From patchwork Mon Jul  9 23:48:14 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Darrell Ball <dlu998@gmail.com>
X-Patchwork-Id: 941747
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=openvswitch.org
	(client-ip=140.211.169.12; helo=mail.linuxfoundation.org;
	envelope-from=ovs-dev-bounces@openvswitch.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="Hau3Q0Wk"; dkim-atps=neutral
Received: from mail.linuxfoundation.org (mail.linuxfoundation.org
	[140.211.169.12])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 41PhwB0kfYz9s0W
	for <incoming@patchwork.ozlabs.org>;
	Tue, 10 Jul 2018 09:52:42 +1000 (AEST)
Received: from mail.linux-foundation.org (localhost [127.0.0.1])
	by mail.linuxfoundation.org (Postfix) with ESMTP id 35F70FC7;
	Mon,  9 Jul 2018 23:48:44 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@mail.linuxfoundation.org
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 52CCCFBE
	for <dev@openvswitch.org>; Mon,  9 Jul 2018 23:48:43 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-pf0-f193.google.com (mail-pf0-f193.google.com
	[209.85.192.193])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 9DDA277D
	for <dev@openvswitch.org>; Mon,  9 Jul 2018 23:48:42 +0000 (UTC)
Received: by mail-pf0-f193.google.com with SMTP id s21-v6so14764998pfm.6
	for <dev@openvswitch.org>; Mon, 09 Jul 2018 16:48:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=from:to:subject:date:message-id:in-reply-to:references;
	bh=ltS92M2jYGTf5epLw+Gf94mbYLbmtDduS2vI9tPRV7E=;
	b=Hau3Q0WkPMXgjKhEfrosN24uDrIVzjBCgb/6aMBYzt2XlAcUwN6dGhTMMpnnnTG4/Y
	2Y+syVwPLqMQGApcVAPk8NZmnzdhUJO4Zm8DMIfN8DQTdfS1E8T+oSzjgethj29NAXJB
	Vw8vy3H/jg+C0OnvKFDxpcOe9/up1neK2nBzR+17NblvvhZtQPl9Tpyh7NaSnwegyt9R
	o6D2pVGESvx5W5Nq20cGnTTO5nFKEvme6tz/JquMwfkQ1Sv9J9RUaeprPgUnEENtevgg
	YYXDz1Hn/e4DVnyTgHUyacC4qYOAtzd81cm7XGOKPjsOmPvlwCV3nLLRUHhk2J1LG6j8
	kv2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references;
	bh=ltS92M2jYGTf5epLw+Gf94mbYLbmtDduS2vI9tPRV7E=;
	b=XxPXlRo5kOHyLC2WjrgdxTs7/U9BQ3RHhkTz6GoP6F7ujLzJxKtddg92neBlf6AfgB
	yxgjjjpHCWCLmpGgo+0T7R1/GTuPfxab/sagJYC2/AcmTLV0aPLVtBj3odsy9UJci7XZ
	B1xCHH2R/3DZqpo8GNsxdhyEXOQ8FYz8rxFfDYemU5jMo610HrDdfpAtdEggXyMohtg1
	fgNrpY5B9rngl8zEJjJZX9t1XkLCm8t0I3JNANbnuXOYA2qnWSq67LLIKKZbd/Cv6Pi4
	iyIkFHPVk2cAe3IVkINh5zR7ixwg6Ep2BtshxTGovBeIrFZXpbmOTpZKiolaKMJVPtxO
	dGuw==
X-Gm-Message-State: APt69E2zJP2vHXznKn2nm63DDKMpVjUih4k4mYVKHxXK6fdAm3jwV2Mf
	4Yn8wpHBqQYwKuQHdMoQXK4=
X-Google-Smtp-Source: 
 AAOMgpdp7WFVHHfQKppDCNsvaxl9eGbO02hyIZEZuvhvRAMY8fy6Wm1S3XeE57htdy/jiiaQxfLsPg==
X-Received: by 2002:a65:6109:: with SMTP id
	z9-v6mr6532458pgu.243.1531180122228;
	Mon, 09 Jul 2018 16:48:42 -0700 (PDT)
Received: from ubuntu.localdomain ([208.91.3.26])
	by smtp.gmail.com with ESMTPSA id
	r188-v6sm30849988pgr.78.2018.07.09.16.48.40
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Mon, 09 Jul 2018 16:48:41 -0700 (PDT)
From: Darrell Ball <dlu998@gmail.com>
To: dlu998@gmail.com,
	dev@openvswitch.org,
	jpettit@ovn.org
Date: Mon,  9 Jul 2018 16:48:14 -0700
Message-Id: <1531180095-74941-9-git-send-email-dlu998@gmail.com>
X-Mailer: git-send-email 1.9.1
In-Reply-To: <1531180095-74941-1-git-send-email-dlu998@gmail.com>
References: <1531180095-74941-1-git-send-email-dlu998@gmail.com>
X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,
	RCVD_IN_DNSWL_NONE autolearn=no version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Subject: [ovs-dev] [patch v7 8/9] ipf: Add set maximum fragments supported
	command.
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
	<mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
	<mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
MIME-Version: 1.0
Sender: ovs-dev-bounces@openvswitch.org
Errors-To: ovs-dev-bounces@openvswitch.org

A new command "ovs-appctl dpctl/ipf-set-max-nfrags" is added
for userspace datapath conntrack fragmentation support.

