From patchwork Mon Mar 11 13:16:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Huettner X-Patchwork-Id: 1910455 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mail.schwarz header.i=@mail.schwarz header.a=rsa-sha256 header.s=selector1 header.b=hRx0aw1f; dkim=fail reason="signature verification failed" (2048-bit key) header.d=mail.schwarz header.i=@mail.schwarz header.a=rsa-sha256 header.s=selector1 header.b=hRx0aw1f; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=smtp3.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Ttcjb6cNHz1yWn for ; Tue, 12 Mar 2024 00:16:19 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id CCBB260594; Mon, 11 Mar 2024 13:16:17 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ebkoAfbupgAk; Mon, 11 Mar 2024 13:16:16 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.9.56; helo=lists.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 5DBDA60847 Authentication-Results: smtp3.osuosl.org; dkim=fail reason="signature verification failed" (2048-bit key, unprotected) header.d=mail.schwarz header.i=@mail.schwarz header.a=rsa-sha256 header.s=selector1 header.b=hRx0aw1f; dkim=fail reason="signature verification failed" (2048-bit key) header.d=mail.schwarz header.i=@mail.schwarz header.a=rsa-sha256 header.s=selector1 header.b=hRx0aw1f Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp3.osuosl.org (Postfix) with ESMTPS id 5DBDA60847; Mon, 11 Mar 2024 13:16:16 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 32C99C007C; Mon, 11 Mar 2024 13:16:16 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id B65C5C0037 for ; Mon, 11 Mar 2024 13:16:14 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id C0084405C8 for ; Mon, 11 Mar 2024 13:16:12 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h9QlAsqhuzgx for ; Mon, 11 Mar 2024 13:16:11 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2a01:111:f403:2613::600; helo=eur05-vi1-obe.outbound.protection.outlook.com; envelope-from=felix.huettner@mail.schwarz; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp4.osuosl.org A6B41405C2 Authentication-Results: smtp4.osuosl.org; dmarc=pass (p=reject dis=none) header.from=mail.schwarz DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org A6B41405C2 Authentication-Results: smtp4.osuosl.org; dkim=pass (2048-bit key, unprotected) header.d=mail.schwarz header.i=@mail.schwarz header.a=rsa-sha256 header.s=selector1 header.b=hRx0aw1f; dkim=pass (2048-bit key) header.d=mail.schwarz header.i=@mail.schwarz header.a=rsa-sha256 header.s=selector1 header.b=hRx0aw1f Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on20600.outbound.protection.outlook.com [IPv6:2a01:111:f403:2613::600]) by smtp4.osuosl.org (Postfix) with ESMTPS id A6B41405C2 for ; Mon, 11 Mar 2024 13:16:10 +0000 (UTC) ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=Djb92H4obOCT0nyuPEgejMgHmNK/BmxCAdTgKXLghHuacJMUpxfy82Mzm7IOlSU3HUgj8lLyxZzdyW8A1I7Tw+58tHxI+bUGTw9/7tWPArTbMdAkwQ9Ww65tcxBI5fe3At/i3YRpM7lhTaqIpBnZ00E91UI4Z0lTpb0T1Ml+wNWs5C2m2Wg6eKP+in6mSteLYXxcTcVU15woh+EkKS/aumYERw+Od3CwVOR1Xhv8YRw0H5FNpbrMTKJBW38NY6w8rLux8S48WOncz6detq0q9KVuLp6JJzFRhdLS6LBGfLiHHi1t7zVBVUC3IZXeGFZWI2VJOAH+gClH/e7XTwDWlA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9hHAQB1PJwcS5kiCErEYZ1mGw2u/W2FWOZTlu5d1X8I=; b=PcIx8K5Ns1O7plEWxrc1XKphDBqUAdo2qQlwLx7wnoMb2GP+7sZdV9GJzOEneGCgeoD75C201tSeyoJAnwlDKd4SvwDNJ8uyI5MnMQ3D1gT3s7jFWE+dT/wCpTgDVjn9/mqHyv8vXmzTBNNbpoDuAF6UAhdfVFbRpcVpBUBQXgp2C/vLeylYNvYgdd+qjHOmGC9zauy27e7MhjM7VB9zPP6GX6eV2ZgZcTwKQb69Kcpl4CY64N8zKEj+LA2Q48h2zPLCiwQwzFY9GekpqPsAKd3j6qclnkDZn5ggYutmdbFtheygWyv41ZvxL2S7PiDpxrGrG34YdxtdMBdKTm1eEw== ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 104.40.229.156) smtp.rcpttodomain=openvswitch.org smtp.mailfrom=mail.schwarz; dmarc=pass (p=reject sp=none pct=100) action=none header.from=mail.schwarz; dkim=pass (signature was verified) header.d=mail.schwarz; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=mail.schwarz] dkim=[1,1,header.d=mail.schwarz] dmarc=[1,1,header.from=mail.schwarz]) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mail.schwarz; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9hHAQB1PJwcS5kiCErEYZ1mGw2u/W2FWOZTlu5d1X8I=; b=hRx0aw1f9tXPf/75+IHB9kduOe6F3rIYCynVSNojrw2hGNVp24ELduTsvnvcUu9PcyDeUvzGzpwQT2tonVsT7mR15s9/5s/U09EBteD0FhgjOkUUfAauyGd4xRuznHM2OrPXirh+vBGtUmNeliQ1ba4R762UdSqBs/Fo8TvKSkJBxpxmx5F4vN/UwRxdo8UyWLAmkci/RlznzMzKIsPRb5s4ic250FQ0QHJmWLbJbR1dCMR0dtQP4L9J8yuN26sMlnIlPmpXZp5gqmAzASrkZQbDInOVsSlkIdlJQgNC479YEMjGy7KQoODjZ02HZNNJtrqrnVsH0wNgBrSq7uZRXw== Received: from DB9PR01CA0025.eurprd01.prod.exchangelabs.com (2603:10a6:10:1d8::30) by AM7PR10MB3287.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:10e::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.34; Mon, 11 Mar 2024 13:16:06 +0000 Received: from DB5PEPF00014B8D.eurprd02.prod.outlook.com (2603:10a6:10:1d8:cafe::9f) by DB9PR01CA0025.outlook.office365.com (2603:10a6:10:1d8::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.35 via Frontend Transport; Mon, 11 Mar 2024 13:16:06 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 104.40.229.156) smtp.mailfrom=mail.schwarz; dkim=pass (signature was verified) header.d=mail.schwarz;dmarc=pass action=none header.from=mail.schwarz; Received-SPF: Pass (protection.outlook.com: domain of mail.schwarz designates 104.40.229.156 as permitted sender) receiver=protection.outlook.com; client-ip=104.40.229.156; helo=eu1.smtp.exclaimer.net; pr=C Received: from eu1.smtp.exclaimer.net (104.40.229.156) by DB5PEPF00014B8D.mail.protection.outlook.com (10.167.8.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.7386.12 via Frontend Transport; Mon, 11 Mar 2024 13:16:05 +0000 Received: from EUR04-HE1-obe.outbound.protection.outlook.com (104.47.13.50) by eu1.smtp.exclaimer.net (104.40.229.156) with Exclaimer Signature Manager ESMTP Proxy eu1.smtp.exclaimer.net (tlsversion=TLS12, tlscipher=TLS_ECDHE_WITH_AES256_SHA384); Mon, 11 Mar 2024 13:16:05 +0000 X-ExclaimerHostedSignatures-MessageProcessed: true X-ExclaimerProxyLatency: 9094122 X-ExclaimerImprintLatency: 2556437 X-ExclaimerImprintAction: 0e724320c9fc439183f8c6941894d7b7 