[ovs-dev] [RFC] netdev-rte-offloads: HW offload virtio-forwarder

[Roni Bar Yanai]

Background
==

OVS HW offload solution is consisted of forwarding and control. HW implements
embedded switch that connects SRIOV VF's and forwards packets according to the
dynamically configured HW rules (packets can be altered by HW rules). Packets
that have no forwarding rule, called exception packets, are sent to the control
path (OVS SW). OVS SW will handle the exception packet (just like in SW only
mode),  namely calling up-call if no DP flow exists. OVS SW will use port
representor for representing the VF. see:
(https://doc.dpdk.org/guides/prog_guide/switch_representation.html).
Packets sent from VF will get to the port representor and packets
sent to the port representor will get to the VF. Once OVS SW generates a
data plane flow, a new HW rules will be configured in the embedded switch.
following packet on the on the same flow will be directed by HW only. Will
arrive directly from VF (also uplink) to VF without getting to SW.

For some HW architecture only the shortly presented SRIOV hw offload
architecture is supported. SRIOV architecture requires that the guest will
install a driver which is specific for the underlying HW. Specific HW driver
interduces two main problems for virtualization:
1. It breaks virtualization in some sense (VM aware of the HW).
2. less natural support for live migration.
Using virtio interface solves both problems (on the expense of some loss in
functionality and performance). However, for some HW offload, working directly
with vitrio cannot be supported.

HW offload for virtio architecture


We suggest an architecture for HW offload of virtio interface that
adds another component called virtio-forwarder on top of the current
architecture. The forwarder is a software or hardware (for vdpa) component that
connects the VF with a matching virtio interface as shown below:


   | PR1  ---
 --|--   |   |
| |  | forwarder |
| OVS |  |   |
| |  - -
 -| VF1   | virtio1   | |
   | uplink   |   |   |  guest  |
  -   |   \ --| |
|  |- /-
|  e-switch|
|  |
--

The forwarder role is to function as a wire between the VF and the virtio.
Forwarder reads packets from the rx-queue and sends them to the peer
tx-queue (and vice versa). since the function in this case is reduced to
forwarding packets without inspecting them, a single core can push a very high
number of PPS (near DPDK forwarding performance).

There are 3 sub use cases.

OVS-dpdk

This is the basic use case that was just described. In this use case we have
port representor, VF and virtio (forwarding should be done between VF and 
virtio).

Vdpa
-
Vdpa enables the HW to directly put the packets in the VM virtio. In this case
the forwarding is done in HW, but it requires that some SW will handle the
control. Configure the queues and adjust configuration according to VHOST
updates.

OVS-kernel
--
OVS-kernel HW offload has the same limitation. However, in the case of
just forwarding packets, DPDK has a great performance advantage over the kernel.
It would be good to also add this use case, looking on implementation
effort and performance gain.

Why not just use standalone (DPDK test PMD)?


1. When HW-offload is running, we expect that most of the traffic will be
   handled by HW, so the PMD thread will be mostly idle. we don't want to burn
   another core for the forwarding.
2. Standalone application is another application with all the additional
   overheads: start, configuration, monitoring...etc. besides being another
   project which means another dependency.
3. Using already existing OVS load balancing and NUMA awareness. Forwarding
   should have the exact same symptoms of unbalanced workload as regular 
rx-queue
4. We might need to have some prioritization, exception packets are more
   important than forwarding. Being on the same domain will make it possible
   to add such prioritization while reducing CPU requirement to minimum.

OVS virtio-forwarder


The suggestion is to put the wire and control functionality in the hw-offload
module. Looking on the forwarder functionality we have control and data.
The control is the configuration: Virtio/VF matching (and type). queues
configuration (defined when VM initialized, and can change)...etc. The data is
the actual forwarding that needs a context to run it. As explained, forwarding
is reduced to a simple rx-burst and tx-burst where all can be predefined
after the configuration.

