From patchwork Fri Jul 12 15:14:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dumitru Ceara X-Patchwork-Id: 1959921 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=c4tQs4cr; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::133; helo=smtp2.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WLFW936Rgz1xqj for ; Sat, 13 Jul 2024 01:14:29 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id BDE93411C3; Fri, 12 Jul 2024 15:14:27 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id OMrWF8JHBq_h; Fri, 12 Jul 2024 15:14:26 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=2605:bc80:3010:104::8cd3:938; helo=lists.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 020A940185 Authentication-Results: smtp2.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=c4tQs4cr Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp2.osuosl.org (Postfix) with ESMTPS id 020A940185; Fri, 12 Jul 2024 15:14:26 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id C5676C0A97; Fri, 12 Jul 2024 15:14:25 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 1DFFCC0A96 for ; Fri, 12 Jul 2024 15:14:25 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 012D160604 for ; Fri, 12 Jul 2024 15:14:25 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id JIfo0dL0uPDk for ; Fri, 12 Jul 2024 15:14:24 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.133.124; helo=us-smtp-delivery-124.mimecast.com; envelope-from=dceara@redhat.com; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp3.osuosl.org D7FFD605FA Authentication-Results: smtp3.osuosl.org; dmarc=pass (p=none dis=none) header.from=redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org D7FFD605FA Authentication-Results: smtp3.osuosl.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=c4tQs4cr Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp3.osuosl.org (Postfix) with ESMTPS id D7FFD605FA for ; Fri, 12 Jul 2024 15:14:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1720797262; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=s3N7390aLqAM7HD4o1e1UUj1NuaGTCsVBo1IVBkCns8=; b=c4tQs4crQqHxeLlEHYpenJ9YRwvCF81es2vzWMXrlyqfT9MCvH8gRFScj1bbdhmz3Zeo4G 2NlzCHZnus3ioCagIPFlQ3KDJmOeVy7o32gOgszqBb3mU7Da/wk4JzCoTwHgIj1wo5aZjm 97yYl6no5eEwgwBfufXi5hRXXl3ujFg= Received: from mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-508-qikD7tzmNOanUIxutu31yA-1; Fri, 12 Jul 2024 11:14:21 -0400 X-MC-Unique: qikD7tzmNOanUIxutu31yA-1 Received: from mx-prod-int-04.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-04.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 8109E1958B1F; Fri, 12 Jul 2024 15:14:20 +0000 (UTC) Received: from cecil-rh.redhat.com (unknown [10.39.192.95]) by mx-prod-int-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id A256A1956066; Fri, 12 Jul 2024 15:14:18 +0000 (UTC) From: Dumitru Ceara To: ovs-dev@openvswitch.org Date: Fri, 12 Jul 2024 17:14:08 +0200 Message-ID: <20240712151416.992033-1-dceara@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.40 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn v3 0/8] Add ACL Sampling using per-flow IPFIX. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: i.maximets@ovn.org Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" This series adds support for sampling packets processed by ACLs by using per-flow IPFIX. This new feature allows users to configure (potentially) different sampling options for ACL matched traffic that creates new connections or that is forwarded on existing connections. This work is based on Adrian's original RFC: https://patchwork.ozlabs.org/project/ovn/cover/20221018155936.1394396-1-amorenoz@redhat.com/ In order for the whole feature to work properly some pre-requisite work is done: - patches 1-3: simplify northd code assuming that all controllers are aware of features included in the previous LTS release (22.03) - the current LTS release is 24.03. - patch 4: fixes an incorrect test that mistakenly fails when the bug fix in patch 5 is applied. - patch 5: fixes a bug in the way ACLs with labels are processed when the switches also have load balancers configured The feature itself is implemented by the last 3 patches: - patch 6: adds support for users to configure different types of sampling applications (drop debug, acl-new-traffic, acl-established-traffic) - patch 7: combines the already existing drop debug sampling configuration with the new sampling application configuration (giving priority to the latter) - patch 8: adds sampling support to ACLs Changes in V3: - Addressed Ilya's comment and bumped NB schema version on patch 8. I didn't bump it on patch 6 too because I don't think these two commits will ever be separated in different releases. Changes in V2: - Addressed Adrian's comments on patch 8. - Fixed unit test failure in patch 2. Adrian Moreno (1): northd: Add ACL Sampling. Dumitru Ceara (7): northd: Assume all chassis support the "port-up-notif" feature. northd: Assume all chassis support the "ct-no-masked-label" feature. northd: Assume all chassis support the "ovn-ct-lb-related" feature. tests: Fix unreliable "ACL and committing to conntrack" system test. northd: Commit from-lport ACL label (and state) when LBs are used. northd: Add Sampling_App table. northd: Override NB_Global drop sampling id with Sampling_App config. NEWS | 6 + controller/lflow.c | 39 +- controller/lflow.h | 1 - controller/ovn-controller.c | 22 - lib/logical-fields.c | 28 +- northd/automake.mk | 2 + northd/debug.c | 12 +- northd/debug.h | 3 +- northd/en-global-config.c | 68 +-- northd/en-global-config.h | 2 - northd/en-lflow.c | 5 + northd/en-sampling-app.c | 120 ++++ northd/en-sampling-app.h | 51 ++ northd/inc-proc-northd.c | 15 +- northd/northd.c | 750 ++++++++++++++++++------ northd/northd.h | 1 + northd/ovn-northd.8.xml | 26 + ovn-nb.ovsschema | 65 ++- ovn-nb.xml | 80 +++ ovn-sb.xml | 19 - tests/atlocal.in | 6 + tests/ovn-controller.at | 8 +- tests/ovn-macros.at | 4 + tests/ovn-nbctl.at | 20 + tests/ovn-northd.at | 774 +++++++++++++------------ tests/ovn.at | 22 +- tests/system-common-macros.at | 11 + tests/system-ovn.at | 154 ++++- utilities/containers/fedora/Dockerfile | 1 + utilities/containers/ubuntu/Dockerfile | 1 + utilities/ovn-nbctl.8.xml | 8 +- utilities/ovn-nbctl.c | 43 +- 32 files changed, 1618 insertions(+), 749 deletions(-) create mode 100644 northd/en-sampling-app.c create mode 100644 northd/en-sampling-app.h