Re: [ovs-dev] [PATCH] [openvswitch v4] openvswitch: Add support to count upcall packets
On 23 Nov 2022, at 10:18, wangchuanlei wrote:
> Add support to count upall packets, when kmod of openvswitch
> upcall to userspace , here count the number of packets for
> upcall succeed and failed, which is a better way to see how
> many packets upcalled to userspace(ovs-vswitchd) on every
> interfaces.
>
> Here optimize the function used by comments of v3.
>
> Changes since v3:
> - use nested NLA_NESTED attribute in netlink message
>
> Changes since v2:
> - add count of upcall failed packets
>
> Changes since v1:
> - add count of upcall succeed packets
There is already a review from Alexander, so I only commented on some things
that caught my attention after glazing over the patch.
I will do a full review of the next revisions.
//Eelco
> Signed-off-by: wangchuanlei
> ---
> include/uapi/linux/openvswitch.h | 19
> net/openvswitch/datapath.c | 52
> net/openvswitch/datapath.h | 12
> net/openvswitch/vport.c | 48 +
> net/openvswitch/vport.h | 6
> 5 files changed, 137 insertions(+)
>
> diff --git a/include/uapi/linux/openvswitch.h
> b/include/uapi/linux/openvswitch.h
> index 94066f87e9ee..fa13bce15fae 100644
> --- a/include/uapi/linux/openvswitch.h
> +++ b/include/uapi/linux/openvswitch.h
> @@ -126,6 +126,11 @@ struct ovs_vport_stats {
> __u64 tx_dropped; /* no space available in linux */
> };
>
> +struct ovs_vport_upcall_stats {
> + uint64_t upcall_success; /* total packets upcalls succeed */
> + uint64_t upcall_fail; /* total packets upcalls failed */
> +};
This is no longer a user API data structure, so it should be removed from this
include.
> +
> /* Allow last Netlink attribute to be unaligned */
> #define OVS_DP_F_UNALIGNED (1 << 0)
>
> @@ -277,11 +282,25 @@ enum ovs_vport_attr {
> OVS_VPORT_ATTR_PAD,
> OVS_VPORT_ATTR_IFINDEX,
> OVS_VPORT_ATTR_NETNSID,
> + OVS_VPORT_ATTR_UPCALL_STATS, /* struct ovs_vport_upcall_stats */
> __OVS_VPORT_ATTR_MAX
> };
>
> #define OVS_VPORT_ATTR_MAX (__OVS_VPORT_ATTR_MAX - 1)
>
> +/**
> + * enum ovs_vport_upcall_attr - attributes for %OVS_VPORT_UPCALL* commands
> + * @OVS_VPORT_UPCALL_SUCCESS: 64-bit upcall success packets.
> + * @OVS_VPORT_UPCALL_FAIL: 64-bit upcall fail packets.
> + */
> +enum ovs_vport_upcall_attr {
> + OVS_VPORT_UPCALL_SUCCESS, /* 64-bit upcall success packets */
> + OVS_VPORT_UPCALL_FAIL, /* 64-bit upcall fail packets */
> + __OVS_VPORT_UPCALL_MAX
> +};
Here you have comments ending with and without a dot (.), maybe make it uniform.
Maybe the comment on the structure can be removed as they are explained right
above?
> +
> +#define OVS_VPORT_UPCALL_MAX (__OVS_VPORT_UPCALL_MAX-1)
> +
> enum {
> OVS_VXLAN_EXT_UNSPEC,
> OVS_VXLAN_EXT_GBP, /* Flag or __u32 */
> diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c
> index c8a9075ddd0a..5254c51cfa60 100644
> --- a/net/openvswitch/datapath.c
> +++ b/net/openvswitch/datapath.c
> @@ -209,6 +209,25 @@ static struct vport *new_vport(const struct vport_parms
> *parms)
> return vport;
> }
>
> +static void ovs_vport_upcalls(struct sk_buff *skb,
> + const struct dp_upcall_info *upcall_info,
> + bool upcall_success)
> +{
> + if (upcall_info->cmd == OVS_PACKET_CMD_MISS ||
> + upcall_info->cmd == OVS_PACKET_CMD_ACTION) {
> + const struct vport *p = OVS_CB(skb)->input_vport;
> + struct vport_upcall_stats_percpu *vport_stats;
> +
> + vport_stats = this_cpu_ptr(p->vport_upcall_stats_percpu);
> + u64_stats_update_begin(_stats->syncp);
> + if (upcall_success)
> + u64_stats_inc(_stats->n_upcall_success);
> + else
> + u64_stats_inc(_stats->n_upcall_fail);
> + u64_stats_update_end(_stats->syncp);
> + }
> +}
> +
> void ovs_dp_detach_port(struct vport *p)
> {
> ASSERT_OVSL();
> @@ -216,6 +235,9 @@ void ovs_dp_detach_port(struct vport *p)
> /* First drop references to device. */
> hlist_del_rcu(>dp_hash_node);
>
> + /* Free percpu memory */
> + free_percpu(p->vport_upcall_stats_percpu);
> +
> /* Then destroy it. */
> ovs_vport_del(p);
> }
> @@ -305,6 +327,8 @@ int ovs_dp_upcall(struct datapath *dp, struct sk_buff
> *skb,
> err = queue_userspace_packet(dp, skb, key, upcall_info, cutlen);
> else
> err = queue_gso_packets(dp, skb, key, upcall_info, cutlen);
> +
> + ovs_vport_upcalls(skb, upcall_info, !err);
> if (err)
> goto err;
>
> @@ -1825,6 +1849,13 @@ static int ovs_dp_cmd_new(struct sk_buff *skb, struct
> genl_info *info)
> goto err_destroy_portids;
> }
>
> + vport->vport_upcall_stats_percpu =
> +
Re: [ovs-dev] [PATCH v2 1/1] datapath-windows: Check the condition to reset pseudo header checksum on Rx side
Thank you for incorporating the comments. Applied on master! -- Alin. -Original Message- From: dev On Behalf Of Wilson Peng Sent: Wednesday, November 9, 2022 3:35 AM To: d...@openvswitch.org Subject: [ovs-dev] [PATCH v2 1/1] datapath-windows: Check the condition to reset pseudo header checksum on Rx side From: Wilson Peng If ovs node running on Windows is processing NAT action on the RX side, it will reset pseudo header checksum only if the L4 checksum is same as the calculated pseudo header checksum before NAT action. Without the fix, if the L4 header checksum is filled with a pseudo header checksum (sourceip, dstip, protocol, tcppayloadlen+tcpheaderlen) OVS will still do the checksum update(replace some IP and port and recalculate the checksum). It will lead to incorrect L4 header checksum. Reported-at:https://github.com/openvswitch/ovs-issues/issues/265 Signed-off-by: Wilson Peng --- ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v5 15/15] tests: Comment currently failing TC system-traffic tests.
On 23/11/2022 13:21, Eelco Chaudron wrote:
> The goal was to run 200 successful tc tests in a row. To do this the
> following was run:
>
> for i in {1..200}; do make check-offloads || break; \
> echo "ALL_200_OK: $i"; done;
>
> Unfortunately, a bunch of test cases showed occasional failures.
> For now, they are excluded from the test cases and need further
> investigation. They are:
>
> 802.1ad - vlan_limit
> conntrack - DNAT load balancing
> conntrack - DNAT load balancing with NC
> conntrack - ICMP related
> conntrack - ICMP related to original direction
> conntrack - ICMP related with NAT
> conntrack - IPv4 fragmentation with fragments specified
> conntrack - multiple namespaces, internal ports
> conntrack - zones from other field
> conntrack - zones from other field, more tests
> datapath - basic truncate action
> datapath - multiple mpls label pop
> datapath - truncate and output to gre tunnel
> datapath - truncate and output to gre tunnel by simulated packets
>
> Some other test cases also fail due to what looks like problems
> in the tc kernel conntrack implementation. For details see the
> details in the system-offloads.at exclusion list definition.
>
> Signed-off-by: Eelco Chaudron
> ---
> tests/system-offloads.at | 43 +--
> 1 file changed, 37 insertions(+), 6 deletions(-)
>
> diff --git a/tests/system-offloads.at b/tests/system-offloads.at
> index 34de0136d..9ee6b96d6 100644
> --- a/tests/system-offloads.at
> +++ b/tests/system-offloads.at
> @@ -61,20 +61,51 @@ m4_define([CHECK_CONNTRACK_TIMEOUT],
> # issue.
> m4_define([OVS_TEST_SKIP_LIST],
> [ovs_test_skip_list="
> +# TC does not support moving ports to a different namespace than vswitchd's
> +# namespace, so we need to disable this test.
> conntrack - multiple namespaces, internal ports
> +
> +# When moving through different zones, it can take up to ~8 seconds before
> +# the conntrack state gets updated causing these tests to fail.
> conntrack - ct metadata, multiple zones
> -conntrack - ICMP related
> -conntrack - ICMP related to original direction
> +conntrack - multiple zones, local
> +conntrack - multi-stage pipeline, local
> +
> +# The kernel's tcf_ct_act() function does not seem to take care of any (QinQ)
> +# VLAN headers causing commits to fail. However, if this is solved, we have
> to
> +# make sure conntrack does not break the VLAN boundary, i.e., putting
> together
> +# two packets with different CVLAN+SVLAN values.
> conntrack - IPv4 fragmentation + cvlan
> -conntrack - IPv4 fragmentation with fragments specified
> conntrack - IPv6 fragmentation + cvlan
> +
> +# Fragmentation handling in ct zone 9 does not seem to work correctly.
> +# When moving this test over to the default zone all works fine.
> conntrack - Fragmentation over vxlan
> conntrack - IPv6 Fragmentation over vxlan
> -conntrack - multiple zones, local
> -conntrack - multi-stage pipeline, local
> +
> +# Occasionaly we fail on the 'execute ct(commit) failed (Invalid argument) on
> +# packet...' log message being present
> +conntrack - zones from other field
> +conntrack - zones from other field, more tests
> +conntrack - multiple namespaces, internal ports
> +conntrack - IPv4 fragmentation with fragments specified
> +
> +# Occasionaly we fail on the 'failed to flow_get/flow_del (No such file or
> directory)
> +# ufid:..' log message being present.
> +datapath - multiple mpls label pop
> +datapath - basic truncate action
> +conntrack - ICMP related
> +conntrack - ICMP related to original direction
> conntrack - ICMP related with NAT
> conntrack - DNAT load balancing
> -conntrack - DNAT load balancing with NC"
> +conntrack - DNAT load balancing with NC
> +802.1ad - vlan_limit
> +
> +# Occasionalt we fail with extreme high byte counters, i.e.
> +# n_bytes=18446744073705804134
> +datapath - truncate and output to gre tunnel by simulated packets
> +datapath - truncate and output to gre tunnel
> +"
> echo "$ovs_test_skip_list" | sed "s// /g"])
>
> m4_include([tests/system-traffic.at])
>
Acked-by: Roi Dayan
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn] northd: Improve the LB affinity code
Improve the affinity code to reuse ds buffers as much as possible
without constantly repeating some parts. Add ct.new for the LB flows
so it is clear that the commit happens only when we have a new
connection.
Signed-off-by: Ales Musil
---
northd/northd.c | 162 ++--
northd/ovn-northd.8.xml | 15 ++--
tests/ovn-northd.at | 10 +--
tests/system-ovn.at | 8 +-
4 files changed, 91 insertions(+), 104 deletions(-)
diff --git a/northd/northd.c b/northd/northd.c
index 040f46e1a..188042bca 100644
--- a/northd/northd.c
+++ b/northd/northd.c
@@ -243,7 +243,6 @@ enum ovn_stage {
#define REGBIT_DST_NAT_IP_LOCAL "reg9[4]"
#define REGBIT_KNOWN_ECMP_NH"reg9[5]"
#define REGBIT_KNOWN_LB_SESSION "reg9[6]"
-#define REG
/* Register to store the eth address associated to a router port for packets
* received in S_ROUTER_IN_ADMISSION.
@@ -6963,6 +6962,7 @@ build_lb_affinity_flows(struct hmap *lflows, struct
ovn_northd_lb *lb,
return;
}
+static char *aff_check = REGBIT_KNOWN_LB_SESSION" = chk_lb_aff(); next;";
enum ovn_stage stage0 = router_pipeline ?
S_ROUTER_IN_LB_AFF_CHECK : S_SWITCH_IN_LB_AFF_CHECK;
struct ovn_lflow *lflow_ref_aff_check = NULL;
@@ -6970,80 +6970,102 @@ build_lb_affinity_flows(struct hmap *lflows, struct
ovn_northd_lb *lb,
* tuple and we are in affinity timeslot. */
uint32_t hash_aff_check = ovn_logical_flow_hash(
ovn_stage_get_table(stage0), ovn_stage_get_pipeline(stage0), 100,
-check_lb_match, REGBIT_KNOWN_LB_SESSION" = chk_lb_aff(); next;");
+check_lb_match, aff_check);
for (size_t i = 0; i < n_dplist; i++) {
if (!ovn_dp_group_add_with_reference(lflow_ref_aff_check, dplist[i])) {
lflow_ref_aff_check = ovn_lflow_add_at_with_hash(
lflows, dplist[i], stage0, 100, check_lb_match,
-REGBIT_KNOWN_LB_SESSION" = chk_lb_aff(); next;",
-NULL, NULL, >nlb->header_,
+aff_check, NULL, NULL, >nlb->header_,
OVS_SOURCE_LOCATOR, hash_aff_check);
}
}
+const char *reg_vip;
+const char *reg_backend;
+
+struct ds aff_action = DS_EMPTY_INITIALIZER;
struct ds aff_action_learn = DS_EMPTY_INITIALIZER;
-struct ds aff_match_learn = DS_EMPTY_INITIALIZER;
-struct ds aff_action_lb_common = DS_EMPTY_INITIALIZER;
-struct ds aff_action_lb = DS_EMPTY_INITIALIZER;
struct ds aff_match = DS_EMPTY_INITIALIZER;
+struct ds aff_match_learn = DS_EMPTY_INITIALIZER;
bool ipv6 = !IN6_IS_ADDR_V4MAPPED(_vip->vip);
-const char *reg_vip;
+const char *ip_match = ipv6 ? "ip6" : "ip4";
+
+stage0 =
+router_pipeline ? S_ROUTER_IN_LB_AFF_LEARN : S_SWITCH_IN_LB_AFF_LEARN;
+enum ovn_stage stage1 =
+router_pipeline ? S_ROUTER_IN_DNAT : S_SWITCH_IN_LB;
+
if (router_pipeline) {
reg_vip = ipv6 ? REG_NEXT_HOP_IPV6 : REG_NEXT_HOP_IPV4;
+reg_backend =
+ipv6 ? REG_LB_L3_AFF_BACKEND_IP6 : REG_LB_AFF_BACKEND_IP4;
} else {
reg_vip = ipv6 ? REG_ORIG_DIP_IPV6 : REG_ORIG_DIP_IPV4;
+reg_backend =
+ipv6 ? REG_LB_L2_AFF_BACKEND_IP6 : REG_LB_AFF_BACKEND_IP4;
}
-ds_put_format(_action_lb_common,
- REGBIT_CONNTRACK_COMMIT" = 0; %s = %s; ",
+/* Prepare common part of affinity LB and affinity learn action. */
+ds_put_format(_action, REGBIT_CONNTRACK_COMMIT" = 0; %s = %s; ",
reg_vip, lb_vip->vip_str);
+ds_put_cstr(_action_learn, "commit_lb_aff(vip = \"");
+
if (lb_vip->vip_port) {
-ds_put_format(_action_lb_common, REG_ORIG_TP_DPORT" = %d; ",
+ds_put_format(_action, REG_ORIG_TP_DPORT" = %d; ",
lb_vip->vip_port);
+ds_put_format(_action_learn, ipv6 ? "[%s]:%d" : "%s:%d",
+ lb_vip->vip_str, lb_vip->vip_port);
+} else {
+ds_put_cstr(_action_learn, lb_vip->vip_str);
}
if (lb_action) {
-ds_put_format(_action_lb_common, "%s;", lb_action);
+ds_put_cstr(_action, lb_action);
}
+ds_put_cstr(_action, "ct_lb_mark(backends=");
+ds_put_cstr(_action_learn, "\", backend = \"");
+
+/* Prepare common part of affinity learn match. */
+ds_put_format(_match_learn, REGBIT_KNOWN_LB_SESSION" == 0 && "
+ "ct.new && %s && %s == %s && %s.dst == ", ip_match,
+ reg_vip, lb_vip->vip_str, ip_match);
+
+/* Prepare common part of affinity match. */
+ds_put_format(_match, REGBIT_KNOWN_LB_SESSION" == 1 && "
+ "ct.new && %s && %s == ", ip_match, reg_backend);
+
+/* Store the common part length. */
+size_t aff_action_len = aff_action.length;
+size_t aff_action_learn_len = aff_action_learn.length;
+size_t aff_match_len = aff_match.length;
+size_t aff_match_learn_len = aff_match_learn.length;
+
-stage0 =
[ovs-dev] [PATCH v9 4/4] userspace: Enable L4 checksum offloading by default.
From: Flavio Leitner
The netdev receiving packets is supposed to provide the flags
indicating if the L4 checksum was verified and it is OK or BAD,
otherwise the stack will check when appropriate by software.
If the packet comes with good checksum, then postpone the
checksum calculation to the egress device if needed.
When encapsulate a packet with that flag, set the checksum
of the inner L4 header since that is not yet supported.
Calculate the L4 checksum when the packet is going to be sent
over a device that doesn't support the feature.
Linux tap devices allows enabling L3 and L4 offload, so this
patch enables the feature. However, Linux socket interface
remains disabled because the API doesn't allow enabling
those two features without enabling TSO too.
Signed-off-by: Flavio Leitner
Co-authored-by: Mike Pattrick
Signed-off-by: Mike Pattrick
---
lib/conntrack.c | 15 +--
lib/dp-packet.c | 25
lib/dp-packet.h | 78 -
lib/flow.c | 23
lib/netdev-dpdk.c | 188 --
lib/netdev-linux.c | 252 ++--
lib/netdev-native-tnl.c | 32 +
lib/netdev.c| 46 ++--
lib/packets.c | 175 ++--
lib/packets.h | 3 +
10 files changed, 580 insertions(+), 257 deletions(-)
diff --git a/lib/conntrack.c b/lib/conntrack.c
index 12194cce8..57e6a55e0 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -2118,13 +2118,12 @@ conn_key_extract(struct conntrack *ct, struct dp_packet
*pkt, ovs_be16 dl_type,
}
if (ok) {
-bool hwol_bad_l4_csum = dp_packet_l4_checksum_bad(pkt);
-if (!hwol_bad_l4_csum) {
-bool hwol_good_l4_csum = dp_packet_l4_checksum_good(pkt)
- || dp_packet_hwol_tx_l4_checksum(pkt);
+if (!dp_packet_l4_checksum_bad(pkt)) {
/* Validate the checksum only when hwol is not supported. */
if (extract_l4(>key, l4, dp_packet_l4_size(pkt),
- >icmp_related, l3, !hwol_good_l4_csum,
+ >icmp_related, l3,
+ !dp_packet_l4_checksum_good(pkt) &&
+ !dp_packet_hwol_tx_l4_checksum(pkt),
NULL)) {
ctx->hash = conn_key_hash(>key, ct->hash_basis);
return true;
@@ -3453,8 +3452,10 @@ handle_ftp_ctl(struct conntrack *ct, const struct
conn_lookup_ctx *ctx,
adj_seqnum(>tcp_seq, ec->seq_skew);
}
-th->tcp_csum = 0;
-if (!dp_packet_hwol_tx_l4_checksum(pkt)) {
+if (dp_packet_hwol_tx_l4_checksum(pkt)) {
+dp_packet_ol_reset_l4_csum_good(pkt);
+} else {
+th->tcp_csum = 0;
if (ctx->key.dl_type == htons(ETH_TYPE_IPV6)) {
th->tcp_csum = packet_csum_upperlayer6(nh6, th, ctx->key.nw_proto,
dp_packet_l4_size(pkt));
diff --git a/lib/dp-packet.c b/lib/dp-packet.c
index 90ef85de3..2cfaf5274 100644
--- a/lib/dp-packet.c
+++ b/lib/dp-packet.c
@@ -38,6 +38,9 @@ dp_packet_init__(struct dp_packet *b, size_t allocated, enum
dp_packet_source so
dp_packet_init_specific(b);
/* By default assume the packet type to be Ethernet. */
b->packet_type = htonl(PT_ETH);
+/* Reset csum start and offset. */
+b->csum_start = 0;
+b->csum_offset = 0;
}
static void
@@ -544,4 +547,26 @@ dp_packet_ol_send_prepare(struct dp_packet *p, const
uint64_t flags)
dp_packet_ol_set_ip_csum_good(p);
dp_packet_hwol_reset_tx_ip_csum(p);
}
+
+if (dp_packet_l4_checksum_good(p) || !dp_packet_hwol_tx_l4_checksum(p)) {
+dp_packet_hwol_reset_tx_l4_csum(p);
+return;
+}
+
+if (dp_packet_hwol_l4_is_tcp(p)
+&& !(flags & NETDEV_TX_OFFLOAD_TCP_CKSUM)) {
+packet_tcp_complete_csum(p);
+dp_packet_ol_set_l4_csum_good(p);
+dp_packet_hwol_reset_tx_l4_csum(p);
+} else if (dp_packet_hwol_l4_is_udp(p)
+&& !(flags & NETDEV_TX_OFFLOAD_UDP_CKSUM)) {
+packet_udp_complete_csum(p);
+dp_packet_ol_set_l4_csum_good(p);
+dp_packet_hwol_reset_tx_l4_csum(p);
+} else if (!(flags & NETDEV_TX_OFFLOAD_SCTP_CKSUM)
+&& dp_packet_hwol_l4_is_sctp(p)) {
+packet_sctp_complete_csum(p);
+dp_packet_ol_set_l4_csum_good(p);
+dp_packet_hwol_reset_tx_l4_csum(p);
+}
}
diff --git a/lib/dp-packet.h b/lib/dp-packet.h
index f60618716..d550b099c 100644
--- a/lib/dp-packet.h
+++ b/lib/dp-packet.h
@@ -140,6 +140,8 @@ struct dp_packet {
or UINT16_MAX. */
uint32_t cutlen; /* length in bytes to cut from the end. */
ovs_be32 packet_type; /* Packet type as defined in OpenFlow */
+uint16_t csum_start; /* Position to start checksumming from. */
+uint16_t csum_offset; /* Offset to place checksum. */
[ovs-dev] [PATCH v9 3/4] userspace: Enable IP checksum offloading by default.
From: Flavio Leitner
The netdev receiving packets is supposed to provide the flags
indicating if the IP checksum was verified and it is GOOD or BAD,
otherwise the stack will check when appropriate by software.
If the packet comes with good checksum, then postpone the
checksum calculation to the egress device if needed.
When encapsulate a packet with that flag, set the checksum
of the inner IP header since that is not yet supported.
Calculate the IP checksum when the packet is going to be sent over
a device that doesn't support the feature.
Linux devices don't support IP checksum offload alone, so the
support is not enabled.
Signed-off-by: Flavio Leitner
Co-authored-by: Mike Pattrick
Signed-off-by: Mike Pattrick
---
lib/conntrack.c | 17 +++---
lib/dp-packet.c | 15 ++
lib/dp-packet.h | 60 +++--
lib/dpif-netdev.c | 4 ++
lib/flow.c | 15 --
lib/ipf.c | 11 ++--
lib/netdev-dpdk.c | 81 -
lib/netdev-dummy.c | 23
lib/netdev-native-tnl.c | 21 +---
lib/netdev.c| 16 ++
lib/odp-execute.c | 21 ++--
lib/packets.c | 34 +---
tests/automake.mk | 1 +
tests/system-userspace-offload.at | 79
tests/system-userspace-testsuite.at | 1 +
15 files changed, 328 insertions(+), 71 deletions(-)
create mode 100644 tests/system-userspace-offload.at
diff --git a/lib/conntrack.c b/lib/conntrack.c
index 550b2be9b..12194cce8 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -2101,16 +2101,15 @@ conn_key_extract(struct conntrack *ct, struct dp_packet
*pkt, ovs_be16 dl_type,
ctx->key.dl_type = dl_type;
if (ctx->key.dl_type == htons(ETH_TYPE_IP)) {
-bool hwol_bad_l3_csum = dp_packet_ip_checksum_bad(pkt);
-if (hwol_bad_l3_csum) {
+if (dp_packet_ip_checksum_bad(pkt)) {
ok = false;
COVERAGE_INC(conntrack_l3csum_err);
} else {
-bool hwol_good_l3_csum = dp_packet_ip_checksum_valid(pkt)
- || dp_packet_hwol_is_ipv4(pkt);
-/* Validate the checksum only when hwol is not supported. */
+/* Validate the checksum only when hwol is not supported and the
+ * packets checksum status is not known. */
ok = extract_l3_ipv4(>key, l3, dp_packet_l3_size(pkt), NULL,
- !hwol_good_l3_csum);
+ !dp_packet_hwol_is_ipv4(pkt) &&
+ !dp_packet_ip_checksum_good(pkt));
}
} else if (ctx->key.dl_type == htons(ETH_TYPE_IPV6)) {
ok = extract_l3_ipv6(>key, l3, dp_packet_l3_size(pkt), NULL);
@@ -2121,7 +2120,7 @@ conn_key_extract(struct conntrack *ct, struct dp_packet
*pkt, ovs_be16 dl_type,
if (ok) {
bool hwol_bad_l4_csum = dp_packet_l4_checksum_bad(pkt);
if (!hwol_bad_l4_csum) {
-bool hwol_good_l4_csum = dp_packet_l4_checksum_valid(pkt)
+bool hwol_good_l4_csum = dp_packet_l4_checksum_good(pkt)
|| dp_packet_hwol_tx_l4_checksum(pkt);
/* Validate the checksum only when hwol is not supported. */
if (extract_l4(>key, l4, dp_packet_l4_size(pkt),
@@ -3431,7 +3430,9 @@ handle_ftp_ctl(struct conntrack *ct, const struct
conn_lookup_ctx *ctx,
}
if (seq_skew) {
ip_len = ntohs(l3_hdr->ip_tot_len) + seq_skew;
-if (!dp_packet_hwol_is_ipv4(pkt)) {
+if (dp_packet_hwol_tx_ip_csum(pkt)) {
+dp_packet_ol_reset_ip_csum_good(pkt);
+} else {
l3_hdr->ip_csum = recalc_csum16(l3_hdr->ip_csum,
l3_hdr->ip_tot_len,
htons(ip_len));
diff --git a/lib/dp-packet.c b/lib/dp-packet.c
index 4538d2a61..90ef85de3 100644
--- a/lib/dp-packet.c
+++ b/lib/dp-packet.c
@@ -21,6 +21,7 @@
#include "dp-packet.h"
#include "netdev-afxdp.h"
#include "netdev-dpdk.h"
+#include "netdev-provider.h"
#include "openvswitch/dynamic-string.h"
#include "util.h"
@@ -530,3 +531,17 @@ dp_packet_compare_offsets(struct dp_packet *b1, struct
dp_packet *b2,
}
return true;
}
+
+/* Checks if the packet 'p' is compatible with netdev_ol_flags 'flags'
+ * and if not, update the packet with the software fall back. */
+void
+dp_packet_ol_send_prepare(struct dp_packet *p, const uint64_t flags)
+{
+if (dp_packet_ip_checksum_good(p) || !dp_packet_hwol_tx_ip_csum(p)) {
+dp_packet_hwol_reset_tx_ip_csum(p);
+} else if (!(flags & NETDEV_TX_OFFLOAD_IPV4_CKSUM)) {
+
[ovs-dev] [PATCH v9 2/4] dpif-netdev: Show netdev offloading flags.
From: Flavio Leitner
This patch introduces a command to display the current checksum offload
status by port, allowing the user to gain insight into where checksum
offloading is active.
Signed-off-by: Flavio Leitner
Co-authored-by: Mike Pattrick
Signed-off-by: Mike Pattrick
Reviewed-by: David Marchand
---
lib/dpif-netdev-unixctl.man | 6
lib/dpif-netdev.c | 58 +
lib/netdev-provider.h | 3 ++
lib/netdev.c| 35 ++
tests/dpif-netdev.at| 21 ++
5 files changed, 123 insertions(+)
diff --git a/lib/dpif-netdev-unixctl.man b/lib/dpif-netdev-unixctl.man
index 8cd847416..2840d462e 100644
--- a/lib/dpif-netdev-unixctl.man
+++ b/lib/dpif-netdev-unixctl.man
@@ -262,3 +262,9 @@ PMDs in the case where no value is specified. By default
"scalar" is used.
\fIstudy_cnt\fR defaults to 128 and indicates the number of packets that the
"study" miniflow implementation must parse before choosing an optimal
implementation.
+.
+.IP "\fBdpif-netdev/offload-show\fR [\fIdp\fR] [\fInetdev\fR]"
+Prints the hardware offloading features enabled in netdev \fInetdev\fR
+attached to datapath \fIdp\fR. The datapath \fIdp\fR parameter can be
+omitted if there is only one. All netdev ports are printed if the
+parameter \fInetdev\fR is omitted.
diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c
index 2c08a71c8..ef50e62b8 100644
--- a/lib/dpif-netdev.c
+++ b/lib/dpif-netdev.c
@@ -1562,6 +1562,61 @@ dpif_netdev_bond_show(struct unixctl_conn *conn, int
argc,
ds_destroy();
}
+static void
+dpif_netdev_offload_show(struct unixctl_conn *conn, int argc,
+ const char *argv[], void *aux OVS_UNUSED)
+{
+struct ds reply = DS_EMPTY_INITIALIZER;
+const char *netdev_name = NULL;
+struct dp_netdev *dp = NULL;
+struct dp_netdev_port *port;
+
+ovs_mutex_lock(_netdev_mutex);
+if (argc == 3) {
+dp = shash_find_data(_netdevs, argv[1]);
+netdev_name = argv[2];
+} else if (argc == 2) {
+dp = shash_find_data(_netdevs, argv[1]);
+if (!dp && shash_count(_netdevs) == 1) {
+/* There's only one datapath. */
+dp = shash_first(_netdevs)->data;
+netdev_name = argv[1];
+}
+} else if (shash_count(_netdevs) == 1) {
+/* There's only one datapath. */
+dp = shash_first(_netdevs)->data;
+}
+
+if (!dp) {
+ovs_mutex_unlock(_netdev_mutex);
+unixctl_command_reply_error(conn,
+"please specify an existing datapath");
+return;
+}
+
+ovs_rwlock_rdlock(>port_rwlock);
+HMAP_FOR_EACH (port, node, >ports) {
+if (netdev_name) {
+/* find the port and dump the info */
+if (!strcmp(netdev_get_name(port->netdev), netdev_name)) {
+ds_put_format(, "%s: ", netdev_get_name(port->netdev));
+netdev_ol_flags_to_string(, port->netdev);
+ds_put_format(, "\n");
+break;
+}
+} else {
+ds_put_format(, "%s: ", netdev_get_name(port->netdev));
+netdev_ol_flags_to_string(, port->netdev);
+ds_put_format(, "\n");
+}
+}
+
+ovs_rwlock_unlock(>port_rwlock);
+ovs_mutex_unlock(_netdev_mutex);
+unixctl_command_reply(conn, ds_cstr());
+ds_destroy();
+}
+
static int
dpif_netdev_init(void)
@@ -1621,6 +1676,9 @@ dpif_netdev_init(void)
unixctl_command_register("dpif-netdev/miniflow-parser-get", "",
0, 0, dpif_miniflow_extract_impl_get,
NULL);
+unixctl_command_register("dpif-netdev/offload-show", "[dp] [netdev]",
+ 0, 2, dpif_netdev_offload_show,
+ NULL);
return 0;
}
diff --git a/lib/netdev-provider.h b/lib/netdev-provider.h
index b5420947d..0c8329652 100644
--- a/lib/netdev-provider.h
+++ b/lib/netdev-provider.h
@@ -37,6 +37,7 @@ extern "C" {
struct netdev_tnl_build_header_params;
#define NETDEV_NUMA_UNSPEC OVS_NUMA_UNSPEC
+/* Keep this enum updated with translation to string below. */
enum netdev_ol_flags {
NETDEV_TX_OFFLOAD_IPV4_CKSUM = 1 << 0,
NETDEV_TX_OFFLOAD_TCP_CKSUM = 1 << 1,
@@ -45,6 +46,8 @@ enum netdev_ol_flags {
NETDEV_TX_OFFLOAD_TCP_TSO = 1 << 4,
};
+void netdev_ol_flags_to_string(struct ds *, const struct netdev *);
+
/* A network device (e.g. an Ethernet device).
*
* Network device implementations may read these members but should not modify
diff --git a/lib/netdev.c b/lib/netdev.c
index c79778378..bd068507a 100644
--- a/lib/netdev.c
+++ b/lib/netdev.c
@@ -2306,3 +2306,38 @@ netdev_free_custom_stats_counters(struct
netdev_custom_stats *custom_stats)
}
}
}
+
+void
+netdev_ol_flags_to_string(struct ds *string, const struct netdev *netdev)
+{
+/* Sort by dependency, if any. */
+if
[ovs-dev] [PATCH v9 0/4] Enhance support for checksum offloading
This is a subset of the larger TSO patchset with various checksum improvements. This set includes additional documentation, new appctl command "dpif-netdev/offload-show" to display interface offload support, and improvements to tracking when an updated checksum is required. In a simple iperf test with traffic flowing from a VM, through a virtio interface and out of DPDK PF, this series resulted in an 18% improvement in TCP throughput compared to master branch (361 vs 429 Mbps). When TSO is enabled, this further improved by 10x (429 Mbps vs 4.32 Gbps). While TSO isn't introduced in this series, support for encapsulation with offload is extended. Flavio Leitner (4): Documentation: Document netdev offload. dpif-netdev: Show netdev offloading flags. userspace: Enable IP checksum offloading by default. userspace: Enable L4 csum offloading by default. Documentation/automake.mk| 1 + Documentation/topics/index.rst | 1 + Documentation/topics/netdev-offloads.rst | 95 + lib/conntrack.c | 30 +-- lib/dp-packet.c | 39 lib/dp-packet.h | 138 - lib/dpif-netdev-unixctl.man | 6 + lib/dpif-netdev.c| 62 ++ lib/flow.c | 38 +++- lib/ipf.c| 11 +- lib/netdev-dpdk.c| 229 +--- lib/netdev-dummy.c | 23 +++ lib/netdev-linux.c | 252 +++ lib/netdev-native-tnl.c | 53 ++--- lib/netdev-provider.h| 3 + lib/netdev.c | 87 +--- lib/odp-execute.c| 21 +- lib/packets.c| 209 +++ lib/packets.h| 3 + ofproto/ofproto-dpif-upcall.c| 2 +- tests/automake.mk| 1 + tests/dpif-netdev.at | 21 ++ tests/system-userspace-offload.at| 79 +++ tests/system-userspace-testsuite.at | 1 + 24 files changed, 1099 insertions(+), 306 deletions(-) create mode 100644 Documentation/topics/netdev-offloads.rst create mode 100644 tests/system-userspace-offload.at -- 2.31.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v9 1/4] Documentation: Document netdev offload.
From: Flavio Leitner Document the implementation of netdev hardware offloading in userspace datapath. Signed-off-by: Flavio Leitner Co-authored-by: Mike Pattrick Reviewed-by: David Marchand Signed-off-by: Mike Pattrick --- Documentation/automake.mk| 1 + Documentation/topics/index.rst | 1 + Documentation/topics/netdev-offloads.rst | 95 3 files changed, 97 insertions(+) create mode 100644 Documentation/topics/netdev-offloads.rst diff --git a/Documentation/automake.mk b/Documentation/automake.mk index cdf3c9926..f7990af28 100644 --- a/Documentation/automake.mk +++ b/Documentation/automake.mk @@ -49,6 +49,7 @@ DOC_SOURCE = \ Documentation/topics/integration.rst \ Documentation/topics/language-bindings.rst \ Documentation/topics/networking-namespaces.rst \ + Documentation/topics/netdev-offloads.rst \ Documentation/topics/openflow.rst \ Documentation/topics/ovs-extensions.rst \ Documentation/topics/ovsdb-relay.rst \ diff --git a/Documentation/topics/index.rst b/Documentation/topics/index.rst index 90d4c66e6..55aab1c96 100644 --- a/Documentation/topics/index.rst +++ b/Documentation/topics/index.rst @@ -44,6 +44,7 @@ OVS openflow bonding networking-namespaces + netdev-offloads ovsdb-relay ovsdb-replication dpdk/index diff --git a/Documentation/topics/netdev-offloads.rst b/Documentation/topics/netdev-offloads.rst new file mode 100644 index 0..eb02981b7 --- /dev/null +++ b/Documentation/topics/netdev-offloads.rst @@ -0,0 +1,95 @@ +.. + Licensed under the Apache License, Version 2.0 (the "License"); you may + not use this file except in compliance with the License. You may obtain + a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + License for the specific language governing permissions and limitations + under the License. + + Convention for heading levels in Open vSwitch documentation: + + === Heading 0 (reserved for the title in a document) + --- Heading 1 + ~~~ Heading 2 + +++ Heading 3 + ''' Heading 4 + + Avoid deeper levels because they do not render well. + + +NIC Offloads + + +This document explains the internals of Open vSwitch support for NIC offloads. + +Design +-- + +The Open vSwitch should strive to forward packets as they arrive regardless +if the checksum is correct, for example. However, it cannot fix existing +problems. Therefore, when the packet has the checksum verified or the packet +is known to be good, the checksum calculation can be offloaded to the NIC, +otherwise updates can be made as long as the previous situation doesn't +change. For example, a packet with has corrupted IP checksum can be +accepted, and a flow rule can change the IP destination address to +another address. In that case, OVS needs to partially recompute the checksum +instead of offloading or calculate all of it again which would fix the +existing issue. + +The netdev can set flags indicating if the checksum is good or bad. +The checksum is considered unverified if no flag is set. + +When a packet ingress the data path with good checksum, OVS should +enable checksum offload by default. This allows the data path to +postpone checksum updates until the packet egress the data path. + +When a packet egress the data path, the packet flags and the egress +port flags are verified to make sure all required NIC offload +features to send out the packet are available. If not, the data +path will fall back to equivalent software implementation. + + +Netdev +-- + +When the netdev initiates, it should set the flags to tell the data path +which offload features are supported. For example, if the driver supports +IP checksum offloading, then netdev->ol_flags should set the flag +NETDEV_OFFLOAD_TX_IPV4_CSUM. + + +Rules +- +1) OVS should strive to forward all packets regardless of checksum. + +2) OVS must not correct a bad packet/checksum. + +3) Packet with flag DP_PACKET_OL_RX_IP_CSUM_GOOD means that the + IP checksum is present in the packet and it is good. + +4) Packet with flag DP_PACKET_OL_RX_IP_CSUM_BAD means that the + IP checksum is present in the packet and it is BAD. Extra care + should be taken to not fix the packet during data path processing. + +5) The ingress packet parser can only set DP_PACKET_OL_TX_IP_CSUM + if the packet has DP_PACKET_OL_RX_IP_CSUM_GOOD to not violate + rule #2. + +6) Packet with flag DP_PACKET_OL_TX_IPV4 is a IPv4 packet. + +7) Packet with flag DP_PACKET_OL_TX_IPV6 is a IPv6 packet. + +8) Packet with flag DP_PACKET_OL_TX_IP_CSUM tells the data path + to skip
Re: [ovs-dev] [PATCH] [openvswitch v4] openvswitch: Add support to count upcall packets
Hi,
Thank you for review! I will give a new verson of patch based on your
comments,
and i give a explanation on every comments from you, please see below!
Best reagrds!
wangchuanlei
From: Alexander Lobakin [mailto:alexandr.loba...@intel.com]
To: wangchuan...@inspur.com
> From: wangchuanlei
> Date: Wed, 23 Nov 2022 04:18:43 -0500
> Add support to count upall packets, when kmod of openvswitch upcall to
> userspace , here count the number of packets for upcall succeed and
> failed, which is a better way to see how many packets upcalled to
> userspace(ovs-vswitchd) on every interfaces.
>
> Here optimize the function used by comments of v3.
>
> Changes since v3:
> - use nested NLA_NESTED attribute in netlink message
>
> Changes since v2:
> - add count of upcall failed packets
>
> Changes since v1:
> - add count of upcall succeed packets
>
> Signed-off-by: wangchuanlei
> ---
> include/uapi/linux/openvswitch.h | 19
> net/openvswitch/datapath.c | 52
> net/openvswitch/datapath.h | 12
> net/openvswitch/vport.c | 48 +
> net/openvswitch/vport.h | 6
> 5 files changed, 137 insertions(+)
>
> diff --git a/include/uapi/linux/openvswitch.h
> b/include/uapi/linux/openvswitch.h
> index 94066f87e9ee..fa13bce15fae 100644
> --- a/include/uapi/linux/openvswitch.h
> +++ b/include/uapi/linux/openvswitch.h
> @@ -126,6 +126,11 @@ struct ovs_vport_stats {
> __u64 tx_dropped; /* no space available in linux */
> };
>
> +struct ovs_vport_upcall_stats {
> + uint64_t upcall_success; /* total packets upcalls succeed */
> + uint64_t upcall_fail; /* total packets upcalls failed */
Please no uint64_t int the UAPI headers. __u64 as above. --Yes !
> +};
> +
> /* Allow last Netlink attribute to be unaligned */
> #define OVS_DP_F_UNALIGNED (1 << 0)
>
> @@ -277,11 +282,25 @@ enum ovs_vport_attr {
> OVS_VPORT_ATTR_PAD,
> OVS_VPORT_ATTR_IFINDEX,
> OVS_VPORT_ATTR_NETNSID,
> + OVS_VPORT_ATTR_UPCALL_STATS, /* struct ovs_vport_upcall_stats */
> __OVS_VPORT_ATTR_MAX
> };
>
> #define OVS_VPORT_ATTR_MAX (__OVS_VPORT_ATTR_MAX - 1)
>
> +/**
> + * enum ovs_vport_upcall_attr - attributes for %OVS_VPORT_UPCALL*
> +commands
> + * @OVS_VPORT_UPCALL_SUCCESS: 64-bit upcall success packets.
> + * @OVS_VPORT_UPCALL_FAIL: 64-bit upcall fail packets.
> + */
> +enum ovs_vport_upcall_attr {
> + OVS_VPORT_UPCALL_SUCCESS, /* 64-bit upcall success packets */
> + OVS_VPORT_UPCALL_FAIL, /* 64-bit upcall fail packets */
> + __OVS_VPORT_UPCALL_MAX
> +};
> +
> +#define OVS_VPORT_UPCALL_MAX (__OVS_VPORT_UPCALL_MAX-1)
Spaces around arithm operator ('-'). --Yes !
> +
> enum {
> OVS_VXLAN_EXT_UNSPEC,
> OVS_VXLAN_EXT_GBP, /* Flag or __u32 */
> diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c
> index c8a9075ddd0a..5254c51cfa60 100644
> --- a/net/openvswitch/datapath.c
> +++ b/net/openvswitch/datapath.c
> @@ -209,6 +209,25 @@ static struct vport *new_vport(const struct vport_parms
> *parms)
> return vport;
> }
>
> +static void ovs_vport_upcalls(struct sk_buff *skb,
> + const struct dp_upcall_info *upcall_info,
> + bool upcall_success)
^^^
Just `bool success`? It's clear that is's about upcalls, I don't see a need to
repeat it in every argument's name.
--Yes !
> +{
> + if (upcall_info->cmd == OVS_PACKET_CMD_MISS ||
> + upcall_info->cmd == OVS_PACKET_CMD_ACTION) {
if (cmd != MISS && cmd != ACTION)
return;
Saves 1 indent level. --you are right!
> + const struct vport *p = OVS_CB(skb)->input_vport;
> + struct vport_upcall_stats_percpu *vport_stats;
> +
> + vport_stats = this_cpu_ptr(p->vport_upcall_stats_percpu);
Why make a separate structure? You can just expand dp_stats_percpu, this
function would then be just a couple lines in ovs_dp_upcall().
-- emm, beacause of this statistics based on vport, so new structure should
insert to "struct vport"
> + u64_stats_update_begin(_stats->syncp);
> + if (upcall_success)
> + u64_stats_inc(_stats->n_upcall_success);
> + else
> + u64_stats_inc(_stats->n_upcall_fail);
> + u64_stats_update_end(_stats->syncp);
> + }
> +}
> +
> void ovs_dp_detach_port(struct vport *p) {
> ASSERT_OVSL();
> @@ -216,6 +235,9 @@ void ovs_dp_detach_port(struct vport *p)
> /* First drop references to device. */
> hlist_del_rcu(>dp_hash_node);
>
> + /* Free percpu memory */
> + free_percpu(p->vport_upcall_stats_percpu);
> +
> /* Then destroy it. */
> ovs_vport_del(p);
> }
> @@ -305,6 +327,8 @@ int ovs_dp_upcall(struct datapath *dp, struct sk_buff
> *skb,
>
Re: [ovs-dev] [PATCH] [openvswitch v4] openvswitch: Add support to count upcall packets
Hi,
Thank you for review! I will give a new verson of patch based on your
comments,
and i give a explanation on every comments from you, please see below!
Best reagrds!
wangchuanlei
From: Alexander Lobakin [mailto:alexandr.loba...@intel.com]
To: wangchuan...@inspur.com
> From: wangchuanlei
> Date: Wed, 23 Nov 2022 04:18:43 -0500
> Add support to count upall packets, when kmod of openvswitch upcall to
> userspace , here count the number of packets for upcall succeed and
> failed, which is a better way to see how many packets upcalled to
> userspace(ovs-vswitchd) on every interfaces.
>
> Here optimize the function used by comments of v3.
>
> Changes since v3:
> - use nested NLA_NESTED attribute in netlink message
>
> Changes since v2:
> - add count of upcall failed packets
>
> Changes since v1:
> - add count of upcall succeed packets
>
> Signed-off-by: wangchuanlei
> ---
> include/uapi/linux/openvswitch.h | 19
> net/openvswitch/datapath.c | 52
> net/openvswitch/datapath.h | 12
> net/openvswitch/vport.c | 48 +
> net/openvswitch/vport.h | 6
> 5 files changed, 137 insertions(+)
>
> diff --git a/include/uapi/linux/openvswitch.h
> b/include/uapi/linux/openvswitch.h
> index 94066f87e9ee..fa13bce15fae 100644
> --- a/include/uapi/linux/openvswitch.h
> +++ b/include/uapi/linux/openvswitch.h
> @@ -126,6 +126,11 @@ struct ovs_vport_stats {
> __u64 tx_dropped; /* no space available in linux */
> };
>
> +struct ovs_vport_upcall_stats {
> + uint64_t upcall_success; /* total packets upcalls succeed */
> + uint64_t upcall_fail; /* total packets upcalls failed */
Please no uint64_t int the UAPI headers. __u64 as above. --Yes !
> +};
> +
> /* Allow last Netlink attribute to be unaligned */
> #define OVS_DP_F_UNALIGNED (1 << 0)
>
> @@ -277,11 +282,25 @@ enum ovs_vport_attr {
> OVS_VPORT_ATTR_PAD,
> OVS_VPORT_ATTR_IFINDEX,
> OVS_VPORT_ATTR_NETNSID,
> + OVS_VPORT_ATTR_UPCALL_STATS, /* struct ovs_vport_upcall_stats */
> __OVS_VPORT_ATTR_MAX
> };
>
> #define OVS_VPORT_ATTR_MAX (__OVS_VPORT_ATTR_MAX - 1)
>
> +/**
> + * enum ovs_vport_upcall_attr - attributes for %OVS_VPORT_UPCALL*
> +commands
> + * @OVS_VPORT_UPCALL_SUCCESS: 64-bit upcall success packets.
> + * @OVS_VPORT_UPCALL_FAIL: 64-bit upcall fail packets.
