From patchwork Mon Apr 25 11:17:22 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: =?utf-8?q?Adri=C3=A1n_Moreno?=
X-Patchwork-Id: 1621877
Return-Path:
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: bilbo.ozlabs.org;
dkim=fail reason="signature verification failed" (1024-bit key;
unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
header.s=mimecast20190719 header.b=d3yKKxes;
dkim-atps=neutral
Authentication-Results: ozlabs.org;
spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org
(client-ip=2605:bc80:3010::133; helo=smtp2.osuosl.org;
envelope-from=ovs-dev-bounces@openvswitch.org; receiver=)
Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
SHA256)
(No client certificate requested)
by bilbo.ozlabs.org (Postfix) with ESMTPS id 4Kn2YJ0lF8z9s0B
for ; Mon, 25 Apr 2022 21:17:40 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
by smtp2.osuosl.org (Postfix) with ESMTP id 05D2A4052D;
Mon, 25 Apr 2022 11:17:37 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp2.osuosl.org ([127.0.0.1])
by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id KHhNJZ3Z3_95; Mon, 25 Apr 2022 11:17:36 +0000 (UTC)
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56])
by smtp2.osuosl.org (Postfix) with ESMTPS id F07D4404DB;
Mon, 25 Apr 2022 11:17:34 +0000 (UTC)
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
by lists.linuxfoundation.org (Postfix) with ESMTP id A034AC007B;
Mon, 25 Apr 2022 11:17:34 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])
by lists.linuxfoundation.org (Postfix) with ESMTP id EB1B8C007E
for ; Mon, 25 Apr 2022 11:17:32 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp3.osuosl.org (Postfix) with ESMTP id D8BD060BD0
for ; Mon, 25 Apr 2022 11:17:32 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Authentication-Results: smtp3.osuosl.org (amavisd-new);
dkim=pass (1024-bit key) header.d=redhat.com
Received: from smtp3.osuosl.org ([127.0.0.1])
by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 41Z3I-rIfjuz for ;
Mon, 25 Apr 2022 11:17:32 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0
Received: from us-smtp-delivery-124.mimecast.com
(us-smtp-delivery-124.mimecast.com [170.10.129.124])
by smtp3.osuosl.org (Postfix) with ESMTPS id D441960AE2
for ; Mon, 25 Apr 2022 11:17:31 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
s=mimecast20190719; t=1650885450;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:cc:mime-version:mime-version:content-type:content-type:
content-transfer-encoding:content-transfer-encoding:
in-reply-to:in-reply-to:references:references;
bh=GTeunn6FtCmFe4PHwP0MLbjNm//u9k+7R1femeGSHD0=;
b=d3yKKxesc9F2MM4zqZj60Ye45/HvdGpPvlpnTUoAzM/cuYVMLhdwKnXzRKiFrk+lWLQUBY
TmzpkejeawYXxDi4arECfkuVEAf8iMk8NPU7rlMNtwTsacT/5a61axFYGgs6fU7GXkIGO0
VvO+AQXGEjNc3PwKGwAGjI0YXFhp3YI=
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
[66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
(version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
us-mta-497-yHU3q_z7O4mDEOCTFTv4HQ-1; Mon, 25 Apr 2022 07:17:29 -0400
X-MC-Unique: yHU3q_z7O4mDEOCTFTv4HQ-1
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com
[10.11.54.7])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mimecast-mx02.redhat.com (Postfix) with ESMTPS id DBD6F811E76
for ; Mon, 25 Apr 2022 11:17:28 +0000 (UTC)
Received: from amorenoz.users.ipa.redhat.com (unknown [10.39.194.136])
by smtp.corp.redhat.com (Postfix) with ESMTP id C24871468942;
Mon, 25 Apr 2022 11:17:27 +0000 (UTC)
From: Adrian Moreno
To: dev@openvswitch.org
Date: Mon, 25 Apr 2022 13:17:22 +0200
Message-Id: <20220425111724.2981776-2-amorenoz@redhat.com>
In-Reply-To: <20220425111724.2981776-1-amorenoz@redhat.com>
References: <20220425111724.2981776-1-amorenoz@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7
Authentication-Results: relay.mimecast.com;
auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=amorenoz@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Cc: trozet@redhat.com, dceara@redhat.com
Subject: [ovs-dev] [RFC PATCH ovn 1/3] actions: add sample action
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id:
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev"
sample ovn action encodes into the OFPACT_SAMPLE ovs action.
The only extra bit of logic is the ability to specify the macro $cookie
as observation_point_id that makes the encoding logic use the lflow's
first 32bits as observation_point_id.
