[ovs-dev] [PATCH v2] ovn-controller: support configurable acl log file rate limit
Han Zhou
zhouhan at gmail.com
Thu Aug 31 21:41:06 UTC 2017
Add parameters in local Open_vSwitch DB external-ids for rate-
limiting the log file writing:
ovn-acl-log-rl-rate
ovn-acl-log-rl-burst
Note: this has nothing to do with packet-in rate-limiting.
Signed-off-by: Han Zhou <zhouhan at gmail.com>
---
v1->v2: add documentation for the configurations.
ovn/controller/ovn-controller.8.xml | 10 ++++++++++
ovn/controller/pinctrl.c | 2 ++
ovn/lib/acl-log.c | 28 +++++++++++++++++++++++++++-
ovn/lib/acl-log.h | 3 +++
tests/automake.mk | 3 ++-
5 files changed, 44 insertions(+), 2 deletions(-)
diff --git a/ovn/controller/ovn-controller.8.xml b/ovn/controller/ovn-controller.8.xml
index 5641abc..5a6dcb4 100644
--- a/ovn/controller/ovn-controller.8.xml
+++ b/ovn/controller/ovn-controller.8.xml
@@ -151,6 +151,16 @@
network interface card, enabling encapsulation checksum may incur
performance loss. In such cases, encapsulation checksums can be disabled.
</dd>
+
+ <dt><code>external_ids:ovn-acl-log-rl-rate</code></dt>
+ <dd>
+ ACL log rate-limiting rate (per minute) of writing acl logs to file.
+ </dd>
+
+ <dt><code>external_ids:ovn-acl-log-rl-burst</code></dt>
+ <dd>
+ ACL log rate-limiting burst of writing acl logs to file.
+ </dd>
</dl>
<p>
diff --git a/ovn/controller/pinctrl.c b/ovn/controller/pinctrl.c
index 469a355..33828ac 100644
--- a/ovn/controller/pinctrl.c
+++ b/ovn/controller/pinctrl.c
@@ -1043,6 +1043,8 @@ pinctrl_run(struct controller_ctx *ctx,
flush_put_mac_bindings();
}
+ update_acl_log_rl(ctx);
+
/* Process a limited number of messages per call. */
for (int i = 0; i < 50; i++) {
struct ofpbuf *msg = rconn_recv(swconn);
diff --git a/ovn/lib/acl-log.c b/ovn/lib/acl-log.c
index f47b0af..e33fe7f 100644
--- a/ovn/lib/acl-log.c
+++ b/ovn/lib/acl-log.c
@@ -15,16 +15,23 @@
*/
#include <config.h>
+#include "ovn/controller/ovn-controller.h"
#include "ovn/lib/acl-log.h"
#include <string.h>
#include "flow.h"
#include "openvswitch/json.h"
#include "openvswitch/ofpbuf.h"
#include "openvswitch/vlog.h"
+#include "lib/vswitch-idl.h"
VLOG_DEFINE_THIS_MODULE(acl_log);
+#define DEFAULT_RL_RATE 6000
+#define DEFAULT_RL_BURST 1000
+static struct vlog_rate_limit acl_log_rl =
+ VLOG_RATE_LIMIT_INIT(DEFAULT_RL_RATE, DEFAULT_RL_BURST);
+
const char *
log_verdict_to_string(uint8_t verdict)
{
@@ -99,7 +106,26 @@ handle_acl_log(const struct flow *headers, struct ofpbuf *userdata)
log_severity_to_string(lph->severity));
flow_format(&ds, headers, NULL);
- VLOG_INFO("%s", ds_cstr(&ds));
+ VLOG_INFO_RL(&acl_log_rl, "%s", ds_cstr(&ds));
ds_destroy(&ds);
free(name);
}
+
+/* Update the rate limit settings for acl logging. */
+void
+update_acl_log_rl(struct controller_ctx *ctx)
+{
+ const struct ovsrec_open_vswitch *cfg
+ = ovsrec_open_vswitch_first(ctx->ovs_idl);
+ unsigned int rl_rate = (cfg ? smap_get_int(&cfg->external_ids,
+ "ovn-acl-log-rl-rate",
+ DEFAULT_RL_RATE)
+ : DEFAULT_RL_RATE);
+ unsigned int rl_burst = (cfg ? smap_get_int(&cfg->external_ids,
+ "ovn-acl-log-rl-burst",
+ DEFAULT_RL_BURST)
+ : DEFAULT_RL_BURST);
+ token_bucket_set(&acl_log_rl.token_bucket, rl_rate,
+ OVS_SAT_MUL(rl_burst, VLOG_MSG_TOKENS));
+}
+
diff --git a/ovn/lib/acl-log.h b/ovn/lib/acl-log.h
index 55dc75b..8197353 100644
--- a/ovn/lib/acl-log.h
+++ b/ovn/lib/acl-log.h
@@ -19,6 +19,7 @@
#include <stdint.h>
#include "openvswitch/types.h"
+#include "ovn/controller/ovn-controller.h"
struct ofpbuf;
struct flow;
@@ -51,4 +52,6 @@ uint8_t log_severity_from_string(const char *name);
void handle_acl_log(const struct flow *headers, struct ofpbuf *userdata);
+void
+update_acl_log_rl(struct controller_ctx *ctx);
#endif /* ovn/lib/acl-log.h */
diff --git a/tests/automake.mk b/tests/automake.mk
index 156b40f..d3bd7fd 100644
--- a/tests/automake.mk
+++ b/tests/automake.mk
@@ -368,7 +368,8 @@ tests_ovstest_SOURCES += \
tests/test-netlink-conntrack.c
endif
-tests_ovstest_LDADD = lib/libopenvswitch.la ovn/lib/libovn.la
+tests_ovstest_LDADD = ovn/lib/libovn.la lib/libopenvswitch.la
+
dist_check_SCRIPTS = tests/flowgen.pl
noinst_PROGRAMS += tests/test-strtok_r
--
2.1.0
More information about the dev
mailing list