> + */
> +enum ovs_vport_upcall_attr {
> + OVS_VPORT_UPCALL_SUCCESS, /* 64-bit upcall success packets */
> + OVS_VPORT_UPCALL_FAIL, /* 64-bit upcall fail packets */
> + __OVS_VPORT_UPCALL_MAX
> +};
> +
> +#define OVS_VPORT_UPCALL_MAX (__OVS_VPORT_UPCALL_MAX-1)
Spaces around arithm operator ('-'). --Yes !
> +
> enum {
> OVS_VXLAN_EXT_UNSPEC,
> OVS_VXLAN_EXT_GBP, /* Flag or __u32 */
> diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c
> index c8a9075ddd0a..5254c51cfa60 100644
> --- a/net/openvswitch/datapath.c
> +++ b/net/openvswitch/datapath.c
> @@ -209,6 +209,25 @@ static struct vport *new_vport(const struct vport_parms
> *parms)
> return vport;
> }
>
> +static void ovs_vport_upcalls(struct sk_buff *skb,
> + const struct dp_upcall_info *upcall_info,
> + bool upcall_success)
^^^
Just `bool success`? It's clear that is's about upcalls, I don't see a need to
repeat it in every argument's name.
--Yes !
> +{
> + if (upcall_info->cmd == OVS_PACKET_CMD_MISS ||
> + upcall_info->cmd == OVS_PACKET_CMD_ACTION) {
if (cmd != MISS && cmd != ACTION)
return;
Saves 1 indent level. --you are right!
> + const struct vport *p = OVS_CB(skb)->input_vport;
> + struct vport_upcall_stats_percpu *vport_stats;
> +
> + vport_stats = this_cpu_ptr(p->vport_upcall_stats_percpu);
Why make a separate structure? You can just expand dp_stats_percpu, this
function would then be just a couple lines in ovs_dp_upcall().
-- emm, beacause of this statistics based on vport, so new structure should
insert to "struct vport"
> + u64_stats_update_begin(_stats->syncp);
> + if (upcall_success)
> + u64_stats_inc(_stats->n_upcall_success);
> + else
> + u64_stats_inc(_stats->n_upcall_fail);
> + u64_stats_update_end(_stats->syncp);
> + }
> +}
> +
> void ovs_dp_detach_port(struct vport *p) {
> ASSERT_OVSL();
> @@ -216,6 +235,9 @@ void ovs_dp_detach_port(struct vport *p)
> /* First drop references to device. */
> hlist_del_rcu(>dp_hash_node);
>
> + /* Free percpu memory */
> + free_percpu(p->vport_upcall_stats_percpu);
> +
> /* Then destroy it. */
> ovs_vport_del(p);
> }
> @@ -305,6 +327,8 @@ int ovs_dp_upcall(struct datapath *dp, struct sk_buff
> *skb,
>
[ovs-dev] [PATCH] ovs-tcpdump:Stdout is shutdown before ovs-tcpdump exit
To: d...@openvswitch.org
If there is a pipe behind ovs-tcpdump(such as ovs-tcpdump -i eth0
| grep "192.168.1.1"), the child process (grep "192.168.1.1") may
exit first and close the pipe when received SIGTERM. When farther
process(ovs-tcpdump) exit, stdout is flushed into broken pipe, and
then received a exception IOError. To avoid such problems, ovs-tcp
dump first close stdout before exit.
Signed-off-by: Songtao Zhan
---
utilities/ovs-tcpdump.in | 13 +
1 file changed, 13 insertions(+)
diff --git a/utilities/ovs-tcpdump.in b/utilities/ovs-tcpdump.in
index a49ec9f94..c8a10c727 100755
--- a/utilities/ovs-tcpdump.in
+++ b/utilities/ovs-tcpdump.in
@@ -538,6 +538,19 @@ def main():
print(data.decode('utf-8'))
raise KeyboardInterrupt
except KeyboardInterrupt:
+# If there is a pipe behind ovs-tcpdump(such as ovs-tcpdump
+# -i eth0 | grep "192.168.1.1"), the pipe is no longer available
+# after received ctrl+c
+# If we write data to an unavailable pipe, a pipe error will be
+# reported, so we turn off stdout to avoid subsequence flushing
+# of data into the pipe
+try:
+sys.stdout.close()
+# The shutdown operation brushes stdout into the pipe, so a pipe
+# error may be reported
+except IOError:
+pass
+
if pipes.poll() is None:
pipes.terminate()
--
2.31.1
zhan...@chinatelecom.cn
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v4 3/3] dpif-netdev: fix inconsistent processing between ukey and megaflow
So do we need this patch or not??
Guessing it's quite rare in the real production environment that we have
two datapaths at the same time
And I am more curious that even though we have 2 datapaths, should the port
id be different? Is one
port capable of being assigned to 2 datapaths at the same time
Because only when a port is assigned to 2 datapaths at the same time, we
should worry about this race
Eelco Chaudron 于2022年11月23日周三 23:54写道:
>
>
> On 19 Nov 2022, at 1:46, Peng He wrote:
>
> > Eelco Chaudron 于2022年11月18日周五 15:38写道:
> >
> >>
> >>
> >> On 18 Nov 2022, at 2:57, Peng He wrote:
> >>
> >>> Since there are possible race conditions (between the kernel (内核)
> >> datapath and
> >>> userspace datapath),
> >>> I guess this patch (补丁) is now needed again? But two datapath is really
> >> rare in
> >>> the real deployment.
> >>> So I am not sure if we should pay attention here.
> >>
> >> I still think we should add this, as there seem to be a decent amount of
> >> times people intermix a kernel (内核) interface with a DPDK one. For
> example,
> >> the bridge interface, which would be up to get routing (溃败) information
> for
> >> tunnels.
> >
> >
> > In this case, bridge interfaces are attached to the userspace datapath,
> it
> > will be "polled" by the main thread, and it's pmd-id is NON_PMD_CORE_ID.
> >
> > The case that race could happen is that mix using of userspace datapath
> and
> > kernel datapath. When the kernel datapath receives a upcall, it will set
> > the pmd-id to PMD_ID_NULL. Checking the code of dpif_netdev_flow_put,
> only
> > the megaflow with pmd-id equals to PMD_ID_NULL will be installed
> > into all the PMD threads.
>
> Agreed, I think this is the only case it could still happen. I could not
> find any other paths.
>
> >> //Eelco
> >>
> >>
> >>> Eelco Chaudron 于2022年10月19日周三 18:50写道:
> >>>
>
>
> On 10 Oct 2022, at 9:12, Eelco Chaudron wrote:
>
> > On 8 Oct 2022, at 5:27, Peng He wrote:
> >
> >> Hi,Eelco
> >>
> >> after a second thought, I think this patch (补丁) is not needed
> neither,
> >> the code (代码) here is trying to find a rule which cover the packet,
> >> it does not mean (意味着) the match and action of rule equals to the
> ones
> >> of the ukey.
> >>
> >> So the code (代码) here is just a prevention, no need to make it
> >> consistent
> >> with ukey.
> >>
> >> but the comments above are really misleading, so I sent a new patch
> >> (补丁)
> fixing
> >> it.
> >
> > Ack, will wait for the v5, and review.
>
> As I did not see a v5, I reviewed the v4, and assume (假设) this patch
> >> (补丁) can be
> ignored (忽略) .
>
> //Eelco
>
> >> Peng He 于2022年10月3日周一 20:41写道:
> >>
> >>> When PMDs perform upcalls, the newly generated (生成) ukey will
> replace
> >>> the old, however, the newly generated (生成) mageflow will be discard
> >>> to reuse the old one without checking if the actions of new and
> >>> old are equal.
> >>>
> >>> This code (代码) prevents in case someone runs dpctl/add-flow to add
> >>> a dp flow with inconsistent actions with the actions of ukey,
> >>> and causes more (更多) confusion (混乱) .
> >>>
> >>> Signed-off-by: Peng He
> >>> ---
> >>> lib/dpif-netdev.c | 17 -
> >>> 1 file (文件) changed, 16 insertions(+), 1 deletion(-)
> >>>
> >>> diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c
> >>> index a45b46014..b316e59ef 100644
> >>> --- a/lib/dpif-netdev.c
> >>> +++ b/lib/dpif-netdev.c
> >>> @@ -8304,7 +8304,22 @@ handle_packet_upcall(struct
> >> dp_netdev_pmd_thread
> >>> *pmd,
> >>> * to be locking revalidators out of making flow
> modifications. */
> >>> ovs_mutex_lock(>flow_mutex);
> >>> netdev_flow = dp_netdev_pmd_lookup_flow(pmd, key, NULL);
> >>> -if (OVS_LIKELY(!netdev_flow)) {
> >>> +if (OVS_UNLIKELY(netdev_flow)) {
> >>> +struct dp_netdev_actions *old_act =
> >>> +dp_netdev_flow_get_actions(netdev_flow);
> >>> +
> >>> +if ((add_actions->size != old_act->size) ||
> >>> +memcmp(old_act->actions, add_actions->data,
> >>> + add_actions->size)) {
> >>> +
> >>> + struct dp_netdev_actions *new_act =
> >>> + dp_netdev_actions_create(add_actions->data,
> >>> +add_actions->size);
> >>> +
> >>> + ovsrcu_set(_flow->actions, new_act);
> >>> + ovsrcu_postpone(dp_netdev_actions_free, old_act);
> >>> +}
> >>> +} else {
> >>> netdev_flow = dp_netdev_flow_add(pmd, , ,
> >>> add_actions->data,
> >>>
Re: [ovs-dev] [ovs-dev v5 1/3] ofproto-dpif-upcall: fix push_dp_ops
Eelco Chaudron 于2022年11月24日周四 00:08写道:
>
>
> On 22 Nov 2022, at 2:44, Peng He wrote:
>
> > Hi,
> >
> > After a second thought, I think maybe keeping INCONSISTENT just for the
> > modify (修改) error is a better option.
> >
> > With current patch (补丁) :
> > 1.
> > the modify (修改) error case:
> > OPERATIONAL -> INCONSISTENT -> EVICTING (驱逐) -> EVICTED (驱逐)
> > 2.
> > the delete error case:
> > EVICTING (驱逐) -> EVICTED (驱逐)
> >
> > Change both to INCONSISTENT:
> >
> > the modify (修改) error case:
> > did not change.
> >
> > the delete error case:
> > EVICTING (驱逐) -> INCONSISTENT -> EVICTED (驱逐) ?
> > this will make the state machine allows both INCONSISTENT -> EVICTING
> (驱逐) and
> > EVICTING (驱逐) -> INCONSISTENT transitions.
> > which I guess it's more (更多) confusing ...
> >
> > Another solution is that, drop INCONSISTENT state, if modify (修改)
> fails, just
> > changes to EVICTING (驱逐) .
> > and let the revalidate or sweep (扫) to take (采取) care of EVICTING (驱逐)
> state ukey and
> > initial (初始) another dp_ops to remove it.
> >
> > I now prefer the second solution, what do you think?
>
> Yes, the second one sounds more (更多) straightforward (直截了当) , but would it
> not cause issues with the statistics? If not we should probably go with
> this one.
The second one will also have no statistics issues.
As long as the megaflow and ukey have the same lifetime, i.e. it's
impossible that ukey is dead but megaflow is alive,
or reverse (逆向) , there are no statistics issues. So I think the second
solution (补丁) does not introduce statistics issues.
will submit a v6.
>
>
> If we run into statistics issues, which I think we will, let’s keep the
> code (代码) as in v5, but add some code comments on why the paths are
> different, i.e. to keep stats happy.
>
>
> If stats are inconsistent, we should also add a test case so further
> fixes/changes will not mess this up.
>
> > Peng He 于2022年11月22日周二 09:01写道:
> >
> >>
> >> Eelco Chaudron 于2022年11月18日周五 15:35写道:
> >>
> >>>
> >>>
> >>> On 18 Nov 2022, at 2:53, Peng He wrote:
> >>>
> Eelco Chaudron 于2022年11月16日周三 18:14写道:
>
> >
> >
> > On 6 Nov 2022, at 8:12, Peng He wrote:
> >
> >> push_dp_ops only handles delete ops errors but ignores (忽略) (忽略)
> the modify (修改)
> > (修改)
> >> ops results. It's better to handle all the dp operation errors in
> >> a consistent way.
> >>
> >> We observe in the production environment that sometimes a megaflow
> >> with wrong actions keep staying in datapath. The coverage command
> >>> shows
> >> revalidators have dumped several times, however the correct
> >> actions are not set. This implies (暗示) (暗示) that the ukey's action
> does not
> >> equal to the meagaflow's, i.e. revalidators think the underlying
> (基础) (基础)
> >> megaflow's actions are correct however they are not.
> >>
> >> We also check the megaflow using the ofproto/trace command, and the
> >> actions are not matched with the ones in the actual magaflow. By
> >> performing a revalidator/purge command, the right actions are set.
> >>
> >> This patch (补丁) (补丁) prevents the inconsistency by considering
> modify (修改) (修改)
> > failure
> >> in revalidators.
> >>
> >> To note, we cannot perform two state transitions and change
> ukey_state
> >> into UKEY_EVICTED directly here, because, if we do so, the
> >> sweep (扫) (扫) will remove the ukey alone and leave dp flow alive.
> Later,
> >>> the
> >> dump will retrieve (检索) (检索) the dp flow and might even recover it.
> This
> >>> will
> >> contribute the stats of this dp flow twice.
> >>
> >> Signed-off-by: Peng He
> >
> > Hi Peng,
> >
> > Thanks for looking at the statistics part, see some comments inline!
> >
> > In addition, I already acked patch (补丁) (补丁) 2 out of this series,
> but it
> > mentions patch (补丁) x/3, but I do not see patch 3 in this series. Is
> this
> > missing? Or are there only two patches (补丁) (补丁) left?
>
>
> there are only two patches (补丁) . the third one is about the race
> comments,
> >>> which
> is not in this patchset.
> I guess I made some mistake.
>
>
> >
> >
> > Cheers,
> >
> > Eelco
> >
> >
> >> ---
> >> ofproto/ofproto-dpif-upcall.c | 39
> >>> ++-
> >> 1 file (文件) (文件) changed, 25 insertions(+), 14 deletions(-)
> >>
> >> diff --git a/ofproto/ofproto-dpif-upcall.c
> > b/ofproto/ofproto-dpif-upcall.c
> >> index 7ad728adf..a7970fa9b 100644
> >> --- a/ofproto/ofproto-dpif-upcall.c
> >> +++ b/ofproto/ofproto-dpif-upcall.c
> >> @@ -254,6 +254,7 @@ enum ukey_state {
> >> UKEY_CREATED = 0,
> >> UKEY_VISIBLE, /* Ukey is in umap, datapath flow install
> (安装)
> >>> (安装)
> > is queued (队列) (队列) . */
> >> UKEY_OPERATIONAL, /* Ukey is in umap, datapath flow is
> >>> installed (安装)
> >
Re: [ovs-dev] [PATCH] flow: Consistent VXLAN UDP src ports for fragmented packets
On 11/4/22 14:43, Hemanth Aramadaka via dev wrote:
> Issue:
>
> The src-port for UDP is based on RSS hash in the packet metadata.
> In case of packets coming from VM it will be 5-tuple, if available,
> otherwise just IP addresses.If the VM fragments a large IP packet
> and sends the fragments to ovs, only the first fragment will contain
> the L4 header. Therefore, the first fragment and subsequent fragments
> get different UDP src ports in the outgoing VXLAN header.This can
> lead to fragment re-ordering in the fabric as packet will take
> different paths.
>
> Fix:
>
> Intention of this is to avoid fragment packets taking different paths.
> For example, due to presence of firewalls, fragment packets will take
> different paths and will get dropped.To avoid this we ignore the L4
> header during hash calculation only in the case of fragmented packets.
>
> Signed-off-by: Hemanth Aramadaka
This patch still fails the basic compilation. Please, test your
patches before sending them. See some basic information here:
https://docs.openvswitch.org/en/latest/internals/contributing/submitting-patches/
> ---
> lib/flow.c | 20 +---
> 1 file changed, 17 insertions(+), 3 deletions(-)
>
> diff --git a/lib/flow.c b/lib/flow.c
> index c3a3aa3ce..20cca5937 100644
> --- a/lib/flow.c
> +++ b/lib/flow.c
> @@ -1018,7 +1018,9 @@ miniflow_extract(struct dp_packet *packet, struct
> miniflow *dst)
> miniflow_push_be16(mf, ct_tp_src, ct_tp_src);
> miniflow_push_be16(mf, ct_tp_dst, ct_tp_dst);
> if (dl_type == htons(ETH_TYPE_IP)) {
> -dp_packet_update_rss_hash_ipv4_tcp_udp(packet);
> +if (!(nw_frag & FLOW_NW_FRAG_MASK)) {
> +dp_packet_update_rss_hash_ipv4_tcp_udp(packet);
> +}
> } else if (dl_type == htons(ETH_TYPE_IPV6)) {
> dp_packet_update_rss_hash_ipv6_tcp_udp(packet);
> }
> @@ -1033,7 +1035,9 @@ miniflow_extract(struct dp_packet *packet, struct
> miniflow *dst)
> miniflow_push_be16(mf, ct_tp_src, ct_tp_src);
> miniflow_push_be16(mf, ct_tp_dst, ct_tp_dst);
> if (dl_type == htons(ETH_TYPE_IP)) {
> -dp_packet_update_rss_hash_ipv4_tcp_udp(packet);
> +if (!(nw_frag & FLOW_NW_FRAG_MASK)) {
> +dp_packet_update_rss_hash_ipv4_tcp_udp(packet);
> +}
> } else if (dl_type == htons(ETH_TYPE_IPV6)) {
> dp_packet_update_rss_hash_ipv6_tcp_udp(packet);
> }
> @@ -2248,7 +2252,7 @@ miniflow_hash_5tuple(const struct miniflow *flow,
> uint32_t basis)
>
> if (flow) {
> ovs_be16 dl_type = MINIFLOW_GET_BE16(flow, dl_type);
> -uint8_t nw_proto;
> +uint8_t nw_proto, nw_frag;
>
> if (dl_type == htons(ETH_TYPE_IPV6)) {
> struct flowmap map = FLOWMAP_EMPTY_INITIALIZER;
> @@ -2270,6 +2274,11 @@ miniflow_hash_5tuple(const struct miniflow *flow,
> uint32_t basis)
>
> nw_proto = MINIFLOW_GET_U8(flow, nw_proto);
> hash = hash_add(hash, nw_proto);
> +
> +nw_frag = MINIFLOW_GET_U8(flow, nw_frag);
> +if (nw_frag & FLOW_NW_FRAG_MASK) {
> +goto out;
> +}
> if (nw_proto != IPPROTO_TCP && nw_proto != IPPROTO_UDP
> && nw_proto != IPPROTO_SCTP && nw_proto != IPPROTO_ICMP
> && nw_proto != IPPROTO_ICMPV6) {
> @@ -2292,6 +2301,7 @@ flow_hash_5tuple(const struct flow *flow, uint32_t
> basis)
> {
> BUILD_ASSERT_DECL(FLOW_WC_SEQ == 42);
> uint32_t hash = basis;
> +uint8_t nw_frag;
>
> if (flow) {
>
> @@ -2312,6 +2322,10 @@ flow_hash_5tuple(const struct flow *flow, uint32_t
> basis)
> }
>
> hash = hash_add(hash, flow->nw_proto);
> +nw_frag = MINIFLOW_GET_U8(flow, nw_frag);
> +if (nw_frag & FLOW_NW_FRAG_MASK) {
> +goto out;
> +}
> if (flow->nw_proto != IPPROTO_TCP && flow->nw_proto != IPPROTO_UDP
> && flow->nw_proto != IPPROTO_SCTP && flow->nw_proto !=
> IPPROTO_ICMP
> && flow->nw_proto != IPPROTO_ICMPV6) {
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCHv2 net-next 5/5] net: move the nat function to nf_nat_ovs for ovs and tc
On Wed, Nov 23, 2022 at 4:21 PM Marcelo Ricardo Leitner
wrote:
>
> On Wed, Nov 23, 2022 at 02:55:05PM -0500, Xin Long wrote:
> > On Wed, Nov 23, 2022 at 2:17 PM Marcelo Ricardo Leitner
> > wrote:
> > >
> > > On Wed, Nov 23, 2022 at 01:54:41PM -0500, Xin Long wrote:
> > > > On Wed, Nov 23, 2022 at 1:48 PM Marcelo Ricardo Leitner
> > > > wrote:
> > > > >
> > > > > On Wed, Nov 23, 2022 at 12:31:38PM -0500, Xin Long wrote:
> > > > > > On Wed, Nov 23, 2022 at 10:13 AM Marcelo Ricardo Leitner
> > > > > > wrote:
> > > > > > >
> > > > > > > On Wed, Nov 23, 2022 at 12:09:55PM -0300, Marcelo Ricardo Leitner
> > > > > > > wrote:
> > > > > > > > On Tue, Nov 22, 2022 at 12:32:21PM -0500, Xin Long wrote:
> > > > > > > > > +int nf_ct_nat(struct sk_buff *skb, struct nf_conn *ct,
> > > > > > > > > + enum ip_conntrack_info ctinfo, int *action,
> > > > > > > > > + const struct nf_nat_range2 *range, bool commit)
> > > > > > > > > +{
> > > > > > > > > + enum nf_nat_manip_type maniptype;
> > > > > > > > > + int err, ct_action = *action;
> > > > > > > > > +
> > > > > > > > > + *action = 0;
> > > > > > > > > +
> > > > > > > > > + /* Add NAT extension if not confirmed yet. */
> > > > > > > > > + if (!nf_ct_is_confirmed(ct) && !nf_ct_nat_ext_add(ct))
> > > > > > > > > + return NF_ACCEPT; /* Can't NAT. */
> > > > > > > > > +
> > > > > > > > > + if (ctinfo != IP_CT_NEW && (ct->status & IPS_NAT_MASK) &&
> > > > > > > > > + (ctinfo != IP_CT_RELATED || commit)) {
> > > > > > > > > + /* NAT an established or related connection like
> > > > > > > > > before. */
> > > > > > > > > + if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY)
> > > > > > > > > + /* This is the REPLY direction for a
> > > > > > > > > connection
> > > > > > > > > +* for which NAT was applied in the
> > > > > > > > > forward
> > > > > > > > > +* direction. Do the reverse NAT.
> > > > > > > > > +*/
> > > > > > > > > + maniptype = ct->status & IPS_SRC_NAT
> > > > > > > > > + ? NF_NAT_MANIP_DST :
> > > > > > > > > NF_NAT_MANIP_SRC;
> > > > > > > > > + else
> > > > > > > > > + maniptype = ct->status & IPS_SRC_NAT
> > > > > > > > > + ? NF_NAT_MANIP_SRC :
> > > > > > > > > NF_NAT_MANIP_DST;
> > > > > > > > > + } else if (ct_action & (1 << NF_NAT_MANIP_SRC)) {
> > > > > > > > > + maniptype = NF_NAT_MANIP_SRC;
> > > > > > > > > + } else if (ct_action & (1 << NF_NAT_MANIP_DST)) {
> > > > > > > > > + maniptype = NF_NAT_MANIP_DST;
> > > > > > > > > + } else {
> > > > > > > > > + return NF_ACCEPT;
> > > > > > > > > + }
> > > > > > > > > +
> > > > > > > > > + err = nf_ct_nat_execute(skb, ct, ctinfo, action, range,
> > > > > > > > > maniptype);
> > > > > > > > > + if (err == NF_ACCEPT && ct->status & IPS_DST_NAT) {
> > > > > > > > > + if (ct->status & IPS_SRC_NAT) {
> > > > > > > > > + if (maniptype == NF_NAT_MANIP_SRC)
> > > > > > > > > + maniptype = NF_NAT_MANIP_DST;
> > > > > > > > > + else
> > > > > > > > > + maniptype = NF_NAT_MANIP_SRC;
> > > > > > > > > +
> > > > > > > > > + err = nf_ct_nat_execute(skb, ct, ctinfo,
> > > > > > > > > action, range,
> > > > > > > > > + maniptype);
> > > > > > > > > + } else if (CTINFO2DIR(ctinfo) ==
> > > > > > > > > IP_CT_DIR_ORIGINAL) {
> > > > > > > > > + err = nf_ct_nat_execute(skb, ct, ctinfo,
> > > > > > > > > action, NULL,
> > > > > > > > > + NF_NAT_MANIP_SRC);
> > > > > > > > > + }
> > > > > > > > > + }
> > > > > > > > > + return err;
> > > > > > > > > +}
> > > > > > > > > +EXPORT_SYMBOL_GPL(nf_ct_nat);
> > > > > > > > > diff --git a/net/openvswitch/conntrack.c
> > > > > > > > > b/net/openvswitch/conntrack.c
> > > > > > > > > index cc643a556ea1..d03c75165663 100644
> > > > > > > > > --- a/net/openvswitch/conntrack.c
> > > > > > > > > +++ b/net/openvswitch/conntrack.c
> > > > > > > > > @@ -726,144 +726,27 @@ static void ovs_nat_update_key(struct
> > > > > > > > > sw_flow_key *key,
> > > > > > > > > }
> > > > > > > > > }
> > > > > > > > >
> > > > > > > > > -/* Modelled after nf_nat_ipv[46]_fn().
> > > > > > > > > - * range is only used for new, uninitialized NAT state.
> > > > > > > > > - * Returns either NF_ACCEPT or NF_DROP.
> > > > > > > > > - */
> > > > > > > > > -static int ovs_ct_nat_execute(struct sk_buff *skb, struct
> > > > > > > > > nf_conn *ct,
> > > > > > > > > - enum ip_conntrack_info ctinfo,
> > > > > > > > > - const struct nf_nat_range2 *range,
> > > > > > > > > - enum nf_nat_manip_type maniptype,
> > > > > > > > > struct
[ovs-dev] [PATCH v2] learn: Fix parsing immediate value for a field match.
The value is right-justified after the string parsing with
parse_int_string(), i.e. it is in BE byte order and aligned
to the right side of the array.
For example, the 0x10011 value in a 4-byte field will look
like 0x00 0x01 0x00 0x11.
However, value copy to the resulted ofpact is performed
from the start of the memory. So, in case the destination
size is smaller than the original field size, incorrect
part of the value will be copied.
In the 0x00 0x01 0x00 0x11 example above, if the copy is
performed to a 3-byte field, the first 3 bytes will be
copied, which are 0x00 0x01 0x00 instead of 0x01 0x00 0x11.
This leads to a problem where NXM_NX_REG3[0..16]=0x10011
turns into NXM_NX_REG3[0..16]=0x100 after the parsing.
Fix that by offsetting the starting position to the size
difference in bytes similarly to how it is done in
learn_parse_load_immediate().
While at it, changing to imm.b in function calls that
expect byte arrays as an argument. The old way is technically
correct, but more error prone.
The mf_write_subfield_value() call was also incorrect.
However, the 'match' variable is actually not used for
anything since checking removal in commit:
dd43a558597b ("Do not perform validation in learn_parse();")
So, just removing the call and the 'match' variable
entirely instead of fixing it.
Fixes: 21b2fa617126 ("ofp-parse: Allow match field names in actions and
brackets in matches.")
Reported-at:
https://mail.openvswitch.org/pipermail/ovs-discuss/2022-November/052100.html
Reported-by: Thomas Lee
Signed-off-by: Ilya Maximets
---
Version 2:
- Switch from using byte arithmetic on a union mf_value address
to the byte array inside of it. This makes a code a bit more
clear and easier to read.
- Removed the incorrect call to mf_write_subfield_value() along
with the unused 'match' variable.
lib/learn.c| 18 +++---
tests/learn.at | 4 ++--
2 files changed, 9 insertions(+), 13 deletions(-)
diff --git a/lib/learn.c b/lib/learn.c
index a40209ec0..a62add2fd 100644
--- a/lib/learn.c
+++ b/lib/learn.c
@@ -241,7 +241,7 @@ static char * OVS_WARN_UNUSED_RESULT
learn_parse_spec(const char *orig, char *name, char *value,
const struct ofputil_port_map *port_map,
struct ofpact_learn_spec *spec,
- struct ofpbuf *ofpacts, struct match *match)
+ struct ofpbuf *ofpacts)
{
/* Parse destination and check prerequisites. */
struct mf_subfield dst;
@@ -275,14 +275,14 @@ learn_parse_spec(const char *orig, char *name, char
*value,
} else {
char *tail;
/* Partial field value. */
-if (parse_int_string(value, (uint8_t *),
+if (parse_int_string(value, imm.b,
dst.field->n_bytes, )
|| *tail != 0) {
imm_error = xasprintf("%s: cannot parse integer
value", orig);
}
if (!imm_error &&
-!bitwise_is_all_zeros(, dst.field->n_bytes,
+!bitwise_is_all_zeros(imm.b, dst.field->n_bytes,
dst.n_bits,
dst.field->n_bytes * 8 -
dst.n_bits)) {
struct ds ds;
@@ -304,15 +304,13 @@ learn_parse_spec(const char *orig, char *name, char
*value,
spec->src_type = NX_LEARN_SRC_IMMEDIATE;
-/* Update 'match' to allow for satisfying destination
- * prerequisites. */
-mf_write_subfield_value(, , match);
-
/* Push value last, as this may reallocate 'spec'! */
unsigned int imm_bytes = DIV_ROUND_UP(dst.n_bits, 8);
uint8_t *src_imm = ofpbuf_put_zeros(ofpacts,
OFPACT_ALIGN(imm_bytes));
-memcpy(src_imm, , imm_bytes);
+
+memcpy(src_imm, [dst.field->n_bytes - imm_bytes],
+ imm_bytes);
free(error);
return NULL;
@@ -391,7 +389,6 @@ learn_parse__(char *orig, char *arg, const struct
ofputil_port_map *port_map,
struct ofpbuf *ofpacts)
{
struct ofpact_learn *learn;
-struct match match;
char *name, *value;
learn = ofpact_put_LEARN(ofpacts);
@@ -400,7 +397,6 @@ learn_parse__(char *orig, char *arg, const struct
ofputil_port_map *port_map,
learn->priority = OFP_DEFAULT_PRIORITY;
learn->table_id = 1;
-match_init_catchall();
while (ofputil_parse_key_value(, , )) {
if (!strcmp(name, "table")) {
if (!ofputil_table_from_string(value, table_map,
@@ -448,7 +444,7 @@ learn_parse__(char *orig, char *arg, const struct
ofputil_port_map *port_map,
spec = ofpbuf_put_zeros(ofpacts, sizeof *spec);
error =
Re: [ovs-dev] [RFC net-next 1/6] openvswitch: exclude kernel flow key from upcalls
On 11/22/22 15:03, Aaron Conole wrote: > When processing upcall commands, two groups of data are available to > userspace for processing: the actual packet data and the kernel > sw flow key data. The inclusion of the flow key allows the userspace > avoid running through the dissection again. > > However, the userspace can choose to ignore the flow key data, as is > the case in some ovs-vswitchd upcall processing. For these messages, > having the flow key data merely adds additional data to the upcall > pipeline without any actual gain. Userspace simply throws the data > away anyway. Hi, Aaron. While it's true that OVS in userpsace is re-parsing the packet from scratch and using the newly parsed key for the OpenFlow translation, the kernel-porvided key is still used in a few important places. Mainly for the compatibility checking. The use is described here in more details: https://docs.kernel.org/networking/openvswitch.html#flow-key-compatibility We need to compare the key generated in userspace with the key generated by the kernel to know if it's safe to install the new flow to the kernel, i.e. if the kernel and OVS userpsace are parsing the packet in the same way. On the other hand, OVS today doesn't check the data, it only checks which fields are present. So, if we can generate and pass the bitmap of fields present in the key or something similar without sending the full key, that might still save some CPU cycles and memory in the socket buffer while preserving the ability to check for forward and backward compatibility. What do you think? The rest of the patch set seems useful even without patch #1 though. Nit: This patch #1 should probably be merged with the patch #6 and be at the end of a patch set, so the selftest and the main code are updated at the same time. Best regards, Ilya Maximets. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCHv2 net-next 5/5] net: move the nat function to nf_nat_ovs for ovs and tc
On Wed, Nov 23, 2022 at 02:55:05PM -0500, Xin Long wrote:
> On Wed, Nov 23, 2022 at 2:17 PM Marcelo Ricardo Leitner
> wrote:
> >
> > On Wed, Nov 23, 2022 at 01:54:41PM -0500, Xin Long wrote:
> > > On Wed, Nov 23, 2022 at 1:48 PM Marcelo Ricardo Leitner
> > > wrote:
> > > >
> > > > On Wed, Nov 23, 2022 at 12:31:38PM -0500, Xin Long wrote:
> > > > > On Wed, Nov 23, 2022 at 10:13 AM Marcelo Ricardo Leitner
> > > > > wrote:
> > > > > >
> > > > > > On Wed, Nov 23, 2022 at 12:09:55PM -0300, Marcelo Ricardo Leitner
> > > > > > wrote:
> > > > > > > On Tue, Nov 22, 2022 at 12:32:21PM -0500, Xin Long wrote:
> > > > > > > > +int nf_ct_nat(struct sk_buff *skb, struct nf_conn *ct,
> > > > > > > > + enum ip_conntrack_info ctinfo, int *action,
> > > > > > > > + const struct nf_nat_range2 *range, bool commit)
> > > > > > > > +{
> > > > > > > > + enum nf_nat_manip_type maniptype;
> > > > > > > > + int err, ct_action = *action;
> > > > > > > > +
> > > > > > > > + *action = 0;
> > > > > > > > +
> > > > > > > > + /* Add NAT extension if not confirmed yet. */
> > > > > > > > + if (!nf_ct_is_confirmed(ct) && !nf_ct_nat_ext_add(ct))
> > > > > > > > + return NF_ACCEPT; /* Can't NAT. */
> > > > > > > > +
> > > > > > > > + if (ctinfo != IP_CT_NEW && (ct->status & IPS_NAT_MASK) &&
> > > > > > > > + (ctinfo != IP_CT_RELATED || commit)) {
> > > > > > > > + /* NAT an established or related connection like
> > > > > > > > before. */
> > > > > > > > + if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY)
> > > > > > > > + /* This is the REPLY direction for a
> > > > > > > > connection
> > > > > > > > +* for which NAT was applied in the forward
> > > > > > > > +* direction. Do the reverse NAT.
> > > > > > > > +*/
> > > > > > > > + maniptype = ct->status & IPS_SRC_NAT
> > > > > > > > + ? NF_NAT_MANIP_DST :
> > > > > > > > NF_NAT_MANIP_SRC;
> > > > > > > > + else
> > > > > > > > + maniptype = ct->status & IPS_SRC_NAT
> > > > > > > > + ? NF_NAT_MANIP_SRC :
> > > > > > > > NF_NAT_MANIP_DST;
> > > > > > > > + } else if (ct_action & (1 << NF_NAT_MANIP_SRC)) {
> > > > > > > > + maniptype = NF_NAT_MANIP_SRC;
> > > > > > > > + } else if (ct_action & (1 << NF_NAT_MANIP_DST)) {
> > > > > > > > + maniptype = NF_NAT_MANIP_DST;
> > > > > > > > + } else {
> > > > > > > > + return NF_ACCEPT;
> > > > > > > > + }
> > > > > > > > +
> > > > > > > > + err = nf_ct_nat_execute(skb, ct, ctinfo, action, range,
> > > > > > > > maniptype);
> > > > > > > > + if (err == NF_ACCEPT && ct->status & IPS_DST_NAT) {
> > > > > > > > + if (ct->status & IPS_SRC_NAT) {
> > > > > > > > + if (maniptype == NF_NAT_MANIP_SRC)
> > > > > > > > + maniptype = NF_NAT_MANIP_DST;
> > > > > > > > + else
> > > > > > > > + maniptype = NF_NAT_MANIP_SRC;
> > > > > > > > +
> > > > > > > > + err = nf_ct_nat_execute(skb, ct, ctinfo,
> > > > > > > > action, range,
> > > > > > > > + maniptype);
> > > > > > > > + } else if (CTINFO2DIR(ctinfo) ==
> > > > > > > > IP_CT_DIR_ORIGINAL) {
> > > > > > > > + err = nf_ct_nat_execute(skb, ct, ctinfo,
> > > > > > > > action, NULL,
> > > > > > > > + NF_NAT_MANIP_SRC);
> > > > > > > > + }
> > > > > > > > + }
> > > > > > > > + return err;
> > > > > > > > +}
> > > > > > > > +EXPORT_SYMBOL_GPL(nf_ct_nat);
> > > > > > > > diff --git a/net/openvswitch/conntrack.c
> > > > > > > > b/net/openvswitch/conntrack.c
> > > > > > > > index cc643a556ea1..d03c75165663 100644
> > > > > > > > --- a/net/openvswitch/conntrack.c
> > > > > > > > +++ b/net/openvswitch/conntrack.c
> > > > > > > > @@ -726,144 +726,27 @@ static void ovs_nat_update_key(struct
> > > > > > > > sw_flow_key *key,
> > > > > > > > }
> > > > > > > > }
> > > > > > > >
> > > > > > > > -/* Modelled after nf_nat_ipv[46]_fn().
> > > > > > > > - * range is only used for new, uninitialized NAT state.
> > > > > > > > - * Returns either NF_ACCEPT or NF_DROP.
> > > > > > > > - */
> > > > > > > > -static int ovs_ct_nat_execute(struct sk_buff *skb, struct
> > > > > > > > nf_conn *ct,
> > > > > > > > - enum ip_conntrack_info ctinfo,
> > > > > > > > - const struct nf_nat_range2 *range,
> > > > > > > > - enum nf_nat_manip_type maniptype,
> > > > > > > > struct sw_flow_key *key)
> > > > > > > > -{
> > > > > > > > - int hooknum, err = NF_ACCEPT;
> > > > > > > > -
> > > > > > > > - /* See HOOK2MANIP(). */
> > > > > > > > - if (maniptype == NF_NAT_MANIP_SRC)
> > > > > > > > - hooknum = NF_INET_LOCAL_IN; /* Source NAT
Re: [ovs-dev] [PATCHv2 net-next 5/5] net: move the nat function to nf_nat_ovs for ovs and tc
On Wed, Nov 23, 2022 at 2:17 PM Marcelo Ricardo Leitner
wrote:
>
> On Wed, Nov 23, 2022 at 01:54:41PM -0500, Xin Long wrote:
> > On Wed, Nov 23, 2022 at 1:48 PM Marcelo Ricardo Leitner
> > wrote:
> > >
> > > On Wed, Nov 23, 2022 at 12:31:38PM -0500, Xin Long wrote:
> > > > On Wed, Nov 23, 2022 at 10:13 AM Marcelo Ricardo Leitner
> > > > wrote:
> > > > >
> > > > > On Wed, Nov 23, 2022 at 12:09:55PM -0300, Marcelo Ricardo Leitner
> > > > > wrote:
> > > > > > On Tue, Nov 22, 2022 at 12:32:21PM -0500, Xin Long wrote:
> > > > > > > +int nf_ct_nat(struct sk_buff *skb, struct nf_conn *ct,
> > > > > > > + enum ip_conntrack_info ctinfo, int *action,
> > > > > > > + const struct nf_nat_range2 *range, bool commit)
> > > > > > > +{
> > > > > > > + enum nf_nat_manip_type maniptype;
> > > > > > > + int err, ct_action = *action;
> > > > > > > +
> > > > > > > + *action = 0;
> > > > > > > +
> > > > > > > + /* Add NAT extension if not confirmed yet. */
> > > > > > > + if (!nf_ct_is_confirmed(ct) && !nf_ct_nat_ext_add(ct))
> > > > > > > + return NF_ACCEPT; /* Can't NAT. */
> > > > > > > +
> > > > > > > + if (ctinfo != IP_CT_NEW && (ct->status & IPS_NAT_MASK) &&
> > > > > > > + (ctinfo != IP_CT_RELATED || commit)) {
> > > > > > > + /* NAT an established or related connection like
> > > > > > > before. */
> > > > > > > + if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY)
> > > > > > > + /* This is the REPLY direction for a
> > > > > > > connection
> > > > > > > +* for which NAT was applied in the forward
> > > > > > > +* direction. Do the reverse NAT.
> > > > > > > +*/
> > > > > > > + maniptype = ct->status & IPS_SRC_NAT
> > > > > > > + ? NF_NAT_MANIP_DST : NF_NAT_MANIP_SRC;
> > > > > > > + else
> > > > > > > + maniptype = ct->status & IPS_SRC_NAT
> > > > > > > + ? NF_NAT_MANIP_SRC : NF_NAT_MANIP_DST;
> > > > > > > + } else if (ct_action & (1 << NF_NAT_MANIP_SRC)) {
> > > > > > > + maniptype = NF_NAT_MANIP_SRC;
> > > > > > > + } else if (ct_action & (1 << NF_NAT_MANIP_DST)) {
> > > > > > > + maniptype = NF_NAT_MANIP_DST;
> > > > > > > + } else {
> > > > > > > + return NF_ACCEPT;
> > > > > > > + }
> > > > > > > +
> > > > > > > + err = nf_ct_nat_execute(skb, ct, ctinfo, action, range,
> > > > > > > maniptype);
> > > > > > > + if (err == NF_ACCEPT && ct->status & IPS_DST_NAT) {
> > > > > > > + if (ct->status & IPS_SRC_NAT) {
> > > > > > > + if (maniptype == NF_NAT_MANIP_SRC)
> > > > > > > + maniptype = NF_NAT_MANIP_DST;
> > > > > > > + else
> > > > > > > + maniptype = NF_NAT_MANIP_SRC;
> > > > > > > +
> > > > > > > + err = nf_ct_nat_execute(skb, ct, ctinfo,
> > > > > > > action, range,
> > > > > > > + maniptype);
> > > > > > > + } else if (CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL) {
> > > > > > > + err = nf_ct_nat_execute(skb, ct, ctinfo,
> > > > > > > action, NULL,
> > > > > > > + NF_NAT_MANIP_SRC);
> > > > > > > + }
> > > > > > > + }
> > > > > > > + return err;
> > > > > > > +}
> > > > > > > +EXPORT_SYMBOL_GPL(nf_ct_nat);
> > > > > > > diff --git a/net/openvswitch/conntrack.c
> > > > > > > b/net/openvswitch/conntrack.c
> > > > > > > index cc643a556ea1..d03c75165663 100644
> > > > > > > --- a/net/openvswitch/conntrack.c
> > > > > > > +++ b/net/openvswitch/conntrack.c
> > > > > > > @@ -726,144 +726,27 @@ static void ovs_nat_update_key(struct
> > > > > > > sw_flow_key *key,
> > > > > > > }
> > > > > > > }
> > > > > > >
> > > > > > > -/* Modelled after nf_nat_ipv[46]_fn().
> > > > > > > - * range is only used for new, uninitialized NAT state.
> > > > > > > - * Returns either NF_ACCEPT or NF_DROP.
> > > > > > > - */
> > > > > > > -static int ovs_ct_nat_execute(struct sk_buff *skb, struct
> > > > > > > nf_conn *ct,
> > > > > > > - enum ip_conntrack_info ctinfo,
> > > > > > > - const struct nf_nat_range2 *range,
> > > > > > > - enum nf_nat_manip_type maniptype,
> > > > > > > struct sw_flow_key *key)
> > > > > > > -{
> > > > > > > - int hooknum, err = NF_ACCEPT;
> > > > > > > -
> > > > > > > - /* See HOOK2MANIP(). */
> > > > > > > - if (maniptype == NF_NAT_MANIP_SRC)
> > > > > > > - hooknum = NF_INET_LOCAL_IN; /* Source NAT */
> > > > > > > - else
> > > > > > > - hooknum = NF_INET_LOCAL_OUT; /* Destination NAT */
> > > > > > > -
> > > > > > > - switch (ctinfo) {
> > > > > > > - case IP_CT_RELATED:
> > > > > > > - case IP_CT_RELATED_REPLY:
> > > > > > > - if (IS_ENABLED(CONFIG_NF_NAT) &&
> > > >
Re: [ovs-dev] [PATCH] [openvswitch v4] openvswitch: Add support to count upcall packets
From: wangchuanlei
Date: Wed, 23 Nov 2022 04:18:43 -0500
> Add support to count upall packets, when kmod of openvswitch
> upcall to userspace , here count the number of packets for
> upcall succeed and failed, which is a better way to see how
> many packets upcalled to userspace(ovs-vswitchd) on every
> interfaces.
>
> Here optimize the function used by comments of v3.
>
> Changes since v3:
> - use nested NLA_NESTED attribute in netlink message
>
> Changes since v2:
> - add count of upcall failed packets
>
> Changes since v1:
> - add count of upcall succeed packets
>
> Signed-off-by: wangchuanlei
> ---
> include/uapi/linux/openvswitch.h | 19
> net/openvswitch/datapath.c | 52
> net/openvswitch/datapath.h | 12
> net/openvswitch/vport.c | 48 +
> net/openvswitch/vport.h | 6
> 5 files changed, 137 insertions(+)
>
> diff --git a/include/uapi/linux/openvswitch.h
> b/include/uapi/linux/openvswitch.h
> index 94066f87e9ee..fa13bce15fae 100644
> --- a/include/uapi/linux/openvswitch.h
> +++ b/include/uapi/linux/openvswitch.h
> @@ -126,6 +126,11 @@ struct ovs_vport_stats {
> __u64 tx_dropped; /* no space available in linux */
> };
>
> +struct ovs_vport_upcall_stats {
> + uint64_t upcall_success; /* total packets upcalls succeed */
> + uint64_t upcall_fail; /* total packets upcalls failed */
Please no uint64_t int the UAPI headers. __u64 as above.
> +};
> +
> /* Allow last Netlink attribute to be unaligned */
> #define OVS_DP_F_UNALIGNED (1 << 0)
>
> @@ -277,11 +282,25 @@ enum ovs_vport_attr {
> OVS_VPORT_ATTR_PAD,
> OVS_VPORT_ATTR_IFINDEX,
> OVS_VPORT_ATTR_NETNSID,
> + OVS_VPORT_ATTR_UPCALL_STATS, /* struct ovs_vport_upcall_stats */
> __OVS_VPORT_ATTR_MAX
> };
>
> #define OVS_VPORT_ATTR_MAX (__OVS_VPORT_ATTR_MAX - 1)
>
> +/**
> + * enum ovs_vport_upcall_attr - attributes for %OVS_VPORT_UPCALL* commands
> + * @OVS_VPORT_UPCALL_SUCCESS: 64-bit upcall success packets.
> + * @OVS_VPORT_UPCALL_FAIL: 64-bit upcall fail packets.
> + */
> +enum ovs_vport_upcall_attr {
> + OVS_VPORT_UPCALL_SUCCESS, /* 64-bit upcall success packets */
> + OVS_VPORT_UPCALL_FAIL, /* 64-bit upcall fail packets */
> + __OVS_VPORT_UPCALL_MAX
> +};
> +
> +#define OVS_VPORT_UPCALL_MAX (__OVS_VPORT_UPCALL_MAX-1)
Spaces around arithm operator ('-').
> +
> enum {
> OVS_VXLAN_EXT_UNSPEC,
> OVS_VXLAN_EXT_GBP, /* Flag or __u32 */
> diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c
> index c8a9075ddd0a..5254c51cfa60 100644
> --- a/net/openvswitch/datapath.c
> +++ b/net/openvswitch/datapath.c
> @@ -209,6 +209,25 @@ static struct vport *new_vport(const struct vport_parms
> *parms)
> return vport;
> }
>
> +static void ovs_vport_upcalls(struct sk_buff *skb,
> + const struct dp_upcall_info *upcall_info,
> + bool upcall_success)
^^^
Just `bool success`? It's clear that is's about upcalls, I don't see
a need to repeat it in every argument's name.
> +{
> + if (upcall_info->cmd == OVS_PACKET_CMD_MISS ||
> + upcall_info->cmd == OVS_PACKET_CMD_ACTION) {
if (cmd != MISS && cmd != ACTION)
return;
Saves 1 indent level.
> + const struct vport *p = OVS_CB(skb)->input_vport;
> + struct vport_upcall_stats_percpu *vport_stats;
> +
> + vport_stats = this_cpu_ptr(p->vport_upcall_stats_percpu);
Why make a separate structure? You can just expand dp_stats_percpu,
this function would then be just a couple lines in ovs_dp_upcall().
