[ovs-dev] [PATCH ovn 5/7] northd: Expose real inputs through function arguments.

The I-P engine node functions get inputs from the node's input data, and then call the real implementation functions (implemented in northd.c) with a xxx_input wrapper variable, and then in the called functions, it passes the variable further down to other functions, regardless of what fields are

[ovs-dev] [PATCH ovn 7/7] northd: Move the datapaths arrays to ovn_datapaths struct.

In the current code, many functions depends on the global datapaths arrays variables, which is convenient. However, for incremental processing framework to track dependencies properly, we should avoid using global variables and purely depends on engine inputs (and function inputs, for the

[ovs-dev] [PATCH ovn 4/7] northd: Split switch and router datapaths.

Similar to the previous commit that splits switch ports and router ports, this patch splits the two types of datapaths in different hmap tables. This is also mainly to help for future incremental processing implementation. As a byproduct, the recompute performance is improved slightly. (Together

[ovs-dev] [PATCH ovn 3/7] northd: Split switch ports and router ports.

The hmap 'ports' includes both logical switch ports and logical router ports. Although most of the code handles these two different types of port differently, we always have to iterate through the whole hmap, and skip one type of ports in the loop. More importantly, this hides dependency from the

[ovs-dev] [PATCH ovn 6/7] en-northd.c: Remove unused dependencies.

With the help of the previous refactor that exposes inputs explicitly, we could tell that there are many unused dependencies in the current I-P engine nodes. This patch removes the unused ones. Signed-off-by: Han Zhou --- northd/en-northd.c | 2 -- northd/inc-proc-northd.c | 62

[ovs-dev] [PATCH ovn 0/7] Refactor northd to prepare for incremental processing.

The refactor doesn't have any functional changes to the code, but to maintain function dependencies more clearly at a finer grain level. As a byproduct it also improves performance slightly. The refactor touches a big part of northd code, so submit it before the real incremental processing

[ovs-dev] [PATCH ovn 2/7] northd.c: Simplify a code chunk by reusing existing ovn_port_get_peer.

We already have a helper function for the logic, so reuse it. Signed-off-by: Han Zhou --- northd/northd.c | 7 ++- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/northd/northd.c b/northd/northd.c index 1e49301dd5b4..8f90e0ce4e04 100644 --- a/northd/northd.c +++

Re: [ovs-dev] [RFC ovn 0/2] ACL Sampling using per-flow IPFIX

On 3/17/23 20:59, Numan Siddique wrote: On Tue, Oct 18, 2022 at 12:00 PM Adrian Moreno wrote: Based on the introduction of the OVN "sample" action (still WIP) [1], the proposal of this RFC is to use per-flow IPFIX sampling to increase visibility on ACLs. The idea of ACL sampling is very

Re: [ovs-dev] Proposal: Move dceara/ovn-heater to ovn-org/ovn-heater?

Hi everyone, We merged Frode's PRs to add support for multiple distros [0] and to add a logo (based on Ben's OVN logo) and updated copyright [1]. Then, with Numan's help, we moved the repo to ovn-org: https://github.com/ovn-org/ovn-heater We also enabled DCO to enforce checking for the

[ovs-dev] [PATCH] tests/mfex: Rertain support for cryptography pre-v37.

Prior to v37.0.0, CryptographyDeprecationWarning could not be imported from __init__.py resulting in: Traceback (most recent call last): File "mfex_fuzzy.py", line 9, in category=cryptography.CryptographyDeprecationWarning, AttributeError: module 'cryptography' has no attribute

Re: [ovs-dev] [PATCH ovn v2] northd, controller: Commit flows dropped by ACLs to conntrack

> On 18 Mar 2023, at 01:04, Numan Siddique wrote: > > On Mon, Feb 13, 2023 at 11:36 AM Abhiram Sangana > wrote: >> >> This patch adds support to commit connections dropped/rejected by >> ACLs to the connection tracking table. Dropped connections are >> committed to conntrack only if

Re: [ovs-dev] [PATCH] ovsdb: add unixctl cmd to show memory-trim-on-compaction setting

On 3/20/23 13:51, Vladislav Odintsov wrote: > No, my usecase with 2.17 is that I just want to check agains a running > process wether memory compaction is enabled or not without searching specific > line in logs, which in addition can be rotated. OK, but can you just set it without checking? I

Re: [ovs-dev] [PATCH ovn v2 0/3] expr: Optimize OR expressions.

On 3/20/23 23:31, Han Zhou wrote: > > > On Mon, Mar 20, 2023 at 3:37 AM Ilya Maximets > wrote: >> >> This patch set covers removal of expressions which are subsets of other >> wider expressions and aggregation of a few granular expressions into >> wider expressions

Re: [ovs-dev] [PATCH 1/1] tc: translate mirror/stolen to mirred

On 3/15/23 16:18, Marcelo Ricardo Leitner wrote: > On Wed, Mar 15, 2023 at 09:33:09AM +0100, Simon Horman wrote: >> On Tue, Mar 14, 2023 at 06:49:25PM +0100, Ilya Maximets wrote: >>> On 3/14/23 12:15, Simon Horman wrote: On Mon, Mar 13, 2023 at 09:34:30PM +0100, Ilya Maximets wrote: > On

[ovs-dev] [PATCH ovn 2/4] northd: Add tiered ACL support.

