[ovs-dev] [PATCH 2/2] Add flow matching for tunnel keys

Jesse Gross jesse at nicira.com
Wed Oct 3 18:54:14 UTC 2012


On Mon, Oct 1, 2012 at 8:52 AM, Kyle Mestery <kmestery at cisco.com> wrote:
> Move struct ovs_key_ipv4_tunnel out of struct
> sw_flow_key and into struct sw_flow. This allows it to
> "float" and be used for matching only when needed.
> Modify the matching code in ovs_flow_tbl_lookup() to
> match on the tunnel header if it's set.

This is a little bit different from what I was originally envisioning
but I think we can combine them to get the best of both worlds.

As it currently exists, there are a couple of things that worry me a little bit:
 * While the tunnel information is included in the lookup comparison,
it's not in the hash.  While it's probably not a likely situation that
many different tunnel endpoints are sending the same flow, it is
possible.  It's also possible that a malicious user could use it to
unbalance the hash table.
 * Ideally, I'd like to keep optimizations like this internal to
flow.c.  There's a little more code change in datapath.c than I'd like
to see.

Here's my idea:
 * Keep tun_key at the very beginning of the struct sw_flow_key and
populate it like usual.
 * Create a new struct containing hashing/comparison parameters.  This
is basically just data passed between
flow_extract()/ovs_flow_from_nlattrs() and
ovs_flow_hash()/ovs_flow_tbl_lookup().  Initially, it would just
contain key_len.
* Add a key_start offset to the new comparison parameters struct,
which would point to either phy if there is no tunnel or otherwise
tun_key.

So essentially we make the flow key variable length in both directions.



More information about the dev mailing list