> + u64_stats_update_begin(_stats->syncp);
> + if (upcall_success)
> + u64_stats_inc(_stats->n_upcall_success);
> + else
> + u64_stats_inc(_stats->n_upcall_fail);
> + u64_stats_update_end(_stats->syncp);
> + }
> +}
> +
> void ovs_dp_detach_port(struct vport *p)
> {
> ASSERT_OVSL();
> @@ -216,6 +235,9 @@ void ovs_dp_detach_port(struct vport *p)
> /* First drop references to device. */
> hlist_del_rcu(>dp_hash_node);
>
> + /* Free percpu memory */
> + free_percpu(p->vport_upcall_stats_percpu);
> +
> /* Then destroy it. */
> ovs_vport_del(p);
> }
> @@ -305,6 +327,8 @@ int ovs_dp_upcall(struct datapath *dp, struct sk_buff
> *skb,
> err = queue_userspace_packet(dp, skb, key, upcall_info, cutlen);
> else
> err = queue_gso_packets(dp, skb, key, upcall_info, cutlen);
> +
> + ovs_vport_upcalls(skb, upcall_info, !err);
> if (err)
> goto err;
Also, as you may see, your ::upcall_fail counter will be always
exactly the same as stats->n_lost. So there's no point introducing
a new one.
However, you can expand the structure
Re: [ovs-dev] [PATCHv2 net-next 5/5] net: move the nat function to nf_nat_ovs for ovs and tc
On Wed, Nov 23, 2022 at 01:54:41PM -0500, Xin Long wrote:
> On Wed, Nov 23, 2022 at 1:48 PM Marcelo Ricardo Leitner
> wrote:
> >
> > On Wed, Nov 23, 2022 at 12:31:38PM -0500, Xin Long wrote:
> > > On Wed, Nov 23, 2022 at 10:13 AM Marcelo Ricardo Leitner
> > > wrote:
> > > >
> > > > On Wed, Nov 23, 2022 at 12:09:55PM -0300, Marcelo Ricardo Leitner wrote:
> > > > > On Tue, Nov 22, 2022 at 12:32:21PM -0500, Xin Long wrote:
> > > > > > +int nf_ct_nat(struct sk_buff *skb, struct nf_conn *ct,
> > > > > > + enum ip_conntrack_info ctinfo, int *action,
> > > > > > + const struct nf_nat_range2 *range, bool commit)
> > > > > > +{
> > > > > > + enum nf_nat_manip_type maniptype;
> > > > > > + int err, ct_action = *action;
> > > > > > +
> > > > > > + *action = 0;
> > > > > > +
> > > > > > + /* Add NAT extension if not confirmed yet. */
> > > > > > + if (!nf_ct_is_confirmed(ct) && !nf_ct_nat_ext_add(ct))
> > > > > > + return NF_ACCEPT; /* Can't NAT. */
> > > > > > +
> > > > > > + if (ctinfo != IP_CT_NEW && (ct->status & IPS_NAT_MASK) &&
> > > > > > + (ctinfo != IP_CT_RELATED || commit)) {
> > > > > > + /* NAT an established or related connection like
> > > > > > before. */
> > > > > > + if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY)
> > > > > > + /* This is the REPLY direction for a connection
> > > > > > +* for which NAT was applied in the forward
> > > > > > +* direction. Do the reverse NAT.
> > > > > > +*/
> > > > > > + maniptype = ct->status & IPS_SRC_NAT
> > > > > > + ? NF_NAT_MANIP_DST : NF_NAT_MANIP_SRC;
> > > > > > + else
> > > > > > + maniptype = ct->status & IPS_SRC_NAT
> > > > > > + ? NF_NAT_MANIP_SRC : NF_NAT_MANIP_DST;
> > > > > > + } else if (ct_action & (1 << NF_NAT_MANIP_SRC)) {
> > > > > > + maniptype = NF_NAT_MANIP_SRC;
> > > > > > + } else if (ct_action & (1 << NF_NAT_MANIP_DST)) {
> > > > > > + maniptype = NF_NAT_MANIP_DST;
> > > > > > + } else {
> > > > > > + return NF_ACCEPT;
> > > > > > + }
> > > > > > +
> > > > > > + err = nf_ct_nat_execute(skb, ct, ctinfo, action, range,
> > > > > > maniptype);
> > > > > > + if (err == NF_ACCEPT && ct->status & IPS_DST_NAT) {
> > > > > > + if (ct->status & IPS_SRC_NAT) {
> > > > > > + if (maniptype == NF_NAT_MANIP_SRC)
> > > > > > + maniptype = NF_NAT_MANIP_DST;
> > > > > > + else
> > > > > > + maniptype = NF_NAT_MANIP_SRC;
> > > > > > +
> > > > > > + err = nf_ct_nat_execute(skb, ct, ctinfo,
> > > > > > action, range,
> > > > > > + maniptype);
> > > > > > + } else if (CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL) {
> > > > > > + err = nf_ct_nat_execute(skb, ct, ctinfo,
> > > > > > action, NULL,
> > > > > > + NF_NAT_MANIP_SRC);
> > > > > > + }
> > > > > > + }
> > > > > > + return err;
> > > > > > +}
> > > > > > +EXPORT_SYMBOL_GPL(nf_ct_nat);
> > > > > > diff --git a/net/openvswitch/conntrack.c
> > > > > > b/net/openvswitch/conntrack.c
> > > > > > index cc643a556ea1..d03c75165663 100644
> > > > > > --- a/net/openvswitch/conntrack.c
> > > > > > +++ b/net/openvswitch/conntrack.c
> > > > > > @@ -726,144 +726,27 @@ static void ovs_nat_update_key(struct
> > > > > > sw_flow_key *key,
> > > > > > }
> > > > > > }
> > > > > >
> > > > > > -/* Modelled after nf_nat_ipv[46]_fn().
> > > > > > - * range is only used for new, uninitialized NAT state.
> > > > > > - * Returns either NF_ACCEPT or NF_DROP.
> > > > > > - */
> > > > > > -static int ovs_ct_nat_execute(struct sk_buff *skb, struct nf_conn
> > > > > > *ct,
> > > > > > - enum ip_conntrack_info ctinfo,
> > > > > > - const struct nf_nat_range2 *range,
> > > > > > - enum nf_nat_manip_type maniptype, struct
> > > > > > sw_flow_key *key)
> > > > > > -{
> > > > > > - int hooknum, err = NF_ACCEPT;
> > > > > > -
> > > > > > - /* See HOOK2MANIP(). */
> > > > > > - if (maniptype == NF_NAT_MANIP_SRC)
> > > > > > - hooknum = NF_INET_LOCAL_IN; /* Source NAT */
> > > > > > - else
> > > > > > - hooknum = NF_INET_LOCAL_OUT; /* Destination NAT */
> > > > > > -
> > > > > > - switch (ctinfo) {
> > > > > > - case IP_CT_RELATED:
> > > > > > - case IP_CT_RELATED_REPLY:
> > > > > > - if (IS_ENABLED(CONFIG_NF_NAT) &&
> > > > > > - skb->protocol == htons(ETH_P_IP) &&
> > > > > > - ip_hdr(skb)->protocol == IPPROTO_ICMP) {
> > > > > > - if (!nf_nat_icmp_reply_translation(skb, ct,
> > > > > > ctinfo,
> > > > > > -
Re: [ovs-dev] [PATCHv2 net-next 5/5] net: move the nat function to nf_nat_ovs for ovs and tc
On Wed, Nov 23, 2022 at 1:48 PM Marcelo Ricardo Leitner
wrote:
>
> On Wed, Nov 23, 2022 at 12:31:38PM -0500, Xin Long wrote:
> > On Wed, Nov 23, 2022 at 10:13 AM Marcelo Ricardo Leitner
> > wrote:
> > >
> > > On Wed, Nov 23, 2022 at 12:09:55PM -0300, Marcelo Ricardo Leitner wrote:
> > > > On Tue, Nov 22, 2022 at 12:32:21PM -0500, Xin Long wrote:
> > > > > +int nf_ct_nat(struct sk_buff *skb, struct nf_conn *ct,
> > > > > + enum ip_conntrack_info ctinfo, int *action,
> > > > > + const struct nf_nat_range2 *range, bool commit)
> > > > > +{
> > > > > + enum nf_nat_manip_type maniptype;
> > > > > + int err, ct_action = *action;
> > > > > +
> > > > > + *action = 0;
> > > > > +
> > > > > + /* Add NAT extension if not confirmed yet. */
> > > > > + if (!nf_ct_is_confirmed(ct) && !nf_ct_nat_ext_add(ct))
> > > > > + return NF_ACCEPT; /* Can't NAT. */
> > > > > +
> > > > > + if (ctinfo != IP_CT_NEW && (ct->status & IPS_NAT_MASK) &&
> > > > > + (ctinfo != IP_CT_RELATED || commit)) {
> > > > > + /* NAT an established or related connection like before.
> > > > > */
> > > > > + if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY)
> > > > > + /* This is the REPLY direction for a connection
> > > > > +* for which NAT was applied in the forward
> > > > > +* direction. Do the reverse NAT.
> > > > > +*/
> > > > > + maniptype = ct->status & IPS_SRC_NAT
> > > > > + ? NF_NAT_MANIP_DST : NF_NAT_MANIP_SRC;
> > > > > + else
> > > > > + maniptype = ct->status & IPS_SRC_NAT
> > > > > + ? NF_NAT_MANIP_SRC : NF_NAT_MANIP_DST;
> > > > > + } else if (ct_action & (1 << NF_NAT_MANIP_SRC)) {
> > > > > + maniptype = NF_NAT_MANIP_SRC;
> > > > > + } else if (ct_action & (1 << NF_NAT_MANIP_DST)) {
> > > > > + maniptype = NF_NAT_MANIP_DST;
> > > > > + } else {
> > > > > + return NF_ACCEPT;
> > > > > + }
> > > > > +
> > > > > + err = nf_ct_nat_execute(skb, ct, ctinfo, action, range,
> > > > > maniptype);
> > > > > + if (err == NF_ACCEPT && ct->status & IPS_DST_NAT) {
> > > > > + if (ct->status & IPS_SRC_NAT) {
> > > > > + if (maniptype == NF_NAT_MANIP_SRC)
> > > > > + maniptype = NF_NAT_MANIP_DST;
> > > > > + else
> > > > > + maniptype = NF_NAT_MANIP_SRC;
> > > > > +
> > > > > + err = nf_ct_nat_execute(skb, ct, ctinfo, action,
> > > > > range,
> > > > > + maniptype);
> > > > > + } else if (CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL) {
> > > > > + err = nf_ct_nat_execute(skb, ct, ctinfo, action,
> > > > > NULL,
> > > > > + NF_NAT_MANIP_SRC);
> > > > > + }
> > > > > + }
> > > > > + return err;
> > > > > +}
> > > > > +EXPORT_SYMBOL_GPL(nf_ct_nat);
> > > > > diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c
> > > > > index cc643a556ea1..d03c75165663 100644
> > > > > --- a/net/openvswitch/conntrack.c
> > > > > +++ b/net/openvswitch/conntrack.c
> > > > > @@ -726,144 +726,27 @@ static void ovs_nat_update_key(struct
> > > > > sw_flow_key *key,
> > > > > }
> > > > > }
> > > > >
> > > > > -/* Modelled after nf_nat_ipv[46]_fn().
> > > > > - * range is only used for new, uninitialized NAT state.
> > > > > - * Returns either NF_ACCEPT or NF_DROP.
> > > > > - */
> > > > > -static int ovs_ct_nat_execute(struct sk_buff *skb, struct nf_conn
> > > > > *ct,
> > > > > - enum ip_conntrack_info ctinfo,
> > > > > - const struct nf_nat_range2 *range,
> > > > > - enum nf_nat_manip_type maniptype, struct
> > > > > sw_flow_key *key)
> > > > > -{
> > > > > - int hooknum, err = NF_ACCEPT;
> > > > > -
> > > > > - /* See HOOK2MANIP(). */
> > > > > - if (maniptype == NF_NAT_MANIP_SRC)
> > > > > - hooknum = NF_INET_LOCAL_IN; /* Source NAT */
> > > > > - else
> > > > > - hooknum = NF_INET_LOCAL_OUT; /* Destination NAT */
> > > > > -
> > > > > - switch (ctinfo) {
> > > > > - case IP_CT_RELATED:
> > > > > - case IP_CT_RELATED_REPLY:
> > > > > - if (IS_ENABLED(CONFIG_NF_NAT) &&
> > > > > - skb->protocol == htons(ETH_P_IP) &&
> > > > > - ip_hdr(skb)->protocol == IPPROTO_ICMP) {
> > > > > - if (!nf_nat_icmp_reply_translation(skb, ct,
> > > > > ctinfo,
> > > > > - hooknum))
> > > > > - err = NF_DROP;
> > > > > - goto out;
> > > > > - } else if (IS_ENABLED(CONFIG_IPV6) &&
> > > > > - skb->protocol == htons(ETH_P_IPV6)) {
> > > > > - __be16
Re: [ovs-dev] [PATCHv2 net-next 5/5] net: move the nat function to nf_nat_ovs for ovs and tc
On Tue, Nov 22, 2022 at 12:32:21PM -0500, Xin Long wrote: > --- a/net/netfilter/Makefile > +++ b/net/netfilter/Makefile > @@ -52,7 +52,7 @@ obj-$(CONFIG_NF_CONNTRACK_SANE) += nf_conntrack_sane.o > obj-$(CONFIG_NF_CONNTRACK_SIP) += nf_conntrack_sip.o > obj-$(CONFIG_NF_CONNTRACK_TFTP) += nf_conntrack_tftp.o > > -nf_nat-y := nf_nat_core.o nf_nat_proto.o nf_nat_helper.o > +nf_nat-y := nf_nat_core.o nf_nat_proto.o nf_nat_helper.o nf_nat_ovs.o Considering that the code in nf_nat_ovs is only used if ovs or act_ct are enabled, shouldn't it be using an invisible knob here that gets automatically selected by them? Pablo? I think this is my last comment on this series. The rest LGTM. > > obj-$(CONFIG_NF_LOG_SYSLOG) += nf_log_syslog.o > ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCHv2 net-next 5/5] net: move the nat function to nf_nat_ovs for ovs and tc
On Wed, Nov 23, 2022 at 12:31:38PM -0500, Xin Long wrote:
> On Wed, Nov 23, 2022 at 10:13 AM Marcelo Ricardo Leitner
> wrote:
> >
> > On Wed, Nov 23, 2022 at 12:09:55PM -0300, Marcelo Ricardo Leitner wrote:
> > > On Tue, Nov 22, 2022 at 12:32:21PM -0500, Xin Long wrote:
> > > > +int nf_ct_nat(struct sk_buff *skb, struct nf_conn *ct,
> > > > + enum ip_conntrack_info ctinfo, int *action,
> > > > + const struct nf_nat_range2 *range, bool commit)
> > > > +{
> > > > + enum nf_nat_manip_type maniptype;
> > > > + int err, ct_action = *action;
> > > > +
> > > > + *action = 0;
> > > > +
> > > > + /* Add NAT extension if not confirmed yet. */
> > > > + if (!nf_ct_is_confirmed(ct) && !nf_ct_nat_ext_add(ct))
> > > > + return NF_ACCEPT; /* Can't NAT. */
> > > > +
> > > > + if (ctinfo != IP_CT_NEW && (ct->status & IPS_NAT_MASK) &&
> > > > + (ctinfo != IP_CT_RELATED || commit)) {
> > > > + /* NAT an established or related connection like before. */
> > > > + if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY)
> > > > + /* This is the REPLY direction for a connection
> > > > +* for which NAT was applied in the forward
> > > > +* direction. Do the reverse NAT.
> > > > +*/
> > > > + maniptype = ct->status & IPS_SRC_NAT
> > > > + ? NF_NAT_MANIP_DST : NF_NAT_MANIP_SRC;
> > > > + else
> > > > + maniptype = ct->status & IPS_SRC_NAT
> > > > + ? NF_NAT_MANIP_SRC : NF_NAT_MANIP_DST;
> > > > + } else if (ct_action & (1 << NF_NAT_MANIP_SRC)) {
> > > > + maniptype = NF_NAT_MANIP_SRC;
> > > > + } else if (ct_action & (1 << NF_NAT_MANIP_DST)) {
> > > > + maniptype = NF_NAT_MANIP_DST;
> > > > + } else {
> > > > + return NF_ACCEPT;
> > > > + }
> > > > +
> > > > + err = nf_ct_nat_execute(skb, ct, ctinfo, action, range, maniptype);
> > > > + if (err == NF_ACCEPT && ct->status & IPS_DST_NAT) {
> > > > + if (ct->status & IPS_SRC_NAT) {
> > > > + if (maniptype == NF_NAT_MANIP_SRC)
> > > > + maniptype = NF_NAT_MANIP_DST;
> > > > + else
> > > > + maniptype = NF_NAT_MANIP_SRC;
> > > > +
> > > > + err = nf_ct_nat_execute(skb, ct, ctinfo, action,
> > > > range,
> > > > + maniptype);
> > > > + } else if (CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL) {
> > > > + err = nf_ct_nat_execute(skb, ct, ctinfo, action,
> > > > NULL,
> > > > + NF_NAT_MANIP_SRC);
> > > > + }
> > > > + }
> > > > + return err;
> > > > +}
> > > > +EXPORT_SYMBOL_GPL(nf_ct_nat);
> > > > diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c
> > > > index cc643a556ea1..d03c75165663 100644
> > > > --- a/net/openvswitch/conntrack.c
> > > > +++ b/net/openvswitch/conntrack.c
> > > > @@ -726,144 +726,27 @@ static void ovs_nat_update_key(struct
> > > > sw_flow_key *key,
> > > > }
> > > > }
> > > >
> > > > -/* Modelled after nf_nat_ipv[46]_fn().
> > > > - * range is only used for new, uninitialized NAT state.
> > > > - * Returns either NF_ACCEPT or NF_DROP.
> > > > - */
> > > > -static int ovs_ct_nat_execute(struct sk_buff *skb, struct nf_conn *ct,
> > > > - enum ip_conntrack_info ctinfo,
> > > > - const struct nf_nat_range2 *range,
> > > > - enum nf_nat_manip_type maniptype, struct
> > > > sw_flow_key *key)
> > > > -{
> > > > - int hooknum, err = NF_ACCEPT;
> > > > -
> > > > - /* See HOOK2MANIP(). */
> > > > - if (maniptype == NF_NAT_MANIP_SRC)
> > > > - hooknum = NF_INET_LOCAL_IN; /* Source NAT */
> > > > - else
> > > > - hooknum = NF_INET_LOCAL_OUT; /* Destination NAT */
> > > > -
> > > > - switch (ctinfo) {
> > > > - case IP_CT_RELATED:
> > > > - case IP_CT_RELATED_REPLY:
> > > > - if (IS_ENABLED(CONFIG_NF_NAT) &&
> > > > - skb->protocol == htons(ETH_P_IP) &&
> > > > - ip_hdr(skb)->protocol == IPPROTO_ICMP) {
> > > > - if (!nf_nat_icmp_reply_translation(skb, ct, ctinfo,
> > > > - hooknum))
> > > > - err = NF_DROP;
> > > > - goto out;
> > > > - } else if (IS_ENABLED(CONFIG_IPV6) &&
> > > > - skb->protocol == htons(ETH_P_IPV6)) {
> > > > - __be16 frag_off;
> > > > - u8 nexthdr = ipv6_hdr(skb)->nexthdr;
> > > > - int hdrlen = ipv6_skip_exthdr(skb,
> > > > - sizeof(struct
> > > > ipv6hdr),
> > > > - , _off);
> > > > -
> > > >
Re: [ovs-dev] [PATCH ovn] actions: introduce next_table option for CT_COMMIT_V2
On Tue, Oct 25, 2022 at 4:39 PM Lorenzo Bianconi
wrote:
>
> In the current codebase ct_commit {} action clears ct_state metadata of
> the incoming packet. This behaviour introduces an issue if we need to
> check the connection tracking state in the subsequent pipeline stages,
> e.g. for hairpin traffic:
>
> table=14(ls_in_pre_hairpin ), priority=100 , match=(ip && ct.trk),
> action=(reg0[6] = chk_lb_hairpin(); reg0[12] = chk_lb_hairpin_reply(); next;)
>
> Fix the issue introducing next_table option in the ct_commit {} action
> allowing the ct packet to proceed in the pipeline.
>
> Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2103086
> Signed-off-by: Lorenzo Bianconi
Hi Lorenzo,
Thanks for the patch. documentation is missing in ovn-northd.8.xml
for the updated logical flows.
Please see below for few comments.
> ---
> include/ovn/actions.h | 1 +
> lib/actions.c | 50 ++-
> northd/northd.c | 8 ++--
> ovn-sb.xml| 4 +-
> tests/ovn-northd.at | 94 +++
> tests/ovn.at | 4 ++
> 6 files changed, 86 insertions(+), 75 deletions(-)
>
> diff --git a/include/ovn/actions.h b/include/ovn/actions.h
> index d7ee84dac..d96d34841 100644
> --- a/include/ovn/actions.h
> +++ b/include/ovn/actions.h
> @@ -315,6 +315,7 @@ struct ovnact_nest {
> struct ovnact ovnact;
> struct ovnact *nested;
> size_t nested_len;
> +uint8_t ltable; /* Logical table ID of next table. */
> };
>
> /* OVNACT_GET_ARP, OVNACT_GET_ND. */
> diff --git a/lib/actions.c b/lib/actions.c
> index adbb42db4..88d7eb571 100644
> --- a/lib/actions.c
> +++ b/lib/actions.c
> @@ -207,6 +207,10 @@ struct action_context {
>
> static void parse_actions(struct action_context *, enum lex_type sentinel);
>
> +static void __parse_nested_action(struct action_context *ctx,
> + enum ovnact_type type,
> + const char *prereq,
> + enum expr_write_scope scope);
> static void parse_nested_action(struct action_context *ctx,
> enum ovnact_type type,
> const char *prereq,
> @@ -764,8 +768,23 @@ static void
> parse_CT_COMMIT(struct action_context *ctx)
> {
> if (ctx->lexer->token.type == LEX_T_LCURLY) {
> -parse_nested_action(ctx, OVNACT_CT_COMMIT_V2, "ip",
> -WR_CT_COMMIT);
> +int table = 0;
> +lexer_force_match(ctx->lexer, LEX_T_LCURLY); /* Skip '{'. */
> +if (lexer_match_id(ctx->lexer, "next_table")) {
> +lexer_match(ctx->lexer, LEX_T_SEMICOLON);
> +table = ctx->pp->cur_ltable + 1;
> +if (table >= ctx->pp->n_tables) {
> + table = 0;
> +}
> +}
Generally actions inside {} are nested actions. But this patch adds a
custom flag just before the start of the nested actions.
Also this would break the upgrades if ovn-northd is updated first.
Because the old ovn-controller will fail parsing this action.
@Mark Michelson @Dumitru Ceara @Han Zhou Is it ok for us to not
support this upgrade scenario ? i.e ovn-northd and DBs upgraded first
before the ovn-controllers ?
> +__parse_nested_action(ctx, OVNACT_CT_COMMIT_V2, "ip",
> + WR_CT_COMMIT);
> +if (ctx->lexer->error) {
> +return;
> +}
> +
> +struct ovnact_nest *on = ctx->ovnacts->header;
> +on->ltable = table;
> } else if (ctx->lexer->token.type == LEX_T_LPAREN) {
> parse_CT_COMMIT_V1(ctx);
> } else {
> @@ -775,6 +794,7 @@ parse_CT_COMMIT(struct action_context *ctx)
> OVNACT_ALIGN(sizeof *on));
> on->nested_len = 0;
> on->nested = NULL;
> +on->ltable = 0;
> }
> }
>
> @@ -872,12 +892,16 @@ format_CT_COMMIT_V2(const struct ovnact_nest *on,
> struct ds *s)
>
> static void
> encode_CT_COMMIT_V2(const struct ovnact_nest *on,
> -const struct ovnact_encode_params *ep OVS_UNUSED,
> +const struct ovnact_encode_params *ep,
> struct ofpbuf *ofpacts)
> {
> struct ofpact_conntrack *ct = ofpact_put_CT(ofpacts);
> ct->flags = NX_CT_F_COMMIT;
> -ct->recirc_table = NX_CT_RECIRC_NONE;
> +if (on->ltable > 0) {
> +ct->recirc_table = first_ptable(ep, ep->pipeline) + on->ltable;
> +} else {
> +ct->recirc_table = NX_CT_RECIRC_NONE;
> +}
> ct->zone_src.field = ep->is_switch
> ? mf_from_id(MFF_LOG_CT_ZONE)
> : mf_from_id(MFF_LOG_DNAT_ZONE);
> @@ -1586,13 +1610,9 @@ encode_CT_CLEAR(const struct ovnact_null *null
> OVS_UNUSED,
> /* Implements the "arp", "nd_na", and "clone" actions, which execute nested
> * actions on a packet derived from the one being processed. */
> static void
>
Re: [ovs-dev] [PATCH ovn] binding: add the capability to apply QoS for lsp
On Tue, Nov 22, 2022 at 5:31 PM Lorenzo Bianconi
wrote:
>
> > Thanks Lorenzo!
> >
> > Acked-by: Mark Michelson
> >
> > The only question I have is why you converted to a shash instead of a smap?
>
> Hi Mark,
>
> Thx for the review. Do you mean shash instead of sset?
>
> Regards,
> Lorenzo
>
Thanks for the patch. Please see below for a few comments.
This patch needs a rebase too.
> >
> > On 11/4/22 09:08, Lorenzo Bianconi wrote:
> > > Introduce the capability to apply QoS rules for logical switch ports
> > > claimed by ovn-controller. Rely on shash instead of sset for
> > > egress_ifaces.
> > >
> > > Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2129742
> > > Signed-off-by: Lorenzo Bianconi
> > > ---
> > > controller/binding.c| 78 +++--
> > > controller/binding.h| 2 +-
> > > controller/ovn-controller.c | 9 ++---
> > > tests/system-ovn.at | 27 +
> > > 4 files changed, 89 insertions(+), 27 deletions(-)
> > >
> > > diff --git a/controller/binding.c b/controller/binding.c
> > > index c3d2b2e42..6e596e6ca 100644
> > > --- a/controller/binding.c
> > > +++ b/controller/binding.c
> > > @@ -115,6 +115,7 @@ struct qos_queue {
> > > uint32_t min_rate;
> > > uint32_t max_rate;
> > > uint32_t burst;
> > > +char *port_name;
> > > };
> > > void
> > > @@ -147,6 +148,8 @@ static void update_lport_tracking(const struct
> > > sbrec_port_binding *pb,
> > > struct hmap *tracked_dp_bindings,
> > > bool claimed);
> > > +static bool is_lport_vif(const struct sbrec_port_binding *pb);
> > > +
> > > static void
> > > get_qos_params(const struct sbrec_port_binding *pb, struct hmap
> > > *queue_map)
> > > {
> > > @@ -166,6 +169,7 @@ get_qos_params(const struct sbrec_port_binding *pb,
> > > struct hmap *queue_map)
> > > node->max_rate = max_rate;
> > > node->burst = burst;
> > > node->queue_id = queue_id;
> > > +node->port_name = xstrdup(pb->logical_port);
> > > }
> > > static const struct ovsrec_qos *
> > > @@ -191,7 +195,7 @@ static bool
> > > set_noop_qos(struct ovsdb_idl_txn *ovs_idl_txn,
> > >const struct ovsrec_port_table *port_table,
> > >const struct ovsrec_qos_table *qos_table,
> > > - struct sset *egress_ifaces)
> > > + struct shash *egress_ifaces)
> > > {
> > > if (!ovs_idl_txn) {
> > > return false;
> > > @@ -206,11 +210,11 @@ set_noop_qos(struct ovsdb_idl_txn *ovs_idl_txn,
> > > size_t count = 0;
> > > OVSREC_PORT_TABLE_FOR_EACH (port, port_table) {
> > > -if (sset_contains(egress_ifaces, port->name)) {
> > > +if (shash_find(egress_ifaces, port->name)) {
> > > ovsrec_port_set_qos(port, noop_qos);
> > > count++;
> > > }
> > > -if (sset_count(egress_ifaces) == count) {
> > > +if (shash_count(egress_ifaces) == count) {
> > > break;
> > > }
> > > }
> > > @@ -229,9 +233,10 @@ set_qos_type(struct netdev *netdev, const char *type)
> > > }
> > > static void
> > > -setup_qos(const char *egress_iface, struct hmap *queue_map)
> > > +setup_qos(struct shash_node *entry, struct hmap *queue_map)
Instead of using shash_node as input parameter, I'd suggest changing it to
setup_qos(const char *egress_iface, const char *logical_port, struct
hmap *queue_map)
> > > {
> > > static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 5);
> > > +const char *egress_iface = entry->name;
> > > struct netdev *netdev_phy;
> > > if (!egress_iface) {
> > > @@ -331,6 +336,10 @@ setup_qos(const char *egress_iface, struct hmap
> > > *queue_map)
> > > continue;
> > > }
> > > +if (strcmp(sb_info->port_name, entry->data)) {
> > > +continue;
> > > +}
> > > +
> > > smap_clear(_details);
> > > smap_add_format(_details, "min-rate", "%d",
> > > sb_info->min_rate);
> > > smap_add_format(_details, "max-rate", "%d",
> > > sb_info->max_rate);
> > > @@ -352,6 +361,7 @@ destroy_qos_map(struct hmap *qos_map)
> > > {
> > > struct qos_queue *qos_queue;
> > > HMAP_FOR_EACH_POP (qos_queue, node, qos_map) {
> > > +free(qos_queue->port_name);
> > > free(qos_queue);
> > > }
> > > @@ -397,7 +407,7 @@ sbrec_get_port_encap(const struct sbrec_chassis
> > > *chassis_rec,
> > > static void
> > > add_localnet_egress_interface_mappings(
> > > const struct sbrec_port_binding *port_binding,
> > > -struct shash *bridge_mappings, struct sset *egress_ifaces)
> > > +struct shash *bridge_mappings, struct shash *egress_ifaces)
> > > {
> > > const char *network = smap_get(_binding->options,
> > > "network_name");
> > > if (!network) {
> > > @@ -422,7 +432,8 @@
Re: [ovs-dev] [PATCHv2 net-next 5/5] net: move the nat function to nf_nat_ovs for ovs and tc
On Wed, Nov 23, 2022 at 10:13 AM Marcelo Ricardo Leitner
wrote:
>
> On Wed, Nov 23, 2022 at 12:09:55PM -0300, Marcelo Ricardo Leitner wrote:
> > On Tue, Nov 22, 2022 at 12:32:21PM -0500, Xin Long wrote:
> > > +int nf_ct_nat(struct sk_buff *skb, struct nf_conn *ct,
> > > + enum ip_conntrack_info ctinfo, int *action,
> > > + const struct nf_nat_range2 *range, bool commit)
> > > +{
> > > + enum nf_nat_manip_type maniptype;
> > > + int err, ct_action = *action;
> > > +
> > > + *action = 0;
> > > +
> > > + /* Add NAT extension if not confirmed yet. */
> > > + if (!nf_ct_is_confirmed(ct) && !nf_ct_nat_ext_add(ct))
> > > + return NF_ACCEPT; /* Can't NAT. */
> > > +
> > > + if (ctinfo != IP_CT_NEW && (ct->status & IPS_NAT_MASK) &&
> > > + (ctinfo != IP_CT_RELATED || commit)) {
> > > + /* NAT an established or related connection like before. */
> > > + if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY)
> > > + /* This is the REPLY direction for a connection
> > > +* for which NAT was applied in the forward
> > > +* direction. Do the reverse NAT.
> > > +*/
> > > + maniptype = ct->status & IPS_SRC_NAT
> > > + ? NF_NAT_MANIP_DST : NF_NAT_MANIP_SRC;
> > > + else
> > > + maniptype = ct->status & IPS_SRC_NAT
> > > + ? NF_NAT_MANIP_SRC : NF_NAT_MANIP_DST;
> > > + } else if (ct_action & (1 << NF_NAT_MANIP_SRC)) {
> > > + maniptype = NF_NAT_MANIP_SRC;
> > > + } else if (ct_action & (1 << NF_NAT_MANIP_DST)) {
> > > + maniptype = NF_NAT_MANIP_DST;
> > > + } else {
> > > + return NF_ACCEPT;
> > > + }
> > > +
> > > + err = nf_ct_nat_execute(skb, ct, ctinfo, action, range, maniptype);
> > > + if (err == NF_ACCEPT && ct->status & IPS_DST_NAT) {
> > > + if (ct->status & IPS_SRC_NAT) {
> > > + if (maniptype == NF_NAT_MANIP_SRC)
> > > + maniptype = NF_NAT_MANIP_DST;
> > > + else
> > > + maniptype = NF_NAT_MANIP_SRC;
> > > +
> > > + err = nf_ct_nat_execute(skb, ct, ctinfo, action,
> > > range,
> > > + maniptype);
> > > + } else if (CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL) {
> > > + err = nf_ct_nat_execute(skb, ct, ctinfo, action, NULL,
> > > + NF_NAT_MANIP_SRC);
> > > + }
> > > + }
> > > + return err;
> > > +}
> > > +EXPORT_SYMBOL_GPL(nf_ct_nat);
> > > diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c
> > > index cc643a556ea1..d03c75165663 100644
> > > --- a/net/openvswitch/conntrack.c
> > > +++ b/net/openvswitch/conntrack.c
> > > @@ -726,144 +726,27 @@ static void ovs_nat_update_key(struct sw_flow_key
> > > *key,
> > > }
> > > }
> > >
> > > -/* Modelled after nf_nat_ipv[46]_fn().
> > > - * range is only used for new, uninitialized NAT state.
> > > - * Returns either NF_ACCEPT or NF_DROP.
> > > - */
> > > -static int ovs_ct_nat_execute(struct sk_buff *skb, struct nf_conn *ct,
> > > - enum ip_conntrack_info ctinfo,
> > > - const struct nf_nat_range2 *range,
> > > - enum nf_nat_manip_type maniptype, struct
> > > sw_flow_key *key)
> > > -{
> > > - int hooknum, err = NF_ACCEPT;
> > > -
> > > - /* See HOOK2MANIP(). */
> > > - if (maniptype == NF_NAT_MANIP_SRC)
> > > - hooknum = NF_INET_LOCAL_IN; /* Source NAT */
> > > - else
> > > - hooknum = NF_INET_LOCAL_OUT; /* Destination NAT */
> > > -
> > > - switch (ctinfo) {
> > > - case IP_CT_RELATED:
> > > - case IP_CT_RELATED_REPLY:
> > > - if (IS_ENABLED(CONFIG_NF_NAT) &&
> > > - skb->protocol == htons(ETH_P_IP) &&
> > > - ip_hdr(skb)->protocol == IPPROTO_ICMP) {
> > > - if (!nf_nat_icmp_reply_translation(skb, ct, ctinfo,
> > > - hooknum))
> > > - err = NF_DROP;
> > > - goto out;
> > > - } else if (IS_ENABLED(CONFIG_IPV6) &&
> > > - skb->protocol == htons(ETH_P_IPV6)) {
> > > - __be16 frag_off;
> > > - u8 nexthdr = ipv6_hdr(skb)->nexthdr;
> > > - int hdrlen = ipv6_skip_exthdr(skb,
> > > - sizeof(struct ipv6hdr),
> > > - , _off);
> > > -
> > > - if (hdrlen >= 0 && nexthdr == IPPROTO_ICMPV6) {
> > > - if (!nf_nat_icmpv6_reply_translation(skb, ct,
> > > -ctinfo,
> > > -
Re: [ovs-dev] [PATCH ovn] ci: github: Enable address and UB sanitizers for system tests.
On 11/23/22 16:33, Numan Siddique wrote: > On Fri, Nov 18, 2022 at 10:11 AM Dumitru Ceara wrote: >> >> Signed-off-by: Dumitru Ceara > > Acked-by: Numan Siddique > > Numan > Thanks! I pushed this patch to the main branch. Regards, Dumitru ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH] learn: Fix parsing immediate value for a field match.
On 11/23/22 16:21, Ilya Maximets wrote:
> On 11/8/22 19:15, Simon Horman wrote:
>> On Sat, Nov 05, 2022 at 11:11:53AM +0100, Ilya Maximets wrote:
>>> The value is right-justified after the string parsing with
>>> parse_int_string(), i.e. it is in BE byte order and aligned
>>> to the right side of the array.
>>>
>>> For example, the 0x10011 value in a 4-byte field will look
>>> like 0x00 0x01 0x00 0x11.
>>>
>>> However, value copy to the resulted ofpact is performed
>>> from the start of the memory. So, in case the destination
>>> size is smaller than the original field size, incorrect
>>> part of the value will be copied.
>>>
>>> In the 0x00 0x01 0x00 0x11 example above, if the copy is
>>> performed to a 3-byte field, the first 3 bytes will be
>>> copied, which are 0x00 0x01 0x00 instead of 0x01 0x00 0x11.
>>>
>>> This leads to a problem where NXM_NX_REG3[0..16]=0x10011
>>> turns into NXM_NX_REG3[0..16]=0x100 after the parsing.
>>>
>>> Fix that by offsetting the starting position to the size
>>> difference in bytes similarly to how it is done in
>>> learn_parse_load_immediate().
>>>
>>> Fixes: 21b2fa617126 ("ofp-parse: Allow match field names in actions and
>>> brackets in matches.")
>>> Reported-at:
>>> https://mail.openvswitch.org/pipermail/ovs-discuss/2022-November/052100.html
>>> Reported-by: Thomas Lee
>>> Signed-off-by: Ilya Maximets
>>> ---
>>> lib/learn.c| 4 +++-
>>> tests/learn.at | 4 ++--
>>> 2 files changed, 5 insertions(+), 3 deletions(-)
>>>
>>> diff --git a/lib/learn.c b/lib/learn.c
>>> index a40209ec0..cfd762527 100644
>>> --- a/lib/learn.c
>>> +++ b/lib/learn.c
>>> @@ -310,9 +310,11 @@ learn_parse_spec(const char *orig, char *name, char
>>> *value,
>>>
>>> /* Push value last, as this may reallocate 'spec'! */
>>> unsigned int imm_bytes = DIV_ROUND_UP(dst.n_bits, 8);
>>> +unsigned int offset = dst.field->n_bytes - imm_bytes;
>>> uint8_t *src_imm = ofpbuf_put_zeros(ofpacts,
>>>
>>> OFPACT_ALIGN(imm_bytes));
>>> -memcpy(src_imm, , imm_bytes);
>>> +
>>> +memcpy(src_imm, (uint8_t *) + offset, imm_bytes);
>>
>> FWIIW, This seems fine to me, but I wonder if
>> it would nicer (and indeed valid) to use here.
>
> I guess, you meant 'imm.b', since we have mf_value and not mf_subvalue
> here. But I agree that it makes more sense. Thanks! I'll also change
> other places where is used as a pointer to a byte array to make
> the code a bit more clear. Will send v2 shortly.
Hmm, mf_write_subfield_value() call just above also seems to be incorrect.
I'll re-check that part before sending v2...
>
> Sorry for the late reply, just got back from my PTO.
>
> Best regards, Ilya Maximets.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [ovs-dev v5 1/3] ofproto-dpif-upcall: fix push_dp_ops
On 22 Nov 2022, at 2:44, Peng He wrote:
> Hi,
>
> After a second thought, I think maybe keeping INCONSISTENT just for the
> modify error is a better option.
>
> With current patch:
> 1.
> the modify error case:
> OPERATIONAL -> INCONSISTENT -> EVICTING -> EVICTED
> 2.
> the delete error case:
> EVICTING -> EVICTED
>
> Change both to INCONSISTENT:
>
> the modify error case:
> did not change.
>
> the delete error case:
> EVICTING -> INCONSISTENT -> EVICTED?
> this will make the state machine allows both INCONSISTENT -> EVICTING and
> EVICTING -> INCONSISTENT transitions.
> which I guess it's more confusing ...
>
> Another solution is that, drop INCONSISTENT state, if modify fails, just
> changes to EVICTING.
> and let the revalidate or sweep to take care of EVICTING state ukey and
> initial another dp_ops to remove it.
>
> I now prefer the second solution, what do you think?
Yes, the second one sounds more straightforward, but would it not cause issues
with the statistics? If not we should probably go with this one.
If we run into statistics issues, which I think we will, let’s keep the code as
in v5, but add some code comments on why the paths are different, i.e. to keep
stats happy.
If stats are inconsistent, we should also add a test case so further
fixes/changes will not mess this up.
> Peng He 于2022年11月22日周二 09:01写道:
>
>>
>> Eelco Chaudron 于2022年11月18日周五 15:35写道:
>>
>>>
>>>
>>> On 18 Nov 2022, at 2:53, Peng He wrote:
>>>
Eelco Chaudron 于2022年11月16日周三 18:14写道:
>
>
> On 6 Nov 2022, at 8:12, Peng He wrote:
>
>> push_dp_ops only handles delete ops errors but ignores (忽略) the modify
> (修改)
>> ops results. It's better to handle all the dp operation errors in
>> a consistent way.
>>
>> We observe in the production environment that sometimes a megaflow
>> with wrong actions keep staying in datapath. The coverage command
>>> shows
>> revalidators have dumped several times, however the correct
>> actions are not set. This implies (暗示) that the ukey's action does not
>> equal to the meagaflow's, i.e. revalidators think the underlying (基础)
>> megaflow's actions are correct however they are not.
>>
>> We also check the megaflow using the ofproto/trace command, and the
>> actions are not matched with the ones in the actual magaflow. By
>> performing a revalidator/purge command, the right actions are set.
>>
>> This patch (补丁) prevents the inconsistency by considering modify (修改)
> failure
>> in revalidators.
>>
>> To note, we cannot perform two state transitions and change ukey_state
>> into UKEY_EVICTED directly here, because, if we do so, the
>> sweep (扫) will remove the ukey alone and leave dp flow alive. Later,
>>> the
>> dump will retrieve (检索) the dp flow and might even recover it. This
>>> will
>> contribute the stats of this dp flow twice.
>>
>> Signed-off-by: Peng He
>
> Hi Peng,
>
> Thanks for looking at the statistics part, see some comments inline!
>
> In addition, I already acked patch (补丁) 2 out of this series, but it
> mentions patch x/3, but I do not see patch 3 in this series. Is this
> missing? Or are there only two patches (补丁) left?
there are only two patches. the third one is about the race comments,
>>> which
is not in this patchset.
I guess I made some mistake.
>
>
> Cheers,
>
> Eelco
>
>
>> ---
>> ofproto/ofproto-dpif-upcall.c | 39
>>> ++-
>> 1 file (文件) changed, 25 insertions(+), 14 deletions(-)
>>
>> diff --git a/ofproto/ofproto-dpif-upcall.c
> b/ofproto/ofproto-dpif-upcall.c
>> index 7ad728adf..a7970fa9b 100644
>> --- a/ofproto/ofproto-dpif-upcall.c
>> +++ b/ofproto/ofproto-dpif-upcall.c
>> @@ -254,6 +254,7 @@ enum ukey_state {
>> UKEY_CREATED = 0,
>> UKEY_VISIBLE, /* Ukey is in umap, datapath flow install
>>> (安装)
> is queued (队列) . */
>> UKEY_OPERATIONAL, /* Ukey is in umap, datapath flow is
>>> installed
> (安装) . */
>> +UKEY_INCONSISTENT, /* Ukey is in umap, datapath flow is modified
> (修改) but failed */
>> UKEY_EVICTING, /* Ukey is in umap, datapath flow delete is
> queued (队列) . */
>> UKEY_EVICTED, /* Ukey is in umap, datapath flow is
>>> deleted. */
>> UKEY_DELETED, /* Ukey removed from umap, ukey free is
> deferred (推迟) . */
>> @@ -1966,6 +1967,10 @@ transition_ukey_at(struct udpif_key *ukey, enum
> ukey_state dst,
>> * UKEY_VISIBLE -> UKEY_EVICTED
>> * A handler attempts to install (安装) the flow, but the datapath
> rejects it.
>> * Consider that the datapath has already destroyed it.
>> + * UKEY_OPERATIONAL -> UKEY_INCONSISTENT
>> + * A revalidator modifies (修改) the flow with error returns (返回)
>>> .
Re: [ovs-dev] [PATCH ovn v6 0/3] Add ovn drop debugging
On 11/21/22 17:12, Adrian Moreno wrote:
> Very often when troubleshooting networking issues in an OVN cluster one
> would like to know if any packet (or a specific one) is being dropped by
> OVN.
>
> Currently, this cannot be known because of two main reasons:
>
> 1 - Implicit drops: Some tables do not have a default action
> (priority=0, match=1). In this case, a packet that does not match any
> rule will be silently dropped.
>
> 2 - Even on explicit drops, we only know a packet was dropped. We lack
> information about that packet.
>
> In order to improve this, this series introduces a two-fold solution:
>
> - First, make all drops explicit:
>- northd add a default (match = "1") "drop;" action to those tables
>that currently lack one.
>- ovn-controller add an explicit drop action on those tables are not
>associated with logical flows (i.e: physical-to-logical mappings).
>
> - Secondly, allow sampling of all drops. By introducing a new OVN
> action: "sample" (equivalent to OVS's), OVN can make OVS sample the
> packets as they are dropped. In order to be able to correlate those
> samples back to what exact rule generated them, the user specifies the
> a 8-bit observation_domain_id. Based on that, the samples contain
> the following fields:
> - obs_domain_id:
> - 8 most significant bits = the provided observation_domain_id.
> - 24 least significant bits = the datapath's tunnely key if the
>drop comes from a lflow or zero otherwise.
> - obs_point_id: the first 32-bits of the lflow's UUID (i.e: the
> cookie) if the drop comes from an lflow or the table number
> otherwise.
>
> Based on the above changes in the flows, all of which are optional,
> users can collect IPFIX samples of the packets that are dropped by OVN
> which contain header information useful for debugging.
>
> * Note on observation_domain_ids:
> By allowing the user to specify only the 8 most significant bits of the
> obs_domain_id and having OVN combine it with the datapath's tunnel key,
> OVN could be extended to support more than one "sampling" application.
> For instance, ACL sampling could be developed in the future and, by
> specifying a different observation_domain_id, it could co-exist with the
> drop sampling mode implemented in the current series while still
> allowing to uniquely identify the flow that created the sample.
>
> * Notes on testing and usage:
> Any IPFIX collector that parses ObservationPointID and
> ObservationDomainID fields can be used. For instance, nfdump 1.7
> supports these fields in nfdump. Example of how to capture and analyze
> drops:
> # Enable debug sampling:
> $ ovn-nbctl set NB_Global . options:debug_drop_collector_set=1
> options:debug_drop_domain_id=1
> # Start nfcapd:
> nfcapd -p 2055 -l nfcap &
> # Configue sampling on the OVS you want to inspect:
> $ ovs-vsctl --id=@br get Bridge br-int -- --id=@i create IPFIX
> targets=\"172.18.0.1:2055\" -- create Flow_Sample_Collector_Set
> bridge=@br id=1
> # Inspect samples and figure out what LogicalFlow caused them:
> $ nfdump -r nfcap -o fmt:'%line %odid %opid'
> Date first seen Duration Proto Src IP Addr:Port
> Dst IP Addr:Port PacketsBytes Flows obsDomainID obsPointID
> 1970-01-01 01:09:36.000 00:00:00.000 UDP 172.18.0.1:49230 ->
> 239.255.255.250:190012 6356 1 0x00109 0x00d8dd23c7
> 1970-01-01 01:01:34.000 00:00:00.000 UDP 172.18.0.1:5353 ->
> 224.0.0.251:5353 16589257 1 0x00109 0x00d8dd23c7
> [...]
