From patchwork Sun Feb 4 16:22:39 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Darrell Ball X-Patchwork-Id: 869049 X-Patchwork-Delegate: ian.stokes@intel.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="EO4SdYyG"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zZGLx06Qdz9s7v for ; Mon, 5 Feb 2018 03:26:33 +1100 (AEDT) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 5D5DFFC1; Sun, 4 Feb 2018 16:23:09 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 70D27F87 for ; Sun, 4 Feb 2018 16:23:06 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pl0-f67.google.com (mail-pl0-f67.google.com [209.85.160.67]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 7C3F3305 for ; Sun, 4 Feb 2018 16:23:05 +0000 (UTC) Received: by mail-pl0-f67.google.com with SMTP id k8so7906095pli.8 for ; Sun, 04 Feb 2018 08:23:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references; bh=pngLDUf7x8zTDuGptJCKN/7m2e2roKYw6labjf7iP+s=; b=EO4SdYyGAdjL60uiE9315hS47yPPa2/BM2V1pUW219owo9FLrmVjghI4DouHNENTvP sw2ij/xnScG/L6bqz1yKvmEQQrcfpKuhwofAEnNY8gcdRLzS1GcDb8OYSnueoLuYZ6Uy rc+2KQTIhCKdrZ/le3LHymaC0OtUjNSodA5q0dWwEIJf8pGwx4N7UIjriEQplf5EEXXX 7aWMksX+O1w+T05GZEnMTnQBE+wL/LADDQzqWJCZjsIX6PHTgroFh1QCJHfMj8C/YymV dgJ+YZzSkQLDWqQJbXNtrgObgxX2uSiyEWMrFkpOCJDDZRKbhkrq8dPEz2Z801gtF7xQ PwTA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=pngLDUf7x8zTDuGptJCKN/7m2e2roKYw6labjf7iP+s=; b=GSe63xjgsgp1KIwSvmaSHh6QrjYv3EsHYsI97zrSIAizfpUssUfSg12I6XAYbDZh3/ 3S9910CLJ4gehZ4U5QUu1SK+zbUTp73IvQZUzv3cF1p0ZypqdNFv/9EiObX+LdeKFdyk Gc/Vd0P+rOFTcsjYQQcz42P6t+T0Jaa874jJ1clHzm9SwnEB1QeHa7wsVX/UhpnyUS19 Sh3lID29pBGM0elkjXWK1r8mHnmEB2Qu18XF57W7Mem/SwVwC55gsU8V5Q2Q6bCBBUfy v5aUtkQze8anDaWMOAYoa+S+bLHpg6cbno8a0xauYWjyWL395Bi36BMQbx+pzc6Kw2J3 X+rA== X-Gm-Message-State: AKwxytcZ8zOwZLXYmUDHVa9JlO5rztwUI6UdU2bFyuWislkWO5CDQ+w9 ppysGNF0IJzq3olc/bbx6pE= X-Google-Smtp-Source: AH8x227Zi3qKdiCe/q+6DRCuORan1b9ZzSQw0FFAt0Z8rplpuXs0f2W9R6FOgt/a2s7gBO9ccz05Zg== X-Received: by 2002:a17:902:8284:: with SMTP id y4-v6mr20313606pln.194.1517761385100; Sun, 04 Feb 2018 08:23:05 -0800 (PST) Received: from ubuntu.localdomain (c-73-162-236-45.hsd1.ca.comcast.net. [73.162.236.45]) by smtp.gmail.com with ESMTPSA id e9sm10109503pgv.14.2018.02.04.08.23.04 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 04 Feb 2018 08:23:04 -0800 (PST) From: Darrell Ball To: dlu998@gmail.com, dev@openvswitch.org Date: Sun, 4 Feb 2018 08:22:39 -0800 Message-Id: <1517761364-17655-7-git-send-email-dlu998@gmail.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1517761364-17655-1-git-send-email-dlu998@gmail.com> References: <1517761364-17655-1-git-send-email-dlu998@gmail.com> X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [patch v5 06/11] ipf: Add set minimum fragment size command. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org A new command "ovs-appctl dpctl/ipf-set-minfrag" is added for userspace datapath conntrack fragmentation support. Signed-off-by: Darrell Ball --- NEWS | 2 ++ lib/ct-dpif.c | 8 ++++++++ lib/ct-dpif.h | 1 + lib/dpctl.c | 40 ++++++++++++++++++++++++++++++++++++++++ lib/dpctl.man | 7 +++++++ lib/dpif-netdev.c | 8 ++++++++ lib/dpif-netlink.c | 1 + lib/dpif-provider.h | 2 ++ lib/ipf.c | 23 +++++++++++++++++++++++ lib/ipf.h | 3 +++ 10 