[ovs-dev,v2,06/11] dpif: Support conntrack zone limit.

Message ID 1533170156-769-7-git-send-email-yihung.wei@gmail.com
State Changes Requested
Headers show
Series
  • conntrack zone limitation
Related show

Commit Message

Yi-Hung Wei Aug. 2, 2018, 12:35 a.m.
This patch defines the dpif interface to support conntrack
per zone limit.  Basically, OVS users can use this interface
to set, delete, and get the conntrack per zone limit for various
dpif interfaces.  The following patch will make use of the proposed
interface to implement the feature.

Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com>
---
 lib/ct-dpif.c       | 30 ++++++++++++++++++++++++++++++
 lib/ct-dpif.h       | 12 ++++++++++++
 lib/dpif-netdev.c   |  3 +++
 lib/dpif-netlink.c  |  3 +++
 lib/dpif-provider.h | 26 ++++++++++++++++++++++++++
 5 files changed, 74 insertions(+)

Patch

diff --git a/lib/ct-dpif.c b/lib/ct-dpif.c
index 5fa3a97727e1..d1e8a6b8b4a9 100644
--- a/lib/ct-dpif.c
+++ b/lib/ct-dpif.c
@@ -164,6 +164,36 @@  ct_dpif_get_nconns(struct dpif *dpif, uint32_t *nconns)
             : EOPNOTSUPP);
 }
 
+int
+ct_dpif_set_limits(struct dpif *dpif, const uint32_t *default_limit,
+                   const struct ovs_list *zone_limits)
+{
+    return (dpif->dpif_class->ct_set_limits
+            ? dpif->dpif_class->ct_set_limits(dpif, default_limit,
+                                              zone_limits)
+            : EOPNOTSUPP);
+}
+
+int
+ct_dpif_get_limits(struct dpif *dpif, uint32_t *default_limit,
+                   const struct ovs_list *zone_limits_in,
+                   struct ovs_list *zone_limits_out)
+{
+    return (dpif->dpif_class->ct_get_limits
+            ? dpif->dpif_class->ct_get_limits(dpif, default_limit,
+                                              zone_limits_in,
+                                              zone_limits_out)
+            : EOPNOTSUPP);
+}
+
+int
+ct_dpif_del_limits(struct dpif *dpif, const struct ovs_list *zone_limits)
+{
+    return (dpif->dpif_class->ct_del_limits
+            ? dpif->dpif_class->ct_del_limits(dpif, zone_limits)
+            : EOPNOTSUPP);
+}
+
 void
 ct_dpif_entry_uninit(struct ct_dpif_entry *entry)
 {
diff --git a/lib/ct-dpif.h b/lib/ct-dpif.h
index 09e7698cf2bc..4e83bc555e03 100644
--- a/lib/ct-dpif.h
+++ b/lib/ct-dpif.h
@@ -191,6 +191,13 @@  struct ct_dpif_dump_state {
     struct dpif *dpif;
 };
 
+struct ct_dpif_zone_limit {
+    uint16_t zone;
+    uint32_t limit;
+    uint32_t count;
+    struct ovs_list node; /* In ct_zone_limits */
+};
+
 int ct_dpif_dump_start(struct dpif *, struct ct_dpif_dump_state **,
                        const uint16_t *zone, int *);
 int ct_dpif_dump_next(struct ct_dpif_dump_state *, struct ct_dpif_entry *);
@@ -200,6 +207,11 @@  int ct_dpif_flush(struct dpif *, const uint16_t *zone,
 int ct_dpif_set_maxconns(struct dpif *dpif, uint32_t maxconns);
 int ct_dpif_get_maxconns(struct dpif *dpif, uint32_t *maxconns);
 int ct_dpif_get_nconns(struct dpif *dpif, uint32_t *nconns);
+int ct_dpif_set_limits(struct dpif *dpif, const uint32_t *default_limit,
+                       const struct ovs_list *);
+int ct_dpif_get_limits(struct dpif *dpif, uint32_t *default_limit,
+                       const struct ovs_list *, struct ovs_list *);
+int ct_dpif_del_limits(struct dpif *dpif, const struct ovs_list *);
 void ct_dpif_entry_uninit(struct ct_dpif_entry *);
 void ct_dpif_format_entry(const struct ct_dpif_entry *, struct ds *,
                           bool verbose, bool print_stats);
diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c
index 26d07b39c9af..63368e365da4 100644
--- a/lib/dpif-netdev.c
+++ b/lib/dpif-netdev.c
@@ -6825,6 +6825,9 @@  const struct dpif_class dpif_netdev_class = {
     dpif_netdev_ct_set_maxconns,
     dpif_netdev_ct_get_maxconns,
     dpif_netdev_ct_get_nconns,
+    NULL,                       /* ct_set_limits */
+    NULL,                       /* ct_get_limits */
+    NULL,                       /* ct_del_limits */
     dpif_netdev_meter_get_features,
     dpif_netdev_meter_set,
     dpif_netdev_meter_get,
diff --git a/lib/dpif-netlink.c b/lib/dpif-netlink.c
index f669b1108d61..ee98a3b7d8b6 100644
--- a/lib/dpif-netlink.c
+++ b/lib/dpif-netlink.c
@@ -3252,6 +3252,9 @@  const struct dpif_class dpif_netlink_class = {
     NULL,                       /* ct_set_maxconns */
     NULL,                       /* ct_get_maxconns */
     NULL,                       /* ct_get_nconns */
+    NULL,                       /* ct_set_limits */
+    NULL,                       /* ct_get_limits */
+    NULL,                       /* ct_del_limits */
     dpif_netlink_meter_get_features,
     dpif_netlink_meter_set,
     dpif_netlink_meter_get,
diff --git a/lib/dpif-provider.h b/lib/dpif-provider.h
index 62b3598acfc5..53a4fbdf7ae8 100644
--- a/lib/dpif-provider.h
+++ b/lib/dpif-provider.h
@@ -444,6 +444,32 @@  struct dpif_class {
     /* Get number of connections tracked. */
     int (*ct_get_nconns)(struct dpif *, uint32_t *nconns);
 
+    /* Connection tracking per zone limit */
+
+    /* Per zone conntrack limit sets the maximum allowed connections in zones
+     * to provide resource isolation.  If a per zone limit for a particular
+     * zone is not available in the datapath, it defaults to the default
+     * per zone limit.  Initially, the default per zone limit is
+     * unlimited (0). */
+
+    /* Set max connections allowed per zone according to 'zone_limits'.
+     * If 'default_limit' is not NULL, modifies the default limit to
+     * '*default_limit'. */
+    int (*ct_set_limits)(struct dpif *, const uint32_t *default_limit,
+                         const struct ovs_list *zone_limits);
+
+    /* Look up the default per zone limit and stores that in 'default_limit'.
+     * Look up the per zone limits for all zones in the 'zone_limits_in'
+     * list, and stores reply that includes the zone, the per zone limit,
+     * and the number of connections in the zone into 'zone_limits_out'
+     * list. */
+    int (*ct_get_limits)(struct dpif *, uint32_t *default_limit,
+                         const struct ovs_list *zone_limits_in,
+                         struct ovs_list *zone_limits_out);
+
+    /* Delete per zone limit of all zones specified in 'zone_limits'. */
+    int (*ct_del_limits)(struct dpif *, const struct ovs_list *zone_limits);
+
     /* Meters */
 
     /* Queries 'dpif' for supported meter features.