Post-v2.9.0
--------------------
- - Nothing yet.
-
+ - OpenFlow:
+ * ct_clear action is now backed by kernel datapath. Support is probed for
+ when OVS starts.
v2.9.0 - xx xxx xxxx
--------------------
* @OVS_ACTION_ATTR_PUSH_ETH: Push a new outermost Ethernet header onto the
* packet.
* @OVS_ACTION_ATTR_POP_ETH: Pop the outermost Ethernet header off the packet.
+ * @OVS_ACTION_ATTR_CT_CLEAR: Clear conntrack state from the packet.
* @OVS_ACTION_ATTR_PUSH_NSH: push NSH header to the packet.
* @OVS_ACTION_ATTR_POP_NSH: pop the outermost NSH header off the packet.
*
OVS_ACTION_ATTR_TRUNC, /* u32 struct ovs_action_trunc. */
OVS_ACTION_ATTR_PUSH_ETH, /* struct ovs_action_push_eth. */
OVS_ACTION_ATTR_POP_ETH, /* No argument. */
+ OVS_ACTION_ATTR_CT_CLEAR, /* No argument. */
#ifndef __KERNEL__
OVS_ACTION_ATTR_TUNNEL_PUSH, /* struct ovs_action_push_tnl*/
return 0;
}
+void
+conntrack_clear(struct dp_packet *packet)
+{
+ /* According to pkt_metadata_init(), ct_state == 0 is enough to make all of
+ * the conntrack fields invalid. */
+ packet->md.ct_state = 0;
+}
+
static void
set_mark(struct dp_packet *pkt, struct conn *conn, uint32_t val, uint32_t mask)
{
ovs_be16 tp_src, ovs_be16 tp_dst, const char *helper,
const struct nat_action_info_t *nat_action_info,
long long now);
+void conntrack_clear(struct dp_packet *packet);
struct conntrack_dump {
struct conntrack *ct;
case OVS_ACTION_ATTR_CLONE:
case OVS_ACTION_ATTR_PUSH_NSH:
case OVS_ACTION_ATTR_POP_NSH:
+ case OVS_ACTION_ATTR_CT_CLEAR:
case __OVS_ACTION_ATTR_MAX:
OVS_NOT_REACHED();
}
case OVS_ACTION_ATTR_CLONE:
case OVS_ACTION_ATTR_PUSH_NSH:
case OVS_ACTION_ATTR_POP_NSH:
+ case OVS_ACTION_ATTR_CT_CLEAR:
case OVS_ACTION_ATTR_UNSPEC:
case __OVS_ACTION_ATTR_MAX:
OVS_NOT_REACHED();
#include "unaligned.h"
#include "util.h"
#include "csum.h"
+#include "conntrack.h"
/* Masked copy of an ethernet address. 'src' is already properly masked. */
static void
case OVS_ACTION_ATTR_CLONE:
case OVS_ACTION_ATTR_PUSH_NSH:
case OVS_ACTION_ATTR_POP_NSH:
+ case OVS_ACTION_ATTR_CT_CLEAR:
return false;
case OVS_ACTION_ATTR_UNSPEC:
}
break;
}
+ case OVS_ACTION_ATTR_CT_CLEAR:
+ DP_PACKET_BATCH_FOR_EACH (packet, batch) {
+ conntrack_clear(packet);
+ }
+ break;
case OVS_ACTION_ATTR_OUTPUT:
case OVS_ACTION_ATTR_TUNNEL_PUSH:
case OVS_ACTION_ATTR_SET_MASKED: return ATTR_LEN_VARIABLE;
case OVS_ACTION_ATTR_SAMPLE: return ATTR_LEN_VARIABLE;
case OVS_ACTION_ATTR_CT: return ATTR_LEN_VARIABLE;
+ case OVS_ACTION_ATTR_CT_CLEAR: return 0;
case OVS_ACTION_ATTR_PUSH_ETH: return sizeof(struct ovs_action_push_eth);
case OVS_ACTION_ATTR_POP_ETH: return 0;
case OVS_ACTION_ATTR_CLONE: return ATTR_LEN_VARIABLE;
case OVS_ACTION_ATTR_CT:
format_odp_conntrack_action(ds, a);
break;
+ case OVS_ACTION_ATTR_CT_CLEAR:
+ ds_put_cstr(ds, "ct_clear");
+ break;
case OVS_ACTION_ATTR_CLONE:
format_odp_clone_action(ds, a, portno_names);
break;
}
}
+ {
+ if (!strncmp(s, "ct_clear", 8)) {
+ nl_msg_put_flag(actions, OVS_ACTION_ATTR_CT_CLEAR);
+ return 8;
+ }
+ }
+
{
int retval;
if (!ofpacts_copy_last(action_list, action_set, OFPACT_GROUP) &&
!ofpacts_copy_last(action_list, action_set, OFPACT_OUTPUT) &&
!ofpacts_copy_last(action_list, action_set, OFPACT_RESUBMIT) &&
