diff mbox series

[ovs-dev,v5,1/3] actions: add sample action

Message ID 20221104154941.365187-2-amorenoz@redhat.com
State Changes Requested
Delegated to: Dumitru Ceara
Headers show
Series Add ovn drop debugging | expand

Checks

Context Check Description
ovsrobot/apply-robot success apply and check: success
ovsrobot/github-robot-_Build_and_Test success github build: passed
ovsrobot/github-robot-_ovn-kubernetes fail github build: failed

Commit Message

Adrián Moreno Nov. 4, 2022, 3:49 p.m. UTC
sample ovn action encodes into the OFPACT_SAMPLE ovs action.

OVN action allows the following parameters:

- obs_domain_id: 8-bit integer that identifies the sampling application.
  This value will be combined with the datapath's tunnel_id to form the
  final observation_domain_id that will be used in the OVS action as:
    ObservationDomainID = obs_domain_id << 24 | (dp_key & 0xFFFFFF)

- obs_point_id: a 32-bit integer or the $cookie macro that will be
  expanded into the first 32 bits of the lflow's UUID.

- probability: a 16-bit integer that specifies the sampling probability.
  Specifying 0 has no effect and 65535 means sampling all packets.

- collector_set: the 32-bit id that has to be configured in OVS's
  Flow_Sample_Collector_Set table in order to configure IPFIX sampling.

Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
---
 controller/lflow.c    |   1 +
 include/ovn/actions.h |  16 ++++++
 lib/actions.c         | 120 ++++++++++++++++++++++++++++++++++++++++++
 ovn-sb.xml            |  52 ++++++++++++++++++
 tests/ovn.at          |  28 ++++++++++
 tests/test-ovn.c      |   3 ++
 utilities/ovn-trace.c |   2 +
 7 files changed, 222 insertions(+)

Comments

Dumitru Ceara Nov. 18, 2022, 2:55 p.m. UTC | #1
On 11/4/22 16:49, Adrian Moreno wrote:
> sample ovn action encodes into the OFPACT_SAMPLE ovs action.
> 
> OVN action allows the following parameters:
> 
> - obs_domain_id: 8-bit integer that identifies the sampling application.
>   This value will be combined with the datapath's tunnel_id to form the
>   final observation_domain_id that will be used in the OVS action as:
>     ObservationDomainID = obs_domain_id << 24 | (dp_key & 0xFFFFFF)
> 
> - obs_point_id: a 32-bit integer or the $cookie macro that will be
>   expanded into the first 32 bits of the lflow's UUID.
> 
> - probability: a 16-bit integer that specifies the sampling probability.
>   Specifying 0 has no effect and 65535 means sampling all packets.
> 
> - collector_set: the 32-bit id that has to be configured in OVS's
>   Flow_Sample_Collector_Set table in order to configure IPFIX sampling.
> 
> Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
> ---

Hi Adrian,

> diff --git a/lib/actions.c b/lib/actions.c
> index adbb42db4..cef626f84 100644
> --- a/lib/actions.c
> +++ b/lib/actions.c
> @@ -4279,6 +4279,124 @@ encode_CHECK_OUT_PORT_SEC(const struct ovnact_result *dl,
>                             MLF_CHECK_PORT_SEC_BIT, ofpacts);
>  }
>  
> +static void
> +format_SAMPLE(const struct ovnact_sample *sample, struct ds *s)
> +{
> +    ds_put_format(s, "sample(probability=%"PRId16, sample->probability);

It should be PRIuXX everywhere in this function.

> +
> +    ds_put_format(s, ",collector_set=%"PRId32, sample->collector_set_id);
> +    ds_put_format(s, ",obs_domain=%"PRId8, sample->obs_domain_id);
> +    if (sample->use_cookie) {
> +        ds_put_cstr(s, ",obs_point=$cookie");
> +    } else {
> +        ds_put_format(s, ",obs_point=%"PRId32, sample->obs_point_id);
> +    }
> +    ds_put_format(s, ");");
> +}
> +

[...]

