From patchwork Fri Feb  2 07:24:06 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Felix Huettner <felix.huettner@mail.schwarz>
X-Patchwork-Id: 1894372
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=mail.schwarz header.i=@mail.schwarz header.a=rsa-sha256
 header.s=selector1 header.b=ebhTpe8r;
	dkim=fail reason="signature verification failed" (2048-bit key)
 header.d=mail.schwarz header.i=@mail.schwarz header.a=rsa-sha256
 header.s=selector1 header.b=ebhTpe8r;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org
 (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org)
Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4TR6j73kktz1yhq
	for <incoming@patchwork.ozlabs.org>; Fri,  2 Feb 2024 18:24:25 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
	by smtp4.osuosl.org (Postfix) with ESMTP id 7A37642F7F;
	Fri,  2 Feb 2024 07:24:23 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 7A37642F7F
Authentication-Results: smtp4.osuosl.org;
	dkim=fail reason="signature verification failed" (2048-bit key,
 unprotected) header.d=mail.schwarz header.i=@mail.schwarz header.a=rsa-sha256
 header.s=selector1 header.b=ebhTpe8r;
	dkim=fail reason="signature verification failed" (2048-bit key)
 header.d=mail.schwarz header.i=@mail.schwarz header.a=rsa-sha256
 header.s=selector1 header.b=ebhTpe8r
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp4.osuosl.org ([127.0.0.1])
	by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id B49tXgIGfS-t; Fri,  2 Feb 2024 07:24:22 +0000 (UTC)
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56])
	by smtp4.osuosl.org (Postfix) with ESMTPS id 31CF342EC9;
	Fri,  2 Feb 2024 07:24:21 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 31CF342EC9
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
	by lists.linuxfoundation.org (Postfix) with ESMTP id 07EDFC0077;
	Fri,  2 Feb 2024 07:24:21 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138])
 by lists.linuxfoundation.org (Postfix) with ESMTP id 0B440C0037
 for <dev@openvswitch.org>; Fri,  2 Feb 2024 07:24:19 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp1.osuosl.org (Postfix) with ESMTP id D3CF085501
 for <dev@openvswitch.org>; Fri,  2 Feb 2024 07:24:18 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org D3CF085501
Authentication-Results: smtp1.osuosl.org;
 dkim=pass (2048-bit key, unprotected) header.d=mail.schwarz
 header.i=@mail.schwarz header.a=rsa-sha256 header.s=selector1
 header.b=ebhTpe8r;
 dkim=pass (2048-bit key) header.d=mail.schwarz header.i=@mail.schwarz
 header.a=rsa-sha256 header.s=selector1 header.b=ebhTpe8r