Signed-off-by: Adrian Moreno
---
include/ovn/actions.h | 11 +++++
lib/actions.c | 111 ++++++++++++++++++++++++++++++++++++++++++
tests/ovn.at | 8 +++
tests/test-ovn.c | 2 +
utilities/ovn-trace.c | 3 ++
5 files changed, 135 insertions(+)
diff --git a/include/ovn/actions.h b/include/ovn/actions.h
index f55d77d47..9e078b403 100644
--- a/include/ovn/actions.h
+++ b/include/ovn/actions.h
@@ -116,6 +116,7 @@ struct ovn_extend_table;
OVNACT(PUT_FDB, ovnact_put_fdb) \
OVNACT(GET_FDB, ovnact_get_fdb) \
OVNACT(LOOKUP_FDB, ovnact_lookup_fdb) \
+ OVNACT(SAMPLE, ovnact_sample) \
/* enum ovnact_type, with a member OVNACT_ for each action. */
enum OVS_PACKED_ENUM ovnact_type {
@@ -451,6 +452,16 @@ struct ovnact_lookup_fdb {
struct expr_field dst; /* 1-bit destination field. */
};
+/* OVNACT_SAMPLE */
+struct ovnact_sample {
+ struct ovnact ovnact;
+ uint16_t probability; /* probability over UINT16_MAX. */
+ uint32_t collector_set_id; /* colector_set_id. */
+ uint32_t obs_domain_id; /* observation domain id. */
+ uint32_t obs_point_id; /* observation point id. */
+ bool use_cookie; /* use cookie as obs_point_id */
+};
+
/* Internal use by the helpers below. */
void ovnact_init(struct ovnact *, enum ovnact_type, size_t len);
void *ovnact_put(struct ofpbuf *, enum ovnact_type, size_t len);
diff --git a/lib/actions.c b/lib/actions.c
index 7fe80f458..53869ce9f 100644
--- a/lib/actions.c
+++ b/lib/actions.c
@@ -4216,6 +4216,115 @@ ovnact_lookup_fdb_free(struct ovnact_lookup_fdb *get_fdb OVS_UNUSED)
{
}
+static void
+format_SAMPLE(const struct ovnact_sample *sample, struct ds *s)
+{
+ ds_put_format(s, "sample(probability=%"PRId16, sample->probability);
+
+ ds_put_format(s, ",collector_set=%"PRId32, sample->collector_set_id);
+ ds_put_format(s, ",obs_domain=%"PRId32, sample->obs_domain_id);
+ if (sample->use_cookie) {
+ ds_put_cstr(s, ",obs_point=$cookie");
+ } else {
+ ds_put_format(s, ",obs_point=%"PRId32, sample->obs_point_id);
+ }
+ ds_put_format(s, ");");
+}
+
+static void
+encode_SAMPLE(const struct ovnact_sample *sample,
+ const struct ovnact_encode_params *ep,
+ struct ofpbuf *ofpacts)
+{
+ struct ofpact_sample *os = ofpact_put_SAMPLE(ofpacts);
+ os->probability = sample->probability;
+ os->collector_set_id = sample->collector_set_id;
+ os->obs_domain_id= sample->obs_domain_id;
+ if (sample->use_cookie) {
+ os->obs_point_id = ep->lflow_uuid.parts[0];
+ } else {
+ os->obs_point_id = sample->obs_point_id;
+ }
+ os->sampling_port = OFPP_NONE;
+}
+
+static void
+parse_sample_arg(struct action_context *ctx, struct ovnact_sample *sample)
+{
+ if (lexer_match_id(ctx->lexer, "probability")) {
+ if (!lexer_force_match(ctx->lexer, LEX_T_EQUALS)) {
+ return;
+ }
+ if (ctx->lexer->token.type == LEX_T_INTEGER
+ && ctx->lexer->token.format == LEX_F_DECIMAL) {
+ if (!action_parse_uint16(ctx, &sample->probability,
+ "probability")) {
+ return;
+ }
+ }
+ } else if (lexer_match_id(ctx->lexer, "obs_point")) {
+ if (!lexer_force_match(ctx->lexer, LEX_T_EQUALS)) {
+ return;
+ }
+ if (ctx->lexer->token.type == LEX_T_MACRO &&
+ !strcmp(ctx->lexer->token.s, "cookie")) {
+ sample->use_cookie = true;
+ lexer_get(ctx->lexer);
+ } else if (ctx->lexer->token.type == LEX_T_INTEGER
+ && ctx->lexer->token.format == LEX_F_DECIMAL) {
+ sample->obs_point_id = ntohll(ctx->lexer->token.value.integer);
+ lexer_get(ctx->lexer);
+ } else {
+ lexer_syntax_error(ctx->lexer,
+ "Malformed sample observation_point_id");
+ }
+ } else if (lexer_match_id(ctx->lexer, "obs_domain")) {
+ if (!lexer_force_match(ctx->lexer, LEX_T_EQUALS)) {
+ return;
+ }
+ if (ctx->lexer->token.type == LEX_T_INTEGER
+ && ctx->lexer->token.format == LEX_F_DECIMAL) {
+ sample->obs_domain_id = ntohll(ctx->lexer->token.value.integer);
+ }
+ lexer_get(ctx->lexer);
+ } else if (lexer_match_id(ctx->lexer, "collector_set")) {
+ if (!lexer_force_match(ctx->lexer, LEX_T_EQUALS)) {
+ return;
+ }
+ if (ctx->lexer->token.type == LEX_T_INTEGER
+ && ctx->lexer->token.format == LEX_F_DECIMAL) {
+ sample->collector_set_id = ntohll(ctx->lexer->token.value.integer);
+ }
+ lexer_get(ctx->lexer);
+ } else {
+ lexer_syntax_error(ctx->lexer, "Malformed sample action");
+ }
+}
+static void
+parse_sample(struct action_context *ctx)
+{
+ struct ovnact_sample * sample = ovnact_put_SAMPLE(ctx->ovnacts);
+
+ if (lexer_match(ctx->lexer, LEX_T_LPAREN)) {
+ while (!lexer_match(ctx->lexer, LEX_T_RPAREN)) {
+ parse_sample_arg(ctx, sample);
+ if (ctx->lexer->error) {
+ return;
+ }
+ lexer_match(ctx->lexer, LEX_T_COMMA);
+ }
+ }
+ if (!sample->probability) {
+ lexer_error(ctx->lexer, "probability must be greater than zero");
+ return;
+ }
+}
+
+static void
+ovnact_sample_free(struct ovnact_sample *sample OVS_UNUSED)
+{
+}
+
/* Parses an assignment or exchange or put_dhcp_opts action. */
static void
parse_set_action(struct action_context *ctx)
@@ -4388,6 +4497,8 @@ parse_action(struct action_context *ctx)
ovnact_put_CT_SNAT_TO_VIP(ctx->ovnacts);
} else if (lexer_match_id(ctx->lexer, "put_fdb")) {
parse_put_fdb(ctx, ovnact_put_PUT_FDB(ctx->ovnacts));
+ } else if (lexer_match_id(ctx->lexer, "sample")) {
+ parse_sample(ctx);
} else {
lexer_syntax_error(ctx->lexer, "expecting action");
}
diff --git a/tests/ovn.at b/tests/ovn.at
index f9551b843..d1b062fb3 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -2006,6 +2006,14 @@ pop(eth.type);
push(abc);
Syntax error at `abc' expecting field name.
