From patchwork Mon Jul  1 12:27:16 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paolo Valerio <pvalerio@redhat.com>
X-Patchwork-Id: 1954652
X-Patchwork-Delegate: aconole@redhat.com
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
 unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=SKcsfodV;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org
 (client-ip=2605:bc80:3010::133; helo=smtp2.osuosl.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org)
Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4WCQJv2sBBz1xpN
	for <incoming@patchwork.ozlabs.org>; Mon,  1 Jul 2024 22:26:55 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
	by smtp2.osuosl.org (Postfix) with ESMTP id 244D840B45;
	Mon,  1 Jul 2024 12:26:53 +0000 (UTC)
X-Virus-Scanned: amavis at osuosl.org
Received: from smtp2.osuosl.org ([127.0.0.1])
 by localhost (smtp2.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP
 id Q9LSYAK2z201; Mon,  1 Jul 2024 12:26:51 +0000 (UTC)
X-Comment: SPF check N/A for local connections - client-ip=140.211.9.56;
 helo=lists.linuxfoundation.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN>
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 9262640B57
Authentication-Results: smtp2.osuosl.org;
	dkim=fail reason="signature verification failed" (1024-bit key)
 header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=SKcsfodV
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56])
	by smtp2.osuosl.org (Postfix) with ESMTPS id 9262640B57;
	Mon,  1 Jul 2024 12:26:51 +0000 (UTC)
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
	by lists.linuxfoundation.org (Postfix) with ESMTP id 52B4EC002B;
	Mon,  1 Jul 2024 12:26:51 +0000 (UTC)
X-Original-To: ovs-dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])
 by lists.linuxfoundation.org (Postfix) with ESMTP id C244AC002A
 for <ovs-dev@openvswitch.org>; Mon,  1 Jul 2024 12:26:50 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp3.osuosl.org (Postfix) with ESMTP id 79D5460A59
 for <ovs-dev@openvswitch.org>; Mon,  1 Jul 2024 12:26:49 +0000 (UTC)
X-Virus-Scanned: amavis at osuosl.org
Received: from smtp3.osuosl.org ([127.0.0.1])
 by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP
 id hjXJ89hv5X4X for <ovs-dev@openvswitch.org>;
 Mon,  1 Jul 2024 12:26:48 +0000 (UTC)
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.129.124;
 helo=us-smtp-delivery-124.mimecast.com; envelope-from=pvalerio@redhat.com;
 receiver=<UNKNOWN>
DMARC-Filter: OpenDMARC Filter v1.4.2 smtp3.osuosl.org 6D7CE60A4A
Authentication-Results: smtp3.osuosl.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 6D7CE60A4A
Authentication-Results: smtp3.osuosl.org;
 dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.a=rsa-sha256 header.s=mimecast20190719 header.b=SKcsfodV
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
 by smtp3.osuosl.org (Postfix) with ESMTPS id 6D7CE60A4A
 for <ovs-dev@openvswitch.org>; Mon,  1 Jul 2024 12:26:48 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1719836807;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=JOFJKA3nhvWXG1idbp5e4El69PIf7u5/nQGxV9uz9WE=;
 b=SKcsfodVWJMbJ3+bE1zRSma+RNWOxtEVJMTxvtsBFmWJIP+kbItWzjVAC3wa6JlCiJLfd8
 24RcSQss1Mtq1PZsNxnpZCz8uXckXLclzp68Quz/BYiw7brcPZQMClS8C7knwMtJR2Cl3w
 eoLsVC/Zv5nG0rxBtsYq3w/6Q+vrSYE=
Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com
 [209.85.208.69]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-149-mLrJ4DhDPcOzDpB-on6wvA-1; Mon, 01 Jul 2024 08:26:46 -0400
X-MC-Unique: mLrJ4DhDPcOzDpB-on6wvA-1
Received: by mail-ed1-f69.google.com with SMTP id
 4fb4d7f45d1cf-57d180e729dso34696a12.1
 for <ovs-dev@openvswitch.org>; Mon, 01 Jul 2024 05:26:46 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1719836805; x=1720441605;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=JOFJKA3nhvWXG1idbp5e4El69PIf7u5/nQGxV9uz9WE=;
 b=a0xHcM/cm8Q1Gnh8m8HM4j6nPqx79wTvvGPJCa92wLggWzmiD92413vOyprfwXbUYp
 v15L2ZMEtcs4FxPIH9VM+h9AmCmx8hh+72LMmGqHCT9l0eWaxlOcMGyzIcouZ7gmxbgx
 pM5ohp4DZh5VtceKVKL9nyAHEr9GjdR66m/mRDngqnx6jWQqUdkJ6wfBXGMnG6pgOquX
 dTkVLhbxd/3oUgvM94QJZbE/Gi9I4rCLwwGTEoJmJansXmIn3Xhb1esqv96afIVqAXAu
 Q30674c6nal8YDvvkIoguIsbNF6WG+LDkDZD9dyfsbU0EXdDHhIBP1AHD8adi2lVIFai
 9Z9Q==
X-Gm-Message-State: AOJu0YzI9iQS5qlZQ2aG8xubUCPe2AK4Pwx+Ry/+7+BXW4J32ypmnX1s
 PzMe+H/PfnX5hcjtMVfBxEY2Gm89ccqEIWsuJDNX6Nuir2fkWhAXEJaQekFnqFWAs56biEUVMpP
 L3k1wpcVVwxEcfCAADf/X/uhF5uKtI8uPnMMjTRkpbL3+ITI/sCIeknqg6143aQdZz/raygoCYW
 2D2FA2AGRAcNRJPps0j5XkbH7XmBU5799mwgcomAE=
X-Received: by 2002:a50:ccd0:0:b0:57c:ad2a:4a41 with SMTP id
 4fb4d7f45d1cf-587a0decefemr3381451a12.2.1719836804819;
 Mon, 01 Jul 2024 05:26:44 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IF0Gg0mCuwvH2S4qcu3NuX8f4bILJvLtD46l8qj7CNSPh0K5kd2qVEvQlHd2cFdTCMLJfyOkQ==
X-Received: by 2002:a50:ccd0:0:b0:57c:ad2a:4a41 with SMTP id
 4fb4d7f45d1cf-587a0decefemr3381435a12.2.1719836804287;
 Mon, 01 Jul 2024 05:26:44 -0700 (PDT)
Received: from localhost (net-2-35-92-161.cust.vodafonedsl.it. [2.35.92.161])
 by smtp.gmail.com with ESMTPSA id
 4fb4d7f45d1cf-58612c835b9sm4336872a12.3.2024.07.01.05.26.43
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 01 Jul 2024 05:26:43 -0700 (PDT)
From: Paolo Valerio <pvalerio@redhat.com>
To: ovs-dev@openvswitch.org
Date: Mon,  1 Jul 2024 14:27:16 +0200
Message-ID: <20240701122721.622994-2-pvalerio@redhat.com>
X-Mailer: git-send-email 2.45.2
In-Reply-To: <20240701122721.622994-1-pvalerio@redhat.com>
References: <20240701122721.622994-1-pvalerio@redhat.com>
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Subject: [ovs-dev] [PATCH 1/5] conntrack: Correctly annotate conntrack
 member.
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev" <ovs-dev-bounces@openvswitch.org>

While at it update no longer valid comment.

Signed-off-by: Paolo Valerio <pvalerio@redhat.com>
---
 lib/conntrack-private.h | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/conntrack-private.h b/lib/conntrack-private.h
index 71367f211..6c65caa07 100644
--- a/lib/conntrack-private.h
+++ b/lib/conntrack-private.h
@@ -199,11 +199,12 @@ enum ct_ephemeral_range {
     FOR_EACH_PORT_IN_RANGE__(curr, min, max, OVS_JOIN(idx, __COUNTER__))
 
 struct conntrack {
-    struct ovs_mutex ct_lock; /* Protects 2 following fields. */
+    struct ovs_mutex ct_lock; /* Protects the following fields. */
     struct cmap conns[UINT16_MAX + 1] OVS_GUARDED;
-    struct rculist exp_lists[N_EXP_LISTS];
+    struct rculist exp_lists[N_EXP_LISTS] OVS_GUARDED;
     struct cmap zone_limits OVS_GUARDED;
     struct cmap timeout_policies OVS_GUARDED;
+
     uint32_t hash_basis; /* Salt for hashing a connection key. */
     pthread_t clean_thread; /* Periodically cleans up connection tracker. */
     struct latch clean_thread_exit; /* To destroy the 'clean_thread'. */