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp1.osuosl.org ([127.0.0.1])
 by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 8IRaryf24RPx for <dev@openvswitch.org>;
 Fri,  2 Feb 2024 07:24:17 +0000 (UTC)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com
 (mail-he1eur04on20601.outbound.protection.outlook.com
 [IPv6:2a01:111:f403:260f::601])
 by smtp1.osuosl.org (Postfix) with ESMTPS id 21A96854FB
 for <dev@openvswitch.org>; Fri,  2 Feb 2024 07:24:17 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 21A96854FB
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
 b=HifYujicfPO+RRgW2ySlHqz8SqKwbArOhTpyF318B+hcd3AvCG573vjPpf9rRcTdRAM8eqni2OUg75KhST7DvfJthAmAgaDczYsFhlxO0YUHVPWx06KyoqNQfFbg0cMx9WwgfflwC54biR/YUR0gdYQmdSLvPlWgaghsM7zbsl9G4PdYyk/ZtSVUsdtVN9V9iy2i7P6Drr0fL8FES3jtXR74+2TgV3dGcnjRtKq+w896KqwVf8aNOPQxki5zTqrDn31IQli/5gex33Q8uj9yFUkuOjsBc/lyIgTKPkNCchT4vuKu9YNtSqYux/jMMoNf2Vj4wyErTz5IBSq9K3T0jQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=C7SX9uqXRwN7bzN+Vqt9y8DW4sXUj56QLFTtzriihX0=;
 b=bVJm24jIkA8I9yxWMNMjG2rbnxeRGW37LxCzWvyFYuGCK9K78C+PKmk254MMHwOkW5+/MDp8p0WkkHIfps4AOeUvOkAR8IPkF9Up2prpd1qF6u2sB80mq6fx5/oUvXa2bx6BtLd89qDSzLzKW7n7t5zqPMdmqzyyI/G7UNKrTqzlS8wBgCkbj2sgHCpYf9IONyH6imKgnPZ2ERx17k/Lu63y8MSI+JWvBC4C8v28S2DIIzBinXUqaAn/ZRa6JYInZHLWfWgJkFps27tSMDEdLfwv7TNCD4M8sIsFty7JiQgEN01wK/45fup4S1M3lRclwZT9uQrzXw2rF1Lef9Rnew==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is
 104.40.229.156) smtp.rcpttodomain=openvswitch.org smtp.mailfrom=mail.schwarz;
 dmarc=pass (p=reject sp=none pct=100) action=none header.from=mail.schwarz;
 dkim=pass (signature was verified) header.d=mail.schwarz; arc=pass (0 oda=1
 ltdi=1 spf=[1,1,smtp.mailfrom=mail.schwarz] dkim=[1,1,header.d=mail.schwarz]
 dmarc=[1,1,header.from=mail.schwarz])
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mail.schwarz;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=C7SX9uqXRwN7bzN+Vqt9y8DW4sXUj56QLFTtzriihX0=;
 b=ebhTpe8rKJW1zv2AuZH2EX8pUy5Znl0VJA70pMEG48ImIKrW6EnSKA87UjdIZHwxZjjFlZNnLDRik5A0yKZKAjAkZQxVK3bnvBG5aYp4F+5PobOXwFWUs3XsJlNJ24knIF5F+55SVdL8iii6fw77X/fFfSBsfIP8e8z6MaOwMrLawUMcrG7Va6eTr8G0l/O1PKc6gINWgtgQ0UBcH9GHMc6H1Z05+2z0AlQD1PSj3LOOaC6MFHK8hxnneG3DVOVVBaQ5sIo4G6o6t1rV1MIhL7e08jXmh3il8q9iRaKVhwO1h2PQoyoMXXC1Ti+b6ft6dZVlFcGu6OsjzQiigLucjA==
Received: from AM0PR02CA0004.eurprd02.prod.outlook.com (2603:10a6:208:3e::17)
 by AS5PR10MB8242.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:67f::16)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.31; Fri, 2 Feb
 2024 07:24:12 +0000
Received: from AM4PEPF00027A63.eurprd04.prod.outlook.com