+# sample
+sample(probability=100,collector_set=200,obs_domain=10,obs_point=1000);
+ encodes as sample(probability=100,collector_set_id=200,obs_domain_id=10,obs_point_id=1000)
+
+sample(probability=100,collector_set=200,obs_domain=10,obs_point=$cookie);
+ encodes as sample(probability=100,collector_set_id=200,obs_domain_id=10,obs_point_id=2863311530)
+
+
# Miscellaneous negative tests.
;
Syntax error at `;'.
diff --git a/tests/test-ovn.c b/tests/test-ovn.c
index d79c6a5bc..f9a70c8a3 100644
--- a/tests/test-ovn.c
+++ b/tests/test-ovn.c
@@ -1351,6 +1351,8 @@ test_parse_actions(struct ovs_cmdl_context *ctx OVS_UNUSED)
.ct_snat_vip_ptable = OFTABLE_CT_SNAT_HAIRPIN,
.fdb_ptable = OFTABLE_GET_FDB,
.fdb_lookup_ptable = OFTABLE_LOOKUP_FDB,
+ .lflow_uuid.parts =
+ { 0xaaaaaaaa, 0xbbbbbbbb, 0xcccccccc, 0xdddddddd},
};
struct ofpbuf ofpacts;
ofpbuf_init(&ofpacts, 0);
diff --git a/utilities/ovn-trace.c b/utilities/ovn-trace.c
index 4b652828d..390ddc763 100644
--- a/utilities/ovn-trace.c
+++ b/utilities/ovn-trace.c
@@ -2890,6 +2890,9 @@ trace_actions(const struct ovnact *ovnacts, size_t ovnacts_len,
case OVNACT_LOOKUP_FDB:
execute_lookup_fdb(ovnact_get_LOOKUP_FDB(a), dp, uflow, super);
break;
+
+ case OVNACT_SAMPLE:
+ break;
}
}
ofpbuf_uninit(&stack);
From patchwork Mon Apr 25 11:17:23 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: =?utf-8?q?Adri=C3=A1n_Moreno?=
X-Patchwork-Id: 1621879
Return-Path:
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: bilbo.ozlabs.org;
dkim=fail reason="signature verification failed" (1024-bit key;
unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
header.s=mimecast20190719 header.b=ELsxT+0N;
dkim-atps=neutral
Authentication-Results: ozlabs.org;
spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org
(client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org;
envelope-from=ovs-dev-bounces@openvswitch.org; receiver=)
Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
SHA256)
(No client certificate requested)
by bilbo.ozlabs.org (Postfix) with ESMTPS id 4Kn2YN5rB0z9s0B
for ; Mon, 25 Apr 2022 21:17:44 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
by smtp3.osuosl.org (Postfix) with ESMTP id 5432160BDD;
Mon, 25 Apr 2022 11:17:42 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp3.osuosl.org ([127.0.0.1])
by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id qsofvJlLCLh8; Mon, 25 Apr 2022 11:17:39 +0000 (UTC)
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56])
by smtp3.osuosl.org (Postfix) with ESMTPS id 5B50A60D4E;
Mon, 25 Apr 2022 11:17:38 +0000 (UTC)
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
by lists.linuxfoundation.org (Postfix) with ESMTP id 8DD15C0084;
Mon, 25 Apr 2022 11:17:37 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])
by lists.linuxfoundation.org (Postfix) with ESMTP id CB65BC002D
for ; Mon, 25 Apr 2022 11:17:35 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp4.osuosl.org (Postfix) with ESMTP id AB0E2409D3
for ; Mon, 25 Apr 2022 11:17:35 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Authentication-Results: smtp4.osuosl.org (amavisd-new);
dkim=pass (1024-bit key) header.d=redhat.com
Received: from smtp4.osuosl.org ([127.0.0.1])
by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 0cBR_UFgAU1i for ;
Mon, 25 Apr 2022 11:17:34 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0
Received: from us-smtp-delivery-124.mimecast.com
(us-smtp-delivery-124.mimecast.com [170.10.129.124])
by smtp4.osuosl.org (Postfix) with ESMTPS id 7335840991
for ; Mon, 25 Apr 2022 11:17:33 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
s=mimecast20190719; t=1650885452;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:cc:mime-version:mime-version:content-type:content-type:
content-transfer-encoding:content-transfer-encoding:
in-reply-to:in-reply-to:references:references;
bh=OEU4q6kkE4gKu39nSxri1lxqj0jo4EUGssHuzvzeYjk=;
b=ELsxT+0NxFweeCZUtGWn7w7mmDDNPXQr7SR5gbL3xBVTzqlsEmG0FjtX2ZFzP0XkdbwYhZ
l1wH98L0zrebbib+lqs88PA31FAm9IqVCtsVcCvfPizbtKQFgpFDHwgi2kiVQX6UXpPtDj
5z16UQ9oJ2oGlpDUhktWLRKceswTmHg=
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
[66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
(version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
us-mta-563-rCcfSdJtPpqv8FiyVu7K_A-1; Mon, 25 Apr 2022 07:17:30 -0400
X-MC-Unique: rCcfSdJtPpqv8FiyVu7K_A-1
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com
[10.11.54.7])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 5A1F0800882
for ; Mon, 25 Apr 2022 11:17:30 +0000 (UTC)
Received: from amorenoz.users.ipa.redhat.com (unknown [10.39.194.136])
by smtp.corp.redhat.com (Postfix) with ESMTP id 4721B145BA66;
Mon, 25 Apr 2022 11:17:29 +0000 (UTC)
From: Adrian Moreno
To: dev@openvswitch.org
Date: Mon, 25 Apr 2022 13:17:23 +0200
Message-Id: <20220425111724.2981776-3-amorenoz@redhat.com>
In-Reply-To: <20220425111724.2981776-1-amorenoz@redhat.com>
References: <20220425111724.2981776-1-amorenoz@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7
Authentication-Results: relay.mimecast.com;
auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=amorenoz@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Cc: trozet@redhat.com, dceara@redhat.com
Subject: [ovs-dev] [RFC PATCH ovn 2/3] northd: add drop_debugging option
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id:
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev"
When enabled, a default action to explicitly drop all packets is added
to those stages that currently don't have a default action.
