From patchwork Mon Feb 11 01:48:28 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Darrell Ball X-Patchwork-Id: 1039552 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="NWBk08Oh"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 43yTHR0WV2z9sBZ for ; Mon, 11 Feb 2019 12:49:38 +1100 (AEDT) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 606D31CB7; Mon, 11 Feb 2019 01:49:35 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id D45731C0D for ; Mon, 11 Feb 2019 01:49:13 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pf1-f195.google.com (mail-pf1-f195.google.com [209.85.210.195]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 6332D5E4 for ; Mon, 11 Feb 2019 01:49:13 +0000 (UTC) Received: by mail-pf1-f195.google.com with SMTP id g6so579321pfh.13 for ; Sun, 10 Feb 2019 17:49:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id; bh=t0DwBMLDDja98abzHsVjbZ+VBDRkKHSl9OLkpWxqHno=; b=NWBk08Ohan9fNziBBN0HhOBIy2atxokZUgYgF7B6hAhfSnNxp5G7FsV/IsHwkAIfSF 4a/BQ+//G3X28h+W+ekv52KgdtxtnV9YBrmGP0u7OI0Ob0R2oT1LZYWg3uKglGlQjRzc LPb8yxxna6jAxWqAIJnnsRWP44bgMFssT0cptvW+awvQN8XxrPL1kZD4uVy6e3IQvbOm w1XYUyOxHxrDhWDjSV23gMtYGyAeIPb37Kwn8ASLVji3Q9PPnzVkz/r8B61AqDrzPB+K HZdao8meLWdM0CZc7LgsTF1WRKKwN7DQdJUCuoWgDH9jm4hP4B7NR2rzw739ZqF+3+nW 77kQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id; bh=t0DwBMLDDja98abzHsVjbZ+VBDRkKHSl9OLkpWxqHno=; b=KUji5o4adAgMVYqJyx+7wVRQUcmstEG0cTYsA+zCyWlULe4z6p+sYv17yy7Vq4O4TB q1PWBdRdF4lZ2EWFRbJs51W676aspXiZ6oWXivYfXxl/puYB0kI93cOpJtDzfJktkBst PKMOk0Qu8wWDTiQRBxyp3PY0GwpKArgdXnyFtr8BCg6vkOEV8CJLdf9XTRWFIRJoVfJ3 zIMDYoJHUdzNKlZ9RonKTX1q5kGwO5R6rGMNVWfaUNk3E47jJLakPi3+qatQSQubpAGD ntGrOWvFp0RmvPNOMmeEN55cqdmChoWLzhF9mg5Ko00sxuOn/rKiPs29kzb0doqX2SvB aaRw== X-Gm-Message-State: AHQUAuZMV86JyLWdvqIh69Tr6pQumU8Mhhbku2hfKXNYAcgYbBid9lHV NhkZLOEdtuiEik0eGul/u/8= X-Google-Smtp-Source: AHgI3Ia/DQBi3c9LtLK0Dv2K4Q1D7dT+b07iLNT/pgK/8B7ZP9rRZjJVylxDT4ITl4ijJpB9Py/82w== X-Received: by 2002:a62:5003:: with SMTP id e3mr35203804pfb.23.1549849752801; Sun, 10 Feb 2019 17:49:12 -0800 (PST) Received: from ubuntu.localdomain (c-76-102-76-212.hsd1.ca.comcast.net. [76.102.76.212]) by smtp.gmail.com with ESMTPSA id p13sm11723152pgs.89.2019.02.10.17.49.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 10 Feb 2019 17:49:11 -0800 (PST) From: Darrell Ball To: dlu998@gmail.com, dev@openvswitch.org Date: Sun, 10 Feb 2019 17:48:28 -0800 Message-Id: <1549849716-55869-1-git-send-email-dlu998@gmail.com> X-Mailer: git-send-email 1.9.1 X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [patch v11 0/8] Userspace datapath: Add fragmentation support. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Fragmentation support for userspace datapath conntrack is added; both v4 and v6 are supported. Fragmentation handling is enabled by default and a command is supplied to disable it. Other commands allow setting the maximum number of fragments to be tracked, the minimum fragment size and retrieving the state of the fragmentation module; see the patches for additional details. Fragmentation tests for the userspace datapath are enabled by the patches and other test enhancements are added. v11: Fixed the 4 address sanitizer failures; these were corner cases, but valid use cases. Added a field to dp-packet packet batch to address this with a separate patch. Split out another patch in dp-packet for another new api to check for full batches. v10: Addressed Ben's review comments. Merged patches 6 and onwards per request. Note 4 tests are flagged by address santizer, but are an artifact of the packet-out test methodology. Also allowed supporting multiple instances of the fragmentation module per vswitchd instance; a possible real use case is running both DPDK and future AF_XDP at the same time v9: Exported ipf status type to dpif-provider.h for code maintenance reasons vs datatype info. hiding (code review suggestion; Thanks Justin). Changed counters to 64 bit, per intention (oops) and added a patch to support 64 bit atomics (code review; good catch Justin). Merged code for cleanup thread into patches. Cleanup dpctl_ct_ipf_get_status() usage; 'verbose' usage vs '-m'. Added a patch to cleanup opt_dpif_open() and callers. Enhanced comment for 'ipf-set-min-frag' Minor cleanups. Rebase. v8: Fix argument index (-1 vs -2) for recently added function ipf_set_enabled__(). Eliminate spaces around '|' for 'v4 | v6'. Reduce performance impact for non-fragments to approx zero. v7: Address review comments (Thanks Justin). Rebase. Fix a couple bugs. Some enhancements. v6: Rebase Folded patch 4 and some test enablement into patch 3 and brought an earlier patch forward in sequence Enable fragmentation by default Cleanup v5: Added a sub-feature to optionally dump fragmentation lists. This is useful for DOS forensics and debugging. The testing coverage was also extended including checking more counters and frag list occupancies. Fixed a few bugs: 1/ Handle dpdk mempool source restrictions for a batch of packets from multiple sources; this also brings in a purge frag list function to handle pathological cases of stuck frags. 2/ ipf_destroy was missing packet frees for frag lists. 3/ A setting of CS_INVALID was missing for expired packets - I mentioned this earlier for version 4. Some enhancements and coding standards changes for Patch 3. v4: Add V6 support to the patches. Fix possible race cleanup bug when the user disables fragmentation and there are list occupancies, not cleaned up yet. Add missed orig tuple fields for copy from reassembled packet to fragments. Fix an fragment list increment check - shoiuld have been "> 0" rather then "!= 0". Fix max frags calculation in case of theoretical corner case. Add proper lock annotations. Made some other improvements while adding V6 support. v3: Patch 2 was updated: Remove "XXX" todo items by implementing the ones needed, including realloc frag_list contexts to save memory. Fix related bug with max_frag_list_size when min_frag_size is reconfigured. Tighten ip_tot_len sanity check for reassembled packets which was more loose than intended. Add another sanity check for fragment ip_tot_len; even though it be redundant, add for completeness. v2: Few fixes, improvements and cleanups. Darrell Ball (8): dp-packet: Add const qualifiers for checksum apis. flow: Enhance parse_ipv6_ext_hdrs. tests: Add missed local stack checks. conntrack: Reword conntrack_execute() description. ovs-atomic: Add 64 bit apis. dp-packet: Add 'dp_packet_batch_is_full()' api. dp-packet: Add 'do_not_steal' packet batch flag. Userspace datapath: Add fragmentation handling. Documentation/faq/releases.rst | 49 +- NEWS | 10 + include/sparse/netinet/ip6.h | 1 + lib/automake.mk | 4 +- lib/conntrack.c | 24 +- lib/conntrack.h | 4 + lib/ct-dpif.c | 58 +- lib/ct-dpif.h | 12 +- lib/dp-packet.h | 24 +- lib/dpctl.c | 215 +++++- lib/dpctl.man | 36 + lib/dpif-netdev.c | 66 +- lib/dpif-netlink.c | 9 +- lib/dpif-provider.h | 53 +- lib/flow.c | 44 +- lib/flow.h | 3 +- lib/ipf.c | 1579 ++++++++++++++++++++++++++++++++++++++ lib/ipf.h | 60 ++ lib/ovs-atomic.h | 36 + tests/system-kmod-macros.at | 46 +- tests/system-traffic.at | 53 +- tests/system-userspace-macros.at | 186 ++++- 22 files changed, 2471 insertions(+), 101 deletions(-) create mode 100644 lib/ipf.c create mode 100644 lib/ipf.h