[ovs-dev] [PATCH 2/2] Add flow matching for tunnel keys

Jesse Gross jesse at nicira.com
Wed Oct 3 18:54:14 UTC 2012

On Mon, Oct 1, 2012 at 8:52 AM, Kyle Mestery <kmestery at cisco.com> wrote:
> Move struct ovs_key_ipv4_tunnel out of struct
> sw_flow_key and into struct sw_flow. This allows it to
> "float" and be used for matching only when needed.
> Modify the matching code in ovs_flow_tbl_lookup() to
> match on the tunnel header if it's set.

This is a little bit different from what I was originally envisioning
but I think we can combine them to get the best of both worlds.

As it currently exists, there are a couple of things that worry me a little bit:
 * While the tunnel information is included in the lookup comparison,
it's not in the hash.  While it's probably not a likely situation that
many different tunnel endpoints are sending the same flow, it is
possible.  It's also possible that a malicious user could use it to
unbalance the hash table.
 * Ideally, I'd like to keep optimizations like this internal to
flow.c.  There's a little more code change in datapath.c than I'd like
to see.

Here's my idea:
 * Keep tun_key at the very beginning of the struct sw_flow_key and
populate it like usual.
 * Create a new struct containing hashing/comparison parameters.  This
is basically just data passed between
flow_extract()/ovs_flow_from_nlattrs() and
ovs_flow_hash()/ovs_flow_tbl_lookup().  Initially, it would just
contain key_len.
* Add a key_start offset to the new comparison parameters struct,
which would point to either phy if there is no tunnel or otherwise

So essentially we make the flow key variable length in both directions.