files changed, 95 insertions(+) diff --git a/NEWS b/NEWS index d53d95d..e98c990 100644 --- a/NEWS +++ b/NEWS @@ -15,6 +15,8 @@ Post-v2.9.0 * Add v4/v6 fragmentation support for conntrack. * New "ovs-appctl dpctl/ipf-set-enabled" command for userspace datapath conntrack fragmentation support. + * New "ovs-appctl dpctl/ipf-set-minfragment" command for userspace + datapath conntrack fragmentation support. v2.9.0 - xx xxx xxxx -------------------- diff --git a/lib/ct-dpif.c b/lib/ct-dpif.c index 32d55c1..4a93bf6 100644 --- a/lib/ct-dpif.c +++ b/lib/ct-dpif.c @@ -172,6 +172,14 @@ ct_dpif_ipf_change_enabled(struct dpif *dpif, bool v6, bool enable) : EOPNOTSUPP); } +int +ct_dpif_ipf_set_min_frag(struct dpif *dpif, bool v6, uint32_t min_frag) +{ + return (dpif->dpif_class->ipf_set_min_frag + ? dpif->dpif_class->ipf_set_min_frag(dpif, v6, min_frag) + : EOPNOTSUPP); +} + void ct_dpif_entry_uninit(struct ct_dpif_entry *entry) { diff --git a/lib/ct-dpif.h b/lib/ct-dpif.h index 3f0bce5..449f958 100644 --- a/lib/ct-dpif.h +++ b/lib/ct-dpif.h @@ -201,6 +201,7 @@ int ct_dpif_set_maxconns(struct dpif *dpif, uint32_t maxconns); int ct_dpif_get_maxconns(struct dpif *dpif, uint32_t *maxconns); int ct_dpif_get_nconns(struct dpif *dpif, uint32_t *nconns); int ct_dpif_ipf_change_enabled(struct dpif *, bool, bool); +int ct_dpif_ipf_set_min_frag(struct dpif *, bool, uint32_t); void ct_dpif_entry_uninit(struct ct_dpif_entry *); void ct_dpif_format_entry(const struct ct_dpif_entry *, struct ds *, bool verbose, bool print_stats); diff --git a/lib/dpctl.c b/lib/dpctl.c index 7d332aa..3464afe 100644 --- a/lib/dpctl.c +++ b/lib/dpctl.c @@ -1784,6 +1784,44 @@ dpctl_ct_ipf_change_enabled(int argc, const char *argv[], return error; } +static int +dpctl_ct_ipf_set_min_frag(int argc, const char *argv[], + struct dpctl_params *dpctl_p) +{ + struct dpif *dpif; + int error = dpctl_ct_open_dp(argc, argv, dpctl_p, &dpif, 4); + if (!error) { + char v4_or_v6[3] = {0}; + if (ovs_scan(argv[argc - 2], "%2s", v4_or_v6) && + (!strncmp(v4_or_v6, "v4", 2) || !strncmp(v4_or_v6, "v6", 2))) { + uint32_t min_fragment; + if (ovs_scan(argv[argc - 1], "%"SCNu32, &min_fragment)) { + error = ct_dpif_ipf_set_min_frag( + dpif, !strncmp(v4_or_v6, "v6", 2), min_fragment); + + if (!error) { + dpctl_print(dpctl_p, + "setting minimum fragment size successful"); + } else { + dpctl_error(dpctl_p, error, + "setting minimum fragment size failed"); + } + } else { + error = EINVAL; + dpctl_error(dpctl_p, error, + "parameter missing for minimum fragment size"); + } + } else { + error = EINVAL; + dpctl_error(dpctl_p, error, + "parameter missing: v4 for ipv4 or v6 for ipv6"); + } + dpif_close(dpif); + } + + return error; +} + /* Undocumented commands for unit testing. */ static int @@ -2085,6 +2123,8 @@ static const struct dpctl_command all_commands[] = { { "ct-get-nconns", "[dp]", 0, 1, dpctl_ct_get_nconns, DP_RO }, { "ipf-set-enabled", "[dp] v4_or_v6 enabled", 2, 3, dpctl_ct_ipf_change_enabled, DP_RW }, + { "ipf-set-minfragment", "[dp] v4_or_v6 minfragment", 2, 3, + dpctl_ct_ipf_set_min_frag, DP_RW }, { "help", "", 0, INT_MAX, dpctl_help, DP_RO }, { "list-commands", "", 0, INT_MAX, dpctl_list_commands, DP_RO }, diff --git a/lib/dpctl.man b/lib/dpctl.man index 491de0b..87067f9 