> diff --git a/utilities/ovn-trace.c b/utilities/ovn-trace.c
> index 6fa5137d9..ada562e41 100644
> --- a/utilities/ovn-trace.c
> +++ b/utilities/ovn-trace.c
> @@ -3290,6 +3290,8 @@ trace_actions(const struct ovnact *ovnacts, size_t ovnacts_len,
>              break;
>          case OVNACT_CHK_ECMP_NH:
>              break;
> +        case OVNACT_SAMPLE:
> +            break;
>          }
>      }
>      ofpbuf_uninit(&stack);

I think here we need this too:

diff --git a/utilities/ovn-trace.c b/utilities/ovn-trace.c
index ada562e41e..854385bc1e 100644
--- a/utilities/ovn-trace.c
+++ b/utilities/ovn-trace.c
@@ -1466,6 +1466,7 @@ execute_load(const struct ovnact_load *load,
     const struct ovnact_encode_params ep = {
         .lookup_port = ovntrace_lookup_port,
         .aux = dp,
+        .dp_key = dp->tunnel_key,
     };
     uint64_t stub[512 / 8];
     struct ofpbuf ofpacts = OFPBUF_STUB_INITIALIZER(stub);
---

Thanks,
Dumitru
Adrián Moreno Nov. 21, 2022, 12:20 p.m. UTC | #2
On 11/18/22 15:55, Dumitru Ceara wrote:
> On 11/4/22 16:49, Adrian Moreno wrote:
>> sample ovn action encodes into the OFPACT_SAMPLE ovs action.
>>
>> OVN action allows the following parameters:
>>
>> - obs_domain_id: 8-bit integer that identifies the sampling application.
>>    This value will be combined with the datapath's tunnel_id to form the
>>    final observation_domain_id that will be used in the OVS action as:
>>      ObservationDomainID = obs_domain_id << 24 | (dp_key & 0xFFFFFF)
>>
>> - obs_point_id: a 32-bit integer or the $cookie macro that will be
>>    expanded into the first 32 bits of the lflow's UUID.
>>
>> - probability: a 16-bit integer that specifies the sampling probability.
>>    Specifying 0 has no effect and 65535 means sampling all packets.
>>
>> - collector_set: the 32-bit id that has to be configured in OVS's
>>    Flow_Sample_Collector_Set table in order to configure IPFIX sampling.
>>
>> Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
>> ---
> 
> Hi Adrian,
> 
>> diff --git a/lib/actions.c b/lib/actions.c
>> index adbb42db4..cef626f84 100644
>> --- a/lib/actions.c
>> +++ b/lib/actions.c
>> @@ -4279,6 +4279,124 @@ encode_CHECK_OUT_PORT_SEC(const struct ovnact_result *dl,
>>                              MLF_CHECK_PORT_SEC_BIT, ofpacts);
>>   }
>>   
>> +static void
>> +format_SAMPLE(const struct ovnact_sample *sample, struct ds *s)
>> +{
>> +    ds_put_format(s, "sample(probability=%"PRId16, sample->probability);
> 
> It should be PRIuXX everywhere in this function.
> 
>> +
>> +    ds_put_format(s, ",collector_set=%"PRId32, sample->collector_set_id);
>> +    ds_put_format(s, ",obs_domain=%"PRId8, sample->obs_domain_id);
>> +    if (sample->use_cookie) {
>> +        ds_put_cstr(s, ",obs_point=$cookie");
>> +    } else {
>> +        ds_put_format(s, ",obs_point=%"PRId32, sample->obs_point_id);
>> +    }
>> +    ds_put_format(s, ");");
>> +}
>> +
> 
> [...]
> 
>> diff --git a/utilities/ovn-trace.c b/utilities/ovn-trace.c
>> index 6fa5137d9..ada562e41 100644
>> --- a/utilities/ovn-trace.c
>> +++ b/utilities/ovn-trace.c
>> @@ -3290,6 +3290,8 @@ trace_actions(const struct ovnact *ovnacts, size_t ovnacts_len,
>>               break;
>>           case OVNACT_CHK_ECMP_NH:
>>               break;
>> +        case OVNACT_SAMPLE:
>> +            break;
>>           }
>>       }
>>       ofpbuf_uninit(&stack);
> 
> I think here we need this too:
> 
> diff --git a/utilities/ovn-trace.c b/utilities/ovn-trace.c
> index ada562e41e..854385bc1e 100644
> --- a/utilities/ovn-trace.c
> +++ b/utilities/ovn-trace.c
> @@ -1466,6 +1466,7 @@ execute_load(const struct ovnact_load *load,
>       const struct ovnact_encode_params ep = {
>           .lookup_port = ovntrace_lookup_port,
>           .aux = dp,
> +        .dp_key = dp->tunnel_key,
>       };
>       uint64_t stub[512 / 8];
>       struct ofpbuf ofpacts = OFPBUF_STUB_INITIALIZER(stub);
> ---
> 

