From patchwork Tue Jul 17 02:39:48 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Darrell Ball X-Patchwork-Id: 944688 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="N2J3C/XT"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41V4M23wl4z9rxx for ; Tue, 17 Jul 2018 12:42:38 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 8F39BCC6; Tue, 17 Jul 2018 02:40:26 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 29A74CC6 for ; Tue, 17 Jul 2018 02:40:25 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pf0-f193.google.com (mail-pf0-f193.google.com [209.85.192.193]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 5B46E67E for ; Tue, 17 Jul 2018 02:40:24 +0000 (UTC) Received: by mail-pf0-f193.google.com with SMTP id a26-v6so5172271pfo.4 for ; Mon, 16 Jul 2018 19:40:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references; bh=sK/iJRqyZaZEorKKailHaFdyUwCr/pybzGYRRzuHILs=; b=N2J3C/XTyWLVBc+b0O8B9ywb8IcXHNlqAjIp5yMfpyDe7rGTNzMzedJ/ng4kjuh0zf lDiJn0f4e2gBN6vQ3tn6OcsZv4wvi0h/a30IH+TdL7XsJjPXWrDQy9kvsBzawDzdPH0N tSlLpj4nDnhnUEZqa9409c/XRtBV1asIJ7M3gJJ93wmKRl6FG9gRmyjRirLoRnAaJq91 b6cLUJ1FUSqptLN+GD89iHIt7Zz3IHvNIudm9amA8ibzEPFFS3RdZAKnF2wHLtHKzQx9 fmKEVU0LnWQhrOB9/e6KAYjZauCY9v/aonVNp7XHigEzWQyX96xy8CxpHVc3j2MqheSd WX4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=sK/iJRqyZaZEorKKailHaFdyUwCr/pybzGYRRzuHILs=; b=NN9EB0PmpkXcEt0avtKNxMRJvjtGJiUCMqHWg/jCuthLw9L7vmxR2OX9v/6KwMBxOf DqgFKPtQxVzh9OV7u7KS89oK2s8jlemtuRq6h13VcZN6jb7zUhkrPIBTtX2afv2ZSFvz PLQI2Vq7iSyveeMLWxxuuRB3yvayucto6BkPQEB8L9dbG2o4mHaVWrHseJZk7mSiKFLX sLRV26YEL9FBJENkrtCT9GStYfz6KCA/4wPFrSdzKLaw+5aJqnauvl85NFey3NSKIO5i JXBdb2kuweGD+4p27uulQfj3PPesN7eRXfsxboepXwgv6qPxtp+7Ga3FvTJDxN/YRrM7 jVjA== X-Gm-Message-State: AOUpUlHUvAeErVWG5m/YdGmATXoZu9NMkv3z8M1EB/DiEosAsQOhxq6A 6Q6mIgvm6ZQ5ob+CEfrmK4E= X-Google-Smtp-Source: AAOMgpdBPVNrmdjYddRmSUkXZt2flTOIgjMpd0BprJWve/cTaDggtoc7Oo3VSSfT4SS8oIedaijkXw== X-Received: by 2002:a63:5a5e:: with SMTP id k30-v6mr18064490pgm.123.1531795223939; Mon, 16 Jul 2018 19:40:23 -0700 (PDT) Received: from ubuntu.localdomain ([208.91.2.1]) by smtp.gmail.com with ESMTPSA id n9-v6sm50224487pfg.21.2018.07.16.19.40.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 16 Jul 2018 19:40:22 -0700 (PDT) From: Darrell Ball To: dlu998@gmail.com, dev@openvswitch.org, jpettit@ovn.org Date: Mon, 16 Jul 2018 19:39:48 -0700 Message-Id: <1531795191-58140-7-git-send-email-dlu998@gmail.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1531795191-58140-1-git-send-email-dlu998@gmail.com> References: <1531795191-58140-1-git-send-email-dlu998@gmail.com> X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [patch v8 6/9] ipf: Add command to disable fragmentation handling. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Commands are added to disable and also enable fragmentation handling for conntrack. Signed-off-by: Darrell Ball --- NEWS | 4 ++++ lib/ct-dpif.c | 8 ++++++++ lib/ct-dpif.h | 1 + lib/dpctl.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ lib/dpctl.man | 15 +++++++++++++++ lib/dpif-netdev.c | 9 +++++++++ lib/dpif-netlink.c | 1 + lib/dpif-provider.h | 4 +++- lib/ipf.c | 7 +++++++ lib/ipf.h | 2 ++ 10 files changed, 100 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 9c82234..104b16f 100644 --- a/NEWS +++ b/NEWS @@ -16,6 +16,10 @@ Post-v2.9.0 use --names or --no-names to override. See ovs-ofctl(8) for details. - Userspace datapath: * Add v4/v6 fragmentation support for conntrack. + * New "ovs-appctl