 (2603:10a6:208:3e:cafe::71) by AM0PR02CA0004.outlook.office365.com
 (2603:10a6:208:3e::17) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.26 via Frontend
 Transport; Fri, 2 Feb 2024 07:24:12 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 104.40.229.156)
 smtp.mailfrom=mail.schwarz; dkim=pass (signature was verified)
 header.d=mail.schwarz;dmarc=pass action=none header.from=mail.schwarz;
Received-SPF: Pass (protection.outlook.com: domain of mail.schwarz designates
 104.40.229.156 as permitted sender)
 receiver=protection.outlook.com;
 client-ip=104.40.229.156; helo=eu1.smtp.exclaimer.net; pr=C
Received: from eu1.smtp.exclaimer.net (104.40.229.156) by
 AM4PEPF00027A63.mail.protection.outlook.com (10.167.16.73) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id
 15.20.7249.19 via Frontend Transport; Fri, 2 Feb 2024 07:24:10 +0000
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (104.47.14.51)
 by eu1.smtp.exclaimer.net (104.40.229.156) with Exclaimer Signature Manager
 ESMTP Proxy eu1.smtp.exclaimer.net (tlsversion=TLS12,
 tlscipher=TLS_ECDHE_WITH_AES256_SHA384); Fri, 2 Feb 2024 07:24:10 +0000
X-ExclaimerHostedSignatures-MessageProcessed: true
X-ExclaimerProxyLatency: 7913683
X-ExclaimerImprintLatency: 5270769
X-ExclaimerImprintAction: b5b9cbc040f74de18c56ad2b877e435c
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=ns2U8Xc0PY6qtoyXs/za4xxdgZ2YVyUfo0UaElg10DHU6eRWg0MnBlzxDYEIowi20LMPANKsGtivs33ysJKQMbR/BpXiileH1iZYMcSr94eT9pPcYWImht9jC2MMhKcPO4FzcoNkdsjz/H79TjXDQ64Sm2gAEpaxaDUEozPJdNYVJ4cC8Sey+CKjYG31gCl4CYSwILvsT9sQO25tVAsBJencgckpEs75M6pFM3fQRkSz2IgZewKKA+gioj1KRqbuLwjBwpgixq6EmeVaDNdILKGXtZ2HVJs09NSygUAzqnJ1Wssk/lISGzHikjdLRw2sE8I8nJ6VwK/sY//m4rDsGg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=C7SX9uqXRwN7bzN+Vqt9y8DW4sXUj56QLFTtzriihX0=;
 b=ACT0kBt+yl2qmvO9Aco67lrjxlAVo72S752AriQZhhjWSfmj9ZAuOgNEugEha849XdUXBeO9fqk8DxFI9SmsW08dK3FYSprRXG2vbErTmCbo0QV9YafCYSJApiQHZA/B5Tf0+LQIxGWnwEsgE7i9057RluwHiOfUEmzTzfNyjXIdhkKAWjUW3rRguTBhW1I0bstddHSF/L3jALJ2RqrE2b//sgk0k2tPLf6D1wchVFNkAKUPCtbeVui8/iqF5L49yDc1cRXIeE0M21S5kbF8jfN1xgeCcP/fms5ocS9rW1tuFtS6ZMSy4qqUxiKrYtQlyAM7FZgNTW3Lz+8YXJcssw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=mail.schwarz; dmarc=pass action=none header.from=mail.schwarz;
 dkim=pass header.d=mail.schwarz; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mail.schwarz;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=C7SX9uqXRwN7bzN+Vqt9y8DW4sXUj56QLFTtzriihX0=;
