From patchwork Thu Aug 15 19:31:12 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yi-Hung Wei X-Patchwork-Id: 1147800 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="XCZLoUc4"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 468c6X4l5Cz9s00 for ; Fri, 16 Aug 2019 05:32:36 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 9CC1810EA; Thu, 15 Aug 2019 19:31:45 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 3D5AC10CD for ; Thu, 15 Aug 2019 19:31:44 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pl1-f193.google.com (mail-pl1-f193.google.com [209.85.214.193]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 38EB6CF for ; Thu, 15 Aug 2019 19:31:43 +0000 (UTC) Received: by mail-pl1-f193.google.com with SMTP id a93so1438897pla.7 for ; Thu, 15 Aug 2019 12:31:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=HokuR3iwQmga23/OyydOqYSEnf9EqTAofiYa4pcr02w=; b=XCZLoUc4hSqRIQP4q3hIahB6Ep83Gqza9TqopeRxIcrTs83m9KZ7+WFd733r9NJaTq 8yzSGEb3RRz0BjfPh7abZNSY7OZANCFs2nT6aTKegMJ/hiObOq4wqyj+cEraGVuPeScZ lJub/gANrYSi9VxINfGLM0xLUsRGfbzyzDT6TQk4Sh6f8bx/bz7dn+kIRtrMizdEivQv TzfBymRBwoSZVKKX8/uCtI0wjq8RW9JoWDaUK0z1Cv4uj0UpuOXWoCuWGPLrNo1FtC1i /VWVQI3CIpEmSFnuauUO3j/MlvsYLbOzTH3FnAJ+XC4EofnowQ8twqflJiHkkTzKJB4f WI1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=HokuR3iwQmga23/OyydOqYSEnf9EqTAofiYa4pcr02w=; b=WtkJMBiPbpeI7L2RDTcCYGrRV5XguJ6aoU9yn7zyDW6zOeP7h9BrY+iN2f2v+rKzIR hhDrs6uVj6hgh9VnR+9wiWgt2ebUSEl5E7mMGpezhUbPMkRVJ0/Z8RfDVkrogbWRgmCN kMsVdqgUQXJ7YUn7uOytMaezg0vrbEMGMd1JDRKXgMtzFSPTtzktNEymeyOlIOoIDWKU +DDs+cJabaU/vHk0iYrRsucPmw+KvPLUeVGlbQlg6LXRllYugAiBVNawR7zOW4jOAQOd yWdQh8eWsZGrrYLzjagIao0g6hO//OrWUIK5tKbIcEuNq2JG0Muoj/AEp5fz/cEqUngu VTNA== X-Gm-Message-State: APjAAAU3Tk9KturRYLI+N9W0pjmt1o09OFVdRORpIZubs5KjXT+qjwIc 2c3JQ7VdxmSP7NtNU2lhiHQjk06y X-Google-Smtp-Source: APXvYqxK8Kvn+BrNCddE9EkrBeiBPuT2uidVfIAbguB3+xxT4glVPCoYF93/bJnytxwHgsrxqBwEFQ== X-Received: by 2002:a17:902:100a:: with SMTP id b10mr5603576pla.338.1565897502198; Thu, 15 Aug 2019 12:31:42 -0700 (PDT) Received: from vm-main.eng.vmware.com ([66.170.99.1]) by smtp.gmail.com with ESMTPSA id ce7sm1925232pjb.16.2019.08.15.12.31.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 15 Aug 2019 12:31:40 -0700 (PDT) From: Yi-Hung Wei To: dev@openvswitch.org Date: Thu, 15 Aug 2019 12:31:12 -0700 Message-Id: <1565897480-120133-2-git-send-email-yihung.wei@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1565897480-120133-1-git-send-email-yihung.wei@gmail.com> References: <1565897480-120133-1-git-send-email-yihung.wei@gmail.com> X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH v4 1/9] ovs-vswitchd: Add Datapath, CT_Zone, and CT_Zone_Policy tables. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org From: Justin Pettit Signed-off-by: Justin Pettit Signed-off-by: Yi-Hung Wei Co-authored-by: Yi-Hung Wei --- vswitchd/vswitch.ovsschema | 51 ++++++++- vswitchd/vswitch.xml | 275 +++++++++++++++++++++++++++++++++++++-------- 2 files changed, 277 insertions(+), 49 deletions(-) diff --git a/vswitchd/vswitch.ovsschema b/vswitchd/vswitch.ovsschema index f7c6eb8983cd..c0a2242ad345 100644 --- a/vswitchd/vswitch.ovsschema +++ b/vswitchd/vswitch.ovsschema @@ -1,9 +1,14 @@ {"name": "Open_vSwitch", - "version": "8.0.0", - "cksum": "3962141869 23978", + "version": "8.1.0", + "cksum": "1635647160 26090", "tables": { "Open_vSwitch": { "columns": { + "datapaths": { + "type": {"key": {"type": "string"}, + "value": {"type": "uuid", + "refTable": "Datapath"}, + "min": 0, "max": "unlimited"}}, "bridges": { "type": {"key": {"type": "uuid", "refTable": "Bridge"}, @@ -629,6 +634,48 @@ "min": 0, "max": "unlimited"}, "ephemeral": true}}, "indexes": [["target"]]}, + "Datapath": { + "columns": { + "datapath_version": { + "type": "string"}, + "ct_zones": { + "type": {"key": {"type": "integer", + "minInteger": 0, + "maxInteger": 65535}, + "value": {"type": "uuid", + "refTable": "CT_Zone"}, + "min": 0, "max": "unlimited"}}, + "external_ids": { + "type": {"key": "string", "value": "string", + "min": 0, "max": "unlimited"}}}}, + "CT_Zone": { + "columns": { + "timeout_policy": { + "type": {"key": {"type": "uuid", + "refTable": "CT_Timeout_Policy"}, + "min": 0, "max": 1}}, + "external_ids": { + "type": {"key": "string", "value": "string", + "min": 0, "max": "unlimited"}}}}, + "CT_Timeout_Policy": { + "columns": { + "timeouts": { + "type": {"key": {"type" : "string", + "enum": ["set", ["tcp_syn_sent", "tcp_syn_recv", + "tcp_established", "tcp_fin_wait", + "tcp_close_wait", "tcp_last_ack", + "tcp_time_wait", "tcp_close", + "tcp_syn_sent2", "tcp_retransmit", + "tcp_unack", "udp_first", + "udp_single", "udp_multiple", + "icmp_first", "icmp_reply"]]}, + "value": {"type" : "integer", + "minInteger" : 0, + "maxInteger" : 4294967295}, + "min": 0, "max": "unlimited"}}, + "external_ids": { + "type": {"key": "string", "value": "string", + "min": 0, "max": "unlimited"}}}}, "SSL": { "columns": { "private_key": { diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml index 027aee2f523b..00e37c47c075 100644 --- a/vswitchd/vswitch.xml +++ b/vswitchd/vswitch.xml @@ -52,6 +52,13 @@ one record in the table. + + Map of datapath types to datapaths. The + column of the + table is used as a key for this map. The value points to a row in + the table. + + Set of bridges managed by the daemon. @@ -1192,53 +1199,11 @@ -