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UaPyiv7hrOne7wJnSXPJwoJ+NfDzPYLrF96EppBDvBDLvnW0I5OucIJ0r5FAc+amBG5/QISNl4Q3Hms2YZg7eIrYBK8HdGpDQuIT8vKJAEcX4C8HxswyaoDv4rqjuGYVP82doipZG+CL2wBzZvhiSK4OpO4KBSQvfY6+XnA58R1iYPNPnSNLSob2SP/LLvGWg4cQT2xAjVLgbFk8tJ0gXklVYpTpkpxPK360WsCnJcl5EUbA0PXXy/su3UeOfsH/74rn91BChHX0j8gPUi4tC/fEX1t2WBeg6bIZjcNxmTynI79zY9F9rJBu88RyWANWzqGdNYXQOHKpmUQQ0Uclbg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9hHAQB1PJwcS5kiCErEYZ1mGw2u/W2FWOZTlu5d1X8I=; b=YFT3eCTnn3QfDDg81u4xJG0iVm9teTrM5C9naw3Txqm8P5LeuKEyk2o1UyjXESxO5K5dSUImI1/TIh26cyCzyqp5ZZtLjEPzIQ6C6mMq4SKOYyFMaht/UaYGSrHujeJ13rx4pTpIa2kqD6ecVX6mNu5+mIZz2/1T5A0E/RCejB35X3otNvyKyOsLoOnuhYQpPnRbeibbsOq+imTHJbB2ETk0DOtftZCYjsQY1kwmwbAwt+vgTH+Nmbvj7O5zeyvQYRUlEkU9DWc5/zjyswjklqskYj9xTL8dYg11Xc/ihFG0O8MbTQkUoTgPxGQM5EmEaIH/51z84QJC22gzbRYe4Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mail.schwarz; dmarc=pass action=none header.from=mail.schwarz; dkim=pass header.d=mail.schwarz; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mail.schwarz; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9hHAQB1PJwcS5kiCErEYZ1mGw2u/W2FWOZTlu5d1X8I=; b=hRx0aw1f9tXPf/75+IHB9kduOe6F3rIYCynVSNojrw2hGNVp24ELduTsvnvcUu9PcyDeUvzGzpwQT2tonVsT7mR15s9/5s/U09EBteD0FhgjOkUUfAauyGd4xRuznHM2OrPXirh+vBGtUmNeliQ1ba4R762UdSqBs/Fo8TvKSkJBxpxmx5F4vN/UwRxdo8UyWLAmkci/RlznzMzKIsPRb5s4ic250FQ0QHJmWLbJbR1dCMR0dtQP4L9J8yuN26sMlnIlPmpXZp5gqmAzASrkZQbDInOVsSlkIdlJQgNC479YEMjGy7KQoODjZ02HZNNJtrqrnVsH0wNgBrSq7uZRXw== Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=mail.schwarz; Received: from PAVPR10MB6914.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:30d::9) by DB9PR10MB5503.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:306::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.35; Mon, 11 Mar 2024 13:16:03 +0000 Received: from PAVPR10MB6914.EURPRD10.PROD.OUTLOOK.COM ([fe80::6c69:4f96:2e5d:8aae]) by PAVPR10MB6914.EURPRD10.PROD.OUTLOOK.COM ([fe80::6c69:4f96:2e5d:8aae%4]) with mapi id 15.20.7362.035; Mon, 11 Mar 2024 13:16:02 +0000 Date: Mon, 11 Mar 2024 14:16:00 +0100 To: dev@openvswitch.org Message-ID: <7f4dec6839784c9b5605451a80abaaffb74d8e66.1710154918.git.felix.huettner@mail.schwarz> Mail-Followup-To: dev@openvswitch.org References: Content-Disposition: inline In-Reply-To: X-ClientProxiedBy: FR3P281CA0110.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:a3::7) To PAVPR10MB6914.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:30d::9) MIME-Version: 1.0 X-MS-TrafficTypeDiagnostic: PAVPR10MB6914:EE_|DB9PR10MB5503:EE_|DB5PEPF00014B8D:EE_|AM7PR10MB3287:EE_ X-MS-Office365-Filtering-Correlation-Id: ed1b383f-7b8e-4d58-dc3f-08dc41cd68f3 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: qfzqu8H51GHrnaDKMpTPSnylot/jNkofyAPn41rW/VskQsgPnx1prTN1M0we6HO5GnCPv+WY7R1VMEzd+jdd7EdQyXrF6M/BNvQ7HtYQ1Xpm3r3nSIAUrJ+G2D+N9ZF1pf/IVyR8xysu64NMi1TQBSfTyqoFWLyUoLNEQ3nl3PN5spVBaj+2BfWjclQsWPGmYl+7D4RoAuPJ+S3lEFUiT7DIOqV16k5fu9srKrZip4S5/gUYI/bZ/QkRcb21KSX2gZ9x51MJ/1RqqKM2mU7TpdJmLyz4N7WPYXajaBcpER4Ps5hMy3SQEUysCESkIGrCMquc8neVsXWDRgq25xTXMiKFoSbbXhicQE526wvfkq6wYaJbBJ25dGfxrkM6Hi4FXWUAes61wXHHvw3L5Yo3cXg7EECMqPbq05+tqR0SSjZJQdXeqby17RDfe2/tmWRpDOHuy5fgbCAN2tNJRQXv7p2bkqEEXS1FTNezFHJoIn3E66TfQblBK3f6CtckIQmSVd8rnQvhAI4FnrkmRdRsTupacvkFLxmABQgzVEpVVmBmwpqxlb+L8uvDO9nFAy+G1cM3O1L0cP6MefA+41uVC2NbuHChBO1wBjwT/GG6k3Y= X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PAVPR10MB6914.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(376005)(1800799015); DIR:OUT; SFP:1101; X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR10MB5503 X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5PEPF00014B8D.eurprd02.prod.