 b=ebhTpe8rKJW1zv2AuZH2EX8pUy5Znl0VJA70pMEG48ImIKrW6EnSKA87UjdIZHwxZjjFlZNnLDRik5A0yKZKAjAkZQxVK3bnvBG5aYp4F+5PobOXwFWUs3XsJlNJ24knIF5F+55SVdL8iii6fw77X/fFfSBsfIP8e8z6MaOwMrLawUMcrG7Va6eTr8G0l/O1PKc6gINWgtgQ0UBcH9GHMc6H1Z05+2z0AlQD1PSj3LOOaC6MFHK8hxnneG3DVOVVBaQ5sIo4G6o6t1rV1MIhL7e08jXmh3il8q9iRaKVhwO1h2PQoyoMXXC1Ti+b6ft6dZVlFcGu6OsjzQiigLucjA==
Authentication-Results-Original: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=mail.schwarz;
Received: from PAVPR10MB6914.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:30d::9)
 by AM7PR10MB3873.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17a::7)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.30; Fri, 2 Feb
 2024 07:24:08 +0000
Received: from PAVPR10MB6914.EURPRD10.PROD.OUTLOOK.COM
 ([fe80::1d63:bb69:8522:de5b]) by PAVPR10MB6914.EURPRD10.PROD.OUTLOOK.COM
 ([fe80::1d63:bb69:8522:de5b%7]) with mapi id 15.20.7249.024; Fri, 2 Feb 2024
 07:24:08 +0000
Date: Fri, 2 Feb 2024 08:24:06 +0100
To: dev@openvswitch.org
Message-ID: <ZbyYltZ38cksixwe@SIT-SDELAP4051.int.lidl.net>
Mail-Followup-To: dev@openvswitch.org, max.lamprecht@mail.schwarz,
 luca.czesla@mail.schwarz
Content-Disposition: inline
X-ClientProxiedBy: FR3P281CA0111.DEUP281.PROD.OUTLOOK.COM
 (2603:10a6:d10:a3::14) To PAVPR10MB6914.EURPRD10.PROD.OUTLOOK.COM
 (2603:10a6:102:30d::9)
MIME-Version: 1.0
X-MS-TrafficTypeDiagnostic: 
 PAVPR10MB6914:EE_|AM7PR10MB3873:EE_|AM4PEPF00027A63:EE_|AS5PR10MB8242:EE_
X-MS-Office365-Filtering-Correlation-Id: 16da14a9-30a6-4691-39fd-08dc23bff349
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: 
 9JLiN6TWOa4cgtLEHLn+0rW2LkIXgTpy63S9CyPwLse0w8Hni+vbs9W9uMUnx3TJyfrkbvXy7/9CDt6jcRc7nr/m9gmBtcWGYY/gKTVgMPj3g27Xbly3cv3P5bJ/P0+5JM31A9fTVEUiz+mBaor4wOgDp+RCp/ZlHMFUCHecqo9KWxeveZ+KQEjPhcr1UxpBjHqtjZCxM7v+vDx4lVKLaD7vr7K0m69EjBRuVs8koI48VCp6Qbnqi94HWsYbSAb81oByczTBjrr4AQRkwdIID0xQVkxnWCdXfShp9iv1DcA8yqcnN6+Hds7d4bNY7LGlJxhbPzNNMSItsxK1U95Mx6JDIEXZTloSS+oUZ8d2oaARgSnyoXdIZgr+6iVabBiH/M9bdGzYajYSijusxEGYQWW9IbTQdoPhLQyaF78zsd0x4Q41zywHGuBv2jWbvcSBNFFo1TxHVKV/GoF6SH9GGD+4sptG7FARJuacKs+4bAbTkHYj25ie5A1A3uzXAXQ3SmSIriT/2Pa3D9kHmcC+aEUH9T3GXExAZEQtbHTAT9o=
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en;
 SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PAVPR10MB6914.EURPRD10.PROD.OUTLOOK.COM;
 PTR:; CAT:NONE;
 SFS:(13230031)(136003)(346002)(39860400002)(396003)(376002)(366004)(230922051799003)(64100799003)(186009)(451199024)(1800799012)(4326008)(316002)(6916009)(44832011)(8936002)(8676002)(66556008)(66476007)(6486002)(966005)(86362001)(478600001)(66946007)(2906002)(5660300002)(82960400001)(38100700002)(26005)(107886003)(9686003)(6506007)(83380400001)(66574015)(41300700001)(6512007);
 DIR:OUT; SFP:1101;
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR10MB3873