- Reports the version number of the Open vSwitch datapath in use. - This allows management software to detect and report discrepancies - between Open vSwitch userspace and datapath versions. (The column in the reports the Open vSwitch userspace version.) - The version reported depends on the datapath in use: -

- -
    -
  • - When the kernel module included in the Open vSwitch source tree is - used, this column reports the Open vSwitch version from which the - module was taken. -
    • - -
  • - When the kernel module that is part of the upstream Linux kernel is - used, this column reports <unknown>. -
    • - -
  • - When the datapath is built into the ovs-vswitchd - binary, this column reports <built-in>. A - built-in datapath is by definition the same version as the rest of - the Open VSwitch userspace. -
    • - -
  • - Other datapaths (such as the Hyper-V kernel datapath) currently - report <unknown>. -
    • -
- -

- A version discrepancy between ovs-vswitchd and the - datapath in use is not normally cause for alarm. The Open vSwitch - kernel datapaths for Linux and Hyper-V, in particular, are designed - for maximum inter-version compatibility: any userspace version works - with with any kernel version. Some reasons do exist to insist on - particular user/kernel pairings. First, newer kernel versions add - new features, that can only be used by new-enough userspace, e.g. - VXLAN tunneling requires certain minimal userspace and kernel - versions. Second, as an extension to the first reason, some newer - kernel versions add new features for enhancing performance that only - new-enough userspace versions can take advantage of. -

+ Reports the datapath version. This column is maintained for + backwards compatibility. The preferred locatation is the + column of the + table. The full documentation for this + column is there. @@ -5560,6 +5525,222 @@ ovs-vsctl add-port br0 p0 -- set Interface p0 type=patch options:peer=p1 \ + +

