soon before a process exits, as a mechanism for releasing memory
+ * to make memory leaks easier to detect, since any further postponed callbacks
+ * won't actually get called.
+ *
+ * This function can only wait for callbacks registered by the current thread
+ * and the background thread that calls the callbacks.  Thus, it will be most
+ * effective if other threads have already exited. */
+void
+ovsrcu_exit(void)
+{
+/* Stop the postpone thread and wait for it to exit.  Otherwise, there's no
+ * way to wait for that thread to finish calling callbacks itself. */
+if (!single_threaded()) {
+ovsrcu_quiesced();  /* Ensure that the postpone thread exists. */
+latch_set(_exit);
+ovs_barrier_block(_barrier);
+}
+
+/* Repeatedly:
+ *
+ *- Wait for a grace period.  One important side effect is to push the
+ *  running thread's cbset into 'flushed_cbsets' so that the next call
+ *  has something to call.
+ *
+ *- Call all the callbacks in 'flushed_cbsets'.  If there aren't any,
+ *  we're done, otherwise the callbacks themselves might have requested
+ *  more deferred callbacks so we go around again.
+ *
+ * We limit the number of iterations just in case some bug causes an
+ * infinite loop.  This function is just for making memory leaks easier to
+ * spot so there's no point in breaking things on that basis. */
+for (int i = 0; i < 8; i++) {
+ovsrcu_synchronize();
+if (!ovsrcu_call_postponed()) {
+break;
+}
+}
+}
+
 /* Registers 'function' to be called, passing 'aux' as argument, after the
  * next grace period.
  *
@@ -303,15 +352,17 @@ ovsrcu_postpone_thread(void *arg OVS_UNUSED)
 {
 pthread_detach(pthread_self());
 
-for (;;) {
+while (!latch_is_set(_exit)) {
 uint64_t seqno = seq_read(flushed_cbsets_seq);
 if (!ovsrcu_call_postponed()) {
 seq_wait(flushed_cbsets_seq, seqno);
+latch_wait(_exit);
 poll_block();
 }
 }
 
-OVS_NOT_REACHED();
+ovs_barrier_block(_barrier);
+return NULL;
 }
 
 static void
diff --git a/lib/ovs-rcu.h b/lib/ovs-rcu.h
index 2887bb8f7ffc..ecc4c920102c 100644
--- a/lib/ovs-rcu.h
+++ b/lib/ovs-rcu.h
@@ -308,4 +308,6 @@ bool ovsrcu_is_quiescent(void);
  * once.  This can block for a relatively long time. */
 void ovsrcu_synchronize(void);
 
+void ovsrcu_exit(void);
+
 

[ovs-dev] [PATCH 3/5] ovs-vsctl, vtep-ctl: Free 'args' string on exit.

[Ben Pfaff]

This avoids a memory leak warning from valgrind.

ovn-sbctl and ovn-nbctl already followed this pattern.

Signed-off-by: Ben Pfaff 
---
 utilities/ovs-vsctl.c | 12 
 vtep/vtep-ctl.c   | 12 
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/utilities/ovs-vsctl.c b/utilities/ovs-vsctl.c
index 7b909431db32..6e47ca361ac4 100644
--- a/utilities/ovs-vsctl.c
+++ b/utilities/ovs-vsctl.c
@@ -97,7 +97,7 @@ OVS_NO_RETURN static void usage(void);
 static void parse_options(int argc, char *argv[], struct shash *local_options);
 static void run_prerequisites(struct ctl_command[], size_t n_commands,
   struct ovsdb_idl *);
-static void do_vsctl(const char *args, struct ctl_command *, size_t n,
+static bool do_vsctl(const char *args, struct ctl_command *, size_t n,
  struct ovsdb_idl *);
 
 /* post_db_reload_check frame work is to allow ovs-vsctl to do additional
@@ -181,7 +181,10 @@ main(int argc, char *argv[])
 
 if (seqno != ovsdb_idl_get_seqno(idl)) {
 seqno = ovsdb_idl_get_seqno(idl);
-do_vsctl(args, commands, n_commands, idl);
+if (do_vsctl(args, commands, n_commands, idl)) {
+free(args);
+exit(EXIT_SUCCESS);
+}
 }
 
 if (seqno == ovsdb_idl_get_seqno(idl)) {
@@ -2482,7 +2485,7 @@ vsctl_parent_process_info(void)
 #endif
 }
 
-static void
+static bool
 do_vsctl(const char *args, struct ctl_command *commands, size_t n_commands,
  struct ovsdb_idl *idl)
 {
@@ -2666,7 +2669,7 @@ do_vsctl(const char *args, struct ctl_command *commands, 
size_t n_commands,
 ovsdb_idl_txn_destroy(txn);
 ovsdb_idl_destroy(idl);
 
-exit(EXIT_SUCCESS);
+return true;
 
 try_again:
 /* Our transaction needs to be rerun, or a prerequisite was not met.  Free
@@ -2682,6 +2685,7 @@ try_again:
 free(c->table);
 }
 free(error);
+return false;
 }
 
 /* Frees the current transaction and the underlying IDL and then calls
diff --git a/vtep/vtep-ctl.c b/vtep/vtep-ctl.c
index 3af71498bc02..056dc687aa16 100644
--- a/vtep/vtep-ctl.c
+++ b/vtep/vtep-ctl.c
@@ -82,7 +82,7 @@ OVS_NO_RETURN static void usage(void);
 static void parse_options(int argc, char *argv[], struct shash *local_options);
 static void run_prerequisites(struct ctl_command[], size_t n_commands,
   struct ovsdb_idl *);
-static void do_vtep_ctl(const char *args, struct ctl_command *, size_t n,
+static bool do_vtep_ctl(const char *args, struct ctl_command *, size_t n,
 struct ovsdb_idl *);
 static struct vtep_ctl_lswitch *find_lswitch(struct vtep_ctl_context *,
  const char *name,
@@ -144,7 +144,10 @@ main(int argc, char *argv[])
 
 if (seqno != ovsdb_idl_get_seqno(idl)) {
 seqno = ovsdb_idl_get_seqno(idl);
-do_vtep_ctl(args, commands, n_commands, idl);
+if (do_vtep_ctl(args, commands, n_commands, idl)) {
+free(args);
+exit(EXIT_SUCCESS);
+}
 }
 
 if (seqno == ovsdb_idl_get_seqno(idl)) {
@@ -2257,7 +2260,7 @@ run_prerequisites(struct ctl_command *commands, size_t 
n_commands,
 }
 }
 
-static void
+static bool
 do_vtep_ctl(const char *args, struct ctl_command *commands,
 size_t n_commands, struct ovsdb_idl *idl)
 {
@@ -2405,7 +2408,7 @@ do_vtep_ctl(const char *args, struct ctl_command 
*commands,
 
 ovsdb_idl_destroy(idl);
 
-exit(EXIT_SUCCESS);
+return true;
 
 try_again:
 /* Our transaction needs to be rerun, or a prerequisite was not met.  Free
@@ -2421,6 +2424,7 @@ try_again:
 free(c->table);
 }
 free(error);
+return false;
 }
 
 static const struct ctl_command_syntax vtep_commands[] = {
-- 
2.10.2

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] gre: strip gre-tso offload flags

[Gregory Rose]

On 1/25/2018 10:22 AM, Ben Pfaff wrote:

On Thu, Jan 25, 2018 at 10:16:23AM -0800, Gregory Rose wrote:

On 12/28/2017 8:45 PM, we...@ucloud.cn wrote:

From: wenxu 

if the gro enable, ipgre receive a gre-tso package. After pop
the gre-tunnel the encapsulation and GSO_ENCAP flags should be
striped. or the packet encap again and will be dropped in
ovs_iptunnel_handle_offloads

Signed-off-by: wenxu 
---
  datapath/linux/compat/ip_gre.c | 2 ++
  1 file changed, 2 insertions(+)

diff --git a/datapath/linux/compat/ip_gre.c b/datapath/linux/compat/ip_gre.c
index 03c5435..94fdaa9 100644
--- a/datapath/linux/compat/ip_gre.c
+++ b/datapath/linux/compat/ip_gre.c
@@ -140,6 +140,8 @@ static int ipgre_rcv(struct sk_buff *skb, const struct 
tnl_ptk_info *tpi)
__be64 tun_id;
int err;
+   if (iptunnel_pull_offloads(skb))
+   return PACKET_REJECT;
skb_pop_mac_header(skb);
flags = tpi->flags & (TUNNEL_CSUM | TUNNEL_KEY);

Sorry for the delay Wenxu but I finally got to it.

Tested-by: Greg Rose 
Reviewed-by: Greg Rose 

Thanks wenxu and Greg.  I applied this to master and branch-2.9.  If it
should be backported further, please let me know.


I think branch-2.8 as well.  But I'll let Wenxu comment further.

Thanks Ben,

- Greg
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] Gastos no deducibles

[Gastos de Viaje, Viáticos]

 
Gastos de Viaje, Viáticos y su Régimen Fiscal
Febrero 08 - webinar Interactivo

Dirigido a:
-Encargados de elaborar las políticas relacionadas con los gastos de viaje.
- A quienes tienen la responsabilidad de efectuar los pagos de viáticos.
-A quienes registran en contabilidad los gastos de viaje.
-A quienes elaboran las declaraciones del ISR e IVA.