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: b3bf7db8-205f-4a9e-f9d5-08dc41cd667b X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ZI4oRgSMztFfcRgctIv7iyPUFr8SONR/GWjPOWn8mjWW+IgMWjjPbQW+HarZqh7VznYAXAx7CuSE3M0KaaAE9UIVjwyiiA0gmIbv3W0nvbNLnLpHYocfeiuPtGTApiPo/waaERqIMtLPki+OMLCBh+tOHZhIR6CcTRofHZ3W/Vb0fawhzVGI1fF8fbsXr6RfPja+UEkjmMFZxaZ3oMXEu1BWnNPSBvwYKS0+s7cES09b7pEjqQM9X+bcQgRZLJX+BLiOcxhlz1P2ctC2r1nA1Itet6shd4JOZIpLBMthKd14qTndP8MuSI2RsFHoze7eeYuq10slszxA+7fB0KghKexPCkTt9vn9ZHIGM9oPsf4bTg+nmkVjMT1MpgoCeIwVQKzz5uyvofy9Is1alIbutLtLZeoIGHyN6/94lzvGzhVUhruapTCdoMDWUKzwHRRWazDRayKjVjNhj8jc+1BR6H+4ZhfBWT42OI6+Hb/NRI13kVzDEFjsZrCN9UU+KovKCTdPIfwTST5idDaVSOaHJAcDVy13C1RC0eKoZ2kTPRuyWEmCMErAZ+PT7ZsrjQxXQVZl1M6zL5GVJaawoR51IH+WpbsUuAwVFWDLMu32mTZ9HuA4QJRLe2k+jJZeaylFHo74MMvyaAULhSGXpYDl4seoT2fn19NibT0JvXi7BqlN7isl6b1mEZuNytHGLUMMQvNmst1mWMyuqVXwgmlb2A== X-Forefront-Antispam-Report: CIP:104.40.229.156; CTRY:NL; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:eu1.smtp.exclaimer.net; PTR:eu1.smtp.exclaimer.net; CAT:NONE; SFS:(13230031)(82310400014)(36860700004)(1800799015)(376005); DIR:OUT; SFP:1101; X-OriginatorOrg: mail.schwarz X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Mar 2024 13:16:05.9212 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ed1b383f-7b8e-4d58-dc3f-08dc41cd68f3 X-MS-Exchange-CrossTenant-Id: d04f4717-5a6e-4b98-b3f9-6918e0385f4c X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=d04f4717-5a6e-4b98-b3f9-6918e0385f4c; Ip=[104.40.229.156]; Helo=[eu1.smtp.exclaimer.net] X-MS-Exchange-CrossTenant-AuthSource: DB5PEPF00014B8D.eurprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR10MB3287 Subject: [ovs-dev] [PATCH v7 2/2] netlink-conntrack: Optimize flushing ct zone. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Felix Huettner via dev From: Felix Huettner Reply-To: Felix Huettner Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Previously the kernel did not provide a netlink interface to flush/list only conntrack entries matching a specific zone. With [1] and [2] it is now possible to flush and list conntrack entries filtered by zone. Older kernels not yet supporting this feature will ignore the filter. For the list request that means just returning all entries (which we can then filter in userspace as before). For the flush request that means deleting all conntrack entries. The implementation is now identical to the windows one, so we combine them. These significantly improves the performance of flushing conntrack zones when the conntrack table is large. Since flushing a conntrack zone is normally triggered via an openflow command it blocks the main ovs thread and thereby also blocks new flows from being applied. Using this new feature we can reduce the flushing time for zones by around 93%. In combination with OVN the creation of a Logical_Router (which causes the flushing of a ct zone) could block other operations, e.g. the failover of Logical_Routers (as they cause new flows to be created). This is visible from a user perspective as a ovn-controller that is idle (as it waits for vswitchd) and