Signed-off-by: Adrian Moreno
---
northd/automake.mk | 2 +
northd/debug.c | 35 +++++++++++++
northd/debug.h | 35 +++++++++++++
northd/northd.c | 124 ++++++++++++++++++++++++++++++---------------
ovn-nb.xml | 8 +++
tests/ovn.at | 2 +-
6 files changed, 164 insertions(+), 42 deletions(-)
create mode 100644 northd/debug.c
create mode 100644 northd/debug.h
diff --git a/northd/automake.mk b/northd/automake.mk
index 4862ec7b7..7537c00b5 100644
--- a/northd/automake.mk
+++ b/northd/automake.mk
@@ -1,6 +1,8 @@
# ovn-northd
bin_PROGRAMS += northd/ovn-northd
northd_ovn_northd_SOURCES = \
+ northd/debug.c \
+ northd/debug.h \
northd/northd.c \
northd/northd.h \
northd/ovn-northd.c \
diff --git a/northd/debug.c b/northd/debug.c
new file mode 100644
index 000000000..5dc40e8ce
--- /dev/null
+++ b/northd/debug.c
@@ -0,0 +1,35 @@
+#include
+
+#include
+
+#include "debug.h"
+
+#include "smap.h"
+
+static struct debug_config config;
+
+void
+init_debug_config(const struct nbrec_nb_global *nb)
+{
+
+ const struct smap *options = &nb->options;
+ config.enabled = smap_get_bool(options, "debug_drop_mode", false);
+}
+
+bool
+debug_enabled(void)
+{
+ return config.enabled;
+}
+
+const char *
+debug_drop_action(void)
+{
+ return "drop;";
+}
+
+const char *
+debug_implicit_drop_action(void)
+{
+ return "/* drop */";
+}
diff --git a/northd/debug.h b/northd/debug.h
new file mode 100644
index 000000000..0e83b4ca2
--- /dev/null
+++ b/northd/debug.h
@@ -0,0 +1,35 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef NORTHD_DEBUG_H
+#define NORTHD_DEBUG_H 1
+
+#include
+#include
+
+#include "lib/ovn-nb-idl.h"
+
+struct debug_config {
+ bool enabled;
+};
+
+void init_debug_config(const struct nbrec_nb_global *nb);
+
+bool debug_enabled(void);
+
+const char *debug_drop_action(void);
+const char *debug_implicit_drop_action(void);
+const char *debug_reject_action(void);
+
+#endif /* NORTHD_DEBUG_H */
diff --git a/northd/northd.c b/northd/northd.c
index bcd36bbaa..56d16d719 100644
--- a/northd/northd.c
+++ b/northd/northd.c
@@ -17,6 +17,7 @@
#include
#include
+#include "debug.h"
#include "bitmap.h"
#include "dirs.h"
#include "ipam.h"
@@ -3739,7 +3740,7 @@ build_lb_vip_actions(struct ovn_lb_vip *lb_vip,
if (!n_active_backends) {
if (!lb_vip->empty_backend_rej) {
ds_clear(action);
- ds_put_cstr(action, "drop;");
+ ds_put_cstr(action, debug_drop_action());
skip_hash_fields = true;
} else {
reject = true;
@@ -4839,6 +4840,18 @@ ovn_lflow_add_at(struct hmap *lflow_map, struct ovn_datapath *od,
io_port, ctrl_meter, stage_hint, where, hash);
}
+static void
+__ovn_lflow_add_default_drop(struct hmap *lflow_map,
+ struct ovn_datapath *od,
+ enum ovn_stage stage,
+ const char *where)
+{
+ if (OVS_UNLIKELY(debug_enabled())) {
+ ovn_lflow_add_at(lflow_map, od, stage, 0, "1", debug_drop_action(),
+ NULL, NULL, NULL, where );
+ }
+}
+
/* Adds a row with the specified contents to the Logical_Flow table. */
#define ovn_lflow_add_with_hint__(LFLOW_MAP, OD, STAGE, PRIORITY, MATCH, \
ACTIONS, IN_OUT_PORT, CTRL_METER, \
@@ -4851,6 +4864,10 @@ ovn_lflow_add_at(struct hmap *lflow_map, struct ovn_datapath *od,
ovn_lflow_add_at(LFLOW_MAP, OD, STAGE, PRIORITY, MATCH, ACTIONS, \
NULL, NULL, STAGE_HINT, OVS_SOURCE_LOCATOR)
+#define ovn_lflow_add_default_drop(LFLOW_MAP, OD, STAGE) \
+ __ovn_lflow_add_default_drop(LFLOW_MAP, OD, STAGE, OVS_SOURCE_LOCATOR)
+
+
/* This macro is similar to ovn_lflow_add_with_hint, except that it requires
* the IN_OUT_PORT argument, which tells the lport name that appears in the
* MATCH, which helps ovn-controller to bypass lflows parsing when the lport is
@@ -5095,8 +5112,8 @@ build_port_security_nd(struct ovn_port *op, struct hmap *lflows,
ds_clear(&match);
ds_put_format(&match, "inport == %s && (arp || nd)", op->json_key);
ovn_lflow_add_with_lport_and_hint(lflows, op->od, S_SWITCH_IN_PORT_SEC_ND,
- 80, ds_cstr(&match), "drop;", op->key,
- stage_hint);
+ 80, ds_cstr(&match), debug_drop_action(),
+ op->key, stage_hint);
ds_destroy(&match);
}
@@ -5229,7 +5246,8 @@ build_port_security_ip(enum ovn_pipeline pipeline, struct ovn_port *op,
pipeline == P_IN ? "eth.src" : "eth.dst",
ps->ea_s);
ovn_lflow_add_with_lport_and_hint(lflows, op->od, stage, 80, match,
- "drop;", op->key, stage_hint);
+ debug_drop_action(), op->key,
+ stage_hint);
free(match);
}
@@ -5661,8 +5679,9 @@ build_lswitch_output_port_sec_op(struct ovn_port *op,
} else {
ovn_lflow_add_with_lport_and_hint(lflows, op->od,
S_SWITCH_OUT_PORT_SEC_L2, 150,
- ds_cstr(match), "drop;", op->key,
- &op->nbsp->header_);
+ ds_cstr(match),
+ debug_drop_action(),
+ op->key, &op->nbsp->header_);
}
if (op->nbsp->n_port_security) {
@@ -5682,6 +5701,9 @@ build_lswitch_output_port_sec_od(struct ovn_datapath *od,
ovn_lflow_add(lflows, od, S_SWITCH_OUT_PORT_SEC_IP, 0, "1", "next;");
ovn_lflow_add(lflows, od, S_SWITCH_OUT_PORT_SEC_L2, 100, "eth.mcast",
"output;");
+
+ /* Default action for L2 security is to drop. */
+ ovn_lflow_add_default_drop(lflows, od, S_SWITCH_OUT_PORT_SEC_L2);
}
}
@@ -6426,7 +6448,7 @@ consider_acl(struct hmap *lflows, struct ovn_datapath *od,
} else {
ds_put_format(match, " && (%s)", acl->match);
build_acl_log(actions, acl, meter_groups);
- ds_put_cstr(actions, "/* drop */");
+ ds_put_cstr(actions, debug_implicit_drop_action());
ovn_lflow_add_with_hint(lflows, od, stage,
acl->priority + OVN_ACL_PRI_OFFSET,
ds_cstr(match), ds_cstr(actions),
@@ -6453,7 +6475,7 @@ consider_acl(struct hmap *lflows, struct ovn_datapath *od,
} else {
ds_put_format(match, " && (%s)", acl->match);
build_acl_log(actions, acl, meter_groups);
- ds_put_cstr(actions, "/* drop */");
+ ds_put_cstr(actions, debug_implicit_drop_action());
ovn_lflow_add_with_hint(lflows, od, stage,
acl->priority + OVN_ACL_PRI_OFFSET,
ds_cstr(match), ds_cstr(actions),
@@ -6470,7 +6492,7 @@ consider_acl(struct hmap *lflows, struct ovn_datapath *od,
actions, &acl->header_, meter_groups);
} else {
build_acl_log(actions, acl, meter_groups);
- ds_put_cstr(actions, "/* drop */");
+ ds_put_cstr(actions, debug_implicit_drop_action());
ovn_lflow_add_with_hint(lflows, od, stage,
acl->priority + OVN_ACL_PRI_OFFSET,
acl->match, ds_cstr(actions),
@@ -6678,9 +6700,9 @@ build_acls(struct ovn_datapath *od, struct hmap *lflows,
ds_put_format(&match, "%s(ct.est && ct.rpl && ct_mark.blocked == 1)",
use_ct_inv_match ? "ct.inv || " : "");
ovn_lflow_add(lflows, od, S_SWITCH_IN_ACL, UINT16_MAX - 3,
- ds_cstr(&match), "drop;");
+ ds_cstr(&match), debug_drop_action());
ovn_lflow_add(lflows, od, S_SWITCH_OUT_ACL, UINT16_MAX - 3,
- ds_cstr(&match), "drop;");
+ ds_cstr(&match), debug_drop_action());
/* Ingress and Egress ACL Table (Priority 65535 - 3).