From patchwork Mon Jul  1 12:27:17 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paolo Valerio <pvalerio@redhat.com>
X-Patchwork-Id: 1954653
X-Patchwork-Delegate: aconole@redhat.com
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
 unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=OADOmJyF;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org
 (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org)
Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4WCQJz44cXz1xpN
	for <incoming@patchwork.ozlabs.org>; Mon,  1 Jul 2024 22:26:59 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
	by smtp3.osuosl.org (Postfix) with ESMTP id 0104C60A84;
	Mon,  1 Jul 2024 12:26:58 +0000 (UTC)
X-Virus-Scanned: amavis at osuosl.org
Received: from smtp3.osuosl.org ([127.0.0.1])
 by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP
 id ipH8Buak27Mo; Mon,  1 Jul 2024 12:26:57 +0000 (UTC)
X-Comment: SPF check N/A for local connections - client-ip=140.211.9.56;
 helo=lists.linuxfoundation.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN>
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org DCF6060A71
Authentication-Results: smtp3.osuosl.org;
	dkim=fail reason="signature verification failed" (1024-bit key)
 header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=OADOmJyF
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56])
	by smtp3.osuosl.org (Postfix) with ESMTPS id DCF6060A71;
	Mon,  1 Jul 2024 12:26:56 +0000 (UTC)
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
	by lists.linuxfoundation.org (Postfix) with ESMTP id CC37DC002B;
	Mon,  1 Jul 2024 12:26:56 +0000 (UTC)
X-Original-To: ovs-dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138])
 by lists.linuxfoundation.org (Postfix) with ESMTP id 31C4EC0035
 for <ovs-dev@openvswitch.org>; Mon,  1 Jul 2024 12:26:55 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp1.osuosl.org (Postfix) with ESMTP id 1FBEF818AC
 for <ovs-dev@openvswitch.org>; Mon,  1 Jul 2024 12:26:54 +0000 (UTC)
X-Virus-Scanned: amavis at osuosl.org
Received: from smtp1.osuosl.org ([127.0.0.1])
 by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP
 id rG7m-952FIlG for <ovs-dev@openvswitch.org>;
 Mon,  1 Jul 2024 12:26:53 +0000 (UTC)
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.133.124;
 helo=us-smtp-delivery-124.mimecast.com; envelope-from=pvalerio@redhat.com;
 receiver=<UNKNOWN>
DMARC-Filter: OpenDMARC Filter v1.4.2 smtp1.osuosl.org 1F16C81CA3
Authentication-Results: smtp1.osuosl.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 1F16C81CA3
Authentication-Results: smtp1.osuosl.org;
 dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.a=rsa-sha256 header.s=mimecast20190719 header.b=OADOmJyF
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
 by smtp1.osuosl.org (Postfix) with ESMTPS id 1F16C81CA3
 for <ovs-dev@openvswitch.org>; Mon,  1 Jul 2024 12:26:52 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1719836812;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=dCVSpXFLtJxljWIAYmIuN+tPB2TEMwz9eB1Fm8mso/w=;
 b=OADOmJyFAPfz4Zz0Gn3QLQxeu4XXe3z56LiLG/icZ8zM9eNxK373mcLtfE1cm4XnF3UT6A
 2jAwo+7bJxy8ozUg3n5qHzC2Dfoc7VeGNs5bPLcF2lhcxdmUJukQ8c6yE3KA/Gu5XNVrQ6
 22hRi18dlBjeGwdWR1OVc4Ld6Id7YTQ=
Received: from mail-lf1-f71.google.com (mail-lf1-f71.google.com
 [209.85.167.71]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-684-hjE9QFNNPRy8dRfxBv5CCw-1; Mon, 01 Jul 2024 08:26:51 -0400
X-MC-Unique: hjE9QFNNPRy8dRfxBv5CCw-1
Received: by mail-lf1-f71.google.com with SMTP id
 2adb3069b0e04-52e7f748feaso392574e87.1
 for <ovs-dev@openvswitch.org>; Mon, 01 Jul 2024 05:26:50 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1719836809; x=1720441609;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=dCVSpXFLtJxljWIAYmIuN+tPB2TEMwz9eB1Fm8mso/w=;
 b=er/f6RcXe3sRWLxQVqAZw2Jfc1Tx+HWk/jg1LNYbtLi1Ejz//aY0Q+lJx7zggoLege
 wGfX28yLDXS4WzJCvqiot2so+Ji7/80YwGLmMbFyqEI4yyg/XZfqDaO9Eloom14Sx3if
 wNcd39M5KwZm2F0CFUTzQA+UA/eEHkwub5uqGpLJQoKjBadDOkRvV2IrpojC3FAPMMYC
 9HpscpqM47xRophKtq2GpMLg7YYZQvU+Xh6foC45xmrnZiDHCY+dwCzUUMfAcZhRCBVO
 F8jnVTmKR/8T6EQeNLZdrfii3G4Xve3Scg76pPFKm7Wu7nMcwwav1wTMtbfMdXr48cfm
 gEIw==
X-Gm-Message-State: AOJu0Yy6+tDjqBU/48JhO7/KXD/AeUdUPYnMk3GopnZtqPBSNy7/nGTS
 bPjencXFyMnorR0CI3NlDEV41JTw4FfYqf5vEMn7dIu+UxTtE0aq09a0Gt/+Z2liKUNaPD0sV51
 Ce/FxTaKxPz1iaw9XxwqxkcXWUcGxRRWSUzu1brEuM5EHu1Axua16E5vkU8rvzMgTbAgeTI3aSt
 oRXZFgLvPuE701HpD7Kuif4rTlwWnlmmY/MsjjD+A=
X-Received: by 2002:a05:6512:3b82:b0:52c:d7cc:33da with SMTP id
 2adb3069b0e04-52e82781728mr3088199e87.5.1719836809288;
 Mon, 01 Jul 2024 05:26:49 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IFHyhapj3svnMZfFCEUT0t7qQhv+/voYLChT7Bz2xqT0BJvux3Mf1/t/o7PFnucJB7VjFfMvA==
X-Received: by 2002:a05:6512:3b82:b0:52c:d7cc:33da with SMTP id
 2adb3069b0e04-52e82781728mr3088186e87.5.1719836808960;
 Mon, 01 Jul 2024 05:26:48 -0700 (PDT)
Received: from localhost (net-2-35-92-161.cust.vodafonedsl.it. [2.35.92.161])
 by smtp.gmail.com with ESMTPSA id
 a640c23a62f3a-a75101e4f76sm222179666b.192.2024.07.01.05.26.48
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 01 Jul 2024 05:26:48 -0700 (PDT)
From: Paolo Valerio <pvalerio@redhat.com>
To: ovs-dev@openvswitch.org
Date: Mon,  1 Jul 2024 14:27:17 +0200
Message-ID: <20240701122721.622994-3-pvalerio@redhat.com>
X-Mailer: git-send-email 2.45.2
In-Reply-To: <20240701122721.622994-1-pvalerio@redhat.com>
References: <20240701122721.622994-1-pvalerio@redhat.com>
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Subject: [ovs-dev] [PATCH 2/5] conntrack: Add zone limit coverage counter.
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev" <ovs-dev-bounces@openvswitch.org>

Similarly to what it's done for conntrack_full, add
conntrack_zone_full increased when new entries are not added due to
reaching the zone limit.

Signed-off-by: Paolo Valerio <pvalerio@redhat.com>
---
 lib/conntrack.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/conntrack.c b/lib/conntrack.c
index db44f8237..e90ade32f 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -50,6 +50,7 @@ COVERAGE_DEFINE(conntrack_full);
 COVERAGE_DEFINE(conntrack_l3csum_err);
 COVERAGE_DEFINE(conntrack_l4csum_err);
 COVERAGE_DEFINE(conntrack_lookup_natted_miss);
+COVERAGE_DEFINE(conntrack_zone_full);
 
 struct conn_lookup_ctx {
     struct conn_key key;
@@ -918,6 +919,7 @@ conn_not_found(struct conntrack *ct, struct dp_packet *pkt,
         struct zone_limit *zl = zone_limit_lookup_or_default(ct,
                                                              ctx->key.zone);
         if (zl && atomic_count_get(&zl->czl.count) >= zl->czl.limit) {
+            COVERAGE_INC(conntrack_zone_full);
             return nc;
         }
 