vswitchd reporting: "blocked 1000 ms waiting for main to quiesce" (potentially with ever increasing times). The following performance tests where run in a qemu vm with 500.000 conntrack entries distributed evenly over 500 ct zones using `ovstest test-netlink-conntrack flush zone=`. | flush zone with 1000 entries | flush zone with no entry | +---------------------+----------+---------------------+----------| | with the patch | without | with the patch | without | +----------+----------+----------+----------+----------+----------| | v6.8-rc4 | v6.7.1 | v6.8-rc4 | v6.8-rc4 | v6.7.1 | v6.8-rc4 | +---------+----------+----------+----------+----------+----------+----------| | Min | 0.260 | 3.946 | 3.497 | 0.228 | 3.462 | 3.212 | | Median | 0.319 | 4.237 | 4.349 | 0.298 | 4.460 | 4.010 | | 90%ile | 0.335 | 4.367 | 4.522 | 0.325 | 4.662 | 4.572 | | 99%ile | 0.348 | 4.495 | 4.773 | 0.340 | 4.931 | 6.003 | | Max | 0.362 | 4.543 | 5.054 | 0.348 | 5.390 | 6.396 | | Mean | 0.320 | 4.236 | 4.331 | 0.296 | 4.430 | 4.071 | | Total | 80.02 | 1058 | 1082 | 73.93 | 1107 | 1017 | [1]: https://github.com/torvalds/linux/commit/eff3c558bb7e61c41b53e4c8130e514a5a4df9ba [2]: https://github.com/torvalds/linux/commit/fa173a1b4e3fd1ab5451cbc57de6fc624c824b0a Acked-by: Mike Pattrick Co-Authored-By: Luca Czesla Signed-off-by: Luca Czesla Co-Authored-By: Max Lamprecht Signed-off-by: Max Lamprecht Signed-off-by: Felix Huettner Acked-by: Aaron Conole --- v6->v7: - fixed some nits - move testcase to the "ct flush" test v5->v6: none v4->v5: none v3->v4: - combine the flush logic with windows implementation v2->v3: - update description to include upstream fix (Thanks to Ilya for finding that issue) v1->v2: - fixed wrong signed-off-by lib/netlink-conntrack.c | 52 ++++++++++++++++++++++++++++++++++++----- tests/system-traffic.at | 28 ++++++++++++++++++++++ 2 files changed, 74 insertions(+), 6 deletions(-) diff --git a/lib/netlink-conntrack.c b/lib/netlink-conntrack.c index 492bfcffb..263496b17 100644 --- a/lib/netlink-conntrack.c +++ b/lib/netlink-conntrack.c @@ -141,6 +141,9 @@ nl_ct_dump_start(struct nl_ct_dump_state **statep, const uint16_t *zone, nl_msg_put_nfgenmsg(&state->buf, 0, AF_UNSPEC, NFNL_SUBSYS_CTNETLINK, IPCTNL_MSG_CT_GET, NLM_F_REQUEST); + if (zone) { + nl_msg_put_be16(&state->buf, CTA_ZONE, htons(*zone)); + } nl_dump_start(&state->dump, NETLINK_NETFILTER, &state->buf); ofpbuf_clear(&state->buf); @@ -263,11 +266,9 @@ out: return err; } -#ifdef _WIN32 -int -nl_ct_flush_zone(uint16_t flush_zone) +static int +nl_ct_flush_zone_with_cta_zone(uint16_t flush_zone) { - /* Windows can flush a specific zone */ struct ofpbuf buf; int err; @@ -282,24 +283,63 @@ nl_ct_flush_zone(uint16_t flush_zone) return err; } + +#ifdef _WIN32 +int +nl_ct_flush_zone(uint16_t flush_zone) +{ + return nl_ct_flush_zone_with_cta_zone(flush_zone); +} #else + +static bool +netlink_flush_supports_zone(void) +{ + static struct ovsthread_once once = OVSTHREAD_ONCE_INITIALIZER; + static bool supported = false; + + if (ovsthread_once_start(&once)) { + if (ovs_kernel_is_version_or_newer(6, 8)) { + supported = true; + } else { + VLOG_INFO("disabling conntrack flush by zone. " + "Not supported in Linux