[ovs-dev] [PATCH] ofproto-dpif-xlate: avoid successive ct_clear datapath actions
Eelco Chaudron
echaudro at redhat.com
Fri May 14 09:42:41 UTC 2021
On 14 May 2021, at 11:31, Ilya Maximets wrote:
> On 5/14/21 11:17 AM, Eelco Chaudron wrote:
>> Due to flow lookup optimizations, especially in the resubmit/clone cases,
>> we might end up with multiple ct_clear actions, which are not necessary.
>>
>> This patch avoids adding the successive ct_clear actions in the datapath.
>>
>> Signed-off-by: Eelco Chaudron <echaudro at redhat.com>
>> ---
>> ofproto/ofproto-dpif-xlate.c | 10 +++++++++-
>> tests/ofproto-dpif.at | 34 ++++++++++++++++++++++++++++++++++
>> 2 files changed, 43 insertions(+), 1 deletion(-)
>>
>> diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c
>> index 7108c8a30..b3eb0a9c1 100644
>> --- a/ofproto/ofproto-dpif-xlate.c
>> +++ b/ofproto/ofproto-dpif-xlate.c
>> @@ -396,6 +396,9 @@ struct xlate_ctx {
>> * state from the datapath should be honored after thawing. */
>> bool conntracked;
>>
>> + /* True if the current action set processed contains a ct_clear action. */
>> + bool conntrack_ct_clear;
>> +
>> /* Pointer to an embedded NAT action in a conntrack action, or NULL. */
>> struct ofpact_nat *ct_nat_action;
>>
>> @@ -7127,7 +7130,10 @@ do_xlate_actions(const struct ofpact *ofpacts, size_t ofpacts_len,
>> break;
>>
>> case OFPACT_CT_CLEAR:
>> - compose_ct_clear_action(ctx);
>> + if (!ctx->conntrack_ct_clear) {
>
> Doesn't ctx->contracked hold the information that conntrack
> is clear or not? Can we just avoid clearing conntrack if
> it's already clear, i.e. !ctx->conntracked ?
Yes, I thought about that, but it would suppress the ct_clear in the datapath altogether if no conntrack information is present. This might confuse people looking at the datapath dumps, or do you think this should be ok?
>> + compose_ct_clear_action(ctx);
>> + ctx->conntrack_ct_clear = true;
>> + }
>> break;
>>
>> case OFPACT_NAT:
>> @@ -7514,6 +7520,7 @@ xlate_actions(struct xlate_in *xin, struct xlate_out *xout)
>>
>> .was_mpls = false,
>> .conntracked = false,
>> + .conntrack_ct_clear = false,
>>
>> .ct_nat_action = NULL,
>>
>> @@ -7577,6 +7584,7 @@ xlate_actions(struct xlate_in *xin, struct xlate_out *xout)
>> if (!state->conntracked) {
>> clear_conntrack(&ctx);
>> }
>> + ctx.conntrack_ct_clear = false;
>>
>> /* Restore pipeline metadata. May change flow's in_port and other
>> * metadata to the values that existed when freezing was triggered. */
>> diff --git a/tests/ofproto-dpif.at b/tests/ofproto-dpif.at
>> index 24bbd884c..e4702ece3 100644
>> --- a/tests/ofproto-dpif.at
>> +++ b/tests/ofproto-dpif.at
>> @@ -10842,6 +10842,40 @@ dnl
>> NXT_PACKET_IN (xid=0x0): table_id=1 cookie=0x0 total_len=106 in_port=2 (via action) data_len=106 (unbuffered)
>> udp,vlan_tci=0x0000,dl_src=50:54:00:00:00:0a,dl_dst=50:54:00:00:00:09,nw_src=10.1.1.2,nw_dst=10.1.1.1,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=2,tp_dst=1 udp_csum:553
>> ])
>> +
>> +dnl The next test verifies that ct_clear at the datapath gets optimized if
>> +dnl executed in sequence.
>> +AT_DATA([flows.txt], [dnl
>> +table=0 in_port=1 actions=ct_clear,ct_clear,ct_clear,p2
>> +])
>> +AT_CHECK([ovs-ofctl del-flows br0])
>> +AT_CHECK([ovs-ofctl add-flows br0 flows.txt])
>> +AT_CHECK([ovs-appctl ofproto/trace br0 'in_port=p1,dl_src=50:54:00:00:00:05,dl_dst=50:54:00:00:00:07,dl_type=0x0800,nw_src=192.168.0.1,nw_dst=192.168.0.2'], [0], [stdout])
>> +AT_CHECK([tail -1 stdout], [0],
>> + [Datapath actions: ct_clear,2
>> +])
>> +AT_DATA([flows.txt], [dnl
>> +table=0 in_port=1 actions=ct_clear,goto_table:1
>> +table=1 in_port=1 actions=ct_clear,p2
>> +])
>> +AT_CHECK([ovs-ofctl del-flows br0])
>> +AT_CHECK([ovs-ofctl add-flows br0 flows.txt])
>> +AT_CHECK([ovs-appctl ofproto/trace br0 'in_port=p1,dl_src=50:54:00:00:00:05,dl_dst=50:54:00:00:00:07,dl_type=0x0800,nw_src=192.168.0.1,nw_dst=192.168.0.2'], [0], [stdout])
>> +AT_CHECK([tail -1 stdout], [0],
>> + [Datapath actions: ct_clear,2
>> +])
>> +AT_DATA([flows.txt], [dnl
>> +table=0 in_port=1 ip actions=ct_clear,ct(table=1)
>> +table=1 in_port=1 actions=ct_clear,p2
>> +])
>> +AT_CHECK([ovs-ofctl del-flows br0])
>> +AT_CHECK([ovs-ofctl add-flows br0 flows.txt])
>> +AT_CHECK([ovs-appctl ofproto/trace br0 'in_port=p1,dl_src=50:54:00:00:00:05,dl_dst=50:54:00:00:00:07,dl_type=0x0800,nw_src=192.168.0.1,nw_dst=192.168.0.2'], [0], [stdout])
>> +AT_CHECK([grep Datapath stdout | sed 's/recirc(.*)/recirc(X)/'], [0],
>> + [Datapath actions: ct_clear,ct,recirc(X)
>> +Datapath actions: ct_clear,2
>> +])
>> +
>> OVS_VSWITCHD_STOP
>> AT_CLEANUP
>>
>>
>> _______________________________________________
>> dev mailing list
>> dev at openvswitch.org
>> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>>
More information about the dev
mailing list