[ovs-dev] Userspace space conntrack tcp issue

[王志克]

Hi,

I am testing below scenario, and I think there is some issue on TCP conntrack 
sequence number filter.

Scenario:

VM1->Host1-Host2-->VM2

There is SCP file copy below VM1 and VM2, and we configured conntrack. During 
the scp, I restart the openvswitch service (process stop and start), then after 
the restart, I saw the consequence TCP packets are tagged as invalid by 
conntrack and traffic can not be recovered.
I did some debug and found it fails on below check “(ackskew >= 
-MAXACKWINDOW)”. I am wondering should it be “(ackskew >= 
-(MAXACKWINDOW<seqlo - ack;
#define MAXACKWINDOW (0x + 1500)/* 1500 is an arbitrary fudge factor */
if (SEQ_GEQ(src->seqhi, end)
/* Last octet inside other's window space */
&& SEQ_GEQ(seq, src->seqlo - (dst->max_win << dws))
/* Retrans: not more than one window back */
&& (ackskew >= -MAXACKWINDOW)
/* Acking not more than one reassembled fragment backwards */
&& (ackskew <= (MAXACKWINDOW << sws))
/* Acking not more than one window forward */
&& ((tcp_flags & TCP_RST) == 0 || orig_seq == src->seqlo
|| (orig_seq == src->seqlo + 1) || (orig_seq + 1 == src->seqlo))) {

Details:

   TCP Client Seq   TCP Client ACKTCP Server Seq
 TCP Server ACK
Before the restart:0x69f1536e 0xa3c81999   0xa3ca2d49   
0x69f15302
After the restart(5s later): 0x69f15302 0xa3c81999   0xa3c561e1 
  0x69f15302

As we can see the new seq 0xa3c561e1 (server steped back since previous 
segments are not acked.) is much less than 0xa3c81999 (client keeps sending 
last acked packet), which leads to failed check on conntrack.

I am using OVS2.7.0+dpdk16.11.3

Any thought?

Br,
Wang Zhike
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH V2] OF1.5/EXT-334 OXS/Extensible Flow Entry Statistics Support

[SatyaValli]

From: SatyaValli 

This Patch provides implementation Existing flow entry statistics are
redefined as standard OXS(OpenFlow Extensible Statistics) fields for
displaying the arbitrary flow stats.The existing Flow Stats were renamed
as Flow Description.

To support this implementation below messages are newly added

OFPRAW_OFPT15_FLOW_REMOVED,
OFPRAW_OFPST15_FLOW_REQUEST,
OFPRAW_OFPST15_FLOW_DESC_REQUEST,
OFPRAW_OFPST15_AGGREGATE_REQUEST,
OFPRAW_OFPST15_FLOW_REPLY,
OFPRAW_OFPST15_FLOW_DESC_REPLY,
OFPRAW_OFPST15_AGGREGATE_REPLY,

The current commit adds support for the new feature in flow statistics
multipart messages,aggregate multipart messages and OXS support for flow
removal message, individual flow description messages.

"ovs-ofctl dump-flows" needs to be provided with the arbitrary OXS fields
for displaying the desired flow stats.

Below are Commands to display OXS stats field wise

Flow Statistics Multipart
ovs-ofctl dump-flows -O OpenFlow15  idle_time
ovs-ofctl dump-flows -O OpenFlow15  packet_count
ovs-ofctl dump-flows -O OpenFlow15  byte_count

Aggregate Flow Statistics Multipart
ovs-ofctl dump-aggregate -O OpenFlow15  packet_count
ovs-ofctl dump-aggregate -O OpenFlow15  byte_count

Flow Descritption
ovs-ofctl dump-flow-desc -O OpenFlow15  idle_time
ovs-ofctl dump-flow-desc -O OpenFlow15  packet_count
ovs-ofctl dump-flow-desc -O OpenFlow15  byte_count

Signed-off-by: Satya Valli 
Co-authored-by: Lavanya Harivelam 
Signed-off-by: Lavanya Harivelam 
Co-authored-by: Surya Muttamsetty 
Signed-off-by: Surya Muttamsetty 
Co-authored-by: Manasa Cherukupally 
Signed-off-by: Manasa Cherukupally 
Co-authored-by: Pavani Panthagada 
Signed-off-by: Pavani Panthagada 

---
 NEWS|   9 +
 include/openflow/openflow-1.5.h |  81 
 include/openvswitch/ofp-msgs.h  |  31 +-
 include/openvswitch/ofp-parse.h |   6 +-
 include/openvswitch/ofp-util.h  |  18 +-
 lib/automake.mk |   2 +
 lib/ofp-parse.c |  72 ++-
 lib/ofp-print.c |   2 +
 lib/ofp-util.c  | 286 +++-
 lib/ox-stat.c   | 984 
 lib/ox-stat.h   |  52 +++
 lib/rconn.c |   2 +
 ofproto/ofproto.c   |   9 +-
 tests/ofp-print.at  | 127 ++
 tests/ofproto-dpif.at   |  84 
 tests/ofproto.at|   5 +
 utilities/ovs-ofctl.8.in|  48 +-
 utilities/ovs-ofctl.c   |  34 +-
 18 files changed, 1795 insertions(+), 57 deletions(-)
 create mode 100644 lib/ox-stat.c
 create mode 100644 lib/ox-stat.h

diff --git a/NEWS b/NEWS
index af98c2f..ec4501c 100644
--- a/NEWS
+++ b/NEWS
@@ -33,6 +33,15 @@ Post-v2.8.0
 v2.8.0 - 31 Aug 2017
 
- ovs-ofctl:
+ * Existing flow entry statistics are redefined as standard OXS(OpenFlow
+   Extensible Statistics) fields for displaying the arbitrary flow stats.
+ * Now "ovs-ofctl dump-flows" needs to be provided with the arbitrary OXS
+   fields i.e flow duration, flow count, packet count, byte count or all
+   for displaying the desired flow stats.By default with "ovs-ofctl dump-
+   flows" displays only flow duration. See ovs-ofctl(8) for details.
+ * The existing flow statistics are renamed as Flow Description. Now the
+   information about individual flow entries will be displayed with the
+   help of ovs-ofctl dump-flow-desc. See ovs-ofctl(8) for details.
  * ovs-ofctl can now accept and display port names in place of numbers.  By
default it always accepts names and in interactive use it displays them;
use --names or --no-names to override.  See ovs-ofctl(8) for details.
diff --git a/include/openflow/openflow-1.5.h b/include/openflow/openflow-1.5.h
index 73b76d8..d1870ce 100644
--- a/include/openflow/openflow-1.5.h
+++ b/include/openflow/openflow-1.5.h
@@ -163,4 +163,85 @@ struct ofp15_packet_out {
 };
 OFP_ASSERT(sizeof(struct ofp15_packet_out) == 8);
 
+struct ofp_oxs_stat {
+ovs_be16 reserved;  /* Reserved for future use,
+ * currently zeroed. */
+ovs_be16 length;/* Stats Length */
+};
+
+OFP_ASSERT(sizeof(struct ofp_oxs_stat) == 4);
+
+/* Body for ofp_multipart_request of type
+ * OFPMP_FLOW_DESC & OFPMP_FLOW_STATS. */
+struct ofp15_flow_stats_request {
+uint8_t table_id;   /* ID of table to read (from ofp_table_desc),
+ * OFPTT_ALL for all tables. */
+uint8_t pad[3]; /* Align to 32 bits. */
+ovs_be32 out_port;  /* Require matching entries to include this as
+ * an output port. A value of OFP_ANY
+