Algunos de los temas que incluye nuestro webinar:
-Definición de gastos de viaje.
-Gastos no deducibles.
-Impacto fiscal y financiero.
-Requisitos para deducir -ISR -CFDI  
 
Temario e Inscripciones:

Respondiendo por este medio "Viáticos"+TELÉFONO + NOMBRE o marcando al:

045 + 5515546630  



___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] ovs-atomic: Fix typo in comment.

[Justin Pettit]

> On Jan 25, 2018, at 11:51 AM, Ben Pfaff  wrote:
> 
> Signed-off-by: Ben Pfaff 
> ---
> lib/ovs-atomic.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/lib/ovs-atomic.h b/lib/ovs-atomic.h
> index 75560935f963..4664eefaf3a1 100644
> --- a/lib/ovs-atomic.h
> +++ b/lib/ovs-atomic.h
> @@ -300,7 +300,7 @@
>  * bool atomic_flag_test_and_set_explicit(atomic_flag *object,
>  *memory_order);
>  *
> - * Atomically sets '*object', respsecting the given memory order (or
> + * Atomically sets '*object', respecting the given memory order (or
>  * memory_order_seq_cst for atomic_flag_test_and_set()).  Returns the
>  * previous value of the flag (false for clear, true for set).
>  *

Always happy to jump in and review the tough ones.

Acked-by: Justin Pettit 

--Justin


___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [patch v2 1/9] dp-packet: Add const qualifiers for checksum apis.

[Darrell Ball]

Signed-off-by: Darrell Ball 
---
 lib/dp-packet.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/dp-packet.h b/lib/dp-packet.h
index b4b721c..61d4cd4 100644
--- a/lib/dp-packet.h
+++ b/lib/dp-packet.h
@@ -637,7 +637,7 @@ dp_packet_mbuf_init(struct dp_packet *p OVS_UNUSED)
 }
 
 static inline bool
-dp_packet_ip_checksum_valid(struct dp_packet *p OVS_UNUSED)
+dp_packet_ip_checksum_valid(const struct dp_packet *p OVS_UNUSED)
 {
 #ifdef DPDK_NETDEV
 return (p->mbuf.ol_flags & PKT_RX_IP_CKSUM_MASK) ==
@@ -648,7 +648,7 @@ dp_packet_ip_checksum_valid(struct dp_packet *p OVS_UNUSED)
 }
 
 static inline bool
-dp_packet_ip_checksum_bad(struct dp_packet *p OVS_UNUSED)
+dp_packet_ip_checksum_bad(const struct dp_packet *p OVS_UNUSED)
 {
 #ifdef DPDK_NETDEV
 return (p->mbuf.ol_flags & PKT_RX_IP_CKSUM_MASK) ==
-- 
1.9.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [patch v2 0/9] Userspace datapath: Add fragmentation support.

[Darrell Ball]

Fragmentation support for userspace datapath conntrack is added;
see patches for additional details.

v1->v2: Few fixes, improvements and cleanups.

Darrell Ball (9):
  dp-packet: Add const qualifiers for checksum apis.
  Userspace datapath: Add v4 fragmentation handling.
  conntrack: Support v4 fragmentation.
  ipf: Add command to enable fragmentation handling.
  ipf: Add set minimum fragment size command.
  ipf: Add set maximum fragments supported command.
  ipf: Add command to get fragmentation handling status.
  tests: Add missed local stack check.
  tests: Enable v4 fragmentation for userspace datapath.

 NEWS |  11 +-
 lib/automake.mk  |   2 +
 lib/conntrack.c  |   6 +
 lib/ct-dpif.c|  39 ++
 lib/ct-dpif.h|   7 +
 lib/dp-packet.h  |   4 +-
 lib/dpctl.c  | 134 ++
 lib/dpctl.man|  29 ++
 lib/dpif-netdev.c|  47 ++
 lib/dpif-netlink.c   |   4 +
 lib/dpif-provider.h  |  11 +
 lib/ipf.c| 904 +++
 lib/ipf.h|  65 +++
 tests/system-kmod-macros.at  |  14 +-
 tests/system-traffic.at  |  28 +-
 tests/system-userspace-macros.at |  36 +-
 16 files changed, 1321 insertions(+), 20 deletions(-)
 create mode 100644 lib/ipf.c
 create mode 100644 lib/ipf.h

-- 
1.9.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [patch v2 6/9] ipf: Add set maximum fragments supported command.

[Darrell Ball]

A new command "ovs-appctl dpctl/ipf-set-maxfrags" is added
for userspace datapath conntrack fragmentation support.

Signed-off-by: Darrell Ball 
---
 NEWS|  2 ++
 lib/ct-dpif.c   |  8 
 lib/ct-dpif.h   |  1 +
 lib/dpctl.c | 31 +++
 lib/dpctl.man   |  8 
 lib/dpif-netdev.c   |  8 
 lib/dpif-netlink.c  |  1 +
 lib/dpif-provider.h |  2 ++
 lib/ipf.c   | 10 ++
 lib/ipf.h   |  3 +++
 10 files changed, 74 insertions(+)

diff --git a/NEWS b/NEWS
index 9b2d38b..0d37f8a 100644
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,8 @@ Post-v2.9.0
conntrack fragmentation support.
  * New "ovs-appctl dpctl/ipf-set-minfragment" command for userspace
datapath conntrack fragmentation support.
+ * New "ovs-appctl dpctl/ipf-set-maxfrags" command for userspace datapath
+   conntrack fragmentation support.
 
 v2.9.0 - xx xxx 
 
diff --git a/lib/ct-dpif.c b/lib/ct-dpif.c
index ecc8281..b3f9183 100644
--- a/lib/ct-dpif.c
+++ b/lib/ct-dpif.c
@@ -180,6 +180,14 @@ ct_dpif_ipf_set_min_frag(struct dpif *dpif, uint32_t 
min_frag)
 : EOPNOTSUPP);
 }
 
+int
+ct_dpif_ipf_set_nfrag_max(struct dpif *dpif, uint32_t max_frags)
+{
+return (dpif->dpif_class->ipf_set_nfrag_max
+? dpif->dpif_class->ipf_set_nfrag_max(dpif, max_frags)
+: EOPNOTSUPP);
+}
+
 void
 ct_dpif_entry_uninit(struct ct_dpif_entry *entry)
 {
diff --git a/lib/ct-dpif.h b/lib/ct-dpif.h
index 2844306..a2a82fe 100644
--- a/lib/ct-dpif.h
+++ b/lib/ct-dpif.h
@@ -202,6 +202,7 @@ int ct_dpif_get_maxconns(struct dpif *dpif, uint32_t 
*maxconns);
 int ct_dpif_get_nconns(struct dpif *dpif, uint32_t *nconns);
 int ct_dpif_ipf_change_enabled(struct dpif *, bool);
 int ct_dpif_ipf_set_min_frag(struct dpif *, uint32_t);
+int ct_dpif_ipf_set_nfrag_max(struct dpif *, uint32_t);
 void ct_dpif_entry_uninit(struct ct_dpif_entry *);
 void ct_dpif_format_entry(const struct ct_dpif_entry *, struct ds *,
   bool verbose, bool print_stats);
diff --git a/lib/dpctl.c b/lib/dpctl.c
index 98b1185..0b2a5fc 100644
--- a/lib/dpctl.c
+++ b/lib/dpctl.c
@@ -1804,6 +1804,35 @@ dpctl_ct_ipf_set_min_frag(int argc, const char *argv[],
 return error;
 }
 
+static int
+dpctl_ct_ipf_set_nfrag_max(int argc, const char *argv[],
+   struct dpctl_params *dpctl_p)
+{
+struct dpif *dpif;
+int error = dpctl_ct_open_dp(argc, argv, dpctl_p, , 3);
+if (!error) {
+uint32_t nfrags_max;
+if (ovs_scan(argv[argc - 1], "%"SCNu32, _max)) {
+error = ct_dpif_ipf_set_nfrag_max(dpif, nfrags_max);
+
+if (!error) {
+dpctl_print(dpctl_p,
+"setting maximum fragments successful");
+} else {
+dpctl_error(dpctl_p, error,
+"setting maximum fragments failed");
+}
+} else {
+error = EINVAL;
+dpctl_error(dpctl_p, error,
+"parameter missing for maximum fragments");
+}
+dpif_close(dpif);
+}
+
+return error;
+}
+
 /* Undocumented commands for unit testing. */
 
 static int
@@ -2107,6 +2136,8 @@ static const struct dpctl_command all_commands[] = {
dpctl_ct_ipf_change_enabled, DP_RW },
 { "ipf-set-minfragment", "[dp] minfragment", 1, 2,
dpctl_ct_ipf_set_min_frag, DP_RW },
+{ "ipf-set-maxfrags", "[dp] maxfrags", 1, 2,
+   dpctl_ct_ipf_set_nfrag_max, DP_RW },
 { "help", "", 0, INT_MAX, dpctl_help, DP_RO },
 { "list-commands", "", 0, INT_MAX, dpctl_list_commands, DP_RO },
 
diff --git a/lib/dpctl.man b/lib/dpctl.man
index cffb53c..bce341a 100644
--- a/lib/dpctl.man
+++ b/lib/dpctl.man
@@ -284,3 +284,11 @@ first and other fragments, do it after conntrack.
 Sets the minimum fragment size supported by the userspace datapath
 connection tracker.  The default value is 1200 and the clamped
 minimum is 400.
+.
+.TP
+\*(DX\fBipf\-set\-maxfrags\fR [\fIdp\fR] \fBparam\fR
+Sets the maximum number of fragments tracked by the userspace datapath
+connection tracker.  The default value is 1000 and the clamped maximum
+is 5000.  Note that packet buffers can be held by the fragmentation
+module while fragments are incomplete, but will timeout after 15 seconds.
+Memory pool sizing should be set accordingly when fragmentation is enabled.
diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c
index 52562fc..8635208 100644
--- a/lib/dpif-netdev.c
+++ b/lib/dpif-netdev.c
@@ -5885,6 +5885,13 @@ dpif_netdev_ipf_set_min_frag(struct dpif *dpif 
OVS_UNUSED,
 return ipf_set_min_frag(min_frag);
 }
 
+static int
+dpif_netdev_ipf_set_nfrag_max(struct dpif *dpif OVS_UNUSED,
+  uint32_t max_frags)
+{
+return ipf_set_nfrag_max(max_frags);
+}
+
 const struct dpif_class dpif_netdev_class = {
 "netdev",
 dpif_netdev_init,
@@ 

[ovs-dev] [patch v2 7/9] ipf: Add command to get fragmentation handling status.