From patchwork Mon Jul  1 12:27:18 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paolo Valerio <pvalerio@redhat.com>
X-Patchwork-Id: 1954654
X-Patchwork-Delegate: aconole@redhat.com
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
 unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=R2aSs8sI;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org
 (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org)
Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4WCQK35QtZz1xpN
	for <incoming@patchwork.ozlabs.org>; Mon,  1 Jul 2024 22:27:03 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
	by smtp3.osuosl.org (Postfix) with ESMTP id 216A960A96;
	Mon,  1 Jul 2024 12:27:02 +0000 (UTC)
X-Virus-Scanned: amavis at osuosl.org
Received: from smtp3.osuosl.org ([127.0.0.1])
 by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP
 id 7D0Tzh1GI4Hc; Mon,  1 Jul 2024 12:27:01 +0000 (UTC)
X-Comment: SPF check N/A for local connections - client-ip=140.211.9.56;
 helo=lists.linuxfoundation.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN>
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org EEE0860A89
Authentication-Results: smtp3.osuosl.org;
	dkim=fail reason="signature verification failed" (1024-bit key)
 header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=R2aSs8sI
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56])
	by smtp3.osuosl.org (Postfix) with ESMTPS id EEE0860A89;
	Mon,  1 Jul 2024 12:27:00 +0000 (UTC)
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
	by lists.linuxfoundation.org (Postfix) with ESMTP id D02C7C002B;
	Mon,  1 Jul 2024 12:27:00 +0000 (UTC)
X-Original-To: ovs-dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])
 by lists.linuxfoundation.org (Postfix) with ESMTP id 0FF33C002A
 for <ovs-dev@openvswitch.org>; Mon,  1 Jul 2024 12:27:00 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp3.osuosl.org (Postfix) with ESMTP id 0921D60A6D
 for <ovs-dev@openvswitch.org>; Mon,  1 Jul 2024 12:26:59 +0000 (UTC)
X-Virus-Scanned: amavis at osuosl.org
Received: from smtp3.osuosl.org ([127.0.0.1])
 by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP
 id e0u-jK-JFj2w for <ovs-dev@openvswitch.org>;
 Mon,  1 Jul 2024 12:26:58 +0000 (UTC)
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.133.124;
 helo=us-smtp-delivery-124.mimecast.com; envelope-from=pvalerio@redhat.com;
 receiver=<UNKNOWN>
DMARC-Filter: OpenDMARC Filter v1.4.2 smtp3.osuosl.org ED51760A80
Authentication-Results: smtp3.osuosl.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org ED51760A80
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
 by smtp3.osuosl.org (Postfix) with ESMTPS id ED51760A80
 for <ovs-dev@openvswitch.org>; Mon,  1 Jul 2024 12:26:57 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1719836816;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=Y1ecUT3ymhbjYPeHB+NqoibYSK9Hi5U2ddtvUDw6tko=;
 b=R2aSs8sIG1UFF9OfT8/QZh+gaQqCV8sCBZSIBc2N00JwNyiM1cSj+IA2ZXmpF8NSpj0cRE
 3d88kGfi8nDHeCJnsslTo1NabKjCu6tIdJji3zSbk4Bszp7a8rbCv+y1p9+OpDTUWeCPP6
 gkPCoFf+G4A+ZWWsOnnKnGCK13DtKis=
Received: from mail-ed1-f72.google.com (mail-ed1-f72.google.com
 [209.85.208.72]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-578-6O19Q4h_PBeLqsLXRtAgcw-1; Mon, 01 Jul 2024 08:26:55 -0400
X-MC-Unique: 6O19Q4h_PBeLqsLXRtAgcw-1
Received: by mail-ed1-f72.google.com with SMTP id
 4fb4d7f45d1cf-57d072ea7b3so25237a12.2
 for <ovs-dev@openvswitch.org>; Mon, 01 Jul 2024 05:26:55 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1719836813; x=1720441613;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=gZgJuMHkF50kyBY58RHiSbpyhtab4KFLlzO5LVOQS6s=;
 b=pXh1NJ9/frgd9jA54u1sRlh1YHBhccErkK9GAZeEqtH/2ZeJgDXzn0nE9FRLbQ9nvd
 PkKSRIZyoyZdLw78yarsx4Lv+/QdZfh/f6llY0WrB8S5Yy9rrXEB3IQ7GKmwusCrR2b9
 dXPaa90a5egciMOy44HxqKlUoSQxL+5vFFnZuX7GthBZCcHBPSilrLV/mwy052KPZSHS
 DrYvfRmijzsAItjVrm2HpoZUia+ZcCME7SNajM+u2WtNWVm1ro1TqUtxT4JwPbf7h66T
 WV+/SKyRNPzrwuACTH5BWKJl17Lky9d19ReR8G/fTWxW8NhojauLk3cYMwEJEaQsMSJw
 wwZQ==
X-Gm-Message-State: AOJu0Yx3EneJMzUBQ6XikbbiOWhSEsXlqCbUZQ3pVJibRLnLP94LCpZJ
 IegwFLXcN/lttCr/MVV+hEpDN69SvmVHzctZ8RMjE5Zo1O3nk6EoVK1rPHoGJvOQ0EN6lF61Qqs
 enF5LcLm90gR4qn63EYEfruIa4g7H0fkA3bjIzUV5zt4hlLuNvoCl+m7WwVCghTdaf3uqFO078W
 EDQERiOHwjbTmIpGFofqGtH/E/AZqx8mjy0pBZaWw=
X-Received: by 2002:a50:8d49:0:b0:582:4465:8b27 with SMTP id
 4fb4d7f45d1cf-587a14ce696mr3580169a12.4.1719836813507;
 Mon, 01 Jul 2024 05:26:53 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IEpJZtha5zVN6qAzpylUbmyHQ54dw4iQ9C1YOzdX7ADGUlTw7RFpZTdi/Itrr6d79Md8D2s5w==
X-Received: by 2002:a50:8d49:0:b0:582:4465:8b27 with SMTP id
 4fb4d7f45d1cf-587a14ce696mr3580153a12.4.1719836813006;
 Mon, 01 Jul 2024 05:26:53 -0700 (PDT)
Received: from localhost (net-2-35-92-161.cust.vodafonedsl.it. [2.35.92.161])
 by smtp.gmail.com with ESMTPSA id
 4fb4d7f45d1cf-58614d5051dsm4307549a12.61.2024.07.01.05.26.52
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 01 Jul 2024 05:26:52 -0700 (PDT)
From: Paolo Valerio <pvalerio@redhat.com>
To: ovs-dev@openvswitch.org
Date: Mon,  1 Jul 2024 14:27:18 +0200
Message-ID: <20240701122721.622994-4-pvalerio@redhat.com>
X-Mailer: git-send-email 2.45.2
In-Reply-To: <20240701122721.622994-1-pvalerio@redhat.com>
References: <20240701122721.622994-1-pvalerio@redhat.com>
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Subject: [ovs-dev] [PATCH 3/5] conntrack: Do not use atomics to report zones
 info.
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev" <ovs-dev-bounces@openvswitch.org>

Atomics are not needed when reporting zone limits.
Remove the restriction by defining a non-atomic common structure
to report such data.
The change also access atomics using the related operations to
retrieve atomics reporting only the fields required by the requesting
level instead of relying of struct copy.

Signed-off-by: Paolo Valerio <pvalerio@redhat.com>
---
 lib/conntrack-private.h |  8 ++++++++
 lib/conntrack.c         | 11 ++++++-----
 lib/conntrack.h         |  9 ++++-----
 lib/dpif-netdev.c       |  6 +++---
 4 files changed, 21 insertions(+), 13 deletions(-)

diff --git a/lib/conntrack-private.h b/lib/conntrack-private.h
index 6c65caa07..2c625d710 100644
--- a/lib/conntrack-private.h
+++ b/lib/conntrack-private.h
@@ -198,6 +198,14 @@ enum ct_ephemeral_range {
 #define FOR_EACH_PORT_IN_RANGE(curr, min, max) \
     FOR_EACH_PORT_IN_RANGE__(curr, min, max, OVS_JOIN(idx, __COUNTER__))
 
+
+struct conntrack_zone_limit {
+    int32_t zone;
+    uint32_t limit;
+    atomic_count count;
+    uint32_t zone_limit_seq; /* Used to disambiguate zone limit counts. */
+};
+
 struct conntrack {
     struct ovs_mutex ct_lock; /* Protects the following fields. */
     struct cmap conns[UINT16_MAX + 1] OVS_GUARDED;
diff --git a/lib/conntrack.c b/lib/conntrack.c
index e90ade32f..0481a8c8a 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -330,18 +330,19 @@ zone_limit_lookup_or_default(struct conntrack *ct, int32_t zone)
     return zl ? zl : zone_limit_lookup(ct, DEFAULT_ZONE);
 }
 
