This series adds support for sampling packets processed by ACLs by using per-flow IPFIX. This new feature allows users to configure (potentially) different sampling options for ACL matched traffic that creates new connections or that is forwarded on existing connections.
This work is based on Adrian's original RFC: https://patchwork.ozlabs.org/project/ovn/cover/20221018155936.1394396-1-amore...@redhat.com/ In order for the whole feature to work properly some pre-requisite work is done: - patches 1-3: simplify northd code assuming that all controllers are aware of features included in the previous LTS release (22.03) - the current LTS release is 24.03. - patch 4: fixes an incorrect test that mistakenly fails when the bug fix in patch 5 is applied. - patch 5: fixes a bug in the way ACLs with labels are processed when the switches also have load balancers configured The feature itself is implemented by the last 3 patches: - patch 6: adds support for users to configure different types of sampling applications (drop debug, acl-new-traffic, acl-established-traffic) - patch 7: combines the already existing drop debug sampling configuration with the new sampling application configuration (giving priority to the latter) - patch 8: adds sampling support to ACLs Changes in V2: - Addressed Adrian's comments on patch 8. - Fixed unit test failure in patch 2. Adrian Moreno (1): northd: Add ACL Sampling. Dumitru Ceara (7): northd: Assume all chassis support the "port-up-notif" feature. northd: Assume all chassis support the "ct-no-masked-label" feature. northd: Assume all chassis support the "ovn-ct-lb-related" feature. tests: Fix unreliable "ACL and committing to conntrack" system test. northd: Commit from-lport ACL label (and state) when LBs are used. northd: Add Sampling_App table. northd: Override NB_Global drop sampling id with Sampling_App config. NEWS | 6 + controller/lflow.c | 39 +- controller/lflow.h | 1 - controller/ovn-controller.c | 22 - lib/logical-fields.c | 28 +- northd/automake.mk | 2 + northd/debug.c | 12 +- northd/debug.h | 3 +- northd/en-global-config.c | 68 +-- northd/en-global-config.h | 2 - northd/en-lflow.c | 5 + northd/en-sampling-app.c | 120 ++++ northd/en-sampling-app.h | 51 ++ northd/inc-proc-northd.c | 15 +- northd/northd.c | 750 ++++++++++++++++++------ northd/northd.h | 1 + northd/ovn-northd.8.xml | 26 + ovn-nb.ovsschema | 63 +- ovn-nb.xml | 80 +++ ovn-sb.xml | 19 - tests/atlocal.in | 6 + tests/ovn-controller.at | 8 +- tests/ovn-macros.at | 4 + tests/ovn-nbctl.at | 20 + tests/ovn-northd.at | 774 +++++++++++++------------ tests/ovn.at | 22 +- tests/system-common-macros.at | 11 + tests/system-ovn.at | 154 ++++- utilities/containers/fedora/Dockerfile | 1 + utilities/containers/ubuntu/Dockerfile | 1 + utilities/ovn-nbctl.8.xml | 8 +- utilities/ovn-nbctl.c | 43 +- 32 files changed, 1617 insertions(+), 748 deletions(-) create mode 100644 northd/en-sampling-app.c create mode 100644 northd/en-sampling-app.h -- 2.44.0 _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev