[ovs-dev] [PATCH v3 4/9] ct-dpif, dpif-netlink: Add conntrack timeout policy support

aserdean at ovn.org aserdean at ovn.org
Tue Aug 13 11:25:43 UTC 2019


> -----Original Message-----
> From: ovs-dev-bounces at openvswitch.org <ovs-dev-
> bounces at openvswitch.org> On Behalf Of Yi-Hung Wei
> Sent: Tuesday, August 13, 2019 3:52 AM
> To: dev at openvswitch.org
> Subject: [ovs-dev] [PATCH v3 4/9] ct-dpif, dpif-netlink: Add conntrack
> timeout policy support
> 
> This patch first defines the dpif interface for a datapath to support
> adding, deleting, getting and dumping conntrack timeout policy.
> The timeout policy is identified by a 4 bytes unsigned integer in
> datapath, and it currently support timeout for TCP, UDP, and ICMP
> protocols.
> 
> Moreover, this patch provides the implementation for Linux kernel
> datapath in dpif-netlink.
> 
> In Linux kernel, the timeout policy is maintained per L3/L4 protocol,
> and it is identified by 32 bytes null terminated string.  On the other
> hand, in vswitchd, the timeout policy is a generic one that consists of
> all the supported L4 protocols.  Therefore, one of the main task in
> dpif-netlink is to break down the generic timeout policy into 6
> sub policies (ipv4 tcp, udp, icmp, and ipv6 tcp, udp, icmp),
> and push down the configuration using the netlink API in
> netlink-conntrack.c.
> 
> This patch also adds missing symbols in the windows datapath so
> that the build on windows can pass.
> 
> Appveyor CI:
> * https://ci.appveyor.com/project/YiHungWei/ovs/builds/26387754
> 
> Signed-off-by: Yi-Hung Wei <yihung.wei at gmail.com>
> ---
>  Documentation/faq/releases.rst                     |   3 +-
>  datapath-windows/include/OvsDpInterfaceCtExt.h     | 114 +++++
>  datapath-windows/ovsext/Netlink/NetlinkProto.h     |   8 +-
>  include/windows/automake.mk                        |   1 +
>  .../windows/linux/netfilter/nfnetlink_cttimeout.h  |   0
>  lib/ct-dpif.c                                      | 104 +++++
>  lib/ct-dpif.h                                      |  56 +++
>  lib/dpif-netdev.c                                  |   6 +
>  lib/dpif-netlink.c                                 | 469
+++++++++++++++++++++
>  lib/dpif-netlink.h                                 |   1 -
>  lib/dpif-provider.h                                |  44 ++
>  lib/netlink-conntrack.c                            | 308 ++++++++++++++
>  lib/netlink-conntrack.h                            |  27 +-
>  lib/netlink-protocol.h                             |   8 +-
>  14 files changed, 1142 insertions(+), 7 deletions(-)
>  create mode 100644 include/windows/linux/netfilter/nfnetlink_cttimeout.h
> 
[Alin] This is not an actual review.

I'm okay with the Windows changes.

I also tested the series and things look good.

Do you mind folding in the following:
diff --git a/datapath-windows/include/OvsDpInterfaceCtExt.h
b/datapath-windows/include/OvsDpInterfaceCtExt.h
index 4379855bb..3379f0a25 100644
--- a/datapath-windows/include/OvsDpInterfaceCtExt.h
+++ b/datapath-windows/include/OvsDpInterfaceCtExt.h
@@ -421,7 +421,7 @@ struct nf_ct_tcp_flags {
     UINT8 mask;
 };

-/* File: nfnetlink_cttimeout.h */
+/* File: nfnetlink_cttimeout.h. XXX: the following are not implemented */
 enum ctnl_timeout_msg_types {
     IPCTNL_MSG_TIMEOUT_NEW,
     IPCTNL_MSG_TIMEOUT_GET,


Acked-by: Alin Gabriel Serdean <aserdean at ovn.org>



More information about the dev mailing list