> $ ovn-sb vn-sbctl list Logical_Flow | grep -A 11 d8dd23c7
> _uuid : d8dd23c7-1451-4ea3-add7-8d68b4be4691
> actions :
> "sample(probability=65535,collector_set=1,obs_domain=1,obs_point=$cookie);
> /* drop */"
> controller_meter: []
> external_ids: {source="northd.c:12504",
> stage-name=lr_in_ip_input}
> logical_datapath: []
> logical_dp_group: 0dc1b195-c647-4277-aea0-0bad5e896f51
> match : "ip4.mcast || ip6.mcast"
> pipeline: ingress
> priority: 82
> table_id: 3
> tags: {}
> hash: 0
>
> v5 -> v6: Addressed Dumitru's comments.
> V4 -> V5: Added documentation
> V3 -> V4: Make explicit drops the default behavior.
> V2 -> V3: Fix rebase problem on unit test
> V1 -> V2
> - Rebased and Addressed Mark's comments.
> - Added NEWS section.
>
> Adrian Moreno (3):
> actions: add sample action
> northd: make default drops explicit
> northd: add drop sampling
>
Thanks Adrian, Ales, Mark, Numan!
It was quite easy to rebase this so I added Ales' "Reviewed-by" and
Numan's "Acked-by" and I pushed the series to the main branch.
Regards,
Dumitru
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v4 3/3] dpif-netdev: fix inconsistent processing between ukey and megaflow
On 19 Nov 2022, at 1:46, Peng He wrote:
> Eelco Chaudron 于2022年11月18日周五 15:38写道:
>
>>
>>
>> On 18 Nov 2022, at 2:57, Peng He wrote:
>>
>>> Since there are possible race conditions (between the kernel (内核)
>> datapath and
>>> userspace datapath),
>>> I guess this patch (补丁) is now needed again? But two datapath is really
>> rare in
>>> the real deployment.
>>> So I am not sure if we should pay attention here.
>>
>> I still think we should add this, as there seem to be a decent amount of
>> times people intermix a kernel (内核) interface with a DPDK one. For example,
>> the bridge interface, which would be up to get routing (溃败) information for
>> tunnels.
>
>
> In this case, bridge interfaces are attached to the userspace datapath, it
> will be "polled" by the main thread, and it's pmd-id is NON_PMD_CORE_ID.
>
> The case that race could happen is that mix using of userspace datapath and
> kernel datapath. When the kernel datapath receives a upcall, it will set
> the pmd-id to PMD_ID_NULL. Checking the code of dpif_netdev_flow_put, only
> the megaflow with pmd-id equals to PMD_ID_NULL will be installed
> into all the PMD threads.
Agreed, I think this is the only case it could still happen. I could not find
any other paths.
>> //Eelco
>>
>>
>>> Eelco Chaudron 于2022年10月19日周三 18:50写道:
>>>
On 10 Oct 2022, at 9:12, Eelco Chaudron wrote:
> On 8 Oct 2022, at 5:27, Peng He wrote:
>
>> Hi,Eelco
>>
>> after a second thought, I think this patch (补丁) is not needed neither,
>> the code (代码) here is trying to find a rule which cover the packet,
>> it does not mean (意味着) the match and action of rule equals to the ones
>> of the ukey.
>>
>> So the code (代码) here is just a prevention, no need to make it
>> consistent
>> with ukey.
>>
>> but the comments above are really misleading, so I sent a new patch
>> (补丁)
fixing
>> it.
>
> Ack, will wait for the v5, and review.
As I did not see a v5, I reviewed the v4, and assume (假设) this patch
>> (补丁) can be
ignored (忽略) .
//Eelco
>> Peng He 于2022年10月3日周一 20:41写道:
>>
>>> When PMDs perform upcalls, the newly generated (生成) ukey will replace
>>> the old, however, the newly generated (生成) mageflow will be discard
>>> to reuse the old one without checking if the actions of new and
>>> old are equal.
>>>
>>> This code (代码) prevents in case someone runs dpctl/add-flow to add
>>> a dp flow with inconsistent actions with the actions of ukey,
>>> and causes more (更多) confusion (混乱) .
>>>
>>> Signed-off-by: Peng He
>>> ---
>>> lib/dpif-netdev.c | 17 -
>>> 1 file (文件) changed, 16 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c
>>> index a45b46014..b316e59ef 100644
>>> --- a/lib/dpif-netdev.c
>>> +++ b/lib/dpif-netdev.c
>>> @@ -8304,7 +8304,22 @@ handle_packet_upcall(struct
>> dp_netdev_pmd_thread
>>> *pmd,
>>> * to be locking revalidators out of making flow
modifications. */
>>> ovs_mutex_lock(>flow_mutex);
>>> netdev_flow = dp_netdev_pmd_lookup_flow(pmd, key, NULL);
>>> -if (OVS_LIKELY(!netdev_flow)) {
>>> +if (OVS_UNLIKELY(netdev_flow)) {
>>> +struct dp_netdev_actions *old_act =
>>> +dp_netdev_flow_get_actions(netdev_flow);
>>> +
>>> +if ((add_actions->size != old_act->size) ||
>>> +memcmp(old_act->actions, add_actions->data,
>>> + add_actions->size)) {
>>> +
>>> + struct dp_netdev_actions *new_act =
>>> + dp_netdev_actions_create(add_actions->data,
>>> +add_actions->size);
>>> +
>>> + ovsrcu_set(_flow->actions, new_act);
>>> + ovsrcu_postpone(dp_netdev_actions_free, old_act);
>>> +}
>>> +} else {
>>> netdev_flow = dp_netdev_flow_add(pmd, , ,
>>> add_actions->data,
>>> add_actions->size,
>>> orig_in_port);
>>> --
>>> 2.25.1
>>>
>>>
>>
>> --
>> hepeng
>>>
>>> --
>>> hepeng
>>
>>
>
> --
> hepeng
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH ovn branch-22.09] ovs: Bump submodule to include latest fixes.
On Thu, Nov 17, 2022 at 7:38 AM Dumitru Ceara wrote: > > Move the submodule to the tip of OVS branch3.0. This picks up: > 6690ed80c netdev-linux: Fix inability to apply QoS on ports with custom > qdiscs. > > Signed-off-by: Dumitru Ceara Acked-by: Numan Siddique Numan > --- > Note: This patch applies cleanly to branch-22.06 and branch-22.03 too. > --- > ovs | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/ovs b/ovs > index 64b79581be..c9c602b6f3 16 > --- a/ovs > +++ b/ovs > @@ -1 +1 @@ > -Subproject commit 64b79581be012db6053e9caead4090f5becbc3b8 > +Subproject commit c9c602b6f332c6e76b273c607366185cf28ed156 > -- > 2.31.1 > > ___ > dev mailing list > d...@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH ovn] ci: github: Enable address and UB sanitizers for system tests.
On Fri, Nov 18, 2022 at 10:11 AM Dumitru Ceara wrote:
>
> Signed-off-by: Dumitru Ceara
Acked-by: Numan Siddique
Numan
> ---
> .github/workflows/test.yml | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
> index 88c48dd2c2..818731b535 100644
> --- a/.github/workflows/test.yml
> +++ b/.github/workflows/test.yml
> @@ -53,6 +53,9 @@ jobs:
> - { compiler: gcc, testsuite: system-test, test_range: "-100" }
> - { compiler: gcc, testsuite: system-test, test_range: "101-200" }
> - { compiler: gcc, testsuite: system-test, test_range: "201-" }
> +- { compiler: clang, testsuite: system-test, sanitizers: sanitizers,
> test_range: "-100" }
> +- { compiler: clang, testsuite: system-test, sanitizers: sanitizers,
> test_range: "101-200" }
> +- { compiler: clang, testsuite: system-test, sanitizers: sanitizers,
> test_range: "201-" }
> - { compiler: gcc, m32: m32, opts: --disable-ssl}
>
> steps:
> --
> 2.31.1
>
> ___
> dev mailing list
> d...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH ovn v6 3/3] northd: add drop sampling
On Mon, Nov 21, 2022 at 11:13 AM Adrian Moreno wrote:
>
> Two new options are added to NB_Global table that enable drop
> sampling by specifying the collector_set_id and the obs_domain_id of
> the sample actions added to all drop flows.
>
> For drops coming from an lflow, the sample has the following fields:
> - obs_domain_id (32-bit): obs_domain_id << 8 | datapath_key
> - 8 most significant bits: the obs_domain_id specified in the
> NB_Global options.
> - 24 least significant bits: the datapath key.
> - obs_point_id: the cookie (first 32-bits of the lflow's UUID).
>
> For drops that are inserted by ovn-controller without any associated
> lflow, the sample will have the follwing fields:
> - obs_domain_id (32-bit): obs_domain_id << 8
> - 8 most significant bits: the obs_domain_id specified in the
> NB_Global options.
> - 24 least significant bits: 0.
> - obs_point_id: The openflow table number.
>
> Adding this configuration is not enough to make OVS sample drops. The
> apropriate configuration IPFIX needs to be added to those chassis that
> you wish to sample from. See man(5) ovs-vswitchd.conf for more details.
>
> Signed-off-by: Adrian Moreno
Acked-by: Numan Siddique
Numan
> ---
> NEWS| 2 +
> controller/ovn-controller.c | 42
> controller/physical.c | 40 ---
> controller/physical.h | 6 +++
> northd/automake.mk | 2 +
> northd/debug.c | 98 +
> northd/debug.h | 30
> northd/northd.c | 77 -
> northd/ovn-northd.8.xml | 26 ++
> ovn-nb.xml | 28 +++
> ovn-sb.xml | 29 +++
> tests/ovn.at| 67 -
> 12 files changed, 380 insertions(+), 67 deletions(-)
> create mode 100644 northd/debug.c
> create mode 100644 northd/debug.h
>
> diff --git a/NEWS b/NEWS
> index 224a7b83e..6c4573b50 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -1,5 +1,7 @@
> Post v22.09.0
> -
> + - ovn-northd: Add configuration knobs to enable drop sampling using OVS's
> +per-flow IPFIX sampling.
>
> OVN v22.09.0 - 16 Sep 2022
> --
> diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c
> index 7dd83e7f4..0752a71ad 100644
> --- a/controller/ovn-controller.c
> +++ b/controller/ovn-controller.c
> @@ -3172,6 +3172,8 @@ lflow_output_sb_meter_handler(struct engine_node *node,
> void *data)
> struct ed_type_pflow_output {
> /* Desired physical flows. */
> struct ovn_desired_flow_table flow_table;
> +/* Drop debugging options. */
> +struct physical_debug debug;
> };
>
> static void init_physical_ctx(struct engine_node *node,
> @@ -3216,6 +3218,11 @@ static void init_physical_ctx(struct engine_node *node,
> chassis = chassis_lookup_by_name(sbrec_chassis_by_name, chassis_id);
> }
>
> +const struct sbrec_sb_global_table *sb_global_table =
> +EN_OVSDB_GET(engine_get_input("SB_sb_global", node));
> +const struct sbrec_sb_global *sb_global =
> +sbrec_sb_global_table_first(sb_global_table);
> +
> ovs_assert(br_int && chassis);
>
> struct ed_type_ct_zones *ct_zones_data =
> @@ -3237,6 +3244,13 @@ static void init_physical_ctx(struct engine_node *node,
> p_ctx->local_bindings = _data->lbinding_data.bindings;
> p_ctx->patch_ofports = _vif_data->patch_ofports;
> p_ctx->chassis_tunnels = _vif_data->chassis_tunnels;
> +p_ctx->debug.collector_set_id = smap_get_uint(_global->options,
> + "debug_drop_collector_set",
> + 0);
> +
> +p_ctx->debug.obs_domain_id = smap_get_uint(_global->options,
> + "debug_drop_domain_id",
> + 0);
> }
>
> static void *
> @@ -3439,6 +3453,32 @@ pflow_output_activated_ports_handler(struct
> engine_node *node, void *data)
> return true;
> }
>
> +static bool
> +pflow_output_sb_sb_global_handler(struct engine_node *node, void *data)
> +{
> +const struct sbrec_sb_global_table *sb_global_table =
> +EN_OVSDB_GET(engine_get_input("SB_sb_global", node));
> +const struct sbrec_sb_global *sb_global =
> +sbrec_sb_global_table_first(sb_global_table);
> +
> +struct ed_type_pflow_output *pfo = data;
> +
> +uint32_t collector_set_id = smap_get_uint(_global->options,
> + "debug_drop_collector_set",
> + 0);
> +uint32_t obs_domain_id = smap_get_uint(_global->options,
> + "debug_drop_domain_id",
> + 0);
> +
> +if (pfo->debug.collector_set_id != collector_set_id ||
> +
Re: [ovs-dev] [PATCH ovn v6 2/3] northd: make default drops explicit
On Mon, Nov 21, 2022 at 11:13 AM Adrian Moreno wrote:
>
> By default, traffic that doesn't match any configured flow will be dropped.
> But having that behavior implicit makes those drops more difficult to
> visualize.
>
> Make default drops explicit both as default logical flows and as default
> openflow flows (e.g: for physical tables). The only exceptions are
> physical tables 68 and 70 that are used to implement chk_lb_hairpin and
> ct_snat_to_vip actions and don't drop traffic.
>
> Signed-off-by: Adrian Moreno
Acked-by: Numan Siddique
This patch series needs a rebase. Can you please spin up v7 ?
Numan
> ---
> controller/physical.c | 32
> northd/northd.c | 34 +++-
> northd/ovn-northd.8.xml | 40 +-
> tests/ovn-northd.at | 84
> tests/ovn.at| 169 +++-
> 5 files changed, 349 insertions(+), 10 deletions(-)
>
> diff --git a/controller/physical.c b/controller/physical.c
> index 705146316..58c4e1f05 100644
> --- a/controller/physical.c
> +++ b/controller/physical.c
> @@ -833,6 +833,17 @@ put_zones_ofpacts(const struct zone_ids *zone_ids,
> struct ofpbuf *ofpacts_p)
> }
> }
>
> +static void
> +add_default_drop_flow(uint8_t table_id,
> + struct ovn_desired_flow_table *flow_table)
> +{
> +struct match match = MATCH_CATCHALL_INITIALIZER;
> +struct ofpbuf ofpacts;
> +ofpbuf_init(, 0);
> +ofctrl_add_flow(flow_table, table_id, 0, 0, ,
> +, hc_uuid);
> +}
> +
> static void
> put_local_common_flows(uint32_t dp_key,
> const struct sbrec_port_binding *pb,
> @@ -2114,6 +2125,13 @@ physical_run(struct physical_ctx *p_ctx,
> }
> }
>
> +/* Table 0, priority 0.
> + * ==
> + *
> + * Drop packets tha do not match any tunnel in_port.
> + */
> +add_default_drop_flow(OFTABLE_PHY_TO_LOG, flow_table);
> +
> /* Table 37, priority 150.
> * ===
> *
> @@ -2159,6 +2177,13 @@ physical_run(struct physical_ctx *p_ctx,
> ofctrl_add_flow(flow_table, OFTABLE_REMOTE_OUTPUT, 0, 0, ,
> , hc_uuid);
>
> +/* Table 38, priority 0.
> + * ==
> + *
> + * Drop packets that do not match previous flows.
> + */
> +add_default_drop_flow(OFTABLE_LOCAL_OUTPUT, flow_table);
> +
> /* Table 39, Priority 0.
> * ===
> *
> @@ -2185,5 +2210,12 @@ physical_run(struct physical_ctx *p_ctx,
> ofctrl_add_flow(flow_table, OFTABLE_SAVE_INPORT, 0, 0, ,
> , hc_uuid);
>
> +/* Table 65, priority 0.
> + * ==
> + *
> + * Drop packets that do not match previous flows.
> + */
> +add_default_drop_flow(OFTABLE_LOG_TO_PHY, flow_table);
> +
> ofpbuf_uninit();
> }
> diff --git a/northd/northd.c b/northd/northd.c
> index e1f3bace8..133df 100644
> --- a/northd/northd.c
> +++ b/northd/northd.c
> @@ -5155,6 +5155,16 @@ ovn_lflow_add_at(struct hmap *lflow_map, struct
> ovn_datapath *od,
> io_port, ctrl_meter, stage_hint, where, hash);
> }
>
> +static void
> +__ovn_lflow_add_default_drop(struct hmap *lflow_map,
> + struct ovn_datapath *od,
> + enum ovn_stage stage,
> + const char *where)
> +{
> +ovn_lflow_add_at(lflow_map, od, stage, 0, "1", "drop;",
> + NULL, NULL, NULL, where );
> +}
> +
> /* Adds a row with the specified contents to the Logical_Flow table. */
> #define ovn_lflow_add_with_hint__(LFLOW_MAP, OD, STAGE, PRIORITY, MATCH, \
>ACTIONS, IN_OUT_PORT, CTRL_METER, \
> @@ -5167,6 +5177,10 @@ ovn_lflow_add_at(struct hmap *lflow_map, struct
> ovn_datapath *od,
> ovn_lflow_add_at(LFLOW_MAP, OD, STAGE, PRIORITY, MATCH, ACTIONS, \
> NULL, NULL, STAGE_HINT, OVS_SOURCE_LOCATOR)
>
> +#define ovn_lflow_add_default_drop(LFLOW_MAP, OD, STAGE)\
> +__ovn_lflow_add_default_drop(LFLOW_MAP, OD, STAGE, OVS_SOURCE_LOCATOR)
> +
> +
> /* This macro is similar to ovn_lflow_add_with_hint, except that it requires
> * the IN_OUT_PORT argument, which tells the lport name that appears in the
> * MATCH, which helps ovn-controller to bypass lflows parsing when the lport
> is
> @@ -10975,6 +10989,9 @@ build_adm_ctrl_flows_for_lrouter(
> * Broadcast/multicast source address is invalid. */
> ovn_lflow_add(lflows, od, S_ROUTER_IN_ADMISSION, 100,
>"vlan.present || eth.src[40]", "drop;");
> +
> +/* Default action for L2 security is to drop. */
> +ovn_lflow_add_default_drop(lflows, od, S_ROUTER_IN_ADMISSION);
> }
> }
>
> @@ -11216,6 +11233,8 @@ build_neigh_learning_flows_for_lrouter(
>"nd_ns",
Re: [ovs-dev] [PATCH ovn v6 1/3] actions: add sample action
On Mon, Nov 21, 2022 at 11:13 AM Adrian Moreno wrote:
>
> sample ovn action encodes into the OFPACT_SAMPLE ovs action.
>
> OVN action allows the following parameters:
>
> - obs_domain_id: 8-bit integer that identifies the sampling application.
> This value will be combined with the datapath's tunnel_id to form the
> final observation_domain_id that will be used in the OVS action as:
> ObservationDomainID = obs_domain_id << 24 | (dp_key & 0xFF)
>
> - obs_point_id: a 32-bit integer or the $cookie macro that will be
> expanded into the first 32 bits of the lflow's UUID.
>
> - probability: a 16-bit integer that specifies the sampling probability.
> Specifying 0 has no effect and 65535 means sampling all packets.
>
> - collector_set: the 32-bit id that has to be configured in OVS's
> Flow_Sample_Collector_Set table in order to configure IPFIX sampling.
>
> Signed-off-by: Adrian Moreno
Acked-by: Numan Siddique
This patch series needs a rebase. Can you please spin up v7 ?
Thanks
Numan
> ---
> controller/lflow.c| 1 +
> include/ovn/actions.h | 16 ++
> lib/actions.c | 120 ++
> ovn-sb.xml| 52 ++
> tests/ovn.at | 28 ++
> tests/test-ovn.c | 3 ++
> utilities/ovn-trace.c | 3 ++
> 7 files changed, 223 insertions(+)
>
> diff --git a/controller/lflow.c b/controller/lflow.c
> index cc0f31db0..ad316c17f 100644
> --- a/controller/lflow.c
> +++ b/controller/lflow.c
> @@ -1007,6 +1007,7 @@ add_matches_to_flow_table(const struct
> sbrec_logical_flow *lflow,
> .group_table = l_ctx_out->group_table,
> .meter_table = l_ctx_out->meter_table,
> .lflow_uuid = lflow->header_.uuid,
> +.dp_key = ldp->datapath->tunnel_key,
>
> .pipeline = ingress ? OVNACT_P_INGRESS : OVNACT_P_EGRESS,
> .ingress_ptable = OFTABLE_LOG_INGRESS_PIPELINE,
> diff --git a/include/ovn/actions.h b/include/ovn/actions.h
> index d7ee84dac..009487cfc 100644
> --- a/include/ovn/actions.h
> +++ b/include/ovn/actions.h
> @@ -121,6 +121,7 @@ struct ovn_extend_table;
> OVNACT(COMMIT_ECMP_NH,ovnact_commit_ecmp_nh) \
> OVNACT(CHK_ECMP_NH_MAC, ovnact_result) \
> OVNACT(CHK_ECMP_NH, ovnact_result) \
> +OVNACT(SAMPLE,ovnact_sample) \
>
> /* enum ovnact_type, with a member OVNACT_ for each action. */
> enum OVS_PACKED_ENUM ovnact_type {
> @@ -456,6 +457,18 @@ struct ovnact_lookup_fdb {
> struct expr_field dst; /* 1-bit destination field. */
> };
>
> +/* OVNACT_SAMPLE */
> +struct ovnact_sample {
> +struct ovnact ovnact;
> +uint16_t probability; /* probability over UINT16_MAX. */
> +uint8_t obs_domain_id; /* most significant byte of the
> + observation domain id. The other 24 bits
> + will come from the datapath's tunnel key.
> */
> +uint32_t collector_set_id; /* colector_set_id. */
> +uint32_t obs_point_id; /* observation point id. */
> +bool use_cookie;/* use cookie as obs_point_id */
> +};
> +
> /* OVNACT_COMMIT_ECMP_NH. */
> struct ovnact_commit_ecmp_nh {
> struct ovnact ovnact;
> @@ -785,6 +798,9 @@ struct ovnact_encode_params {
> /* The logical flow uuid that drove this action. */
> struct uuid lflow_uuid;
>
> +/* The datapath key. */
> +uint32_t dp_key;
> +
> /* OVN maps each logical flow table (ltable), one-to-one, onto a physical
> * OpenFlow flow table (ptable). A number of parameters describe this
> * mapping and data related to flow tables:
> diff --git a/lib/actions.c b/lib/actions.c
> index adbb42db4..65205aaba 100644
> --- a/lib/actions.c
> +++ b/lib/actions.c
> @@ -4279,6 +4279,124 @@ encode_CHECK_OUT_PORT_SEC(const struct ovnact_result
> *dl,
> MLF_CHECK_PORT_SEC_BIT, ofpacts);
> }
>
> +static void
> +format_SAMPLE(const struct ovnact_sample *sample, struct ds *s)
> +{
> +ds_put_format(s, "sample(probability=%"PRIu16, sample->probability);
> +
> +ds_put_format(s, ",collector_set=%"PRIu32, sample->collector_set_id);
> +ds_put_format(s, ",obs_domain=%"PRIu8, sample->obs_domain_id);
> +if (sample->use_cookie) {
> +ds_put_cstr(s, ",obs_point=$cookie");
> +} else {
> +ds_put_format(s, ",obs_point=%"PRIu32, sample->obs_point_id);
> +}
> +ds_put_format(s, ");");
> +}
> +
> +static void
> +encode_SAMPLE(const struct ovnact_sample *sample,
> + const struct ovnact_encode_params *ep,
> + struct ofpbuf *ofpacts)
> +{
> +struct ofpact_sample *os = ofpact_put_SAMPLE(ofpacts);
> +os->probability = sample->probability;
> +os->collector_set_id = sample->collector_set_id;
> +os->obs_domain_id =
> +(sample->obs_domain_id << 24) | (ep->dp_key & 0xFF);
> +
> +if (sample->use_cookie) {
> +
Re: [ovs-dev] [PATCH] learn: Fix parsing immediate value for a field match.
On 11/8/22 19:15, Simon Horman wrote:
> On Sat, Nov 05, 2022 at 11:11:53AM +0100, Ilya Maximets wrote:
>> The value is right-justified after the string parsing with
>> parse_int_string(), i.e. it is in BE byte order and aligned
>> to the right side of the array.
>>
>> For example, the 0x10011 value in a 4-byte field will look
>> like 0x00 0x01 0x00 0x11.
>>
>> However, value copy to the resulted ofpact is performed
>> from the start of the memory. So, in case the destination
>> size is smaller than the original field size, incorrect
>> part of the value will be copied.
>>
>> In the 0x00 0x01 0x00 0x11 example above, if the copy is
>> performed to a 3-byte field, the first 3 bytes will be
>> copied, which are 0x00 0x01 0x00 instead of 0x01 0x00 0x11.
>>
>> This leads to a problem where NXM_NX_REG3[0..16]=0x10011
>> turns into NXM_NX_REG3[0..16]=0x100 after the parsing.
>>
>> Fix that by offsetting the starting position to the size
>> difference in bytes similarly to how it is done in
>> learn_parse_load_immediate().
>>
>> Fixes: 21b2fa617126 ("ofp-parse: Allow match field names in actions and
>> brackets in matches.")
>> Reported-at:
>> https://mail.openvswitch.org/pipermail/ovs-discuss/2022-November/052100.html
>> Reported-by: Thomas Lee
>> Signed-off-by: Ilya Maximets
>> ---
>> lib/learn.c| 4 +++-
>> tests/learn.at | 4 ++--
>> 2 files changed, 5 insertions(+), 3 deletions(-)
>>
>> diff --git a/lib/learn.c b/lib/learn.c
>> index a40209ec0..cfd762527 100644
>> --- a/lib/learn.c
>> +++ b/lib/learn.c
>> @@ -310,9 +310,11 @@ learn_parse_spec(const char *orig, char *name, char
>> *value,
>>
>> /* Push value last, as this may reallocate 'spec'! */
>> unsigned int imm_bytes = DIV_ROUND_UP(dst.n_bits, 8);
>> +unsigned int offset = dst.field->n_bytes - imm_bytes;
>> uint8_t *src_imm = ofpbuf_put_zeros(ofpacts,
>>
>> OFPACT_ALIGN(imm_bytes));
>> -memcpy(src_imm, , imm_bytes);
>> +
>> +memcpy(src_imm, (uint8_t *) + offset, imm_bytes);
>
> FWIIW, This seems fine to me, but I wonder if
> it would nicer (and indeed valid) to use here.
I guess, you meant 'imm.b', since we have mf_value and not mf_subvalue
here. But I agree that it makes more sense. Thanks! I'll also change
other places where is used as a pointer to a byte array to make
the code a bit more clear. Will send v2 shortly.
Sorry for the late reply, just got back from my PTO.
Best regards, Ilya Maximets.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn] CI: Update GH actions version
As stated by the Github CI: "Node.js 12 actions are deprecated. For more information see: https://github.blog/changelog/2022-09-22-github-actions-all- actions-will-begin-running-on-node16-instead-of-node12/. Please update the following actions to use Node.js 16: actions/checkout@v2, actions/setup-python@v2" Signed-off-by: Ales Musil --- .github/workflows/test.yml | 16 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 88c48dd2c..d35b18e55 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -58,20 +58,20 @@ jobs: steps: - name: checkout if: github.event_name == 'push' || github.event_name == 'pull_request' - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: submodules: recursive # For weekly runs, don't update submodules - name: checkout without submodule if: github.event_name == 'schedule' - uses: actions/checkout@v2 + uses: actions/checkout@v3 # Weekly runs test using OVS master instead of the # submodule. - name: checkout OVS master if: github.event_name == 'schedule' - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: repository: 'openvswitch/ovs' path: 'ovs' @@ -100,7 +100,7 @@ jobs: echo "$HOME/.local/bin" >> $GITHUB_PATH - name: set up python - uses: actions/setup-python@v2 + uses: actions/setup-python@v4 with: python-version: '3.x' @@ -146,18 +146,18 @@ jobs: steps: - name: checkout if: github.event_name == 'push' || github.event_name == 'pull_request' - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: submodules: recursive # For weekly runs, don't update submodules - name: checkout without submodule if: github.event_name == 'schedule' - uses: actions/checkout@v2 + uses: actions/checkout@v3 # Weekly runs test using OVS master instead of the # submodule. - name: checkout OVS master if: github.event_name == 'schedule' - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: repository: 'openvswitch/ovs' path: 'ovs' @@ -169,7 +169,7 @@ jobs: echo "$HOME/bin">> $GITHUB_PATH echo "$HOME/.local/bin" >> $GITHUB_PATH - name: set up python - uses: actions/setup-python@v2 + uses: actions/setup-python@v4 with: python-version: '3.x' - name: prepare -- 2.38.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCHv2 net-next 5/5] net: move the nat function to nf_nat_ovs for ovs and tc
On Wed, Nov 23, 2022 at 12:09:55PM -0300, Marcelo Ricardo Leitner wrote:
> On Tue, Nov 22, 2022 at 12:32:21PM -0500, Xin Long wrote:
> > +int nf_ct_nat(struct sk_buff *skb, struct nf_conn *ct,
> > + enum ip_conntrack_info ctinfo, int *action,
> > + const struct nf_nat_range2 *range, bool commit)
> > +{
> > + enum nf_nat_manip_type maniptype;
> > + int err, ct_action = *action;
> > +
> > + *action = 0;
> > +
> > + /* Add NAT extension if not confirmed yet. */
> > + if (!nf_ct_is_confirmed(ct) && !nf_ct_nat_ext_add(ct))
> > + return NF_ACCEPT; /* Can't NAT. */
> > +
> > + if (ctinfo != IP_CT_NEW && (ct->status & IPS_NAT_MASK) &&
> > + (ctinfo != IP_CT_RELATED || commit)) {
> > + /* NAT an established or related connection like before. */
> > + if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY)
> > + /* This is the REPLY direction for a connection
> > +* for which NAT was applied in the forward
> > +* direction. Do the reverse NAT.
> > +*/
> > + maniptype = ct->status & IPS_SRC_NAT
> > + ? NF_NAT_MANIP_DST : NF_NAT_MANIP_SRC;
> > + else
> > + maniptype = ct->status & IPS_SRC_NAT
> > + ? NF_NAT_MANIP_SRC : NF_NAT_MANIP_DST;
> > + } else if (ct_action & (1 << NF_NAT_MANIP_SRC)) {
> > + maniptype = NF_NAT_MANIP_SRC;
> > + } else if (ct_action & (1 << NF_NAT_MANIP_DST)) {
> > + maniptype = NF_NAT_MANIP_DST;
> > + } else {
> > + return NF_ACCEPT;
> > + }
> > +
> > + err = nf_ct_nat_execute(skb, ct, ctinfo, action, range, maniptype);
> > + if (err == NF_ACCEPT && ct->status & IPS_DST_NAT) {
> > + if (ct->status & IPS_SRC_NAT) {
> > + if (maniptype == NF_NAT_MANIP_SRC)
> > + maniptype = NF_NAT_MANIP_DST;
> > + else
> > + maniptype = NF_NAT_MANIP_SRC;
> > +
> > + err = nf_ct_nat_execute(skb, ct, ctinfo, action, range,
> > + maniptype);
> > + } else if (CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL) {
> > + err = nf_ct_nat_execute(skb, ct, ctinfo, action, NULL,
> > + NF_NAT_MANIP_SRC);
> > + }
> > + }
> > + return err;
> > +}
> > +EXPORT_SYMBOL_GPL(nf_ct_nat);
> > diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c
> > index cc643a556ea1..d03c75165663 100644
> > --- a/net/openvswitch/conntrack.c
> > +++ b/net/openvswitch/conntrack.c
> > @@ -726,144 +726,27 @@ static void ovs_nat_update_key(struct sw_flow_key
> > *key,
> > }
> > }
> >
> > -/* Modelled after nf_nat_ipv[46]_fn().
> > - * range is only used for new, uninitialized NAT state.
> > - * Returns either NF_ACCEPT or NF_DROP.
> > - */
> > -static int ovs_ct_nat_execute(struct sk_buff *skb, struct nf_conn *ct,
> > - enum ip_conntrack_info ctinfo,
> > - const struct nf_nat_range2 *range,
> > - enum nf_nat_manip_type maniptype, struct
> > sw_flow_key *key)
> > -{
> > - int hooknum, err = NF_ACCEPT;
> > -
> > - /* See HOOK2MANIP(). */
> > - if (maniptype == NF_NAT_MANIP_SRC)
> > - hooknum = NF_INET_LOCAL_IN; /* Source NAT */
> > - else
> > - hooknum = NF_INET_LOCAL_OUT; /* Destination NAT */
> > -
> > - switch (ctinfo) {
> > - case IP_CT_RELATED:
> > - case IP_CT_RELATED_REPLY:
> > - if (IS_ENABLED(CONFIG_NF_NAT) &&
> > - skb->protocol == htons(ETH_P_IP) &&
> > - ip_hdr(skb)->protocol == IPPROTO_ICMP) {
> > - if (!nf_nat_icmp_reply_translation(skb, ct, ctinfo,
> > - hooknum))
> > - err = NF_DROP;
> > - goto out;
> > - } else if (IS_ENABLED(CONFIG_IPV6) &&
> > - skb->protocol == htons(ETH_P_IPV6)) {
> > - __be16 frag_off;
> > - u8 nexthdr = ipv6_hdr(skb)->nexthdr;
> > - int hdrlen = ipv6_skip_exthdr(skb,
> > - sizeof(struct ipv6hdr),
> > - , _off);
> > -
> > - if (hdrlen >= 0 && nexthdr == IPPROTO_ICMPV6) {
> > - if (!nf_nat_icmpv6_reply_translation(skb, ct,
> > -ctinfo,
> > -hooknum,
> > -hdrlen))
> > - err = NF_DROP;
> > - goto out;
> > - }
> > - }
> > - /* Non-ICMP, fall
Re: [ovs-dev] [PATCHv2 net-next 5/5] net: move the nat function to nf_nat_ovs for ovs and tc
On Tue, Nov 22, 2022 at 12:32:21PM -0500, Xin Long wrote:
> +int nf_ct_nat(struct sk_buff *skb, struct nf_conn *ct,
> + enum ip_conntrack_info ctinfo, int *action,
> + const struct nf_nat_range2 *range, bool commit)
> +{
> + enum nf_nat_manip_type maniptype;
> + int err, ct_action = *action;
> +
> + *action = 0;
> +
> + /* Add NAT extension if not confirmed yet. */
> + if (!nf_ct_is_confirmed(ct) && !nf_ct_nat_ext_add(ct))
> + return NF_ACCEPT; /* Can't NAT. */
> +
> + if (ctinfo != IP_CT_NEW && (ct->status & IPS_NAT_MASK) &&
> + (ctinfo != IP_CT_RELATED || commit)) {
> + /* NAT an established or related connection like before. */
> + if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY)
> + /* This is the REPLY direction for a connection
> + * for which NAT was applied in the forward
> + * direction. Do the reverse NAT.
> + */
> + maniptype = ct->status & IPS_SRC_NAT
> + ? NF_NAT_MANIP_DST : NF_NAT_MANIP_SRC;
> + else
> + maniptype = ct->status & IPS_SRC_NAT
> + ? NF_NAT_MANIP_SRC : NF_NAT_MANIP_DST;
> + } else if (ct_action & (1 << NF_NAT_MANIP_SRC)) {
> + maniptype = NF_NAT_MANIP_SRC;
> + } else if (ct_action & (1 << NF_NAT_MANIP_DST)) {
> + maniptype = NF_NAT_MANIP_DST;
> + } else {
> + return NF_ACCEPT;
> + }
> +
> + err = nf_ct_nat_execute(skb, ct, ctinfo, action, range, maniptype);
> + if (err == NF_ACCEPT && ct->status & IPS_DST_NAT) {
> + if (ct->status & IPS_SRC_NAT) {
> + if (maniptype == NF_NAT_MANIP_SRC)
> + maniptype = NF_NAT_MANIP_DST;
> + else
> + maniptype = NF_NAT_MANIP_SRC;
> +
> + err = nf_ct_nat_execute(skb, ct, ctinfo, action, range,
> + maniptype);
> + } else if (CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL) {
> + err = nf_ct_nat_execute(skb, ct, ctinfo, action, NULL,
> + NF_NAT_MANIP_SRC);
> + }
> + }
> + return err;
> +}
> +EXPORT_SYMBOL_GPL(nf_ct_nat);
> diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c
> index cc643a556ea1..d03c75165663 100644
> --- a/net/openvswitch/conntrack.c
> +++ b/net/openvswitch/conntrack.c
> @@ -726,144 +726,27 @@ static void ovs_nat_update_key(struct sw_flow_key *key,
> }
> }
>
> -/* Modelled after nf_nat_ipv[46]_fn().
> - * range is only used for new, uninitialized NAT state.
> - * Returns either NF_ACCEPT or NF_DROP.
> - */
> -static int ovs_ct_nat_execute(struct sk_buff *skb, struct nf_conn *ct,
> - enum ip_conntrack_info ctinfo,
> - const struct nf_nat_range2 *range,
> - enum nf_nat_manip_type maniptype, struct
> sw_flow_key *key)
> -{
> - int hooknum, err = NF_ACCEPT;
> -
> - /* See HOOK2MANIP(). */
> - if (maniptype == NF_NAT_MANIP_SRC)
> - hooknum = NF_INET_LOCAL_IN; /* Source NAT */
> - else
> - hooknum = NF_INET_LOCAL_OUT; /* Destination NAT */
> -
> - switch (ctinfo) {
> - case IP_CT_RELATED:
> - case IP_CT_RELATED_REPLY:
> - if (IS_ENABLED(CONFIG_NF_NAT) &&
> - skb->protocol == htons(ETH_P_IP) &&
> - ip_hdr(skb)->protocol == IPPROTO_ICMP) {
> - if (!nf_nat_icmp_reply_translation(skb, ct, ctinfo,
> -hooknum))
> - err = NF_DROP;
> - goto out;
> - } else if (IS_ENABLED(CONFIG_IPV6) &&
> -skb->protocol == htons(ETH_P_IPV6)) {
> - __be16 frag_off;
> - u8 nexthdr = ipv6_hdr(skb)->nexthdr;
> - int hdrlen = ipv6_skip_exthdr(skb,
> - sizeof(struct ipv6hdr),
> - , _off);
> -
> - if (hdrlen >= 0 && nexthdr == IPPROTO_ICMPV6) {
> - if (!nf_nat_icmpv6_reply_translation(skb, ct,
> - ctinfo,
> - hooknum,
> - hdrlen))
> - err = NF_DROP;
> - goto out;
> - }
> - }
> - /* Non-ICMP, fall thru to initialize if needed. */
> - fallthrough;
> - case IP_CT_NEW:
> - /* Seen it before? This can
Re: [ovs-dev] [PATCH v3 ovn] controller: improve buffered packets management
On 11/23/22 15:32, Lorenzo Bianconi wrote:
> On Nov 23, Dumitru Ceara wrote:
>> On 11/23/22 15:26, Lorenzo Bianconi wrote:
>>> /* Called with in the pinctrl_handler thread context. */
>>> static int
>>> pinctrl_handle_buffered_packets(struct dp_packet *pkt_in,
>>> const struct match *md, bool is_arp)
>>> OVS_REQUIRES(pinctrl_mutex)
>>> {
>>> -struct buffered_packets *bp;
>>> -struct dp_packet *clone;
>>> -struct in6_addr addr;
>>> -
>>> -if (is_arp) {
>>> -addr = in6_addr_mapped_ipv4(htonl(md->flow.regs[0]));
>>> -} else {
>>> -ovs_be128 ip6 = hton128(flow_get_xxreg(>flow, 0));
>>> -memcpy(, , sizeof addr);
>>> -}
>>> -
>>> -uint32_t hash = hash_bytes(, sizeof addr, 0);
>>> -bp = pinctrl_find_buffered_packets(, hash);
>>> +uint64_t dp_key = ntohll(md->flow.metadata);
>>> +uint64_t oport_key = md->flow.regs[MFF_LOG_OUTPORT - MFF_REG0];
>>> +uint32_t hash = pinctrl_buffer_apcket_hash(dp_key, oport_key);
>>> +struct buffered_packets *bp
>>> += pinctrl_find_buffered_packets(dp_key, oport_key, hash);
>>> if (!bp) {
>>> if (hmap_count(_packets_map) >= 1000) {
Before your patch we would hit this hard coded limit if there were 1000
next hops for which we were bufferring packets.
Now, with your change, we will hit his limit only if there are 1000
ports for which we are bufferring packets. This seems very unlikely and
I wonder if this will ever happen in practice. Do we need to change its
value? Also, let's add a define for it somewhere to make it a bit less
"magic".
>>> ack. I would prefer to be a bit more conservative and keep the condition.
>>> What is the right value to use up to you?
>>>
>>
>> Well, if you want to keep the exact same condition you'd have to count
>> how many individual next hops we're buffering packets for. Is that an
>> option?
>
> I am fine to just keep a condition that limits the max size of
> buffered_packets_map, but if you think that is really not important we can
> drop
> it.
>
I think I wasn't clear, sorry. I think we still need that condition to
protect ovn-controller. We just need to adapt the code a bit so that we
stop buffering packets if we're already buffering for a max (1000)
number of next hops. This is what we had before your patch.
Regards,
Dumitru
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v3 ovn] controller: improve buffered packets management
On Nov 23, Dumitru Ceara wrote:
> On 11/23/22 15:26, Lorenzo Bianconi wrote:
> > /* Called with in the pinctrl_handler thread context. */
> > static int
> > pinctrl_handle_buffered_packets(struct dp_packet *pkt_in,
> > const struct match *md, bool is_arp)
> > OVS_REQUIRES(pinctrl_mutex)
> > {
> > -struct buffered_packets *bp;
> > -struct dp_packet *clone;
> > -struct in6_addr addr;
> > -
> > -if (is_arp) {
> > -addr = in6_addr_mapped_ipv4(htonl(md->flow.regs[0]));
> > -} else {
> > -ovs_be128 ip6 = hton128(flow_get_xxreg(>flow, 0));
> > -memcpy(, , sizeof addr);
> > -}
> > -
> > -uint32_t hash = hash_bytes(, sizeof addr, 0);
> > -bp = pinctrl_find_buffered_packets(, hash);
> > +uint64_t dp_key = ntohll(md->flow.metadata);
> > +uint64_t oport_key = md->flow.regs[MFF_LOG_OUTPORT - MFF_REG0];
> > +uint32_t hash = pinctrl_buffer_apcket_hash(dp_key, oport_key);
> > +struct buffered_packets *bp
> > += pinctrl_find_buffered_packets(dp_key, oport_key, hash);
> > if (!bp) {
> > if (hmap_count(_packets_map) >= 1000) {
> >> Before your patch we would hit this hard coded limit if there were 1000
> >> next hops for which we were bufferring packets.
> >>
> >> Now, with your change, we will hit his limit only if there are 1000
> >> ports for which we are bufferring packets. This seems very unlikely and
> >> I wonder if this will ever happen in practice. Do we need to change its
> >> value? Also, let's add a define for it somewhere to make it a bit less
> >> "magic".
> > ack. I would prefer to be a bit more conservative and keep the condition.
> > What is the right value to use up to you?
> >
>
> Well, if you want to keep the exact same condition you'd have to count
> how many individual next hops we're buffering packets for. Is that an
> option?
I am fine to just keep a condition that limits the max size of
buffered_packets_map, but if you think that is really not important we can drop
it.
Regards,
Lorenzo
>
> Thanks,
> Dumitru
>
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v3 ovn] controller: improve buffered packets management
On 11/23/22 15:26, Lorenzo Bianconi wrote:
> /* Called with in the pinctrl_handler thread context. */
> static int
> pinctrl_handle_buffered_packets(struct dp_packet *pkt_in,
> const struct match *md, bool is_arp)
> OVS_REQUIRES(pinctrl_mutex)
> {
> -struct buffered_packets *bp;
> -struct dp_packet *clone;
> -struct in6_addr addr;
> -
> -if (is_arp) {
> -addr = in6_addr_mapped_ipv4(htonl(md->flow.regs[0]));
> -} else {
> -ovs_be128 ip6 = hton128(flow_get_xxreg(>flow, 0));
> -memcpy(, , sizeof addr);
> -}
> -
> -uint32_t hash = hash_bytes(, sizeof addr, 0);
> -bp = pinctrl_find_buffered_packets(, hash);
> +uint64_t dp_key = ntohll(md->flow.metadata);
> +uint64_t oport_key = md->flow.regs[MFF_LOG_OUTPORT - MFF_REG0];
> +uint32_t hash = pinctrl_buffer_apcket_hash(dp_key, oport_key);
> +struct buffered_packets *bp
> += pinctrl_find_buffered_packets(dp_key, oport_key, hash);
> if (!bp) {
> if (hmap_count(_packets_map) >= 1000) {
>> Before your patch we would hit this hard coded limit if there were 1000
>> next hops for which we were bufferring packets.
>>
>> Now, with your change, we will hit his limit only if there are 1000
>> ports for which we are bufferring packets. This seems very unlikely and
>> I wonder if this will ever happen in practice. Do we need to change its
>> value? Also, let's add a define for it somewhere to make it a bit less
>> "magic".
> ack. I would prefer to be a bit more conservative and keep the condition.
> What is the right value to use up to you?
>
Well, if you want to keep the exact same condition you'd have to count
how many individual next hops we're buffering packets for. Is that an
option?
Thanks,
Dumitru
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v3 ovn] controller: improve buffered packets management
> On 11/15/22 10:44, Lorenzo Bianconi wrote:
> >> On Mon, Oct 24, 2022 at 11:29 AM Lorenzo Bianconi <
> >> lorenzo.bianc...@redhat.com> wrote:
> >>
> >>> Improve buffered packet management in ovn-controller avoid useless loop
> >>> in run_buffered_binding routine and using datapath key and output port
> >>> key as buffered_packets_map hashmap hash. Add new selftest for buffered
> >>> packets.
> >>>
> >>> Signed-off-by: Lorenzo Bianconi
> >>> ---
>
> Hi Lorenzo,
>
> Thanks for the patch! I have a few comments below.
>
> >>> Changes since v2:
> >>> - improve hash function
> >>> Changes since v1:
> >>> - improve code readability
> >>> ---
> >>> controller/pinctrl.c | 118
> >>> tests/system-ovn.at | 124 +++
> >>> 2 files changed, 208 insertions(+), 34 deletions(-)
> >>>
> >>> diff --git a/controller/pinctrl.c b/controller/pinctrl.c
> >>> index 8859cb080..dfcd0cea8 100644
> >>> --- a/controller/pinctrl.c
> >>> +++ b/controller/pinctrl.c
> >>> @@ -182,6 +182,7 @@ static void destroy_buffered_packets_map(void);
> >>> static void
> >>> run_buffered_binding(struct ovsdb_idl_index
> >>> *sbrec_mac_binding_by_lport_ip,
> >>> struct ovsdb_idl_index
> >>> *sbrec_port_binding_by_datapath,
> >>> + struct ovsdb_idl_index *sbrec_port_binding_by_name,
> >>> const struct hmap *local_datapaths)
> >>> OVS_REQUIRES(pinctrl_mutex);
> >>>
> >>> @@ -1430,6 +1431,9 @@ struct buffered_packets {
> >>> struct in6_addr ip;
> >>> struct eth_addr ea;
> >>>
> >>> +uint64_t dp_key;
> >>> +uint64_t port_key;
> >>> +
> >>> long long int timestamp;
> >>>
> >>> struct buffer_info data[BUFFER_QUEUE_DEPTH];
> >>> @@ -1556,38 +1560,38 @@ buffered_packets_map_gc(void)
> >>> }
> >>>
> >>> static struct buffered_packets *
> >>> -pinctrl_find_buffered_packets(const struct in6_addr *ip, uint32_t hash)
> >>> +pinctrl_find_buffered_packets(uint64_t dp_key, uint64_t port_key,
> >>> + uint32_t hash)
> >>> {
> >>> struct buffered_packets *qp;
> >>> -
> >>> -HMAP_FOR_EACH_WITH_HASH (qp, hmap_node, hash,
> >>> - _packets_map) {
> >>> -if (IN6_ARE_ADDR_EQUAL(>ip, ip)) {
> >>> +HMAP_FOR_EACH_WITH_HASH (qp, hmap_node, hash, _packets_map)
> >>> {
> >>> +if (qp->dp_key == dp_key && qp->port_key == port_key) {
> >>> return qp;
> >>> }
> >>> }
> >>> return NULL;
> >>> }
> >>>
> >>> +static uint32_t
> >>> +pinctrl_buffer_apcket_hash(uint64_t dp_key, uint64_t port_key)
> >>>
> >>
> >> nit: typo in the function name "pinctrl_buffer_apcket_hash" ->
> >> "pinctrl_buffer_packet_hash".