dpctl/ipf-set-enabled" command for userspace datapath + conntrack fragmentation support. + * New "ovs-appctl dpctl/ipf-set-disabled" command for userspace datapath + conntrack fragmentation support. - ovs-vsctl: New commands "add-bond-iface" and "del-bond-iface". - OpenFlow: * OFPT_ROLE_STATUS is now available in OpenFlow 1.3. diff --git a/lib/ct-dpif.c b/lib/ct-dpif.c index 5fa3a97..b1f29dc 100644 --- a/lib/ct-dpif.c +++ b/lib/ct-dpif.c @@ -164,6 +164,14 @@ ct_dpif_get_nconns(struct dpif *dpif, uint32_t *nconns) : EOPNOTSUPP); } +int +ct_dpif_ipf_set_enabled(struct dpif *dpif, bool v6, bool enable) +{ + return (dpif->dpif_class->ipf_set_enabled + ? dpif->dpif_class->ipf_set_enabled(dpif, v6, enable) + : EOPNOTSUPP); +} + void ct_dpif_entry_uninit(struct ct_dpif_entry *entry) { diff --git a/lib/ct-dpif.h b/lib/ct-dpif.h index 09e7698..bd6234d 100644 --- a/lib/ct-dpif.h +++ b/lib/ct-dpif.h @@ -200,6 +200,7 @@ int ct_dpif_flush(struct dpif *, const uint16_t *zone, int ct_dpif_set_maxconns(struct dpif *dpif, uint32_t maxconns); int ct_dpif_get_maxconns(struct dpif *dpif, uint32_t *maxconns); int ct_dpif_get_nconns(struct dpif *dpif, uint32_t *nconns); +int ct_dpif_ipf_set_enabled(struct dpif *, bool v6, bool enable); void ct_dpif_entry_uninit(struct ct_dpif_entry *); void ct_dpif_format_entry(const struct ct_dpif_entry *, struct ds *, bool verbose, bool print_stats); diff --git a/lib/dpctl.c b/lib/dpctl.c index 4f1e443..d6800fb 100644 --- a/lib/dpctl.c +++ b/lib/dpctl.c @@ -35,6 +35,7 @@ #include "dpif.h" #include "openvswitch/dynamic-string.h" #include "flow.h" +#include "ipf.h" #include "openvswitch/match.h" #include "netdev.h" #include "netdev-dpdk.h" @@ -1680,6 +1681,51 @@ dpctl_ct_get_nconns(int argc, const char *argv[], return error; } +static int +ipf_set_enabled__(int argc, const char *argv[], struct dpctl_params *dpctl_p, + bool enabled) +{ + struct dpif *dpif; + int error = opt_dpif_open(argc, argv, dpctl_p, 4, &dpif); + if (!error) { + char v4_or_v6[3] = {0}; + if (ovs_scan(argv[argc - 1], "%2s", v4_or_v6) && + (!strncmp(v4_or_v6, "v4", 2) || !strncmp(v4_or_v6, "v6", 2))) { + error = ct_dpif_ipf_set_enabled( + dpif, !strncmp(v4_or_v6, "v6", 2), enabled); + if (!error) { + dpctl_print(dpctl_p, + "%s fragmentation reassembly successful", + enabled ? "enabling" : "disabling"); + } else { + dpctl_error(dpctl_p, error, + "%s fragmentation reassembly failed", + enabled ? "enabling" : "disabling"); + } + } else { + error = EINVAL; + dpctl_error(dpctl_p, error, + "parameter missing: 'v4' for ipv4 or 'v6' for ipv6"); + } + dpif_close(dpif); + } + return error; +} + +static int +dpctl_ipf_set_enabled(int argc, const char *argv[], + struct dpctl_params *dpctl_p) +{ + return ipf_set_enabled__(argc, argv, dpctl_p, true); +} + +static int +dpctl_ipf_set_disabled(int argc, const char *argv[], + struct dpctl_params *dpctl_p) +{ + return ipf_set_enabled__(argc, argv, dpctl_p, false); +} + /* Undocumented commands for unit testing. */ static int @@ -1979,6 +2025,10 @@ static const struct dpctl_command all_commands[] = { { "ct-set-maxconns", "[dp] maxconns", 1, 2, dpctl_ct_set_maxconns, DP_RW }, { "ct-get-maxconns", "[dp]", 0, 1, dpctl_ct_get_maxconns, DP_RO }, { "ct-get-nconns", "[dp]", 0, 1, dpctl_ct_get_nconns, DP_RO }, + { "ipf-set-enabled", "[dp] v4|v6", 1, 2, + dpctl_ipf_set_enabled, DP_RW }, + { "ipf-set-disabled", "[dp] v4|v6", 1, 2, + dpctl_ipf_set_disabled, DP_RW }, { "help", "", 0, INT_MAX, dpctl_help, DP_RO }, { "list-commands", "", 