[ovs-dev] [PATCH v2] ovn-controller: support configurable acl log file rate limit

Han Zhou zhouhan at gmail.com
Thu Aug 31 21:41:06 UTC 2017


Add parameters in local Open_vSwitch DB external-ids for rate-
limiting the log file writing:
    ovn-acl-log-rl-rate
    ovn-acl-log-rl-burst

Note: this has nothing to do with packet-in rate-limiting.
Signed-off-by: Han Zhou <zhouhan at gmail.com>
---
v1->v2: add documentation for the configurations.

 ovn/controller/ovn-controller.8.xml | 10 ++++++++++
 ovn/controller/pinctrl.c            |  2 ++
 ovn/lib/acl-log.c                   | 28 +++++++++++++++++++++++++++-
 ovn/lib/acl-log.h                   |  3 +++
 tests/automake.mk                   |  3 ++-
 5 files changed, 44 insertions(+), 2 deletions(-)

diff --git a/ovn/controller/ovn-controller.8.xml b/ovn/controller/ovn-controller.8.xml
index 5641abc..5a6dcb4 100644
--- a/ovn/controller/ovn-controller.8.xml
+++ b/ovn/controller/ovn-controller.8.xml
@@ -151,6 +151,16 @@
         network interface card, enabling encapsulation checksum may incur
         performance loss. In such cases, encapsulation checksums can be disabled.
       </dd>
+
+      <dt><code>external_ids:ovn-acl-log-rl-rate</code></dt>
+      <dd>
+        ACL log rate-limiting rate (per minute) of writing acl logs to file.
+      </dd>
+
+      <dt><code>external_ids:ovn-acl-log-rl-burst</code></dt>
+      <dd>
+        ACL log rate-limiting burst of writing acl logs to file.
+      </dd>
     </dl>
 
     <p>
diff --git a/ovn/controller/pinctrl.c b/ovn/controller/pinctrl.c
index 469a355..33828ac 100644
--- a/ovn/controller/pinctrl.c
+++ b/ovn/controller/pinctrl.c
@@ -1043,6 +1043,8 @@ pinctrl_run(struct controller_ctx *ctx,
             flush_put_mac_bindings();
         }
 
+        update_acl_log_rl(ctx);
+
         /* Process a limited number of messages per call. */
         for (int i = 0; i < 50; i++) {
             struct ofpbuf *msg = rconn_recv(swconn);
diff --git a/ovn/lib/acl-log.c b/ovn/lib/acl-log.c
index f47b0af..e33fe7f 100644
--- a/ovn/lib/acl-log.c
+++ b/ovn/lib/acl-log.c
@@ -15,16 +15,23 @@
  */
 
 #include <config.h>
+#include "ovn/controller/ovn-controller.h"
 #include "ovn/lib/acl-log.h"
 #include <string.h>
 #include "flow.h"
 #include "openvswitch/json.h"
 #include "openvswitch/ofpbuf.h"
 #include "openvswitch/vlog.h"
+#include "lib/vswitch-idl.h"
 
 
 VLOG_DEFINE_THIS_MODULE(acl_log);
 
+#define DEFAULT_RL_RATE 6000
+#define DEFAULT_RL_BURST 1000
+static struct vlog_rate_limit acl_log_rl =
+    VLOG_RATE_LIMIT_INIT(DEFAULT_RL_RATE, DEFAULT_RL_BURST);
+
 const char *
 log_verdict_to_string(uint8_t verdict)
 {
@@ -99,7 +106,26 @@ handle_acl_log(const struct flow *headers, struct ofpbuf *userdata)
                   log_severity_to_string(lph->severity));
     flow_format(&ds, headers, NULL);
 
-    VLOG_INFO("%s", ds_cstr(&ds));
+    VLOG_INFO_RL(&acl_log_rl, "%s", ds_cstr(&ds));
     ds_destroy(&ds);
     free(name);
 }
+
+/* Update the rate limit settings for acl logging. */
+void
+update_acl_log_rl(struct controller_ctx *ctx)
+{
+    const struct ovsrec_open_vswitch *cfg
+        = ovsrec_open_vswitch_first(ctx->ovs_idl);
+    unsigned int rl_rate = (cfg ? smap_get_int(&cfg->external_ids,
+                                  "ovn-acl-log-rl-rate",
+                                  DEFAULT_RL_RATE)
+                                : DEFAULT_RL_RATE);
+    unsigned int rl_burst = (cfg ? smap_get_int(&cfg->external_ids,
+                                   "ovn-acl-log-rl-burst",
+                                   DEFAULT_RL_BURST)
+                                 : DEFAULT_RL_BURST);
+    token_bucket_set(&acl_log_rl.token_bucket, rl_rate,
+                     OVS_SAT_MUL(rl_burst, VLOG_MSG_TOKENS));
+}
+
diff --git a/ovn/lib/acl-log.h b/ovn/lib/acl-log.h
index 55dc75b..8197353 100644
--- a/ovn/lib/acl-log.h
+++ b/ovn/lib/acl-log.h
@@ -19,6 +19,7 @@
 
 #include <stdint.h>
 #include "openvswitch/types.h"
+#include "ovn/controller/ovn-controller.h"
 
 struct ofpbuf;
 struct flow;
@@ -51,4 +52,6 @@ uint8_t log_severity_from_string(const char *name);
 
 void handle_acl_log(const struct flow *headers, struct ofpbuf *userdata);
 
+void
+update_acl_log_rl(struct controller_ctx *ctx);
 #endif /* ovn/lib/acl-log.h */
diff --git a/tests/automake.mk b/tests/automake.mk
index 156b40f..d3bd7fd 100644
--- a/tests/automake.mk
+++ b/tests/automake.mk
@@ -368,7 +368,8 @@ tests_ovstest_SOURCES += \
 	tests/test-netlink-conntrack.c
 endif
 
-tests_ovstest_LDADD = lib/libopenvswitch.la ovn/lib/libovn.la
+tests_ovstest_LDADD = ovn/lib/libovn.la lib/libopenvswitch.la
+
 dist_check_SCRIPTS = tests/flowgen.pl
 
 noinst_PROGRAMS += tests/test-strtok_r
-- 
2.1.0



More information about the dev mailing list