[ovs-dev] [RFC 3/3] ofproto: Drop flows between protected ports
Simon Horman
simon.horman at netronome.com
Fri Nov 11 13:25:38 UTC 2016
On Fri, Nov 11, 2016 at 08:33:04AM +1100, Ben Kelly wrote:
> Signed-off-by: Ben Kelly <ben at benjii.net>
> ---
> ofproto/ofproto-dpif-xlate.c | 19 +++++++++++++++++++
> 1 file changed, 19 insertions(+)
>
> diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c
> index 98b536a..b9cc561 100644
> --- a/ofproto/ofproto-dpif-xlate.c
> +++ b/ofproto/ofproto-dpif-xlate.c
> @@ -2847,6 +2847,22 @@ clear_conntrack(struct flow *flow)
> memset(&flow->ct_label, 0, sizeof flow->ct_label);
> }
>
> +static bool
> +xlate_flow_is_protected(const struct xlate_ctx *ctx, ofp_port_t ofp_port)
> +{
> + const struct xport *xport_out = get_ofp_port(ctx->xbridge, ofp_port);
> + struct flow *flow = &ctx->xin->flow;
> + ofp_port_t in_ofp_port = flow->in_port.ofp_port;
> + const struct xport *xport_in = get_ofp_port(ctx->xbridge, in_ofp_port);
I expect that get_ofp_port() is a somewhat expensive operation and the way
that things are arranged it looks like it will be called twice for every
packet that would be output regardless of protected port considerations.
I wonder if it would make sense to reduce this cost by:
1. Passing the xport_out function as it is already
available in the caller (as xport) and;
2. Only calling get_ofp_port() for get_ofp_port() if the checks for
xport_out succeed.
> +
> + if (!xport_out || !xport_in) {
> + return false;
> + }
> + return (xport_out->xbundle && xport_out->xbundle->protected &&
> + xport_in->xbundle && xport_in->xbundle->protected);
> +}
> +
> +
> static void
> compose_output_action__(struct xlate_ctx *ctx, ofp_port_t ofp_port,
> const struct xlate_bond_recirc *xr, bool check_stp)
> @@ -2876,6 +2892,9 @@ compose_output_action__(struct xlate_ctx *ctx, ofp_port_t ofp_port,
> } else if (ctx->mirror_snaplen != 0 && xport->odp_port == ODPP_NONE) {
> xlate_report(ctx, "Mirror truncate to ODPP_NONE, skipping output");
> return;
> + } else if (xlate_flow_is_protected(ctx, ofp_port)) {
> + xlate_report(ctx, "Flow between protected ports, skipping output.");
> + return;
> } else if (check_stp) {
> if (is_stp(&ctx->base_flow)) {
> if (!xport_stp_should_forward_bpdu(xport) &&
> --
> 2.7.4
>
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
More information about the dev
mailing list