[Darrell Ball]

A new command "ovs-appctl dpctl/ipf-get-status" is added
for userspace datapath conntrack fragmentation support.
The command shows the configuration status as well as
fragment counters.

Signed-off-by: Darrell Ball 
---
 NEWS|  2 ++
 lib/ct-dpif.c   | 15 +++
 lib/ct-dpif.h   |  4 
 lib/dpctl.c | 41 +
 lib/dpctl.man   |  5 +
 lib/dpif-netdev.c   | 23 +++
 lib/dpif-netlink.c  |  1 +
 lib/dpif-provider.h |  5 +
 lib/ipf.c   | 15 +++
 lib/ipf.h   |  3 +++
 10 files changed, 114 insertions(+)

diff --git a/NEWS b/NEWS
index 0d37f8a..635f37f 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,8 @@ Post-v2.9.0
datapath conntrack fragmentation support.
  * New "ovs-appctl dpctl/ipf-set-maxfrags" command for userspace datapath
conntrack fragmentation support.
+ * New "ovs-appctl dpctl/ipf-get-status" command for userspace datapath
+   conntrack fragmentation support.
 
 v2.9.0 - xx xxx 
 
diff --git a/lib/ct-dpif.c b/lib/ct-dpif.c
index b3f9183..91d56ab 100644
--- a/lib/ct-dpif.c
+++ b/lib/ct-dpif.c
@@ -188,6 +188,21 @@ ct_dpif_ipf_set_nfrag_max(struct dpif *dpif, uint32_t 
max_frags)
 : EOPNOTSUPP);
 }
 
+int ct_dpif_ipf_get_status(struct dpif *dpif, bool *ipf_enabled,
+unsigned int *min_frag_size, unsigned int *nfrag_max,
+unsigned int *nfrag, unsigned int *nfrag_accepted,
+unsigned int *nfrag_completed_sent,
+unsigned int *nfrag_expired_sent, unsigned int *nfrag_too_small,
+unsigned int *n_overlap_frag)
+{
+return (dpif->dpif_class->ipf_get_status
+? dpif->dpif_class->ipf_get_status(dpif, ipf_enabled,
+min_frag_size, nfrag_max, nfrag, nfrag_accepted,
+nfrag_completed_sent, nfrag_expired_sent, nfrag_too_small,
+n_overlap_frag)
+: EOPNOTSUPP);
+}
+
 void
 ct_dpif_entry_uninit(struct ct_dpif_entry *entry)
 {
diff --git a/lib/ct-dpif.h b/lib/ct-dpif.h
index a2a82fe..70778a7 100644
--- a/lib/ct-dpif.h
+++ b/lib/ct-dpif.h
@@ -203,6 +203,10 @@ int ct_dpif_get_nconns(struct dpif *dpif, uint32_t 
*nconns);
 int ct_dpif_ipf_change_enabled(struct dpif *, bool);
 int ct_dpif_ipf_set_min_frag(struct dpif *, uint32_t);
 int ct_dpif_ipf_set_nfrag_max(struct dpif *, uint32_t);
+int ct_dpif_ipf_get_status(struct dpif *dpif, bool *, unsigned int *,
+   unsigned int *, unsigned int *, unsigned int *,
+   unsigned int *, unsigned int *, unsigned int *,
+   unsigned int *);
 void ct_dpif_entry_uninit(struct ct_dpif_entry *);
 void ct_dpif_format_entry(const struct ct_dpif_entry *, struct ds *,
   bool verbose, bool print_stats);
diff --git a/lib/dpctl.c b/lib/dpctl.c
index 0b2a5fc..bf3bd23 100644
--- a/lib/dpctl.c
+++ b/lib/dpctl.c
@@ -1833,6 +1833,46 @@ dpctl_ct_ipf_set_nfrag_max(int argc, const char *argv[],
 return error;
 }
 
+static int
+dpctl_ct_ipf_get_status(int argc, const char *argv[],
+struct dpctl_params *dpctl_p)
+{
+struct dpif *dpif;
+int error = dpctl_ct_open_dp(argc, argv, dpctl_p, , 2);
+if (!error) {
+bool ipf_enabled;
+unsigned int min_frag_size;
+unsigned int nfrag_max;
+unsigned int nfrag;
+unsigned int nfrag_accepted;
+unsigned int nfrag_completed_sent;
+unsigned int nfrag_expired_sent;
+unsigned int nfrag_too_small;
+unsigned int n_overlap_frag;
+error = ct_dpif_ipf_get_status(dpif, _enabled, _frag_size,
+_max, , _accepted, _completed_sent,
+_expired_sent, _too_small, _overlap_frag);
+
+if (!error) {
+dpctl_print(dpctl_p, "\tenabled: %u\n", ipf_enabled);
+dpctl_print(dpctl_p, "\tmin frag size: %u\n", min_frag_size);
+dpctl_print(dpctl_p, "\tmax num frags: %u\n", nfrag_max);
+dpctl_print(dpctl_p, "\tnum frag: %u\n", nfrag);
+dpctl_print(dpctl_p, "\tfrags accepted: %u\n", nfrag_accepted);
+dpctl_print(dpctl_p, "\tfrags completed: %u\n",
+nfrag_completed_sent);
+dpctl_print(dpctl_p, "\tfrags expired: %u\n", nfrag_expired_sent);
+dpctl_print(dpctl_p, "\tfrags too small: %u\n", nfrag_too_small);
+dpctl_print(dpctl_p, "\tfrags overlapped: %u\n", n_overlap_frag);
+} else {
+dpctl_error(dpctl_p, error, "ipf status could not be retrieved");
+}
+dpif_close(dpif);
+}
+
+return error;
+}
+
 /* Undocumented commands for unit testing. */
 
 static int
@@ -2138,6 +2178,7 @@ static const struct dpctl_command all_commands[] = {
dpctl_ct_ipf_set_min_frag, DP_RW },
 { "ipf-set-maxfrags", "[dp] maxfrags", 1, 2,
dpctl_ct_ipf_set_nfrag_max, DP_RW },
+{ "ipf-get-status", "[dp]", 0, 1, 

[ovs-dev] [patch v2 4/9] ipf: Add command to enable fragmentation handling.

[Darrell Ball]

A new command "ovs-appctl dpctl/ipf-set-enabled" is added to
enable/disable userspace datapath conntrack fragmentation support.

Signed-off-by: Darrell Ball 
---
 NEWS|  2 ++
 lib/ct-dpif.c   |  8 
 lib/ct-dpif.h   |  1 +
 lib/dpctl.c | 31 +++
 lib/dpctl.man   | 10 ++
 lib/dpif-netdev.c   |  8 
 lib/dpif-netlink.c  |  1 +
 lib/dpif-provider.h |  2 ++
 lib/ipf.c   | 10 ++
 lib/ipf.h   |  3 +++
 10 files changed, 76 insertions(+)

diff --git a/NEWS b/NEWS
index 137c511..c6bc75c 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,8 @@ Post-v2.9.0
 
- Userspace datapath:
  * Add v4 fragmentation support for conntrack.
+ * New "ovs-appctl dpctl/ipf-set-enabled" command for userspace datapath
+   conntrack fragmentation support.
 
 v2.9.0 - xx xxx 
 
diff --git a/lib/ct-dpif.c b/lib/ct-dpif.c
index 5fa3a97..f8fc632 100644
--- a/lib/ct-dpif.c
+++ b/lib/ct-dpif.c
@@ -164,6 +164,14 @@ ct_dpif_get_nconns(struct dpif *dpif, uint32_t *nconns)
 : EOPNOTSUPP);
 }
 
+int
+ct_dpif_ipf_change_enabled(struct dpif *dpif, bool enable)
+{
+return (dpif->dpif_class->ipf_change_enabled
+? dpif->dpif_class->ipf_change_enabled(dpif, enable)
+: EOPNOTSUPP);
+}
+
 void
 ct_dpif_entry_uninit(struct ct_dpif_entry *entry)
 {
diff --git a/lib/ct-dpif.h b/lib/ct-dpif.h
index 09e7698..0737ad7 100644
--- a/lib/ct-dpif.h
+++ b/lib/ct-dpif.h
@@ -200,6 +200,7 @@ int ct_dpif_flush(struct dpif *, const uint16_t *zone,
 int ct_dpif_set_maxconns(struct dpif *dpif, uint32_t maxconns);
 int ct_dpif_get_maxconns(struct dpif *dpif, uint32_t *maxconns);
 int ct_dpif_get_nconns(struct dpif *dpif, uint32_t *nconns);
+int ct_dpif_ipf_change_enabled(struct dpif *, bool);
 void ct_dpif_entry_uninit(struct ct_dpif_entry *);
 void ct_dpif_format_entry(const struct ct_dpif_entry *, struct ds *,
   bool verbose, bool print_stats);
diff --git a/lib/dpctl.c b/lib/dpctl.c
index 87f0412..e0a2eee 100644
--- a/lib/dpctl.c
+++ b/lib/dpctl.c
@@ -1746,6 +1746,35 @@ dpctl_ct_get_nconns(int argc, const char *argv[],
 return error;
 }
 
