[ovs-git] [openvswitch/ovs] e61984: dpif-netlink: Generate ufids for installing TC flo...
NIC我是一张网卡
noreply at github.com
Thu Jun 4 11:56:33 UTC 2020
Branch: refs/heads/master
Home: https://github.com/openvswitch/ovs
Commit: e61984e781e6c7d621568428788cb87c11be8f1f
https://github.com/openvswitch/ovs/commit/e61984e781e6c7d621568428788cb87c11be8f1f
Author: Tonghao Zhang <xiangxia.m.yue at gmail.com>
Date: 2020-06-03 (Wed, 03 Jun 2020)
Changed paths:
M lib/dpif-netlink.c
Log Message:
-----------
dpif-netlink: Generate ufids for installing TC flowers
To support installing the TC flowers to HW, via "ovs-appctl dpctl/add-flow"
command, there should be an ufid. This patch will check whether ufid exists,
if not, generate an ufid. Should to know that when processing upcall packets,
ufid is generated in parse_odp_packet for kernel datapath.
Configuring the max-idle/max-revalidator, may help testing this patch.
Signed-off-by: Tonghao Zhang <xiangxia.m.yue at gmail.com>
Acked-by: Roi Dayan <roid at mellanox.com>
Signed-off-by: Simon Horman <simon.horman at netronome.com>
Commit: 4f4be08e4713941285ecb71555c9a64c46cdb8ae
https://github.com/openvswitch/ovs/commit/4f4be08e4713941285ecb71555c9a64c46cdb8ae
Author: Tonghao Zhang <xiangxia.m.yue at gmail.com>
Date: 2020-06-03 (Wed, 03 Jun 2020)
Changed paths:
M lib/netdev-offload-tc.c
M lib/tc.c
Log Message:
-----------
netdev-offload-tc: Use ipv6_addr_is_set instead of is_all_zeros
Not bugfix, make the codes more readable.
Signed-off-by: Tonghao Zhang <xiangxia.m.yue at gmail.com>
Acked-by: Roi Dayan <roid at mellanox.com>
Signed-off-by: Simon Horman <simon.horman at netronome.com>
Commit: 5f568d049130fb481e41fdf9a290b6d1e3a7f23a
https://github.com/openvswitch/ovs/commit/5f568d049130fb481e41fdf9a290b6d1e3a7f23a
Author: Tonghao Zhang <xiangxia.m.yue at gmail.com>
Date: 2020-06-03 (Wed, 03 Jun 2020)
Changed paths:
M NEWS
M include/openvswitch/match.h
M lib/match.c
M lib/netdev-offload-tc.c
M lib/tc.c
M tests/tunnel.at
Log Message:
-----------
netdev-offload-tc: Allow to match the IP and port mask of tunnel
This patch allows users to offload the TC flower rules with
tunnel mask. This patch allows masked match of the following,
where previously supported an exact match was supported:
* Remote (dst) tunnel endpoint address
* Local (src) tunnel endpoint address
* Remote (dst) tunnel endpoint UDP port
And also allows masked match of the following, where previously
no match was supported:
* Local (src) tunnel endpoint UDP port
In some case, mask is useful as wildcards. For example, DDOS,
in that case, we don’t want to allow specified hosts IPs or
only source Ports to access the targeted host. For example:
$ ovs-appctl dpctl/add-flow "tunnel(dst=2.2.2.100,src=2.2.2.0/255.255.255.0,tp_dst=4789),\
recirc_id(0),in_port(3),eth(),eth_type(0x0800),ipv4()" ""
$ tc filter show dev vxlan_sys_4789 ingress
...
eth_type ipv4
enc_dst_ip 2.2.2.100
enc_src_ip 2.2.2.0/24
enc_dst_port 4789
enc_ttl 64
in_hw in_hw_count 2
action order 1: gact action drop
...
Signed-off-by: Tonghao Zhang <xiangxia.m.yue at gmail.com>
Acked-by: Roi Dayan <roid at mellanox.com>
Signed-off-by: Simon Horman <simon.horman at netronome.com>
Commit: 3f82ac1fe36d6d8ad9b21750e7d878394f031147
https://github.com/openvswitch/ovs/commit/3f82ac1fe36d6d8ad9b21750e7d878394f031147
Author: Tonghao Zhang <xiangxia.m.yue at gmail.com>
Date: 2020-06-03 (Wed, 03 Jun 2020)
Changed paths:
M lib/netdev-offload-tc.c
M lib/odp-util.c
M lib/packets.h
Log Message:
-----------
netdev-offload-tc: Expand tunnel source IPs masked match
To support more use case, for example, DDOS, which
packets should be dropped in hardware, this patch
allows users to match only the tunnel source IPs with
masked value.
$ ovs-appctl dpctl/add-flow "tunnel(src=2.2.2.0/255.255.255.0,tp_dst=4789,ttl=64),\
recirc_id(2),in_port(3),eth(),eth_type(0x0800),ipv4()" ""
$ ovs-appctl dpctl/dump-flows
tunnel(src=2.2.2.0/255.255.255.0,ttl=64,tp_dst=4789) ... actions:drop
$ tc filter show dev vxlan_sys_4789 ingress
...
eth_type ipv4
enc_src_ip 2.2.2.0/24
enc_dst_port 4789
enc_ttl 64
in_hw in_hw_count 2
action order 1: gact action drop
...
Signed-off-by: Tonghao Zhang <xiangxia.m.yue at gmail.com>
Acked-by: Roi Dayan <roid at mellanox.com>
Signed-off-by: Simon Horman <simon.horman at netronome.com>
Compare: https://github.com/openvswitch/ovs/compare/ace0310f3fcb...3f82ac1fe36d
More information about the git
mailing list