[ovs-dev] [PATCH v5 00/16] Userspace (DPDK) connection tracker
Daniele Di Proietto
diproiettod at vmware.com
Thu Jul 28 06:17:42 UTC 2016
Thanks for the reviews, I pushed this to master except for the system tests part.
On 26/07/2016 17:58, "Daniele Di Proietto" <diproiettod at vmware.com> wrote:
>This series aims to implement the ct() action for the dpif-netdev datapath.
>The bulk of the code is in the new conntrack module: it contains some packet
>parsing code, some lookup tables and the logic to implements all the ct bits.
>
>The conntrack module is helped by conntrack-tcp, for TCP window and flags
>tracking: the bulk of the code of this submodule is from the FreeBSD's pf
>subsystem, therefore is BSD licensed.
>
>The rest of the series integrates the connection tracker with the rest of
>OVS: the ct() action is implemented in dpif-netdev, and the debugging
>interfaces required by dpctl/{dump,flush}-conntrack are implemented.
>
>Besides adding some unit tests, this series ports the existing conntrack
>system test to the userspace datapath. Some small modifications are
>required to pass the testsuite, and some tests still have to be skipped.
>
>This can also be downloaded at:
>
>https://github.com/ddiproietto/ovs/tree/userconntrack_20160726
>
>Any feedback is appreciated, thanks.
>
>v4 -> v5:
>* Rebase: hmap.h is moved, include ct_* field in some unit tests,
> skip and adapt to the new ct dump format the OVN tests.
>* Style and typo fixes.
>* Add coverage counter to detect long cleanup.
>* Use ovs_barrier instead of pthread_barrier in test (fix compilation
> on OS X).
>* Fix dumping tcp state in the reply direction.
>* Squash together flow_compose improvements (checksum and udp_len).
>
>v3 -> v4:
>* Rebase: use struct dp_packet_batch, add extra ct_ fields in some
> new tests, use struct hmap_pos, skip some new system NAT tests.
>* Style and typo fixes.
>* Add OVS_NOT_REACHED() in switch in process_one().
>* New commit: use dl_type from flow or matching megaflow.
>
>v2 -> v3:
>* Rebased.
>* Squashed commits for flushing (in dpif-netdev and conntrack).
>* Squashed commits for dumping (in dpif-netdev and conntrack).
>* Use adaptive mutex instead of spinlock: this prevents livelock
> if the cleanup thread is executed on the same CPU as a forwarding
> thread. Performance impact in minimal.
>* Validate L3 and L4 checksum.
>* Use proper L3 and L4 checksum in hardcoded packets in system and unit
> tests.
>* Consider ICMPv6 as well as ICMP in l4_protos and conn_key_to_tuple.
>* Mention conntrack in NEWS and FAQ.md.
>* Use uint16_t for ct_state.
>* Fix possible NULL dereference for conn in process_one().
>* Add OVS_U128_MIN, OVS_U128_ZERO.
>* Use HMAP_FOR_EACH_POP.
>* Check that UDP length is valid.
>* Style fix: prefer 'sizeof *object' instead of 'sizeof type'
>* Don't accept packets from/to UDP/TCP port 0.
>* Use defines for timeouts.
>* Check expiration inside lookup loop in conn_key_lookup().
>* Limit the number of connections.
>* Simplify case if tcp_get_wscale().
>* Introduce general INT_MOD_* macros for comparisons in modular arithmetic.
>* Improve comments.
>* New cleanup mechanism: we keep connections in an ordered list and we have
> a separate thread to performs the cleanup. This doesn't block the main
> thread for long intervals anymore.
>* Correctly fill UDP length and UDP/TCP/ICMP checksums in flow_compose():
> it's useful to write testcases for the connection tracker.
>* Added system test with ICMP traffic through the connection tracker.
>* Track ICMP type and code.
>
>v1 -> v2:
>* Fixed bug in tcp_get_wscale(), related to TCP options parsing.
>* Changed names of ICMP constants: now they're different from Linux and
> FreeBSD.
>* Fixed bug in parse_ipv6_ext_hdrs().
>* Used ALWAYS_INLINE in parse_vlan and parse_ethertype, to avoid a
> performance regression in miniflow_extract().
>* Updated copyright info in COPYING and debian/copyright.in.
>* Rebased.
>* Changed batching strategy in conntrack_execute() to allow a newly
> created connection to be picked up by packets in the same batch.
>* Added an ovs-test module to throw pcap files at the connection tracker.
>* Added a workaround for the userspace testsuite on new kernels and a tcp
> non-conntrack test.
>
>
>
>Daniele Di Proietto (16):
> packets: Define ICMP types.
> flow: Export parse_ipv6_ext_hdrs().
> flow: Introduce parse_dl_type().
> conntrack: New userspace connection tracker.
> conntrack: Periodically delete expired connections.
> tests: Add very simple conntrack benchmark.
> tests: Add test-conntrack pcap test.
> dpif-netdev: Execute conntrack action.
> dpif-netdev: Implement conntrack dump functions.
> dpif-netdev: Implement conntrack flush interface.
> flow: Generate checksum and udp_len in flow_compose().
> tests: Add conntrack ofproto-dpif tests.
> system-tests: Run conntrack tests with userspace.
> system-tests: Add ping through conntrack test.
> conntrack: Track ICMP type and code.
> conntrack: Add 'dl_type' parameter to conntrack_execute().
>
> COPYING | 1 +
> FAQ.md | 2 +-
> NEWS | 2 +
> debian/copyright.in | 4 +
> include/openvswitch/types.h | 4 +
> lib/automake.mk | 6 +
> lib/conntrack-icmp.c | 105 ++++
> lib/conntrack-other.c | 86 +++
> lib/conntrack-private.h | 114 ++++
> lib/conntrack-tcp.c | 498 +++++++++++++++
> lib/conntrack.c | 1235 ++++++++++++++++++++++++++++++++++++++
> lib/conntrack.h | 204 +++++++
> lib/ct-dpif.c | 24 +-
> lib/ct-dpif.h | 3 +-
> lib/dpif-netdev.c | 150 ++++-
> lib/flow.c | 216 ++++---
> lib/flow.h | 4 +
> lib/netlink-conntrack.c | 2 +-
> lib/packets.h | 14 +-
> lib/util.h | 9 +
> tests/automake.mk | 1 +
> tests/dpif-netdev.at | 16 +-
> tests/ofproto-dpif.at | 900 +++++++++++++++++++++++----
> tests/pmd.at | 2 +-
> tests/system-kmod-macros.at | 28 +
> tests/system-ovn.at | 10 +-
> tests/system-traffic.at | 146 ++++-
> tests/system-userspace-macros.at | 45 +-
> tests/test-conntrack.c | 283 +++++++++
> 29 files changed, 3856 insertions(+), 258 deletions(-)
> create mode 100644 lib/conntrack-icmp.c
> create mode 100644 lib/conntrack-other.c
> create mode 100644 lib/conntrack-private.h
> create mode 100644 lib/conntrack-tcp.c
> create mode 100644 lib/conntrack.c
> create mode 100644 lib/conntrack.h
> create mode 100644 tests/test-conntrack.c
>
>--
>2.8.1
>
More information about the dev
mailing list