-struct conntrack_zone_limit
+struct conntrack_zone_info
 zone_limit_get(struct conntrack *ct, int32_t zone)
 {
-    struct conntrack_zone_limit czl = {
+    struct conntrack_zone_info czl = {
         .zone = DEFAULT_ZONE,
         .limit = 0,
-        .count = ATOMIC_COUNT_INIT(0),
-        .zone_limit_seq = 0,
+        .count = 0,
     };
     struct zone_limit *zl = zone_limit_lookup_or_default(ct, zone);
     if (zl) {
-        czl = zl->czl;
+        czl.zone = zl->czl.zone;
+        czl.limit = zl->czl.limit;
+        czl.count = atomic_count_get(&zl->czl.count);
     }
     return czl;
 }
diff --git a/lib/conntrack.h b/lib/conntrack.h
index 13bb02ea9..c3136e955 100644
--- a/lib/conntrack.h
+++ b/lib/conntrack.h
@@ -115,11 +115,10 @@ struct conntrack_dump {
     uint16_t current_zone;
 };
 
-struct conntrack_zone_limit {
+struct conntrack_zone_info {
     int32_t zone;
     uint32_t limit;
-    atomic_count count;
-    uint32_t zone_limit_seq; /* Used to disambiguate zone limit counts. */
+    unsigned int count;
 };
 
 struct timeout_policy {
@@ -161,8 +160,8 @@ int conntrack_set_sweep_interval(struct conntrack *ct, uint32_t ms);
 uint32_t conntrack_get_sweep_interval(struct conntrack *ct);
 bool conntrack_get_tcp_seq_chk(struct conntrack *ct);
 struct ipf *conntrack_ipf_ctx(struct conntrack *ct);
-struct conntrack_zone_limit zone_limit_get(struct conntrack *ct,
-                                           int32_t zone);
+struct conntrack_zone_info zone_limit_get(struct conntrack *ct,
+                                          int32_t zone);
 int zone_limit_update(struct conntrack *ct, int32_t zone, uint32_t limit);
 int zone_limit_delete(struct conntrack *ct, int32_t zone);
 
diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c
index c7f9e1490..3fbfcfa2b 100644
--- a/lib/dpif-netdev.c
+++ b/lib/dpif-netdev.c
@@ -9729,7 +9729,7 @@ dpif_netdev_ct_get_limits(struct dpif *dpif,
                            struct ovs_list *zone_limits_reply)
 {
     struct dp_netdev *dp = get_dp_netdev(dpif);
-    struct conntrack_zone_limit czl;
+    struct conntrack_zone_info czl;
 
     if (!ovs_list_is_empty(zone_limits_request)) {
         struct ct_dpif_zone_limit *zone_limit;
@@ -9738,7 +9738,7 @@ dpif_netdev_ct_get_limits(struct dpif *dpif,
             if (czl.zone == zone_limit->zone || czl.zone == DEFAULT_ZONE) {
                 ct_dpif_push_zone_limit(zone_limits_reply, zone_limit->zone,
                                         czl.limit,
-                                        atomic_count_get(&czl.count));
+                                        czl.count);
             } else {
                 return EINVAL;
             }
@@ -9754,7 +9754,7 @@ dpif_netdev_ct_get_limits(struct dpif *dpif,
             czl = zone_limit_get(dp->conntrack, z);
             if (czl.zone == z) {
                 ct_dpif_push_zone_limit(zone_limits_reply, z, czl.limit,
-                                        atomic_count_get(&czl.count));
+                                        czl.count);
             }
         }
     }

From patchwork Mon Jul  1 12:27:19 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paolo Valerio <pvalerio@redhat.com>
X-Patchwork-Id: 1954655
X-Patchwork-Delegate: aconole@redhat.com
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
 unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=ZPPQvXhY;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org
 (client-ip=2605:bc80:3010::138; helo=smtp1.osuosl.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org)
Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4WCQK80QWtz1xpN
	for <incoming@patchwork.ozlabs.org>; Mon,  1 Jul 2024 22:27:07 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
	by smtp1.osuosl.org (Postfix) with ESMTP id 4EB4881D7C;
	Mon,  1 Jul 2024 12:27:06 +0000 (UTC)
X-Virus-Scanned: amavis at osuosl.org
Received: from smtp1.osuosl.org ([127.0.0.1])
 by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP
 id SzzL-UfeBoO7; Mon,  1 Jul 2024 12:27:05 +0000 (UTC)
X-Comment: SPF check N/A for local connections -
 client-ip=2605:bc80:3010:104::8cd3:938; helo=lists.linuxfoundation.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN>
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 464F181772
Authentication-Results: smtp1.osuosl.org;
	dkim=fail reason="signature verification failed" (1024-bit key)
 header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=ZPPQvXhY
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org
 [IPv6:2605:bc80:3010:104::8cd3:938])
	by smtp1.osuosl.org (Postfix) with ESMTPS id 464F181772;
	Mon,  1 Jul 2024 12:27:05 +0000 (UTC)
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
	by lists.linuxfoundation.org (Postfix) with ESMTP id F38F5C002B;
	Mon,  1 Jul 2024 12:27:04 +0000 (UTC)
X-Original-To: ovs-dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138])
 by lists.linuxfoundation.org (Postfix) with ESMTP id 17672C0033
 for <ovs-dev@openvswitch.org>; Mon,  1 Jul 2024 12:27:04 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp1.osuosl.org (Postfix) with ESMTP id 17162819F8
 for <ovs-dev@openvswitch.org>; Mon,  1 Jul 2024 12:27:01 +0000 (UTC)
X-Virus-Scanned: amavis at osuosl.org
Received: from smtp1.osuosl.org ([127.0.0.1])
 by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP
 id hVjAP-QRuH2B for <ovs-dev@openvswitch.org>;
 Mon,  1 Jul 2024 12:27:00 +0000 (UTC)
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.129.124;
 helo=us-smtp-delivery-124.mimecast.com; envelope-from=pvalerio@redhat.com;
 receiver=<UNKNOWN>
DMARC-Filter: OpenDMARC Filter v1.4.2 smtp1.osuosl.org 4C7F2818C9
Authentication-Results: smtp1.osuosl.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 4C7F2818C9
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
 by smtp1.osuosl.org (Postfix) with ESMTPS id 4C7F2818C9
 for <ovs-dev@openvswitch.org>; Mon,  1 Jul 2024 12:27:00 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1719836819;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=5cl4P2x95nFGJVZizv81KbJ+nAxs7tyW/dpra8mzg0Y=;
 b=ZPPQvXhYCUpRUYrS8pJX/vNvrC6+tdAXhBRrILlYNdAS6OZXakbhJ5fEZaUVZOr/2jTLuK
 W9WSch725ktsgerhbICfIfcc1myVUVGsnY4aYe1cZiqoq7rIw63opcNJ4CXRyL/fUNZ3x6
 eUgAOAvPTzzFN/BxgJ5FPQ+7RJ2h/Nc=
Received: from mail-lf1-f70.google.com (mail-lf1-f70.google.com
 [209.85.167.70]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-571--3-QhEZYNo67P5rorvQSxA-1; Mon, 01 Jul 2024 08:26:58 -0400
X-MC-Unique: -3-QhEZYNo67P5rorvQSxA-1
Received: by mail-lf1-f70.google.com with SMTP id
 2adb3069b0e04-52e7fe18878so526641e87.0
 for <ovs-dev@openvswitch.org>; Mon, 01 Jul 2024 05:26:57 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1719836816; x=1720441616;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=5cl4P2x95nFGJVZizv81KbJ+nAxs7tyW/dpra8mzg0Y=;
 b=ZshLkMhmDNSLWwfIno5PFc3dt0D9Tc7I+Mvl7Tb+4GYWE/p0UT6sTusktz/VXAIGG1
 vqnGMplSiAcPs1SKEawvdMKvFCYU0jpNu2U/yXz14yAZM+IRMWULk3EUglGZu09Ksoq3
 paf/0caFCFldqmfEQBETz7NJLGPAKNr259n3hE3LnwZmBaeqziDariLYKSA/uXafgFy0
 h9zrGg1c8HlzmKWoIAKSHqocU34TshUOCrpdKQ7cpzvh9rwLUG+jsm+qLQLm212zSI30
 z3sFUsY4W83a2z9Ek4hk7H4NODYXcXe8Zf9Alik0rU5bu8u+pjMTVeca8gHBy1lUr7hK
 JdyA==
X-Gm-Message-State: AOJu0YyqxQbVTejacdF6MS1yOvrsnecnXzsIN+U76P2JHTGhXpR1NHXz
 udSvTObGoWZv4r6NVf9aoCrl+5Ilxco9kxJLRkTa9/z/U0bODwgYBjc+4Bg1X1SZxRTXhCGA7Q/
 /YcUFeOFB/SHrEMmYfn4pJdqYsXppSLKCO8SvYeuHFol6HtXnl99WT5aKJEWWoQoEyzUL+MDQiT
 SRbXxpm2N1z3aPypFbmDmtGsjZgqfaVlDAkyMY39A=
X-Received: by 2002:a05:6512:280a:b0:52e:7bb4:942d with SMTP id
 2adb3069b0e04-52e82641bc5mr3445871e87.1.1719836816280;
 Mon, 01 Jul 2024 05:26:56 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IH/BcywN3iRIgJhKyOaI+LQQoV34jXmaB/T0OfoW9fzWdlWXbRDx4JG1A1IRnMHM50jBM8NNg==
X-Received: by 2002:a05:6512:280a:b0:52e:7bb4:942d with SMTP id
 2adb3069b0e04-52e82641bc5mr3445861e87.1.1719836815851;
 Mon, 01 Jul 2024 05:26:55 -0700 (PDT)
Received: from localhost (net-2-35-92-161.cust.vodafonedsl.it. [2.35.92.161])
 by smtp.gmail.com with ESMTPSA id
 a640c23a62f3a-a72ab0657b1sm326442266b.133.2024.07.01.05.26.54
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 01 Jul 2024 05:26:54 -0700 (PDT)
From: Paolo Valerio <pvalerio@redhat.com>
To: ovs-dev@openvswitch.org
Date: Mon,  1 Jul 2024 14:27:19 +0200
Message-ID: <20240701122721.622994-5-pvalerio@redhat.com>
X-Mailer: git-send-email 2.45.2
In-Reply-To: <20240701122721.622994-1-pvalerio@redhat.com>
References: <20240701122721.622994-1-pvalerio@redhat.com>
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Subject: [ovs-dev] [PATCH 4/5] conntrack: Turn zl local limit into atomic.
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev" <ovs-dev-bounces@openvswitch.org>

