@@ -164,6 +164,36 @@ ct_dpif_get_nconns(struct dpif *dpif, uint32_t *nconns)
: EOPNOTSUPP);
}
+int
+ct_dpif_set_limits(struct dpif *dpif, const uint32_t *default_limit,
+ const struct ovs_list *zone_limits)
+{
+ return (dpif->dpif_class->ct_set_limits
+ ? dpif->dpif_class->ct_set_limits(dpif, default_limit,
+ zone_limits)
+ : EOPNOTSUPP);
+}
+
+int
+ct_dpif_get_limits(struct dpif *dpif, uint32_t *default_limit,
+ const struct ovs_list *zone_limits_in,
+ struct ovs_list *zone_limits_out)
+{
+ return (dpif->dpif_class->ct_get_limits
+ ? dpif->dpif_class->ct_get_limits(dpif, default_limit,
+ zone_limits_in,
+ zone_limits_out)
+ : EOPNOTSUPP);
+}
+
+int
+ct_dpif_del_limits(struct dpif *dpif, const struct ovs_list *zone_limits)
+{
+ return (dpif->dpif_class->ct_del_limits
+ ? dpif->dpif_class->ct_del_limits(dpif, zone_limits)
+ : EOPNOTSUPP);
+}
+
void
ct_dpif_entry_uninit(struct ct_dpif_entry *entry)
{
@@ -191,6 +191,13 @@ struct ct_dpif_dump_state {
struct dpif *dpif;
};
+struct ct_dpif_zone_limit {
+ uint16_t zone;
+ uint32_t limit;
+ uint32_t count;
+ struct ovs_list node; /* In ct_zone_limits */
+};
+
int ct_dpif_dump_start(struct dpif *, struct ct_dpif_dump_state **,
const uint16_t *zone, int *);
int ct_dpif_dump_next(struct ct_dpif_dump_state *, struct ct_dpif_entry *);
@@ -200,6 +207,11 @@ int ct_dpif_flush(struct dpif *, const uint16_t *zone,
int ct_dpif_set_maxconns(struct dpif *dpif, uint32_t maxconns);
int ct_dpif_get_maxconns(struct dpif *dpif, uint32_t *maxconns);
int ct_dpif_get_nconns(struct dpif *dpif, uint32_t *nconns);
+int ct_dpif_set_limits(struct dpif *dpif, const uint32_t *default_limit,
+ const struct ovs_list *);
+int ct_dpif_get_limits(struct dpif *dpif, uint32_t *default_limit,
+ const struct ovs_list *, struct ovs_list *);
+int ct_dpif_del_limits(struct dpif *dpif, const struct ovs_list *);
void ct_dpif_entry_uninit(struct ct_dpif_entry *);
void ct_dpif_format_entry(const struct ct_dpif_entry *, struct ds *,
bool verbose, bool print_stats);
@@ -6825,6 +6825,9 @@ const struct dpif_class dpif_netdev_class = {
dpif_netdev_ct_set_maxconns,
dpif_netdev_ct_get_maxconns,
dpif_netdev_ct_get_nconns,
+ NULL, /* ct_set_limits */
+ NULL, /* ct_get_limits */
+ NULL, /* ct_del_limits */
dpif_netdev_meter_get_features,
dpif_netdev_meter_set,
dpif_netdev_meter_get,
@@ -3252,6 +3252,9 @@ const struct dpif_class dpif_netlink_class = {
NULL, /* ct_set_maxconns */
NULL, /* ct_get_maxconns */
NULL, /* ct_get_nconns */
+ NULL, /* ct_set_limits */
+ NULL, /* ct_get_limits */
+ NULL, /* ct_del_limits */
dpif_netlink_meter_get_features,
dpif_netlink_meter_set,
dpif_netlink_meter_get,
@@ -444,6 +444,32 @@ struct dpif_class {
/* Get number of connections tracked. */
int (*ct_get_nconns)(struct dpif *, uint32_t *nconns);
+ /* Connection tracking per zone limit */
+
+ /* Per zone conntrack limit sets the maximum allowed connections in zones
+ * to provide resource isolation. If a per zone limit for a particular
+ * zone is not available in the datapath, it defaults to the default
+ * per zone limit. Initially, the default per zone limit is
+ * unlimited (0). */
+
+ /* Set max connections allowed per zone according to 'zone_limits'.
+ * If 'default_limit' is not NULL, modifies the default limit to
+ * '*default_limit'. */
+ int (*ct_set_limits)(struct dpif *, const uint32_t *default_limit,
+ const struct ovs_list *zone_limits);
+
+ /* Look up the default per zone limit and stores that in 'default_limit'.
+ * Look up the per zone limits for all zones in the 'zone_limits_in'
+ * list, and stores reply that includes the zone, the per zone limit,
+ * and the number of connections in the zone into 'zone_limits_out'
+ * list. */
+ int (*ct_get_limits)(struct dpif *, uint32_t *default_limit,
+ const struct ovs_list *zone_limits_in,
+ struct ovs_list *zone_limits_out);
+
+ /* Delete per zone limit of all zones specified in 'zone_limits'. */
+ int (*ct_del_limits)(struct dpif *, const struct ovs_list *zone_limits);
+
/* Meters */
/* Queries 'dpif' for supported meter features.
This patch defines the dpif interface to support conntrack per zone limit. Basically, OVS users can use this interface to set, delete, and get the conntrack per zone limit for various dpif interfaces. The following patch will make use of the proposed interface to implement the feature. Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com> --- lib/ct-dpif.c | 30 ++++++++++++++++++++++++++++++ lib/ct-dpif.h | 12 ++++++++++++ lib/dpif-netdev.c | 3 +++ lib/dpif-netlink.c | 3 +++ lib/dpif-provider.h | 26 ++++++++++++++++++++++++++ 5 files changed, 74 insertions(+)