+static int
+dpctl_ct_ipf_change_enabled(int argc, const char *argv[],
+struct dpctl_params *dpctl_p)
+{
+struct dpif *dpif;
+int error = dpctl_ct_open_dp(argc, argv, dpctl_p, , 3);
+if (!error) {
+uint32_t enabled;
+if (ovs_scan(argv[argc - 1], "%"SCNu32, )) {
+error = ct_dpif_ipf_change_enabled(dpif, enabled);
+
+if (!error) {
+dpctl_print(dpctl_p,
+"changing fragmentation enabled successful");
+} else {
+dpctl_error(dpctl_p, error,
+"changing fragmentation enabled failed");
+}
+} else {
+error = EINVAL;
+dpctl_error(dpctl_p, error,
+"parameter missing: 0 for disabled or 1 for enabled");
+}
+dpif_close(dpif);
+}
+
+return error;
+}
+
 /* Undocumented commands for unit testing. */
 
 static int
@@ -2045,6 +2074,8 @@ static const struct dpctl_command all_commands[] = {
 { "ct-set-maxconns", "[dp] maxconns", 1, 2, dpctl_ct_set_maxconns, DP_RW },
 { "ct-get-maxconns", "[dp]", 0, 1, dpctl_ct_get_maxconns, DP_RO },
 { "ct-get-nconns", "[dp]", 0, 1, dpctl_ct_get_nconns, DP_RO },
+{ "ipf-set-enabled", "[dp] enabled", 1, 2,
+   dpctl_ct_ipf_change_enabled, DP_RW },
 { "help", "", 0, INT_MAX, dpctl_help, DP_RO },
 { "list-commands", "", 0, INT_MAX, dpctl_list_commands, DP_RO },
 
diff --git a/lib/dpctl.man b/lib/dpctl.man
index 9e9d2dc..14f0e9d 100644
--- a/lib/dpctl.man
+++ b/lib/dpctl.man
@@ -268,3 +268,13 @@ Only supported for userspace datapath.
 \*(DX\fBct\-get\-nconns\fR [\fIdp\fR]
 Read the current number of connection tracker connections.
 Only supported for userspace datapath.
+.
+.TP
+\*(DX\fBipf\-set\-enabled\fR [\fIdp\fR] \fBparam\fR
+Enables or disables fragmentation handling for the userspace datapath
+connection tracker.  Disabled by default.  When fragmentation
+handling is enabled, the rules for handling fragments before entering
+conntrack should not differentiate first and other fragments.
+Although, this would logically happen naturally anyways, it is
+mentioned for clarity.  If there is a need to differentiate between
+first and other fragments, do it after conntrack.
diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c
index ba62128..68b5d52 100644
--- a/lib/dpif-netdev.c
+++ b/lib/dpif-netdev.c
@@ -47,6 +47,7 @@
 #include "flow.h"
 #include "hmapx.h"
 #include "id-pool.h"
+#include "ipf.h"
 #include "latch.h"
 #include "netdev.h"
 #include "netdev-vport.h"
@@ -5871,6 +5872,12 @@ dpif_netdev_ct_get_nconns(struct dpif *dpif, uint32_t 
*nconns)
 return conntrack_get_nconns(>conntrack, 

[ovs-dev] [patch v2 5/9] ipf: Add set minimum fragment size command.

[Darrell Ball]

A new command "ovs-appctl dpctl/ipf-set-minfragment" is added
for userspace datapath conntrack fragmentation support.

Signed-off-by: Darrell Ball 
---
 NEWS|  2 ++
 lib/ct-dpif.c   |  8 
 lib/ct-dpif.h   |  1 +
 lib/dpctl.c | 31 +++
 lib/dpctl.man   |  6 ++
 lib/dpif-netdev.c   |  8 
 lib/dpif-netlink.c  |  1 +
 lib/dpif-provider.h |  2 ++
 lib/ipf.c   | 14 ++
 lib/ipf.h   |  3 +++
 10 files changed, 76 insertions(+)

diff --git a/NEWS b/NEWS
index c6bc75c..9b2d38b 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,8 @@ Post-v2.9.0
  * Add v4 fragmentation support for conntrack.
  * New "ovs-appctl dpctl/ipf-set-enabled" command for userspace datapath
conntrack fragmentation support.
+ * New "ovs-appctl dpctl/ipf-set-minfragment" command for userspace
+   datapath conntrack fragmentation support.
 
 v2.9.0 - xx xxx 
 
diff --git a/lib/ct-dpif.c b/lib/ct-dpif.c
index f8fc632..ecc8281 100644
--- a/lib/ct-dpif.c
+++ b/lib/ct-dpif.c
@@ -172,6 +172,14 @@ ct_dpif_ipf_change_enabled(struct dpif *dpif, bool enable)
 : EOPNOTSUPP);
 }
 
+int
+ct_dpif_ipf_set_min_frag(struct dpif *dpif, uint32_t min_frag)
+{
+return (dpif->dpif_class->ipf_set_min_frag
+? dpif->dpif_class->ipf_set_min_frag(dpif, min_frag)
+: EOPNOTSUPP);
+}
+
 void
 ct_dpif_entry_uninit(struct ct_dpif_entry *entry)
 {
diff --git a/lib/ct-dpif.h b/lib/ct-dpif.h
index 0737ad7..2844306 100644
--- a/lib/ct-dpif.h
+++ b/lib/ct-dpif.h
@@ -201,6 +201,7 @@ int ct_dpif_set_maxconns(struct dpif *dpif, uint32_t 
maxconns);
 int ct_dpif_get_maxconns(struct dpif *dpif, uint32_t *maxconns);
 int ct_dpif_get_nconns(struct dpif *dpif, uint32_t *nconns);
 int ct_dpif_ipf_change_enabled(struct dpif *, bool);
+int ct_dpif_ipf_set_min_frag(struct dpif *, uint32_t);
 void ct_dpif_entry_uninit(struct ct_dpif_entry *);
 void ct_dpif_format_entry(const struct ct_dpif_entry *, struct ds *,
   bool verbose, bool print_stats);
diff --git a/lib/dpctl.c b/lib/dpctl.c
index e0a2eee..98b1185 100644
--- a/lib/dpctl.c
+++ b/lib/dpctl.c
@@ -1775,6 +1775,35 @@ dpctl_ct_ipf_change_enabled(int argc, const char *argv[],
 return error;
 }
 
+static int
+dpctl_ct_ipf_set_min_frag(int argc, const char *argv[],
+  struct dpctl_params *dpctl_p)
+{
+struct dpif *dpif;
+int error = dpctl_ct_open_dp(argc, argv, dpctl_p, , 3);
+if (!error) {
+uint32_t min_fragment;
+if (ovs_scan(argv[argc - 1], "%"SCNu32, _fragment)) {
+error = ct_dpif_ipf_set_min_frag(dpif, min_fragment);
+
+if (!error) {
+dpctl_print(dpctl_p,
+"setting minimum fragment size successful");
+} else {
+dpctl_error(dpctl_p, error,
+"setting minimum fragment size failed");
+}
+} else {
+error = EINVAL;
+dpctl_error(dpctl_p, error,
+"parameter missing for minimum fragment size");
+}
+dpif_close(dpif);
+}
+
+return error;
+}
+
 /* Undocumented commands for unit testing. */
 
 static int
@@ -2076,6 +2105,8 @@ static const struct dpctl_command all_commands[] = {
 { "ct-get-nconns", "[dp]", 0, 1, dpctl_ct_get_nconns, DP_RO },
 { "ipf-set-enabled", "[dp] enabled", 1, 2,
dpctl_ct_ipf_change_enabled, DP_RW },
+{ "ipf-set-minfragment", "[dp] minfragment", 1, 2,
+   dpctl_ct_ipf_set_min_frag, DP_RW },
 { "help", "", 0, INT_MAX, dpctl_help, DP_RO },
 { "list-commands", "", 0, INT_MAX, dpctl_list_commands, DP_RO },
 
diff --git a/lib/dpctl.man b/lib/dpctl.man
index 14f0e9d..cffb53c 100644
--- a/lib/dpctl.man
+++ b/lib/dpctl.man
@@ -278,3 +278,9 @@ conntrack should not differentiate first and other 
fragments.
 Although, this would logically happen naturally anyways, it is
 mentioned for clarity.  If there is a need to differentiate between
 first and other fragments, do it after conntrack.
+.
+.TP
+\*(DX\fBipf\-set\-minfragment\fR [\fIdp\fR] \fBparam\fR
+Sets the minimum fragment size supported by the userspace datapath
+connection tracker.  The default value is 1200 and the clamped
+minimum is 400.
diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c
index 68b5d52..52562fc 100644
--- a/lib/dpif-netdev.c
+++ b/lib/dpif-netdev.c
@@ -5878,6 +5878,13 @@ dpif_netdev_ipf_change_enabled(struct dpif *dpif 
OVS_UNUSED, bool enable)
 return ipf_change_enabled(enable);
 }
 
+static int
+dpif_netdev_ipf_set_min_frag(struct dpif *dpif OVS_UNUSED,
+ uint32_t min_frag)
+{
+return ipf_set_min_frag(min_frag);
+}
+
 const struct dpif_class dpif_netdev_class = {
 "netdev",
 dpif_netdev_init,
@@ -5927,6 +5934,7 @@ const struct dpif_class dpif_netdev_class = {
 dpif_netdev_ct_get_maxconns,

[ovs-dev] [patch v2 2/9] Userspace datapath: Add v4 fragmentation handling.