> >> I guess this can be fixed during merge, let's see if others agree.
> >>
> >>
> >>> +{
> >>> +uint32_t hash = 0;
> >>> +hash = hash_add64(hash, port_key);
> >>> +hash = hash_add64(hash, dp_key);
> >>> +return hash_finish(hash, 16);
> >>> +}
> >>> +
> >>> /* Called with in the pinctrl_handler thread context. */
> >>> static int
> >>> pinctrl_handle_buffered_packets(struct dp_packet *pkt_in,
> >>> const struct match *md, bool is_arp)
> >>> OVS_REQUIRES(pinctrl_mutex)
> >>> {
> >>> -struct buffered_packets *bp;
> >>> -struct dp_packet *clone;
> >>> -struct in6_addr addr;
> >>> -
> >>> -if (is_arp) {
> >>> -addr = in6_addr_mapped_ipv4(htonl(md->flow.regs[0]));
> >>> -} else {
> >>> -ovs_be128 ip6 = hton128(flow_get_xxreg(>flow, 0));
> >>> -memcpy(, , sizeof addr);
> >>> -}
> >>> -
> >>> -uint32_t hash = hash_bytes(, sizeof addr, 0);
> >>> -bp = pinctrl_find_buffered_packets(, hash);
> >>> +uint64_t dp_key = ntohll(md->flow.metadata);
> >>> +uint64_t oport_key = md->flow.regs[MFF_LOG_OUTPORT - MFF_REG0];
> >>> +uint32_t hash = pinctrl_buffer_apcket_hash(dp_key, oport_key);
> >>> +struct buffered_packets *bp
> >>> += pinctrl_find_buffered_packets(dp_key, oport_key, hash);
> >>> if (!bp) {
> >>> if (hmap_count(_packets_map) >= 1000) {
>
> Before your patch we would hit this hard coded limit if there were 1000
> next hops for which we were bufferring packets.
>
> Now, with your change, we will hit his limit only if there are 1000
> ports for which we are bufferring packets. This seems very unlikely and
> I wonder if this will ever happen in practice. Do we need to change its
> value? Also, let's add a define for it somewhere to make it a bit less
> "magic".
ack. I would prefer to be a bit more conservative and keep the condition.
What is the right value to use up to you? :)
>
> >>> COVERAGE_INC(pinctrl_drop_buffered_packets_map);
> >>> @@ -1597,12 +1601,20 @@ pinctrl_handle_buffered_packets(struct dp_packet
> >>> *pkt_in,
> >>> bp = xmalloc(sizeof *bp);
> >>> hmap_insert(_packets_map, >hmap_node,
Re: [ovs-dev] [PATCHv2 net-next 2/5] openvswitch: return NF_ACCEPT when OVS_CT_NAT is net set in info nat
There's a typo in the subject here, s/is net/is not/ . ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCHv2 net-next 3/5] net: sched: return NF_ACCEPT when fails to add nat ext in tcf_ct_act_nat
On Tue, Nov 22, 2022 at 12:32:19PM -0500, Xin Long wrote:
> This patch changes to return NF_ACCEPT when fails to add nat
> ext before doing NAT in tcf_ct_act_nat(), to keep consistent
> with OVS' processing in ovs_ct_nat().
>
> Reviewed-by: Saeed Mahameed
> Signed-off-by: Xin Long
> ---
> net/sched/act_ct.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c
> index da0b7f665277..8869b3ef6642 100644
> --- a/net/sched/act_ct.c
> +++ b/net/sched/act_ct.c
> @@ -994,7 +994,7 @@ static int tcf_ct_act_nat(struct sk_buff *skb,
>
> /* Add NAT extension if not confirmed yet. */
> if (!nf_ct_is_confirmed(ct) && !nf_ct_nat_ext_add(ct))
> - return NF_DROP; /* Can't NAT. */
> + return NF_ACCEPT; /* Can't NAT. */
I'm wondering if the fix should actually be in OVS, to make it drop
the packet? Aaron, Eelco?
If the user asked for NAT, and it can't NAT, it doesn't seem right to
forward the packet while not performing the asked action.
If we follow the code here, it may even commit the entry without the
NAT extension, rendering the connection useless/broken per the first
if condition above. It just won't try again.
>
> if (ctinfo != IP_CT_NEW && (ct->status & IPS_NAT_MASK) &&
> (ctinfo != IP_CT_RELATED || commit)) {
> --
> 2.31.1
>
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [v3] odp-execute: Add ISA implementation of set_masked IPv6 action
On 23 Nov 2022, at 15:05, Van Haaren, Harry wrote: >> -Original Message- >> From: dev On Behalf Of Eelco Chaudron >> Sent: Wednesday, November 23, 2022 1:55 PM >> To: Finn, Emma >> Cc: d...@openvswitch.org; david.march...@redhat.com; i.maxim...@ovn.org >> Subject: Re: [ovs-dev] [v3] odp-execute: Add ISA implementation of >> set_masked IPv6 >> action > > > >>> Something like this >>> v_dst = Loadu_si128(dst) >>> v_src = Loadu_si128(src) >>> v_or = _or_si128(v_dst, v_src) >>> >>> /* generate all ones register from cmpeq of v_zeros vs itself? */ >>> v_zeros = _setzero_si128() >>> v_all_ones = _cmpeq_epi(v_zeros, v_zeros); >>> int do_checksum = _mm_test_all_zeros(v_or, v_all_ones); >>> >>> Does this approach make sense to you? >> >> Yes perfectly, I was not aware of the _mm_test_all_zeros() which saves the >> popcount ;) >> >> One comment here is that do_checksum should be a bool type, something like >> >> bool do_checksum = !!_mm_test_all_zeros(v_or, v_all_ones); > > In the interest of micro-optimization discussions, we'd need to check if the > resulting ASM is the same... > Branching on a value is usually a "test" with a register/register, or > register/constant, and that sets the "flags" register. > > Note that the test_all_zeros() *already* sets the flags register! > https://www.intel.com/content/www/us/en/docs/intrinsics-guide/index.html?wapkw=intrinsics%20guide#text=mm_test_all_zero_expand=7187 > > By taking the result, doing the bitwise !! ops , and branching on the result, > it might force the compiler into emitting a > bunch of noisy-not-useful instructions. > > The test_all_zeros() isn't just a bypass of the popcnt instruction, it also > avoids the "test" with a register to set flags register. > By having set the ZF (zero-flag) we can JumpZero (JZ instruction) or JNZ > (JumpNotZero) on the result of it, no GPR register usage. > > Given this code is x86 specific anyway, I don't see value add from the bool > type and !! trick to canonicalize the "any value" to 0 or 1. > If the ASM generated is the same, I'm OK with either approach, just noting > the micro-optimization around test/flags-register. Lets see the asm, if we do keep int we should add a comment. But as this code will move outside the loop, I assume the flag register will be cleared out before it hits this in the loop. //Eelco ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [v3] odp-execute: Add ISA implementation of set_masked IPv6 action
> -Original Message- > From: dev On Behalf Of Eelco Chaudron > Sent: Wednesday, November 23, 2022 1:55 PM > To: Finn, Emma > Cc: d...@openvswitch.org; david.march...@redhat.com; i.maxim...@ovn.org > Subject: Re: [ovs-dev] [v3] odp-execute: Add ISA implementation of set_masked > IPv6 > action > > Something like this > > v_dst = Loadu_si128(dst) > > v_src = Loadu_si128(src) > > v_or = _or_si128(v_dst, v_src) > > > > /* generate all ones register from cmpeq of v_zeros vs itself? */ > > v_zeros = _setzero_si128() > > v_all_ones = _cmpeq_epi(v_zeros, v_zeros); > > int do_checksum = _mm_test_all_zeros(v_or, v_all_ones); > > > > Does this approach make sense to you? > > Yes perfectly, I was not aware of the _mm_test_all_zeros() which saves the > popcount ;) > > One comment here is that do_checksum should be a bool type, something like > > bool do_checksum = !!_mm_test_all_zeros(v_or, v_all_ones); In the interest of micro-optimization discussions, we'd need to check if the resulting ASM is the same... Branching on a value is usually a "test" with a register/register, or register/constant, and that sets the "flags" register. Note that the test_all_zeros() *already* sets the flags register! https://www.intel.com/content/www/us/en/docs/intrinsics-guide/index.html?wapkw=intrinsics%20guide#text=mm_test_all_zero_expand=7187 By taking the result, doing the bitwise !! ops , and branching on the result, it might force the compiler into emitting a bunch of noisy-not-useful instructions. The test_all_zeros() isn't just a bypass of the popcnt instruction, it also avoids the "test" with a register to set flags register. By having set the ZF (zero-flag) we can JumpZero (JZ instruction) or JNZ (JumpNotZero) on the result of it, no GPR register usage. Given this code is x86 specific anyway, I don't see value add from the bool type and !! trick to canonicalize the "any value" to 0 or 1. If the ASM generated is the same, I'm OK with either approach, just noting the micro-optimization around test/flags-register. Regards, -Harry ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v1 06/11] python: support case-insensitive OpenFlow actions
On Wed, Nov 23, 2022 at 5:03 AM Adrian Moreno wrote:
>
I believe the commit message was cut out.
> Signed-off-by: Adrian Moreno
> ---
> python/ovs/flow/kv.py| 17 ++---
> python/ovs/flow/ofp.py | 7 ---
> python/ovs/tests/test_ofp.py | 15 +++
> 3 files changed, 33 insertions(+), 6 deletions(-)
>
> diff --git a/python/ovs/flow/kv.py b/python/ovs/flow/kv.py
> index 3138db008..f7d7be0cf 100644
> --- a/python/ovs/flow/kv.py
> +++ b/python/ovs/flow/kv.py
> @@ -105,10 +105,17 @@ class KVDecoders(object):
>
> strict = True
>
> -def __init__(self, decoders=None, default=None, default_free=None):
> -self._decoders = decoders or dict()
> +def __init__(self, decoders=None, default=None, default_free=None,
> + ignore_case=False):
> +if not decoders:
> +self._decoders = dict()
> +elif ignore_case:
> +self._decoders = {k.lower(): v for k, v in decoders.items()}
> +else:
> +self._decoders = decoders
> self._default = default
> self._default_free = default_free or self._default_free_decoder
> +self._ignore_case = ignore_case
>
> def decode(self, keyword, value_str):
> """Decode a keyword and value.
> @@ -121,7 +128,11 @@ class KVDecoders(object):
> The key (str) and value(any) to be stored.
> """
>
> -decoder = self._decoders.get(keyword)
> +decoder = None
> +if self._ignore_case:
> +decoder = self._decoders.get(keyword.lower())
> +else:
> +decoder = self._decoders.get(keyword)
> if decoder:
> result = decoder(value_str)
> if isinstance(result, KeyValue):
> diff --git a/python/ovs/flow/ofp.py b/python/ovs/flow/ofp.py
> index 8f2727361..bf832f71b 100644
> --- a/python/ovs/flow/ofp.py
> +++ b/python/ovs/flow/ofp.py
> @@ -246,7 +246,8 @@ class OFPFlow(Flow):
> }
> clone_actions = OFPFlow._clone_actions_decoders_args(actions)
> actions.update(clone_actions)
> -return KVDecoders(actions, default_free=decode_free_output)
> +return KVDecoders(actions, default_free=decode_free_output,
> + ignore_case=True)
>
> @staticmethod
> def _output_actions_decoders_args():
> @@ -401,10 +402,10 @@ class OFPFlow(Flow):
> return {
> "learn": decode_learn(action_decoders),
> "clone": nested_kv_decoder(
> -KVDecoders(action_decoders), is_list=True
> +KVDecoders(action_decoders, ignore_case=True), is_list=True
> ),
> "write_actions": nested_kv_decoder(
> -KVDecoders(action_decoders), is_list=True
> +KVDecoders(action_decoders, ignore_case=True), is_list=True
> ),
> }
>
> diff --git a/python/ovs/tests/test_ofp.py b/python/ovs/tests/test_ofp.py
> index 328ab7285..5aa8d591b 100644
> --- a/python/ovs/tests/test_ofp.py
> +++ b/python/ovs/tests/test_ofp.py
> @@ -509,6 +509,21 @@ from ovs.flow.decoders import EthMask, IPMask,
> decode_mask
> ),
> ],
> ),
> +(
> +
> "actions=POP_VLAN,push_vlan:0x8100,NORMAL,clone(MOD_NW_SRC:192.168.1.1,resubmit(,10))",
> # noqa: E501
> +[
> +KeyValue("POP_VLAN", True),
> +KeyValue("push_vlan", 0x8100),
> +KeyValue("output", {"port": "NORMAL"}),
> +KeyValue(
> +"clone",
> +[
> +{"MOD_NW_SRC": netaddr.IPAddress("192.168.1.1")},
> +{"resubmit": {"port": "", "table": 10}},
> +]
> +),
> +],
> +),
> (
> "actions=doesnotexist(1234)",
> ParseError,
> --
> 2.38.1
>
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH] rculist: Fix iteration macros.
On 11/21/22 16:54, Adrian Moreno wrote:
>
>
> On 11/4/22 15:25, Ilya Maximets wrote:
>> Some macros for rculist have no users and there are no unit tests
>> specific to that library as well, so broken code wasn't spotted
>> while updating to multi-variable iterators.
>>
>> Fixing multiple problems like missing commas, parenthesis, incorrect
>> variable and macro names.
>>
>> Fixes: d293965d7b06 ("rculist: use multi-variable helpers for loop macros.")
>> Reported-by: Subrata Nath
>> Co-authored-by: Dumitru Ceara
>> Signed-off-by: Dumitru Ceara
>> Signed-off-by: Ilya Maximets
>> ---
>> lib/rculist.h | 18 +-
>> 1 file changed, 9 insertions(+), 9 deletions(-)
>>
>> diff --git a/lib/rculist.h b/lib/rculist.h
>> index c0d77acf9..9bb8cbf3e 100644
>> --- a/lib/rculist.h
>> +++ b/lib/rculist.h
>> @@ -380,18 +380,18 @@ rculist_is_singleton_protected(const struct rculist
>> *list)
>> #define RCULIST_FOR_EACH_REVERSE_PROTECTED(ITER, MEMBER, RCULIST)
>> \
>> for (INIT_MULTIVAR(ITER, MEMBER, (RCULIST)->prev, struct rculist);
>> \
>> CONDITION_MULTIVAR(ITER, MEMBER, ITER_VAR(ITER) != (RCULIST));
>> \
>> - UPDATE_MULTIVAR(ITER, ITER_VAR(VAR).prev))
>> + UPDATE_MULTIVAR(ITER, ITER_VAR(ITER)->prev))
>> #define RCULIST_FOR_EACH_REVERSE_PROTECTED_CONTINUE(ITER, MEMBER,
>> RCULIST) \
>> for (INIT_MULTIVAR(ITER, MEMBER, (ITER)->MEMBER.prev, struct rculist);
>> \
>> CONDITION_MULTIVAR(ITER, MEMBER, ITER_VAR(ITER) != (RCULIST));
>> \
>> - UPDATE_MULTIVAR(ITER, ITER_VAR(VAR).prev))
>> + UPDATE_MULTIVAR(ITER, ITER_VAR(ITER)->prev))
>>
>
> There's another hidden problem with the REVERSE iterators that has not popped
> up yet: They access 'prev' member directly which will not compile when using
> clang's thread-safety macros because of a fake mutex specifically added to
> avoid it.
> Since the macros are PROTECTED it should be OK to use
> rculist_back_protected() instead.
Hmm, interesting.
>
> I have written a unit test for rculist that I was planning to post soon. If
> you prefer I can fix this at the same time.
If you can fix that in your patch that would be easier, I think.
I'll try to merge the current fix somewhere soon (Just got back
from PTO today).
Best regards, Ilya Maximets.
>
>
>> #define RCULIST_FOR_EACH_PROTECTED(ITER, MEMBER, RCULIST)
>> \
>> for (INIT_MULTIVAR(ITER, MEMBER, rculist_next_protected(RCULIST),
>> \
>> struct rculist);
>> \
>> CONDITION_MULTIVAR(ITER, MEMBER, ITER_VAR(ITER) != (RCULIST));
>> \
>> - UPDATE_MULTIVAR(ITER, rculist_next_protected(ITER_VAR(ITER)))
>> \
>> + UPDATE_MULTIVAR(ITER, rculist_next_protected(ITER_VAR(ITER
>> \
>> #define RCULIST_FOR_EACH_SAFE_SHORT_PROTECTED(ITER, MEMBER, RCULIST)
>> \
>> for (INIT_MULTIVAR_SAFE_SHORT(ITER, MEMBER,
>> \
>> @@ -399,18 +399,18 @@ rculist_is_singleton_protected(const struct rculist
>> *list)
>> struct rculist);
>> \
>> CONDITION_MULTIVAR_SAFE_SHORT(ITER, MEMBER,
>> \
>> ITER_VAR(ITER) != (RCULIST),
>> \
>> - ITER_NEXT_VAR(ITER) = rculist_next_protected(ITER_VAR(VAR)));
>> \
>> - UPDATE_MULTIVAR_SHORT(ITER))
>> + ITER_NEXT_VAR(ITER) = rculist_next_protected(ITER_VAR(ITER)));
>> \
>> + UPDATE_MULTIVAR_SAFE_SHORT(ITER))
>> #define RCULIST_FOR_EACH_SAFE_LONG_PROTECTED(ITER, NEXT, MEMBER,
>> RCULIST) \
>> for (INIT_MULTIVAR_SAFE_LONG(ITER, NEXT, MEMBER,
>> \
>> - rculist_next_protected(RCULIST)
>> \
>> + rculist_next_protected(RCULIST),
>> \
>> struct rculist);
>> \
>> - CONDITION_MULTIVAR_SAFE_LONG(VAR, NEXT, MEMBER
>> \
>> + CONDITION_MULTIVAR_SAFE_LONG(ITER, NEXT, MEMBER,
>> \
>> ITER_VAR(ITER) != (RCULIST),
>> \
>> - ITER_VAR(NEXT) = rculist_next_protected(ITER_VAR(VAR)),
>> \
>> + ITER_VAR(NEXT) = rculist_next_protected(ITER_VAR(ITER)),
>> \
>> ITER_VAR(NEXT) != (RCULIST));
>> \
>> - UPDATE_MULTIVAR_LONG(ITER))
>> + UPDATE_MULTIVAR_SAFE_LONG(ITER, NEXT))
>> #define RCULIST_FOR_EACH_SAFE_PROTECTED(...)
>> \
>> OVERLOAD_SAFE_MACRO(RCULIST_FOR_EACH_SAFE_LONG_PROTECTED,
>> \
>
> Thanks
___
dev
Re: [ovs-dev] [v3] odp-execute: Add ISA implementation of set_masked IPv6 action
On 22 Nov 2022, at 16:10, Finn, Emma wrote:
>> -Original Message-
>> From: Eelco Chaudron
>> Sent: Thursday 17 November 2022 09:21
>> To: Finn, Emma
>> Cc: d...@openvswitch.org; david.march...@redhat.com;
>> i.maxim...@ovn.org
>> Subject: Re: [ovs-dev] [v3] odp-execute: Add ISA implementation of
>> set_masked IPv6 action
>>
>> On 26 Sep 2022, at 15:29, Emma Finn wrote:
>>
>>> This commit adds support for the AVX512 implementation of the
>>> ipv6_set_addrs action as well as an AVX512 implementation of updating
>>> the L4 checksums.
>>>
>>> Signed-off-by: Emma Finn
>>
>> Hi Emma,
>>
>> Thanks for further enhancing the implementation of the AVX512 actions.
>> Below are some comments, mostly style related, but with one additional
>> optimization.
>>
>> Cheers,
>>
>> Eelco
>>
>
> Thanks for the review Eelco. Sure, I will clean up and change all the style
> related comments.
> Some other replies inline below.
See inline comments below…
>>> ---
>>> v3:
>>> - Added a runtime check for AVX512 vbmi.
>>> v2:
>>> - Added check for availbility of s6_addr32 field of struct in6_addr.
>>> - Fixed network headers for freebsd builds.
>>> ---
>>> ---
>>> lib/odp-execute-avx512.c | 176
>>> ++
>>> lib/odp-execute-private.c | 17
>>> lib/odp-execute-private.h | 1 +
>>> 3 files changed, 194 insertions(+)
>>>
>>> diff --git a/lib/odp-execute-avx512.c b/lib/odp-execute-avx512.c index
>>> 6c7713251..f97b3c2f7 100644
>>> --- a/lib/odp-execute-avx512.c
>>> +++ b/lib/odp-execute-avx512.c
>>> @@ -20,6 +20,9 @@
>>>
>>> #include
>>> #include
>>> +#include
>>> +#include
>>> +#include
>>>
>>> #include "csum.h"
>>> #include "dp-packet.h"
>>> @@ -483,6 +486,172 @@ action_avx512_ipv4_set_addrs(struct
>> dp_packet_batch *batch,
>>> }
>>> }
>>>
>>> +#if HAVE_AVX512VBMI
>>> +static inline uint16_t ALWAYS_INLINE
>>> +__attribute__((__target__("avx512vbmi")))
>>> +avx512_ipv6_get_delta(__m512i ip6_header)
>>
>> I guess the function name was from before you split up this function, as it's
>> not at all what you're doing in this function.
>> I would suggest changing the name to something like
>> avx512_ipv6_sum_header().
>>
>> Also, can you go over the register naming and comment text below, as they
>> also make no sense in the current form?
>>
>>> +{
>>> +__m256i v_zeros = _mm256_setzero_si256();
>>> +__m512i v_shuf_src_dst = _mm512_setr_epi64(0x01, 0x02, 0x03, 0x04,
>>> + 0xFF, 0xFF, 0xFF,
>>> +0xFF);
>>> +
>>> +__m512i v_header = _mm512_permutexvar_epi64(v_shuf_src_dst,
>> ip6_header);
>>> +__m256i v_ip6_src_dst = _mm512_extracti64x4_epi64(v_header, 0);
>>
>> Remove the extra space after the equal sign.
>>
>> Please add a new line before the comment.
>>
>>> +/* These two shuffle masks, v_swap16a and v_swap16b, are to shuffle
>> the
>>> + * src and dst fields and add padding after each 16-bit value for the
>>> + * following carry over addition. */
>>> +__m256i v_swap16a = _mm256_setr_epi16(0x0100, 0x, 0x0302,
>> 0x,
>>> + 0x0504, 0x, 0x0706, 0x,
>>> + 0x0100, 0x, 0x0302, 0x,
>>> + 0x0504, 0x, 0x0706, 0x);
>>> +__m256i v_swap16b = _mm256_setr_epi16(0x0908, 0x, 0x0B0A,
>> 0x,
>>> + 0x0D0C, 0x, 0x0F0E, 0x,
>>> + 0x0908, 0x, 0x0B0A, 0x,
>>> + 0x0D0C, 0x, 0x0F0E, 0x);
>>> +__m256i v_shuf_old1 = _mm256_shuffle_epi8(v_ip6_src_dst,
>> v_swap16a);
>>> +__m256i v_shuf_old2 = _mm256_shuffle_epi8(v_ip6_src_dst,
>>> + v_swap16b);
>>> +
>>> +/* Add each part of the old and new headers together. */
>>> +__m256i v_delta = _mm256_add_epi32(v_shuf_old1, v_shuf_old2);
>>> +
>>> +/* Perform horizontal add to go from 8x32-bits to 2x32-bits. */
>>> +v_delta = _mm256_hadd_epi32(v_delta, v_zeros);
>>> +v_delta = _mm256_hadd_epi32(v_delta, v_zeros);
>>> +
>>> +/* Shuffle 32-bit value from 3rd lane into first lane for final
>>> + * horizontal add. */
>>> +__m256i v_swap32a = _mm256_setr_epi32(0x0, 0x4, 0xF, 0xF,
>>> + 0xF, 0xF, 0xF, 0xF);
>>> +v_delta = _mm256_permutexvar_epi32(v_swap32a, v_delta);
>>> +
>>> +v_delta = _mm256_hadd_epi32(v_delta, v_zeros);
>>> +v_delta = _mm256_hadd_epi16(v_delta, v_zeros);
>>> +
>>> +/* Extract delta value. */
>>> +return _mm256_extract_epi16(v_delta, 0); }
>>> +
>>> +static inline uint16_t ALWAYS_INLINE
>>> +__attribute__((__target__("avx512vbmi")))
>>> +avx512_ipv6_addr_csum_delta(__m512i old_header, __m512i
>> new_header) {
>>> +uint16_t delta;
>>> +uint16_t old_delta = avx512_ipv6_get_delta(old_header);
>>> +uint16_t new_delta =
Re: [ovs-dev] [PATCH v1 02/11] python: include aliases in ofp_fields.py
On Wed, Nov 23, 2022 at 5:03 AM Adrian Moreno wrote:
>
> We currently auto-generate a dictionary of field names and decoders.
> However, sometimes fields can be specified by their cannonical NXM or
> OXM names.
>
> Modify gen_ofp_field_decoders to also generate a dictionary of aliases
> so it's easy to map OXM/NXM names to their fields and decoding
> information.
>
> Signed-off-by: Adrian Moreno
Acked-by: Mike Pattrick
> ---
> build-aux/gen_ofp_field_decoders | 15 +++
> 1 file changed, 15 insertions(+)
>
> diff --git a/build-aux/gen_ofp_field_decoders
> b/build-aux/gen_ofp_field_decoders
> index 96f99e860..0b797ee8c 100755
> --- a/build-aux/gen_ofp_field_decoders
> +++ b/build-aux/gen_ofp_field_decoders
> @@ -22,12 +22,16 @@ def main():
> fields = extract_fields.extract_ofp_fields(args.metaflow)
>
> field_decoders = {}
> +aliases = {}
> for field in fields:
> decoder = get_decoder(field)
> field_decoders[field.get("name")] = decoder
> if field.get("extra_name"):
> field_decoders[field.get("extra_name")] = decoder
>
> +for nxm in field.get("OXM", []):
> +aliases[nxm[1]] = field.get("name")
> +
> code = """
> # This file is auto-generated. Do not edit!
>
> @@ -35,14 +39,25 @@ from ovs.flow import decoders
>
> field_decoders = {{
> {decoders}
> +}}
> +
> +field_aliases = {{
> +{aliases}
> }}""".format(
> decoders="\n".join(
> [
> "'{name}': {decoder},".format(name=name, decoder=decoder)
> for name, decoder in field_decoders.items()
> ]
> +),
> +aliases="\n".join(
> +[
> +"'{alias}': '{name}',".format(name=name, alias=alias)
> +for alias, name in aliases.items()
> +]
> )
> )
> +
> print(code)
>
>
> --
> 2.38.1
>
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [RFC PATCH v2] dpdk: Update to use v22.11.
On 11/23/22 12:52, Ian Stokes wrote: > This commit add support to for DPDK v22.11, it includes the following > changes. > > 1. ci: Reduce DPDK compilation time. > 2. system-dpdk: Update vhost tests to be compatible with DPDK 22.07. > >http://patchwork.ozlabs.org/project/openvswitch/list/?series=316528 > > 3. system-dpdk: Update vhost tests to be compatible with DPDK 22.07. > >http://patchwork.ozlabs.org/project/openvswitch/list/?series=311332 > > 4. netdev-dpdk: Report device bus specific information. > 5. netdev-dpdk: Drop reference to Rx header split. > >http://patchwork.ozlabs.org/project/openvswitch/list/?series=321808 > > In addition documentation was also updated in this commit for use with > DPDK v22.11. > > For credit all authors of the original commits to 'dpdk-latest' with the > above changes have been added as co-authors for this commit > > Signed-off-by: David Marchand > Co-authored-by: David Marchand > Signed-off-by: Sunil Pai G > Co-authored-by: Sunil Pai G > Signed-off-by: Ian Stokes > > --- > v1 -> v2 > * Updated to use DPDK 22.11 rc4. > > * Please Note: Although DPDK documentation has been updated in this patch > the resource has not been updated on the DPDK site as of yet, this will > be expected as part of DPDK 22.11 final release. > > * The GitHub actions 'linux deb shared dpdk' is expected to fail with this > patch as DPDK 22.11 is not part of the package structure yet. This patch is missing the update in debian/control.in for the version of libdpdk-dev. The line is "commented out" because the same file is used to generate control file for both DPDK and non-DPDK builds. This won't fix the build issue, but the failure will be more obvious, i.e. dependency installation failure vs linkage issues. For the actual path forward for the debian build, we discussed it in the past with Frode here: https://mail.openvswitch.org/pipermail/ovs-dev/2022-July/396124.html So, what we need is Ubuntu to start packaging DPDK 22.11 in the dev branch for Ubuntu 23.04. Then we can modify our CI scripts to use pre-release container images to test. FWIW, Debian seems to already package DPDK 22.11 in the experimental branch: https://packages.debian.org/experimental/libdpdk-dev Frode, do you know the approximate timeline on when we could expect development container images of Ubuntu with DPDK 22.11 to be available? Or how to get one? Alternative solution is to temporarily disable DPDK-enabled build for deb packages in GHA, until Ubuntu 23.04 is available. There is no rush, AFAIK, we have a bit of time before the soft freeze, but it would be nice to have DPDK 22.11 support merged by the end of a year. Best regards, Ilya Maximets. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v3 ovn] controller: improve buffered packets management
On 11/15/22 10:44, Lorenzo Bianconi wrote:
>> On Mon, Oct 24, 2022 at 11:29 AM Lorenzo Bianconi <
>> lorenzo.bianc...@redhat.com> wrote:
>>
>>> Improve buffered packet management in ovn-controller avoid useless loop
>>> in run_buffered_binding routine and using datapath key and output port
>>> key as buffered_packets_map hashmap hash. Add new selftest for buffered
>>> packets.
>>>
>>> Signed-off-by: Lorenzo Bianconi
>>> ---
Hi Lorenzo,
Thanks for the patch! I have a few comments below.
>>> Changes since v2:
>>> - improve hash function
>>> Changes since v1:
>>> - improve code readability
>>> ---
>>> controller/pinctrl.c | 118
>>> tests/system-ovn.at | 124 +++
>>> 2 files changed, 208 insertions(+), 34 deletions(-)
>>>
>>> diff --git a/controller/pinctrl.c b/controller/pinctrl.c
>>> index 8859cb080..dfcd0cea8 100644
>>> --- a/controller/pinctrl.c
>>> +++ b/controller/pinctrl.c
>>> @@ -182,6 +182,7 @@ static void destroy_buffered_packets_map(void);
>>> static void
>>> run_buffered_binding(struct ovsdb_idl_index
>>> *sbrec_mac_binding_by_lport_ip,
>>> struct ovsdb_idl_index
>>> *sbrec_port_binding_by_datapath,
>>> + struct ovsdb_idl_index *sbrec_port_binding_by_name,
>>> const struct hmap *local_datapaths)
>>> OVS_REQUIRES(pinctrl_mutex);
>>>
>>> @@ -1430,6 +1431,9 @@ struct buffered_packets {
>>> struct in6_addr ip;
>>> struct eth_addr ea;
>>>
>>> +uint64_t dp_key;
>>> +uint64_t port_key;
>>> +
>>> long long int timestamp;
>>>
>>> struct buffer_info data[BUFFER_QUEUE_DEPTH];
>>> @@ -1556,38 +1560,38 @@ buffered_packets_map_gc(void)
>>> }
>>>
>>> static struct buffered_packets *
>>> -pinctrl_find_buffered_packets(const struct in6_addr *ip, uint32_t hash)
>>> +pinctrl_find_buffered_packets(uint64_t dp_key, uint64_t port_key,
>>> + uint32_t hash)
>>> {
>>> struct buffered_packets *qp;
>>> -
>>> -HMAP_FOR_EACH_WITH_HASH (qp, hmap_node, hash,
>>> - _packets_map) {
>>> -if (IN6_ARE_ADDR_EQUAL(>ip, ip)) {
>>> +HMAP_FOR_EACH_WITH_HASH (qp, hmap_node, hash, _packets_map) {
>>> +if (qp->dp_key == dp_key && qp->port_key == port_key) {
>>> return qp;
>>> }
>>> }
>>> return NULL;
>>> }
>>>
>>> +static uint32_t
>>> +pinctrl_buffer_apcket_hash(uint64_t dp_key, uint64_t port_key)
>>>
>>
>> nit: typo in the function name "pinctrl_buffer_apcket_hash" ->
>> "pinctrl_buffer_packet_hash".
>> I guess this can be fixed during merge, let's see if others agree.
>>
>>
>>> +{
>>> +uint32_t hash = 0;
>>> +hash = hash_add64(hash, port_key);
>>> +hash = hash_add64(hash, dp_key);
>>> +return hash_finish(hash, 16);
>>> +}
>>> +
>>> /* Called with in the pinctrl_handler thread context. */
>>> static int
>>> pinctrl_handle_buffered_packets(struct dp_packet *pkt_in,
>>> const struct match *md, bool is_arp)
>>> OVS_REQUIRES(pinctrl_mutex)
>>> {
>>> -struct buffered_packets *bp;
>>> -struct dp_packet *clone;
>>> -struct in6_addr addr;
>>> -
>>> -if (is_arp) {
>>> -addr = in6_addr_mapped_ipv4(htonl(md->flow.regs[0]));
>>> -} else {
>>> -ovs_be128 ip6 = hton128(flow_get_xxreg(>flow, 0));
>>> -memcpy(, , sizeof addr);
>>> -}
>>> -
>>> -uint32_t hash = hash_bytes(, sizeof addr, 0);
>>> -bp = pinctrl_find_buffered_packets(, hash);
>>> +uint64_t dp_key = ntohll(md->flow.metadata);
>>> +uint64_t oport_key = md->flow.regs[MFF_LOG_OUTPORT - MFF_REG0];
>>> +uint32_t hash = pinctrl_buffer_apcket_hash(dp_key, oport_key);
>>> +struct buffered_packets *bp
>>> += pinctrl_find_buffered_packets(dp_key, oport_key, hash);
>>> if (!bp) {
>>> if (hmap_count(_packets_map) >= 1000) {
Before your patch we would hit this hard coded limit if there were 1000
next hops for which we were bufferring packets.
Now, with your change, we will hit his limit only if there are 1000
ports for which we are bufferring packets. This seems very unlikely and
I wonder if this will ever happen in practice. Do we need to change its
value? Also, let's add a define for it somewhere to make it a bit less
"magic".
>>> COVERAGE_INC(pinctrl_drop_buffered_packets_map);
>>> @@ -1597,12 +1601,20 @@ pinctrl_handle_buffered_packets(struct dp_packet
>>> *pkt_in,
>>> bp = xmalloc(sizeof *bp);
>>> hmap_insert(_packets_map, >hmap_node, hash);
>>> bp->head = bp->tail = 0;
>>> -bp->ip = addr;
>>> +if (is_arp) {
>>> +bp->ip = in6_addr_mapped_ipv4(htonl(md->flow.regs[0]));
>>> +} else {
>>> +ovs_be128 ip6 = hton128(flow_get_xxreg(>flow, 0));
>>> +memcpy(>ip, , sizeof bp->ip);
>>> +}
>>> +bp->dp_key = dp_key;
>>> +bp->port_key
Re: [ovs-dev] [PATCHv2 net-next 0/5] net: eliminate the duplicate code in the ct nat functions of ovs and tc
On Tue, Nov 22, 2022 at 12:32:16PM -0500, Xin Long wrote: > The changes in the patchset: > > "net: add helper support in tc act_ct for ovs offloading" > > had moved some common ct code used by both OVS and TC into netfilter. Please give me today to review this patchset. Thanks, Marcelo ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v5 06/15] tests: Add delay to dump-conntrack for tc test cases.
On 23/11/2022 13:15, Eelco Chaudron wrote: > This patch adds a delay before dumping the conntrack table because with > tc it takes a bit longer before it gets synced. > > Signed-off-by: Eelco Chaudron > --- > tests/system-common-macros.at |3 + > tests/system-offloads.at | 25 + > tests/system-traffic.at | 198 > + > 3 files changed, 107 insertions(+), 119 deletions(-) > > diff --git a/tests/system-common-macros.at b/tests/system-common-macros.at > index d95d79791..32b9ca0de 100644 > --- a/tests/system-common-macros.at > +++ b/tests/system-common-macros.at > @@ -347,3 +347,6 @@ m4_define([OVS_CHECK_CT_CLEAR], > # OVS_REVALIDATOR_PURGE() > m4_define([OVS_REVALIDATOR_PURGE], > [AT_CHECK([ovs-appctl revalidator/purge], [0])]) > + > +# DPCTL_DUMP_CONNTRACK() > +m4_define([DPCTL_DUMP_CONNTRACK], [ovs-appctl dpctl/dump-conntrack]) > diff --git a/tests/system-offloads.at b/tests/system-offloads.at > index d39997708..1aca41825 100644 > --- a/tests/system-offloads.at > +++ b/tests/system-offloads.at > @@ -37,24 +37,20 @@ m4_define([OVS_REVALIDATOR_PURGE], > [AT_CHECK([sleep 2; ovs-appctl revalidator/purge], [0])]) > > > +# We override the DPCTL_DUMP_CONNTRACK macro, allowing a bit more time for > the > +# tc-datapath conntrack entries to be installed/updated. > +m4_define([DPCTL_DUMP_CONNTRACK], [sleep 3; ovs-appctl dpctl/dump-conntrack]) > + > + > # The list below are tests that will not pass for a "test environment" > specific > # issue. > m4_define([OVS_TEST_SKIP_LIST], > [ovs_test_skip_list=" > datapath - truncate and output to gre tunnel by simulated packets > datapath - truncate and output to gre tunnel > -conntrack - preserve registers > -conntrack - zones > -conntrack - zones from field > conntrack - zones from other field > conntrack - zones from other field, more tests > -conntrack - multiple zones > conntrack - multiple namespaces, internal ports > -conntrack - ct_mark > -conntrack - ct_mark bit-fiddling > -conntrack - ct_mark from register > -conntrack - ct_label > -conntrack - ct_label bit-fiddling > conntrack - ct metadata, multiple zones > conntrack - ICMP related > conntrack - ICMP related to original direction > @@ -64,8 +60,6 @@ conntrack - IPv6 fragmentation + cvlan > conntrack - Fragmentation over vxlan > conntrack - IPv6 Fragmentation over vxlan > conntrack - zone-based timeout policy > -conntrack - IPv4 HTTP > -conntrack - IPv6 HTTP > conntrack - multiple zones, local > conntrack - multi-stage pipeline, local > conntrack - FTP > @@ -73,14 +67,6 @@ conntrack - FTP over IPv6 > conntrack - IPv6 FTP Passive > conntrack - FTP with multiple expectations > conntrack - TFTP > -conntrack - simple SNAT > -conntrack - SNAT with port range > -conntrack - SNAT with port range with exhaustion > -conntrack - more complex SNAT > -conntrack - all-zero IP SNAT > -conntrack - simple DNAT > -conntrack - DNAT with additional SNAT > -conntrack - more complex DNAT > conntrack - ICMP related with NAT > conntrack - FTP SNAT prerecirc > conntrack - FTP SNAT prerecirc seqadj > @@ -93,7 +79,6 @@ conntrack - IPv4 FTP Passive with DNAT > conntrack - IPv4 FTP Passive with DNAT 2 > conntrack - IPv4 FTP Active with DNAT > conntrack - IPv4 FTP Active with DNAT with reverse skew > -conntrack - IPv6 HTTP with DNAT > conntrack - IPv6 FTP with SNAT > conntrack - IPv6 FTP Passive with SNAT > conntrack - IPv6 FTP with SNAT - orig tuple > diff --git a/tests/system-traffic.at b/tests/system-traffic.at > index 1d0d0dfd5..48545f57d 100644 > --- a/tests/system-traffic.at > +++ b/tests/system-traffic.at > @@ -2215,7 +2215,7 @@ > udp,vlan_tci=0x,dl_src=50:54:00:00:00:09,dl_dst=50:54:00:00:00:0a,nw_src=10. > dnl > dnl Check that the directionality has been changed by force commit. > dnl > -AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep "orig=.src=10\.1\.1\.2,"], > [], [dnl > +AT_CHECK([DPCTL_DUMP_CONNTRACK | grep "orig=.src=10\.1\.1\.2,"], [], [dnl > > udp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=2,dport=1),reply=(src=10.1.1.1,dst=10.1.1.2,sport=1,dport=2) > ]) > > @@ -2223,7 +2223,7 @@ dnl OK, now send another packet from port 1 and see > that it switches again > AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 > packet=5054000a505400090800451c0011a4cd0a0101010a010102000100020008 > actions=resubmit(,0)"]) > OVS_REVALIDATOR_PURGE() > > -AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep "orig=.src=10\.1\.1\.1,"], > [], [dnl > +AT_CHECK([DPCTL_DUMP_CONNTRACK | grep "orig=.src=10\.1\.1\.1,"], [], [dnl > > udp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=1,dport=2),reply=(src=10.1.1.2,dst=10.1.1.1,sport=2,dport=1) > ]) > > @@ -2253,25 +2253,25 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) > dnl Test UDP from port 1 > AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 >
Re: [ovs-dev] [PATCH v5 04/15] test: Add delay on revalidator flush for offload test cases.
On 23/11/2022 13:14, Eelco Chaudron wrote: > The revalidator/purge commands in the system test cases sometimes > get called immediately after a partial test is completed. This > could cause the revalidator thread to log an error that it can > not find/delete a flow due to the slower flow installation nature > of TC. > > This patch uses a macro to call the revalidator/purge command, > which can be overwritten when the system tests are run on a tc > enabled datapath. > > Signed-off-by: Eelco Chaudron > --- > tests/system-common-macros.at |4 > tests/system-offloads.at |8 +++- > tests/system-traffic.at | 38 +++--- > 3 files changed, 30 insertions(+), 20 deletions(-) > > diff --git a/tests/system-common-macros.at b/tests/system-common-macros.at > index 8b9f5c752..d95d79791 100644 > --- a/tests/system-common-macros.at > +++ b/tests/system-common-macros.at > @@ -343,3 +343,7 @@ m4_define([OVS_CHECK_IPROUTE_ENCAP], > # OVS_CHECK_CT_CLEAR() > m4_define([OVS_CHECK_CT_CLEAR], > [AT_SKIP_IF([! grep -q "Datapath supports ct_clear action" > ovs-vswitchd.log])]) > + > +# OVS_REVALIDATOR_PURGE() > +m4_define([OVS_REVALIDATOR_PURGE], > +[AT_CHECK([ovs-appctl revalidator/purge], [0])]) > diff --git a/tests/system-offloads.at b/tests/system-offloads.at > index fbe1dc99a..7b6deccf0 100644 > --- a/tests/system-offloads.at > +++ b/tests/system-offloads.at > @@ -30,11 +30,17 @@ m4_define([OVS_TRAFFIC_VSWITCHD_START], > AT_CHECK([ovs-vsctl -- _ADD_BR([br0]) -- $1 m4_if([$2], [], [], [| > uuidfilt])], [0], [$2]) > ]) > > + > +# We override the OVS_REVALIDATOR_PURGE macro, allowing a bit more time for > the > +# tc-datapath entries to be installed. > +m4_define([OVS_REVALIDATOR_PURGE], > +[AT_CHECK([sleep 2; ovs-appctl revalidator/purge], [0])]) > + > + > # The list below are tests that will not pass for a "test environment" > specific > # issue. > m4_define([OVS_TEST_SKIP_LIST], > [ovs_test_skip_list=" > -datapath - basic truncate action > datapath - truncate and output to gre tunnel by simulated packets > datapath - truncate and output to gre tunnel > conntrack - force commit > diff --git a/tests/system-traffic.at b/tests/system-traffic.at > index cd3ad0f68..1d0d0dfd5 100644 > --- a/tests/system-traffic.at > +++ b/tests/system-traffic.at > @@ -1517,12 +1517,12 @@ on_exit 'rm -f payload200.bin' > NS_CHECK_EXEC([at_ns0], [nc $NC_EOF_OPT -u 10.1.1.2 1234 < payload200.bin]) > > dnl packet with truncated size > -AT_CHECK([ovs-appctl revalidator/purge], [0]) > +OVS_REVALIDATOR_PURGE() > AT_CHECK([ovs-ofctl dump-flows br0 table=0 | grep "in_port=3" | sed -n > 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p'], [0], [dnl > n_bytes=100 > ]) > dnl packet with original size > -AT_CHECK([ovs-appctl revalidator/purge], [0]) > +OVS_REVALIDATOR_PURGE() > AT_CHECK([ovs-ofctl dump-flows br0 table=0 | grep "in_port=5" | sed -n > 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p'], [0], [dnl > n_bytes=242 > ]) > @@ -1539,7 +1539,7 @@ AT_CHECK([ovs-ofctl add-flows br0 flows.txt]) > NS_CHECK_EXEC([at_ns0], [nc $NC_EOF_OPT -u 10.1.1.2 1234 < payload200.bin]) > > dnl 100 + 100 + 242 + min(65535,242) = 684 > -AT_CHECK([ovs-appctl revalidator/purge], [0]) > +OVS_REVALIDATOR_PURGE() > AT_CHECK([ovs-ofctl dump-flows br0 table=0 | grep "in_port=3" | sed -n > 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p'], [0], [dnl > n_bytes=684 > ]) > @@ -1569,7 +1569,7 @@ AT_CHECK([ovs-ofctl add-flows br0 flows.txt]) > NS_CHECK_EXEC([at_ns0], [nc $NC_EOF_OPT -u 10.1.1.2 1234 < payload200.bin]) > > dnl 100 + 100 + 242 + min(65535,242) = 684 > -AT_CHECK([ovs-appctl revalidator/purge], [0]) > +OVS_REVALIDATOR_PURGE() > AT_CHECK([ovs-ofctl dump-flows br0 table=0 | grep "in_port=3" | sed -n > 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p'], [0], [dnl > n_bytes=684 > ]) > @@ -1653,7 +1653,7 @@ AT_CHECK([ovs-ofctl add-flows br-underlay > flows-underlay.txt]) > > dnl check tunnel push path, from at_ns1 to at_ns0 > NS_CHECK_EXEC([at_ns1], [nc $NC_EOF_OPT -u 10.1.1.1 1234 < payload200.bin]) > -AT_CHECK([ovs-appctl revalidator/purge], [0]) > +OVS_REVALIDATOR_PURGE() > > dnl Before truncation = ETH(14) + IP(20) + UDP(8) + 200 = 242B > AT_CHECK([ovs-ofctl dump-flows br0 | grep "in_port=2" | sed -n > 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p'], [0], [dnl > @@ -1669,7 +1669,7 @@ dnl This 200-byte packet is simulated on behalf of > ns_gre0 > ovs-ofctl -O OpenFlow13 packet-out br-underlay "in_port=1 >
Re: [ovs-dev] [RFC PATCH v2] dpdk: Update to use v22.11.
Bleep bloop. Greetings Ian Stokes, I am a robot and I have tried out your patch. Thanks for your contribution. I encountered some error that I wasn't expecting. See the details below. checkpatch: WARNING: Line is 80 characters long (recommended limit is 79) #112 FILE: Documentation/intro/install/dpdk.rst:63: .. _DPDK requirements: https://doc.dpdk.org/guides-22.11/linux_gsg/sys_reqs.html WARNING: Line is 80 characters long (recommended limit is 79) #156 FILE: Documentation/topics/dpdk/phy.rst:120: .. _dpdk-drivers: https://doc.dpdk.org/guides-22.11/linux_gsg/linux_drivers.html WARNING: Line is 94 characters long (recommended limit is 79) #165 FILE: Documentation/topics/dpdk/phy.rst:238: __ https://doc.dpdk.org/guides-22.11/prog_guide/env_abstraction_layer.html#iova-mode-detection WARNING: Line is 92 characters long (recommended limit is 79) #174 FILE: Documentation/topics/dpdk/phy.rst:270: __ https://doc.dpdk.org/guides-22.11/prog_guide/switch_representation.html#port-representors WARNING: Line is 104 characters long (recommended limit is 79) #183 FILE: Documentation/topics/dpdk/phy.rst:404: .. _bifurcated-drivers: https://doc.dpdk.org/guides-22.11/linux_gsg/linux_drivers.html#bifurcated-driver Lines checked: 557, Warnings: 5, Errors: 0 Please check this out. If you feel there has been an error, please email acon...@redhat.com Thanks, 0-day Robot ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [RFC PATCH v2] dpdk: Update to use v22.11.
