[ovs-dev] [LimitFlows 4/4] ofproto: Limit table sizes to those advertised over OpenFlow.

Jesse Gross jesse at nicira.com
Tue Apr 20 18:15:07 UTC 2010 

This set looks good to me.

On Mon, Apr 19, 2010 at 5:08 PM, Ben Pfaff <blp at nicira.com> wrote:

> Open vSwitch has always advertised maximum flow table sizes, but it has
> never enforced them.  This commit implements enforcement.
>
> Bug #1899.
> ---
>  ofproto/ofproto.c |   14 ++++++++++++--
>  1 files changed, 12 insertions(+), 2 deletions(-)
>
> diff --git a/ofproto/ofproto.c b/ofproto/ofproto.c
> index 6498f7c..f77fc97 100644
> --- a/ofproto/ofproto.c
> +++ b/ofproto/ofproto.c
> @@ -67,6 +67,10 @@ enum {
>     TABLEID_WILD = 1            /* Wildcard table. */
>  };
>
> +/* Maximum number of rules of each kind permitted. */
> +#define MAX_EXACT_FLOWS 65536
> +#define MAX_WILD_FLOWS 65536
> +
>  struct ofport {
>     struct netdev *netdev;
>     struct ofp_phy_port opp;    /* In host byte order. */
> @@ -2538,7 +2542,7 @@ handle_table_stats_request(struct ofproto *p, struct
> ofconn *ofconn,
>     strcpy(ots->name, "exact");
>     ots->wildcards = htonl(0);
>     ots->active_count = htonl(ofproto_count_visible_exact(p));
> -    ots->max_entries = htonl(dpstats.max_capacity);
> +    ots->max_entries = htonl(MIN(MAX_EXACT_FLOWS, dpstats.max_capacity));
>     ots->lookup_count = htonll(dpstats.n_frags + dpstats.n_hit +
>                                dpstats.n_missed);
>     ots->matched_count = htonll(dpstats.n_hit); /* XXX */
> @@ -2551,7 +2555,7 @@ handle_table_stats_request(struct ofproto *p, struct
> ofconn *ofconn,
>     ots->wildcards = p->tun_id_from_cookie ? htonl(OVSFW_ALL)
>                                            : htonl(OFPFW_ALL);
>     ots->active_count = htonl(ofproto_count_visible_wild(p));
> -    ots->max_entries = htonl(65536);
> +    ots->max_entries = htonl(MAX_WILD_FLOWS);
>     ots->lookup_count = htonll(0);              /* XXX */
>     ots->matched_count = htonll(0);             /* XXX */
>
> @@ -2975,6 +2979,12 @@ add_flow(struct ofproto *p, struct ofconn *ofconn,
>         }
>     }
>
> +    if (ofm->match.wildcards
> +        ? ofproto_count_visible_wild(p) >= MAX_WILD_FLOWS
> +        : ofproto_count_visible_exact(p) >= MAX_EXACT_FLOWS) {
> +        return ofp_mkerr(OFPET_FLOW_MOD_FAILED, OFPFMFC_ALL_TABLES_FULL);
> +    }
> +
>     rule = rule_create(p, NULL, (const union ofp_action *) ofm->actions,
>                        n_actions, ntohs(ofm->idle_timeout),
>                        ntohs(ofm->hard_timeout),  ofm->cookie,
> --
> 1.6.6.1
>
>
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev_openvswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-dev/attachments/20100420/79bf1762/attachment-0003.html>

More information about the dev mailing list