[Darrell Ball]

Fragmentation handling is added for supporting conntrack.
Presently, only v4 is supported, with v6 coming soon.
Fragmentation handling is disabled by default and enabled
via a user command implemented in a subsequent patch.

Signed-off-by: Darrell Ball 
---
 lib/automake.mk |   2 +
 lib/ipf.c   | 855 
 lib/ipf.h   |  53 
 3 files changed, 910 insertions(+)
 create mode 100644 lib/ipf.c
 create mode 100644 lib/ipf.h

diff --git a/lib/automake.mk b/lib/automake.mk
index 159319f..6ca6a1e 100644
--- a/lib/automake.mk
+++ b/lib/automake.mk
@@ -107,6 +107,8 @@ lib_libopenvswitch_la_SOURCES = \
lib/hmapx.h \
lib/id-pool.c \
lib/id-pool.h \
+   lib/ipf.c \
+   lib/ipf.h \
lib/jhash.c \
lib/jhash.h \
lib/json.c \
diff --git a/lib/ipf.c b/lib/ipf.c
new file mode 100644
index 000..c168a08
--- /dev/null
+++ b/lib/ipf.c
@@ -0,0 +1,855 @@
+/*
+ * Copyright (c) 2018 Nicira, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include "csum.h"
+#include "ipf.h"
+#include "openvswitch/hmap.h"
+#include "openvswitch/vlog.h"
+#include "ovs-atomic.h"
+#include "util.h"
+
+VLOG_DEFINE_THIS_MODULE(ipf);
+
+#define IPV4_PACKET_MAX_SIZE 65535
+#define FRAG_SIZE_MIN_DEF 1200
+#define FRAG_SIZE_LOWER_BOUND 400
+#define NFRAG_UPPER_BOUND 5000
+
+static int max_frag_list_size;
+
+enum ipf_list_state {
+IPF_LIST_STATE_UNUSED,
+IPF_LIST_STATE_OTHER_SEEN,
+IPF_LIST_STATE_FIRST_SEEN,
+IPF_LIST_STATE_LAST_SEEN,
+IPF_LIST_STATE_FIRST_LAST_SEEN,
+IPF_LIST_STATE_COMPLETED,
+};
+
+enum ipf_list_type {
+IPF_FRAG_COMPLETED_LIST,
+IPF_FRAG_EXPIRY_LIST,
+};
+
+enum {
+IPF_INVALID_IDX = -1,
+};
+
+enum {
+IPF_MAX_FRAGS_DEFAULT = 1000,
+};
+
+struct ipf_addr {
+union {
+ovs_16aligned_be32 ipv4;
+union ovs_16aligned_in6_addr ipv6;
+ovs_be32 ipv4_aligned;
+struct in6_addr ipv6_aligned;
+};
+};
+
+struct ipf_frag {
+struct dp_packet *pkt;
+uint16_t start_data_byte;
+uint16_t end_data_byte;
+};
+
+struct ipf_list_key {
+struct ipf_addr src_addr;
+struct ipf_addr dst_addr;
+uint32_t recirc_id;
+ovs_be16 dl_type;
+ovs_be16 ip_id;   /* V6 is 32 bits. */
+uint16_t zone;
+uint8_t nw_proto;
+};
+
+struct ipf_list {
+struct hmap_node node;
+struct ovs_list exp_node;
+struct ovs_list complete_node;
+struct ipf_frag *frag_list;
+struct ipf_list_key key;
+struct dp_packet *reass_execute_ctx;
+long long expiration;
+int last_sent_idx;
+int last_inuse_idx;
+uint8_t state;
+};
+
+struct reassembled_pkt {
+struct ovs_list rp_list_node;
+struct dp_packet *pkt;
+struct ipf_list *list;
+};
+
+struct OVS_LOCKABLE ipf_lock {
+struct ovs_mutex lock;
+};
+
+static struct hmap frag_lists OVS_GUARDED;
+static struct ovs_list frag_exp_list OVS_GUARDED;
+static struct ovs_list frag_complete_list OVS_GUARDED;
+static struct ovs_list reassembled_pkt_list OVS_GUARDED;
+
+static atomic_bool ifp_enabled;
+static atomic_uint nfrag_max;
+/* Will be clamped above 400 bytes; the value chosen should handle
+ * alg control packets of interest that use text encoding of mutable
+ * IP fields; meaning they should not be fragmented. */
+static atomic_uint min_frag_size;
+
+static atomic_count nfrag;
+static atomic_count nfrag_accepted;
+static atomic_count nfrag_completed_sent;
+static atomic_count nfrag_expired_sent;
+static atomic_count nfrag_too_small;
+static atomic_count n_overlap_frag;
+
+static struct ipf_lock ipf_lock;
+
+static void ipf_lock_init(struct ipf_lock *lock)
+{
+ovs_mutex_init_adaptive(>lock);
+}
+
+static void ipf_lock_lock(struct ipf_lock *lock)
+OVS_ACQUIRES(lock)
+OVS_NO_THREAD_SAFETY_ANALYSIS
+{
+ovs_mutex_lock(>lock);
+}
+
+static void ipf_lock_unlock(struct ipf_lock *lock)
+OVS_RELEASES(lock)
+OVS_NO_THREAD_SAFETY_ANALYSIS
+{
+ovs_mutex_unlock(>lock);
+}
+
+static void ipf_lock_destroy(struct ipf_lock *lock)
+{
+ovs_mutex_destroy(>lock);
+}
+
+static bool
+ipf_get_enabled(void)
+{
+bool ifp_enabled_;
+atomic_read_relaxed(_enabled, _enabled_);
+return ifp_enabled_;
+}
+
+static uint32_t
+ipf_addr_hash_add(uint32_t hash, const struct ipf_addr *addr)
+{
+BUILD_ASSERT_DECL(sizeof *addr % 4 == 0);
+

[ovs-dev] [patch v2 3/9] conntrack: Support v4 fragmentation.

[Darrell Ball]

The conntrack module now calls fragmentation support apis.

Signed-off-by: Darrell Ball 
---
 NEWS| 3 ++-
 lib/conntrack.c | 6 ++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index d7d585b..137c511 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,7 @@
 Post-v2.9.0
 
-
+   - Userspace datapath:
+ * Add v4 fragmentation support for conntrack.
 
 v2.9.0 - xx xxx 
 
diff --git a/lib/conntrack.c b/lib/conntrack.c
index 562e767..427d9bf 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -30,6 +30,7 @@
 #include "ct-dpif.h"
 #include "dp-packet.h"
 #include "flow.h"
+#include "ipf.h"
 #include "netdev.h"
 #include "odp-netlink.h"
 #include "openvswitch/hmap.h"
@@ -340,6 +341,7 @@ conntrack_init(struct conntrack *ct)
 atomic_init(>n_conn_limit, DEFAULT_N_CONN_LIMIT);
 latch_init(>clean_thread_exit);
 ct->clean_thread = ovs_thread_create("ct_clean", clean_thread_main, ct);
+ipf_init();
 }
 
 /* Destroys the connection tracker 'ct' and frees all the allocated memory. */
@@ -382,6 +384,7 @@ conntrack_destroy(struct conntrack *ct)
 hindex_destroy(>alg_expectation_refs);
 ct_rwlock_unlock(>resources_lock);
 ct_rwlock_destroy(>resources_lock);
+ipf_destroy();
 }
 
 static unsigned hash_to_bucket(uint32_t hash)
@@ -1308,6 +1311,7 @@ conntrack_execute(struct conntrack *ct, struct 
dp_packet_batch *pkt_batch,
   const struct nat_action_info_t *nat_action_info,
   long long now)
 {
+ipf_preprocess_conntrack(pkt_batch, now, dl_type, zone, ct->hash_basis);
 
 struct dp_packet *packet;
 struct conn_lookup_ctx ctx;
@@ -1322,6 +1326,8 @@ conntrack_execute(struct conntrack *ct, struct 
dp_packet_batch *pkt_batch,
 setlabel, nat_action_info, tp_src, tp_dst, helper);
 }
 
+ipf_postprocess_conntrack(pkt_batch, now);
+
 return 0;
 }
 
-- 
1.9.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [patch v2 8/9] tests: Add missed local stack check.

[Darrell Ball]

Signed-off-by: Darrell Ball 
---
 tests/system-traffic.at | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/system-traffic.at b/tests/system-traffic.at
index dbd5640..aee7391 100644
--- a/tests/system-traffic.at
+++ b/tests/system-traffic.at
@@ -2093,6 +2093,7 @@ AT_SETUP([conntrack - Fragmentation over vxlan])
 OVS_CHECK_VXLAN()
 CHECK_CONNTRACK()
 CHECK_CONNTRACK_FRAG()
+CHECK_CONNTRACK_LOCAL_STACK()
 
 OVS_TRAFFIC_VSWITCHD_START()
 ADD_BR([br-underlay])
-- 
1.9.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [patch v2 9/9] tests: Enable v4 fragmentation for userspace datapath.

