[ovs-dev] [PATCH v2 02/11] datapath: compat: Backports nf_conncount

Yi-Hung Wei yihung.wei at gmail.com
Thu Aug 2 20:57:11 UTC 2018 

> On 8/1/18, 5:42 PM, "ovs-dev-bounces at openvswitch.org on behalf of Yi-Hung Wei" <ovs-dev-bounces at openvswitch.org on behalf of yihung.wei at gmail.com> wrote:
>
>     This patch backports the nf_conncount backend that counts the number
>     of connections matching an arbitrary key.  The following patch will
>     use the feature to support connection tracking zone limit in ovs
>     kernel datapath.
>
>     This backport is based on an upstream net-next commit 5c789e131cbb
>     ("netfilter: nf_conncount: Add list lock and gc worker, and RCU for
>     init tree search") that applies a couple of techniques to optimize
>     nf_conncount performance.
>
>     The upstream nf_conncount has a couple of export functions while
>     this patch only export the ones that ovs kernel module needs.
>
>
> Could you specify what is not included in this patch from upstream?
> Is it just some parts were excluded or other logic changes as well?
>
The original nf_conncount backend exports the following functions
cat ./net-next/net/netfilter/nf_conncount.c | grep EXPORT
EXPORT_SYMBOL_GPL(nf_conncount_add);
EXPORT_SYMBOL_GPL(nf_conncount_lookup);
EXPORT_SYMBOL_GPL(nf_conncount_list_init);
EXPORT_SYMBOL_GPL(nf_conncount_gc_list);
EXPORT_SYMBOL_GPL(nf_conncount_count);
EXPORT_SYMBOL_GPL(nf_conncount_init);
EXPORT_SYMBOL_GPL(nf_conncount_cache_free);
EXPORT_SYMBOL_GPL(nf_conncount_destroy);

and only the following three of them are used by ovs
$ cat ./datapath/linux/compat/nf_conncount.c  | grep EXPORT
EXPORT_SYMBOL_GPL(rpl_nf_conncount_count);
EXPORT_SYMBOL_GPL(rpl_nf_conncount_init);
EXPORT_SYMBOL_GPL(rpl_nf_conncount_destroy);

Therefore, the rest of them are not exported on the ovs compat module.
There is no logic or functional changes on nf_conncount.

Also, the nf_conncount backports are based on the following 13
commits, I only listed the last commit ID in the commit message which
is a bit confusing. I will add the rest of commits to the commit
message on v3.

5c789e131cbb ("netfilter: nf_conncount: Add list lock and gc worker,
and RCU for init tree search")
34848d5c896e ("netfilter: nf_conncount: Split insert and traversal")
2ba39118c10a ("netfilter: nf_conncount: Move locking into count_tree()")
976afca1ceba ("netfilter: nf_conncount: Early exit in
nf_conncount_lookup() and cleanup")
cb2b36f5a97d ("netfilter: nf_conncount: Switch to plain list")
2a406e8ac7c3 ("netfilter: nf_conncount: Early exit for garbage collection")
b36e4523d4d5 ("netfilter: nf_conncount: fix garbage collection confirm race")
21ba8847f857 ("netfilter: nf_conncount: Fix garbage collection with zones")
5e5cbc7b23ea ("netfilter: nf_conncount: expose connection list interface")
35d8deb80c30 ("netfilter: conncount: Support count only use case")
6aec208786c2 ("netfilter: Refactor nf_conncount")
d384e65f1e75 ("netfilter: return booleans instead of integers")
625c556118f3 ("netfilter: connlimit: split xt_connlimit into front and backend")

Thanks,

-Yi-Hung

More information about the dev mailing list