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: 
 AM4PEPF00027A63.eurprd04.prod.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: 
 b7b81707-3cfe-4c36-0cf5-08dc23bff1a5
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 aZymJz6qH8sr6amsWJR8AigClWifNwnAzIl+LyAx/SUP4hyhXGDZG/P+K9QbYEvHP/z3LpHGmAZ0uAVEd3kyaBi/gX0VWPOsK5FINpImjNzd5WQyUkCaZFAdX8se2vfyPohFzGE0AqrueVl1iMLmiwhvSK12i3GQHPUBNeC9PPQE0KqMio08gkIntiHgX/0Ow5Y+M4AbNwc0bcEs7qxWhFxvJYrNXJDUGNV2OMQwC5BFHX4HDBZx8mumjMTehmWK0OEz1bE3XOBDl4TigZp7RhYujQce6hBmaFyxLsoNWLD0ostdkwAyy7apvN1jSHpGxBdHmHWg/P7pwPUXoLT0EoP9fM3PpGMwAyUOIXKEtb53Oyp/ZC7wtnZZtSvCtc7rykpk63F2CmVKfMxXSjTyN6oG7I1oByNHCRL/HQe3WSYns42PFVOnFwejKUFY1sCBEpWgXIISZWgvqhAK7FCPTLyx/JmD45T2NDP3Il6xH6lYNRNQw56jz7nZOWWxFn16I1eiLnkJhZ3o/ounDOJJEPL1g1/xcmpy72imSoiMKUljgJqoreSEebaTKBDXg+XtbTr0HlOnahOTCAyJzjLjbuuoLBZlqTeOOJdJfpgBjFpczdqdX8fjOWBTKnzSOVBkXJHM1aoOtc4s+IpjgFwzvKj51PgEQ/yWVoMaCgbFvaXqjoBNCkrDcp/QnHt4DqPEU5boSdbkxfNPbjSCAYy6GE2RWRBYCdiOVzLQOQo88MI=
X-Forefront-Antispam-Report: CIP:104.40.229.156; CTRY:NL; LANG:en; SCL:1;
 SRV:;
 IPV:CAL; SFV:NSPM; H:eu1.smtp.exclaimer.net; PTR:eu1.smtp.exclaimer.net;
 CAT:NONE;
 SFS:(13230031)(4636009)(396003)(39860400002)(346002)(376002)(136003)(230922051799003)(186009)(82310400011)(1800799012)(64100799003)(451199024)(40470700004)(46966006)(36840700001)(40480700001)(40460700003)(7596003)(26005)(83380400001)(36860700001)(47076005)(6512007)(41300700001)(82740400003)(336012)(356005)(7636003)(107886003)(6506007)(478600001)(9686003)(82960400001)(2906002)(8936002)(6916009)(86362001)(70206006)(8676002)(70586007)(66574015)(4326008)(966005)(5660300002)(316002)(6486002)(44832011);
 DIR:OUT; SFP:1101;
X-OriginatorOrg: mail.schwarz
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Feb 2024 07:24:10.0593 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 16da14a9-30a6-4691-39fd-08dc23bff349
X-MS-Exchange-CrossTenant-Id: d04f4717-5a6e-4b98-b3f9-6918e0385f4c
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=d04f4717-5a6e-4b98-b3f9-6918e0385f4c; Ip=[104.40.229.156];
 Helo=[eu1.smtp.exclaimer.net]
X-MS-Exchange-CrossTenant-AuthSource: 
 AM4PEPF00027A63.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS5PR10MB8242
Subject: [ovs-dev] [PATCH] netlink-conntrack: Optimize flushing ct zone.
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
X-Patchwork-Original-From: Felix Huettner via dev <ovs-dev@openvswitch.org>
From: Felix Huettner <felix.huettner@mail.schwarz>
Reply-To: Felix Huettner <felix.huettner@mail.schwarz>
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev" <ovs-dev-bounces@openvswitch.org>