*
@@ -7669,7 +7691,7 @@ build_drop_arp_nd_flows_for_unbound_router_ports(struct ovn_port *op,
rp->lsp_addrs[k].ipv4_addrs[l].addr_s);
ovn_lflow_add_with_lport_and_hint(
lflows, op->od, S_SWITCH_IN_EXTERNAL_PORT, 100,
- ds_cstr(&match), "drop;", port->key,
+ ds_cstr(&match), debug_drop_action(), port->key,
&op->nbsp->header_);
}
for (size_t l = 0; l < rp->lsp_addrs[k].n_ipv6_addrs; l++) {
@@ -7685,7 +7707,7 @@ build_drop_arp_nd_flows_for_unbound_router_ports(struct ovn_port *op,
rp->lsp_addrs[k].ipv6_addrs[l].addr_s);
ovn_lflow_add_with_lport_and_hint(
lflows, op->od, S_SWITCH_IN_EXTERNAL_PORT, 100,
- ds_cstr(&match), "drop;", port->key,
+ ds_cstr(&match), debug_drop_action(), port->key,
&op->nbsp->header_);
}
@@ -7700,7 +7722,8 @@ build_drop_arp_nd_flows_for_unbound_router_ports(struct ovn_port *op,
ovn_lflow_add_with_lport_and_hint(lflows, op->od,
S_SWITCH_IN_EXTERNAL_PORT,
100, ds_cstr(&match),
- "drop;", port->key,
+ debug_drop_action(),
+ port->key,
&op->nbsp->header_);
}
}
@@ -7738,7 +7761,7 @@ build_lswitch_flows(const struct hmap *datapaths,
"outport = \""MC_UNKNOWN "\"; output;");
} else {
ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_UNKNOWN, 50,
- "outport == \"none\"", "drop;");
+ "outport == \"none\"", debug_drop_action());
}
ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_UNKNOWN, 0, "1",
"output;");
@@ -7779,16 +7802,19 @@ build_lswitch_lflows_admission_control(struct ovn_datapath *od,
if (!is_vlan_transparent(od)) {
/* Block logical VLANs. */
ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_L2, 100,
- "vlan.present", "drop;");
+ "vlan.present", debug_drop_action());
}
/* Broadcast/multicast source address is invalid. */
ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_L2, 100, "eth.src[40]",
- "drop;");
+ debug_drop_action());
/* Port security flows have priority 50
* (see build_lswitch_input_port_sec()) and will continue
* to the next table if packet source is acceptable. */
+
+ /* Default action is to drop. */
+ ovn_lflow_add_default_drop(lflows, od, S_SWITCH_IN_PORT_SEC_L2);
}
}
@@ -8326,7 +8352,7 @@ build_lswitch_destination_lookup_bmcast(struct ovn_datapath *od,
*/
if (!mcast_sw_info->flood_relay &&
!mcast_sw_info->flood_static) {
- ds_put_cstr(actions, "drop;");
+ ds_put_cstr(actions, debug_drop_action());
}
ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 80,
@@ -8892,7 +8918,7 @@ build_routing_policy_flow(struct hmap *lflows, struct ovn_datapath *od,
out_port->json_key);
} else if (!strcmp(rule->action, "drop")) {
- ds_put_cstr(&actions, "drop;");
+ ds_put_cstr(&actions, debug_drop_action());
} else if (!strcmp(rule->action, "allow")) {
uint32_t pkt_mark = ovn_smap_get_uint(&rule->options, "pkt_mark", 0);
if (pkt_mark) {
@@ -9658,7 +9684,7 @@ add_route(struct hmap *lflows, struct ovn_datapath *od,
struct ds common_actions = DS_EMPTY_INITIALIZER;
struct ds actions = DS_EMPTY_INITIALIZER;
if (is_discard_route) {
- ds_put_format(&actions, "drop;");
+ ds_put_cstr(&actions, debug_drop_action());
} else {
ds_put_format(&common_actions, REG_ECMP_GROUP_ID" = 0; %s = ",
is_ipv4 ? REG_NEXT_HOP_IPV4 : REG_NEXT_HOP_IPV6);
@@ -9689,6 +9715,10 @@ add_route(struct hmap *lflows, struct ovn_datapath *od,
priority + 1, ds_cstr(&match),
ds_cstr(&common_actions), stage_hint);
}
+
+ /* Default action for S_ROUTER_IN_IP_ROUTING is to drop. */
+ ovn_lflow_add_default_drop(lflows, od, S_ROUTER_IN_IP_ROUTING);
+
ds_destroy(&match);
ds_destroy(&common_actions);
ds_destroy(&actions);
@@ -10346,7 +10376,7 @@ build_lrouter_arp_flow(struct ovn_datapath *od, struct ovn_port *op,
ds_put_format(&match, " && %s", ds_cstr(extra_match));
}
if (drop) {
- ds_put_format(&actions, "drop;");
+ ds_put_cstr(&actions, debug_drop_action());
} else {
ds_put_format(&actions,
"eth.dst = eth.src; "
@@ -10402,7 +10432,7 @@ build_lrouter_nd_flow(struct ovn_datapath *od, struct ovn_port *op,
}
if (drop) {
- ds_put_format(&actions, "drop;");
+ ds_put_cstr(&actions, debug_drop_action());
ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_IP_INPUT, priority,
ds_cstr(&match), ds_cstr(&actions), hint);
} else {
@@ -10549,7 +10579,7 @@ build_lrouter_drop_own_dest(struct ovn_port *op, enum ovn_stage stage,
char *match = xasprintf("ip4.dst == {%s}", ds_cstr(&match_ips));
ovn_lflow_add_with_hint(lflows, op->od, stage, priority,
- match, "drop;",
+ match, debug_drop_action(),
&op->nbrp->header_);
free(match);
}
@@ -10575,7 +10605,7 @@ build_lrouter_drop_own_dest(struct ovn_port *op, enum ovn_stage stage,
char *match = xasprintf("ip6.dst == {%s}", ds_cstr(&match_ips));
ovn_lflow_add_with_hint(lflows, op->od, stage, priority,
- match, "drop;",
+ match, debug_drop_action(),
&op->nbrp->header_);
free(match);
}
@@ -10743,7 +10773,10 @@ build_adm_ctrl_flows_for_lrouter(
/* Logical VLANs not supported.