while at it, changes struct zone_limit initialization in
zone_limit_create() in order to use atomic init operations instead of
relying on memset() which, although correctly initializes the struct,
is semantially not aware of atomics.

Signed-off-by: Paolo Valerio <pvalerio@redhat.com>
---
 lib/conntrack-private.h |  2 +-
 lib/conntrack.c         | 19 ++++++++++++-------
 2 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/lib/conntrack-private.h b/lib/conntrack-private.h
index 2c625d710..2770470d1 100644
--- a/lib/conntrack-private.h
+++ b/lib/conntrack-private.h
@@ -201,7 +201,7 @@ enum ct_ephemeral_range {
 
 struct conntrack_zone_limit {
     int32_t zone;
-    uint32_t limit;
+    atomic_uint32_t limit;
     atomic_count count;
     uint32_t zone_limit_seq; /* Used to disambiguate zone limit counts. */
 };
diff --git a/lib/conntrack.c b/lib/conntrack.c
index 0481a8c8a..ac0790e11 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -341,7 +341,7 @@ zone_limit_get(struct conntrack *ct, int32_t zone)
     struct zone_limit *zl = zone_limit_lookup_or_default(ct, zone);
     if (zl) {
         czl.zone = zl->czl.zone;
-        czl.limit = zl->czl.limit;
+        atomic_read_relaxed(&zl->czl.limit, &czl.limit);
         czl.count = atomic_count_get(&zl->czl.count);
     }
     return czl;
@@ -358,8 +358,9 @@ zone_limit_create(struct conntrack *ct, int32_t zone, uint32_t limit)
     }
 
     if (zone >= DEFAULT_ZONE && zone <= MAX_ZONE) {
-        zl = xzalloc(sizeof *zl);
-        zl->czl.limit = limit;
+        zl = xmalloc(sizeof *zl);
+        atomic_init(&zl->czl.limit, limit);
+        atomic_count_init(&zl->czl.count, 0);
         zl->czl.zone = zone;
         zl->czl.zone_limit_seq = ct->zone_limit_seq++;
         uint32_t hash = zone_key_hash(zone, ct->hash_basis);
@@ -376,7 +377,7 @@ zone_limit_update(struct conntrack *ct, int32_t zone, uint32_t limit)
     int err = 0;
     struct zone_limit *zl = zone_limit_lookup(ct, zone);
     if (zl) {
-        zl->czl.limit = limit;
+        atomic_store_relaxed(&zl->czl.limit, limit);
         VLOG_INFO("Changed zone limit of %u for zone %d", limit, zone);
     } else {
         ovs_mutex_lock(&ct->ct_lock);
@@ -916,12 +917,16 @@ conn_not_found(struct conntrack *ct, struct dp_packet *pkt,
     }
 
     if (commit) {
+        uint32_t czl_limit;
         struct conn_key_node *fwd_key_node, *rev_key_node;
         struct zone_limit *zl = zone_limit_lookup_or_default(ct,
                                                              ctx->key.zone);
-        if (zl && atomic_count_get(&zl->czl.count) >= zl->czl.limit) {
-            COVERAGE_INC(conntrack_zone_full);
-            return nc;
+        if (zl) {
+            atomic_read_relaxed(&zl->czl.limit, &czl_limit);
+            if (atomic_count_get(&zl->czl.count) >= czl_limit) {
+                COVERAGE_INC(conntrack_zone_full);
+                return nc;
+            }
         }
 
         unsigned int n_conn_limit;

