[ovs-git] [openvswitch/ovs] e61984: dpif-netlink: Generate ufids for installing TC flo...

NIC我是一张网卡 noreply at github.com
Thu Jun 4 11:56:33 UTC 2020


  Branch: refs/heads/master
  Home:   https://github.com/openvswitch/ovs
  Commit: e61984e781e6c7d621568428788cb87c11be8f1f
      https://github.com/openvswitch/ovs/commit/e61984e781e6c7d621568428788cb87c11be8f1f
  Author: Tonghao Zhang <xiangxia.m.yue at gmail.com>
  Date:   2020-06-03 (Wed, 03 Jun 2020)

  Changed paths:
    M lib/dpif-netlink.c

  Log Message:
  -----------
  dpif-netlink: Generate ufids for installing TC flowers

To support installing the TC flowers to HW, via "ovs-appctl dpctl/add-flow"
command, there should be an ufid. This patch will check whether ufid exists,
if not, generate an ufid. Should to know that when processing upcall packets,
ufid is generated in parse_odp_packet for kernel datapath.

Configuring the max-idle/max-revalidator, may help testing this patch.

Signed-off-by: Tonghao Zhang <xiangxia.m.yue at gmail.com>
Acked-by: Roi Dayan <roid at mellanox.com>
Signed-off-by: Simon Horman <simon.horman at netronome.com>


  Commit: 4f4be08e4713941285ecb71555c9a64c46cdb8ae
      https://github.com/openvswitch/ovs/commit/4f4be08e4713941285ecb71555c9a64c46cdb8ae
  Author: Tonghao Zhang <xiangxia.m.yue at gmail.com>
  Date:   2020-06-03 (Wed, 03 Jun 2020)

  Changed paths:
    M lib/netdev-offload-tc.c
    M lib/tc.c

  Log Message:
  -----------
  netdev-offload-tc: Use ipv6_addr_is_set instead of is_all_zeros

Not bugfix, make the codes more readable.

Signed-off-by: Tonghao Zhang <xiangxia.m.yue at gmail.com>
Acked-by: Roi Dayan <roid at mellanox.com>
Signed-off-by: Simon Horman <simon.horman at netronome.com>


  Commit: 5f568d049130fb481e41fdf9a290b6d1e3a7f23a
      https://github.com/openvswitch/ovs/commit/5f568d049130fb481e41fdf9a290b6d1e3a7f23a
  Author: Tonghao Zhang <xiangxia.m.yue at gmail.com>
  Date:   2020-06-03 (Wed, 03 Jun 2020)

  Changed paths:
    M NEWS
    M include/openvswitch/match.h
    M lib/match.c
    M lib/netdev-offload-tc.c
    M lib/tc.c
    M tests/tunnel.at

  Log Message:
  -----------
  netdev-offload-tc: Allow to match the IP and port mask of tunnel

This patch allows users to offload the TC flower rules with
tunnel mask. This patch allows masked match of the following,
where previously supported an exact match was supported:
* Remote (dst) tunnel endpoint address
* Local (src) tunnel endpoint address
* Remote (dst) tunnel endpoint UDP port

And also allows masked match of the following, where previously
no match was supported:
* Local (src) tunnel endpoint UDP port

In some case, mask is useful as wildcards. For example, DDOS,
in that case, we don’t want to allow specified hosts IPs or
only source Ports to access the targeted host. For example:

$ ovs-appctl dpctl/add-flow "tunnel(dst=2.2.2.100,src=2.2.2.0/255.255.255.0,tp_dst=4789),\
  recirc_id(0),in_port(3),eth(),eth_type(0x0800),ipv4()" ""

$ tc filter show dev vxlan_sys_4789 ingress
  ...
  eth_type ipv4
  enc_dst_ip 2.2.2.100
  enc_src_ip 2.2.2.0/24
  enc_dst_port 4789
  enc_ttl 64
  in_hw in_hw_count 2
	action order 1: gact action drop
    ...

Signed-off-by: Tonghao Zhang <xiangxia.m.yue at gmail.com>
Acked-by: Roi Dayan <roid at mellanox.com>
Signed-off-by: Simon Horman <simon.horman at netronome.com>


  Commit: 3f82ac1fe36d6d8ad9b21750e7d878394f031147
      https://github.com/openvswitch/ovs/commit/3f82ac1fe36d6d8ad9b21750e7d878394f031147
  Author: Tonghao Zhang <xiangxia.m.yue at gmail.com>
  Date:   2020-06-03 (Wed, 03 Jun 2020)

  Changed paths:
    M lib/netdev-offload-tc.c
    M lib/odp-util.c
    M lib/packets.h

  Log Message:
  -----------
  netdev-offload-tc: Expand tunnel source IPs masked match

To support more use case, for example, DDOS, which
packets should be dropped in hardware, this patch
allows users to match only the tunnel source IPs with
masked value.

$ ovs-appctl dpctl/add-flow "tunnel(src=2.2.2.0/255.255.255.0,tp_dst=4789,ttl=64),\
  recirc_id(2),in_port(3),eth(),eth_type(0x0800),ipv4()" ""

$ ovs-appctl dpctl/dump-flows
  tunnel(src=2.2.2.0/255.255.255.0,ttl=64,tp_dst=4789) ... actions:drop
$ tc filter show dev vxlan_sys_4789 ingress
  ...
  eth_type ipv4
  enc_src_ip 2.2.2.0/24
  enc_dst_port 4789
  enc_ttl 64
  in_hw in_hw_count 2
    action order 1: gact action drop
    ...

Signed-off-by: Tonghao Zhang <xiangxia.m.yue at gmail.com>
Acked-by: Roi Dayan <roid at mellanox.com>
Signed-off-by: Simon Horman <simon.horman at netronome.com>


Compare: https://github.com/openvswitch/ovs/compare/ace0310f3fcb...3f82ac1fe36d


More information about the git mailing list