From patchwork Sun May 17 05:08:47 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peng He X-Patchwork-Id: 1292039 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=pTyLlpPa; dkim-atps=neutral Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49Pqtp4FmQz9sRN for ; Sun, 17 May 2020 15:09:04 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 8F17B88020; Sun, 17 May 2020 05:09:00 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fWe7hEuqd6T4; Sun, 17 May 2020 05:08:55 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by whitealder.osuosl.org (Postfix) with ESMTP id 8FAD5877DC; Sun, 17 May 2020 05:08:55 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 7055BC0881; Sun, 17 May 2020 05:08:55 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 4DF73C07FF for ; Sun, 17 May 2020 05:08:53 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id E13B82042A for ; Sun, 17 May 2020 05:08:52 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0LwJvXaqBgAo for ; Sun, 17 May 2020 05:08:51 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-pl1-f193.google.com (mail-pl1-f193.google.com [209.85.214.193]) by silver.osuosl.org (Postfix) with ESMTPS id 964C420403 for ; Sun, 17 May 2020 05:08:51 +0000 (UTC) Received: by mail-pl1-f193.google.com with SMTP id m7so2731459plt.5 for ; Sat, 16 May 2020 22:08:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=0Hx9VvHYbe8Xg5hwKl3QNV/Ecl7HrAMBISX5gZtVHto=; b=pTyLlpPa6PeTp/ZWeDRTgaf6C38Zag7cTnxZbj+hA2mwYfwpNhgb3eeY8IYD6AiFsP cjpKn6Vj3zfZgtK9JC6pFp7WVHxEuxcUWMxgLr/lZPT1pwQULU5U4/w7qVm7OuDJm2/h JsMGTXC8GC4UM6t/hYYOWQgpbOxC7fQ+awpDHE3UbZ5YJYqCigGnNZo+spLOI+3hl43Q ocmm2hk5wZR4ILrynQ32oV+rSxUe8MJsqHHVcUTaafQ+2DK5XxogoNZV3bvcvVTSveYY 2C+GFTGWH+dEXWLQ3Q4mHCR0PRcD9sqpCkL8wlEaIlvRo0jp12Nefw1Vh5jP7WHulKAR tYkw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=0Hx9VvHYbe8Xg5hwKl3QNV/Ecl7HrAMBISX5gZtVHto=; b=o5pidPHgQsjSC/JNuNRdzSB3fSGdJ40t0K9miqxhgSM1Li+TyvwmxgyOPe4/6aJWQE qnbExN/syPBuq7hqNs81loyx+Z86O46O3zDsEDkIBHXWw8dWYmHo9EBFPAcijUAE6n1V ZhysyBy9h0uzL+KHmeW18O/AQ3cyHUF9j+lLoFJemRLdOmQJJk627XIzOeIXANpsUdiO zdG1lvR8O6OLsln0Er7frfZQHGqPPrjdAlz045WBVa6ATioThF8BZtAbP5Ayq399Wf/5 qupqKTH8uTBiplAwz6v0+pvbb404fSKcPW86QTfDSroLv6ehYW4Jfpx2D+vTl//Go0L4 qWAg== X-Gm-Message-State: AOAM532RPMkehlbEOSdZKAzzoFJ2jOZwTJSOsJVwC9IVh758hOmPBna6 mtdRLlLEfhQ5xup5QCPV2833EKidg0LBXA== X-Google-Smtp-Source: ABdhPJwEYKSC7xPV74vcLR9htYoOd+kSIOBzUOx49f4d684T7kyVE485STSzzHLApdLhHaVRy1pZSg== X-Received: by 2002:a17:90a:a590:: with SMTP id b16mr12518300pjq.177.1589692130500; Sat, 16 May 2020 22:08:50 -0700 (PDT) Received: from localhost ([103.136.220.66]) by smtp.gmail.com with ESMTPSA id y10sm5405193pfb.53.2020.05.16.22.08.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 16 May 2020 22:08:49 -0700 (PDT) From: "hepeng.0320" X-Google-Original-From: "hepeng.0320" To: dev@openvswitch.org Date: Sun, 17 May 2020 13:08:47 +0800 Message-Id: <20200517050847.87684-1-hepeng.0320@bytedance.com> X-Mailer: git-send-email 2.23.0 In-Reply-To: References: MIME-Version: 1.0 Subject: [ovs-dev] [PATCH] ofproto-dpif-xlate: do not unwildcard source address if not needed X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: hepeng if the tunnel is specified as "remote_ip=flow", we can try to generate a megaflow which ignores all source address, such as source mac, source IP address in the outter header of the packet. This can reduce the number of megaflows and avoid expensive upcall and improve the performance. Signed-off-by: hepeng --- include/openvswitch/flow.h | 2 ++ ofproto/ofproto-dpif-xlate.c | 16 +++++++++++- ofproto/tunnel.c | 17 +++++++++++++ ofproto/tunnel.h | 3 ++- tests/packet-type-aware.at | 2 +- tests/tunnel-push-pop-ipv6.at | 2 +- tests/tunnel-push-pop.at | 46 ++++++++++++++++++++++++++++++++++- 7 files changed, 83 insertions(+), 5 deletions(-) diff --git a/include/openvswitch/flow.h b/include/openvswitch/flow.h index 3054015d9..a4c810e63 100644 --- a/include/openvswitch/flow.h +++ b/include/openvswitch/flow.h @@ -204,6 +204,8 @@ struct flow_wildcards { ((WC)->masks.FIELD |= (MASK)) #define WC_UNMASK_FIELD(WC, FIELD) \ memset(&(WC)->masks.FIELD, 0, sizeof (WC)->masks.FIELD) +#define WC_FIELD_MASKED(WC, FIELD) \ + ((WC)->masks.FIELD != 0) void flow_wildcards_init_catchall(struct flow_wildcards *); diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c index 80fba84cb..e61bf9190 100644 --- a/ofproto/ofproto-dpif-xlate.c +++ b/ofproto/ofproto-dpif-xlate.c @@ -4088,7 +4088,17 @@ terminate_native_tunnel(struct xlate_ctx *ctx, struct flow *flow, /* XXX: Write better Filter for tunnel port. We can use in_port * in tunnel-port flow to avoid these checks completely. */ if (ovs_native_tunneling_is_on(ctx->xbridge->ofproto)) { - *tnl_port = tnl_port_map_lookup(flow, wc); + /* Check if the wc contains source info, if not, + * erase all source info including smac and sip. + */ + if (!WC_FIELD_MASKED(wc, nw_src)) { + *tnl_port = tnl_port_map_lookup(flow, wc); + if (*tnl_port != ODPP_NONE && !WC_FIELD_MASKED(wc, nw_src)) { + WC_UNMASK_FIELD(wc, dl_src); + } + } else { + *tnl_port = tnl_port_map_lookup(flow, wc); + } /* If no tunnel port was found and it's about an ARP or ICMPv6 packet, * do tunnel neighbor snooping. */ @@ -7636,6 +7646,10 @@ xlate_actions(struct xlate_in *xin, struct xlate_out *xout) ctx.xin->xport_uuid = in_port->uuid; } + if (in_port && in_port->is_tunnel) { + tnl_wc_init_by_port(in_port->ofport, ctx.wc); + } + if (flow->packet_type != htonl(PT_ETH) && in_port && in_port->pt_mode == NETDEV_PT_LEGACY_L3 && ctx.table_id == 0) { /* Add dummy Ethernet header to non-L2 packet if it's coming from a diff --git a/ofproto/tunnel.c b/ofproto/tunnel.c index 03f0ab765..892f3aa5f 100644 --- a/ofproto/tunnel.c +++ b/ofproto/tunnel.c @@ -300,6 +300,23 @@ tnl_port_del(const struct ofport_dpif *ofport, odp_port_t odp_port) fat_rwlock_unlock(&rwlock); } +void +tnl_wc_init_by_port(const struct ofport_dpif *ofport, + struct flow_wildcards *wc) +{ + struct tnl_port *tnl_port; + + fat_rwlock_rdlock(&rwlock); + tnl_port = tnl_find_ofport(ofport); + if (tnl_port) { + if (tnl_port->match.ip_dst_flow) { + WC_UNMASK_FIELD(wc, tunnel.ip_src); + WC_UNMASK_FIELD(wc, tunnel.ipv6_src); + } + } + fat_rwlock_unlock(&rwlock); +} + /* Looks in the table of tunnels for a tunnel matching the metadata in 'flow'. * Returns the 'ofport' corresponding to the new in_port, or a null pointer if * none is found. diff --git a/ofproto/tunnel.h b/ofproto/tunnel.h index 323f3fa03..166190875 100644 --- a/ofproto/tunnel.h +++ b/ofproto/tunnel.h @@ -45,7 +45,8 @@ bool tnl_process_ecn(struct flow *); odp_port_t tnl_port_send(const struct ofport_dpif *, struct flow *, struct flow_wildcards *wc); const char *tnl_port_get_type(const struct ofport_dpif *tnl_port); - +void tnl_wc_init_by_port(const struct ofport_dpif *ofport, + struct flow_wildcards *wc); /* Returns true if 'flow' should be submitted to tnl_port_receive(). */ static inline bool tnl_port_should_receive(const struct flow *flow) diff --git a/tests/packet-type-aware.at b/tests/packet-type-aware.at index 540cf98f3..9c16d1289 100644 --- a/tests/packet-type-aware.at +++ b/tests/packet-type-aware.at @@ -1019,7 +1019,7 @@ ovs-appctl time/warp 1000 AT_CHECK([ ovs-appctl dpctl/dump-flows --names dummy@ovs-dummy | strip_used | grep -v ipv6 | sort ], [0], [flow-dump from the main thread: -recirc_id(0),in_port(p0),packet_type(ns=0,id=0),eth(src=aa:bb:cc:00:00:02,dst=aa:bb:cc:00:00:01),eth_type(0x0800),ipv4(dst=20.0.0.1,proto=47,frag=no), packets:3, bytes:378, used:0.0s, actions:tnl_pop(gre_sys) +recirc_id(0),in_port(p0),packet_type(ns=0,id=0),eth(dst=aa:bb:cc:00:00:01),eth_type(0x0800),ipv4(dst=20.0.0.1,proto=47,frag=no), packets:3, bytes:378, used:0.0s, actions:tnl_pop(gre_sys) tunnel(src=20.0.0.2,dst=20.0.0.1,flags(-df-csum)),recirc_id(0),in_port(gre_sys),packet_type(ns=1,id=0x8847),eth_type(0x8847),mpls(label=999/0x0,tc=0/0,ttl=64/0x0,bos=1/1), packets:3, bytes:264, used:0.0s, actions:push_eth(src=00:00:00:00:00:00,dst=00:00:00:00:00:00),pop_mpls(eth_type=0x800),recirc(0x1) tunnel(src=20.0.0.2,dst=20.0.0.1,flags(-df-csum)),recirc_id(0x1),in_port(gre_sys),packet_type(ns=0,id=0),eth(dst=00:00:00:00:00:00),eth_type(0x0800),ipv4(ttl=64,frag=no), packets:3, bytes:294, used:0.0s, actions:set(ipv4(ttl=63)),int-br ]) diff --git a/tests/tunnel-push-pop-ipv6.at b/tests/tunnel-push-pop-ipv6.at index 59723e63b..dbe72f7e7 100644 --- a/tests/tunnel-push-pop-ipv6.at +++ b/tests/tunnel-push-pop-ipv6.at @@ -429,7 +429,7 @@ AT_CHECK([ovs-ofctl dump-ports int-br | grep 'port 5'], [0], [dnl port 5: rx pkts=1, bytes=98, drop=?, errs=?, frame=?, over=?, crc=? ]) AT_CHECK([ovs-appctl dpif/dump-flows int-br | grep 'in_port(6081)'], [0], [dnl -tunnel(tun_id=0x7b,ipv6_src=2001:cafe::92,ipv6_dst=2001:cafe::88,geneve({class=0xffff,type=0x80,len=4,0xa/0xf}{class=0xffff,type=0,len=4}),flags(-df-csum+key)),recirc_id(0),in_port(6081),packet_type(ns=0,id=0),eth_type(0x0800),ipv4(frag=no), packets:0, bytes:0, used:never, actions:userspace(pid=0,controller(reason=1,dont_send=0,continuation=0,recirc_id=3,rule_cookie=0,controller_id=0,max_len=65535)) +tunnel(tun_id=0x7b,ipv6_dst=2001:cafe::88,geneve({class=0xffff,type=0x80,len=4,0xa/0xf}{class=0xffff,type=0,len=4}),flags(-df-csum+key)),recirc_id(0),in_port(6081),packet_type(ns=0,id=0),eth_type(0x0800),ipv4(frag=no), packets:0, bytes:0, used:never, actions:userspace(pid=0,controller(reason=1,dont_send=0,continuation=0,recirc_id=3,rule_cookie=0,controller_id=0,max_len=65535)) ]) ovs-appctl