You're right.

I'll update the series.

> Thanks,
> Dumitru
>
diff mbox series

Patch

diff --git a/controller/lflow.c b/controller/lflow.c
index cc0f31db0..ad316c17f 100644
--- a/controller/lflow.c
+++ b/controller/lflow.c
@@ -1007,6 +1007,7 @@  add_matches_to_flow_table(const struct sbrec_logical_flow *lflow,
         .group_table = l_ctx_out->group_table,
         .meter_table = l_ctx_out->meter_table,
         .lflow_uuid = lflow->header_.uuid,
+        .dp_key = ldp->datapath->tunnel_key,
 
         .pipeline = ingress ? OVNACT_P_INGRESS : OVNACT_P_EGRESS,
         .ingress_ptable = OFTABLE_LOG_INGRESS_PIPELINE,
diff --git a/include/ovn/actions.h b/include/ovn/actions.h
index d7ee84dac..009487cfc 100644
--- a/include/ovn/actions.h
+++ b/include/ovn/actions.h
@@ -121,6 +121,7 @@  struct ovn_extend_table;
     OVNACT(COMMIT_ECMP_NH,    ovnact_commit_ecmp_nh)  \
     OVNACT(CHK_ECMP_NH_MAC,   ovnact_result)          \
     OVNACT(CHK_ECMP_NH,       ovnact_result)          \
+    OVNACT(SAMPLE,            ovnact_sample)          \
 
 /* enum ovnact_type, with a member OVNACT_<ENUM> for each action. */
 enum OVS_PACKED_ENUM ovnact_type {
@@ -456,6 +457,18 @@  struct ovnact_lookup_fdb {
     struct expr_field dst;     /* 1-bit destination field. */
 };
 
+/* OVNACT_SAMPLE */
+struct ovnact_sample {
+    struct ovnact ovnact;
+    uint16_t probability;       /* probability over UINT16_MAX. */
+    uint8_t obs_domain_id;      /* most significant byte of the
+                                   observation domain id. The other 24 bits
+                                   will come from the datapath's tunnel key. */
+    uint32_t collector_set_id;  /* colector_set_id. */
+    uint32_t obs_point_id;      /* observation point id. */
+    bool use_cookie;            /* use cookie as obs_point_id */
+};
+
 /* OVNACT_COMMIT_ECMP_NH. */
 struct ovnact_commit_ecmp_nh {
     struct ovnact ovnact;
@@ -785,6 +798,9 @@  struct ovnact_encode_params {
     /* The logical flow uuid that drove this action. */
     struct uuid lflow_uuid;
 