From patchwork Mon Jul  1 12:27:20 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paolo Valerio <pvalerio@redhat.com>
X-Patchwork-Id: 1954656
X-Patchwork-Delegate: aconole@redhat.com
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
 unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=ED2AwmSi;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org
 (client-ip=2605:bc80:3010::138; helo=smtp1.osuosl.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org)
Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4WCQKR6nVYz1xpN
	for <incoming@patchwork.ozlabs.org>; Mon,  1 Jul 2024 22:27:23 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
	by smtp1.osuosl.org (Postfix) with ESMTP id 5F91381E22;
	Mon,  1 Jul 2024 12:27:22 +0000 (UTC)
X-Virus-Scanned: amavis at osuosl.org
Received: from smtp1.osuosl.org ([127.0.0.1])
 by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP
 id Pb0C_SARgX3S; Mon,  1 Jul 2024 12:27:20 +0000 (UTC)
X-Comment: SPF check N/A for local connections - client-ip=140.211.9.56;
 helo=lists.linuxfoundation.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN>
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org A168A81E31
Authentication-Results: smtp1.osuosl.org;
	dkim=fail reason="signature verification failed" (1024-bit key)
 header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=ED2AwmSi
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56])
	by smtp1.osuosl.org (Postfix) with ESMTPS id A168A81E31;
	Mon,  1 Jul 2024 12:27:20 +0000 (UTC)
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
	by lists.linuxfoundation.org (Postfix) with ESMTP id 7B5E3C002B;
	Mon,  1 Jul 2024 12:27:20 +0000 (UTC)
X-Original-To: ovs-dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133])
 by lists.linuxfoundation.org (Postfix) with ESMTP id 2AE27C0033
 for <ovs-dev@openvswitch.org>; Mon,  1 Jul 2024 12:27:19 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp2.osuosl.org (Postfix) with ESMTP id 4E00540B85
 for <ovs-dev@openvswitch.org>; Mon,  1 Jul 2024 12:27:04 +0000 (UTC)
X-Virus-Scanned: amavis at osuosl.org
Received: from smtp2.osuosl.org ([127.0.0.1])
 by localhost (smtp2.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP
 id 4N6aFkSo564n for <ovs-dev@openvswitch.org>;
 Mon,  1 Jul 2024 12:27:02 +0000 (UTC)
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.129.124;
 helo=us-smtp-delivery-124.mimecast.com; envelope-from=pvalerio@redhat.com;
 receiver=<UNKNOWN>
DMARC-Filter: OpenDMARC Filter v1.4.2 smtp2.osuosl.org 7E2F640DD5
Authentication-Results: smtp2.osuosl.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 7E2F640DD5
Authentication-Results: smtp2.osuosl.org;
 dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.a=rsa-sha256 header.s=mimecast20190719 header.b=ED2AwmSi
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
 by smtp2.osuosl.org (Postfix) with ESMTPS id 7E2F640DD5
 for <ovs-dev@openvswitch.org>; Mon,  1 Jul 2024 12:27:02 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1719836821;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=yK1QGYrpaPvUlzwHjbOm2nn/NGqVKGtPgcIiZf44eAM=;
 b=ED2AwmSiJUFDN05vq8K/yXz+WcwufYwjdOECCT7eIROUABAMU+waSPCsuWqKYicYCtSVxm
 92kD1k+0riBccl/s/qvz8Zw3RJt1Mhcp+4rn31Jv3SJQwcmXw0HFSfQDiyJViLzEk9OulX
 BPtoVsX6EBP+wVx+wtuZXIYLsgdtq7E=
Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com
 [209.85.208.69]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-307-zTesu5s3OFayAwVwEFYfnw-1; Mon, 01 Jul 2024 08:27:00 -0400
X-MC-Unique: zTesu5s3OFayAwVwEFYfnw-1
Received: by mail-ed1-f69.google.com with SMTP id
 4fb4d7f45d1cf-58427b1a528so29259a12.1
 for <ovs-dev@openvswitch.org>; Mon, 01 Jul 2024 05:26:59 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1719836818; x=1720441618;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=yK1QGYrpaPvUlzwHjbOm2nn/NGqVKGtPgcIiZf44eAM=;
 b=VOMR2+BOU/lDg3HcU7REHWUGJL20DDXIXz+IZIts7gTtdb4/InBzy7AcpoUKjfQjlZ
 FPKCvpVaYYi/8m9/QLRiFFbpzqLosNototvh0K+4DEQeaoKsZhACwscESFDddZx1wF43
 hRSXLKwbu63SVgtiN8uR1CPDKxlJ7eqb/WERfTmrKb31ZBOloeL6G77+G9vyX358Iu/4
 xqlynJp7e4vz9BqQPy3yfRu6FO48M1+ZutRC9YktpV9apYx66iSy28F7NiRuInjalcSB
 WHV3kf1n6RD1m0iFSh5EUNdQ6ReXCu2VTBhoZleRiajSccSC0FSAWvRMTpSbp3yrl4e9
 6gtg==
X-Gm-Message-State: AOJu0YwOUC8pfMyBgX01KRJ2947AhKUg4/aYWzt3BlYExpZmnvJy0sIi
 /ff57d2rLxVcnhrae0McXIDtgUL/2yBb5PxDkCgvcv5h5Pm8KVcLJY7AI/jh1ZZoqmJMICJ/Xq1
 pi9JHUhnbHZX2GyS7bgTrJZd/6+coJtjNF8D4biRI4NzchX/UfzVG/fDRI5sysZfxfwgIbhsAEk
 x6atxRwlYqNaPhcCexwnDDzoNYPog7WLYyCMS1eDs=
X-Received: by 2002:a17:907:6d08:b0:a6f:5fdf:6cd9 with SMTP id
 a640c23a62f3a-a75145cd71bmr469562866b.4.1719836818073;
 Mon, 01 Jul 2024 05:26:58 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IG63NLmwi1KlWhzP3FMyDlNndVU2Zt85vAENjEG4iwxz4yI9s62FwcQdg0eNLJMQJrJCmTbWQ==
X-Received: by 2002:a17:907:6d08:b0:a6f:5fdf:6cd9 with SMTP id
 a640c23a62f3a-a75145cd71bmr469560966b.4.1719836817537;
 Mon, 01 Jul 2024 05:26:57 -0700 (PDT)
Received: from localhost (net-2-35-92-161.cust.vodafonedsl.it. [2.35.92.161])
 by smtp.gmail.com with ESMTPSA id
 a640c23a62f3a-a72ab08cfb6sm329218066b.159.2024.07.01.05.26.56
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 01 Jul 2024 05:26:57 -0700 (PDT)
From: Paolo Valerio <pvalerio@redhat.com>
To: ovs-dev@openvswitch.org
Date: Mon,  1 Jul 2024 14:27:20 +0200
Message-ID: <20240701122721.622994-6-pvalerio@redhat.com>
X-Mailer: git-send-email 2.45.2
In-Reply-To: <20240701122721.622994-1-pvalerio@redhat.com>
References: <20240701122721.622994-1-pvalerio@redhat.com>
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Subject: [ovs-dev] [PATCH 5/5] conntrack: Use a per zone default limit.
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
Cc: Ilya Maximets <i.maximets@ovn.org>
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev" <ovs-dev-bounces@openvswitch.org>

Before this change the default limit, instead of being considered
per-zone, was considered as a global value that every new entry was
checked against during the creation. This was not the intended
behavior as the default limit should be inherited by each zone instead
of being an aggregate number.

This change corrects that by removing the default limit from the cmap
and making it global (atomic). Now, whenever a new connection needs to
be committed, if default_zone_limit is set and the entry for the zone
doesn't exist, a new entry for that zone is lazily created, marked as
default. All subsequent packets for that zone will undergo the regular
lookup process.

Operations such as creation/deletion are modified accordingly taking
into account this new behavior.

Worth noting that OVS_REQUIRES(ct->ct_lock) is not a strict
requirement for zone_limit_lookup_or_default(), however since the
function operates under the lock and it can create an entry in the
slow path, the lock requirement is enforced in order to make thread
safety checks work. The function can still be moved outside the
creation lock or any lock, keeping the fastpath lockless (turning
zone_limit_lookup_protected() to its unprotected version) and locking
only in the slow path (replacing zone_limit_create__() with
zone_limit_create__().

The patch also extends `conntrack - limit by zone` test in order to
check the behavior, and while at it, update test's packet-out to use
compose-packet function.

Fixes: a7f33fdbfb67 ("conntrack: Support zone limits.")
Reported-at: https://issues.redhat.com/browse/FDP-122
Reported-by: Ilya Maximets <i.maximets@ovn.org>
Signed-off-by: Paolo Valerio <pvalerio@redhat.com>
---
 lib/conntrack-private.h |   7 +-
 lib/conntrack.c         | 233 +++++++++++++++++++++++++++++++---------
 tests/system-traffic.at |  64 +++++++----
 3 files changed, 231 insertions(+), 73 deletions(-)

diff --git a/lib/conntrack-private.h b/lib/conntrack-private.h
index 2770470d1..46b212754 100644
--- a/lib/conntrack-private.h
+++ b/lib/conntrack-private.h
@@ -198,10 +198,11 @@ enum ct_ephemeral_range {
 #define FOR_EACH_PORT_IN_RANGE(curr, min, max) \
     FOR_EACH_PORT_IN_RANGE__(curr, min, max, OVS_JOIN(idx, __COUNTER__))
 
+#define ZONE_LIMIT_CONN_DEFAULT -1
 
 struct conntrack_zone_limit {
     int32_t zone;
-    atomic_uint32_t limit;
+    atomic_int64_t limit;
     atomic_count count;
     uint32_t zone_limit_seq; /* Used to disambiguate zone limit counts. */
 };
@@ -212,6 +213,9 @@ struct conntrack {
     struct rculist exp_lists[N_EXP_LISTS] OVS_GUARDED;
     struct cmap zone_limits OVS_GUARDED;
     struct cmap timeout_policies OVS_GUARDED;
+    uint32_t zone_limit_seq OVS_GUARDED; /* Used to disambiguate zone limit
+                                          * counts. */
+    atomic_uint32_t default_zone_limit;
 
     uint32_t hash_basis; /* Salt for hashing a connection key. */
     pthread_t clean_thread; /* Periodically cleans up connection tracker. */
@@ -234,7 +238,6 @@ struct conntrack {
                                                      * control context.  */
 
     struct ipf *ipf; /* Fragmentation handling context. */
-    uint32_t zone_limit_seq; /* Used to disambiguate zone limit counts. */
     atomic_bool tcp_seq_chk; /* Check TCP sequence numbers. */
     atomic_uint32_t sweep_ms; /* Next sweep interval. */
 };
diff --git a/lib/conntrack.c b/lib/conntrack.c
index ac0790e11..0e128a0c6 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -270,6 +270,7 @@ conntrack_init(void)
     atomic_init(&ct->n_conn_limit, DEFAULT_N_CONN_LIMIT);
     atomic_init(&ct->tcp_seq_chk, true);
     atomic_init(&ct->sweep_ms, 20000);
+    atomic_init(&ct->default_zone_limit, 0);
     latch_init(&ct->clean_thread_exit);
     ct->clean_thread = ovs_thread_create("ct_clean", clean_thread_main, ct);
     ct->ipf = ipf_init();
@@ -296,6 +297,28 @@ zone_key_hash(int32_t zone, uint32_t basis)
     return hash;
 }
 