* Broadcast/multicast source address is invalid. */
ovn_lflow_add(lflows, od, S_ROUTER_IN_ADMISSION, 100,
- "vlan.present || eth.src[40]", "drop;");
+ "vlan.present || eth.src[40]", debug_drop_action());
+
+ /* Default action for L2 security is to drop. */
+ ovn_lflow_add_default_drop(lflows, od, S_ROUTER_IN_ADMISSION);
}
}
@@ -10939,6 +10972,8 @@ build_neigh_learning_flows_for_lrouter(
"nd_ns", "put_nd(inport, ip6.src, nd.sll); next;",
copp_meter_get(COPP_ND_NS, od->nbr->copp,
meter_groups));
+
+ ovn_lflow_add_default_drop(lflows, od, S_ROUTER_IN_LEARN_NEIGHBOR);
}
}
@@ -11281,7 +11316,7 @@ build_mcast_lookup_flows_for_lrouter(
* i.e., router solicitation and router advertisement.
*/
ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, 10550,
- "nd_rs || nd_ra", "drop;");
+ "nd_rs || nd_ra", debug_drop_action());
if (!od->mcast_info.rtr.relay) {
return;
}
@@ -11328,13 +11363,13 @@ build_mcast_lookup_flows_for_lrouter(
ds_put_format(match, "eth.src == %s && igmp",
op->lrp_networks.ea_s);
ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, 10550,
- ds_cstr(match), "drop;");
+ ds_cstr(match), debug_drop_action());
ds_clear(match);
ds_put_format(match, "eth.src == %s && (mldv1 || mldv2)",
op->lrp_networks.ea_s);
ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, 10550,
- ds_cstr(match), "drop;");
+ ds_cstr(match), debug_drop_action());
}
ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, 10460,
@@ -11358,7 +11393,7 @@ build_mcast_lookup_flows_for_lrouter(
"};");
} else {
ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, 10450,
- "ip4.mcast || ip6.mcast", "drop;");
+ "ip4.mcast || ip6.mcast", debug_drop_action());
}
}
}
@@ -11416,11 +11451,13 @@ build_arp_resolve_flows_for_lrouter(
ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_RESOLVE, 500,
"ip4.mcast || ip6.mcast", "next;");
- ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_RESOLVE, 0, "ip4",
+ ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_RESOLVE, 1, "ip4",
"get_arp(outport, " REG_NEXT_HOP_IPV4 "); next;");
- ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_RESOLVE, 0, "ip6",
+ ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_RESOLVE, 1, "ip6",
"get_nd(outport, " REG_NEXT_HOP_IPV6 "); next;");
+
+ ovn_lflow_add_default_drop(lflows, od, S_ROUTER_IN_ARP_RESOLVE);
}
}
@@ -11546,9 +11583,9 @@ build_arp_resolve_flows_for_lrouter_port(
* in stage "lr_in_ip_input" but traffic that could have been unSNATed
* but didn't match any existing session might still end up here.
*
- * Priority 1.
+ * Priority 2.
*/
- build_lrouter_drop_own_dest(op, S_ROUTER_IN_ARP_RESOLVE, 1, true,
+ build_lrouter_drop_own_dest(op, S_ROUTER_IN_ARP_RESOLVE, 2, true,
lflows);
} else if (op->od->n_router_ports && !lsp_is_router(op->nbsp)
&& strcmp(op->nbsp->type, "virtual")) {
@@ -12112,6 +12149,8 @@ build_egress_delivery_flows_for_lrouter_port(
ds_put_format(match, "outport == %s", op->json_key);
ovn_lflow_add(lflows, op->od, S_ROUTER_OUT_DELIVERY, 100,
ds_cstr(match), "output;");
+
+ ovn_lflow_add_default_drop(lflows, op->od, S_ROUTER_OUT_DELIVERY);
}
}
@@ -12141,7 +12180,7 @@ build_misc_local_traffic_drop_flows_for_lrouter(
"ip4.dst == 127.0.0.0/8 || "
"ip4.src == 0.0.0.0/8 || "
"ip4.dst == 0.0.0.0/8",
- "drop;");
+ debug_drop_action());
/* Drop ARP packets (priority 85). ARP request packets for router's own
* IPs are handled with priority-90 flows.
@@ -12149,7 +12188,7 @@ build_misc_local_traffic_drop_flows_for_lrouter(
* IPs are handled with priority-90 flows.
*/
ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT, 85,
- "arp || nd", "drop;");
+ "arp || nd", debug_drop_action());
/* Allow IPv6 multicast traffic that's supposed to reach the
* router pipeline (e.g., router solicitations).