+ !ofpacts_copy_last(action_list, action_set, OFPACT_CT_CLEAR) &&
!ofpacts_copy_last(action_list, action_set, OFPACT_CT)) {
ofpbuf_clear(action_list);
}
case OVS_ACTION_ATTR_TRUNC:
case OVS_ACTION_ATTR_HASH:
case OVS_ACTION_ATTR_CT:
+ case OVS_ACTION_ATTR_CT_CLEAR:
case OVS_ACTION_ATTR_METER:
case OVS_ACTION_ATTR_SET_MASKED:
case OVS_ACTION_ATTR_SET:
case OVS_ACTION_ATTR_RECIRC:
case OVS_ACTION_ATTR_HASH:
case OVS_ACTION_ATTR_CT:
+ case OVS_ACTION_ATTR_CT_CLEAR:
case OVS_ACTION_ATTR_METER:
break;
ctx->conntracked = false;
}
+static void
+compose_ct_clear_action(struct xlate_ctx *ctx)
+{
+ clear_conntrack(ctx);
+ /* This action originally existed without dpif support. So to preserve
+ * compatibility, only append it if the dpif supports it. */
+ if (ctx->xbridge->support.ct_clear) {
+ nl_msg_put_flag(ctx->odp_actions, OVS_ACTION_ATTR_CT_CLEAR);
+ }
+}
+
static void
rewrite_flow_encap_ethernet(struct xlate_ctx *ctx,
struct flow *flow,
break;
case OFPACT_CT_CLEAR:
- clear_conntrack(ctx);
+ compose_ct_clear_action(ctx);
break;
case OFPACT_NAT:
return !error;
}
+/* Tests whether 'backer''s datapath supports the OVS_ACTION_ATTR_CT_CLEAR
+ * action. */
+static bool
+check_ct_clear(struct dpif_backer *backer)
+{
+ struct odputil_keybuf keybuf;
+ uint8_t actbuf[NL_A_FLAG_SIZE];
+ struct ofpbuf actions;
+ struct ofpbuf key;
+ struct flow flow;
+ bool supported;
+
+ struct odp_flow_key_parms odp_parms = {
+ .flow = &flow,
+ .probe = true,
+ };
+
+ memset(&flow, 0, sizeof flow);
+ ofpbuf_use_stack(&key, &keybuf, sizeof keybuf);
+ odp_flow_key_from_flow(&odp_parms, &key);
+
+ ofpbuf_use_stack(&actions, &actbuf, sizeof actbuf);
+ nl_msg_put_flag(&actions, OVS_ACTION_ATTR_CT_CLEAR);
+
+ supported = dpif_probe_feature(backer->dpif, "ct_clear", &key,
+ &actions, NULL);
+
+ VLOG_INFO("%s: Datapath %s ct_clear action",
+ dpif_name(backer->dpif), (supported) ? "supports"
+ : "does not support");
+ return supported;
+}
+
#define CHECK_FEATURE__(NAME, SUPPORT, FIELD, VALUE, ETHTYPE) \
static bool \
check_##NAME(struct dpif_backer *backer) \
backer->rt_support.clone = check_clone(backer);
backer->rt_support.sample_nesting = check_max_sample_nesting(backer);
backer->rt_support.ct_eventmask = check_ct_eventmask(backer);
+ backer->rt_support.ct_clear = check_ct_clear(backer);
/* Flow fields. */
backer->rt_support.odp.ct_state = check_ct_state(backer);
DPIF_SUPPORT_FIELD(size_t, sample_nesting, "Sample nesting") \
\
/* OVS_CT_ATTR_EVENTMASK supported by OVS_ACTION_ATTR_CT action. */ \
- DPIF_SUPPORT_FIELD(bool, ct_eventmask, "Conntrack eventmask")
+ DPIF_SUPPORT_FIELD(bool, ct_eventmask, "Conntrack eventmask") \
+ \
+ /* True if the datapath supports OVS_ACTION_ATTR_CT_CLEAR action. */ \
+ DPIF_SUPPORT_FIELD(bool, ct_clear, "Conntrack clear")
/* Stores the various features which the corresponding backer supports. */
struct dpif_backer_support {
ct(force_commit,nat(src=fe80::20c:29ff:fe88:1-fe80::20c:29ff:fe88:a18b,random))
ct(force_commit,nat(src=[[fe80::20c:29ff:fe88:1]]-[[fe80::20c:29ff:fe88:a18b]]:255-4096,random))
ct(force_commit,helper=ftp,nat(src=10.1.1.240-10.1.1.255))
+ct_clear
trunc(100)
clone(1)
clone(clone(push_vlan(vid=12,pcp=0),2),1)