+static int64_t
+zone_limit_get_limit__(struct conntrack_zone_limit *czl)
+{
+    int64_t limit;
+    atomic_read_relaxed(&czl->limit, &limit);
+
+    return limit;
+}
+
+static int64_t
+zone_limit_get_limit(struct conntrack *ct, struct conntrack_zone_limit *czl)
+{
+    int64_t limit = zone_limit_get_limit__(czl);
+
+    if (limit == ZONE_LIMIT_CONN_DEFAULT) {
+        atomic_read_relaxed(&ct->default_zone_limit, &limit);
+        limit = limit ? : -1;
+    }
+
+    return limit;
+}
+
 static struct zone_limit *
 zone_limit_lookup_protected(struct conntrack *ct, int32_t zone)
     OVS_REQUIRES(ct->ct_lock)
@@ -323,11 +346,56 @@ zone_limit_lookup(struct conntrack *ct, int32_t zone)
     return NULL;
 }
 
+static struct zone_limit *
+zone_limit_create__(struct conntrack *ct, int32_t zone, int64_t limit)
+    OVS_REQUIRES(ct->ct_lock)
+{
+    struct zone_limit *zl = NULL;
+
+    if (zone > DEFAULT_ZONE && zone <= MAX_ZONE) {
+        zl = xmalloc(sizeof *zl);
+        atomic_init(&zl->czl.limit, limit);
+        atomic_count_init(&zl->czl.count, 0);
+        zl->czl.zone = zone;
+        zl->czl.zone_limit_seq = ct->zone_limit_seq++;
+        uint32_t hash = zone_key_hash(zone, ct->hash_basis);
+        cmap_insert(&ct->zone_limits, &zl->node, hash);
+    }
+
+    return zl;
+}
+
+static struct zone_limit *
+zone_limit_create(struct conntrack *ct, int32_t zone, int64_t limit)
+    OVS_REQUIRES(ct->ct_lock)
+{
+    struct zone_limit *zl = zone_limit_lookup_protected(ct, zone);
+
+    if (zl) {
+        return zl;
+    }
+
+    return zone_limit_create__(ct, zone, limit);
+}
+
+/* Lazily creates a new entry in the zone_limits cmap if default limit
+ * is set and there's no entry for the zone. */
 static struct zone_limit *
 zone_limit_lookup_or_default(struct conntrack *ct, int32_t zone)
+    OVS_REQUIRES(ct->ct_lock)
 {
-    struct zone_limit *zl = zone_limit_lookup(ct, zone);
-    return zl ? zl : zone_limit_lookup(ct, DEFAULT_ZONE);
+    struct zone_limit *zl = zone_limit_lookup_protected(ct, zone);
+
+    if (!zl) {
+        uint32_t limit;
+        atomic_read_relaxed(&ct->default_zone_limit, &limit);
+
+        if (limit) {
+            zl = zone_limit_create__(ct, zone, ZONE_LIMIT_CONN_DEFAULT);
+        }
+    }
+
+    return zl;
 }
 
 struct conntrack_zone_info
@@ -338,89 +406,147 @@ zone_limit_get(struct conntrack *ct, int32_t zone)
         .limit = 0,
         .count = 0,
     };
-    struct zone_limit *zl = zone_limit_lookup_or_default(ct, zone);
+    struct zone_limit *zl = zone_limit_lookup(ct, zone);
     if (zl) {
-        czl.zone = zl->czl.zone;
-        atomic_read_relaxed(&zl->czl.limit, &czl.limit);
+        int64_t czl_limit = zone_limit_get_limit__(&zl->czl);
+        if (czl_limit > ZONE_LIMIT_CONN_DEFAULT) {
+            czl.zone = zl->czl.zone;
+            czl.limit = czl_limit;
+        } else {
+            atomic_read_relaxed(&ct->default_zone_limit, &czl.limit);
+        }
+
         czl.count = atomic_count_get(&zl->czl.count);
+    } else {
+        atomic_read_relaxed(&ct->default_zone_limit, &czl.limit);
     }
+
     return czl;
 }
 
-static int
-zone_limit_create(struct conntrack *ct, int32_t zone, uint32_t limit)
+static void
+zone_limit_clean__(struct conntrack *ct, struct zone_limit *zl)
     OVS_REQUIRES(ct->ct_lock)
 {
-    struct zone_limit *zl = zone_limit_lookup_protected(ct, zone);
+    uint32_t hash = zone_key_hash(zl->czl.zone, ct->hash_basis);
+    cmap_remove(&ct->zone_limits, &zl->node, hash);
+    ovsrcu_postpone(free, zl);
+}
 
-    if (zl) {
-        return 0;
-    }
+static void
+zone_limit_clean(struct conntrack *ct, struct zone_limit *zl)
+    OVS_REQUIRES(ct->ct_lock)
+{
+    uint32_t limit;
 
-    if (zone >= DEFAULT_ZONE && zone <= MAX_ZONE) {
-        zl = xmalloc(sizeof *zl);
-        atomic_init(&zl->czl.limit, limit);
-        atomic_count_init(&zl->czl.count, 0);
-        zl->czl.zone = zone;
-        zl->czl.zone_limit_seq = ct->zone_limit_seq++;
-        uint32_t hash = zone_key_hash(zone, ct->hash_basis);
-        cmap_insert(&ct->zone_limits, &zl->node, hash);
-        return 0;
+    atomic_read_relaxed(&ct->default_zone_limit, &limit);
+    /* Do not remove the entry if the default limit is enabled, but
+     * simply move the limit to default. */
+    if (limit) {
+        atomic_store_relaxed(&zl->czl.limit, ZONE_LIMIT_CONN_DEFAULT);
     } else {
-        return EINVAL;
+        zone_limit_clean__(ct, zl);
     }
 }
 
-int
-zone_limit_update(struct conntrack *ct, int32_t zone, uint32_t limit)
+static void
+zone_limit_clean_default(struct conntrack *ct)
+    OVS_REQUIRES(ct->ct_lock)
 {
-    int err = 0;
-    struct zone_limit *zl = zone_limit_lookup(ct, zone);
-    if (zl) {
-        atomic_store_relaxed(&zl->czl.limit, limit);
-        VLOG_INFO("Changed zone limit of %u for zone %d", limit, zone);
-    } else {
-        ovs_mutex_lock(&ct->ct_lock);
-        err = zone_limit_create(ct, zone, limit);
-        ovs_mutex_unlock(&ct->ct_lock);
-        if (!err) {
-            VLOG_INFO("Created zone limit of %u for zone %d", limit, zone);
-        } else {
-            VLOG_WARN("Request to create zone limit for invalid zone %d",
-                      zone);
+    struct zone_limit *zl;
+    int64_t czl_limit;
+
+    atomic_store_relaxed(&ct->default_zone_limit, 0);
+
+    CMAP_FOR_EACH (zl, node, &ct->zone_limits) {
+        atomic_read_relaxed(&zl->czl.limit, &czl_limit);
+        if (zone_limit_get_limit__(&zl->czl) == ZONE_LIMIT_CONN_DEFAULT) {
+            zone_limit_clean__(ct, zl);
         }
     }
-    return err;
 }
 
-static void
-zone_limit_clean(struct conntrack *ct, struct zone_limit *zl)
+static bool
+zone_limit_delete__(struct conntrack *ct, int32_t zone)
     OVS_REQUIRES(ct->ct_lock)
 {
-    uint32_t hash = zone_key_hash(zl->czl.zone, ct->hash_basis);
-    cmap_remove(&ct->zone_limits, &zl->node, hash);
-    ovsrcu_postpone(free, zl);
+    struct zone_limit *zl = NULL;
+
+    if (zone == DEFAULT_ZONE) {
+        zone_limit_clean_default(ct);
+    } else {
+        zl = zone_limit_lookup_protected(ct, zone);
+        if (zl) {
+            zone_limit_clean(ct, zl);
+        }
+    }
+
+    return zl != NULL;
 }
 
 int
 zone_limit_delete(struct conntrack *ct, int32_t zone)
 {
+    bool deleted;
+
     ovs_mutex_lock(&ct->ct_lock);
-    struct zone_limit *zl = zone_limit_lookup_protected(ct, zone);
-    if (zl) {
-        zone_limit_clean(ct, zl);
-    }
+    deleted = zone_limit_delete__(ct, zone);
+    ovs_mutex_unlock(&ct->ct_lock);
 
     if (zone != DEFAULT_ZONE) {
-        VLOG_INFO(zl ? "Deleted zone limit for zone %d"
-                     : "Attempted delete of non-existent zone limit: zone %d",
+        VLOG_INFO(deleted
+                  ? "Deleted zone limit for zone %d"
+                  : "Attempted delete of non-existent zone limit: zone %d",
                   zone);
     }
 