We add the forwarding layer to the hw offload module and we configure it
separately. For example:

ovs-appctl hw-offload/set-fw
vhost-server-path=/tmp

[ovs-dev] [RFC V2] netdev-rte-offloads: HW offload virtio-forwarder

[Roni Bar Yanai]

Background
==

OVS HW offload solution is consisted of forwarding and control. HW implements
embedded switch that connects SRIOV VF's and forwards packets according to the
dynamically configured HW rules (packets can be altered by HW rules). Packets
that have no forwarding rule, called exception packets, are sent to the control
path (OVS SW). OVS SW will handle the exception packet (just like in SW only
mode),  namely calling up-call if no DP flow exists. OVS SW will use port
representor for representing the VF. see:
(https://doc.dpdk.org/guides/prog_guide/switch_representation.html).
Packets sent from VF will get to the port representor and packets
sent to the port representor will get to the VF. Once OVS SW generates a
data plane flow, a new HW rules will be configured in the embedded switch.
following packet on the on the same flow will be directed by HW only. Will
arrive directly from VF (also uplink) to VF without getting to SW.

For some HW architecture only the shortly presented SRIOV hw offload
architecture is supported. SRIOV architecture requires that the guest will
install a driver which is specific for the underlying HW. Specific HW driver
interduces two main problems for virtualization:
1. It breaks virtualization in some sense (VM aware of the HW).
2. less natural support for live migration.
Using virtio interface solves both problems (on the expense of some loss in
functionality and performance). However, for some HW offload, working directly
with vitrio cannot be supported.

HW offload for virtio architecture


We suggest an architecture for HW offload of virtio interface that
adds another component called virtio-forwarder on top of the current
architecture. The forwarder is a software or hardware (for vdpa) component that
connects the VF with a matching virtio interface as shown below:


   | PR1  ---
 --|--   |   |
| |  | forwarder |
| OVS |  |   |
   | |  - -
 -| VF1   | virtio1   | |
   | uplink   |   |   |  guest  |
  -   |   \ --| |
|  |- /-
|  e-switch|
|  |
--

The forwarder role is to function as a wire between the VF and the virtio.
Forwarder reads packets from the rx-queue and sends them to the peer
tx-queue (and vice versa). since the function in this case is reduced to
forwarding packets without inspecting them, a single core can push a very high
number of PPS (near DPDK forwarding performance).

There are 3 sub use cases.

OVS-dpdk

This is the basic use case that was just described. In this use case we have
port representor, VF and virtio (forwarding should be done between VF and 
virtio).

Vdpa
-
Vdpa enables the HW to directly put the packets in the VM virtio. In this case
the forwarding is done in HW, but it requires that some SW will handle the
control. Configure the queues and adjust configuration according to VHOST
updates.

OVS-kernel
--
OVS-kernel HW offload has the same limitation. However, in the case of
just forwarding packets, DPDK has a great performance advantage over the kernel.
It would be good to also add this use case, looking on implementation
effort and performance gain.

Why not just use standalone (DPDK test PMD)?


1. When HW-offload is running, we expect that most of the traffic will be
   handled by HW, so the PMD thread will be mostly idle. we don't want to burn
   another core for the forwarding.
2. Standalone application is another application with all the additional
   overheads: start, configuration, monitoring...etc. besides being another
   project which means another dependency.
3. Using already existing OVS load balancing and NUMA awareness. Forwarding
   should have the exact same symptoms of unbalanced workload as regular 
rx-queue
4. We might need to have some prioritization, exception packets are more
   important than forwarding. Being on the same domain will make it possible
   to add such prioritization while reducing CPU requirement to minimum.

OVS virtio-forwarder


The suggestion is to put the wire and control functionality in the hw-offload
module. Looking on the forwarder functionality we have control and data.
The control is the configuration: Virtio/VF matching (and type). queues
configuration (defined when VM initialized, and can change)...etc. The data is
the actual forwarding that needs a context to run it. As explained, forwarding
is reduced to a simple rx-burst and tx-burst where all can be predefined
after the configuration.

We add the forwarding layer to the hw offload module and we configure it
separately. For example:

ovs-appctl hw-offload/set-fw
vhost-server-path=/tmp/

[ovs-dev] Donation from Mrs Rose Mathins, i have a donation of $4.5 Million USA dollars for you to use and build humanitarian charity home for orphans there in your country. I will be waiting for your

[Rose Mathins]

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCHv7] netdev-afxdp: add new netdev type for AF_XDP.