This commit add support to for DPDK v22.11, it includes the following
changes.
1. ci: Reduce DPDK compilation time.
2. system-dpdk: Update vhost tests to be compatible with DPDK 22.07.
http://patchwork.ozlabs.org/project/openvswitch/list/?series=316528
3. system-dpdk: Update vhost tests to be compatible with DPDK 22.07.
http://patchwork.ozlabs.org/project/openvswitch/list/?series=311332
4. netdev-dpdk: Report device bus specific information.
5. netdev-dpdk: Drop reference to Rx header split.
http://patchwork.ozlabs.org/project/openvswitch/list/?series=321808
In addition documentation was also updated in this commit for use with
DPDK v22.11.
For credit all authors of the original commits to 'dpdk-latest' with the
above changes have been added as co-authors for this commit
Signed-off-by: David Marchand
Co-authored-by: David Marchand
Signed-off-by: Sunil Pai G
Co-authored-by: Sunil Pai G
Signed-off-by: Ian Stokes
---
v1 -> v2
* Updated to use DPDK 22.11 rc4.
* Please Note: Although DPDK documentation has been updated in this patch
the resource has not been updated on the DPDK site as of yet, this will
be expected as part of DPDK 22.11 final release.
* The GitHub actions 'linux deb shared dpdk' is expected to fail with this
patch as DPDK 22.11 is not part of the package structure yet.
---
.ci/linux-build.sh | 9 +++-
Documentation/faq/releases.rst | 2 +-
Documentation/intro/install/dpdk.rst | 16 +++---
Documentation/topics/dpdk/phy.rst| 8 +--
NEWS | 18 +--
lib/netdev-dpdk.c| 24 +++--
rhel/openvswitch-fedora.spec.in | 2 +-
tests/system-dpdk.at | 78 ++--
8 files changed, 69 insertions(+), 88 deletions(-)
diff --git a/.ci/linux-build.sh b/.ci/linux-build.sh
index 23c8bbb7a..0aa90e55e 100755
--- a/.ci/linux-build.sh
+++ b/.ci/linux-build.sh
@@ -142,7 +142,7 @@ function install_dpdk()
fi
# No cache or version mismatch.
rm -rf dpdk-dir
-wget https://fast.dpdk.org/rel/dpdk-$1.tar.xz
+wget https://git.dpdk.org/dpdk/snapshot/dpdk-$1.tar.xz
tar xvf dpdk-$1.tar.xz > /dev/null
DIR_NAME=$(tar -tf dpdk-$1.tar.xz | head -1 | cut -f1 -d"/")
mv ${DIR_NAME} dpdk-dir
@@ -160,6 +160,11 @@ function install_dpdk()
# meson verbose outputs.
DPDK_OPTS="$DPDK_OPTS -Ddeveloper_mode=disabled"
+# OVS compilation and "normal" unit tests (run in the CI) do not depend on
+# any DPDK driver being present.
+# We can disable all drivers to save compilation time.
+DPDK_OPTS="$DPDK_OPTS -Ddisable_drivers=*/*"
+
# Install DPDK using prefix.
DPDK_OPTS="$DPDK_OPTS --prefix=$(pwd)/build"
@@ -228,7 +233,7 @@ fi
if [ "$DPDK" ] || [ "$DPDK_SHARED" ]; then
if [ -z "$DPDK_VER" ]; then
-DPDK_VER="21.11.2"
+DPDK_VER="22.11-rc4"
fi
install_dpdk $DPDK_VER
fi
diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst
index ac0001cd5..e19f54c8f 100644
--- a/Documentation/faq/releases.rst
+++ b/Documentation/faq/releases.rst
@@ -233,7 +233,7 @@ Q: Are all the DPDK releases that OVS versions work with
maintained?
The latest information about DPDK stable and LTS releases can be found
at `DPDK stable`_.
-.. _DPDK stable: http://doc.dpdk.org/guides-21.11/contributing/stable.html
+.. _DPDK stable: http://doc.dpdk.org/guides-22.11/contributing/stable.html
Q: I get an error like this when I configure Open vSwitch:
diff --git a/Documentation/intro/install/dpdk.rst
b/Documentation/intro/install/dpdk.rst
index a284e6851..2193efddc 100644
--- a/Documentation/intro/install/dpdk.rst
+++ b/Documentation/intro/install/dpdk.rst
@@ -42,7 +42,7 @@ Build requirements
In addition to the requirements described in :doc:`general`, building Open
vSwitch with DPDK will require the following:
-- DPDK 21.11.2
+- DPDK 22.11
- A `DPDK supported NIC`_
@@ -59,8 +59,8 @@ vSwitch with DPDK will require the following:
Detailed system requirements can be found at `DPDK requirements`_.
-.. _DPDK supported NIC: https://doc.dpdk.org/guides-21.11/nics/index.html
-.. _DPDK requirements:
https://doc.dpdk.org/guides-21.11/linux_gsg/sys_reqs.html
+.. _DPDK supported NIC: https://doc.dpdk.org/guides-22.11/nics/index.html
+.. _DPDK requirements:
https://doc.dpdk.org/guides-22.11/linux_gsg/sys_reqs.html
.. _dpdk-install:
@@ -73,9 +73,9 @@ Install DPDK
#. Download the `DPDK sources`_, extract the file and set ``DPDK_DIR``::
$ cd /usr/src/
- $ wget https://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz
- $ tar xf dpdk-21.11.2.tar.xz
- $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.2
+ $ wget https://fast.dpdk.org/rel/dpdk-22.11.tar.xz
+ $ tar xf dpdk-22.11.tar.xz
+ $ export DPDK_DIR=/usr/src/dpdk-22.11
$ cd $DPDK_DIR
#. Configure and install DPDK using Meson
@@ -121,7 +121,7 @@ Install DPDK
[ovs-dev] [PATCH v5 15/15] tests: Comment currently failing TC system-traffic tests.
The goal was to run 200 successful tc tests in a row. To do this the
following was run:
for i in {1..200}; do make check-offloads || break; \
echo "ALL_200_OK: $i"; done;
Unfortunately, a bunch of test cases showed occasional failures.
For now, they are excluded from the test cases and need further
investigation. They are:
802.1ad - vlan_limit
conntrack - DNAT load balancing
conntrack - DNAT load balancing with NC
conntrack - ICMP related
conntrack - ICMP related to original direction
conntrack - ICMP related with NAT
conntrack - IPv4 fragmentation with fragments specified
conntrack - multiple namespaces, internal ports
conntrack - zones from other field
conntrack - zones from other field, more tests
datapath - basic truncate action
datapath - multiple mpls label pop
datapath - truncate and output to gre tunnel
datapath - truncate and output to gre tunnel by simulated packets
Some other test cases also fail due to what looks like problems
in the tc kernel conntrack implementation. For details see the
details in the system-offloads.at exclusion list definition.
Signed-off-by: Eelco Chaudron
---
tests/system-offloads.at | 43 +--
1 file changed, 37 insertions(+), 6 deletions(-)
diff --git a/tests/system-offloads.at b/tests/system-offloads.at
index 34de0136d..9ee6b96d6 100644
--- a/tests/system-offloads.at
+++ b/tests/system-offloads.at
@@ -61,20 +61,51 @@ m4_define([CHECK_CONNTRACK_TIMEOUT],
# issue.
m4_define([OVS_TEST_SKIP_LIST],
[ovs_test_skip_list="
+# TC does not support moving ports to a different namespace than vswitchd's
+# namespace, so we need to disable this test.
conntrack - multiple namespaces, internal ports
+
+# When moving through different zones, it can take up to ~8 seconds before
+# the conntrack state gets updated causing these tests to fail.
conntrack - ct metadata, multiple zones
-conntrack - ICMP related
-conntrack - ICMP related to original direction
+conntrack - multiple zones, local
+conntrack - multi-stage pipeline, local
+
+# The kernel's tcf_ct_act() function does not seem to take care of any (QinQ)
+# VLAN headers causing commits to fail. However, if this is solved, we have to
+# make sure conntrack does not break the VLAN boundary, i.e., putting together
+# two packets with different CVLAN+SVLAN values.
conntrack - IPv4 fragmentation + cvlan
-conntrack - IPv4 fragmentation with fragments specified
conntrack - IPv6 fragmentation + cvlan
+
+# Fragmentation handling in ct zone 9 does not seem to work correctly.
+# When moving this test over to the default zone all works fine.
conntrack - Fragmentation over vxlan
conntrack - IPv6 Fragmentation over vxlan
-conntrack - multiple zones, local
-conntrack - multi-stage pipeline, local
+
+# Occasionaly we fail on the 'execute ct(commit) failed (Invalid argument) on
+# packet...' log message being present
+conntrack - zones from other field
+conntrack - zones from other field, more tests
+conntrack - multiple namespaces, internal ports
+conntrack - IPv4 fragmentation with fragments specified
+
+# Occasionaly we fail on the 'failed to flow_get/flow_del (No such file or
directory)
+# ufid:..' log message being present.
+datapath - multiple mpls label pop
+datapath - basic truncate action
+conntrack - ICMP related
+conntrack - ICMP related to original direction
conntrack - ICMP related with NAT
conntrack - DNAT load balancing
-conntrack - DNAT load balancing with NC"
+conntrack - DNAT load balancing with NC
+802.1ad - vlan_limit
+
+# Occasionalt we fail with extreme high byte counters, i.e.
+# n_bytes=18446744073705804134
+datapath - truncate and output to gre tunnel by simulated packets
+datapath - truncate and output to gre tunnel
+"
echo "$ovs_test_skip_list" | sed "s// /g"])
m4_include([tests/system-traffic.at])
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v5 14/15] tests: Fix reading of OpenFlow byte counters in GRE test cases.
With some datapaths, read TC, it takes a bit longer to update the OpenFlow statistics. Rather than adding an additional delay, try to read the counters multiple times until we get the desired value. Signed-off-by: Eelco Chaudron Acked-by: Roi Dayan --- tests/system-offloads.at |2 -- tests/system-traffic.at | 15 ++- 2 files changed, 6 insertions(+), 11 deletions(-) diff --git a/tests/system-offloads.at b/tests/system-offloads.at index 9db68b2a0..34de0136d 100644 --- a/tests/system-offloads.at +++ b/tests/system-offloads.at @@ -61,8 +61,6 @@ m4_define([CHECK_CONNTRACK_TIMEOUT], # issue. m4_define([OVS_TEST_SKIP_LIST], [ovs_test_skip_list=" -datapath - truncate and output to gre tunnel by simulated packets -datapath - truncate and output to gre tunnel conntrack - multiple namespaces, internal ports conntrack - ct metadata, multiple zones conntrack - ICMP related diff --git a/tests/system-traffic.at b/tests/system-traffic.at index 57ff83b51..ae21dace9 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -1660,9 +1660,8 @@ AT_CHECK([ovs-ofctl dump-flows br0 | grep "in_port=2" | sed -n 's/.*\(n\_bytes=[ n_bytes=242 ]) dnl After truncation = outer ETH(14) + outer IP(20) + GRE(4) + 100 = 138B -AT_CHECK([ovs-ofctl dump-flows br-underlay | grep "in_port=LOCAL" | sed -n 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p'], [0], [dnl -n_bytes=138 -]) +OVS_WAIT_UNTIL([ovs-ofctl dump-flows br-underlay | grep "in_port=LOCAL" | sed -n 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p' | grep "n_bytes=138"], + [ovs-ofctl dump-flows br-underlay | grep "in_port=LOCAL" | sed -n 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p']) dnl check tunnel pop path, from at_ns0 to at_ns1 dnl This 200-byte packet is simulated on behalf of ns_gre0 @@ -1697,9 +1696,8 @@ AT_CHECK([ovs-ofctl dump-flows br0 | grep "in_port=2" | sed -n 's/.*\(n\_bytes=[ n_bytes=242 ]) dnl After truncation = outer ETH(14) + outer IP(20) + GRE(4) + 100 = 138B -AT_CHECK([ovs-ofctl dump-flows br-underlay | grep "in_port=LOCAL" | sed -n 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p'], [0], [dnl -n_bytes=138 -]) +OVS_WAIT_UNTIL([ovs-ofctl dump-flows br-underlay | grep "in_port=LOCAL" | sed -n 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p' | grep "n_bytes=138"], + [ovs-ofctl dump-flows br-underlay | grep "in_port=LOCAL" | sed -n 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p']) dnl check tunnel pop path, from at_ns0 to at_ns1 dnl This 200-byte packet is simulated on behalf of ns_gre0 @@ -1707,9 +1705,8 @@ ovs-ofctl -O OpenFlow13 packet-out br-underlay "in_port=1 packet=02908ca8a149faa dnl After truncation = 100 byte at loopback device p2(4) OVS_REVALIDATOR_PURGE() -AT_CHECK([ovs-ofctl dump-flows br0 | grep "in_port=4" | ofctl_strip], [0], [dnl - n_packets=1, n_bytes=100, priority=1,ip,in_port=4 actions=drop -]) +OVS_WAIT_UNTIL([ovs-ofctl dump-flows br0 | grep "in_port=4" | ofctl_strip | grep "n_packets=1, n_bytes=100, priority=1,ip,in_port=4 actions=drop"], + [ovs-ofctl dump-flows br0 | grep "in_port=4" | ofctl_strip]) OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v5 13/15] netdev-offload-tc: If the flow has not been used, report it as such.
If a tc flow was installed but has not yet been used, report it as such.
In addition, add a delay to the "IGMP - flood under normal action" test
case to make it work with many repetitions. This delay is also present
in other ICMP/IGMP tests.
Signed-off-by: Eelco Chaudron
Acked-by: Roi Dayan
---
lib/tc.c |8 +++-
tests/system-offloads.at |3 +--
tests/system-traffic.at |2 ++
3 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/lib/tc.c b/lib/tc.c
index a66dc432f..934df2e5e 100644
--- a/lib/tc.c
+++ b/lib/tc.c
@@ -1361,7 +1361,13 @@ get_user_hz(void)
static void
nl_parse_tcf(const struct tcf_t *tm, struct tc_flower *flower)
{
-uint64_t lastused = time_msec() - (tm->lastuse * 1000 / get_user_hz());
+uint64_t lastused;
+
+if (tm->firstuse == 0) {
+lastused = 0;
+} else {
+lastused = time_msec() - (tm->lastuse * 1000 / get_user_hz());
+}
if (flower->lastused < lastused) {
flower->lastused = lastused;
diff --git a/tests/system-offloads.at b/tests/system-offloads.at
index 102e89a1f..9db68b2a0 100644
--- a/tests/system-offloads.at
+++ b/tests/system-offloads.at
@@ -76,8 +76,7 @@ conntrack - multiple zones, local
conntrack - multi-stage pipeline, local
conntrack - ICMP related with NAT
conntrack - DNAT load balancing
-conntrack - DNAT load balancing with NC
-IGMP - flood under normal action"
+conntrack - DNAT load balancing with NC"
echo "$ovs_test_skip_list" | sed "s// /g"])
m4_include([tests/system-traffic.at])
diff --git a/tests/system-traffic.at b/tests/system-traffic.at
index 07913a192..57ff83b51 100644
--- a/tests/system-traffic.at
+++ b/tests/system-traffic.at
@@ -7002,6 +7002,8 @@ f0 00 00 01 01 01 08 00 46 c0 00 28 00 00 40 00 01 02 d3
49 45 65 eb 4a e0 dnl
00 00 16 94 04 00 00 22 00 f9 02 00 00 00 01 04 00 00 00 e0 00 00 fb 00 00 dnl
00 00 00 00 > /dev/null])
+sleep 1
+
AT_CHECK([ovs-appctl dpctl/dump-flows --names | grep -e .*ipv4 | sort | dnl
strip_stats | strip_used | strip_recirc | dnl
sed 's/,packet_type(ns=[[0-9]]*,id=[[0-9]]*),/,/'],
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v5 12/15] odp-util: Make odp_flow_key_from_flow__ nlattr order the same as the kernel.
Make the order of the Netlink attributes for odp_flow_key_from_flow__()
the same as the kernel will return them.
This will make sure the attributes displayed in the dpctl/dump-flows
output appear in the same order for all datapath.
Signed-off-by: Eelco Chaudron
Acked-by: Roi Dayan
---
lib/odp-util.c| 21 +-
tests/dpif-netdev.at | 28 +++---
tests/mcast-snooping.at |4 +-
tests/nsh.at | 10 ++---
tests/odp.at | 83 +++--
tests/ofproto-dpif.at | 30 +++
tests/packet-type-aware.at| 22 +--
tests/pmd.at |2 -
tests/system-offloads.at |1
tests/tunnel-push-pop-ipv6.at |2 -
tests/tunnel-push-pop.at |2 -
tests/tunnel.at |2 -
12 files changed, 101 insertions(+), 106 deletions(-)
diff --git a/lib/odp-util.c b/lib/odp-util.c
index 72e076e1c..9baca12d8 100644
--- a/lib/odp-util.c
+++ b/lib/odp-util.c
@@ -6197,6 +6197,11 @@ odp_flow_key_from_flow__(const struct odp_flow_key_parms
*parms,
const struct flow *mask = parms->mask;
const struct flow *data = export_mask ? mask : flow;
+if (parms->support.recirc) {
+nl_msg_put_u32(buf, OVS_KEY_ATTR_RECIRC_ID, data->recirc_id);
+nl_msg_put_u32(buf, OVS_KEY_ATTR_DP_HASH, data->dp_hash);
+}
+
nl_msg_put_u32(buf, OVS_KEY_ATTR_PRIORITY, data->skb_priority);
if (flow_tnl_dst_is_set(>tunnel) ||
@@ -6205,6 +6210,12 @@ odp_flow_key_from_flow__(const struct odp_flow_key_parms
*parms,
parms->key_buf, NULL);
}
+/* Add an ingress port attribute if this is a mask or 'in_port.odp_port'
+ * is not the magical value "ODPP_NONE". */
+if (export_mask || flow->in_port.odp_port != ODPP_NONE) {
+nl_msg_put_odp_port(buf, OVS_KEY_ATTR_IN_PORT, data->in_port.odp_port);
+}
+
nl_msg_put_u32(buf, OVS_KEY_ATTR_SKB_MARK, data->pkt_mark);
if (parms->support.ct_state) {
@@ -6248,16 +6259,6 @@ odp_flow_key_from_flow__(const struct odp_flow_key_parms
*parms,
ct->ipv6_proto = data->ct_nw_proto;
}
}
-if (parms->support.recirc) {
-nl_msg_put_u32(buf, OVS_KEY_ATTR_RECIRC_ID, data->recirc_id);
-nl_msg_put_u32(buf, OVS_KEY_ATTR_DP_HASH, data->dp_hash);
-}
-
-/* Add an ingress port attribute if this is a mask or 'in_port.odp_port'
- * is not the magical value "ODPP_NONE". */
-if (export_mask || flow->in_port.odp_port != ODPP_NONE) {
-nl_msg_put_odp_port(buf, OVS_KEY_ATTR_IN_PORT, data->in_port.odp_port);
-}
nl_msg_put_be32(buf, OVS_KEY_ATTR_PACKET_TYPE, data->packet_type);
diff --git a/tests/dpif-netdev.at b/tests/dpif-netdev.at
index 6aff1eda7..04c82c109 100644
--- a/tests/dpif-netdev.at
+++ b/tests/dpif-netdev.at
@@ -72,13 +72,13 @@ ovs-appctl time/warp 5000
AT_CHECK([ovs-appctl netdev-dummy/receive p1
'in_port(1),eth(src=50:54:00:00:00:01,dst=50:54:00:00:02:00),eth_type(0x0800),ipv4(src=10.0.0.1,dst=10.0.0.2,proto=6,tos=0,ttl=64,frag=no),tcp(src=8,dst=9),tcp_flags(ack)'])
OVS_WAIT_UNTIL([grep "miss upcall" ovs-vswitchd.log])
AT_CHECK([grep -A 1 'miss upcall' ovs-vswitchd.log | tail -n 1], [0], [dnl
-skb_priority(0),skb_mark(0),ct_state(0),ct_zone(0),ct_mark(0),ct_label(0),recirc_id(0),dp_hash(0),in_port(1),packet_type(ns=0,id=0),eth(src=50:54:00:00:00:01,dst=50:54:00:00:02:00),eth_type(0x0800),ipv4(src=10.0.0.1,dst=10.0.0.2,proto=6,tos=0,ttl=64,frag=no),tcp(src=8,dst=9),tcp_flags(ack)
+recirc_id(0),dp_hash(0),skb_priority(0),in_port(1),skb_mark(0),ct_state(0),ct_zone(0),ct_mark(0),ct_label(0),packet_type(ns=0,id=0),eth(src=50:54:00:00:00:01,dst=50:54:00:00:02:00),eth_type(0x0800),ipv4(src=10.0.0.1,dst=10.0.0.2,proto=6,tos=0,ttl=64,frag=no),tcp(src=8,dst=9),tcp_flags(ack)
])
AT_CHECK([ovs-appctl netdev-dummy/receive p1
'in_port(1),eth(src=50:54:00:00:00:05,dst=50:54:00:00:06:00),eth_type(0x0800),ipv4(src=10.0.0.5,dst=10.0.0.6,proto=6,tos=0,ttl=64,frag=no),tcp(src=8,dst=9),tcp_flags(ack)'
--len 1024])
OVS_WAIT_UNTIL([test `grep -c "miss upcall" ovs-vswitchd.log` -ge 2])
AT_CHECK([grep -A 1 'miss upcall' ovs-vswitchd.log | tail -n 1], [0], [dnl
-skb_priority(0),skb_mark(0),ct_state(0),ct_zone(0),ct_mark(0),ct_label(0),recirc_id(0),dp_hash(0),in_port(1),packet_type(ns=0,id=0),eth(src=50:54:00:00:00:05,dst=50:54:00:00:06:00),eth_type(0x0800),ipv4(src=10.0.0.5,dst=10.0.0.6,proto=6,tos=0,ttl=64,frag=no),tcp(src=8,dst=9),tcp_flags(ack)
+recirc_id(0),dp_hash(0),skb_priority(0),in_port(1),skb_mark(0),ct_state(0),ct_zone(0),ct_mark(0),ct_label(0),packet_type(ns=0,id=0),eth(src=50:54:00:00:00:05,dst=50:54:00:00:06:00),eth_type(0x0800),ipv4(src=10.0.0.5,dst=10.0.0.6,proto=6,tos=0,ttl=64,frag=no),tcp(src=8,dst=9),tcp_flags(ack)
])
OVS_VSWITCHD_STOP
AT_CLEANUP
@@ -139,7 +139,7 @@ m4_define([DPIF_NETDEV_MISS_FLOW_INSTALL],
OVS_WAIT_UNTIL([grep "miss upcall"
[ovs-dev] [PATCH v5 11/15] test: Fix 'conntrack - Multiple ICMP traverse' for tc case.
tc does not include ethernet header length in packet byte count. This fix will allow the packets that go trough tc to be 14 bytes less. This difference in the TC implementation is already described in tc-offload.rst. Signed-off-by: Eelco Chaudron Acked-by: Roi Dayan --- tests/system-offloads.at |1 - tests/system-traffic.at |2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/system-offloads.at b/tests/system-offloads.at index a94b4a64b..ef9c51309 100644 --- a/tests/system-offloads.at +++ b/tests/system-offloads.at @@ -77,7 +77,6 @@ conntrack - multi-stage pipeline, local conntrack - ICMP related with NAT conntrack - DNAT load balancing conntrack - DNAT load balancing with NC -conntrack - Multiple ICMP traverse conntrack - can match and clear ct_state from outside OVS IGMP - flood under normal action" echo "$ovs_test_skip_list" | sed "s// /g"]) diff --git a/tests/system-traffic.at b/tests/system-traffic.at index 980b0bd70..07913a192 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -6929,7 +6929,7 @@ AT_CHECK([DPCTL_DUMP_CONNTRACK | FORMAT_CT(10.1.1)], [0], [dnl icmp,orig=(src=10.1.1.1,dst=10.1.1.2,id=,type=8,code=0),reply=(src=10.1.1.2,dst=10.1.1.1,id=,type=0,code=0) ]) -AT_CHECK([ovs-ofctl dump-flows br0 | grep table=2, | OFPROTO_CLEAR_DURATION_IDLE], +AT_CHECK([ovs-ofctl dump-flows br0 | grep table=2, | OFPROTO_CLEAR_DURATION_IDLE | sed 's/n_bytes=70,/n_bytes=84,/'], [0], [dnl cookie=0x0, duration=, table=2, n_packets=2, n_bytes=84, idle_age=, priority=10,ct_state=+new+trk,in_port=1 actions=drop cookie=0x0, duration=, table=2, n_packets=0, n_bytes=0, idle_age=, priority=10,ct_state=+est+trk actions=drop ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v5 10/15] test: tc does not support conntrack timeout, skip the related test.
The tc conntrack implementation does not support the timeout option. The current implementation is silently ignoring the timeout option by adding a general conntrack entry. This patch will skip the related test by overriding the support macro. Signed-off-by: Eelco Chaudron Acked-by: Roi Dayan --- tests/system-offloads.at |8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tests/system-offloads.at b/tests/system-offloads.at index 73a761316..a94b4a64b 100644 --- a/tests/system-offloads.at +++ b/tests/system-offloads.at @@ -50,6 +50,13 @@ m4_define([CHECK_CONNTRACK_ALG], ]) +# Conntrack timeout not supported for tc. +m4_define([CHECK_CONNTRACK_TIMEOUT], +[ + AT_SKIP_IF([:]) +]) + + # The list below are tests that will not pass for a "test environment" specific # issue. m4_define([OVS_TEST_SKIP_LIST], @@ -65,7 +72,6 @@ conntrack - IPv4 fragmentation with fragments specified conntrack - IPv6 fragmentation + cvlan conntrack - Fragmentation over vxlan conntrack - IPv6 Fragmentation over vxlan -conntrack - zone-based timeout policy conntrack - multiple zones, local conntrack - multi-stage pipeline, local conntrack - ICMP related with NAT ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v5 09/15] netdev-offload-tc: Conntrack ALGs are not supported with tc.
tc does not support conntrack ALGs. Even worse, with tc enabled, they should not be used/configured at all. This is because even though TC will ignore the rules with ALG configured, i.e., they will flow through the kernel module, return traffic might flow through a tc conntrack rule, and it will not invoke the ALG helper. Signed-off-by: Eelco Chaudron Acked-by: Roi Dayan --- Documentation/howto/tc-offload.rst | 11 +++ lib/netdev-offload-tc.c|4 tests/system-offloads.at | 28 3 files changed, 23 insertions(+), 20 deletions(-) diff --git a/Documentation/howto/tc-offload.rst b/Documentation/howto/tc-offload.rst index f6482c8af..63687adc9 100644 --- a/Documentation/howto/tc-offload.rst +++ b/Documentation/howto/tc-offload.rst @@ -112,3 +112,14 @@ First flow packet not processed by meter Packets that are received by ovs-vswitchd through an upcall before the actual meter flow is installed, are not passing TC police action and therefore are not considered for policing. + +Conntrack Application Layer Gateways(ALG) ++ + +TC does not support conntrack helpers, i.e., ALGs. TC will not offload flows if +the ALG keyword is present within the ct() action. However, this will not allow +ALGs to work within the datapath, as the return traffic without the ALG keyword +might run through a TC rule, which internally will not call the conntrack +helper required. + +So if ALG support is required, tc offload must be disabled. diff --git a/lib/netdev-offload-tc.c b/lib/netdev-offload-tc.c index 915c45ed3..ba309c2b6 100644 --- a/lib/netdev-offload-tc.c +++ b/lib/netdev-offload-tc.c @@ -1357,6 +1357,10 @@ parse_put_flow_ct_action(struct tc_flower *flower, action->ct.label_mask = ct_label->mask; } break; +/* The following option we do not support in tc-ct, and should + * not be ignored for proper operation. */ +case OVS_CT_ATTR_HELPER: +return EOPNOTSUPP; } } diff --git a/tests/system-offloads.at b/tests/system-offloads.at index 9d1e80c8d..73a761316 100644 --- a/tests/system-offloads.at +++ b/tests/system-offloads.at @@ -30,6 +30,7 @@ m4_define([OVS_TRAFFIC_VSWITCHD_START], AT_CHECK([ovs-vsctl -- _ADD_BR([br0]) -- $1 m4_if([$2], [], [], [| uuidfilt])], [0], [$2]) ]) +<<< current # We override the OVS_REVALIDATOR_PURGE macro, allowing a bit more time for the # tc-datapath entries to be installed. @@ -42,6 +43,13 @@ m4_define([OVS_REVALIDATOR_PURGE], m4_define([DPCTL_DUMP_CONNTRACK], [sleep 3; ovs-appctl dpctl/dump-conntrack]) +# Conntrack ALGs are not supported for tc. +m4_define([CHECK_CONNTRACK_ALG], +[ + AT_SKIP_IF([:]) +]) + + # The list below are tests that will not pass for a "test environment" specific # issue. m4_define([OVS_TEST_SKIP_LIST], @@ -60,27 +68,7 @@ conntrack - IPv6 Fragmentation over vxlan conntrack - zone-based timeout policy conntrack - multiple zones, local conntrack - multi-stage pipeline, local -conntrack - FTP -conntrack - FTP over IPv6 -conntrack - IPv6 FTP Passive -conntrack - FTP with multiple expectations -conntrack - TFTP conntrack - ICMP related with NAT -conntrack - FTP SNAT prerecirc -conntrack - FTP SNAT prerecirc seqadj -conntrack - FTP SNAT postrecirc -conntrack - FTP SNAT postrecirc seqadj -conntrack - FTP SNAT orig tuple -conntrack - FTP SNAT orig tuple seqadj -conntrack - IPv4 FTP Passive with SNAT -conntrack - IPv4 FTP Passive with DNAT -conntrack - IPv4 FTP Passive with DNAT 2 -conntrack - IPv4 FTP Active with DNAT -conntrack - IPv4 FTP Active with DNAT with reverse skew -conntrack - IPv6 FTP with SNAT -conntrack - IPv6 FTP Passive with SNAT -conntrack - IPv6 FTP with SNAT - orig tuple -conntrack - IPv4 TFTP with SNAT conntrack - DNAT load balancing conntrack - DNAT load balancing with NC conntrack - Multiple ICMP traverse ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v5 08/15] test: Flush datapath when changing rules on the fly.
Flush datapath flows as TC flows take some more time to be flushed out. The flush speeds this up. Signed-off-by: Eelco Chaudron Acked-by: Roi Dayan --- tests/system-offloads.at |2 -- tests/system-traffic.at |6 ++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/system-offloads.at b/tests/system-offloads.at index 593dc1c7a..9d1e80c8d 100644 --- a/tests/system-offloads.at +++ b/tests/system-offloads.at @@ -48,8 +48,6 @@ m4_define([OVS_TEST_SKIP_LIST], [ovs_test_skip_list=" datapath - truncate and output to gre tunnel by simulated packets datapath - truncate and output to gre tunnel -conntrack - zones from other field -conntrack - zones from other field, more tests conntrack - multiple namespaces, internal ports conntrack - ct metadata, multiple zones conntrack - ICMP related diff --git a/tests/system-traffic.at b/tests/system-traffic.at index 2f6d8f13f..980b0bd70 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -2694,6 +2694,9 @@ AT_CHECK([ovs-appctl dpctl/dump-flows --names filter=in_port=ovs-p0 dnl AT_CHECK([ovs-ofctl mod-flows br0 dnl 'priority=100,ct_state=-trk,tcp,in_port="ovs-p0" actions=ct(table=0,zone=15)']) +dnl Force flush flows as some datapaths (read TC) might take time to clear. +AT_CHECK([ovs-appctl dpctl/del-flows]) + NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log]) AT_CHECK([ovs-appctl dpctl/dump-flows --names filter=in_port=ovs-p0 dnl @@ -2742,6 +2745,9 @@ AT_CHECK([ovs-appctl dpctl/dump-flows --names filter=in_port=ovs-p0 dnl AT_CHECK([ovs-ofctl mod-flows br0 'priority=100,ct_state=-trk,tcp,in_port="ovs-p0" actions=ct(table=0,zone=15,commit,exec(load:0x000f->NXM_NX_CT_LABEL[[0..31]]))']) +dnl Force flush flows as some datapaths (read TC) might take time to clear. +AT_CHECK([ovs-appctl dpctl/del-flows]) + NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log]) AT_CHECK([ovs-appctl dpctl/dump-flows --names filter=in_port=ovs-p0 dnl ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v5 07/15] test: Fix "conntrack - floating IP" test for TC.
This change fixes the "conntrack - floating" test for the TC offload case. In this scenario, the connection might move to CLOSE_WAIT, which would fail the test as it only accepts TIME_WAIT. However, both indicate the connection was established, so the test should pass. Signed-off-by: Eelco Chaudron Acked-by: Roi Dayan --- tests/system-offloads.at |1 - tests/system-traffic.at | 13 +++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/system-offloads.at b/tests/system-offloads.at index 1aca41825..593dc1c7a 100644 --- a/tests/system-offloads.at +++ b/tests/system-offloads.at @@ -85,7 +85,6 @@ conntrack - IPv6 FTP with SNAT - orig tuple conntrack - IPv4 TFTP with SNAT conntrack - DNAT load balancing conntrack - DNAT load balancing with NC -conntrack - floating IP conntrack - Multiple ICMP traverse conntrack - can match and clear ct_state from outside OVS IGMP - flood under normal action" diff --git a/tests/system-traffic.at b/tests/system-traffic.at index 48545f57d..2f6d8f13f 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -6808,16 +6808,17 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) dnl non-FIP case NS_CHECK_EXEC([at_ns1], [echo "foobar" |nc $NC_EOF_OPT 10.1.1.1 1234]) -OVS_WAIT_UNTIL([[ovs-appctl dpctl/dump-conntrack | sed -e 's/port=[0-9]*/port=/g' -e 's/id=[0-9]*/id=/g' | +OVS_WAIT_UNTIL([[ovs-appctl dpctl/dump-conntrack | sed -e 's/port=[0-9]*/port=/g' -e 's/id=[0-9]*/id=/g' -e 's/CLOSE_WAIT\|CLOSING/TIME_WAIT/g' | grep "tcp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),reply=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),protoinfo=(state=TIME_WAIT)" ]]) -dnl Check that the full session ends as expected (i.e. TIME_WAIT). Otherwise it -dnl means the datapath didn't process the ct_clear action. Ending in SYN_RECV -dnl (OVS maps to ESTABLISHED) means the initial frame was committed, but not a -dnl second time after the FIP translation (because ct_clear didn't occur). +dnl Check that the full session ends as expected (i.e. TIME_WAIT, CLOSE_WAIT). +dnl Otherwise it means the datapath didn't process the ct_clear action. Ending +dnl in SYN_RECV (OVS maps to ESTABLISHED) means the initial frame was +dnl committed, but not a second time after the FIP translation (because +dnl ct_clear didn't occur). NS_CHECK_EXEC([at_ns1], [echo "foobar" |nc $NC_EOF_OPT 10.254.254.1 1234]) -OVS_WAIT_UNTIL([[ovs-appctl dpctl/dump-conntrack | sed -e 's/port=[0-9]*/port=/g' -e 's/id=[0-9]*/id=/g' | +OVS_WAIT_UNTIL([[ovs-appctl dpctl/dump-conntrack | sed -e 's/port=[0-9]*/port=/g' -e 's/id=[0-9]*/id=/g' -e 's/CLOSE_WAIT\|CLOSING/TIME_WAIT/g' | grep "tcp,orig=(src=10.254.254.2,dst=10.1.1.1,sport=,dport=),reply=(src=10.1.1.1,dst=10.254.254.2,sport=,dport=),protoinfo=(state=TIME_WAIT)" ]]) ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v5 06/15] tests: Add delay to dump-conntrack for tc test cases.
This patch adds a delay before dumping the conntrack table because with tc it takes a bit longer before it gets synced. Signed-off-by: Eelco Chaudron --- tests/system-common-macros.at |3 + tests/system-offloads.at | 25 + tests/system-traffic.at | 198 + 3 files changed, 107 insertions(+), 119 deletions(-) diff --git a/tests/system-common-macros.at b/tests/system-common-macros.at index d95d79791..32b9ca0de 100644 --- a/tests/system-common-macros.at +++ b/tests/system-common-macros.at @@ -347,3 +347,6 @@ m4_define([OVS_CHECK_CT_CLEAR], # OVS_REVALIDATOR_PURGE() m4_define([OVS_REVALIDATOR_PURGE], [AT_CHECK([ovs-appctl revalidator/purge], [0])]) + +# DPCTL_DUMP_CONNTRACK() +m4_define([DPCTL_DUMP_CONNTRACK], [ovs-appctl dpctl/dump-conntrack]) diff --git a/tests/system-offloads.at b/tests/system-offloads.at index d39997708..1aca41825 100644 --- a/tests/system-offloads.at +++ b/tests/system-offloads.at @@ -37,24 +37,20 @@ m4_define([OVS_REVALIDATOR_PURGE], [AT_CHECK([sleep 2; ovs-appctl revalidator/purge], [0])]) +# We override the DPCTL_DUMP_CONNTRACK macro, allowing a bit more time for the +# tc-datapath conntrack entries to be installed/updated. +m4_define([DPCTL_DUMP_CONNTRACK], [sleep 3; ovs-appctl dpctl/dump-conntrack]) + + # The list below are tests that will not pass for a "test environment" specific # issue. m4_define([OVS_TEST_SKIP_LIST], [ovs_test_skip_list=" datapath - truncate and output to gre tunnel by simulated packets datapath - truncate and output to gre tunnel -conntrack - preserve registers -conntrack - zones -conntrack - zones from field conntrack - zones from other field conntrack - zones from other field, more tests -conntrack - multiple zones conntrack - multiple namespaces, internal ports -conntrack - ct_mark -conntrack - ct_mark bit-fiddling -conntrack - ct_mark from register -conntrack - ct_label -conntrack - ct_label bit-fiddling conntrack - ct metadata, multiple zones conntrack - ICMP related conntrack - ICMP related to original direction @@ -64,8 +60,6 @@ conntrack - IPv6 fragmentation + cvlan conntrack - Fragmentation over vxlan conntrack - IPv6 Fragmentation over vxlan conntrack - zone-based timeout policy -conntrack - IPv4 HTTP -conntrack - IPv6 HTTP conntrack - multiple zones, local conntrack - multi-stage pipeline, local conntrack - FTP @@ -73,14 +67,6 @@ conntrack - FTP over IPv6 conntrack - IPv6 FTP Passive conntrack - FTP with multiple expectations conntrack - TFTP -conntrack - simple SNAT -conntrack - SNAT with port range -conntrack - SNAT with port range with exhaustion -conntrack - more complex SNAT -conntrack - all-zero IP SNAT -conntrack - simple DNAT -conntrack - DNAT with additional SNAT -conntrack - more complex DNAT conntrack - ICMP related with NAT conntrack - FTP SNAT prerecirc conntrack - FTP SNAT prerecirc seqadj @@ -93,7 +79,6 @@ conntrack - IPv4 FTP Passive with DNAT conntrack - IPv4 FTP Passive with DNAT 2 conntrack - IPv4 FTP Active with DNAT conntrack - IPv4 FTP Active with DNAT with reverse skew -conntrack - IPv6 HTTP with DNAT conntrack - IPv6 FTP with SNAT conntrack - IPv6 FTP Passive with SNAT conntrack - IPv6 FTP with SNAT - orig tuple diff --git a/tests/system-traffic.at b/tests/system-traffic.at index 1d0d0dfd5..48545f57d 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -2215,7 +2215,7 @@ udp,vlan_tci=0x,dl_src=50:54:00:00:00:09,dl_dst=50:54:00:00:00:0a,nw_src=10. dnl dnl Check that the directionality has been changed by force commit. dnl -AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep "orig=.src=10\.1\.1\.2,"], [], [dnl +AT_CHECK([DPCTL_DUMP_CONNTRACK | grep "orig=.src=10\.1\.1\.2,"], [], [dnl udp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=2,dport=1),reply=(src=10.1.1.1,dst=10.1.1.2,sport=1,dport=2) ]) @@ -2223,7 +2223,7 @@ dnl OK, now send another packet from port 1 and see that it switches again AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 packet=5054000a505400090800451c0011a4cd0a0101010a010102000100020008 actions=resubmit(,0)"]) OVS_REVALIDATOR_PURGE() -AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep "orig=.src=10\.1\.1\.1,"], [], [dnl +AT_CHECK([DPCTL_DUMP_CONNTRACK | grep "orig=.src=10\.1\.1\.1,"], [], [dnl udp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=1,dport=2),reply=(src=10.1.1.2,dst=10.1.1.1,sport=2,dport=1) ]) @@ -2253,25 +2253,25 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) dnl Test UDP from port 1 AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 packet=5054000a505400090800451c0011a4cd0a0101010a010102000100020008 actions=resubmit(,0)"]) -AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep "orig=.src=10\.1\.1\.1,"], [], [dnl +AT_CHECK([DPCTL_DUMP_CONNTRACK | grep "orig=.src=10\.1\.1\.1,"], [], [dnl
[ovs-dev] [PATCH v5 04/15] test: Add delay on revalidator flush for offload test cases.
The revalidator/purge commands in the system test cases sometimes get called immediately after a partial test is completed. This could cause the revalidator thread to log an error that it can not find/delete a flow due to the slower flow installation nature of TC. This patch uses a macro to call the revalidator/purge command, which can be overwritten when the system tests are run on a tc enabled datapath. Signed-off-by: Eelco Chaudron --- tests/system-common-macros.at |4 tests/system-offloads.at |8 +++- tests/system-traffic.at | 38 +++--- 3 files changed, 30 insertions(+), 20 deletions(-) diff --git a/tests/system-common-macros.at b/tests/system-common-macros.at index 8b9f5c752..d95d79791 100644 --- a/tests/system-common-macros.at +++ b/tests/system-common-macros.at @@ -343,3 +343,7 @@ m4_define([OVS_CHECK_IPROUTE_ENCAP], # OVS_CHECK_CT_CLEAR() m4_define([OVS_CHECK_CT_CLEAR], [AT_SKIP_IF([! grep -q "Datapath supports ct_clear action" ovs-vswitchd.log])]) + +# OVS_REVALIDATOR_PURGE() +m4_define([OVS_REVALIDATOR_PURGE], +[AT_CHECK([ovs-appctl revalidator/purge], [0])]) diff --git a/tests/system-offloads.at b/tests/system-offloads.at index fbe1dc99a..7b6deccf0 100644 --- a/tests/system-offloads.at +++ b/tests/system-offloads.at @@ -30,11 +30,17 @@ m4_define([OVS_TRAFFIC_VSWITCHD_START], AT_CHECK([ovs-vsctl -- _ADD_BR([br0]) -- $1 m4_if([$2], [], [], [| uuidfilt])], [0], [$2]) ]) + +# We override the OVS_REVALIDATOR_PURGE macro, allowing a bit more time for the +# tc-datapath entries to be installed. +m4_define([OVS_REVALIDATOR_PURGE], +[AT_CHECK([sleep 2; ovs-appctl revalidator/purge], [0])]) + + # The list below are tests that will not pass for a "test environment" specific # issue. m4_define([OVS_TEST_SKIP_LIST], [ovs_test_skip_list=" -datapath - basic truncate action datapath - truncate and output to gre tunnel by simulated packets datapath - truncate and output to gre tunnel conntrack - force commit diff --git a/tests/system-traffic.at b/tests/system-traffic.at index cd3ad0f68..1d0d0dfd5 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -1517,12 +1517,12 @@ on_exit 'rm -f payload200.bin' NS_CHECK_EXEC([at_ns0], [nc $NC_EOF_OPT -u 10.1.1.2 1234 < payload200.bin]) dnl packet with truncated size -AT_CHECK([ovs-appctl revalidator/purge], [0]) +OVS_REVALIDATOR_PURGE() AT_CHECK([ovs-ofctl dump-flows br0 table=0 | grep "in_port=3" | sed -n 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p'], [0], [dnl n_bytes=100 ]) dnl packet with original size -AT_CHECK([ovs-appctl revalidator/purge], [0]) +OVS_REVALIDATOR_PURGE() AT_CHECK([ovs-ofctl dump-flows br0 table=0 | grep "in_port=5" | sed -n 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p'], [0], [dnl n_bytes=242 ]) @@ -1539,7 +1539,7 @@ AT_CHECK([ovs-ofctl add-flows br0 flows.txt]) NS_CHECK_EXEC([at_ns0], [nc $NC_EOF_OPT -u 10.1.1.2 1234 < payload200.bin]) dnl 100 + 100 + 242 + min(65535,242) = 684 -AT_CHECK([ovs-appctl revalidator/purge], [0]) +OVS_REVALIDATOR_PURGE() AT_CHECK([ovs-ofctl dump-flows br0 table=0 | grep "in_port=3" | sed -n 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p'], [0], [dnl n_bytes=684 ]) @@ -1569,7 +1569,7 @@ AT_CHECK([ovs-ofctl add-flows br0 flows.txt]) NS_CHECK_EXEC([at_ns0], [nc $NC_EOF_OPT -u 10.1.1.2 1234 < payload200.bin]) dnl 100 + 100 + 242 + min(65535,242) = 684 -AT_CHECK([ovs-appctl revalidator/purge], [0]) +OVS_REVALIDATOR_PURGE() AT_CHECK([ovs-ofctl dump-flows br0 table=0 | grep "in_port=3" | sed -n 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p'], [0], [dnl n_bytes=684 ]) @@ -1653,7 +1653,7 @@ AT_CHECK([ovs-ofctl add-flows br-underlay flows-underlay.txt]) dnl check tunnel push path, from at_ns1 to at_ns0 NS_CHECK_EXEC([at_ns1], [nc $NC_EOF_OPT -u 10.1.1.1 1234 < payload200.bin]) -AT_CHECK([ovs-appctl revalidator/purge], [0]) +OVS_REVALIDATOR_PURGE() dnl Before truncation = ETH(14) + IP(20) + UDP(8) + 200 = 242B AT_CHECK([ovs-ofctl dump-flows br0 | grep "in_port=2" | sed -n 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p'], [0], [dnl @@ -1669,7 +1669,7 @@ dnl This 200-byte packet is simulated on behalf of ns_gre0 ovs-ofctl -O OpenFlow13 packet-out br-underlay "in_port=1 packet=02908ca8a149faadfa25056008004500010a9e9d4000402f4084ac1f0101ac1f01646558e666c122e666c111080045e46f8e40004011b4760a0101010a010102e026162e00d016e6a366ebf904c74132c6fed42a9e9e46240b4d9fd13c9b47d9704a388e70a5e77db16934a6188dc01d86aa20007ace2cf9cdb111f208474b88ffc851c871f0e3fb4fff138c1d288d437efff487e2b86a9c99fbf4229a6485e133bcf3e16f6e345207fda0932d9eeb602740456fd077b4847d25481337bd716155cc245be129ccc11bf82b834767b3760b52fe913c0e24f31c0e1b27f88acf7bba6b985fb64ee2cd6fc6bba1a9c1f021e253e1728b046fd4d023307e3296361a37ea2617ebcb2537e0284a81050dd0ee actions=LOCAL" dnl After truncation = 100 byte at loopback device p2(4) -AT_CHECK([ovs-appctl revalidator/purge], [0]) +OVS_REVALIDATOR_PURGE() AT_CHECK([ovs-ofctl dump-flows br0 | grep "in_port=4" |
[ovs-dev] [PATCH v5 05/15] netdev-offload-tc: Fix tc conntrack force commit support.
tc was not setting the OVS_CT_ATTR_FORCE_COMMIT flag when a forced
commit was requested. This patch will fix this.