time/warp 10000 diff --git a/tests/tunnel-push-pop.at b/tests/tunnel-push-pop.at index 48c5de9d1..b35c2eab2 100644 --- a/tests/tunnel-push-pop.at +++ b/tests/tunnel-push-pop.at @@ -519,7 +519,7 @@ AT_CHECK([ovs-ofctl dump-ports int-br | grep 'port 5'], [0], [dnl port 5: rx pkts=1, bytes=98, drop=?, errs=?, frame=?, over=?, crc=? ]) AT_CHECK([ovs-appctl dpif/dump-flows int-br | grep 'in_port(6081)'], [0], [dnl -tunnel(tun_id=0x7b,src=1.1.2.92,dst=1.1.2.88,geneve({class=0xffff,type=0x80,len=4,0xa/0xf}{class=0xffff,type=0,len=4}),flags(-df-csum+key)),recirc_id(0),in_port(6081),packet_type(ns=0,id=0),eth_type(0x0800),ipv4(frag=no), packets:0, bytes:0, used:never, actions:userspace(pid=0,controller(reason=1,dont_send=0,continuation=0,recirc_id=2,rule_cookie=0,controller_id=0,max_len=65535)) +tunnel(tun_id=0x7b,dst=1.1.2.88,geneve({class=0xffff,type=0x80,len=4,0xa/0xf}{class=0xffff,type=0,len=4}),flags(-df-csum+key)),recirc_id(0),in_port(6081),packet_type(ns=0,id=0),eth_type(0x0800),ipv4(frag=no), packets:0, bytes:0, used:never, actions:userspace(pid=0,controller(reason=1,dont_send=0,continuation=0,recirc_id=2,rule_cookie=0,controller_id=0,max_len=65535)) ]) ovs-appctl time/warp 10000 @@ -645,3 +645,47 @@ NXST_FLOW reply: OVS_VSWITCHD_STOP AT_CLEANUP + +AT_SETUP([tunnel_push_pop - specify tun_src when remote_ip=flow]) + +OVS_VSWITCHD_START([add-port br0 p0 -- set Interface p0 type=dummy ofport_request=1 other-config:hwaddr=aa:55:aa:55:00:00]) +AT_CHECK([ovs-vsctl add-br int-br -- set bridge int-br datapath_type=dummy], [0]) +AT_CHECK([ovs-vsctl add-port int-br t1 -- set Interface t1 type=gre \ + options:remote_ip=flow options:key=flow options:seq=true ofport_request=3], [0]) + +AT_CHECK([ovs-appctl dpif/show], [0], [dnl +dummy@ovs-dummy: hit:0 missed:0 + br0: + br0 65534/100: (dummy-internal) + p0 1/1: (dummy) + int-br: + int-br 65534/2: (dummy-internal) + t1 3/3: (gre: key=flow, remote_ip=flow, seq=true) +]) + +AT_CHECK([ovs-appctl netdev-dummy/ip4addr br0 1.1.2.88/24], [0], [OK +]) +AT_CHECK([ovs-appctl ovs/route/add 1.1.2.92/24 br0], [0], [OK +]) +AT_CHECK([ovs-ofctl add-flow br0 'arp,priority=1,action=normal']) + +dnl Use arp reply to achieve tunnel next hop mac binding +AT_CHECK([ovs-appctl netdev-dummy/receive p0 'recirc_id(0),in_port(1),eth(src=f8:bc:12:44:34:b6,dst=aa:55:aa:55:00:00),eth_type(0x0806),arp(sip=1.1.2.92,tip=1.1.2.88,op=2,sha=f8:bc:12:44:34:b6,tha=00:00:00:00:00:00)']) + +AT_CHECK([ovs-appctl tnl/neigh/show | tail -n+3 | sort], [0], [dnl +1.1.2.92 f8:bc:12:44:34:b6 br0 +]) + +AT_CHECK([ovs-ofctl add-flow br0 'ip,ip_proto=47,nw_tos=0,eth_src=aa:55:aa:55:00:00,eth_dst=f8:bc:12:44:34:b6,ip_src=1.1.2.88,ip_dst=1.1.2.92,priority=99,action=normal']) + +dnl add a flow specifying tun_src +AT_CHECK([ovs-ofctl add-flow int-br 'tun_src=1.1.2.92,in_port=3,action=drop']) + +AT_CHECK([ovs-appctl ofproto/trace int-br 'tun_src=1.1.2.92,tun_dst=1.1.2.88,tun_id=456,in_port=3'], [0], [stdout]) +AT_CHECK([tail -2 stdout], [0], + [Megaflow: recirc_id=0,eth,tun_id=0x1c8,tun_src=1.1.2.92,tun_dst=1.1.2.88,tun_tos=0,tun_flags=-df-csum-key,in_port=3,dl_type=0x0000 +Datapath actions: drop +]) + +OVS_VSWITCHD_STOP +AT_CLEANUP