+    /* The datapath key. */
+    uint32_t dp_key;
+
     /* OVN maps each logical flow table (ltable), one-to-one, onto a physical
      * OpenFlow flow table (ptable).  A number of parameters describe this
      * mapping and data related to flow tables:
diff --git a/lib/actions.c b/lib/actions.c
index adbb42db4..cef626f84 100644
--- a/lib/actions.c
+++ b/lib/actions.c
@@ -4279,6 +4279,124 @@  encode_CHECK_OUT_PORT_SEC(const struct ovnact_result *dl,
                            MLF_CHECK_PORT_SEC_BIT, ofpacts);
 }
 
+static void
+format_SAMPLE(const struct ovnact_sample *sample, struct ds *s)
+{
+    ds_put_format(s, "sample(probability=%"PRId16, sample->probability);
+
+    ds_put_format(s, ",collector_set=%"PRId32, sample->collector_set_id);
+    ds_put_format(s, ",obs_domain=%"PRId8, sample->obs_domain_id);
+    if (sample->use_cookie) {
+        ds_put_cstr(s, ",obs_point=$cookie");
+    } else {
+        ds_put_format(s, ",obs_point=%"PRId32, sample->obs_point_id);
+    }
+    ds_put_format(s, ");");
+}
+
+static void
+encode_SAMPLE(const struct ovnact_sample *sample,
+              const struct ovnact_encode_params *ep,
+              struct ofpbuf *ofpacts)
+{
+    struct ofpact_sample *os = ofpact_put_SAMPLE(ofpacts);
+    os->probability = sample->probability;
+    os->collector_set_id = sample->collector_set_id;
+    os->obs_domain_id =
+        (sample->obs_domain_id << 24) | (ep->dp_key & 0xFFFFFF);
+
+    if (sample->use_cookie) {
+        os->obs_point_id = ep->lflow_uuid.parts[0];
+    } else {
+        os->obs_point_id = sample->obs_point_id;
+    }
+    os->sampling_port = OFPP_NONE;
+}
+
+static void
+parse_sample_arg(struct action_context *ctx, struct ovnact_sample *sample)
+{
+    if (lexer_match_id(ctx->lexer, "probability")) {
+        if (!lexer_force_match(ctx->lexer, LEX_T_EQUALS)) {
+            return;
+        }
+        if (ctx->lexer->token.type == LEX_T_INTEGER
+            && ctx->lexer->token.format == LEX_F_DECIMAL) {
+            if (!action_parse_uint16(ctx, &sample->probability,
+                                     "probability")) {
+                return;
+            }
+        }
+    } else if (lexer_match_id(ctx->lexer, "obs_point")) {
+        if (!lexer_force_match(ctx->lexer, LEX_T_EQUALS)) {
+            return;
+        }
+        if (ctx->lexer->token.type == LEX_T_MACRO &&
+            !strcmp(ctx->lexer->token.s, "cookie")) {
+            sample->use_cookie = true;
+            lexer_get(ctx->lexer);
+        } else if (ctx->lexer->token.type == LEX_T_INTEGER
+                && ctx->lexer->token.format == LEX_F_DECIMAL) {
+            sample->obs_point_id = ntohll(ctx->lexer->token.value.integer);
+            lexer_get(ctx->lexer);
+        } else {
+            lexer_syntax_error(ctx->lexer,
+                               "malformed sample observation_point_id");
+        }
+    } else if (lexer_match_id(ctx->lexer, "obs_domain")) {
+        if (!lexer_force_match(ctx->lexer, LEX_T_EQUALS)) {
+            return;
+        }
+        if (ctx->lexer->token.type == LEX_T_INTEGER
+            && ctx->lexer->token.format == LEX_F_DECIMAL) {
+            uint32_t obs_domain = ntohll(ctx->lexer->token.value.integer);
+            if (obs_domain > UINT8_MAX) {
+                lexer_syntax_error(ctx->lexer,
+                     "obs_domain must be 8-bit long");
+                return;
+            }
+            sample->obs_domain_id = obs_domain;
+        }
+        lexer_get(ctx->lexer);
+    } else if (lexer_match_id(ctx->lexer, "collector_set")) {
+        if (!lexer_force_match(ctx->lexer, LEX_T_EQUALS)) {
+            return;
+        }
+        if (ctx->lexer->token.type == LEX_T_INTEGER
+            && ctx->lexer->token.format == LEX_F_DECIMAL) {
+            sample->collector_set_id = ntohll(ctx->lexer->token.value.integer);