Signed-off-by: Eelco Chaudron
Acked-by: Roi Dayan
---
lib/netdev-offload-tc.c | 13 +++--
tests/system-offloads.at |1 -
2 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/lib/netdev-offload-tc.c b/lib/netdev-offload-tc.c
index ce7f8ad97..915c45ed3 100644
--- a/lib/netdev-offload-tc.c
+++ b/lib/netdev-offload-tc.c
@@ -825,7 +825,11 @@ parse_tc_flower_to_actions__(struct tc_flower *flower,
struct ofpbuf *buf,
ct_offset = nl_msg_start_nested(buf, OVS_ACTION_ATTR_CT);
if (action->ct.commit) {
-nl_msg_put_flag(buf, OVS_CT_ATTR_COMMIT);
+if (action->ct.force) {
+nl_msg_put_flag(buf, OVS_CT_ATTR_FORCE_COMMIT);
+} else {
+nl_msg_put_flag(buf, OVS_CT_ATTR_COMMIT);
+}
}
if (action->ct.zone) {
@@ -1309,7 +1313,12 @@ parse_put_flow_ct_action(struct tc_flower *flower,
NL_ATTR_FOR_EACH_UNSAFE (ct_attr, ct_left, ct, ct_len) {
switch (nl_attr_type(ct_attr)) {
case OVS_CT_ATTR_COMMIT: {
-action->ct.commit = true;
+action->ct.commit = true;
+}
+break;
+case OVS_CT_ATTR_FORCE_COMMIT: {
+action->ct.commit = true;
+action->ct.force = true;
}
break;
case OVS_CT_ATTR_ZONE: {
diff --git a/tests/system-offloads.at b/tests/system-offloads.at
index 7b6deccf0..d39997708 100644
--- a/tests/system-offloads.at
+++ b/tests/system-offloads.at
@@ -43,7 +43,6 @@ m4_define([OVS_TEST_SKIP_LIST],
[ovs_test_skip_list="
datapath - truncate and output to gre tunnel by simulated packets
datapath - truncate and output to gre tunnel
-conntrack - force commit
conntrack - preserve registers
conntrack - zones
conntrack - zones from field
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v5 03/15] test: Do not use MPLS implicit null label in test cases.
TC flower does not allow the push of the implicit null labels (RFC3032). Avoid the use of such labels in the MPLS test cases. Signed-off-by: Eelco Chaudron Acked-by: Roi Dayan --- tests/system-offloads.at |2 -- tests/system-traffic.at |8 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/tests/system-offloads.at b/tests/system-offloads.at index f6dd931b7..fbe1dc99a 100644 --- a/tests/system-offloads.at +++ b/tests/system-offloads.at @@ -34,8 +34,6 @@ m4_define([OVS_TRAFFIC_VSWITCHD_START], # issue. m4_define([OVS_TEST_SKIP_LIST], [ovs_test_skip_list=" -datapath - mpls actions -datapath - multiple mpls label pop datapath - basic truncate action datapath - truncate and output to gre tunnel by simulated packets datapath - truncate and output to gre tunnel diff --git a/tests/system-traffic.at b/tests/system-traffic.at index e5403519f..cd3ad0f68 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -1167,8 +1167,8 @@ AT_CHECK([ovs-vsctl add-port br0 patch0]) AT_CHECK([ovs-vsctl add-port br1 patch1]) AT_DATA([flows.txt], [dnl -table=0,priority=100,dl_type=0x0800 actions=push_mpls:0x8847,set_mpls_label:3,resubmit(,1) -table=0,priority=100,dl_type=0x8847,mpls_label=3 actions=pop_mpls:0x0800,resubmit(,1) +table=0,priority=100,dl_type=0x0800 actions=push_mpls:0x8847,set_mpls_label:4,resubmit(,1) +table=0,priority=100,dl_type=0x8847,mpls_label=4 actions=pop_mpls:0x0800,resubmit(,1) table=0,priority=10 actions=resubmit(,1) table=1,priority=10 actions=normal ]) @@ -1204,10 +1204,10 @@ AT_CHECK([ovs-vsctl add-port br0 patch0]) AT_CHECK([ovs-vsctl add-port br1 patch1]) AT_DATA([flows.txt], [dnl -table=0,priority=100,dl_type=0x0800 actions=push_mpls:0x8847,set_mpls_label:3,push_mpls:0x8847,set_mpls_label:2,push_mpls:0x8847,set_mpls_label:1,resubmit(,3) +table=0,priority=100,dl_type=0x0800 actions=push_mpls:0x8847,set_mpls_label:4,push_mpls:0x8847,set_mpls_label:2,push_mpls:0x8847,set_mpls_label:1,resubmit(,3) table=0,priority=100,dl_type=0x8847,mpls_label=1 actions=pop_mpls:0x8847,resubmit(,1) table=1,priority=100,dl_type=0x8847,mpls_label=2 actions=pop_mpls:0x8847,resubmit(,2) -table=2,priority=100,dl_type=0x8847,mpls_label=3 actions=pop_mpls:0x0800,resubmit(,3) +table=2,priority=100,dl_type=0x8847,mpls_label=4 actions=pop_mpls:0x0800,resubmit(,3) table=0,priority=10 actions=resubmit(,3) table=3,priority=10 actions=normal ]) ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v5 02/15] tests: Include working system-traffic tests into the system-offloads-testsuite.
Include and run the system-traffic.at tests as part of the system offload testsuite. Exclude all the tests that will not run without any special modifications. Signed-off-by: Eelco Chaudron Acked-by: Roi Dayan --- tests/automake.mk |1 tests/system-offloads-testsuite.at |1 tests/system-offloads.at | 106 3 files changed, 108 insertions(+) create mode 100644 tests/system-offloads.at diff --git a/tests/automake.mk b/tests/automake.mk index d509cf935..12435d2c1 100644 --- a/tests/automake.mk +++ b/tests/automake.mk @@ -183,6 +183,7 @@ SYSTEM_TESTSUITE_AT = \ SYSTEM_OFFLOADS_TESTSUITE_AT = \ tests/system-common-macros.at \ + tests/system-offloads.at \ tests/system-offloads-traffic.at \ tests/system-offloads-testsuite.at diff --git a/tests/system-offloads-testsuite.at b/tests/system-offloads-testsuite.at index eb5d2d4b3..a2dfcbc94 100644 --- a/tests/system-offloads-testsuite.at +++ b/tests/system-offloads-testsuite.at @@ -23,3 +23,4 @@ m4_include([tests/system-common-macros.at]) m4_include([tests/system-kmod-macros.at]) m4_include([tests/system-offloads-traffic.at]) +m4_include([tests/system-offloads.at]) diff --git a/tests/system-offloads.at b/tests/system-offloads.at new file mode 100644 index 0..f6dd931b7 --- /dev/null +++ b/tests/system-offloads.at @@ -0,0 +1,106 @@ +AT_COPYRIGHT([Copyright (c) 2022 Red Hat, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at: + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License.]) + +# The goal is to run as many as possible of the system-traffic tests with +# OVS tc offload enabled. We do this by overriding the +# OVS_TRAFFIC_VSWITCHD_START() with offloading enabled. +m4_define([OVS_TRAFFIC_VSWITCHD_START], + [AT_CHECK([modprobe openvswitch]) + on_exit 'modprobe -r openvswitch' + m4_foreach([mod], [[vport_geneve], [vport_gre], [vport_lisp], [vport_stt], [vport_vxlan]], + [modprobe -q mod || echo "Module mod not loaded." + on_exit 'modprobe -q -r mod' + ]) + on_exit 'ovs-dpctl del-dp ovs-system' + on_exit 'ovs-appctl dpctl/flush-conntrack' + _OVS_VSWITCHD_START([], [-- set Open_vSwitch . other_config:hw-offload=true + $3]) + dnl Add bridges, ports, etc. + AT_CHECK([ovs-vsctl -- _ADD_BR([br0]) -- $1 m4_if([$2], [], [], [| uuidfilt])], [0], [$2]) +]) + +# The list below are tests that will not pass for a "test environment" specific +# issue. +m4_define([OVS_TEST_SKIP_LIST], +[ovs_test_skip_list=" +datapath - mpls actions +datapath - multiple mpls label pop +datapath - basic truncate action +datapath - truncate and output to gre tunnel by simulated packets +datapath - truncate and output to gre tunnel +conntrack - force commit +conntrack - preserve registers +conntrack - zones +conntrack - zones from field +conntrack - zones from other field +conntrack - zones from other field, more tests +conntrack - multiple zones +conntrack - multiple namespaces, internal ports +conntrack - ct_mark +conntrack - ct_mark bit-fiddling +conntrack - ct_mark from register +conntrack - ct_label +conntrack - ct_label bit-fiddling +conntrack - ct metadata, multiple zones +conntrack - ICMP related +conntrack - ICMP related to original direction +conntrack - IPv4 fragmentation + cvlan +conntrack - IPv4 fragmentation with fragments specified +conntrack - IPv6 fragmentation + cvlan +conntrack - Fragmentation over vxlan +conntrack - IPv6 Fragmentation over vxlan +conntrack - zone-based timeout policy +conntrack - IPv4 HTTP +conntrack - IPv6 HTTP +conntrack - multiple zones, local +conntrack - multi-stage pipeline, local +conntrack - FTP +conntrack - FTP over IPv6 +conntrack - IPv6 FTP Passive +conntrack - FTP with multiple expectations +conntrack - TFTP +conntrack - simple SNAT +conntrack - SNAT with port range +conntrack - SNAT with port range with exhaustion +conntrack - more complex SNAT +conntrack - all-zero IP SNAT +conntrack - simple DNAT +conntrack - DNAT with additional SNAT +conntrack - more complex DNAT +conntrack - ICMP related with NAT +conntrack - FTP SNAT prerecirc +conntrack - FTP SNAT prerecirc seqadj +conntrack - FTP SNAT postrecirc +conntrack - FTP SNAT postrecirc seqadj +conntrack - FTP SNAT orig tuple +conntrack - FTP SNAT orig tuple seqadj +conntrack - IPv4 FTP Passive with SNAT +conntrack - IPv4 FTP Passive with DNAT +conntrack - IPv4 FTP Passive with DNAT 2 +conntrack - IPv4 FTP Active with DNAT +conntrack - IPv4 FTP Active with DNAT with reverse skew +conntrack -
[ovs-dev] [PATCH v5 01/15] tests: Allow system-traffic tests to be skipped based on a list.
When the test description is part of the OVS_TEST_SKIP_LIST variable, the test is skipped. Signed-off-by: Eelco Chaudron Acked-by: Roi Dayan --- tests/ofproto-macros.at |5 - tests/ovs-macros.at |7 +++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/tests/ofproto-macros.at b/tests/ofproto-macros.at index 676d55aa9..5c033f771 100644 --- a/tests/ofproto-macros.at +++ b/tests/ofproto-macros.at @@ -161,7 +161,10 @@ m4_define([TESTABLE_LOG], [-vPATTERN:ANY:'%c|%p|%m']) # before starting ovs-vswitchd. # m4_define([_OVS_VSWITCHD_START], - [dnl Create database. + [dnl Check if test needs to be run. + OVS_SKIP_TEST_IF_REQUESTED() + + dnl Create database. touch .conf.db.~lock~ AT_CHECK([ovsdb-tool create conf.db $abs_top_srcdir/vswitchd/vswitch.ovsschema]) diff --git a/tests/ovs-macros.at b/tests/ovs-macros.at index 39fbfceeb..f3eff5c05 100644 --- a/tests/ovs-macros.at +++ b/tests/ovs-macros.at @@ -371,3 +371,10 @@ dnl Add a rule to always accept the traffic. m4_define([IPTABLES_ACCEPT], [AT_CHECK([iptables -I INPUT 1 -i $1 -j ACCEPT]) on_exit 'iptables -D INPUT 1 -i $1']) + +# OVS_TEST_SKIP_LIST() +m4_define([OVS_TEST_SKIP_LIST], [ echo ""]) + +# OVS_SKIP_TEST_IF_REQUESTED() +m4_define([OVS_SKIP_TEST_IF_REQUESTED], +[AT_SKIP_IF([OVS_TEST_SKIP_LIST() | grep -qx "$at_desc"])]) ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v5 00/15] tests: Add system-traffic.at tests to check-offloads.
This series makes it possible to include system-traffic.at tests into "make check-offloads" tests. The last patch of the series explains which tests are still not passing and might need some more work. I'll try to work on the remaining failing test cases or find someone who can work on them. v5: - Include all patches, v4 went out with missing two patches :( v4: - Fix rename from system-traffic.at to sym-traffic.at in patch 11 v3: - Fixed missing MACRO's in patches 4, 6 and 10. v2: - Fix commit message on last patch - Moved handling of system-traffic.at tests to a separate file system-offloads.at - Re-based to the latest ovs master branch - Added Roi's ACKs Eelco Chaudron (15): tests: Allow system-traffic tests to be skipped based on a list. tests: Include working system-traffic tests into the system-offloads-testsuite. test: Do not use MPLS implicit null label in test cases. test: Add delay on revalidator flush for offload test cases. netdev-offload-tc: Fix tc conntrack force commit support. tests: Add delay to dump-conntrack for tc test cases. test: Fix "conntrack - floating IP" test for TC. test: Flush datapath when changing rules on the fly. netdev-offload-tc: Conntrack ALGs are not supported with tc. test: tc does not support conntrack timeout, skip the related test. test: Fix 'conntrack - Multiple ICMP traverse' for tc case. odp-util: Make odp_flow_key_from_flow__ nlattr order the same as the kernel. netdev-offload-tc: If the flow has not been used, report it as such. tests: Fix reading of OpenFlow byte counters in GRE test cases. tests: Comment currently failing TC system-traffic tests. Documentation/howto/tc-offload.rst | 11 ++ lib/netdev-offload-tc.c| 17 +- lib/odp-util.c | 21 ++- lib/tc.c | 8 +- tests/automake.mk | 1 + tests/dpif-netdev.at | 28 +-- tests/mcast-snooping.at| 4 +- tests/nsh.at | 10 +- tests/odp.at | 83 - tests/ofproto-dpif.at | 30 +-- tests/ofproto-macros.at| 5 +- tests/ovs-macros.at| 7 + tests/packet-type-aware.at | 22 +-- tests/pmd.at | 2 +- tests/system-common-macros.at | 7 + tests/system-offloads-testsuite.at | 1 + tests/system-offloads.at | 111 tests/system-traffic.at| 282 +++-- tests/tunnel-push-pop-ipv6.at | 2 +- tests/tunnel-push-pop.at | 2 +- tests/tunnel.at| 2 +- 21 files changed, 409 insertions(+), 247 deletions(-) create mode 100644 tests/system-offloads.at ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH ovn] controller: Fixed ovs/ovn(features) connection lost when running more than 120 seconds
On 11/23/22 09:10, Ales Musil wrote:
> On Tue, Nov 22, 2022 at 9:24 PM Xavier Simonart wrote:
>
>> Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2144084
>>
>> Signed-off-by: Xavier Simonart
>> ---
>> lib/features.c | 16 ++--
>> tests/ovn.at | 18 ++
>> 2 files changed, 28 insertions(+), 6 deletions(-)
>>
>> diff --git a/lib/features.c b/lib/features.c
>> index f15ec42bb..571e24ded 100644
>> --- a/lib/features.c
>> +++ b/lib/features.c
>> @@ -26,6 +26,7 @@
>> #include "openvswitch/rconn.h"
>> #include "openvswitch/ofp-msgs.h"
>> #include "openvswitch/ofp-meter.h"
>> +#include "openvswitch/ofp-util.h"
>> #include "ovn/features.h"
>>
>> VLOG_DEFINE_THIS_MODULE(features);
>> @@ -90,6 +91,8 @@ ovs_feature_rconn_setup(const char *br_name)
>> static bool
>> ovs_feature_get_openflow_cap(const char *br_name)
>> {
>> +struct ofpbuf *msg;
>> +
>> if (!br_name) {
>> return false;
>> }
>> @@ -102,15 +105,14 @@ ovs_feature_get_openflow_cap(const char *br_name)
>> }
>>
>> /* send new requests just after reconnect. */
>> -if (conn_seq_no == rconn_get_connection_seqno(swconn)) {
>> -return false;
>> +if (conn_seq_no != rconn_get_connection_seqno(swconn)) {
>> +/* dump datapath meter capabilities. */
>> +msg = ofpraw_alloc(OFPRAW_OFPST13_METER_FEATURES_REQUEST,
>> + rconn_get_version(swconn), 0);
>> +rconn_send(swconn, msg, NULL);
>> }
>>
>> bool ret = false;
>> -/* dump datapath meter capabilities. */
>> -struct ofpbuf *msg =
>> ofpraw_alloc(OFPRAW_OFPST13_METER_FEATURES_REQUEST,
>> - rconn_get_version(swconn), 0);
>> -rconn_send(swconn, msg, NULL);
>> for (int i = 0; i < 50; i++) {
>> msg = rconn_recv(swconn);
>> if (!msg) {
>> @@ -137,6 +139,8 @@ ovs_feature_get_openflow_cap(const char *br_name)
>> }
>> }
>> conn_seq_no = rconn_get_connection_seqno(swconn);
>> +} else if (type == OFPTYPE_ECHO_REQUEST) {
>> +rconn_send(swconn, ofputil_encode_echo_reply(oh), NULL);
>> }
>> ofpbuf_delete(msg);
>> }
>> diff --git a/tests/ovn.at b/tests/ovn.at
>> index cf1ea991d..3a1c231f5 100644
>> --- a/tests/ovn.at
>> +++ b/tests/ovn.at
>> @@ -33069,3 +33069,21 @@ check ovn-nbctl --wait=hv sync
>> OVN_CLEANUP([hv1])
>> AT_CLEANUP
>> ])
>> +
>> +OVN_FOR_EACH_NORTHD([
>> +AT_SETUP([feature inactivity probe])
>> +ovn_start
>> +net_add n1
>> +
>> +sim_add hv1
>> +as hv1
>> +check ovs-vsctl add-br br-phys
>> +ovn_attach n1 br-phys 192.168.0.1
>> +
>> +# Wait for more than 2x 60 seconds
>> +sleep 125
>> +
>> +AT_CHECK([test -z "`grep disconnecting hv1/ovs-vswitchd.log`"])
>> +OVN_CLEANUP([hv1])
>> +AT_CLEANUP
>> +])
>> --
>> 2.31.1
>>
>> ___
>> dev mailing list
>> d...@openvswitch.org
>> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>>
>>
> Hi Xavier,
>
Hi Xavier, Ales,
> the change itself looks good, however I'm very concerned about the test.
> I wonder if we can roll with confirmation that this just works, without
> actually having
> test that sleeps for more than 2 minutes.
>
> Dumitru, Mark, Han any thoughts?
>
I agree, this is too long. I played a bit with it and this is what I
came up with:
diff --git a/tests/ovn.at b/tests/ovn.at
index fc5cf257ef..6d21446ddd 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -33253,8 +33253,21 @@ as hv1
check ovs-vsctl add-br br-phys
ovn_attach n1 br-phys 192.168.0.1
-# Wait for more than 2x 60 seconds
-sleep 125
+dnl Ensure that there are at least 3 openflow connections.
+OVS_WAIT_UNTIL([test "$(grep -c 'negotiated OpenFlow version'
hv1/ovs-vswitchd.log)" -eq "3"])
+
+dnl "Wait" 3 times 60 seconds and ensure ovn-controller writes to the
+dnl openflow connections in the meantime. This should allow ovs-vswitchd
+dnl to probe the openflow connections at least twice.
+
+as hv1 ovs-appctl time/warp 6
+check ovn-nbctl --wait=hv sync
+
+as hv1 ovs-appctl time/warp 6
+check ovn-nbctl --wait=hv sync
+
+as hv1 ovs-appctl time/warp 6
+check ovn-nbctl --wait=hv sync
AT_CHECK([test -z "`grep disconnecting hv1/ovs-vswitchd.log`"])
OVN_CLEANUP([hv1])
---
It's still not 100% bullet proof but I think it should be ok.
However, this brings me to the next issue: if the features
openflow connection goes down we don't reconnect from
ovn-controller.
I think that's because on the vswitchd side, closing the punix
stream doesn't do anything. And on the ovn-controller side we
have no chance of detecting the connection drop either because
probes are disabled and because we only request meter features
after a reconnect.
So I made this change to explicit request probes on the connection
(like we do for ofctrl):
diff --git a/lib/features.c b/lib/features.c
index a1e2e6dc1c..898a0cade5 100644
--- a/lib/features.c
+++ b/lib/features.c
Re: [ovs-dev] Patch "openvswitch: Fix Frame-size larger than 1024 bytes warning" not correct.
Hi Pravin,
Any update feedback on this?
//Eelco
On 15 Nov 2022, at 17:16, Eelco Chaudron wrote:
> Hi Pravin,
>
> It looks like a previous fix you made, 190aa3e77880 ("openvswitch: Fix
> Frame-size larger than 1024 bytes warning."), is breaking stuff. With this
> change, the actual flow lookup, ovs_flow_tbl_lookup(), is done using a masked
> key, where it should be an unmasked key. This is maybe more clear if you take
> a look at the diff for the ufid addition, 74ed7ab9264c ("openvswitch: Add
> support for unique flow IDs.").
>
> Just reverting the change gets rid of the problem, but it will re-introduce
> the larger stack size. It looks like we either have it on the stack or
> dynamically allocate it each time. Let me know if you have any other clever
> fix ;)
>
> We found this after debugging some customer-specific issue. More details are
> in the following OVS patch,
> https://patchwork.ozlabs.org/project/openvswitch/list/?series=328315
>
> Cheers,
>
> Eelco
>
>
> FYI the working revers:
>
>
>Revert "openvswitch: Fix Frame-size larger than 1024 bytes warning."
>
> This reverts commit 190aa3e77880a05332ea1ccb382a51285d57adb5.
>
> diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c
> index 861dfb8daf4a..660d5fdd9b28 100644
> --- a/net/openvswitch/datapath.c
> +++ b/net/openvswitch/datapath.c
> @@ -948,6 +948,7 @@ static int ovs_flow_cmd_new(struct sk_buff *skb, struct
> genl_info *info)
> struct sw_flow_mask mask;
> struct sk_buff *reply;
> struct datapath *dp;
> + struct sw_flow_key key;
> struct sw_flow_actions *acts;
> struct sw_flow_match match;
> u32 ufid_flags = ovs_nla_get_ufid_flags(a[OVS_FLOW_ATTR_UFID_FLAGS]);
> @@ -975,24 +976,20 @@ static int ovs_flow_cmd_new(struct sk_buff *skb, struct
> genl_info *info)
> }
>
> /* Extract key. */
> - ovs_match_init(, _flow->key, false, );
> + ovs_match_init(, , true, );
> error = ovs_nla_get_match(net, , a[OVS_FLOW_ATTR_KEY],
> a[OVS_FLOW_ATTR_MASK], log);
> if (error)
> goto err_kfree_flow;
>
> + ovs_flow_mask_key(_flow->key, , true, );
> +
> /* Extract flow identifier. */
> error = ovs_nla_get_identifier(_flow->id, a[OVS_FLOW_ATTR_UFID],
> - _flow->key, log);
> + , log);
> if (error)
> goto err_kfree_flow;
>
> - /* unmasked key is needed to match when ufid is not used. */
> - if (ovs_identifier_is_key(_flow->id))
> - match.key = new_flow->id.unmasked_key;
> -
> - ovs_flow_mask_key(_flow->key, _flow->key, true, );
> -
> /* Validate actions. */
> error = ovs_nla_copy_actions(net, a[OVS_FLOW_ATTR_ACTIONS],
> _flow->key, , log);
> @@ -1019,7 +1016,7 @@ static int ovs_flow_cmd_new(struct sk_buff *skb, struct
> genl_info *info)
> if (ovs_identifier_is_ufid(_flow->id))
> flow = ovs_flow_tbl_lookup_ufid(>table, _flow->id);
> if (!flow)
> - flow = ovs_flow_tbl_lookup(>table, _flow->key);
> + flow = ovs_flow_tbl_lookup(>table, );
> if (likely(!flow)) {
> rcu_assign_pointer(new_flow->sf_acts, acts);
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v4 00/12] tests: Add system-traffic.at tests to check-offloads.
On 23 Nov 2022, at 11:39, Eelco Chaudron wrote: > This series makes it possible to include system-traffic.at tests into > "make check-offloads" tests. > > The last patch of the series explains which tests are still not passing > and might need some more work. > > I'll try to work on the remaining failing test cases or find someone > who can work on them. Please ignore this, I messed this up :( I forgot to include two patches… //Eelco > v4: > - Fix rename from system-traffic.at to sym-traffic.at in patch 11 > > v3: > - Fixed missing MACRO's in patches 4, 6 and 10. > > v2: > - Fix commit message on last patch > - Moved handling of system-traffic.at tests to a separate file > system-offloads.at > - Re-based to the latest ovs master branch > - Added Roi's ACKs > > Eelco Chaudron (12): > tests: Allow system-traffic tests to be skipped based on a list. > tests: Include working system-traffic tests into the > system-offloads-testsuite. > test: Do not use MPLS implicit null label in test cases. > test: Add delay on revalidator flush for offload test cases. > netdev-offload-tc: Fix tc conntrack force commit support. > tests: Add delay to dump-conntrack for tc test cases. > test: Fix "conntrack - floating IP" test for TC. > test: Flush datapath when changing rules on the fly. > netdev-offload-tc: Conntrack ALGs are not supported with tc. > test: tc does not support conntrack timeout, skip the related test. > test: Fix 'conntrack - Multiple ICMP traverse' for tc case. > odp-util: Make odp_flow_key_from_flow__ nlattr order the same as the > kernel. > > > Documentation/howto/tc-offload.rst | 11 ++ > lib/netdev-offload-tc.c| 17 +- > lib/odp-util.c | 21 +-- > tests/automake.mk | 1 + > tests/dpif-netdev.at | 28 +-- > tests/mcast-snooping.at| 4 +- > tests/nsh.at | 10 +- > tests/odp.at | 83 + > tests/ofproto-dpif.at | 30 ++-- > tests/ofproto-macros.at| 5 +- > tests/ovs-macros.at| 7 + > tests/packet-type-aware.at | 22 +-- > tests/pmd.at | 2 +- > tests/system-common-macros.at | 7 + > tests/system-offloads-testsuite.at | 1 + > tests/system-offloads.at | 83 + > tests/system-traffic.at| 265 +++-- > tests/tunnel-push-pop-ipv6.at | 2 +- > tests/tunnel-push-pop.at | 2 +- > tests/tunnel.at| 2 +- > 20 files changed, 366 insertions(+), 237 deletions(-) > create mode 100644 tests/system-offloads.at > > ___ > dev mailing list > d...@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v4 10/12] test: tc does not support conntrack timeout, skip the related test.
The tc conntrack implementation does not support the timeout option. The current implementation is silently ignoring the timeout option by adding a general conntrack entry. This patch will skip the related test by overriding the support macro. Signed-off-by: Eelco Chaudron Acked-by: Roi Dayan --- tests/system-offloads.at |8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tests/system-offloads.at b/tests/system-offloads.at index 73a761316..a94b4a64b 100644 --- a/tests/system-offloads.at +++ b/tests/system-offloads.at @@ -50,6 +50,13 @@ m4_define([CHECK_CONNTRACK_ALG], ]) +# Conntrack timeout not supported for tc. +m4_define([CHECK_CONNTRACK_TIMEOUT], +[ + AT_SKIP_IF([:]) +]) + + # The list below are tests that will not pass for a "test environment" specific # issue. m4_define([OVS_TEST_SKIP_LIST], @@ -65,7 +72,6 @@ conntrack - IPv4 fragmentation with fragments specified conntrack - IPv6 fragmentation + cvlan conntrack - Fragmentation over vxlan conntrack - IPv6 Fragmentation over vxlan -conntrack - zone-based timeout policy conntrack - multiple zones, local conntrack - multi-stage pipeline, local conntrack - ICMP related with NAT ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v4 09/12] netdev-offload-tc: Conntrack ALGs are not supported with tc.
tc does not support conntrack ALGs. Even worse, with tc enabled, they should not be used/configured at all. This is because even though TC will ignore the rules with ALG configured, i.e., they will flow through the kernel module, return traffic might flow through a tc conntrack rule, and it will not invoke the ALG helper. Signed-off-by: Eelco Chaudron Acked-by: Roi Dayan --- Documentation/howto/tc-offload.rst | 11 +++ lib/netdev-offload-tc.c|4 tests/system-offloads.at | 28 3 files changed, 23 insertions(+), 20 deletions(-) diff --git a/Documentation/howto/tc-offload.rst b/Documentation/howto/tc-offload.rst index f6482c8af..63687adc9 100644 --- a/Documentation/howto/tc-offload.rst +++ b/Documentation/howto/tc-offload.rst @@ -112,3 +112,14 @@ First flow packet not processed by meter Packets that are received by ovs-vswitchd through an upcall before the actual meter flow is installed, are not passing TC police action and therefore are not considered for policing. + +Conntrack Application Layer Gateways(ALG) ++ + +TC does not support conntrack helpers, i.e., ALGs. TC will not offload flows if +the ALG keyword is present within the ct() action. However, this will not allow +ALGs to work within the datapath, as the return traffic without the ALG keyword +might run through a TC rule, which internally will not call the conntrack +helper required. + +So if ALG support is required, tc offload must be disabled. diff --git a/lib/netdev-offload-tc.c b/lib/netdev-offload-tc.c index 915c45ed3..ba309c2b6 100644 --- a/lib/netdev-offload-tc.c +++ b/lib/netdev-offload-tc.c @@ -1357,6 +1357,10 @@ parse_put_flow_ct_action(struct tc_flower *flower, action->ct.label_mask = ct_label->mask; } break; +/* The following option we do not support in tc-ct, and should + * not be ignored for proper operation. */ +case OVS_CT_ATTR_HELPER: +return EOPNOTSUPP; } } diff --git a/tests/system-offloads.at b/tests/system-offloads.at index 9d1e80c8d..73a761316 100644 --- a/tests/system-offloads.at +++ b/tests/system-offloads.at @@ -30,6 +30,7 @@ m4_define([OVS_TRAFFIC_VSWITCHD_START], AT_CHECK([ovs-vsctl -- _ADD_BR([br0]) -- $1 m4_if([$2], [], [], [| uuidfilt])], [0], [$2]) ]) +<<< current # We override the OVS_REVALIDATOR_PURGE macro, allowing a bit more time for the # tc-datapath entries to be installed. @@ -42,6 +43,13 @@ m4_define([OVS_REVALIDATOR_PURGE], m4_define([DPCTL_DUMP_CONNTRACK], [sleep 3; ovs-appctl dpctl/dump-conntrack]) +# Conntrack ALGs are not supported for tc. +m4_define([CHECK_CONNTRACK_ALG], +[ + AT_SKIP_IF([:]) +]) + + # The list below are tests that will not pass for a "test environment" specific # issue. m4_define([OVS_TEST_SKIP_LIST], @@ -60,27 +68,7 @@ conntrack - IPv6 Fragmentation over vxlan conntrack - zone-based timeout policy conntrack - multiple zones, local conntrack - multi-stage pipeline, local -conntrack - FTP -conntrack - FTP over IPv6 -conntrack - IPv6 FTP Passive -conntrack - FTP with multiple expectations -conntrack - TFTP conntrack - ICMP related with NAT -conntrack - FTP SNAT prerecirc -conntrack - FTP SNAT prerecirc seqadj -conntrack - FTP SNAT postrecirc -conntrack - FTP SNAT postrecirc seqadj -conntrack - FTP SNAT orig tuple -conntrack - FTP SNAT orig tuple seqadj -conntrack - IPv4 FTP Passive with SNAT -conntrack - IPv4 FTP Passive with DNAT -conntrack - IPv4 FTP Passive with DNAT 2 -conntrack - IPv4 FTP Active with DNAT -conntrack - IPv4 FTP Active with DNAT with reverse skew -conntrack - IPv6 FTP with SNAT -conntrack - IPv6 FTP Passive with SNAT -conntrack - IPv6 FTP with SNAT - orig tuple -conntrack - IPv4 TFTP with SNAT conntrack - DNAT load balancing conntrack - DNAT load balancing with NC conntrack - Multiple ICMP traverse ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v4 08/12] test: Flush datapath when changing rules on the fly.
Flush datapath flows as TC flows take some more time to be flushed out. The flush speeds this up. Signed-off-by: Eelco Chaudron Acked-by: Roi Dayan --- tests/system-offloads.at |2 -- tests/system-traffic.at |6 ++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/system-offloads.at b/tests/system-offloads.at index 593dc1c7a..9d1e80c8d 100644 --- a/tests/system-offloads.at +++ b/tests/system-offloads.at @@ -48,8 +48,6 @@ m4_define([OVS_TEST_SKIP_LIST], [ovs_test_skip_list=" datapath - truncate and output to gre tunnel by simulated packets datapath - truncate and output to gre tunnel -conntrack - zones from other field -conntrack - zones from other field, more tests conntrack - multiple namespaces, internal ports conntrack - ct metadata, multiple zones conntrack - ICMP related diff --git a/tests/system-traffic.at b/tests/system-traffic.at index 2f6d8f13f..980b0bd70 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -2694,6 +2694,9 @@ AT_CHECK([ovs-appctl dpctl/dump-flows --names filter=in_port=ovs-p0 dnl AT_CHECK([ovs-ofctl mod-flows br0 dnl 'priority=100,ct_state=-trk,tcp,in_port="ovs-p0" actions=ct(table=0,zone=15)']) +dnl Force flush flows as some datapaths (read TC) might take time to clear. +AT_CHECK([ovs-appctl dpctl/del-flows]) + NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log]) AT_CHECK([ovs-appctl dpctl/dump-flows --names filter=in_port=ovs-p0 dnl @@ -2742,6 +2745,9 @@ AT_CHECK([ovs-appctl dpctl/dump-flows --names filter=in_port=ovs-p0 dnl AT_CHECK([ovs-ofctl mod-flows br0 'priority=100,ct_state=-trk,tcp,in_port="ovs-p0" actions=ct(table=0,zone=15,commit,exec(load:0x000f->NXM_NX_CT_LABEL[[0..31]]))']) +dnl Force flush flows as some datapaths (read TC) might take time to clear. +AT_CHECK([ovs-appctl dpctl/del-flows]) + NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log]) AT_CHECK([ovs-appctl dpctl/dump-flows --names filter=in_port=ovs-p0 dnl ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v4 07/12] test: Fix "conntrack - floating IP" test for TC.
This change fixes the "conntrack - floating" test for the TC offload case. In this scenario, the connection might move to CLOSE_WAIT, which would fail the test as it only accepts TIME_WAIT. However, both indicate the connection was established, so the test should pass. Signed-off-by: Eelco Chaudron Acked-by: Roi Dayan --- tests/system-offloads.at |1 - tests/system-traffic.at | 13 +++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/system-offloads.at b/tests/system-offloads.at index 1aca41825..593dc1c7a 100644 --- a/tests/system-offloads.at +++ b/tests/system-offloads.at @@ -85,7 +85,6 @@ conntrack - IPv6 FTP with SNAT - orig tuple conntrack - IPv4 TFTP with SNAT conntrack - DNAT load balancing conntrack - DNAT load balancing with NC -conntrack - floating IP conntrack - Multiple ICMP traverse conntrack - can match and clear ct_state from outside OVS IGMP - flood under normal action" diff --git a/tests/system-traffic.at b/tests/system-traffic.at index 48545f57d..2f6d8f13f 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -6808,16 +6808,17 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) dnl non-FIP case NS_CHECK_EXEC([at_ns1], [echo "foobar" |nc $NC_EOF_OPT 10.1.1.1 1234]) -OVS_WAIT_UNTIL([[ovs-appctl dpctl/dump-conntrack | sed -e 's/port=[0-9]*/port=/g' -e 's/id=[0-9]*/id=/g' | +OVS_WAIT_UNTIL([[ovs-appctl dpctl/dump-conntrack | sed -e 's/port=[0-9]*/port=/g' -e 's/id=[0-9]*/id=/g' -e 's/CLOSE_WAIT\|CLOSING/TIME_WAIT/g' | grep "tcp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),reply=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),protoinfo=(state=TIME_WAIT)" ]]) -dnl Check that the full session ends as expected (i.e. TIME_WAIT). Otherwise it -dnl means the datapath didn't process the ct_clear action. Ending in SYN_RECV -dnl (OVS maps to ESTABLISHED) means the initial frame was committed, but not a -dnl second time after the FIP translation (because ct_clear didn't occur). +dnl Check that the full session ends as expected (i.e. TIME_WAIT, CLOSE_WAIT). +dnl Otherwise it means the datapath didn't process the ct_clear action. Ending +dnl in SYN_RECV (OVS maps to ESTABLISHED) means the initial frame was +dnl committed, but not a second time after the FIP translation (because +dnl ct_clear didn't occur). NS_CHECK_EXEC([at_ns1], [echo "foobar" |nc $NC_EOF_OPT 10.254.254.1 1234]) -OVS_WAIT_UNTIL([[ovs-appctl dpctl/dump-conntrack | sed -e 's/port=[0-9]*/port=/g' -e 's/id=[0-9]*/id=/g' | +OVS_WAIT_UNTIL([[ovs-appctl dpctl/dump-conntrack | sed -e 's/port=[0-9]*/port=/g' -e 's/id=[0-9]*/id=/g' -e 's/CLOSE_WAIT\|CLOSING/TIME_WAIT/g' | grep "tcp,orig=(src=10.254.254.2,dst=10.1.1.1,sport=,dport=),reply=(src=10.1.1.1,dst=10.254.254.2,sport=,dport=),protoinfo=(state=TIME_WAIT)" ]]) ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v4 06/12] tests: Add delay to dump-conntrack for tc test cases.
This patch adds a delay before dumping the conntrack table because with tc it takes a bit longer before it gets synced. Signed-off-by: Eelco Chaudron --- tests/system-common-macros.at |3 + tests/system-offloads.at | 25 + tests/system-traffic.at | 198 + 3 files changed, 107 insertions(+), 119 deletions(-) diff --git a/tests/system-common-macros.at b/tests/system-common-macros.at index d95d79791..32b9ca0de 100644 --- a/tests/system-common-macros.at +++ b/tests/system-common-macros.at @@ -347,3 +347,6 @@ m4_define([OVS_CHECK_CT_CLEAR], # OVS_REVALIDATOR_PURGE() m4_define([OVS_REVALIDATOR_PURGE], [AT_CHECK([ovs-appctl revalidator/purge], [0])]) + +# DPCTL_DUMP_CONNTRACK() +m4_define([DPCTL_DUMP_CONNTRACK], [ovs-appctl dpctl/dump-conntrack]) diff --git a/tests/system-offloads.at b/tests/system-offloads.at index d39997708..1aca41825 100644 --- a/tests/system-offloads.at +++ b/tests/system-offloads.at @@ -37,24 +37,20 @@ m4_define([OVS_REVALIDATOR_PURGE], [AT_CHECK([sleep 2; ovs-appctl revalidator/purge], [0])]) +# We override the DPCTL_DUMP_CONNTRACK macro, allowing a bit more time for the +# tc-datapath conntrack entries to be installed/updated. +m4_define([DPCTL_DUMP_CONNTRACK], [sleep 3; ovs-appctl dpctl/dump-conntrack]) + + # The list below are tests that will not pass for a "test environment" specific # issue. m4_define([OVS_TEST_SKIP_LIST], [ovs_test_skip_list=" datapath - truncate and output to gre tunnel by simulated packets datapath - truncate and output to gre tunnel -conntrack - preserve registers -conntrack - zones -conntrack - zones from field conntrack - zones from other field conntrack - zones from other field, more tests -conntrack - multiple zones conntrack - multiple namespaces, internal ports -conntrack - ct_mark -conntrack - ct_mark bit-fiddling -conntrack - ct_mark from register -conntrack - ct_label -conntrack - ct_label bit-fiddling conntrack - ct metadata, multiple zones conntrack - ICMP related conntrack - ICMP related to original direction @@ -64,8 +60,6 @@ conntrack - IPv6 fragmentation + cvlan conntrack - Fragmentation over vxlan conntrack - IPv6 Fragmentation over vxlan conntrack - zone-based timeout policy -conntrack - IPv4 HTTP -conntrack - IPv6 HTTP conntrack - multiple zones, local conntrack - multi-stage pipeline, local conntrack - FTP @@ -73,14 +67,6 @@ conntrack - FTP over IPv6 conntrack - IPv6 FTP Passive conntrack - FTP with multiple expectations conntrack - TFTP -conntrack - simple SNAT -conntrack - SNAT with port range -conntrack - SNAT with port range with exhaustion -conntrack - more complex SNAT -conntrack - all-zero IP SNAT -conntrack - simple DNAT -conntrack - DNAT with additional SNAT -conntrack - more complex DNAT conntrack - ICMP related with NAT conntrack - FTP SNAT prerecirc conntrack - FTP SNAT prerecirc seqadj @@ -93,7 +79,6 @@ conntrack - IPv4 FTP Passive with DNAT conntrack - IPv4 FTP Passive with DNAT 2 conntrack - IPv4 FTP Active with DNAT conntrack - IPv4 FTP Active with DNAT with reverse skew -conntrack - IPv6 HTTP with DNAT conntrack - IPv6 FTP with SNAT conntrack - IPv6 FTP Passive with SNAT conntrack - IPv6 FTP with SNAT - orig tuple diff --git a/tests/system-traffic.at b/tests/system-traffic.at index 1d0d0dfd5..48545f57d 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -2215,7 +2215,7 @@ udp,vlan_tci=0x,dl_src=50:54:00:00:00:09,dl_dst=50:54:00:00:00:0a,nw_src=10. dnl dnl Check that the directionality has been changed by force commit. dnl -AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep "orig=.src=10\.1\.1\.2,"], [], [dnl +AT_CHECK([DPCTL_DUMP_CONNTRACK | grep "orig=.src=10\.1\.1\.2,"], [], [dnl udp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=2,dport=1),reply=(src=10.1.1.1,dst=10.1.1.2,sport=1,dport=2) ]) @@ -2223,7 +2223,7 @@ dnl OK, now send another packet from port 1 and see that it switches again AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 packet=5054000a505400090800451c0011a4cd0a0101010a010102000100020008 actions=resubmit(,0)"]) OVS_REVALIDATOR_PURGE() -AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep "orig=.src=10\.1\.1\.1,"], [], [dnl +AT_CHECK([DPCTL_DUMP_CONNTRACK | grep "orig=.src=10\.1\.1\.1,"], [], [dnl udp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=1,dport=2),reply=(src=10.1.1.2,dst=10.1.1.1,sport=2,dport=1) ]) @@ -2253,25 +2253,25 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) dnl Test UDP from port 1 AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 packet=5054000a505400090800451c0011a4cd0a0101010a010102000100020008 actions=resubmit(,0)"]) -AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep "orig=.src=10\.1\.1\.1,"], [], [dnl +AT_CHECK([DPCTL_DUMP_CONNTRACK | grep "orig=.src=10\.1\.1\.1,"], [], [dnl
[ovs-dev] [PATCH v4 05/12] netdev-offload-tc: Fix tc conntrack force commit support.
tc was not setting the OVS_CT_ATTR_FORCE_COMMIT flag when a forced
commit was requested. This patch will fix this.
Signed-off-by: Eelco Chaudron
Acked-by: Roi Dayan
---
lib/netdev-offload-tc.c | 13 +++--
tests/system-offloads.at |1 -
2 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/lib/netdev-offload-tc.c b/lib/netdev-offload-tc.c
index ce7f8ad97..915c45ed3 100644
--- a/lib/netdev-offload-tc.c
+++ b/lib/netdev-offload-tc.c
@@ -825,7 +825,11 @@ parse_tc_flower_to_actions__(struct tc_flower *flower,
struct ofpbuf *buf,
ct_offset = nl_msg_start_nested(buf, OVS_ACTION_ATTR_CT);
if (action->ct.commit) {
-nl_msg_put_flag(buf, OVS_CT_ATTR_COMMIT);
+if (action->ct.force) {
+nl_msg_put_flag(buf, OVS_CT_ATTR_FORCE_COMMIT);
+} else {
+nl_msg_put_flag(buf, OVS_CT_ATTR_COMMIT);
+}
}
if (action->ct.zone) {
@@ -1309,7 +1313,12 @@ parse_put_flow_ct_action(struct tc_flower *flower,
NL_ATTR_FOR_EACH_UNSAFE (ct_attr, ct_left, ct, ct_len) {
switch (nl_attr_type(ct_attr)) {
case OVS_CT_ATTR_COMMIT: {
-action->ct.commit = true;
+action->ct.commit = true;
+}
+break;
+case OVS_CT_ATTR_FORCE_COMMIT: {
+action->ct.commit = true;
+action->ct.force = true;
}
break;
case OVS_CT_ATTR_ZONE: {
diff --git a/tests/system-offloads.at b/tests/system-offloads.at
index 7b6deccf0..d39997708 100644
--- a/tests/system-offloads.at
+++ b/tests/system-offloads.at
@@ -43,7 +43,6 @@ m4_define([OVS_TEST_SKIP_LIST],
[ovs_test_skip_list="
datapath - truncate and output to gre tunnel by simulated packets
datapath - truncate and output to gre tunnel
-conntrack - force commit
conntrack - preserve registers
conntrack - zones
conntrack - zones from field
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v4 04/12] test: Add delay on revalidator flush for offload test cases.