+ Configuration for a datapath within . +

+

+ A datapath is responsible for providing the packet handling in Open + vSwitch. There are two primary datapath implementations used by + Open vSwitch: kernel and userspace. Kernel datapath + implementations are available for Linux and Hyper-V, and selected + as system in the column + of the table. The userspace datapath is used + by DPDK and AF-XDP, and is selected as netdev in the + column of the + table. +

+

+ A datapath of a particular type is shared by all the bridges that use + that datapath. Thus, configurations applied to this table affect + all bridges that use this datapath. +

+ + +

+ Reports the version number of the Open vSwitch datapath in use. + This allows management software to detect and report discrepancies + between Open vSwitch userspace and datapath versions. (The column in the reports the Open vSwitch userspace version.) + The version reported depends on the datapath in use: +

+ +
    +
  • + When the kernel module included in the Open vSwitch source tree is + used, this column reports the Open vSwitch version from which the + module was taken. +
    • + +
  • + When the kernel module that is part of the upstream Linux kernel is + used, this column reports <unknown>. +
    • + +
  • + When the datapath is built into the ovs-vswitchd + binary, this column reports <built-in>. A + built-in datapath is by definition the same version as the rest of + the Open vSwitch userspace. +
    • + +
  • + Other datapaths (such as the Hyper-V kernel datapath) currently + report <unknown>. +
    • +
+ +

+ A version discrepancy between ovs-vswitchd and the + datapath in use is not normally cause for alarm. The Open vSwitch + kernel datapaths for Linux and Hyper-V, in particular, are designed + for maximum inter-version compatibility: any userspace version works + with with any kernel version. Some reasons do exist to insist on + particular user/kernel pairings. First, newer kernel versions add + new features, that can only be used by new-enough userspace, e.g. + VXLAN tunneling requires certain minimal userspace and kernel + versions. Second, as an extension to the first reason, some newer + kernel versions add new features for enhancing performance that only + new-enough userspace versions can take advantage of. +

+ + + + Configuration for connection tracking zones. Each pair maps from a + zone id to a configuration for that zone. Zone 0 applies + to the default zone (ie, the one used if a zone is not specified in + connection tracking-related OpenFlow matches and actions). + + + + The overall purpose of these columns is described under Common + Columns at the beginning of this document. + + + +
+ + + Connection tracking zone configuration + + + Connection tracking timeout policy for this zone. If a timeout policy + is not specified, it defaults to the timeout policy in the system. + + + + The overall purpose of these columns is described under Common + Columns at the beginning of this document. + + + +
+ + + Connection tracking timeout policy configuration + + + + The timeouts column contains key-value pairs used + to configure connection tracking timeouts in a datapath. + Key-value pairs that are not supported by a datapath are + ignored. The timeout value is in seconds. + + + + + The timeout for the connection after the first TCP SYN packet has + been seen by conntrack. + + + + The timeout of the connection after the first TCP SYN-ACK packet + has been seen by conntrack. + + + + The timeout of the connection after the connection has been fully + established. + + + + The timeout of the connection after the first TCP FIN packet + has been seen by conntrack. + + + + The timeout of the connection after the first TCP ACK packet + has been seen after it receives TCP FIN packet. This timeout + is only supported by the Linux kernel datapath. + + + + The timeout of the connection after TCP FIN packets have been + seen by conntrack from both directions. This timeout is only + supported by the Linux kernel datapath. + + + + The timeout of the connection after conntrack has seen the + TCP ACK packet for the second TCP FIN packet. + + + + The timeout of the connection after the first TCP RST packet + has been seen by conntrack. + + + + The timeout of the connection when only a TCP SYN packet has been + seen by conntrack from both directions (simultaneous open). + This timeout is only supported by the Linux kernel datapath. + + + + The timeout of the connection when it exceeds the maximum + number of retransmissions. This timeout is only supported by + the Linux kernel datapath. + + + + The timeout of the connection when non-SYN packets create an + established connection in TCP loose tracking mode. This timeout + is only supported by the Linux kernel datapath. + + + + + + The timeout of the connection after the first UDP packet has + been seen by conntrack. This timeout is only supported by the + userspace datapath. + + + + The timeout of the connection when conntrack only seen UDP + packet from the source host, but the destination host has never + sent one back. + + + + The timeout of the connection when UDP packets have been seen in + both directions. + + + + + + The timeout of the connection after the first ICMP packet has + been seen by conntrack. + + + + The timeout of the connection after an ICMP error is replied in + response to an ICMP packet. This timeout is only supported by + the userspace datapath. + + + + + + The overall purpose of these columns is described under Common + Columns at the beginning of this document. + + + +
+ SSL configuration for an Open_vSwitch.