kernel"); + } + ovsthread_once_done(&once); + } + return supported; +} + int nl_ct_flush_zone(uint16_t flush_zone) { - /* Apparently, there's no netlink interface to flush a specific zone. + /* In older kernels, there was no netlink interface to flush a specific + * conntrack zone. * This code dumps every connection, checks the zone and eventually * delete the entry. + * In newer kernels there is the option to specify a zone for filtering + * during dumps. Older kernels ignore this option. We set it here in the + * hope we only get relevant entries back, but fall back to filtering here + * to keep compatibility. * - * This is race-prone, but it is better than using shell scripts. */ + * This is race-prone, but it is better than using shell scripts. + * + * Additionally newer kernels also support flushing a zone without listing + * it first. */ struct nl_dump dump; struct ofpbuf buf, reply, delete; + if (netlink_flush_supports_zone()) { + return nl_ct_flush_zone_with_cta_zone(flush_zone); + } + ofpbuf_init(&buf, NL_DUMP_BUFSIZE); ofpbuf_init(&delete, NL_DUMP_BUFSIZE); nl_msg_put_nfgenmsg(&buf, 0, AF_UNSPEC, NFNL_SUBSYS_CTNETLINK, IPCTNL_MSG_CT_GET, NLM_F_REQUEST); + nl_msg_put_be16(&buf, CTA_ZONE, htons(flush_zone)); nl_dump_start(&dump, NETLINK_NETFILTER, &buf); ofpbuf_clear(&buf); diff --git a/tests/system-traffic.at b/tests/system-traffic.at index 2d12d558e..a4600eb54 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -3069,6 +3069,34 @@ AT_CHECK([grep -q "failed to parse mark" stderr]) AT_CHECK([FLUSH_CMD labels=invalid], [ignore], [ignore], [stderr]) AT_CHECK([grep -q "failed to parse labels" stderr]) + +dnl Test UDP from port 1 and 2, partial flush by zone. +AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 packet=50540000000a50540000000908004500001c000000000011a4cd0a0101010a0101020001000200080000 actions=resubmit(,0)"]) +AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=2 packet=50540000000a50540000000908004500001c000000000011a4cd0a0101020a0101010002000100080000 actions=resubmit(,0)"]) + + +AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep "10\.1\.1\.1," | sort], [0], [dnl +udp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=1,dport=2),reply=(src=10.1.1.2,dst=10.1.1.1,sport=2,dport=1),mark=170 +udp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=2,dport=1),reply=(src=10.1.1.1,dst=10.1.1.2,sport=1,dport=2),zone=5,labels=0xaa00000000 +]) + +AT_CHECK([FLUSH_CMD zone=5]) + +AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep "10\.1\.1\.1,"], [0], [dnl +udp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=1,dport=2),reply=(src=10.1.1.2,dst=10.1.1.1,sport=2,dport=1),mark=170 +]) + +AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=2 packet=50540000000a50540000000908004500001c000000000011a4cd0a0101020a0101010002000100080000 actions=resubmit(,0)"]) + +AT_CHECK([FLUSH_CMD zone=0]) + +AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep "10\.1\.1\.1,"], [0], [dnl +udp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=2,dport=1),reply=(src=10.1.1.1,dst=10.1.1.2,sport=1,dport=2),zone=5,labels=0xaa00000000 +]) + +AT_CHECK([FLUSH_CMD]) + +AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep "10\.1\.1\.1,"], [1]) ]) OVS_TRAFFIC_VSWITCHD_STOP