[Darrell Ball]

Signed-off-by: Darrell Ball 
---
 tests/system-kmod-macros.at  | 14 +++---
 tests/system-traffic.at  | 27 +--
 tests/system-userspace-macros.at | 36 
 3 files changed, 60 insertions(+), 17 deletions(-)

diff --git a/tests/system-kmod-macros.at b/tests/system-kmod-macros.at
index 12b0adf..75f3c46 100644
--- a/tests/system-kmod-macros.at
+++ b/tests/system-kmod-macros.at
@@ -76,11 +76,11 @@ m4_define([CHECK_CONNTRACK],
 #
 m4_define([CHECK_CONNTRACK_ALG])
 
-# CHECK_CONNTRACK_FRAG()
+# CHECK_CONNTRACK_FRAG_V6()
 #
-# Perform requirements checks for running conntrack fragmentations tests.
+# Perform requirements checks for running V6 conntrack fragmentations tests.
 # The kernel always supports fragmentation, so no check is needed.
-m4_define([CHECK_CONNTRACK_FRAG])
+m4_define([CHECK_CONNTRACK_FRAG_V6])
 
 # CHECK_CONNTRACK_LOCAL_STACK()
 #
@@ -123,3 +123,11 @@ m4_define([CHECK_CT_DPIF_GET_NCONNS],
 [
 AT_SKIP_IF([:])
 ])
+
+# DPCTL_ENABLE_FRAGMENTATION()
+#
+# The kernel does not support this command.
+m4_define([DPCTL_ENABLE_FRAGMENTATION],
+[
+
+])
diff --git a/tests/system-traffic.at b/tests/system-traffic.at
index aee7391..11bea11 100644
--- a/tests/system-traffic.at
+++ b/tests/system-traffic.at
@@ -1759,7 +1759,6 @@ AT_CLEANUP
 
 AT_SETUP([conntrack - IPv4 fragmentation])
 CHECK_CONNTRACK()
-CHECK_CONNTRACK_FRAG()
 OVS_TRAFFIC_VSWITCHD_START()
 
 ADD_NAMESPACES(at_ns0, at_ns1)
@@ -1778,6 +1777,9 @@ priority=100,in_port=2,ct_state=+trk+est-new,icmp,action=1
 
 AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
 
+dnl Enable userspace conntrack fragmentation handling.
+DPCTL_ENABLE_FRAGMENTATION()
+
 dnl Ipv4 fragmentation connectivity check.
 NS_CHECK_EXEC([at_ns0], [ping -s 1600 -q -c 3 -i 0.3 -w 2 10.1.1.2 | 
FORMAT_PING], [0], [dnl
 3 packets transmitted, 3 received, 0% packet loss, time 0ms
@@ -1793,7 +1795,6 @@ AT_CLEANUP
 
 AT_SETUP([conntrack - IPv4 fragmentation expiry])
 CHECK_CONNTRACK()
-CHECK_CONNTRACK_FRAG()
 OVS_TRAFFIC_VSWITCHD_START()
 
 ADD_NAMESPACES(at_ns0, at_ns1)
@@ -1814,6 +1815,9 @@ priority=100,in_port=2,ct_state=+trk+est-new,icmp,action=1
 
 AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
 
+dnl Enable userspace conntrack fragmentation handling.
+DPCTL_ENABLE_FRAGMENTATION()
+
 dnl Ipv4 fragmentation connectivity check.
 NS_CHECK_EXEC([at_ns0], [ping -s 1600 -q -c 1 -i 0.3 -w 2 10.1.1.2 | 
FORMAT_PING], [0], [dnl
 7 packets transmitted, 0 received, 100% packet loss, time 0ms
@@ -1824,7 +1828,6 @@ AT_CLEANUP
 
 AT_SETUP([conntrack - IPv4 fragmentation + vlan])
 CHECK_CONNTRACK()
-CHECK_CONNTRACK_FRAG()
 OVS_TRAFFIC_VSWITCHD_START()
 
 ADD_NAMESPACES(at_ns0, at_ns1)
@@ -1845,6 +1848,9 @@ priority=100,in_port=2,ct_state=+trk+est-new,icmp,action=1
 
 AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
 
+dnl Enable userspace conntrack fragmentation handling.
+DPCTL_ENABLE_FRAGMENTATION()
+
 dnl Ipv4 fragmentation connectivity check.
 NS_CHECK_EXEC([at_ns0], [ping -s 1600 -q -c 3 -i 0.3 -w 2 10.2.2.2 | 
FORMAT_PING], [0], [dnl
 3 packets transmitted, 3 received, 0% packet loss, time 0ms
@@ -1860,7 +1866,6 @@ AT_CLEANUP
 
 AT_SETUP([conntrack - IPv4 fragmentation + cvlan])
 CHECK_CONNTRACK()
-CHECK_CONNTRACK_FRAG()
 OVS_TRAFFIC_VSWITCHD_START([set Open_vSwitch . other_config:vlan-limit=0])
 OVS_CHECK_8021AD()
 
@@ -1888,6 +1893,9 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
 
 OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.2.2.2])
 
+dnl Enable userspace conntrack fragmentation handling.
+DPCTL_ENABLE_FRAGMENTATION()
+
 dnl Ipv4 fragmentation connectivity check.
 NS_CHECK_EXEC([at_ns0], [ping -s 1600 -q -c 3 -i 0.3 -w 2 10.2.2.2 | 
FORMAT_PING], [0], [dnl
 3 packets transmitted, 3 received, 0% packet loss, time 0ms
@@ -1913,7 +1921,7 @@ AT_CLEANUP
 
 AT_SETUP([conntrack - IPv6 fragmentation])
 CHECK_CONNTRACK()
-CHECK_CONNTRACK_FRAG()
+CHECK_CONNTRACK_FRAG_V6()
 OVS_TRAFFIC_VSWITCHD_START()
 
 ADD_NAMESPACES(at_ns0, at_ns1)
@@ -1953,7 +1961,7 @@ AT_CLEANUP
 
 AT_SETUP([conntrack - IPv6 fragmentation expiry])
 CHECK_CONNTRACK()
-CHECK_CONNTRACK_FRAG()
+CHECK_CONNTRACK_FRAG_V6()
 OVS_TRAFFIC_VSWITCHD_START()
 
 ADD_NAMESPACES(at_ns0, at_ns1)
@@ -1994,7 +2002,7 @@ AT_CLEANUP
 
 AT_SETUP([conntrack - IPv6 fragmentation + vlan])
 CHECK_CONNTRACK()
-CHECK_CONNTRACK_FRAG()
+CHECK_CONNTRACK_FRAG_V6()
 OVS_TRAFFIC_VSWITCHD_START()
 
 ADD_NAMESPACES(at_ns0, at_ns1)
@@ -2037,7 +2045,7 @@ AT_CLEANUP
 
 AT_SETUP([conntrack - IPv6 fragmentation + cvlan])
 CHECK_CONNTRACK()
-CHECK_CONNTRACK_FRAG()
+CHECK_CONNTRACK_FRAG_V6()
 OVS_TRAFFIC_VSWITCHD_START([set Open_vSwitch . other_config:vlan-limit=0])
 OVS_CHECK_8021AD()
 
@@ -2092,7 +2100,6 @@ AT_CLEANUP
 AT_SETUP([conntrack - Fragmentation over vxlan])
 OVS_CHECK_VXLAN()
 CHECK_CONNTRACK()
-CHECK_CONNTRACK_FRAG()
 CHECK_CONNTRACK_LOCAL_STACK()
 
 OVS_TRAFFIC_VSWITCHD_START()
@@ -2145,7 +2152,7 @@ AT_CLEANUP
 

Re: [ovs-dev] [PATCH] ofproto-dpif: Delete system tunnel interface when remove ovs bridge

[Eric Garver]

On Wed, Jan 24, 2018 at 12:48:38PM -0800, Ben Pfaff wrote:
> On Wed, Jan 24, 2018 at 09:31:32AM -0500, Eric Garver wrote:
> > On Tue, Jan 23, 2018 at 07:46:47PM -0800, Ben Pfaff wrote:
> > > On Thu, Oct 26, 2017 at 10:24:46AM -0400, Eric Garver wrote:
> > > > On Wed, Oct 25, 2017 at 11:41:27AM +0800, ju...@redhat.com wrote:
> > > > > When there is only one bridge,create tunnel in the bridge,
> > > > > then delete the bridge directly. the system tunnel interface
> > > > > still in.
> > > > > 
> > > > > Cause of only one bridge, backer->refcount values 1, when
> > > > > delete bridge, "close_dpif_backer" will delete the backer,
> > > > > so type_run will return directly, doesn't delete the interface.
> > > > > This patch delete the system interface before free the backer.
> > > > 
> > > > I'll add a bit more explanation..
> > > > 
> > > > This occurs when a tunnel is created with rtnetlink. With the compat API
> > > > the tunnel is created via the vport tunnel interface, so it can be
> > > > implicitly cleaned up by the kernel when the dp is closed or the module
> > > > unloaded.  But with rtnetlink the kernel module is not involved with the
> > > > tunnel device creation (it's added to OVS as a netdev vport), so
> > > > userspace needs to explicitly clean up the tunnel backers - type_run
> > > > can't garbage collect them if the dpif is already deleted.
> > > 
> > > I guess this has been due to be applied for a long time!  I am sorry
> > > that I missed it.
> > > 
> > > The code looks OK but I don't yet understand the consequences.  What
> > > problem does this patch solve?
> > > 
> > 
> > Bugzilla reference:
> > 
> >   https://bugzilla.redhat.com/show_bug.cgi?id=1505776
> > 
> > IIRC, there is a race between close_dpif_backer() and tnl_backers
> > garbage collection which is done in the "if (backer->need_revalidate)"
> > block of type_run(). Non-tunnel port types are immediately cleaned up by
> > port_del(), but tunnel ports are only cleaned up during dpif
> > revalidation. My theory is that we never noticed it in the compat
> > interface because the openvswitch kernel module implicitly cleans up all
> > the interfaces when the dpif is closed. In the rtnetlink case, the
> > tunnel interfaces are created by OVS process not the openvswitch kernel
> > module, so it doesn't know about them.
> > 
> > I think this may also be closing a tunnel port memory leak that occurs
> > for both compat and rtnetlink when deleting the dpif backer. This occurs
> > since the tunnel ports weren't garbage collected before the dpif backer
> > disappeared.
> > 
> > Sorry if my explanation isn't that good. I'm not all that familiar with
> > this code.
> 
> OK, thanks.
> 
> Is the following a fair description for the commit message?
> 
> When a user adds the first tunnel of a given type (e.g. the
> first VXLAN tunnel) to an OVS bridge, OVS adds a vport of the
> same type to the kernel datapath that backs the bridge.  There
> is the corresponding expectation that, when the last tunnel of
> that type is removed from the OVS bridges, OVS would remove the
> vport that represents it from the backing kernel datapath, but
> OVS was not doing that.  This commit fixes the problem.
> 
> What isn't clear to me is the higher-level consequence of failing to
> delete the kernel datapath vport.  The bugzilla report doesn't say and I
> don't see anything else that does.  Can anyone help me out?  I'm willing

