[ovs-dev] [patch v10 0/6] Userspace datapath: Add fragmentation support.
Darrell Ball
dlu998 at gmail.com
Thu Feb 7 03:55:19 UTC 2019
Fragmentation support for userspace datapath conntrack is added; both
v4 and v6 are supported. See the patches for additional details.
Fragmentation tests for the userspace datapath are enabled
by the patches and other test enhancements are added.
v10: Addressed Ben's review comments.
Merged patches 6 and onwards per request.
Note 4 tests are flagged by address santizer, but are an artifact
of the packet-out test methodology.
v9: Exported ipf status type to dpif-provider.h for code maintenance
reasons vs datatype info. hiding (code review suggestion;
Thanks Justin).
Changed counters to 64 bit, per intention (oops) and added a patch
to support 64 bit atomics (code review; good catch Justin).
Merged code for cleanup thread into patches.
Cleanup dpctl_ct_ipf_get_status() usage; 'verbose' usage vs '-m'.
Added a patch to cleanup opt_dpif_open() and callers.
Enhanced comment for 'ipf-set-min-frag'
Minor cleanups.
Rebase.
v8: Fix argument index (-1 vs -2) for recently added function
ipf_set_enabled__().
Eliminate spaces around '|' for 'v4 | v6'.
Reduce performance impact for non-fragments to approx zero.
v7: Address review comments (Thanks Justin).
Rebase.
Fix a couple bugs.
Some enhancements.
v6: Rebase
Folded patch 4 and some test enablement into patch 3 and brought
an earlier patch forward in sequence
Enable fragmentation by default
Cleaup
v5: Added a sub-feature to optionally dump fragmentation lists.
This is useful for DOS forensics and debugging.
The testing coverage was also extended including checking
more counters and frag list occupancies.
Fixed a few bugs:
1/ Handle dpdk mempool source restrictions for a batch of
packets from multiple sources; this also brings in a purge
frag list function to handle pathological cases of stuck frags.
2/ ipf_destroy was missing packet frees for frag lists.
3/ A setting of CS_INVALID was missing for expired packets -
I mentioned this earlier for version 4.
Some enhancements and coding standards changes for Patch 3.
v4: Add V6 support to the patches.
Fix possible race cleanup bug when the user disables
fragmentation and there are list occupancies, not cleaned up
yet.
Add missed orig tuple fields for copy from reassembled packet
to fragments.
Fix an fragment list increment check - shoiuld have been "> 0"
rather then "!= 0".
Fix max frags calculation in case of theoretical corner case.
Add proper lock annotations.
Made some other improvements while adding V6 support.
v3: Patch 2 was updated:
Remove "XXX" todo items by implementing the ones needed,
including realloc frag_list contexts to save memory.
Fix related bug with max_frag_list_size when min_frag_size is
reconfigured.
Tighten ip_tot_len sanity check for reassembled packets which
was more loose than intended.
Add another sanity check for fragment ip_tot_len; even though
it be redundant, add for completeness.
v2: Few fixes, improvements and cleanups.
Darrell Ball (6):
dp-packet: Add const qualifiers for checksum apis.
flow: Enhance parse_ipv6_ext_hdrs.
tests: Add missed local stack checks.
conntrack: Reword conntrack_execute() description.
ovs-atomic: Add 64 bit apis.
Userspace datapath: Add fragmentation handling.
Documentation/faq/releases.rst | 49 +-
NEWS | 10 +
include/sparse/netinet/ip6.h | 1 +
lib/automake.mk | 4 +-
lib/conntrack.c | 24 +-
lib/conntrack.h | 4 +
lib/ct-dpif.c | 58 +-
lib/ct-dpif.h | 12 +-
lib/dp-packet.h | 22 +-
lib/dpctl.c | 215 +++++-
lib/dpctl.man | 36 +
lib/dpif-netdev.c | 65 +-
lib/dpif-netlink.c | 9 +-
lib/dpif-provider.h | 53 +-
lib/flow.c | 44 +-
lib/flow.h | 3 +-
lib/ipf.c | 1571 ++++++++++++++++++++++++++++++++++++++
lib/ipf.h | 60 ++
lib/ovs-atomic.h | 36 +
tests/system-kmod-macros.at | 46 +-
tests/system-traffic.at | 53 +-
tests/system-userspace-macros.at | 186 ++++-
22 files changed, 2460 insertions(+), 101 deletions(-)
create mode 100644 lib/ipf.c
create mode 100644 lib/ipf.h
--
1.9.1
More information about the dev
mailing list