Previously the kernel did not provide a netlink interface to flush/list
only conntrack entries matching a specific zone. With [1] it is now
possible to flush and list conntrack entries filtered by zone. Older
kernels not yet supporting this feature will ignore the filter.
For the list request that means just returning all entries (which we can
then filter in userspace as before).
For the flush request that means deleting all conntrack entries.

These significantly improves the performance of flushing conntrack zones
when the conntrack table is large. Since flushing a conntrack zone is
normally triggered via an openflow command it blocks the main ovs thread
and thereby also blocks new flows from being applied. Using this new
feature we can reduce the flushing time for zones by around 93%.

In combination with OVN the creation of a Logical_Router (which causes
the flushing of a ct zone) could block other operations, e.g. the
failover of Logical_Routers (as they cause new flows to be created).
This is visible from a user perspective as a ovn-controller that is idle
(as it waits for vswitchd) and vswitchd reporting:
"blocked 1000 ms waiting for main to quiesce" (potentially with ever
increasing times).

The following performance tests where run in a qemu vm with 500.000
conntrack entries distributed evenly over 500 ct zones using `ovstest
test-netlink-conntrack flush zone=<zoneid>`.

With this patch and kernel v6.8-rc2:

-----------------------------------------------------------------------------------------------------------------------------------------------------
                               Min (s)         Median (s)      90%ile (s)      99%ile (s)      Max (s)         Mean (s)        Total (s)       Count
-----------------------------------------------------------------------------------------------------------------------------------------------------
flush zone with 1000 entries   0.260           0.319           0.335           0.348           0.362           0.320           80.02           250
flush zone with no entry       0.228           0.298           0.325           0.340           0.348           0.296           73.93           250
-----------------------------------------------------------------------------------------------------------------------------------------------------

With this patch and kernel v6.7.1:

-----------------------------------------------------------------------------------------------------------------------------------------------------
                               Min (s)         Median (s)      90%ile (s)      99%ile (s)      Max (s)         Mean (s)        Total (s)       Count
-----------------------------------------------------------------------------------------------------------------------------------------------------
flush zone with 1000 entries   3.946           4.237           4.367           4.495           4.543           4.236           1058.992        250
flush zone with no entry       3.462           4.460           4.662           4.931           5.390           4.430           1107.479        250
-----------------------------------------------------------------------------------------------------------------------------------------------------

Without this patch and kernel v6.8-rc2:

-----------------------------------------------------------------------------------------------------------------------------------------------------
                               Min (s)         Median (s)      90%ile (s)      99%ile (s)      Max (s)         Mean (s)        Total (s)       Count
-----------------------------------------------------------------------------------------------------------------------------------------------------
flush zone with 1000 entries   3.497           4.349           4.522           4.773           5.054           4.331           1082.802        250
flush zone with no entry       3.212           4.010           4.572           6.003           6.396           4.071           1017.838        250
-----------------------------------------------------------------------------------------------------------------------------------------------------

[1]: https://github.com/torvalds/linux/commit/eff3c558bb7e61c41b53e4c8130e514a5a4df9ba

Co-Authored-By: Luca Czesla <luca.czesla@mail.schwarz>
Signed-off-by: Luca Czesla <luca.czesla@mail.schwarz>
Co-Authored-By: Max Lamprecht <max.lamprecht@mail.schwarz>
Signed-off-by: Max Lamprecht <max.lamprecht@mail.schwarz
Signed-off-by: Felix Huettner <felix.huettner@mail.schwarz>
---
 lib/netlink-conntrack.c | 57 +++++++++++++++++++++++++++++++++++++++--
 tests/system-traffic.at |  8 ++++++
 2 files changed, 63 insertions(+), 2 deletions(-)


base-commit: 1be7f896af85f2777f8147df207612339b4480c0

diff --git a/lib/netlink-conntrack.c b/lib/netlink-conntrack.c
index 492bfcffb..1b050894d 100644
--- a/lib/netlink-conntrack.c
+++ b/lib/netlink-conntrack.c
@@ -25,6 +25,7 @@
 #include <linux/netfilter/nf_conntrack_tcp.h>
 #include <linux/netfilter/nf_conntrack_ftp.h>
 #include <linux/netfilter/nf_conntrack_sctp.h>
+#include <sys/utsname.h>
 
 #include "byte-order.h"
 #include "compiler.h"
@@ -141,6 +142,9 @@ nl_ct_dump_start(struct nl_ct_dump_state **statep, const uint16_t *zone,
 
     nl_msg_put_nfgenmsg(&state->buf, 0, AF_UNSPEC, NFNL_SUBSYS_CTNETLINK,
                         IPCTNL_MSG_CT_GET, NLM_F_REQUEST);
+    if (zone) {
+        nl_msg_put_be16(&state->buf, CTA_ZONE, htons(*zone));
+    }
     nl_dump_start(&state->dump, NETLINK_NETFILTER, &state->buf);
     ofpbuf_clear(&state->buf);
 