Signed-off-by: Darrell Ball <dlu998@gmail.com>
---
 NEWS                |  2 ++
 lib/ct-dpif.c       |  8 ++++++++
 lib/ct-dpif.h       |  1 +
 lib/dpctl.c         | 30 ++++++++++++++++++++++++++++++
 lib/dpctl.man       |  8 ++++++++
 lib/dpif-netdev.c   |  8 ++++++++
 lib/dpif-netlink.c  |  1 +
 lib/dpif-provider.h |  2 ++
 lib/ipf.c           | 10 ++++++++++
 lib/ipf.h           |  2 ++
 10 files changed, 72 insertions(+)

diff --git a/NEWS b/NEWS
index 9ab9970..2b22a84 100644
--- a/NEWS
+++ b/NEWS
@@ -22,6 +22,8 @@ Post-v2.9.0
        conntrack fragmentation support.
      * New "ovs-appctl dpctl/ipf-set-min-frag" command for userspace
        datapath conntrack fragmentation support.
+     * New "ovs-appctl dpctl/ipf-set-max-nfrags" command for userspace datapath
+       conntrack fragmentation support.
    - ovs-vsctl: New commands "add-bond-iface" and "del-bond-iface".
    - OpenFlow:
      * OFPT_ROLE_STATUS is now available in OpenFlow 1.3.
diff --git a/lib/ct-dpif.c b/lib/ct-dpif.c
index d5596af..ee23a4d 100644
--- a/lib/ct-dpif.c
+++ b/lib/ct-dpif.c
@@ -180,6 +180,14 @@ ct_dpif_ipf_set_min_frag(struct dpif *dpif, bool v6, uint32_t min_frag)
             : EOPNOTSUPP);
 }
 
+int
+ct_dpif_ipf_set_max_nfrags(struct dpif *dpif, uint32_t max_frags)
+{
+    return (dpif->dpif_class->ipf_set_max_nfrags
+            ? dpif->dpif_class->ipf_set_max_nfrags(dpif, max_frags)
+            : EOPNOTSUPP);
+}
+
 void
 ct_dpif_entry_uninit(struct ct_dpif_entry *entry)
 {
diff --git a/lib/ct-dpif.h b/lib/ct-dpif.h
index 6eb55b4..f886ab9 100644
--- a/lib/ct-dpif.h
+++ b/lib/ct-dpif.h
@@ -203,6 +203,7 @@ int ct_dpif_get_maxconns(struct dpif *dpif, uint32_t *maxconns);
 int ct_dpif_get_nconns(struct dpif *dpif, uint32_t *nconns);
 int ct_dpif_ipf_set_enabled(struct dpif *, bool v6, bool enable);
 int ct_dpif_ipf_set_min_frag(struct dpif *, bool, uint32_t);
+int ct_dpif_ipf_set_max_nfrags(struct dpif *, uint32_t);
 void ct_dpif_entry_uninit(struct ct_dpif_entry *);
 void ct_dpif_format_entry(const struct ct_dpif_entry *, struct ds *,
                           bool verbose, bool print_stats);
diff --git a/lib/dpctl.c b/lib/dpctl.c
index e74d713..ab0f60b 100644
--- a/lib/dpctl.c
+++ b/lib/dpctl.c
@@ -1764,6 +1764,34 @@ dpctl_ipf_set_min_frag(int argc, const char *argv[],
     return error;
 }
 
+static int
+dpctl_ipf_set_max_nfrags(int argc, const char *argv[],
+                         struct dpctl_params *dpctl_p)
+{
+    struct dpif *dpif;
+    int error = opt_dpif_open(argc, argv, dpctl_p, 3, &dpif);
+    if (!error) {
+        uint32_t nfrags_max;
+        if (ovs_scan(argv[argc - 1], "%"SCNu32, &nfrags_max)) {
+            error = ct_dpif_ipf_set_max_nfrags(dpif, nfrags_max);
+            if (!error) {
+                dpctl_print(dpctl_p,
+                            "setting maximum fragments successful");
+            } else {
+                dpctl_error(dpctl_p, error,
+                            "setting maximum fragments failed");
+            }
+        } else {
+            error = EINVAL;
+            dpctl_error(dpctl_p, error,
+                        "parameter missing for maximum fragments");
+        }
+        dpif_close(dpif);
+    }
+
+    return error;
+}
+
 /* Undocumented commands for unit testing. */
 
