From patchwork Thu Jul 11 16:20:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dumitru Ceara X-Patchwork-Id: 1959426 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=IPyHJrEk; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WKg2m6Gbjz1xqr for ; Fri, 12 Jul 2024 02:21:20 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 4AA37416EF; Thu, 11 Jul 2024 16:21:18 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id eASExKO6NAqa; Thu, 11 Jul 2024 16:21:16 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.9.56; helo=lists.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 841CA40C8F Authentication-Results: smtp4.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key, unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=IPyHJrEk Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp4.osuosl.org (Postfix) with ESMTPS id 841CA40C8F; Thu, 11 Jul 2024 16:21:16 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 2C51BC0A97; Thu, 11 Jul 2024 16:21:16 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 33450C0A96 for ; Thu, 11 Jul 2024 16:21:14 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 1681760682 for ; Thu, 11 Jul 2024 16:21:14 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id 3Rrz8DwW7PdR for ; Thu, 11 Jul 2024 16:21:13 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.129.124; helo=us-smtp-delivery-124.mimecast.com; envelope-from=dceara@redhat.com; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp3.osuosl.org E63D16066E Authentication-Results: smtp3.osuosl.org; dmarc=pass (p=none dis=none) header.from=redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org E63D16066E Authentication-Results: smtp3.osuosl.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=IPyHJrEk Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by smtp3.osuosl.org (Postfix) with ESMTPS id E63D16066E for ; Thu, 11 Jul 2024 16:21:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1720714871; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=b7cKpW0oWtB0TS4kt+gzYB0/b1BuJRDKC0GyUENbodU=; b=IPyHJrEkR87HhgeNPNbA+iTjnbI5YG43hA0ZEiLRywF8OQwO9Rl0vKE5dHDCuRizm93+2S 1yO9Pt1QiwpjY+tQIc4eLj5yHZmMTH56jtllppSFeHR88So/ZAA5ZMdV8BkgIdvA8pIxxX 7YeRPub6g23mPCPpXSYn2MViLCNR4Ec= Received: from mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-421-oHA5sCLMNQ2Wm9V-_cIY8Q-1; Thu, 11 Jul 2024 12:21:09 -0400 X-MC-Unique: oHA5sCLMNQ2Wm9V-_cIY8Q-1 Received: from mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 68F1F193585D; Thu, 11 Jul 2024 16:21:08 +0000 (UTC) Received: from cecil-rh.redhat.com (unknown [10.39.192.54]) by mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id CE48A3000182; Thu, 11 Jul 2024 16:21:06 +0000 (UTC) From: Dumitru Ceara To: ovs-dev@openvswitch.org Date: Thu, 11 Jul 2024 18:20:55 +0200 Message-ID: <20240711162103.290159-1-dceara@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.4 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn v2 0/8] Add ACL Sampling using per-flow IPFIX. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" This series adds support for sampling packets processed by ACLs by using per-flow IPFIX. This new feature allows users to configure (potentially) different sampling options for ACL matched traffic that creates new connections or that is forwarded on existing connections. This work is based on Adrian's original RFC: https://patchwork.ozlabs.org/project/ovn/cover/20221018155936.1394396-1-amorenoz@redhat.com/ In order for the whole feature to work properly some pre-requisite work is done: - patches 1-3: simplify northd code assuming that all controllers are aware of features included in the previous LTS release (22.03) - the current LTS release is 24.03. - patch 4: fixes an incorrect test that mistakenly fails when the bug fix in patch 5 is applied. - patch 5: fixes a bug in the way ACLs with labels are processed when the switches also have load balancers configured The feature itself is implemented by the last 3 patches: - patch 6: adds support for users to configure different types of sampling applications (drop debug, acl-new-traffic, acl-established-traffic) - patch 7: combines the already existing drop debug sampling configuration with the new sampling application configuration (giving priority to the latter) - patch 8: adds sampling support to ACLs Changes in V2: - Addressed Adrian's comments on patch 8. - Fixed unit test failure in patch 2. Adrian Moreno (1): northd: Add ACL Sampling. Dumitru Ceara (7): northd: Assume all chassis support the "port-up-notif" feature. northd: Assume all chassis support the "ct-no-masked-label" feature. northd: Assume all chassis support the "ovn-ct-lb-related" feature. tests: Fix unreliable "ACL and committing to conntrack" system test. northd: Commit from-lport ACL label (and state) when LBs are used. northd: Add Sampling_App table. northd: Override NB_Global drop sampling id with Sampling_App config. NEWS | 6 + controller/lflow.c | 39 +- controller/lflow.h | 1 - controller/ovn-controller.c | 22 - lib/logical-fields.c | 28 +- northd/automake.mk | 2 + northd/debug.c | 12 +- northd/debug.h | 3 +- northd/en-global-config.c | 68 +-- northd/en-global-config.h | 2 - northd/en-lflow.c | 5 + northd/en-sampling-app.c | 120 ++++ northd/en-sampling-app.h | 51 ++ northd/inc-proc-northd.c | 15 +- northd/northd.c | 750 ++++++++++++++++++------ northd/northd.h | 1 + northd/ovn-northd.8.xml | 26 + ovn-nb.ovsschema | 63 +- ovn-nb.xml | 80 +++ ovn-sb.xml | 19 - tests/atlocal.in | 6 + tests/ovn-controller.at | 8 +- tests/ovn-macros.at | 4 + tests/ovn-nbctl.at | 20 + tests/ovn-northd.at | 774 +++++++++++++------------ tests/ovn.at | 22 +- tests/system-common-macros.at | 11 + tests/system-ovn.at | 154 ++++- utilities/containers/fedora/Dockerfile | 1 + utilities/containers/ubuntu/Dockerfile | 1 + utilities/ovn-nbctl.8.xml | 8 +- utilities/ovn-nbctl.c | 43 +- 32 files changed, 1617 insertions(+), 748 deletions(-) create mode 100644 northd/en-sampling-app.c create mode 100644 northd/en-sampling-app.h