+ Xavier Simonart <[email protected]> Mike Pattrick <[email protected]>
On Wed, Mar 06, 2024 at 06:21:36PM +0000, 'Simon Horman' wrote: > From: Xavier Simonart <[email protected]> > > On netdev datapath, when a ct element was cleaned, the cmap > could be shrinked, potentially causing some elements to be skipped > in the flush iteration. > > Fixes: 967bb5c5cd90 ("conntrack: Add rcu support.") > Signed-off-by: Xavier Simonart <[email protected]> > Acked-by: Mike Pattrick <[email protected]> > Signed-off-by: Simon Horman <[email protected]> > --- > The test has been updated to avoid using ovs-ofctl compose-packet --bare > which does not exist until OVS v3.3. Instead frames are constructed > using printf. Adding missing CCs. It seems that b4 is not working well for me today :( > --- > lib/conntrack.c | 14 ++++-------- > lib/conntrack.h | 2 +- > tests/system-traffic.at | 59 > +++++++++++++++++++++++++++++++++++++++++++++++++ > 3 files changed, 64 insertions(+), 11 deletions(-) > > diff --git a/lib/conntrack.c b/lib/conntrack.c > index 2470c16895c2..38b788747461 100644 > --- a/lib/conntrack.c > +++ b/lib/conntrack.c > @@ -2534,25 +2534,19 @@ conntrack_dump_start(struct conntrack *ct, struct > conntrack_dump *dump, > > dump->ct = ct; > *ptot_bkts = 1; /* Need to clean up the callers. */ > + dump->cursor = cmap_cursor_start(&ct->conns); > return 0; > } > > int > conntrack_dump_next(struct conntrack_dump *dump, struct ct_dpif_entry *entry) > { > - struct conntrack *ct = dump->ct; > long long now = time_msec(); > > - for (;;) { > - struct cmap_node *cm_node = cmap_next_position(&ct->conns, > - &dump->cm_pos); > - if (!cm_node) { > - break; > - } > - struct conn_key_node *keyn; > - struct conn *conn; > + struct conn_key_node *keyn; > + struct conn *conn; > > - INIT_CONTAINER(keyn, cm_node, cm_node); > + CMAP_CURSOR_FOR_EACH_CONTINUE (keyn, cm_node, &dump->cursor) { > if (keyn->dir != CT_DIR_FWD) { > continue; > } > diff --git a/lib/conntrack.h b/lib/conntrack.h > index b064abc9fa43..bed23a9515a2 100644 > --- a/lib/conntrack.h > +++ b/lib/conntrack.h > @@ -100,7 +100,7 @@ void conntrack_clear(struct dp_packet *packet); > struct conntrack_dump { > struct conntrack *ct; > unsigned bucket; > - struct cmap_position cm_pos; > + struct cmap_cursor cursor; > bool filter_zone; > uint16_t zone; > }; > diff --git a/tests/system-traffic.at b/tests/system-traffic.at > index 5d12fd41b4f7..c99c637eb1fd 100644 > --- a/tests/system-traffic.at > +++ b/tests/system-traffic.at > @@ -7488,6 +7488,65 @@ AT_CHECK([ovs-pcap client.pcap | grep > 000000002010000000002000], [0], [dnl > OVS_TRAFFIC_VSWITCHD_STOP > AT_CLEANUP > > +AT_SETUP([conntrack - Flush many conntrack entries by port]) > +CHECK_CONNTRACK() > +OVS_TRAFFIC_VSWITCHD_START() > + > +ADD_NAMESPACES(at_ns0, at_ns1) > + > +ADD_VETH(p0, at_ns0, br0, "10.1.1.1/24") > +ADD_VETH(p1, at_ns1, br0, "10.1.1.2/24") > + > +AT_DATA([flows.txt], [dnl > +priority=100,in_port=1,udp,action=ct(zone=1,commit),2 > +]) > + > +AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) > + > +dnl 20 packets from port 1 and 1 packet from port 2. > +flow_l3="\ > + eth_src=50:54:00:00:00:09,eth_dst=50:54:00:00:00:0a,dl_type=0x0800,\ > + nw_src=10.1.1.1,nw_dst=10.1.1.2,nw_proto=17,nw_ttl=64,nw_frag=no" > + > +head="50540000000a50540000000908004500005c000000004011648d0a0101010a010102" > +len=72 > +base_csum=1366 > +tail="000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f\ > + 202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f" > + > +dst_port=1 > +for src_port in $(seq 1 20); do > + csum=$((base_csum - src_port - dst_port)) > + frame=$(printf "%s%04x%04x%04x%04x%s" $head 1 $src_port $len $csum $tail) > + AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 > packet=$frame actions=resubmit(,0)"]) > +done > + > +src_port=2 > +dst_port=1 > +csum=$((base_csum - src_port - dst_port)) > +frame=$(printf "%s%04x%04x%04x%04x%s" $head $src_port $dst_port $len $csum > $tail) > +AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 packet=$frame > actions=resubmit(,0)"]) > + > +: > conntrack > + > +for i in $(seq 1 20); do > + echo > "udp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=1,dport=${i}),reply=(src=10.1.1.2,dst=10.1.1.1,sport=${i},dport=1),zone=1" > >> conntrack > +done > +echo > "udp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=2,dport=1),reply=(src=10.1.1.2,dst=10.1.1.1,sport=1,dport=2),zone=1" > >> conntrack > + > +sort conntrack > expout > + > +AT_CHECK([ovs-appctl dpctl/dump-conntrack zone=1 | grep -F "src=10.1.1.1," | > sort ], [0], [expout]) > + > +dnl Check that flushing conntrack by port 1 flush all ct for port 1 but > keeps ct for port 2. > +AT_CHECK([ovs-appctl dpctl/flush-conntrack zone=1 > 'ct_nw_proto=17,ct_tp_src=1']) > +AT_CHECK([ovs-appctl dpctl/dump-conntrack zone=1 | grep -F "src=10.1.1.1," | > sort ], [0], [dnl > +udp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=2,dport=1),reply=(src=10.1.1.2,dst=10.1.1.1,sport=1,dport=2),zone=1 > +]) > + > +OVS_TRAFFIC_VSWITCHD_STOP > +AT_CLEANUP > + > AT_BANNER([IGMP]) > > AT_SETUP([IGMP - flood under normal action]) > > _______________________________________________ > dev mailing list > [email protected] > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