 static int
@@ -2069,6 +2097,8 @@ static const struct dpctl_command all_commands[] = {
        dpctl_ipf_set_disabled, DP_RW },
     { "ipf-set-min-frag", "[dp] v4 | v6 minfragment", 2, 3,
        dpctl_ipf_set_min_frag, DP_RW },
+    { "ipf-set-max-nfrags", "[dp] maxfrags", 1, 2,
+       dpctl_ipf_set_max_nfrags, DP_RW },
     { "help", "", 0, INT_MAX, dpctl_help, DP_RO },
     { "list-commands", "", 0, INT_MAX, dpctl_list_commands, DP_RO },
 
diff --git a/lib/dpctl.man b/lib/dpctl.man
index 900900d..c6c4a87 100644
--- a/lib/dpctl.man
+++ b/lib/dpctl.man
@@ -296,3 +296,11 @@ must be specified.  The default v4 value is 1200 and the clamped minimum is
 400.  The default v6 value is 1280, with a clamped minimum of 400, for
 testing flexibility.  The maximum frag size is not clamped, however setting
 this value too high might result in valid fragments being dropped.
+.
+.TP
+\*(DX\fBipf\-set\-max\-nfrags\fR [\fIdp\fR] \fImaxfrags\fR
+Sets the maximum number of fragments tracked by the userspace datapath
+connection tracker.  The default value is 1000 and the clamped maximum
+is 5000.  Note that packet buffers can be held by the fragmentation
+module while fragments are incomplete, but will timeout after 15 seconds.
+Memory pool sizing should be set accordingly when fragmentation is enabled.
diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c
index 653c313..76bc1d9 100644
--- a/lib/dpif-netdev.c
+++ b/lib/dpif-netdev.c
@@ -6546,6 +6546,13 @@ dpif_netdev_ipf_set_min_frag(struct dpif *dpif OVS_UNUSED, bool v6,
     return ipf_set_min_frag(v6, min_frag);
 }
 
+static int
+dpif_netdev_ipf_set_max_nfrags(struct dpif *dpif OVS_UNUSED,
+                               uint32_t max_frags)
+{
+    return ipf_set_max_nfrags(max_frags);
+}
+
 const struct dpif_class dpif_netdev_class = {
     "netdev",
     dpif_netdev_init,
@@ -6596,6 +6603,7 @@ const struct dpif_class dpif_netdev_class = {
     dpif_netdev_ct_get_nconns,
     dpif_netdev_ipf_set_enabled,
     dpif_netdev_ipf_set_min_frag,
+    dpif_netdev_ipf_set_max_nfrags,
     dpif_netdev_meter_get_features,
     dpif_netdev_meter_set,
     dpif_netdev_meter_get,
diff --git a/lib/dpif-netlink.c b/lib/dpif-netlink.c
index 043398d..80c54f5 100644
--- a/lib/dpif-netlink.c
+++ b/lib/dpif-netlink.c
@@ -3008,6 +3008,7 @@ const struct dpif_class dpif_netlink_class = {
     NULL,                       /* ct_get_nconns */
     NULL,                       /* ipf_set_enabled */
     NULL,                       /* ipf_set_min_frag */
+    NULL,                       /* ipf_set_max_nfrags */
     dpif_netlink_meter_get_features,
     dpif_netlink_meter_set,
     dpif_netlink_meter_get,
diff --git a/lib/dpif-provider.h b/lib/dpif-provider.h
index 62a4574..214f570 100644
--- a/lib/dpif-provider.h
+++ b/lib/dpif-provider.h
@@ -449,6 +449,8 @@ struct dpif_class {
     int (*ipf_set_enabled)(struct dpif *, bool v6, bool enabled);
     /* Set minimum fragment allowed. */
     int (*ipf_set_min_frag)(struct dpif *, bool v6, uint32_t min_frag);
+    /* Set maximum number of fragments tracked. */
+    int (*ipf_set_max_nfrags)(struct dpif *, uint32_t max_nfrags);
 
     /* Meters */
     /* Queries 'dpif' for supported meter features.
diff --git a/lib/ipf.c b/lib/ipf.c
index 2b435c7..ef3236a 100644
--- a/lib/ipf.c
+++ b/lib/ipf.c
@@ -1294,3 +1294,13 @@ ipf_set_min_frag(bool v6, uint32_t value)
     ipf_lock_unlock(&ipf_lock);
     return 0;
 }
+
+int
+ipf_set_max_nfrags(uint32_t value)
+{
+    if (value > IPF_NFRAG_UBOUND) {
+        return 1;
+    }
+    atomic_store_relaxed(&nfrag_max, value);
+    return 0;
+}
diff --git a/lib/ipf.h b/lib/ipf.h
index fa6da5d..4289e5e 100644
--- a/lib/ipf.h
+++ b/lib/ipf.h
@@ -61,4 +61,6 @@ int ipf_set_enabled(bool v6, bool enable);
 
 int ipf_set_min_frag(bool v6, uint32_t value);
 
+int ipf_set_max_nfrags(uint32_t value);
+
 #endif /* ipf.h */