-    ovs_mutex_unlock(&ct->ct_lock);
     return 0;
 }
 
+static void
+zone_limit_update_default(struct conntrack *ct, int32_t zone, uint32_t limit)
+{
+    /* limit zero means delete default. */
+    if (limit == 0) {
+        ovs_mutex_lock(&ct->ct_lock);
+        zone_limit_delete__(ct, zone);
+        ovs_mutex_unlock(&ct->ct_lock);
+    } else {
+        atomic_store_relaxed(&ct->default_zone_limit, limit);
+    }
+}
+
+int
+zone_limit_update(struct conntrack *ct, int32_t zone, uint32_t limit)
+{
+    struct zone_limit *zl;
+    int err = 0;
+
+    if (zone == DEFAULT_ZONE) {
+        zone_limit_update_default(ct, zone, limit);
+        VLOG_INFO("Set default zone limit to %u", limit);
+        return err;
+    }
+
+    zl = zone_limit_lookup(ct, zone);
+    if (zl) {
+        atomic_store_relaxed(&zl->czl.limit, limit);
+        VLOG_INFO("Changed zone limit of %u for zone %d", limit, zone);
+    } else {
+        ovs_mutex_lock(&ct->ct_lock);
+        err = zone_limit_create(ct, zone, limit) == NULL;
+        ovs_mutex_unlock(&ct->ct_lock);
+        if (!err) {
+            VLOG_INFO("Created zone limit of %u for zone %d", limit, zone);
+        } else {
+            VLOG_WARN("Request to create zone limit for invalid zone %d",
+                      zone);
+        }
+    }
+
+    return err;
+}
+
 static void
 conn_clean__(struct conntrack *ct, struct conn *conn)
     OVS_REQUIRES(ct->ct_lock)
@@ -917,13 +1043,14 @@ conn_not_found(struct conntrack *ct, struct dp_packet *pkt,
     }
 
     if (commit) {
-        uint32_t czl_limit;
+        int64_t czl_limit;
         struct conn_key_node *fwd_key_node, *rev_key_node;
         struct zone_limit *zl = zone_limit_lookup_or_default(ct,
                                                              ctx->key.zone);
         if (zl) {
-            atomic_read_relaxed(&zl->czl.limit, &czl_limit);
-            if (atomic_count_get(&zl->czl.count) >= czl_limit) {
+            czl_limit = zone_limit_get_limit(ct, &zl->czl);
+            if (czl_limit >= 0 &&
+                atomic_count_get(&zl->czl.count) >= czl_limit) {
                 COVERAGE_INC(conntrack_zone_full);
                 return nc;
             }
diff --git a/tests/system-traffic.at b/tests/system-traffic.at
index 3f1a15445..e7260c4f8 100644
--- a/tests/system-traffic.at
+++ b/tests/system-traffic.at
@@ -5594,6 +5594,41 @@ priority=100,in_port=2,udp,action=ct(zone=3,commit),1
 
 AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
 
+m4_define([UDP_PKT], [m4_join([,],
+  [eth_src=50:54:00:00:00:0$1,eth_dst=50:54:00:00:00:0$2,dl_type=0x0800],
+  [nw_src=10.1.1.$1,nw_dst=10.1.1.$2],
+  [nw_proto=17,nw_ttl=64,nw_frag=no],
+  [udp_src=1,udp_dst=$3])])
+
+AT_CHECK([ovs-appctl dpctl/ct-set-limits default=3])
+AT_CHECK([ovs-appctl dpctl/ct-get-limits], [],[dnl
+default limit=3
+])
+
+dnl Send 5 packets from each port in order to hit the default zone limit.
+for i in $(seq 2 6); do
+    pkt=$(ovs-ofctl compose-packet --bare "UDP_PKT([1], [2], [$i])")
+    AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 packet=${pkt} actions=resubmit(,0)"])
+done
+
+AT_CHECK([ovs-appctl dpctl/ct-get-limits zone=1], [],[dnl
+default limit=3
+zone=1,limit=3,count=3
+])
+
+for i in $(seq 2 6); do
+    pkt=$(ovs-ofctl compose-packet --bare "UDP_PKT([3], [4], [$i])")
+    AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=2 packet=${pkt} actions=resubmit(,0)"])
+done
+
+AT_CHECK([ovs-appctl dpctl/ct-get-limits zone=1,3], [],[dnl
+default limit=3
+zone=1,limit=3,count=3
+zone=3,limit=3,count=3
+])
+
+AT_CHECK([ovs-appctl dpctl/flush-conntrack])
+
 AT_CHECK([ovs-appctl dpctl/ct-set-limits default=10 zone=1,limit=5 zone=2,limit=3 zone=3,limit=3 zone=4,limit=15])
 AT_CHECK([ovs-appctl dpctl/ct-del-limits zone=2,4,5])
 AT_CHECK([ovs-appctl dpctl/ct-get-limits zone=1,2,3,4], [],[dnl
@@ -5605,15 +5640,10 @@ zone=4,limit=10,count=0
 ])
 
 dnl Test UDP from port 1
-AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 packet=50540000000a50540000000908004500001c000000000011a4cd0a0101010a0101020001000200080000 actions=resubmit(,0)"])
-AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 packet=50540000000a50540000000908004500001c000000000011a4cd0a0101010a0101020001000300080000 actions=resubmit(,0)"])
-AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 packet=50540000000a50540000000908004500001c000000000011a4cd0a0101010a0101020001000400080000 actions=resubmit(,0)"])
-AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 packet=50540000000a50540000000908004500001c000000000011a4cd0a0101010a0101020001000500080000 actions=resubmit(,0)"])
-AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 packet=50540000000a50540000000908004500001c000000000011a4cd0a0101010a0101020001000600080000 actions=resubmit(,0)"])
-AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 packet=50540000000a50540000000908004500001c000000000011a4cd0a0101010a0101020001000700080000 actions=resubmit(,0)"])
-AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 packet=50540000000a50540000000908004500001c000000000011a4cd0a0101010a0101020001000800080000 actions=resubmit(,0)"])
-AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 packet=50540000000a50540000000908004500001c000000000011a4cd0a0101010a0101020001000900080000 actions=resubmit(,0)"])
-AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 packet=50540000000a50540000000908004500001c000000000011a4cd0a0101010a0101020001000a00080000 actions=resubmit(,0)"])
+for i in $(seq 2 10); do
+    pkt=$(ovs-ofctl compose-packet --bare "UDP_PKT([1], [2], [$i])")
+    AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 packet=${pkt} actions=resubmit(,0)"])
+done
 
 AT_CHECK([ovs-appctl dpctl/ct-get-limits zone=1,2,3,4,5], [0], [dnl
 default limit=10
@@ -5640,11 +5670,10 @@ udp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=1,dport=6),reply=(src=10.1.1.2,dst=10.
 ])
 
 dnl Test UDP from port 2
-AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=2 packet=50540000000a50540000000908004500001c000000000011a4c90a0101030a0101040001000200080000 actions=resubmit(,0)"])
-AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=2 packet=50540000000a50540000000908004500001c000000000011a4c90a0101030a0101040001000300080000 actions=resubmit(,0)"])
-AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=2 packet=50540000000a50540000000908004500001c000000000011a4c90a0101030a0101040001000400080000 actions=resubmit(,0)"])
-AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=2 packet=50540000000a50540000000908004500001c000000000011a4c90a0101030a0101040001000500080000 actions=resubmit(,0)"])
-AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=2 packet=50540000000a50540000000908004500001c000000000011a4c90a0101030a0101040001000600080000 actions=resubmit(,0)"])
+for i in $(seq 2 6); do
+    pkt=$(ovs-ofctl compose-packet --bare "UDP_PKT([3], [4], [$i])")
+    AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=2 packet=${pkt} actions=resubmit(,0)"])
+done
 
 AT_CHECK([ovs-appctl dpctl/ct-get-limits zone=1,3], [0], [dnl
 default limit=10
@@ -5705,10 +5734,9 @@ default limit=10
 zone=1,limit=3,count=0
 zone=3,limit=3,count=0])
 
-for i in 2 3 4 5 6; do
-  packet="50540000000a50540000000908004500001c000000000011a4c90a0101030a0101040001000${i}00080000"
-  AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 \
-              "in_port=2 packet=${packet} actions=resubmit(,0)"])
+for i in $(seq 2 6); do
+    pkt=$(ovs-ofctl compose-packet --bare "UDP_PKT([3], [4], [$i])")
+    AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=2 packet=${pkt} actions=resubmit(,0)"])
 done
 
 AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep "orig=.src=10\.1\.1\.3," | sort ], [0], [dnl