[ovs-dev] [PATCH v2 1/9] ovs-vswitchd: Add Datapath, CT_Zone, and CT_Zone_Policy tables.

Justin Pettit jpettit at ovn.org
Fri Aug 2 18:15:50 UTC 2019


> On Aug 1, 2019, at 3:07 PM, Yi-Hung Wei <yihung.wei at gmail.com> wrote:
> 
> From: Justin Pettit <jpettit at ovn.org>
> 
> From: Justin Pettit <jpettit at ovn.org>

Can you drop one of these "From:" statements?  Otherwise it appears in the commit message.

As we discussed off-line, can you apply the following diff, which we worked on together along with your co-authored-by tag?

-=-=-=-=-=-=-=-=-=-=-=-
diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml
index a0706c9c0fc1..495f0acad842 100644
--- a/vswitchd/vswitch.xml
+++ b/vswitchd/vswitch.xml
@@ -5615,8 +5615,8 @@ ovs-vsctl add-port br0 p0 -- set Interface p0 type=patch options:peer=p1 \
     Connection tracking zone configuration
 
     <column name="timeout_policy">
-      Connection tracking timeout policy for this zone. If timeout policy is
-      not specified, defaults to the timeout policy in the system.
+      Connection tracking timeout policy for this zone. If a timeout policy
+      is not specified, it defaults to the timeout policy in the system.
     </column>
 
     <group title="Common Columns">
@@ -5632,80 +5632,103 @@ ovs-vsctl add-port br0 p0 -- set Interface p0 type=patch options:peer=p1 \
 
     <group title="Timeouts">
       <column name="timeouts">
-          The <code>timeouts</code> column contains key-value pairs used
-          to configure connection tracking timeouts in a datapath.
-          Key-value pairs that are not supported by a datapath are
-          ignored.
+        The <code>timeouts</code> column contains key-value pairs used
+        to configure connection tracking timeouts in a datapath.
+        Key-value pairs that are not supported by a datapath are
+        ignored.  The timeout value is in seconds.
       </column>
 
       <group title="TCP Timeouts">
         <column name="timeouts" key="tcp_syn_sent">
-          TCP SYN sent timeout.
+          The timeout for the connection after the first TCP SYN packet has
+          been seen by conntrack.
         </column>
 
         <column name="timeouts" key="tcp_syn_recv">
-          TCP SYN receive timeout.
+          The timeout of the connection after the first TCP SYN-ACK packet
+          has been seen by conntrack.
         </column>
 
         <column name="timeouts" key="tcp_established">
-          TCP established timeout.
+          The timeout of the connection after the connection has been fully
+          established.
         </column>
 
         <column name="timeouts" key="tcp_fin_wait">
-          TCP FIN wait timeout.
+          The timeout of the connection after the first TCP FIN packet
+          has been seen by conntrack.
         </column>
 
         <column name="timeouts" key="tcp_close_wait">
-          TCP close wait timeout.
+          The timeout of the connection after the first TCP ACK packet
+          has been seen after it receives TCP FIN packet.  This timeout
+          is only supported by the Linux kernel datapath.
         </column>
 
         <column name="timeouts" key="tcp_last_ack">
-          TCP last ACK timeout.
+          The timeout of the connection after TCP FIN packets have been
+          seen by conntrack from both directions.  This timeout is only
+          supported by the Linux kernel datapath.
         </column>
 
         <column name="timeouts" key="tcp_time_wait">
-          TCP time wait timeout.
+          The timeout of the connection after conntrack has seen the
+          TCP ACK packet for the second TCP FIN packet.
         </column>
 
         <column name="timeouts" key="tcp_close">
-          TCP close timeout.
+          The timeout of the connection after the first TCP RST packet
+          has been seen by conntrack.
         </column>
 
         <column name="timeouts" key="tcp_syn_sent2">
-          TCP syn sent2 timeout.
+          The timeout of the connection when only a TCP SYN packet has been
+          seen by conntrack from both directions (simultaneous open).
+          This timeout is only supported by the Linux kernel datapath.
         </column>
 
         <column name="timeouts" key="tcp_retransmit">
-          TCP retransmit timeout.
+          The timeout of the connection when it exceeds the maximum
+          number of retransmissions.  This timeout is only supported by
+          the Linux kernel datapath.
         </column>
 
         <column name="timeouts" key="tcp_unack">
-          TCP unacknowledgment timeout.
+          The timeout of the connection when non-SYN packets create an
+          established connection in TCP loose tracking mode.  This timeout
+          is only supported by the Linux kernel datapath.
         </column>
       </group>
 
       <group title="UDP Timeouts">
         <column name="timeouts" key="udp_first">
-          First UDP packet timeout.
+          The timeout of the connection after the first UDP packet has
+          been seen by conntrack.  This timeout is only supported by the
+          userspace datapath.
         </column>
 
         <column name="timeouts" key="udp_single">
-          The timeout in the state that source host sends more than one packet
-          but the destination host has never sent one backs.
+          The timeout of the connection when conntrack only seen UDP
+          packet from the source host, but the destination host has never
+          sent one back.
         </column>
 
         <column name="timeouts" key="udp_multiple">
-          UDP packets seen in both directions timeout.
+          The timeout of the connection when UDP packets have been seen in
+          both directions.
         </column>
       </group>
 
       <group title="ICMP Timeouts">
         <column name="timeouts" key="icmp_first">
-          First ICMP timeout.
+          The timeout of the connection after the first ICMP packet has
+          been seen by conntrack.
         </column>
 
         <column name="timeouts" key="icmp_reply">
-          ICMP reply timeout.
+          The timeout of the connection after an ICMP error is replied in
+          response to an ICMP packet.  This timeout is only supported by
+          the userspace datapath.
         </column>
       </group>
     </group>
-=-=-=-=-=-=-=-=-=-=-=-

Thanks,

--Justin




More information about the dev mailing list