+        }
+        lexer_get(ctx->lexer);
+    } else {
+        lexer_syntax_error(ctx->lexer, "unknown argument");
+    }
+}
+
+static void
+parse_sample(struct action_context *ctx)
+{
+    struct ovnact_sample * sample = ovnact_put_SAMPLE(ctx->ovnacts);
+
+    if (lexer_match(ctx->lexer, LEX_T_LPAREN)) {
+        while (!lexer_match(ctx->lexer, LEX_T_RPAREN)) {
+            parse_sample_arg(ctx, sample);
+            if (ctx->lexer->error) {
+                return;
+            }
+            lexer_match(ctx->lexer, LEX_T_COMMA);
+        }
+    }
+    if (!sample->probability) {
+        lexer_error(ctx->lexer, "probability must be greater than zero");
+        return;
+    }
+}
+
+static void
+ovnact_sample_free(struct ovnact_sample *sample OVS_UNUSED)
+{
+}
+
 static void
 parse_commit_ecmp_nh(struct action_context *ctx,
                      struct ovnact_commit_ecmp_nh *ecmp_nh)
@@ -4790,6 +4908,8 @@  parse_action(struct action_context *ctx)
         parse_put_fdb(ctx, ovnact_put_PUT_FDB(ctx->ovnacts));
     } else if (lexer_match_id(ctx->lexer, "commit_ecmp_nh")) {
         parse_commit_ecmp_nh(ctx, ovnact_put_COMMIT_ECMP_NH(ctx->ovnacts));
+    } else if (lexer_match_id(ctx->lexer, "sample")) {
+        parse_sample(ctx);
     } else {
         lexer_syntax_error(ctx->lexer, "expecting action");
     }
diff --git a/ovn-sb.xml b/ovn-sb.xml
index 315d60853..a09891d10 100644
--- a/ovn-sb.xml
+++ b/ovn-sb.xml
@@ -2624,6 +2624,58 @@  tcp.flags = RST;
             register <var>R</var> is set to 1.
           </p>
         </dd>
+
+        <dt><code>sample(probability=<var>packets</var>, ...)</code></dt>
+        <dd>
+          <p>
+            This action causes the matched traffic to be sampled using
+            IPFIX protocol. More information about how per-flow IPFIX sampling
+            works in OVS can be found in <code>ovs-actions</code>(7) and
+            <code>ovs-vswitchd.conf.db</code>(5).
+          </p>
+
+          <p>
+            In order to reliably identify each sampled packet when it is
+            received by the IPFIX collector, this action sets the content of
+            the <code>ObservationDomainID</code> and
+            <code>ObservationPointID</code> IPFIX fields (see argument
+            description below).
+          </p>
+
+          <p>
+            The following key-value arguments are supported:
+          </p>
+
+          <dl>
+            <dt><code>probability=</code><var>packets</var></dt>
+            <dd>
+              The number of sampled packets out of 65535. It must be greater or
+              equal to 1.
+            </dd>
+            <dt><code>collector_set=</code><var>id</var></dt>
+            <dd>
+              The unsigned 32-bit integer identifier of the sample collector to
+              send sampled packets to. It must match the value configured in
+              the <code>Flow_Sample_Collector_Set</code> Table in OVS.
+              Defaults to 0.
+            </dd>
+            <dt><code>obs_domain=</code><var>id</var></dt>
+            <dd>
+              An unsigned 8-bit integer that identifies the sampling
+              application. It will be placed in the 8 most significant bits of
+              the <code>ObservationDomainID</code> field of IPFIX samples.
+              The 24 less significant bits will be automatically filled in with
+              the datapath key. Defaults to 0.
+            </dd>
+            <dt><code>obs_point=</code><var>id</var></dt>
+            <dd>
+              An unsigned 32-bit integer to be used as
+              <code>ObsservationPointID</code> or the string
+              <code>@cookie</code> to indicate that the first 32 bits of the
+              <code>Logical_Flow</code>'s UUID shall be used instead.
+            </dd>
+          </dl>
+        </dd>
       </dl>
     </column>
 