With this commit, ACLs can now be arranged in hierarchical tiers. A tier number can be assigned to an ACL. When evaluating ACLs, we first will consider ACLs at tier 0. If no matching ACL is found, then we move to tier 1. This continues until a matching ACL is found, or we reach the maximum tier.

[ovs-dev] [PATCH ovn 4/4] acls: Add "pass" ACL action.

This allows for evaluating ACLs at the current tier to stop, and to start evaluating ACLs at the next tier. If not using tiers, or if we match on the final ACL tier, then a "pass" verdict results in the default ACL action being applied. Reported-at:

[ovs-dev] [PATCH ovn 3/4] ovn-nbctl: Add tier ACL options.

This modifies the acl-add and acl-del commands so that an ACL tier can be specified when adding or deleting ACLs. For acl-add, if the tier is specified, then the ACL created by the command will have that tier set. For acl-del, if the tier is specified, then the tier will be one of the criteria

[ovs-dev] [PATCH v10 4/4] userspace: Enable L4 checksum offloading by default.

From: Flavio Leitner The netdev receiving packets is supposed to provide the flags indicating if the L4 checksum was verified and it is OK or BAD, otherwise the stack will check when appropriate by software. If the packet comes with good checksum, then postpone the checksum calculation to the

[ovs-dev] [PATCH v10 2/4] dpif-netdev: Show netdev offloading flags.

From: Flavio Leitner This patch modifies netdev_get_status to include information about checksum offload status by port, allowing the user to gain insight into where checksum offloading is active. Signed-off-by: Flavio Leitner Co-authored-by: Mike Pattrick Signed-off-by: Mike Pattrick ---

[ovs-dev] [PATCH v10 3/4] userspace: Enable IP checksum offloading by default.

From: Flavio Leitner The netdev receiving packets is supposed to provide the flags indicating if the IP checksum was verified and it is GOOD or BAD, otherwise the stack will check when appropriate by software. If the packet comes with good checksum, then postpone the checksum calculation to the

[ovs-dev] [PATCH v10 1/4] Documentation: Document netdev offload.

From: Flavio Leitner Document the implementation of netdev hardware offloading in userspace datapath. Signed-off-by: Flavio Leitner Co-authored-by: Mike Pattrick Signed-off-by: Mike Pattrick --- Since v9: - Renamed documentation to reflect the userspace checksum nature of this feature -

Re: [ovs-dev] [PATCH v4] dpdk: Allow retaining CAP_SYS_RAWIO privileges

On 3/16/23 13:00, Aaron Conole wrote: > Open vSwitch generally tries to let the underlying operating system > managed the low level details of hardware, for example DMA mapping, > bus arbitration, etc. However, when using DPDK, the underlying > operating system yields control of many of these

Re: [ovs-dev] [PATCH v9 5/5] odp: Add SRv6 tunnel actions.

On 3/15/23 07:07, Nobuhiro MIKI wrote: > This patch adds ODP actions for SRv6 and its tests. > > Signed-off-by: Nobuhiro MIKI > --- > lib/odp-util.c| 56 +++ > python/ovs/flow/odp.py| 8 + > python/ovs/tests/test_odp.py | 16

Re: [ovs-dev] [PATCH v9 5/5] odp: Add SRv6 tunnel actions.

On 3/22/23 00:41, Ilya Maximets wrote: > On 3/15/23 07:07, Nobuhiro MIKI wrote: >> This patch adds ODP actions for SRv6 and its tests. >> >> Signed-off-by: Nobuhiro MIKI >> --- >> lib/odp-util.c| 56 +++ >> python/ovs/flow/odp.py| 8 +

Re: [ovs-dev] [PATCH v9 4/5] userspace: Add SRv6 tunnel support.

On 3/15/23 07:07, Nobuhiro MIKI wrote: > SRv6 (Segment Routing IPv6) tunnel vport is responsible > for encapsulation and decapsulation the inner packets with > IPv6 header and an extended header called SRH > (Segment Routing Header). See spec in: > > https://datatracker.ietf.org/doc/html/rfc8754

Re: [ovs-dev] [PATCH v4 ovn] northd: drop ct.inv packets in post snat and lb_aff_learn stages

On Mon, Mar 20, 2023 at 2:30 PM Lorenzo Bianconi wrote: > > Drop ip packets with ct status set to invalid in post snat and > lb_aff_learn router stages. > Skip ICMPv{4,6} error messages packet in ct.inv rules in order to avoid > to introduce too complicated code. > > Reported-at: