[ovs-dev] [PATCH 2/2] xlate: Use datapath clone action for patch port translation

Ben Pfaff blp at ovn.org
Wed Jun 7 00:01:58 UTC 2017


On Fri, May 26, 2017 at 08:47:45PM -0700, Andy Zhou wrote:
> When available, use datapath 'clone' for patch port translation.
> Clone provides a stronger guarantee that packet will be restored
> after going through a patch port, Even in case the packet is
> NAT'd by the bridge behind the patch port.
> 
> Signed-off-by: Andy Zhou <azhou at ovn.org>

Thanks for working on this.  It is good to improve the correctness of
the datapath implementation of OpenFlow actions, and this is the weakest
point in correctness that I currently know about.

This approach seems correct, but expensive in the common case where the
packet does not need to be restored, since "clone" and "sample" are
expensive datapath actions: I expect that they are more expensive than a
few "set field" actions, and certainly more expensive than doing
nothing.  I think that there are only a few datapath actions that make
changes that later datapath actions can't restore.  Can the code here
check whether any of those actions are actually used, and avoid using
"clone" or "sample" in the common case?


More information about the dev mailing list