@@ -283,23 +287,72 @@ nl_ct_flush_zone(uint16_t flush_zone)
     return err;
 }
 #else
+
+static bool
+netlink_flush_supports_zone(void)
+{
+    static struct ovsthread_once once = OVSTHREAD_ONCE_INITIALIZER;
+    static bool supported = false;
+
+    if (ovsthread_once_start(&once)) {
+        struct utsname utsname;
+        int major, minor;
+
+        if (uname(&utsname) == -1) {
+            VLOG_WARN("uname failed (%s)", ovs_strerror(errno));
+        } else if (!ovs_scan(utsname.release, "%d.%d", &major, &minor)) {
+            VLOG_WARN("uname reported bad OS release (%s)", utsname.release);
+        } else if (major < 6 || (major == 6 && minor < 8)) {
+            VLOG_INFO("disabling conntrack flush by zone in Linux kernel %s",
+                      utsname.release);
+        } else {
+            supported = true;
+        }
+        ovsthread_once_done(&once);
+    }
+    return supported;
+}
+
 int
 nl_ct_flush_zone(uint16_t flush_zone)
 {
-    /* Apparently, there's no netlink interface to flush a specific zone.
+    /* In older kernels, there was no netlink interface to flush a specific
+     * conntrack zone.
      * This code dumps every connection, checks the zone and eventually
      * delete the entry.
+     * In newer kernels there is the option to specifiy a zone for filtering
+     * during dumps. Older kernels ignore this option. We set it here in the
+     * hope we only get relevant entries back, but fall back to filtering here
+     * to keep compatibility.
      *
-     * This is race-prone, but it is better than using shell scripts. */
+     * This is race-prone, but it is better than using shell scripts.
+     *
+     * Additionally newer kernels also support flushing a zone without listing
+     * it first. */
 
     struct nl_dump dump;
     struct ofpbuf buf, reply, delete;
+    int err;
+
+    if (netlink_flush_supports_zone()) {
+        ofpbuf_init(&buf, NL_DUMP_BUFSIZE);
+
+        nl_msg_put_nfgenmsg(&buf, 0, AF_UNSPEC, NFNL_SUBSYS_CTNETLINK,
+                            IPCTNL_MSG_CT_DELETE, NLM_F_REQUEST);
+        nl_msg_put_be16(&buf, CTA_ZONE, htons(flush_zone));
+
+        err = nl_transact(NETLINK_NETFILTER, &buf, NULL);
+        ofpbuf_uninit(&buf);
+
+        return err;
+    }
 
     ofpbuf_init(&buf, NL_DUMP_BUFSIZE);
     ofpbuf_init(&delete, NL_DUMP_BUFSIZE);
 
     nl_msg_put_nfgenmsg(&buf, 0, AF_UNSPEC, NFNL_SUBSYS_CTNETLINK,
                         IPCTNL_MSG_CT_GET, NLM_F_REQUEST);
+    nl_msg_put_be16(&buf, CTA_ZONE, htons(flush_zone));
     nl_dump_start(&dump, NETLINK_NETFILTER, &buf);
     ofpbuf_clear(&buf);
 
diff --git a/tests/system-traffic.at b/tests/system-traffic.at
index f363a778c..869728a1d 100644
--- a/tests/system-traffic.at
+++ b/tests/system-traffic.at
@@ -3214,6 +3214,14 @@ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.4)], [0], [dnl
 tcp,orig=(src=10.1.1.3,dst=10.1.1.4,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.4,dst=10.1.1.3,sport=<cleared>,dport=<cleared>),zone=2,protoinfo=(state=<cleared>)
 ])
 
+dnl flushing one zone should leave the others intact
+AT_CHECK([ovs-appctl dpctl/flush-conntrack zone=2])
+AT_CHECK([ovs-appctl dpctl/dump-conntrack zone=1 | FORMAT_CT(10.1.1.2)], [0], [dnl
+tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),zone=1,protoinfo=(state=<cleared>)
+])
+AT_CHECK([ovs-appctl dpctl/dump-conntrack zone=2 | FORMAT_CT(10.1.1.4)], [0], [dnl
+])
+
 OVS_TRAFFIC_VSWITCHD_STOP
 AT_CLEANUP