The revalidator/purge commands in the system test cases sometimes get called immediately after a partial test is completed. This could cause the revalidator thread to log an error that it can not find/delete a flow due to the slower flow installation nature of TC. This patch uses a macro to call the revalidator/purge command, which can be overwritten when the system tests are run on a tc enabled datapath. Signed-off-by: Eelco Chaudron --- tests/system-common-macros.at |4 tests/system-offloads.at |8 +++- tests/system-traffic.at | 38 +++--- 3 files changed, 30 insertions(+), 20 deletions(-) diff --git a/tests/system-common-macros.at b/tests/system-common-macros.at index 8b9f5c752..d95d79791 100644 --- a/tests/system-common-macros.at +++ b/tests/system-common-macros.at @@ -343,3 +343,7 @@ m4_define([OVS_CHECK_IPROUTE_ENCAP], # OVS_CHECK_CT_CLEAR() m4_define([OVS_CHECK_CT_CLEAR], [AT_SKIP_IF([! grep -q "Datapath supports ct_clear action" ovs-vswitchd.log])]) + +# OVS_REVALIDATOR_PURGE() +m4_define([OVS_REVALIDATOR_PURGE], +[AT_CHECK([ovs-appctl revalidator/purge], [0])]) diff --git a/tests/system-offloads.at b/tests/system-offloads.at index fbe1dc99a..7b6deccf0 100644 --- a/tests/system-offloads.at +++ b/tests/system-offloads.at @@ -30,11 +30,17 @@ m4_define([OVS_TRAFFIC_VSWITCHD_START], AT_CHECK([ovs-vsctl -- _ADD_BR([br0]) -- $1 m4_if([$2], [], [], [| uuidfilt])], [0], [$2]) ]) + +# We override the OVS_REVALIDATOR_PURGE macro, allowing a bit more time for the +# tc-datapath entries to be installed. +m4_define([OVS_REVALIDATOR_PURGE], +[AT_CHECK([sleep 2; ovs-appctl revalidator/purge], [0])]) + + # The list below are tests that will not pass for a "test environment" specific # issue. m4_define([OVS_TEST_SKIP_LIST], [ovs_test_skip_list=" -datapath - basic truncate action datapath - truncate and output to gre tunnel by simulated packets datapath - truncate and output to gre tunnel conntrack - force commit diff --git a/tests/system-traffic.at b/tests/system-traffic.at index cd3ad0f68..1d0d0dfd5 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -1517,12 +1517,12 @@ on_exit 'rm -f payload200.bin' NS_CHECK_EXEC([at_ns0], [nc $NC_EOF_OPT -u 10.1.1.2 1234 < payload200.bin]) dnl packet with truncated size -AT_CHECK([ovs-appctl revalidator/purge], [0]) +OVS_REVALIDATOR_PURGE() AT_CHECK([ovs-ofctl dump-flows br0 table=0 | grep "in_port=3" | sed -n 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p'], [0], [dnl n_bytes=100 ]) dnl packet with original size -AT_CHECK([ovs-appctl revalidator/purge], [0]) +OVS_REVALIDATOR_PURGE() AT_CHECK([ovs-ofctl dump-flows br0 table=0 | grep "in_port=5" | sed -n 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p'], [0], [dnl n_bytes=242 ]) @@ -1539,7 +1539,7 @@ AT_CHECK([ovs-ofctl add-flows br0 flows.txt]) NS_CHECK_EXEC([at_ns0], [nc $NC_EOF_OPT -u 10.1.1.2 1234 < payload200.bin]) dnl 100 + 100 + 242 + min(65535,242) = 684 -AT_CHECK([ovs-appctl revalidator/purge], [0]) +OVS_REVALIDATOR_PURGE() AT_CHECK([ovs-ofctl dump-flows br0 table=0 | grep "in_port=3" | sed -n 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p'], [0], [dnl n_bytes=684 ]) @@ -1569,7 +1569,7 @@ AT_CHECK([ovs-ofctl add-flows br0 flows.txt]) NS_CHECK_EXEC([at_ns0], [nc $NC_EOF_OPT -u 10.1.1.2 1234 < payload200.bin]) dnl 100 + 100 + 242 + min(65535,242) = 684 -AT_CHECK([ovs-appctl revalidator/purge], [0]) +OVS_REVALIDATOR_PURGE() AT_CHECK([ovs-ofctl dump-flows br0 table=0 | grep "in_port=3" | sed -n 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p'], [0], [dnl n_bytes=684 ]) @@ -1653,7 +1653,7 @@ AT_CHECK([ovs-ofctl add-flows br-underlay flows-underlay.txt]) dnl check tunnel push path, from at_ns1 to at_ns0 NS_CHECK_EXEC([at_ns1], [nc $NC_EOF_OPT -u 10.1.1.1 1234 < payload200.bin]) -AT_CHECK([ovs-appctl revalidator/purge], [0]) +OVS_REVALIDATOR_PURGE() dnl Before truncation = ETH(14) + IP(20) + UDP(8) + 200 = 242B AT_CHECK([ovs-ofctl dump-flows br0 | grep "in_port=2" | sed -n 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p'], [0], [dnl @@ -1669,7 +1669,7 @@ dnl This 200-byte packet is simulated on behalf of ns_gre0 ovs-ofctl -O OpenFlow13 packet-out br-underlay "in_port=1 packet=02908ca8a149faadfa25056008004500010a9e9d4000402f4084ac1f0101ac1f01646558e666c122e666c111080045e46f8e40004011b4760a0101010a010102e026162e00d016e6a366ebf904c74132c6fed42a9e9e46240b4d9fd13c9b47d9704a388e70a5e77db16934a6188dc01d86aa20007ace2cf9cdb111f208474b88ffc851c871f0e3fb4fff138c1d288d437efff487e2b86a9c99fbf4229a6485e133bcf3e16f6e345207fda0932d9eeb602740456fd077b4847d25481337bd716155cc245be129ccc11bf82b834767b3760b52fe913c0e24f31c0e1b27f88acf7bba6b985fb64ee2cd6fc6bba1a9c1f021e253e1728b046fd4d023307e3296361a37ea2617ebcb2537e0284a81050dd0ee actions=LOCAL" dnl After truncation = 100 byte at loopback device p2(4) -AT_CHECK([ovs-appctl revalidator/purge], [0]) +OVS_REVALIDATOR_PURGE() AT_CHECK([ovs-ofctl dump-flows br0 | grep "in_port=4" |
[ovs-dev] [PATCH v4 03/12] test: Do not use MPLS implicit null label in test cases.
TC flower does not allow the push of the implicit null labels (RFC3032). Avoid the use of such labels in the MPLS test cases. Signed-off-by: Eelco Chaudron Acked-by: Roi Dayan --- tests/system-offloads.at |2 -- tests/system-traffic.at |8 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/tests/system-offloads.at b/tests/system-offloads.at index f6dd931b7..fbe1dc99a 100644 --- a/tests/system-offloads.at +++ b/tests/system-offloads.at @@ -34,8 +34,6 @@ m4_define([OVS_TRAFFIC_VSWITCHD_START], # issue. m4_define([OVS_TEST_SKIP_LIST], [ovs_test_skip_list=" -datapath - mpls actions -datapath - multiple mpls label pop datapath - basic truncate action datapath - truncate and output to gre tunnel by simulated packets datapath - truncate and output to gre tunnel diff --git a/tests/system-traffic.at b/tests/system-traffic.at index e5403519f..cd3ad0f68 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -1167,8 +1167,8 @@ AT_CHECK([ovs-vsctl add-port br0 patch0]) AT_CHECK([ovs-vsctl add-port br1 patch1]) AT_DATA([flows.txt], [dnl -table=0,priority=100,dl_type=0x0800 actions=push_mpls:0x8847,set_mpls_label:3,resubmit(,1) -table=0,priority=100,dl_type=0x8847,mpls_label=3 actions=pop_mpls:0x0800,resubmit(,1) +table=0,priority=100,dl_type=0x0800 actions=push_mpls:0x8847,set_mpls_label:4,resubmit(,1) +table=0,priority=100,dl_type=0x8847,mpls_label=4 actions=pop_mpls:0x0800,resubmit(,1) table=0,priority=10 actions=resubmit(,1) table=1,priority=10 actions=normal ]) @@ -1204,10 +1204,10 @@ AT_CHECK([ovs-vsctl add-port br0 patch0]) AT_CHECK([ovs-vsctl add-port br1 patch1]) AT_DATA([flows.txt], [dnl -table=0,priority=100,dl_type=0x0800 actions=push_mpls:0x8847,set_mpls_label:3,push_mpls:0x8847,set_mpls_label:2,push_mpls:0x8847,set_mpls_label:1,resubmit(,3) +table=0,priority=100,dl_type=0x0800 actions=push_mpls:0x8847,set_mpls_label:4,push_mpls:0x8847,set_mpls_label:2,push_mpls:0x8847,set_mpls_label:1,resubmit(,3) table=0,priority=100,dl_type=0x8847,mpls_label=1 actions=pop_mpls:0x8847,resubmit(,1) table=1,priority=100,dl_type=0x8847,mpls_label=2 actions=pop_mpls:0x8847,resubmit(,2) -table=2,priority=100,dl_type=0x8847,mpls_label=3 actions=pop_mpls:0x0800,resubmit(,3) +table=2,priority=100,dl_type=0x8847,mpls_label=4 actions=pop_mpls:0x0800,resubmit(,3) table=0,priority=10 actions=resubmit(,3) table=3,priority=10 actions=normal ]) ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v4 02/12] tests: Include working system-traffic tests into the system-offloads-testsuite.
Include and run the system-traffic.at tests as part of the system offload testsuite. Exclude all the tests that will not run without any special modifications. Signed-off-by: Eelco Chaudron Acked-by: Roi Dayan --- tests/automake.mk |1 tests/system-offloads-testsuite.at |1 tests/system-offloads.at | 106 3 files changed, 108 insertions(+) create mode 100644 tests/system-offloads.at diff --git a/tests/automake.mk b/tests/automake.mk index d509cf935..12435d2c1 100644 --- a/tests/automake.mk +++ b/tests/automake.mk @@ -183,6 +183,7 @@ SYSTEM_TESTSUITE_AT = \ SYSTEM_OFFLOADS_TESTSUITE_AT = \ tests/system-common-macros.at \ + tests/system-offloads.at \ tests/system-offloads-traffic.at \ tests/system-offloads-testsuite.at diff --git a/tests/system-offloads-testsuite.at b/tests/system-offloads-testsuite.at index eb5d2d4b3..a2dfcbc94 100644 --- a/tests/system-offloads-testsuite.at +++ b/tests/system-offloads-testsuite.at @@ -23,3 +23,4 @@ m4_include([tests/system-common-macros.at]) m4_include([tests/system-kmod-macros.at]) m4_include([tests/system-offloads-traffic.at]) +m4_include([tests/system-offloads.at]) diff --git a/tests/system-offloads.at b/tests/system-offloads.at new file mode 100644 index 0..f6dd931b7 --- /dev/null +++ b/tests/system-offloads.at @@ -0,0 +1,106 @@ +AT_COPYRIGHT([Copyright (c) 2022 Red Hat, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at: + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License.]) + +# The goal is to run as many as possible of the system-traffic tests with +# OVS tc offload enabled. We do this by overriding the +# OVS_TRAFFIC_VSWITCHD_START() with offloading enabled. +m4_define([OVS_TRAFFIC_VSWITCHD_START], + [AT_CHECK([modprobe openvswitch]) + on_exit 'modprobe -r openvswitch' + m4_foreach([mod], [[vport_geneve], [vport_gre], [vport_lisp], [vport_stt], [vport_vxlan]], + [modprobe -q mod || echo "Module mod not loaded." + on_exit 'modprobe -q -r mod' + ]) + on_exit 'ovs-dpctl del-dp ovs-system' + on_exit 'ovs-appctl dpctl/flush-conntrack' + _OVS_VSWITCHD_START([], [-- set Open_vSwitch . other_config:hw-offload=true + $3]) + dnl Add bridges, ports, etc. + AT_CHECK([ovs-vsctl -- _ADD_BR([br0]) -- $1 m4_if([$2], [], [], [| uuidfilt])], [0], [$2]) +]) + +# The list below are tests that will not pass for a "test environment" specific +# issue. +m4_define([OVS_TEST_SKIP_LIST], +[ovs_test_skip_list=" +datapath - mpls actions +datapath - multiple mpls label pop +datapath - basic truncate action +datapath - truncate and output to gre tunnel by simulated packets +datapath - truncate and output to gre tunnel +conntrack - force commit +conntrack - preserve registers +conntrack - zones +conntrack - zones from field +conntrack - zones from other field +conntrack - zones from other field, more tests +conntrack - multiple zones +conntrack - multiple namespaces, internal ports +conntrack - ct_mark +conntrack - ct_mark bit-fiddling +conntrack - ct_mark from register +conntrack - ct_label +conntrack - ct_label bit-fiddling +conntrack - ct metadata, multiple zones +conntrack - ICMP related +conntrack - ICMP related to original direction +conntrack - IPv4 fragmentation + cvlan +conntrack - IPv4 fragmentation with fragments specified +conntrack - IPv6 fragmentation + cvlan +conntrack - Fragmentation over vxlan +conntrack - IPv6 Fragmentation over vxlan +conntrack - zone-based timeout policy +conntrack - IPv4 HTTP +conntrack - IPv6 HTTP +conntrack - multiple zones, local +conntrack - multi-stage pipeline, local +conntrack - FTP +conntrack - FTP over IPv6 +conntrack - IPv6 FTP Passive +conntrack - FTP with multiple expectations +conntrack - TFTP +conntrack - simple SNAT +conntrack - SNAT with port range +conntrack - SNAT with port range with exhaustion +conntrack - more complex SNAT +conntrack - all-zero IP SNAT +conntrack - simple DNAT +conntrack - DNAT with additional SNAT +conntrack - more complex DNAT +conntrack - ICMP related with NAT +conntrack - FTP SNAT prerecirc +conntrack - FTP SNAT prerecirc seqadj +conntrack - FTP SNAT postrecirc +conntrack - FTP SNAT postrecirc seqadj +conntrack - FTP SNAT orig tuple +conntrack - FTP SNAT orig tuple seqadj +conntrack - IPv4 FTP Passive with SNAT +conntrack - IPv4 FTP Passive with DNAT +conntrack - IPv4 FTP Passive with DNAT 2 +conntrack - IPv4 FTP Active with DNAT +conntrack - IPv4 FTP Active with DNAT with reverse skew +conntrack -
[ovs-dev] [PATCH v4 01/12] tests: Allow system-traffic tests to be skipped based on a list.
When the test description is part of the OVS_TEST_SKIP_LIST variable, the test is skipped. Signed-off-by: Eelco Chaudron Acked-by: Roi Dayan --- tests/ofproto-macros.at |5 - tests/ovs-macros.at |7 +++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/tests/ofproto-macros.at b/tests/ofproto-macros.at index 676d55aa9..5c033f771 100644 --- a/tests/ofproto-macros.at +++ b/tests/ofproto-macros.at @@ -161,7 +161,10 @@ m4_define([TESTABLE_LOG], [-vPATTERN:ANY:'%c|%p|%m']) # before starting ovs-vswitchd. # m4_define([_OVS_VSWITCHD_START], - [dnl Create database. + [dnl Check if test needs to be run. + OVS_SKIP_TEST_IF_REQUESTED() + + dnl Create database. touch .conf.db.~lock~ AT_CHECK([ovsdb-tool create conf.db $abs_top_srcdir/vswitchd/vswitch.ovsschema]) diff --git a/tests/ovs-macros.at b/tests/ovs-macros.at index 39fbfceeb..f3eff5c05 100644 --- a/tests/ovs-macros.at +++ b/tests/ovs-macros.at @@ -371,3 +371,10 @@ dnl Add a rule to always accept the traffic. m4_define([IPTABLES_ACCEPT], [AT_CHECK([iptables -I INPUT 1 -i $1 -j ACCEPT]) on_exit 'iptables -D INPUT 1 -i $1']) + +# OVS_TEST_SKIP_LIST() +m4_define([OVS_TEST_SKIP_LIST], [ echo ""]) + +# OVS_SKIP_TEST_IF_REQUESTED() +m4_define([OVS_SKIP_TEST_IF_REQUESTED], +[AT_SKIP_IF([OVS_TEST_SKIP_LIST() | grep -qx "$at_desc"])]) ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [dpdk-latest v3] netdev-dpdk: Add per virtqueue statistics.
I have a few nits on my own patch.
Noting them here for now.
In case there is no further comment on the patch, I will send a new revision.
On Wed, Nov 9, 2022 at 9:39 PM David Marchand wrote:
> @@ -2845,8 +2779,7 @@ netdev_dpdk_vhost_send(struct netdev *netdev, int qid,
> stats.tx_retries = MIN(retries, max_retries);
>
> rte_spinlock_lock(>stats_lock);
> -netdev_dpdk_vhost_update_tx_counters(dev, batch->packets, batch_cnt,
> - );
> +netdev_dpdk_vhost_update_tx_counters(dev, );
> rte_spinlock_unlock(>stats_lock);
>
> pkts = (struct rte_mbuf **) batch->packets;
> @@ -3001,41 +2934,304 @@ netdev_dpdk_set_mtu(struct netdev *netdev, int mtu)
> return 0;
> }
>
> -static int
> -netdev_dpdk_get_carrier(const struct netdev *netdev, bool *carrier);
> -
> static int
> netdev_dpdk_vhost_get_stats(const struct netdev *netdev,
> struct netdev_stats *stats)
> {
> struct netdev_dpdk *dev = netdev_dpdk_cast(netdev);
> +struct rte_vhost_stat_name *vhost_stats_names = NULL;
> +struct rte_vhost_stat *vhost_stats = NULL;
> +int vhost_stats_count;
> +int err = -1;
Rather than set to -1 ...
> +int qid;
> +int vid;
> +
(useless empty line)
>
> ovs_mutex_lock(>mutex);
>
> -rte_spinlock_lock(>stats_lock);
> -/* Supported Stats */
> -stats->rx_packets = dev->stats.rx_packets;
> -stats->tx_packets = dev->stats.tx_packets;
> +if (!is_vhost_running(dev)) {
... it is more consistent to set err to EPROTO here.
> +goto out;
> +}
> +
> +vid = netdev_dpdk_get_vid(dev);
> +
> +/* We expect all rxqs have the same number of stats, only query rxq0. */
> +qid = 0 * VIRTIO_QNUM + VIRTIO_TXQ;
> +err = rte_vhost_vring_stats_get_names(vid, qid, NULL, 0);
> +if (err < 0) {
> +err = EPROTO;
> +goto out;
> +}
> +
> +vhost_stats_count = err;
> +vhost_stats_names = xcalloc(vhost_stats_count, sizeof
> *vhost_stats_names);
> +vhost_stats = xcalloc(vhost_stats_count, sizeof *vhost_stats);
> +
> +err = rte_vhost_vring_stats_get_names(vid, qid, vhost_stats_names,
> + vhost_stats_count);
> +if (err != vhost_stats_count) {
> +err = EPROTO;
> +goto out;
> +}
> +
> +#define VHOST_PER_RXQ_STATS \
VHOST_RXQ_STATS is shorter and enough.
> +VHOST_PER_RXQ_STAT(rx_packets, "good_packets") \
> +VHOST_PER_RXQ_STAT(rx_bytes,"good_bytes") \
> +VHOST_PER_RXQ_STAT(rx_broadcast_packets,"broadcast_packets") \
> +VHOST_PER_RXQ_STAT(multicast, "multicast_packets") \
> +VHOST_PER_RXQ_STAT(rx_undersized_errors,"undersize_packets") \
> +VHOST_PER_RXQ_STAT(rx_1_to_64_packets, "size_64_packets")\
> +VHOST_PER_RXQ_STAT(rx_65_to_127_packets,"size_65_127_packets")\
> +VHOST_PER_RXQ_STAT(rx_128_to_255_packets, "size_128_255_packets") \
> +VHOST_PER_RXQ_STAT(rx_256_to_511_packets, "size_256_511_packets") \
> +VHOST_PER_RXQ_STAT(rx_512_to_1023_packets, "size_512_1023_packets") \
> +VHOST_PER_RXQ_STAT(rx_1024_to_1522_packets, "size_1024_1518_packets") \
> +VHOST_PER_RXQ_STAT(rx_1523_to_max_packets, "size_1519_max_packets")
--
David Marchand
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v4 00/12] tests: Add system-traffic.at tests to check-offloads.
This series makes it possible to include system-traffic.at tests into "make check-offloads" tests. The last patch of the series explains which tests are still not passing and might need some more work. I'll try to work on the remaining failing test cases or find someone who can work on them. v4: - Fix rename from system-traffic.at to sym-traffic.at in patch 11 v3: - Fixed missing MACRO's in patches 4, 6 and 10. v2: - Fix commit message on last patch - Moved handling of system-traffic.at tests to a separate file system-offloads.at - Re-based to the latest ovs master branch - Added Roi's ACKs Eelco Chaudron (12): tests: Allow system-traffic tests to be skipped based on a list. tests: Include working system-traffic tests into the system-offloads-testsuite. test: Do not use MPLS implicit null label in test cases. test: Add delay on revalidator flush for offload test cases. netdev-offload-tc: Fix tc conntrack force commit support. tests: Add delay to dump-conntrack for tc test cases. test: Fix "conntrack - floating IP" test for TC. test: Flush datapath when changing rules on the fly. netdev-offload-tc: Conntrack ALGs are not supported with tc. test: tc does not support conntrack timeout, skip the related test. test: Fix 'conntrack - Multiple ICMP traverse' for tc case. odp-util: Make odp_flow_key_from_flow__ nlattr order the same as the kernel. Documentation/howto/tc-offload.rst | 11 ++ lib/netdev-offload-tc.c| 17 +- lib/odp-util.c | 21 +-- tests/automake.mk | 1 + tests/dpif-netdev.at | 28 +-- tests/mcast-snooping.at| 4 +- tests/nsh.at | 10 +- tests/odp.at | 83 + tests/ofproto-dpif.at | 30 ++-- tests/ofproto-macros.at| 5 +- tests/ovs-macros.at| 7 + tests/packet-type-aware.at | 22 +-- tests/pmd.at | 2 +- tests/system-common-macros.at | 7 + tests/system-offloads-testsuite.at | 1 + tests/system-offloads.at | 83 + tests/system-traffic.at| 265 +++-- tests/tunnel-push-pop-ipv6.at | 2 +- tests/tunnel-push-pop.at | 2 +- tests/tunnel.at| 2 +- 20 files changed, 366 insertions(+), 237 deletions(-) create mode 100644 tests/system-offloads.at ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [dpdk-latest v3] netdev-dpdk: Add per virtqueue statistics.
On Fri, Nov 18, 2022 at 4:16 PM Maxime Coquelin
wrote:
> On 11/9/22 21:38, David Marchand wrote:
> > The DPDK vhost-user library maintains more granular per queue stats
> > which can replace what OVS was providing for vhost-user ports.
> >
> > The benefits for OVS:
> > - OVS can skip parsing packet sizes on the rx side,
> > - vhost-user is aware of which packets are transmitted to the guest,
> >so per *transmitted* packet size stats can be reported,
> > - more internal stats from vhost-user may be exposed, without OVS
> >needing to understand them,
> >
> > Note: the vhost-user library does not provide global stats for a port.
> > The proposed implementation is to have the global stats (exposed via
> > netdev_get_stats()) computed by querying and aggregating all per queue
> > stats.
> > Since per queue stats are exposed via another netdev ops
> > (netdev_get_custom_stats()), this may lead to some race and small
> > discrepancies.
> > This issue might already affect other netdev classes.
> >
> > Example:
> > $ ovs-vsctl get interface vhost4 statistics |
> >sed -e 's#[{}]##g' -e 's#, #\n#g' |
> >grep -v =0$
> > rx_1_to_64_packets=12
> > rx_256_to_511_packets=15
> > rx_65_to_127_packets=21
> > rx_broadcast_packets=15
> > rx_bytes=7497
> > rx_multicast_packets=33
> > rx_packets=48
> > rx_q0_good_bytes=242
> > rx_q0_good_packets=3
> > rx_q0_guest_notifications=3
> > rx_q0_multicast_packets=3
> > rx_q0_size_65_127_packets=2
> > rx_q0_undersize_packets=1
> > rx_q1_broadcast_packets=15
> > rx_q1_good_bytes=7255
> > rx_q1_good_packets=45
> > rx_q1_guest_notifications=45
> > rx_q1_multicast_packets=30
> > rx_q1_size_256_511_packets=15
> > rx_q1_size_65_127_packets=19
> > rx_q1_undersize_packets=11
> > tx_1_to_64_packets=36
> > tx_256_to_511_packets=45
> > tx_65_to_127_packets=63
> > tx_broadcast_packets=45
> > tx_bytes=22491
> > tx_multicast_packets=99
> > tx_packets=144
> > tx_q0_broadcast_packets=30
> > tx_q0_good_bytes=14994
> > tx_q0_good_packets=96
> > tx_q0_guest_notifications=96
> > tx_q0_multicast_packets=66
> > tx_q0_size_256_511_packets=30
> > tx_q0_size_65_127_packets=42
> > tx_q0_undersize_packets=24
> > tx_q1_broadcast_packets=15
> > tx_q1_good_bytes=7497
> > tx_q1_good_packets=48
> > tx_q1_guest_notifications=48
> > tx_q1_multicast_packets=33
> > tx_q1_size_256_511_packets=15
> > tx_q1_size_65_127_packets=21
> > tx_q1_undersize_packets=12
> >
> > Signed-off-by: David Marchand
> > ---
> > Changes since RFC v2:
> > - dropped the experimental api check (now that the feature is marked
> >stable in DPDK),
> > - moved netdev_dpdk_get_carrier() forward declaration next to the
> >function needing it,
> > - used per q stats for netdev_get_stats() and removed OVS per packet
> >size accounting logic,
> > - fixed small packets counter (see rx_undersized_errors hack),
> > - added more Tx stats,
> > - added unit tests,
> >
> > ---
> > lib/netdev-dpdk.c| 398 ---
> > tests/system-dpdk.at | 33 +++-
> > 2 files changed, 332 insertions(+), 99 deletions(-)
> >
>
> It looks good to me, thanks for working on this!
>
> Reviewed-by: Maxime Coquelin
Thanks Maxime.
--
David Marchand
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v7 0/9] DPIF + MFEX Inner AVX512
On 23 Nov 2022, at 11:24, Ferriter, Cian wrote: >> -Original Message- >> From: Eelco Chaudron >> Sent: Monday 21 November 2022 14:34 >> To: Ferriter, Cian >> Cc: ovs-dev@openvswitch.org; kumar.am...@intel.com >> Subject: Re: [ovs-dev] [PATCH v7 0/9] DPIF + MFEX Inner AVX512 >> >> On 12 Oct 2022, at 13:55, Cian Ferriter wrote: >> >>> This Series of Patchsets introduce the Optimizations for supporting >>> tunneled packets in DPIF and MFEX. Along with the optimization various >>> refactoring of scalar path is done to be used accross without >>> duplication. >>> >>> Over the Tests we have observed a gain of approximate 20~25% gain in >>> performance over the scalar path. >> >> I'm sorry, it took a while, but see my comments in the individual patches. >> These are all based on reading patches. I've not been able to do any actual >> testing as I'm waiting to get my hands on an AVX machine. >> >> Cheers, >> >> Eelco > > Hi Eelco, > > Thanks for your review of this patch set. Most comments are minor, however > the more flexible/capable CLI, with more complex configurations of > dpif-implementation functions is a larger rework. Given the scope we won't > have time to rework for OVS 3.1. > > For the other patch sets (NVGRE and IPv6, smaller in scope/size) > comments/reworks will be done for OVS 3.1. ACK, the NVGRE is on my to-do for next week. Will try to reply to the IPv6 follow-up email soon. > Thanks, > Cian ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v7 0/9] DPIF + MFEX Inner AVX512
> -Original Message- > From: Eelco Chaudron > Sent: Monday 21 November 2022 14:34 > To: Ferriter, Cian > Cc: ovs-dev@openvswitch.org; kumar.am...@intel.com > Subject: Re: [ovs-dev] [PATCH v7 0/9] DPIF + MFEX Inner AVX512 > > On 12 Oct 2022, at 13:55, Cian Ferriter wrote: > > > This Series of Patchsets introduce the Optimizations for supporting > > tunneled packets in DPIF and MFEX. Along with the optimization various > > refactoring of scalar path is done to be used accross without > > duplication. > > > > Over the Tests we have observed a gain of approximate 20~25% gain in > > performance over the scalar path. > > I'm sorry, it took a while, but see my comments in the individual patches. > These are all based on reading patches. I've not been able to do any actual > testing as I'm waiting to get my hands on an AVX machine. > > Cheers, > > Eelco Hi Eelco, Thanks for your review of this patch set. Most comments are minor, however the more flexible/capable CLI, with more complex configurations of dpif-implementation functions is a larger rework. Given the scope we won't have time to rework for OVS 3.1. For the other patch sets (NVGRE and IPv6, smaller in scope/size) comments/reworks will be done for OVS 3.1. Thanks, Cian ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v1 05/11] python: return list of actions for odp action clone
Sometimes we don't want to return the result of a nested key-value
decoding as a dictionary but as a list of dictionaries. This happens
when we parse actions where keys can be repeated.
Refactor code that already takes that into account from ofp_act.py to
kv.py and use it for datapath action "clone".
Signed-off-by: Adrian Moreno
Acked-by: Mike Pattrick
---
python/ovs/flow/kv.py| 21 +++-
python/ovs/flow/odp.py | 6 --
python/ovs/flow/ofp.py | 14 ++---
python/ovs/flow/ofp_act.py | 18 +
python/ovs/tests/test_odp.py | 38 +---
5 files changed, 59 insertions(+), 38 deletions(-)
diff --git a/python/ovs/flow/kv.py b/python/ovs/flow/kv.py
index 32463254b..3138db008 100644
--- a/python/ovs/flow/kv.py
+++ b/python/ovs/flow/kv.py
@@ -320,7 +320,26 @@ def decode_nested_kv(decoders, value):
return {kv.key: kv.value for kv in parser.kv()}
-def nested_kv_decoder(decoders=None):
+def decode_nested_kv_list(decoders, value):
+"""A key-value decoder that extracts nested key-value pairs and returns
+them in a list of dictionary.
+
+Args:
+decoders (KVDecoders): The KVDecoders to use.
+value (str): The value string to decode.
+"""
+if not value:
+# Mark as flag
+return True
+
+parser = KVParser(value, decoders)
+parser.parse()
+return [{kv.key: kv.value} for kv in parser.kv()]
+
+
+def nested_kv_decoder(decoders=None, is_list=False):
"""Helper function that creates a nested kv decoder with given
KVDecoders."""
+if is_list:
+return functools.partial(decode_nested_kv_list, decoders)
return functools.partial(decode_nested_kv, decoders)
diff --git a/python/ovs/flow/odp.py b/python/ovs/flow/odp.py
index 3bc3aec8e..db63afc8d 100644
--- a/python/ovs/flow/odp.py
+++ b/python/ovs/flow/odp.py
@@ -337,7 +337,8 @@ class ODPFlow(Flow):
}
_decoders["clone"] = nested_kv_decoder(
-KVDecoders(decoders=_decoders, default_free=decode_free_output)
+KVDecoders(decoders=_decoders, default_free=decode_free_output),
+is_list=True,
)
return {
@@ -350,7 +351,8 @@ class ODPFlow(Flow):
KVDecoders(
decoders=_decoders,
default_free=decode_free_output,
-)
+),
+is_list=True,
),
}
)
diff --git a/python/ovs/flow/ofp.py b/python/ovs/flow/ofp.py
index 3d79ed6ad..8f2727361 100644
--- a/python/ovs/flow/ofp.py
+++ b/python/ovs/flow/ofp.py
@@ -31,7 +31,6 @@ from ovs.flow.ofp_act import (
decode_dec_ttl,
decode_chk_pkt_larger,
decode_zone,
-decode_exec,
decode_learn,
)
@@ -336,8 +335,7 @@ class OFPFlow(Flow):
"table": decode_int,
"nat": decode_nat,
"force": decode_flag,
-"exec": functools.partial(
-decode_exec,
+"exec": nested_kv_decoder(
KVDecoders(
{
**OFPFlow._encap_actions_decoders_args(),
@@ -345,6 +343,7 @@ class OFPFlow(Flow):
**OFPFlow._meta_action_decoders_args(),
}
),
+is_list=True,
),
"alg": decode_default,
}
@@ -359,6 +358,7 @@ class OFPFlow(Flow):
}
)
),
+# learn moved to _clone actions.
}
@staticmethod
@@ -400,11 +400,11 @@ class OFPFlow(Flow):
"""
return {
"learn": decode_learn(action_decoders),
-"clone": functools.partial(
-decode_exec, KVDecoders(action_decoders)
+"clone": nested_kv_decoder(
+KVDecoders(action_decoders), is_list=True
),
-"write_actions": functools.partial(
-decode_exec, KVDecoders(action_decoders)
+"write_actions": nested_kv_decoder(
+KVDecoders(action_decoders), is_list=True
),
}
diff --git a/python/ovs/flow/ofp_act.py b/python/ovs/flow/ofp_act.py
index c481d6fc7..5eaf0b218 100644
--- a/python/ovs/flow/ofp_act.py
+++ b/python/ovs/flow/ofp_act.py
@@ -1,8 +1,5 @@
"""Defines decoders for OpenFlow actions.
"""
-
-import functools
-
from ovs.flow.decoders import (
decode_default,
decode_time,
@@ -258,19 +255,6 @@ def decode_zone(value):
return decode_field(value)
-def decode_exec(action_decoders, value):
-"""Decodes the value of the 'exec' keyword (part of the ct action).
-
-
[ovs-dev] [PATCH v1 09/11] tests: verify flows in ofp-actions are parseable
Create a small helper script and check that flows used in ofp-actions.at are parseable. Signed-off-by: Adrian Moreno Acked-by: Mike Pattrick --- tests/automake.mk | 2 ++ tests/ofp-actions.at | 18 + tests/test-ofparse.py | 45 +++ 3 files changed, 65 insertions(+) create mode 100755 tests/test-ofparse.py diff --git a/tests/automake.mk b/tests/automake.mk index d509cf935..76e6edebe 100644 --- a/tests/automake.mk +++ b/tests/automake.mk @@ -19,6 +19,7 @@ EXTRA_DIST += \ $(OVSDB_CLUSTER_TESTSUITE) \ tests/atlocal.in \ $(srcdir)/package.m4 \ + $(srcdir)/tests/test-ofparse.py \ $(srcdir)/tests/testsuite \ $(srcdir)/tests/testsuite.patch @@ -518,6 +519,7 @@ CHECK_PYFILES = \ tests/flowgen.py \ tests/mfex_fuzzy.py \ tests/ovsdb-monitor-sort.py \ + tests/test-ofparse.py \ tests/test-daemon.py \ tests/test-json.py \ tests/test-jsonrpc.py \ diff --git a/tests/ofp-actions.at b/tests/ofp-actions.at index 9d820eba6..40a23bb15 100644 --- a/tests/ofp-actions.at +++ b/tests/ofp-actions.at @@ -329,6 +329,7 @@ AT_CAPTURE_FILE([experr]) AT_CHECK( [ovs-ofctl '-vPATTERN:console:%c|%p|%m' parse-actions OpenFlow10 < input.txt], [0], [expout], [experr]) +AT_CHECK([cat expout | grep 'actions=' | test-ofparse.py]) AT_CLEANUP AT_SETUP([OpenFlow 1.0 "instruction" translations]) @@ -359,6 +360,7 @@ AT_CAPTURE_FILE([experr]) AT_CHECK( [ovs-ofctl '-vPATTERN:console:%c|%p|%m' parse-instructions OpenFlow10 < input.txt], [0], [expout], [experr]) +AT_CHECK([cat expout | grep 'actions=' | test-ofparse.py]) AT_CLEANUP AT_SETUP([OpenFlow 1.1 action translation]) @@ -502,6 +504,7 @@ AT_CAPTURE_FILE([experr]) AT_CHECK( [ovs-ofctl '-vPATTERN:console:%c|%p|%m' parse-actions OpenFlow11 < input.txt], [0], [expout], [experr]) +AT_CHECK([cat expout | grep 'actions=' | test-ofparse.py]) AT_CLEANUP AT_SETUP([OpenFlow 1.1 instruction translation]) @@ -737,6 +740,7 @@ AT_CAPTURE_FILE([experr]) AT_CHECK( [ovs-ofctl '-vPATTERN:console:%c|%p|%m' parse-actions OpenFlow12 < input.txt], [0], [expout], [experr]) +AT_CHECK([cat expout | grep 'actions=' | test-ofparse.py]) AT_CLEANUP dnl Our primary goal here is to verify OpenFlow 1.3-specific changes, @@ -798,6 +802,7 @@ AT_CAPTURE_FILE([experr]) AT_CHECK( [ovs-ofctl '-vPATTERN:console:%c|%p|%m' parse-actions OpenFlow13 < input.txt], [0], [expout], [experr]) +AT_CHECK([cat expout | grep 'actions=' | test-ofparse.py]) AT_CLEANUP dnl Our primary goal here is to verify that OpenFlow 1.5-specific changes, @@ -827,17 +832,20 @@ AT_CAPTURE_FILE([experr]) AT_CHECK( [ovs-ofctl '-vPATTERN:console:%c|%p|%m' parse-actions OpenFlow15 < input.txt], [0], [expout], [experr]) +AT_CHECK([cat expout | grep 'actions=' | test-ofparse.py]) AT_CLEANUP AT_SETUP([ofp-actions - inconsistent MPLS actions]) OVS_VSWITCHD_START dnl OK: Use fin_timeout action on TCP flow AT_CHECK([ovs-ofctl -O OpenFlow11 -vwarn add-flow br0 'tcp actions=fin_timeout(idle_timeout=1)']) +AT_CHECK([echo 'tcp actions=fin_timeout(idle_timeout=1)' | test-ofparse.py]) dnl Bad: Use fin_timeout action on TCP flow that has been converted to MPLS AT_CHECK([ovs-ofctl -O OpenFlow11 -vwarn add-flow br0 'tcp actions=push_mpls:0x8847,fin_timeout(idle_timeout=1)'], [1], [], [dnl ovs-ofctl: none of the usable flow formats (OpenFlow10,NXM) is among the allowed flow formats (OpenFlow11) ]) +AT_CHECK([echo 'tcp actions=push_mpls:0x8847,fin_timeout(idle_timeout=1)' | test-ofparse.py]) OVS_VSWITCHD_STOP AT_CLEANUP @@ -853,6 +861,8 @@ AT_CHECK([ovs-ofctl -O OpenFlow10 dump-flows br0 | ofctl_strip], [0], [dnl NXST_FLOW reply: mpls actions=load:0xa->OXM_OF_MPLS_LABEL[[]] ]) +AT_CHECK([echo 'mpls actions=set_field:10->mpls_label' | test-ofparse.py]) +AT_CHECK([echo 'mpls actions=load:0xa->OXM_OF_MPLS_LABEL[[]]'| test-ofparse.py]) OVS_VSWITCHD_STOP AT_CLEANUP @@ -862,14 +872,17 @@ OVS_VSWITCHD_START dnl OpenFlow 1.0 has an "enqueue" action. For OpenFlow 1.1+, we translate dnl it to a series of actions that accomplish the same thing. AT_CHECK([ovs-ofctl -O OpenFlow10 add-flow br0 'actions=enqueue(123,456)']) +AT_CHECK([echo 'actions=enqueue(123,456)' | test-ofparse.py]) AT_CHECK([ovs-ofctl -O OpenFlow10 dump-flows br0 | ofctl_strip], [0], [dnl NXST_FLOW reply: actions=enqueue:123:456 ]) +AT_CHECK([echo 'actions=enqueue:123:456' | test-ofparse.py]) AT_CHECK([ovs-ofctl -O OpenFlow13 dump-flows br0 | ofctl_strip], [0], [dnl OFPST_FLOW reply (OF1.3): reset_counts actions=set_queue:456,output:123,pop_queue ]) +AT_CHECK([echo 'actions=set_queue:456,output:123,pop_queue' | test-ofparse.py]) OVS_VSWITCHD_STOP AT_CLEANUP @@ -887,6 +900,8 @@ AT_CHECK([ovs-ofctl -O OpenFlow11 dump-flows br0 | ofctl_strip], [0], [dnl OFPST_FLOW reply (OF1.1): ip actions=mod_nw_ttl:123 ]) +AT_CHECK([echo
[ovs-dev] [PATCH v1 10/11] tests: verify flows in odp.at are parseable
Create a small helper script and check that flows tested in odp.at are parseable. Signed-off-by: Adrian Moreno Acked-by: Mike Pattrick --- tests/automake.mk | 2 ++ tests/odp.at | 12 +++- tests/test-dpparse.py | 45 +++ 3 files changed, 58 insertions(+), 1 deletion(-) create mode 100755 tests/test-dpparse.py diff --git a/tests/automake.mk b/tests/automake.mk index 76e6edebe..0311f3809 100644 --- a/tests/automake.mk +++ b/tests/automake.mk @@ -20,6 +20,7 @@ EXTRA_DIST += \ tests/atlocal.in \ $(srcdir)/package.m4 \ $(srcdir)/tests/test-ofparse.py \ + $(srcdir)/tests/test-dpparse.py \ $(srcdir)/tests/testsuite \ $(srcdir)/tests/testsuite.patch @@ -520,6 +521,7 @@ CHECK_PYFILES = \ tests/mfex_fuzzy.py \ tests/ovsdb-monitor-sort.py \ tests/test-ofparse.py \ + tests/test-dpparse.py \ tests/test-daemon.py \ tests/test-json.py \ tests/test-jsonrpc.py \ diff --git a/tests/odp.at b/tests/odp.at index 88b7cfd91..41eb726e9 100644 --- a/tests/odp.at +++ b/tests/odp.at @@ -104,9 +104,9 @@ dnl specified. We can skip these. sed -i'back' 's/\(skb_mark(0)\),\(ct\)/\1,ct_state(0),ct_zone(0),\2/' odp-out.txt sed -i'back' 's/\(skb_mark([[^)]]*)\),\(recirc\)/\1,ct_state(0),ct_zone(0),ct_mark(0),ct_label(0),\2/' odp-out.txt sed -i'back' 's/\(in_port(1)\),\(eth\)/\1,packet_type(ns=0,id=0),\2/' odp-out.txt - AT_CHECK_UNQUOTED([ovstest test-odp parse-keys < odp-in.txt], [0], [`cat odp-out.txt` ]) +AT_CHECK_UNQUOTED([cat odp-in.txt | sed 's/^#.*//' | sed 's/$/ actions:drop/' | test-dpparse.py]) AT_CLEANUP AT_SETUP([OVS datapath wildcarded key parsing and formatting - valid forms]) @@ -194,6 +194,7 @@ sed -n 's/,frag=no),.*/,frag=later)/p' odp-base.txt AT_CAPTURE_FILE([odp.txt]) AT_CHECK_UNQUOTED([ovstest test-odp parse-wc-keys < odp.txt], [0], [`cat odp.txt` ]) +AT_CHECK_UNQUOTED([cat odp.txt | sed 's/^#.*//' | sed 's/$/ actions:drop/' | test-dpparse.py]) AT_CLEANUP AT_SETUP([OVS datapath wildcarded key filtering.]) @@ -241,24 +242,31 @@ in_port(1),eth(src=00:01:02:03:04:05,dst=10:11:12:13:14:15),eth_type(0x86dd),ipv ]) AT_CHECK_UNQUOTED([ovstest test-odp parse-filter filter='dl_type=0x1235' < odp-base.txt], [0], [`cat odp-eth-type.txt` ]) +AT_CHECK_UNQUOTED([cat odp-eth-type.txt | sed 's/^#.*//' | sed 's/$/ actions:drop/' | test-dpparse.py]) AT_CHECK_UNQUOTED([ovstest test-odp parse-filter filter='dl_vlan=99' < odp-vlan-base.txt], [0], [`cat odp-vlan.txt` ]) +AT_CHECK_UNQUOTED([cat odp-vlan.txt | sed 's/^#.*//' | sed 's/$/ actions:drop/' | test-dpparse.py]) AT_CHECK_UNQUOTED([ovstest test-odp parse-filter filter='dl_vlan=99,ip' < odp-vlan-base.txt], [0], [`cat odp-vlan.txt` ]) AT_CHECK_UNQUOTED([ovstest test-odp parse-filter filter='ip,nw_src=35.8.2.199' < odp-base.txt], [0], [`cat odp-ipv4.txt` ]) AT_CHECK_UNQUOTED([ovstest test-odp parse-filter filter='ip,nw_dst=172.16.0.199' < odp-base.txt], [0], [`cat odp-ipv4.txt` ]) +AT_CHECK_UNQUOTED([cat odp-ipv4.txt | sed 's/^#.*//' | sed 's/$/ actions:drop/' | test-dpparse.py]) AT_CHECK_UNQUOTED([ovstest test-odp parse-filter filter='dl_type=0x0800,nw_src=35.8.2.199,nw_dst=172.16.0.199' < odp-base.txt], [0], [`cat odp-ipv4.txt` ]) AT_CHECK_UNQUOTED([ovstest test-odp parse-filter filter='icmp,nw_src=35.8.2.199' < odp-base.txt], [0], [`cat odp-icmp.txt` ]) +AT_CHECK_UNQUOTED([cat odp-icmp.txt | sed 's/^#.*//' | sed 's/$/ actions:drop/' | test-dpparse.py]) AT_CHECK_UNQUOTED([ovstest test-odp parse-filter filter='arp,arp_spa=1.2.3.5' < odp-base.txt], [0], [`cat odp-arp.txt` ]) +AT_CHECK_UNQUOTED([cat odp-arp.txt | sed 's/^#.*//' | sed 's/$/ actions:drop/' | test-dpparse.py]) AT_CHECK_UNQUOTED([ovstest test-odp parse-filter filter='tcp,tp_src=90' < odp-base.txt], [0], [`cat odp-tcp.txt` ]) +AT_CHECK_UNQUOTED([cat odp-tcp.txt | sed 's/^#.*//' | sed 's/$/ actions:drop/' | test-dpparse.py]) AT_CHECK_UNQUOTED([ovstest test-odp parse-filter filter='tcp6,tp_src=90' < odp-base.txt], [0], [`cat odp-tcp6.txt` ]) +AT_CHECK_UNQUOTED([cat odp-tcp6.txt | sed 's/^#.*//' | sed 's/$/ actions:drop/' | test-dpparse.py]) AT_CLEANUP AT_SETUP([OVS datapath actions parsing and formatting - valid forms]) @@ -391,6 +399,7 @@ add_mpls(label=200,tc=7,ttl=64,bos=1,eth_type=0x8847) AT_CHECK_UNQUOTED([ovstest test-odp parse-actions < actions.txt], [0], [`cat actions.txt` ]) +AT_CHECK_UNQUOTED([cat actions.txt | sed 's/^/actions:/' | test-dpparse.py]) AT_CLEANUP AT_SETUP([OVS datapath actions parsing and formatting - invalid forms]) @@ -436,6 +445,7 @@ odp_actions_from_string: error `cat actions.txt | head -3 | tail -1` odp_actions_from_string: error ]) +AT_CHECK_UNQUOTED([cat actions.txt | sed 's/^/actions:/' | test-dpparse.py]) AT_CLEANUP AT_SETUP([OVS datapath actions parsing and formatting - actions too long]) diff --git a/tests/test-dpparse.py b/tests/test-dpparse.py
[ovs-dev] [PATCH v1 11/11] python: don't exit OFPFlow constructor
returning None in a constructor does not make sense and is just error
prone. Removing what was a lefover from an attempt to handle a common
error case of trying to parse what is commonly outputted by ovs-ofctl.
This should be done by the caller anyway.
Signed-off-by: Adrian Moreno
Acked-by: Mike Pattrick
---
python/ovs/flow/ofp.py | 3 ---
1 file changed, 3 deletions(-)
diff --git a/python/ovs/flow/ofp.py b/python/ovs/flow/ofp.py
index eac8d0851..20231fd9f 100644
--- a/python/ovs/flow/ofp.py
+++ b/python/ovs/flow/ofp.py
@@ -104,9 +104,6 @@ class OFPFlow(Flow):
ValueError if the string is malformed.
ParseError if an error in parsing occurs.
"""
-if " reply " in ofp_string:
-return None
-
sections = list()
parts = ofp_string.split("actions=")
if len(parts) != 2:
--
2.38.1
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v1 08/11] python: interpret free keys as output in clone
clone-like actions can also output to ports by specifying the port name.
Signed-off-by: Adrian Moreno
---
python/ovs/flow/ofp.py | 6 --
python/ovs/tests/test_ofp.py | 13 +
2 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/python/ovs/flow/ofp.py b/python/ovs/flow/ofp.py
index bf832f71b..eac8d0851 100644
--- a/python/ovs/flow/ofp.py
+++ b/python/ovs/flow/ofp.py
@@ -402,10 +402,12 @@ class OFPFlow(Flow):
return {
"learn": decode_learn(action_decoders),
"clone": nested_kv_decoder(
-KVDecoders(action_decoders, ignore_case=True), is_list=True
+KVDecoders(action_decoders, default_free=decode_free_output,
+ ignore_case=True), is_list=True
),
"write_actions": nested_kv_decoder(
-KVDecoders(action_decoders, ignore_case=True), is_list=True
+KVDecoders(action_decoders, default_free=decode_free_output,
+ ignore_case=True), is_list=True
),
}
diff --git a/python/ovs/tests/test_ofp.py b/python/ovs/tests/test_ofp.py
index e17188e2b..27bcf0c47 100644
--- a/python/ovs/tests/test_ofp.py
+++ b/python/ovs/tests/test_ofp.py
@@ -532,6 +532,19 @@ from ovs.flow.decoders import EthMask, IPMask, decode_mask
KeyValue("CONTROLLER", {"max_len": 123}),
],
),
+(
+"actions=LOCAL,clone(myport,CONTROLLER)",
+[
+KeyValue("output", {"port": "LOCAL"}),
+KeyValue(
+"clone",
+[
+{"output": {"port": "myport"}},
+{"output": {"port": "CONTROLLER"}},
+]
+),
+],
+),
(
"actions=doesnotexist(1234)",
ParseError,
--
2.38.1
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
