From patchwork Mon Jul 8 11:24:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dumitru Ceara X-Patchwork-Id: 1957892 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=MyoIp3QW; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WHhbj1gpnz1xpd for ; Mon, 8 Jul 2024 21:24:33 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id ABC4F607A6; Mon, 8 Jul 2024 11:24:30 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id IMvPKRNfpfeU; Mon, 8 Jul 2024 11:24:28 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.9.56; helo=lists.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 7232E60797 Authentication-Results: smtp3.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=MyoIp3QW Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp3.osuosl.org (Postfix) with ESMTPS id 7232E60797; Mon, 8 Jul 2024 11:24:28 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 4FF7FC0A97; Mon, 8 Jul 2024 11:24:28 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 685B7C0A96 for ; Mon, 8 Jul 2024 11:24:27 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 56E5E400A4 for ; Mon, 8 Jul 2024 11:24:27 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id JtIcG4QQTYZR for ; Mon, 8 Jul 2024 11:24:26 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.133.124; helo=us-smtp-delivery-124.mimecast.com; envelope-from=dceara@redhat.com; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp2.osuosl.org E1DE140338 Authentication-Results: smtp2.osuosl.org; dmarc=pass (p=none dis=none) header.from=redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org E1DE140338 Authentication-Results: smtp2.osuosl.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=MyoIp3QW Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp2.osuosl.org (Postfix) with ESMTPS id E1DE140338 for ; Mon, 8 Jul 2024 11:24:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1720437864; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=B6w8g9swI9JadhMgJ+7oLbX30cAg+qq10iawNK7gsbA=; b=MyoIp3QWfpYz2ZOD/TwPAwCVk6QpZgGEXdh+Iv6b3xT0a3N3Vh1EeTZn1L8f9veuLaW0Cx qtXvLGDE7KFzgLwD3FYxecR/+MB8IWM6BF56rs9+2dYxD6vFQQLVWhV79SNQW9YAdUe55T n+hWpnnHv/cDJQg4W392zh08/606zbw= Received: from mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-632-4WkcQP0LMiG-0cumKWJ6fw-1; Mon, 08 Jul 2024 07:24:21 -0400 X-MC-Unique: 4WkcQP0LMiG-0cumKWJ6fw-1 Received: from mx-prod-int-04.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-04.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 6B22919560BA; Mon, 8 Jul 2024 11:24:20 +0000 (UTC) Received: from cecil-rh.redhat.com (unknown [10.39.195.23]) by mx-prod-int-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 4F41219560AA; Mon, 8 Jul 2024 11:24:17 +0000 (UTC) From: Dumitru Ceara To: ovs-dev@openvswitch.org Date: Mon, 8 Jul 2024 13:24:06 +0200 Message-ID: <20240708112414.4050943-1-dceara@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.40 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn 0/8] Add ACL Sampling using per-flow IPFIX X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" This series adds support for sampling packets processed by ACLs by using per-flow IPFIX. This new feature allows users to configure (potentially) different sampling options for ACL matched traffic that creates new connections or that is forwarded on existing connections. This work is based on Adrian's original RFC: https://patchwork.ozlabs.org/project/ovn/cover/20221018155936.1394396-1-amorenoz@redhat.com/ In order for the whole feature to work properly some pre-requisite work is done: - patches 1-3: simplify northd code assuming that all controllers are aware of features included in the previous LTS release (22.03) - the current LTS release is 24.03. - patch 4: fixes an incorrect test that mistakenly fails when the bug fix in patch 5 is applied. - patch 5: fixes a bug in the way ACLs with labels are processed when the switches also have load balancers configured The feature itself is implemented by the last 3 patches: - patch 6: adds support for users to configure different types of sampling applications (drop debug, acl-new-traffic, acl-established-traffic) - patch 7: combines the already existing drop debug sampling configuration with the new sampling application configuration (giving priority to the latter) - patch 8: adds sampling support to ACLs Adrian Moreno (1): northd: Add ACL Sampling. Dumitru Ceara (7): northd: Assume all chassis support the "port-up-notif" feature. northd: Assume all chassis support the "ct-no-masked-label" feature. northd: Assume all chassis support the "ovn-ct-lb-related" feature. tests: Fix unreliable "ACL and committing to conntrack" system test. northd: Commit from-lport ACL label (and state) when LBs are used. northd: Add Sampling_App table. northd: Override NB_Global drop sampling id with Sampling_App config. NEWS | 6 + controller/lflow.c | 39 +- controller/lflow.h | 1 - controller/ovn-controller.c | 22 - include/ovn/logical-fields.h | 2 + lib/logical-fields.c | 28 +- northd/automake.mk | 2 + northd/debug.c | 12 +- northd/debug.h | 3 +- northd/en-global-config.c | 68 +-- northd/en-global-config.h | 2 - northd/en-lflow.c | 5 + northd/en-sampling-app.c | 120 ++++ northd/en-sampling-app.h | 51 ++ northd/inc-proc-northd.c | 15 +- northd/northd.c | 750 ++++++++++++++++++------ northd/northd.h | 1 + northd/ovn-northd.8.xml | 26 + ovn-nb.ovsschema | 63 +- ovn-nb.xml | 73 +++ ovn-sb.xml | 19 - tests/atlocal.in | 6 + tests/ovn-controller.at | 8 +- tests/ovn-macros.at | 4 + tests/ovn-nbctl.at | 20 + tests/ovn-northd.at | 774 +++++++++++++------------ tests/ovn.at | 16 +- tests/system-common-macros.at | 11 + tests/system-ovn.at | 154 ++++- utilities/containers/fedora/Dockerfile | 1 + utilities/containers/ubuntu/Dockerfile | 1 + utilities/ovn-nbctl.8.xml | 8 +- utilities/ovn-nbctl.c | 43 +- 33 files changed, 1606 insertions(+), 748 deletions(-) create mode 100644 northd/en-sampling-app.c create mode 100644 northd/en-sampling-app.h