Re: [ovs-dev] [RFC ovn 0/2] ACL Sampling using per-flow IPFIX

On 3/17/23 20:59, Numan Siddique wrote: On Tue, Oct 18, 2022 at 12:00 PM Adrian Moreno wrote: Based on the introduction of the OVN "sample" action (still WIP) [1], the proposal of this RFC is to use per-flow IPFIX sampling to increase visibility on ACLs. The idea of ACL sampling is very sim

Re: [ovs-dev] [PATCH ovn v2] northd, controller: Commit flows dropped by ACLs to conntrack

> On 18 Mar 2023, at 01:04, Numan Siddique wrote: > > On Mon, Feb 13, 2023 at 11:36 AM Abhiram Sangana > wrote: >> >> This patch adds support to commit connections dropped/rejected by >> ACLs to the connection tracking table. Dropped connections are >> committed to conntrack only if NB_Global

Re: [ovs-dev] Proposal: Move dceara/ovn-heater to ovn-org/ovn-heater?

Hi everyone, We merged Frode's PRs to add support for multiple distros [0] and to add a logo (based on Ben's OVN logo) and updated copyright [1]. Then, with Numan's help, we moved the repo to ovn-org: https://github.com/ovn-org/ovn-heater We also enabled DCO to enforce checking for the develope

Re: [ovs-dev] [PATCH ovn v2 0/3] expr: Optimize OR expressions.

On 3/20/23 23:31, Han Zhou wrote: > > > On Mon, Mar 20, 2023 at 3:37 AM Ilya Maximets > wrote: >> >> This patch set covers removal of expressions which are subsets of other >> wider expressions and aggregation of a few granular expressions into >> wider expressions tha

[ovs-dev] [PATCH] tests/mfex: Rertain support for cryptography pre-v37.

Prior to v37.0.0, CryptographyDeprecationWarning could not be imported from __init__.py resulting in: Traceback (most recent call last): File "mfex_fuzzy.py", line 9, in category=cryptography.CryptographyDeprecationWarning, AttributeError: module 'cryptography' has no attribute 'Cryptog

Re: [ovs-dev] [PATCH] ovsdb: add unixctl cmd to show memory-trim-on-compaction setting

On 3/20/23 13:51, Vladislav Odintsov wrote: > No, my usecase with 2.17 is that I just want to check agains a running > process wether memory compaction is enabled or not without searching specific > line in logs, which in addition can be rotated. OK, but can you just set it without checking? I

Re: [ovs-dev] [PATCH v4] dpdk: Allow retaining CAP_SYS_RAWIO privileges

On 3/16/23 13:00, Aaron Conole wrote: > Open vSwitch generally tries to let the underlying operating system > managed the low level details of hardware, for example DMA mapping, > bus arbitration, etc. However, when using DPDK, the underlying > operating system yields control of many of these deta

Re: [ovs-dev] [PATCH 1/1] tc: translate mirror/stolen to mirred

On 3/15/23 16:18, Marcelo Ricardo Leitner wrote: > On Wed, Mar 15, 2023 at 09:33:09AM +0100, Simon Horman wrote: >> On Tue, Mar 14, 2023 at 06:49:25PM +0100, Ilya Maximets wrote: >>> On 3/14/23 12:15, Simon Horman wrote: On Mon, Mar 13, 2023 at 09:34:30PM +0100, Ilya Maximets wrote: > On 3

[ovs-dev] [PATCH ovn 4/4] acls: Add "pass" ACL action.

This allows for evaluating ACLs at the current tier to stop, and to start evaluating ACLs at the next tier. If not using tiers, or if we match on the final ACL tier, then a "pass" verdict results in the default ACL action being applied. Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2134

[ovs-dev] [PATCH ovn 3/4] ovn-nbctl: Add tier ACL options.

This modifies the acl-add and acl-del commands so that an ACL tier can be specified when adding or deleting ACLs. For acl-add, if the tier is specified, then the ACL created by the command will have that tier set. For acl-del, if the tier is specified, then the tier will be one of the criteria us

[ovs-dev] [PATCH ovn 2/4] northd: Add tiered ACL support.

With this commit, ACLs can now be arranged in hierarchical tiers. A tier number can be assigned to an ACL. When evaluating ACLs, we first will consider ACLs at tier 0. If no matching ACL is found, then we move to tier 1. This continues until a matching ACL is found, or we reach the maximum tier. If

[ovs-dev] [PATCH v10 1/4] Documentation: Document netdev offload.

From: Flavio Leitner Document the implementation of netdev hardware offloading in userspace datapath. Signed-off-by: Flavio Leitner Co-authored-by: Mike Pattrick Signed-off-by: Mike Pattrick --- Since v9: - Renamed documentation to reflect the userspace checksum nature of this feature -

[ovs-dev] [PATCH v10 2/4] dpif-netdev: Show netdev offloading flags.

From: Flavio Leitner This patch modifies netdev_get_status to include information about checksum offload status by port, allowing the user to gain insight into where checksum offloading is active. Signed-off-by: Flavio Leitner Co-authored-by: Mike Pattrick Signed-off-by: Mike Pattrick --- Sin

[ovs-dev] [PATCH v10 3/4] userspace: Enable IP checksum offloading by default.