short answer: I don't think there is any major concern about the
lingering tunnel interface.

Longer answer follows:

The rtnetlink create will attempt to reuse a tunnel interface if it
already exists. If that interface has the wrong parameters we attempt to
delete and recreate it. So the lingering kernel interface is a non-issue
for OVS. However, OVS shouldn't leave the interface hanging around if
it's not using it anymore (this is what this patch fixes).

Tunnels created via rtnetlink are attached to the openvswitch kernel
module by NETDEV vports. When the backer is closed those NETDEV vports
are cleaned up by the kernel module. As such, they are disconnected from
OVS so we won't get any wild packets appearing.

> to apply this patch without that information, but having it would allow
> me to better understand the importance of the fix.

Thanks Ben.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [ovs-dev, v3] netdev-dpdk: Configurable Link State Change (LSC) detection mode

[Ilya Maximets]

Not a full review.
Comments inline.

Best regards, Ilya Maximets.

On 24.01.2018 17:35, Róbert Mulik wrote:
> It is possible to change LSC detection mode to polling or interrupt mode
> for DPDK interfaces. The default is polling mode. To set interrupt mode,
> option dpdk-lsc-interrupt has to be set to true.
> 
> In polling mode more processor time is needed, since the OVS repeatedly reads
> the link state with a short period. It can lead to packet loss for certain
> systems.
> 
> In interrupt mode the hardware itself triggers an interrupt when link state
> change happens, so less processing time needs for the OVS. It is not possible
> to enable the interrupt mode on all hardware.
> 
> For detailed description and usage see the dpdk install documentation.
> 
> Signed-off-by: Robert Mulik 
> ---
>  Documentation/intro/install/dpdk.rst | 48 +++
>  lib/netdev-dpdk.c| 49 
> +---
>  lib/netdev-dpdk.h|  2 ++
>  vswitchd/bridge.c|  8 ++
>  vswitchd/vswitch.xml | 45 +
>  5 files changed, 149 insertions(+), 3 deletions(-)
> 
> --
> 1.9.1
> 
> diff --git a/Documentation/intro/install/dpdk.rst 
> b/Documentation/intro/install/dpdk.rst
> index 040e62e..806a7af 100644
> --- a/Documentation/intro/install/dpdk.rst
> +++ b/Documentation/intro/install/dpdk.rst
> @@ -626,6 +626,54 @@ The average number of packets per output batch can be 
> checked in PMD stats::
> 
>  $ ovs-appctl dpif-netdev/pmd-stats-show
> 
> +Link State Change (LSC) detection configuration
> +~~~
> +
> +There are two methods to get the information when Link State Change (LSC)
> +happens on a network interface: by polling or interrupt.
> +
> +With polling method, a process is running in the background and repeatedly
> +reads the link state with a short period. It continuously needs processor 
> time
> +and between 2 reading periods it can`t see the link state change, therefore
> +the reaction time depends on the polling period. With higher rate, more
> +processor time is needed. Another problem with the poll mode is that on some
> +hardware a polling cycle takes too much time, which (in the end) leads to
> +packet loss for certain systems.
> +
> +If interrupts are used to get LSC information, the hardware itself triggers
> +an interrupt when link state change happens, the thread wakes up from sleep,
> +updates the information, and goes back to sleep mode. When no link state
> +change happens (most of the time), the thread remains in sleep mode and
> +doesn`t use processor time at all. The disadvantage of this method is that
> +when interrupt happens, the processor has to handle it immediately, so it
> +puts the currently running process to background, handles the interrupt, and
> +takes the background process back. Another disadvantage is that some hardware
> +can`t be configured to generate LSC interrupts.
> +
> +The default configuration is polling mode. To set interrupt mode, option
> +dpdk-lsc-interrupt has to be set to true.
> +
> +Global settings
> +
> +Command to set interrupt mode for all interfaces:
> +ovs-vsctl set Open_vSwitch . other_config:dpdk-lsc-interrupt=true
> +
> +Command to set polling mode for all interfaces:
> +ovs-vsctl set Open_vSwitch . other_config:dpdk-lsc-interrupt=false
> +or:
> +ovs-vsctl remove Open_vSwitch . other_config dpdk-lsc-interrupt
> +
> +Interface specific settings (override global settings)
> +
> +Command to set interrupt mode for a specific interface:
> +ovs-vsctl set interface  options:dpdk-lsc-interrupt=true
> +
> +Command to set polling mode for a specific interface:
> +ovs-vsctl set interface  options:dpdk-lsc-interrupt=false
> +
> +Command to reset to globally defined mode for a specific interface:
> +ovs-vsctl remove interface  options dpdk-lsc-interrupt
> +
>  Limitations
>  
> 
> diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c
> index ac2e38e..6643ea9 100644
> --- a/lib/netdev-dpdk.c
> +++ b/lib/netdev-dpdk.c
> @@ -148,7 +148,7 @@ typedef uint16_t dpdk_port_t;
>  #define VHOST_ENQ_RETRY_NUM 8
>  #define IF_NAME_SZ (PATH_MAX > IFNAMSIZ ? PATH_MAX : IFNAMSIZ)
> 
> -static const struct rte_eth_conf port_conf = {
> +static struct rte_eth_conf port_conf = {
>  .rxmode = {
>  .mq_mode = ETH_MQ_RX_RSS,
>  .split_hdr_size = 0,
> @@ -167,6 +167,10 @@ static const struct rte_eth_conf port_conf = {
>  .txmode = {
>  .mq_mode = ETH_MQ_TX_NONE,
>  },
> +.intr_conf = {
> +/* LSC interrupt mode disabled, polling mode used. */
> +.lsc = 0,
> +},
>  };
> 
>  /*
> @@ -433,6 +437,12 @@ struct netdev_dpdk {
>  /* DPDK-ETH hardware offload features,
>   * from the enum set 'dpdk_hw_ol_features' */
>  uint32_t hw_ol_features;
> +
> +/* Properties for link state change 

Re: [ovs-dev] [ovs-dev, v3] netdev-dpdk: Configurable Link State Change (LSC) detection mode

[Róbert Mulik]

Hi Ilya,

Thanks for the review!

For this question:

"Is there a reason why we should be able to configure default value in runtime?
I think that we could make this boot-time option and move all the related code
to lib/dpdk.{c,h} just like for vhost iommu support.
IMHO, user should know if most of his HW NICs supports LSC interrupt mode or not
before starting the OVS."
 
In my previous patch this was the case, but I got the comment from Eelco, that 
it should be runtime. I don't have preference about this. The comment from 
Eelco:

"Any change here is not triggering re-initialization of the devices. I 
know you mention this in the documentation, but it would be nice if it 
would take effect, like the PMD mask changes.
Specially as any change in the device, like rxq's might trigger the 
change for this specific device only."

https://patchwork.ozlabs.org/patch/863493/


And for this question:

"Second thought here: Why we're checking this value before checking the 'err'?"

In the previous patch I used the err for error checking. I can move it down now.

Regards,
Robert

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH v2 0/4] Check size of packets before sending

[Daniel Axtens]

Hi Eric,

> May I ask which tree are you targeting ?
>
> ( Documentation/networking/netdev-FAQ.txt )

I have been targeting net-next, but I haven't pulled for about two
weeks. I will rebase and if there are conflicts I will resend early next
week.

> Anything touching GSO is very risky and should target net-next,
> especially considering 4.15 is released this week end.
>
> Are we really willing to backport this intrusive series in stable
> trees, or do we have a smaller fix for bnx2x ?