diff --git a/tests/ovn.at b/tests/ovn.at
index f8b8db4df..cfcda9a2c 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -2136,6 +2136,34 @@  pop(eth.type);
 push(abc);
     Syntax error at `abc' expecting field name.
 
+# sample
+sample(probability=100,collector_set=200,obs_domain=0,obs_point=1000);
+    encodes as sample(probability=100,collector_set_id=200,obs_domain_id=11259375,obs_point_id=1000)
+
+# sample with obs_domain = 10. Final obs_domain is 0xA << 24 | 0xABCDEF.
+sample(probability=100,collector_set=200,obs_domain=10,obs_point=$cookie);
+    encodes as sample(probability=100,collector_set_id=200,obs_domain_id=179031535,obs_point_id=2863311530)
+
+sample(probability=10);
+    formats as sample(probability=10,collector_set=0,obs_domain=0,obs_point=0);
+    encodes as sample(probability=10,collector_set_id=0,obs_domain_id=11259375,obs_point_id=0)
+
+sample(probability=10);
+    formats as sample(probability=10,collector_set=0,obs_domain=0,obs_point=0);
+    encodes as sample(probability=10,collector_set_id=0,obs_domain_id=11259375,obs_point_id=0)
+
+sample(probability=0,collector_set=200,obs_domain=0,obs_point=1000);
+    probability must be greater than zero
+
+sample(probability=0,collector_set=200,obs_domain=0,obs_point=foo);
+    Syntax error at `foo' malformed sample observation_point_id.
+
+sample(probability=0,collector_set=200,obs_domain=300,obs_point=foo);
+    Syntax error at `300' obs_domain must be 8-bit long.
+
+sample(probability=10,foo=bar,obs_domain=0,obs_point=1000);
+    Syntax error at `foo' unknown argument.
+
 # Miscellaneous negative tests.
 ;
     Syntax error at `;'.
diff --git a/tests/test-ovn.c b/tests/test-ovn.c
index a241f150d..fd580b5df 100644
--- a/tests/test-ovn.c
+++ b/tests/test-ovn.c
@@ -1355,6 +1355,9 @@  test_parse_actions(struct ovs_cmdl_context *ctx OVS_UNUSED)
                 .common_nat_ct_zone = MFF_LOG_DNAT_ZONE,
                 .in_port_sec_ptable = OFTABLE_CHK_IN_PORT_SEC,
                 .out_port_sec_ptable = OFTABLE_CHK_OUT_PORT_SEC,
+                .lflow_uuid.parts =
+                    { 0xaaaaaaaa, 0xbbbbbbbb, 0xcccccccc, 0xdddddddd},
+                .dp_key = 0xabcdef,
             };
             struct ofpbuf ofpacts;
             ofpbuf_init(&ofpacts, 0);
diff --git a/utilities/ovn-trace.c b/utilities/ovn-trace.c
index 6fa5137d9..ada562e41 100644
--- a/utilities/ovn-trace.c
+++ b/utilities/ovn-trace.c
@@ -3290,6 +3290,8 @@  trace_actions(const struct ovnact *ovnacts, size_t ovnacts_len,
             break;
         case OVNACT_CHK_ECMP_NH:
             break;
+        case OVNACT_SAMPLE:
+            break;
         }
     }
     ofpbuf_uninit(&stack);