From: Flavio Leitner The netdev receiving packets is supposed to provide the flags indicating if the IP checksum was verified and it is GOOD or BAD, otherwise the stack will check when appropriate by software. If the packet comes with good checksum, then postpone the checksum calculation to the

[ovs-dev] [PATCH v10 4/4] userspace: Enable L4 checksum offloading by default.

From: Flavio Leitner The netdev receiving packets is supposed to provide the flags indicating if the L4 checksum was verified and it is OK or BAD, otherwise the stack will check when appropriate by software. If the packet comes with good checksum, then postpone the checksum calculation to the eg

Re: [ovs-dev] [PATCH v9 4/5] userspace: Add SRv6 tunnel support.

On 3/15/23 07:07, Nobuhiro MIKI wrote: > SRv6 (Segment Routing IPv6) tunnel vport is responsible > for encapsulation and decapsulation the inner packets with > IPv6 header and an extended header called SRH > (Segment Routing Header). See spec in: > > https://datatracker.ietf.org/doc/html/rfc8754 >

Re: [ovs-dev] [PATCH v9 5/5] odp: Add SRv6 tunnel actions.

On 3/15/23 07:07, Nobuhiro MIKI wrote: > This patch adds ODP actions for SRv6 and its tests. > > Signed-off-by: Nobuhiro MIKI > --- > lib/odp-util.c| 56 +++ > python/ovs/flow/odp.py| 8 + > python/ovs/tests/test_odp.py | 16 +

Re: [ovs-dev] [PATCH v9 5/5] odp: Add SRv6 tunnel actions.

On 3/22/23 00:41, Ilya Maximets wrote: > On 3/15/23 07:07, Nobuhiro MIKI wrote: >> This patch adds ODP actions for SRv6 and its tests. >> >> Signed-off-by: Nobuhiro MIKI >> --- >> lib/odp-util.c| 56 +++ >> python/ovs/flow/odp.py| 8 + >

Re: [ovs-dev] [PATCH v4 ovn] northd: drop ct.inv packets in post snat and lb_aff_learn stages

On Mon, Mar 20, 2023 at 2:30 PM Lorenzo Bianconi wrote: > > Drop ip packets with ct status set to invalid in post snat and > lb_aff_learn router stages. > Skip ICMPv{4,6} error messages packet in ct.inv rules in order to avoid > to introduce too complicated code. > > Reported-at: https://bugzilla.

Re: [ovs-dev] [PATCH v24 3/8] netdev-offload-tc: Introduce group ID management API

On 3/20/2023 6:04 PM, Eelco Chaudron wrote: On 20 Mar 2023, at 6:44, Chris Mi wrote: On 3/16/2023 5:09 PM, Eelco Chaudron wrote: On 1 Mar 2023, at 8:22, Chris Mi wrote: When offloading sample action to TC, userspace creates a unique ID to map sFlow action and tunnel info and passes this ID t

Re: [ovs-dev] [PATCH v24 4/8] netdev-offload-tc: Add sFlow offload API for TC

On 3/16/2023 5:13 PM, Eelco Chaudron wrote: On 1 Mar 2023, at 8:22, Chris Mi wrote: Initialize psample socket. Add sFlow recv API to receive sampled packets from psample socket. Add sFow recv wait API to add psample socket fd to poll list. See some comments inline below. and one question for I

Re: [ovs-dev] [PATCH v24 6/8] dpif-netlink: Add netdev offload recv in normal recv upcalls

On 3/16/2023 5:16 PM, Eelco Chaudron wrote: On 1 Mar 2023, at 8:22, Chris Mi wrote: In thread handler 0, add netdev offload recv in normal recv upcalls. To avoid starvation, introduce a flag to alternate the order of receiving normal upcalls and offload upcalls based on that flag. Add similar

Re: [ovs-dev] [PATCH v24 7/8] netdev-offload-tc: Add offload support for sFlow

On 3/16/2023 5:23 PM, Eelco Chaudron wrote: On 1 Mar 2023, at 8:22, Chris Mi wrote: Create a unique group ID to map the sFlow info when offloading sample action to TC. When showing the offloaded datapath flows, translate the group ID from TC sample action to sFlow info using the mapping. See s

Re: [ovs-dev] [PATCH v24 8/8] system-offloads-traffic.at: Add sFlow offload test cases

On 3/16/2023 5:24 PM, Eelco Chaudron wrote: On 1 Mar 2023, at 8:22, Chris Mi wrote: Add two sFlow offload test caes: 3: sflow offloads with sampling=1 - ping between two ports - offloads enabled ok 4: sflow offloads with sampling=2 - ping between two ports - offloads enabled ok Some i

Re: [ovs-dev] [PATCH v24 8/8] system-offloads-traffic.at: Add sFlow offload test cases

On 3/16/2023 7:43 PM, Eelco Chaudron wrote: On 16 Mar 2023, at 10:24, Eelco Chaudron wrote: On 1 Mar 2023, at 8:22, Chris Mi wrote: Add two sFlow offload test caes: 3: sflow offloads with sampling=1 - ping between two ports - offloads enabled ok 4: sflow offloads with sampling=2 - pi