@@ -12159,21 +12198,22 @@ build_misc_local_traffic_drop_flows_for_lrouter(
/* Drop other reserved multicast. */
ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT, 83,
- "ip6.mcast_rsvd", "drop;");
+ "ip6.mcast_rsvd", debug_drop_action());
/* Allow other multicast if relay enabled (priority 82). */
ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT, 82,
"ip4.mcast || ip6.mcast",
- od->mcast_info.rtr.relay ? "next;" : "drop;");
+ (od->mcast_info.rtr.relay ? "next;" :
+ debug_drop_action()));
/* Drop Ethernet local broadcast. By definition this traffic should
* not be forwarded.*/
ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT, 50,
- "eth.bcast", "drop;");
+ "eth.bcast", debug_drop_action());
/* TTL discard */
ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT, 30,
- "ip4 && ip.ttl == {0, 1}", "drop;");
+ "ip4 && ip.ttl == {0, 1}", debug_drop_action());
/* Pass other traffic not already handled to the next table for
* routing. */
@@ -12435,7 +12475,7 @@ build_lrouter_ipv4_ip_input(struct ovn_port *op,
op_put_v4_networks(match, op, true);
ds_put_cstr(match, " && "REGBIT_EGRESS_LOOPBACK" == 0");
ovn_lflow_add_with_hint(lflows, op->od, S_ROUTER_IN_IP_INPUT, 100,
- ds_cstr(match), "drop;",
+ ds_cstr(match), debug_drop_action(),
&op->nbrp->header_);
/* ICMP echo reply. These flows reply to ICMP echo requests
@@ -13463,7 +13503,7 @@ build_lrouter_nat_defrag_and_lb(struct ovn_datapath *od, struct hmap *lflows,
struct ovn_port *op = ovn_port_find(ports, nat->logical_port);
if (op && op->nbsp && !strcmp(op->nbsp->type, "virtual")) {
ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_GW_REDIRECT,
- 80, ds_cstr(match), "drop;",
+ 80, ds_cstr(match), debug_drop_action(),
&nat->header_);
}
ds_put_format(match, " && is_chassis_resident(\"%s\")",
@@ -15322,6 +15362,8 @@ ovnnb_db_run(struct northd_input *input_data,
check_lsp_is_up = !smap_get_bool(&nb->options,
"ignore_lsp_down", true);
+ init_debug_config(nb);
+
build_datapaths(input_data, ovnsb_txn, &data->datapaths, &data->lr_list);
build_lbs(input_data, &data->datapaths, &data->lbs);
build_ports(input_data, ovnsb_txn, sbrec_chassis_by_name,
diff --git a/ovn-nb.xml b/ovn-nb.xml
index 547f7f48a..76b6bab17 100644
--- a/ovn-nb.xml
+++ b/ovn-nb.xml
@@ -255,6 +255,14 @@
+
+
+ If set to true, ovn-northd
will add an explicit 'drop'
+ logical flow when possible instead of relying on the OVS implicitly
+ dropping packets that do not match any flow.
+
+
+
These options control how routes are advertised between OVN
diff --git a/tests/ovn.at b/tests/ovn.at
index d1b062fb3..3e22ecf4b 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -26102,7 +26102,7 @@ AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep "actions=controller" | grep
])
# The packet should've been dropped in the lr_in_arp_resolve stage.
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep -E "table=23, n_packets=1,.* priority=1,ip,metadata=0x${sw_key},nw_dst=10.0.1.1 actions=drop" -c], [0], [dnl
+AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep -E "table=23, n_packets=1,.* priority=2,ip,metadata=0x${sw_key},nw_dst=10.0.1.1 actions=drop" -c], [0], [dnl
1
])
From patchwork Mon Apr 25 11:17:24 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: =?utf-8?q?Adri=C3=A1n_Moreno?=
X-Patchwork-Id: 1621878
Return-Path:
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: bilbo.ozlabs.org;
dkim=fail reason="signature verification failed" (1024-bit key;
unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
header.s=mimecast20190719 header.b=LZ9yMIlE;
dkim-atps=neutral
Authentication-Results: ozlabs.org;
spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org
(client-ip=2605:bc80:3010::133; helo=smtp2.osuosl.org;
envelope-from=ovs-dev-bounces@openvswitch.org; receiver=)
Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
SHA256)
(No client certificate requested)
by bilbo.ozlabs.org (Postfix) with ESMTPS id 4Kn2YM2PV3z9s0B
for ; Mon, 25 Apr 2022 21:17:43 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
by smtp2.osuosl.org (Postfix) with ESMTP id 246F6405AD;
Mon, 25 Apr 2022 11:17:39 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp2.osuosl.org ([127.0.0.1])
by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id idilvfEYdDio; Mon, 25 Apr 2022 11:17:37 +0000 (UTC)
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org
[IPv6:2605:bc80:3010:104::8cd3:938])
by smtp2.osuosl.org (Postfix) with ESMTPS id B6BFB40492;
Mon, 25 Apr 2022 11:17:36 +0000 (UTC)
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
by lists.linuxfoundation.org (Postfix) with ESMTP id 8A043C007B;
Mon, 25 Apr 2022 11:17:36 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133])
by lists.linuxfoundation.org (Postfix) with ESMTP id 8E059C007F
for ; Mon, 25 Apr 2022 11:17:35 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp2.osuosl.org (Postfix) with ESMTP id 52306404EF
for ; Mon, 25 Apr 2022 11:17:35 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp2.osuosl.org ([127.0.0.1])
by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id pf01rbjGPqor for ;
Mon, 25 Apr 2022 11:17:34 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0
Received: from us-smtp-delivery-124.mimecast.com
(us-smtp-delivery-124.mimecast.com [170.10.133.124])
by smtp2.osuosl.org (Postfix) with ESMTPS id 7F69C4031F
for ; Mon, 25 Apr 2022 11:17:34 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
s=mimecast20190719; t=1650885453;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:cc:mime-version:mime-version:content-type:content-type:
content-transfer-encoding:content-transfer-encoding:
in-reply-to:in-reply-to:references:references;
bh=rQ3gKhYrrGBJs/3g5d6ZUv28o5l7fgJpmD6sM8tqtbQ=;
b=LZ9yMIlEpFjiiIAxXw97tenrsDkiEUZJb2pdtjMOpAZ05d1gWlI2wYpEScT1cyDabeXQQt
XSiB2+XJYVR+mRGk2nYec6eTrDq1RcGtLbvQaUBaSp7g9Nzbv/f60od5LsFaOFoNtl97xF
9nf/oNappDwQK7WEoj6d+qk3DcufhGE=
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com
[66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS
(version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
us-mta-464-fV3_RVzMOd29E2_q0bThNQ-1; Mon, 25 Apr 2022 07:17:31 -0400
X-MC-Unique: fV3_RVzMOd29E2_q0bThNQ-1
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com
[10.11.54.7])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 99D981E10B50
for ; Mon, 25 Apr 2022 11:17:31 +0000 (UTC)
Received: from amorenoz.users.ipa.redhat.com (unknown [10.39.194.136])
by smtp.corp.redhat.com (Postfix) with ESMTP id 98E17145BEEE;
Mon, 25 Apr 2022 11:17:30 +0000 (UTC)
From: Adrian Moreno
To: dev@openvswitch.org
Date: Mon, 25 Apr 2022 13:17:24 +0200
Message-Id: <20220425111724.2981776-4-amorenoz@redhat.com>
In-Reply-To: <20220425111724.2981776-1-amorenoz@redhat.com>
References: <20220425111724.2981776-1-amorenoz@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7
Authentication-Results: relay.mimecast.com;
auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=amorenoz@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Cc: trozet@redhat.com, dceara@redhat.com
Subject: [ovs-dev] [RFC PATCH ovn 3/3] debug: add sampling of drop actions
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id:
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev"
Two new options are added to NB_Global table allowing to enable drop
sampling specifying the collector_set_id and the obs_domain_id of the
sample actions added to all drop flows.
The obs_point_id is set to the flow cookie to be able to correlate it.
Signed-off-by: Adrian Moreno
---
northd/debug.c | 79 ++++++++++++++++++++++++++++++++++++++++++++-----
northd/debug.h | 6 ++++
northd/northd.c | 1 +
ovn-nb.xml | 21 +++++++++++++
4 files changed, 99 insertions(+), 8 deletions(-)
diff --git a/northd/debug.c b/northd/debug.c
index 5dc40e8ce..21da9055d 100644
--- a/northd/debug.c
+++ b/northd/debug.c
@@ -4,32 +4,95 @@
#include "debug.h"
+#include "openvswitch/dynamic-string.h"
+#include "openvswitch/vlog.h"
#include "smap.h"
+VLOG_DEFINE_THIS_MODULE(debug)
+
static struct debug_config config;
+bool
+debug_enabled(void)
+{
+ return config.enabled;
+}
+
+bool debug_sampling_enabled(void)
+{
+ return config.collector_set_id != 0;
+}
+
void
init_debug_config(const struct nbrec_nb_global *nb)
{
const struct smap *options = &nb->options;
- config.enabled = smap_get_bool(options, "debug_drop_mode", false);
+ bool enabled = smap_get_bool(options, "debug_drop_mode", false);
+ uint32_t collector_set_id = smap_get_uint(options,
+ "debug_drop_collector_set",
+ 0);
+
+ uint32_t observation_domain_id = smap_get_uint(options,
+ "debug_drop_domain_id",
+ 0);
+
+ if (enabled != config.enabled ||
+ collector_set_id != config.collector_set_id ||
+ observation_domain_id != config.observation_domain_id ||
+ !config.drop_action.string) {
+
+ if (!enabled && collector_set_id) {
+ VLOG_WARN("Debug collection set configured, "
+ "assuming debug_drop_mode");
+ enabled = true;
+ }
+
+ config.enabled = enabled;
+ config.collector_set_id = collector_set_id;
+ config.observation_domain_id = observation_domain_id;
+
+ ds_clear(&config.drop_action);
+
+ if (debug_sampling_enabled()) {
+ ds_put_format(&config.drop_action,
+ "sample(probability=65535,"
+ "collector_set=%d,"
+ "obs_domain=%d,"
+ "obs_point=$cookie); ",
+ config.collector_set_id,
+ config.observation_domain_id);
+
+ ds_put_format(&config.drop_action, "/* drop */");
+ VLOG_INFO("Debug drop sampling enabled");
+ }
+ }
}
-bool
-debug_enabled(void)
+void
+destroy_debug_config(void)
{
- return config.enabled;
+ if (config.drop_action.string) {
+ ds_destroy(&config.drop_action);
+ ds_init(&config.drop_action);
+ }
}
const char *
-debug_drop_action(void)
-{
- return "drop;";
+debug_drop_action(void) {
+ if (OVS_UNLIKELY(debug_sampling_enabled())) {
+ return ds_cstr_ro(&config.drop_action);
+ } else {
+ return "drop;";
+ }
}
const char *
debug_implicit_drop_action(void)
{
- return "/* drop */";
+ if (OVS_UNLIKELY(debug_sampling_enabled())) {
+ return ds_cstr_ro(&config.drop_action);
+ } else {
+ return "/* drop */";
+ }
}
diff --git a/northd/debug.h b/northd/debug.h
index 0e83b4ca2..9a1c02986 100644
--- a/northd/debug.h
+++ b/northd/debug.h
@@ -19,14 +19,20 @@
#include
#include "lib/ovn-nb-idl.h"
+#include "openvswitch/dynamic-string.h"
struct debug_config {
bool enabled;
+ uint32_t collector_set_id;
+ uint32_t observation_domain_id;
+ struct ds drop_action;
};
void init_debug_config(const struct nbrec_nb_global *nb);
+void destroy_debug_config(void);
bool debug_enabled(void);
+bool debug_sampling_enabled(void);
const char *debug_drop_action(void);
const char *debug_implicit_drop_action(void);
diff --git a/northd/northd.c b/northd/northd.c
index 56d16d719..88b4d47bb 100644
--- a/northd/northd.c
+++ b/northd/northd.c
@@ -15268,6 +15268,7 @@ northd_destroy(struct northd_data *data)
destroy_datapaths_and_ports(&data->datapaths, &data->ports,
&data->lr_list);
+ destroy_debug_config();
}
static void
diff --git a/ovn-nb.xml b/ovn-nb.xml
index 76b6bab17..b28607585 100644
--- a/ovn-nb.xml
+++ b/ovn-nb.xml
@@ -263,6 +263,27 @@
+
+
+ If set to a 32-bit number and if
+ debug_drop_collection_set
is also configured,
+ ovn-northd
will add a sample
action to
+ every logical flow that contains a 'drop' action.
+ IPFIX samples will have the specified value in the
+ observation_domain_id field.
+
+
+
+
+
+ If set to a 32-bit number ovn-northd
will add a
+ sample
action to every logical flow that contains a
+ 'drop' action. The sample action will have the specified
+ collection_set_id. The value must match that of the local OVS
+ configuration as described in ovs-actions(7).
+
+
+
These options control how routes are advertised between OVN