100644 --- a/lib/dpctl.man +++ b/lib/dpctl.man @@ -279,3 +279,10 @@ differentiate between first and other fragments. Although, this would logically happen naturally anyways, it is mentioned for clarity. If there is a need to differentiate between first and other fragments, do it after conntrack. +. +.TP +\*(DX\fBipf\-set\-minfrag\fR [\fIdp\fR] [\fIv4 or v6\fR] \fBminfrag\fR +Sets the minimum fragment size supported by the userspace datapath +connection tracker. Either v4 or v6 must be specified. The default v4 +value is 1200 and the clamped minimum is 400. The default v6 value is +1280, which is also the clamped minimum. diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c index d4d0f07..44e511f 100644 --- a/lib/dpif-netdev.c +++ b/lib/dpif-netdev.c @@ -5879,6 +5879,13 @@ dpif_netdev_ipf_change_enabled(struct dpif *dpif OVS_UNUSED, bool v6, return ipf_change_enabled(v6, enable); } +static int +dpif_netdev_ipf_set_min_frag(struct dpif *dpif OVS_UNUSED, bool v6, + uint32_t min_frag) +{ + return ipf_set_min_frag(v6, min_frag); +} + const struct dpif_class dpif_netdev_class = { "netdev", dpif_netdev_init, @@ -5928,6 +5935,7 @@ const struct dpif_class dpif_netdev_class = { dpif_netdev_ct_get_maxconns, dpif_netdev_ct_get_nconns, dpif_netdev_ipf_change_enabled, + dpif_netdev_ipf_set_min_frag, dpif_netdev_meter_get_features, dpif_netdev_meter_set, dpif_netdev_meter_get, diff --git a/lib/dpif-netlink.c b/lib/dpif-netlink.c index f089617..8366de8 100644 --- a/lib/dpif-netlink.c +++ b/lib/dpif-netlink.c @@ -2993,6 +2993,7 @@ const struct dpif_class dpif_netlink_class = { NULL, /* ct_get_maxconns */ NULL, /* ct_get_nconns */ NULL, /* ipf_change_enabled */ + NULL, /* ipf_set_min_frag */ dpif_netlink_meter_get_features, dpif_netlink_meter_set, dpif_netlink_meter_get, diff --git a/lib/dpif-provider.h b/lib/dpif-provider.h index 08e0944..aa9c490 100644 --- a/lib/dpif-provider.h +++ b/lib/dpif-provider.h @@ -446,6 +446,8 @@ struct dpif_class { /* IP Fragmentation. */ int (*ipf_change_enabled)(struct dpif *, bool, bool); + /* Set minimum fragment allowed. */ + int (*ipf_set_min_frag)(struct dpif *, bool, uint32_t); /* Meters */ /* Queries 'dpif' for supported meter features. diff --git a/lib/ipf.c b/lib/ipf.c index 31d31e9..e78abb4 100644 --- a/lib/ipf.c +++ b/lib/ipf.c @@ -1253,3 +1253,26 @@ ipf_change_enabled(bool v6, bool enable) } return 0; } + +int +ipf_set_min_frag(bool v6, uint32_t value) +{ + /* If the user specifies an unreasonably large number, fragmentation + * will not work well but it will not blow up. */ + if ((!v6 && value < IPF_V4_FRAG_SIZE_LBOUND) || + (v6 && value < IPF_V6_FRAG_SIZE_LBOUND)) { + return 1; + } + + ipf_lock_lock(&ipf_lock); + if (v6) { + atomic_store_relaxed(&min_v6_frag_size, value); + } else { + atomic_store_relaxed(&min_v4_frag_size, value); + max_v4_frag_list_size = DIV_ROUND_UP( + IPV4_PACKET_MAX_SIZE - IPV4_PACKET_MAX_HDR_SIZE, + min_v4_frag_size - IPV4_PACKET_MAX_HDR_SIZE); + } + ipf_lock_unlock(&ipf_lock); + return 0; +} diff --git a/lib/ipf.h b/lib/ipf.h index 0b45de9..277852d 100644 --- a/lib/ipf.h +++ b/lib/ipf.h @@ -63,4 +63,7 @@ ipf_destroy(void); int ipf_change_enabled(bool v6, bool enable); +int +ipf_set_min_frag(bool v6, uint32_t value); + #endif /* ipf.h */