[ovs-dev] [PATCH 2/2] Add flow matching for tunnel keys
Jesse Gross
jesse at nicira.com
Wed Oct 3 18:54:14 UTC 2012
On Mon, Oct 1, 2012 at 8:52 AM, Kyle Mestery <kmestery at cisco.com> wrote:
> Move struct ovs_key_ipv4_tunnel out of struct
> sw_flow_key and into struct sw_flow. This allows it to
> "float" and be used for matching only when needed.
> Modify the matching code in ovs_flow_tbl_lookup() to
> match on the tunnel header if it's set.
This is a little bit different from what I was originally envisioning
but I think we can combine them to get the best of both worlds.
As it currently exists, there are a couple of things that worry me a little bit:
* While the tunnel information is included in the lookup comparison,
it's not in the hash. While it's probably not a likely situation that
many different tunnel endpoints are sending the same flow, it is
possible. It's also possible that a malicious user could use it to
unbalance the hash table.
* Ideally, I'd like to keep optimizations like this internal to
flow.c. There's a little more code change in datapath.c than I'd like
to see.
Here's my idea:
* Keep tun_key at the very beginning of the struct sw_flow_key and
populate it like usual.
* Create a new struct containing hashing/comparison parameters. This
is basically just data passed between
flow_extract()/ovs_flow_from_nlattrs() and
ovs_flow_hash()/ovs_flow_tbl_lookup(). Initially, it would just
contain key_len.
* Add a key_start offset to the new comparison parameters struct,
which would point to either phy if there is no tunnel or otherwise
tun_key.
So essentially we make the flow key variable length in both directions.
More information about the dev
mailing list