I do actually have a smaller fix for bnx2x, although it would need more work:
https://patchwork.ozlabs.org/patch/859410/

It leaves open the possibility of too-large packets causing issues on
other drivers. DaveM wasn't a fan: 
https://patchwork.ozlabs.org/patch/859410/#1839429

Regards,
Daniel
>
> Thanks.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH v2 0/4] Check size of packets before sending

[Eric Dumazet]

On Thu, 2018-01-25 at 15:31 +1100, Daniel Axtens wrote:
> There are a few ways we can send packets that are too large to a
> network driver.
> 
> When non-GSO packets are forwarded, we validate their size, based on
> the MTU of the destination device. However, when GSO packets are
> forwarded, we do not validate their size. We implicitly assume that
> when they are segmented, the resultant packets will be correctly
> sized.
> 
> This is not always the case.
> 
> We observed a case where a packet received on an ibmveth device had a
> GSO size of around 10kB. This was forwarded by Open vSwitch to a bnx2x
> device, where it caused a firmware assert. This is described in detail
> at [0] and was the genesis of this series.
> 
> Rather than fixing this in the driver, this series fixes the
> core path. It does it in 2 steps:
> 
>  1) make is_skb_forwardable check GSO packets - this catches bridges
>  
>  2) make validate_xmit_skb check the size of all packets, so as to
> catch everything else (e.g. macvlan, tc mired, OVS)
> 
> I am a bit nervous about how this series will interact with nested
> VLANs, as the existing code only allows for one VLAN_HLEN. (Previously
> these packets would sail past unchecked.) But I thought it would be
> prudent to get more eyes on this sooner rather than later.
> 
> Thanks,
> Daniel
> 
> v1: https://www.spinics.net/lists/netdev/msg478634.html
> Changes in v2:
> 
>  - improve names, thanks Marcelo Ricardo Leitner
> 
>  - add check to xmit_validate_skb; thanks to everyone who participated
>in the discussion.
> 
>  - drop extra check in Open vSwitch. Bad packets will be caught by
>validate_xmit_skb for now and we can come back and add it later if
>OVS people would like the extra logging.
>
> [0]: https://patchwork.ozlabs.org/patch/859410/
> 
> Cc: Jason Wang 
> Cc: Pravin Shelar 
> Cc: Marcelo Ricardo Leitner 
> Cc: manish.cho...@cavium.com
> Cc: d...@openvswitch.org
> 
> Daniel Axtens (4):
>   net: rename skb_gso_validate_mtu -> skb_gso_validate_network_len
>   net: move skb_gso_mac_seglen to skbuff.h
>   net: is_skb_forwardable: check the size of GSO segments
>   net: check the size of a packet in validate_xmit_skb
> 
>  include/linux/skbuff.h  | 18 -
>  net/core/dev.c  | 24 
>  net/core/skbuff.c   | 66 
> ++---
>  net/ipv4/ip_forward.c   |  2 +-
>  net/ipv4/ip_output.c|  2 +-
>  net/ipv4/netfilter/nf_flow_table_ipv4.c |  2 +-
>  net/ipv6/ip6_output.c   |  2 +-
>  net/ipv6/netfilter/nf_flow_table_ipv6.c |  2 +-
>  net/mpls/af_mpls.c  |  2 +-
>  net/sched/sch_tbf.c | 10 -
>  net/xfrm/xfrm_device.c  |  2 +-
>  11 files changed, 93 insertions(+), 39 deletions(-)
> 

May I ask which tree are you targeting ?

( Documentation/networking/netdev-FAQ.txt )

Anything touching GSO is very risky and should target net-next,
especially considering 4.15 is released this week end.

Are we really willing to backport this intrusive series in stable
trees, or do we have a smaller fix for bnx2x ?

Thanks.

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH v2 0/4] Check size of packets before sending

[Eric Dumazet]

On Fri, 2018-01-26 at 00:44 +1100, Daniel Axtens wrote:
> Hi Eric,
> 
> > May I ask which tree are you targeting ?
> > 
> > ( Documentation/networking/netdev-FAQ.txt )
> 
> I have been targeting net-next, but I haven't pulled for about two
> weeks. I will rebase and if there are conflicts I will resend early next
> week.
> 
> > Anything touching GSO is very risky and should target net-next,
> > especially considering 4.15 is released this week end.
> > 
> > Are we really willing to backport this intrusive series in stable
> > trees, or do we have a smaller fix for bnx2x ?
> 
> I do actually have a smaller fix for bnx2x, although it would need more work:
> https://patchwork.ozlabs.org/patch/859410/
> 
> It leaves open the possibility of too-large packets causing issues on
> other drivers. DaveM wasn't a fan: 
> https://patchwork.ozlabs.org/patch/859410/#1839429

Yes, I know he prefers a generic solution, but I am pragmatic here.
Old kernels are very far from current GSO stack in net-next.

Backporting all the dependencies is going to be very boring/risky.




___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH v5 1/5] dpif-netdev: associate flow with a mark id

[Yuanhan Liu]

On Wed, Jan 24, 2018 at 05:29:45PM +, Stokes, Ian wrote:
> > -Original Message-
> > From: Yuanhan Liu [mailto:y...@fridaylinux.org]
> > Sent: Wednesday, December 20, 2017 2:45 PM
> > To: d...@openvswitch.org
> > Cc: Finn Christensen ; Darrell Ball ;
> > Chandran, Sugesh ; Simon Horman
> > ; Stokes, Ian ; Yuanhan
> > Liu 
> > Subject: [PATCH v5 1/5] dpif-netdev: associate flow with a mark id
> > 
> 
> Hi Yuanhan, thanks for working on this, a few comments on the commit message 
> and the code below to be addressed.

Thanks for the review, I will address all the comments tomorrow, including
rebase and re-test.

--yliu
> 
> > Most modern NICs have the ability to bind a flow with a mark, so that
> > every pkt matches such flow will have that mark present in its desc.
> 
> Can you use 'packet' and 'descriptor' rather than abbreviations pkt & desc 
> above for clarity in the commit message. This can applies to other instances 
> throughput the patch.
> 
> > 
> > The basic idea of doing that is, when we receives pkts later, we could
> > directly get the flow from the mark. That could avoid some very costly CPU
> > operations, including (but not limiting to) miniflow_extract, emc lookup,
> > dpcls lookup, etc. Thus, performance could be greatly improved.
> > 
> > Thus, the mojor work of this patch is to associate a flow with a mark id
> Typo 'major'
> 
> > (an uint32_t number). The association in netdev datapatch is done by CMAP,
> Typo 'datapath'
> 
> > while in hardware it's done by the rte_flow MARK action.
> > 
> > One tricky thing in OVS-DPDK is, the flow tables is per-PMD. For the case
> > there is only one phys port but with 2 queues, there could be 2 PMDs. In
> > another word, even for a single mega flow (i.e. udp,tp_src=1000), there
> I think above should be 'In otherwords' rather than 'another word'.
> 
> > could be 2 different dp_netdev flows, one for each PMD. That could results
> > to the same mega flow being offloaded twice in the hardware, worse, we may
> > get 2 different marks and only the last one will work.
> > 
> > To avoid that, a megaflow_to_mark CMAP is created. An entry will be added
> > for the first PMD wants to offload a flow. For later PMDs, it will see
> 
> Pmd 'that' wants to offload.
> 
> > such megaflow is already offloaded, then the flow will not be offloaded to
> > HW twice.
> > 
> > Meanwhile, the mark to flow mapping becomes to 1:N mapping. That is what
> 
> Is this 1:N or 1:1? I thought I spotted below that it's 1:1.
> 
> > the mark_to_flow CMAP for. For the first PMD wants to offload a flow, it
> 
> mark_to_flow CMAP 'is' for. 'If' the first PMD wants to offload a flow it...
> 
> > allocates a new mark and do the flow offload by reusing the
> 
> And 'performs' the flow offload by
> 
> > ->flow_put method. When it succeeds, a "mark to flow" entry will be
> > added. For later PMDs, it will get the corresponding mark by above
> 
> corresponding mark by 'the'...
> 
> > megaflow_to_mark CMAP. Then, another "mark to flow" entry will be added.
> > 
> > Another thing might worth mentioning is that hte megaflow is created by
> 
> Another point worth mentioning is that 'the'...
> 
> > masking all the bytes from match->flow with match->wc. It works well so
> > far, but I have a feeling that is not the best way.
> > 
> > Co-authored-by: Finn Christensen 
> > Signed-off-by: Yuanhan Liu 
> > Signed-off-by: Finn Christensen 
> > ---
> > 
> > v5: - fixed check of flow_mark_has_no_ref (renamed from
> >   is_last_flow_mark_reference).
> >   This fixed an issue that it took too long to finish
> >   flow add/removal if we do that repeatdly.
> > 
> > - do mark_to_flow disassociation if flow modification failed
> > ---
> >  lib/dpif-netdev.c | 263
> > ++
> >  lib/netdev.h  |   6 ++
> >  2 files changed, 269 insertions(+)
> > 
> > diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c index 55be632..2fdc8dd
> > 100644
> > --- a/lib/dpif-netdev.c
> > +++ b/lib/dpif-netdev.c
> > @@ -77,6 +77,7 @@
> >  #include "tnl-ports.h"
> >  #include "unixctl.h"
> >  #include "util.h"
> > +#include "uuid.h"
> > 
> 
> Just a general comment for this patch,
> 
> There's a lot of work ongoing in the dpif-netdev layer these days, did you 
> think about moving some of the HWOL functionality here to a separate HWOL 
> specific file? As HWOL grows over time I'm just thinking about the code 
> maintainability.
> 
> 
> >  VLOG_DEFINE_THIS_MODULE(dpif_netdev);
> > 
> > @@ -442,7 +443,9 @@ struct dp_netdev_flow {
> >  /* Hash table index by unmasked flow. */
> >  const struct cmap_node node; /* In owning dp_netdev_pmd_thread's */
> 
> Can you clarify the comment above, at first glance it's not clear /* In 
> owning