0, INT_MAX, dpctl_list_commands, DP_RO }, diff --git a/lib/dpctl.man b/lib/dpctl.man index 5d987e6..a1eb026 100644 --- a/lib/dpctl.man +++ b/lib/dpctl.man @@ -272,3 +272,18 @@ Only supported for userspace datapath. \*(DX\fBct\-get\-nconns\fR [\fIdp\fR] Prints the current number of connection tracker entries on \fIdp\fR. Only supported for userspace datapath. +. +.TP +\*(DX\fBipf\-set\-enabled\fR [\fIdp\fR] \fBv4\fR|\fBv6\fR +Enables fragmentation handling for the userspace datapath connection +tracker. Either \fBv4\fR or \fBv6\fR must be specified. When fragmentation +handling is enabled, the rules for handling fragments before entering +conntrack should not differentiate between first and other fragments. If +there is a need to differentiate between first and other fragments, do it +after conntrack. Both v4 and v6 are enabled by default. +. +.TP +\*(DX\fBipf\-set\-disabled\fR [\fIdp\fR] \fBv4\fR|\fBv6\fR +Disables fragmentation handling for the userspace datapath connection +tracker. Either \fBv4\fR or \fBv6\fR must be specified. Both v4 and v6 are +enabled by default. diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c index 8b3556d..ddab09e 100644 --- a/lib/dpif-netdev.c +++ b/lib/dpif-netdev.c @@ -47,6 +47,7 @@ #include "flow.h" #include "hmapx.h" #include "id-pool.h" +#include "ipf.h" #include "latch.h" #include "netdev.h" #include "netdev-provider.h" @@ -6531,6 +6532,13 @@ dpif_netdev_ct_get_nconns(struct dpif *dpif, uint32_t *nconns) return conntrack_get_nconns(&dp->conntrack, nconns); } +static int +dpif_netdev_ipf_set_enabled(struct dpif *dpif OVS_UNUSED, bool v6, + bool enable) +{ + return ipf_set_enabled(v6, enable); +} + const struct dpif_class dpif_netdev_class = { "netdev", dpif_netdev_init, @@ -6579,6 +6587,7 @@ const struct dpif_class dpif_netdev_class = { dpif_netdev_ct_set_maxconns, dpif_netdev_ct_get_maxconns, dpif_netdev_ct_get_nconns, + dpif_netdev_ipf_set_enabled, dpif_netdev_meter_get_features, dpif_netdev_meter_set, dpif_netdev_meter_get, diff --git a/lib/dpif-netlink.c b/lib/dpif-netlink.c index aa9bbd9..e1331e4 100644 --- a/lib/dpif-netlink.c +++ b/lib/dpif-netlink.c @@ -3006,6 +3006,7 @@ const struct dpif_class dpif_netlink_class = { NULL, /* ct_set_maxconns */ NULL, /* ct_get_maxconns */ NULL, /* ct_get_nconns */ + NULL, /* ipf_set_enabled */ dpif_netlink_meter_get_features, dpif_netlink_meter_set, dpif_netlink_meter_get, diff --git a/lib/dpif-provider.h b/lib/dpif-provider.h index 62b3598..db65227 100644 --- a/lib/dpif-provider.h +++ b/lib/dpif-provider.h @@ -444,8 +444,10 @@ struct dpif_class { /* Get number of connections tracked. */ int (*ct_get_nconns)(struct dpif *, uint32_t *nconns); - /* Meters */ + /* IP Fragmentation. */ + int (*ipf_set_enabled)(struct dpif *, bool v6, bool enabled); + /* Meters */ /* Queries 'dpif' for supported meter features. * NULL pointer means no meter features are supported. */ void (*meter_get_features)(const struct dpif *, diff --git a/lib/ipf.c b/lib/ipf.c index 1169a8a..cc76c99 100644 --- a/lib/ipf.c +++ b/lib/ipf.c @@ -1297,3 +1297,10 @@ ipf_destroy(void) ipf_lock_unlock(&ipf_lock); ipf_lock_destroy(&ipf_lock); } + +int +ipf_set_enabled(bool v6, bool enable) +{ + atomic_store_relaxed(v6 ? &ifp_v6_enabled : &ifp_v4_enabled, enable); + return 0; +} diff --git a/lib/ipf.h b/lib/ipf.h index 212d1b3..da47dcb 100644 --- a/lib/ipf.h +++ b/lib/ipf.h @@ -57,4 +57,6 @@ void ipf_init(void); void ipf_destroy(void); +int ipf_set_enabled(bool v6, bool enable); + #endif /* ipf.h */