[Ilya Maximets]

Hi. Thanks for a new version.

Quick review inline.

Best regards, Ilya Maximets.

On 03.05.2019 22:02, William Tu wrote:
> The patch introduces experimental AF_XDP support for OVS netdev.
> AF_XDP, Address Family of the eXpress Data Path, is a new Linux socket type
> built upon the eBPF and XDP technology.  It is aims to have comparable
> performance to DPDK but cooperate better with existing kernel's networking
> stack.  An AF_XDP socket receives and sends packets from an eBPF/XDP program
> attached to the netdev, by-passing a couple of Linux kernel's subsystems
> As a result, AF_XDP socket shows much better performance than AF_PACKET
> For more details about AF_XDP, please see linux kernel's
> Documentation/networking/af_xdp.rst
> 
> Signed-off-by: William Tu 
> 
> ---
> v1->v2:
> - add a list to maintain unused umem elements
> - remove copy from rx umem to ovs internal buffer
> - use hugetlb to reduce misses (not much difference)
> - use pmd mode netdev in OVS (huge performance improve)
> - remove malloc dp_packet, instead put dp_packet in umem
> 
> v2->v3:
> - rebase on the OVS master, 7ab4b0653784
>   ("configure: Check for more specific function to pull in pthread library.")
> - remove the dependency on libbpf and dpif-bpf.
>   instead, use the built-in XDP_ATTACH feature.
> - data structure optimizations for better performance, see[1]
> - more test cases support
> v3: https://mail.openvswitch.org/pipermail/ovs-dev/2018-November/354179.html
> 
> v3->v4:
> - Use AF_XDP API provided by libbpf
> - Remove the dependency on XDP_ATTACH kernel patch set
> - Add documentation, bpf.rst
> 
> v4->v5:
> - rebase to master
> - remove rfc, squash all into a single patch
> - add --enable-afxdp, so by default, AF_XDP is not compiled
> - add options: xdpmode=drv,skb
> - add multiple queue and multiple PMD support, with options: n_rxq
> - improve documentation, rename bpf.rst to af_xdp.rst
> 
> v5->v6
> - rebase to master, commit 0cdd5b13de91b98
> - address errors from sparse and clang
> - pass travis-ci test
> - address feedback from Ben
> - fix issues reported by 0-day robot
> - improved documentation
> 
> v6-v7
> - rebase to master, commit abf11558c1515bf3b1
> - address feedbacks from Ilya, Ben, and Eelco, see:
>   https://www.mail-archive.com/ovs-dev@openvswitch.org/msg32357.html
> - add XDP mode change, implement get/set_config, reconfigure
> - Fix reconfiguration/crash issue caused by libbpf, see patch:
>   [PATCH bpf 0/2] libbpf: fixes for AF_XDP teardown
> - perf optimization for batching umem_push/pop
> - perf optimization for batching kick_tx
> - test build with dpdk
> - fix/refactor atomic operation
> - make AF_XDP x86 specific, otherwise fail at build time
> - lots of code refactoring
> - add PVP setup in documentation
> ---
> ---
>  Documentation/automake.mk |   1 +
>  Documentation/index.rst   |   1 +
>  Documentation/intro/install/afxdp.rst | 469 
>  Documentation/intro/install/index.rst |   1 +
>  acinclude.m4  |  32 ++
>  configure.ac  |   1 +
>  lib/automake.mk   |  12 +
>  lib/dp-packet.c   |  12 +
>  lib/dp-packet.h   |  18 +
>  lib/dpif-netdev-perf.h|  14 +
>  lib/netdev-afxdp.c| 698 
>  lib/netdev-afxdp.h|  51 ++
>  lib/netdev-linux.c| 118 ++--
>  lib/netdev-linux.h|  72 +++
>  lib/netdev-provider.h |   4 +-
>  lib/netdev.c  |   3 +
>  lib/xdpsock.c | 236 
>  lib/xdpsock.h | 127 +
>  tests/automake.mk |  17 +
>  tests/system-afxdp-macros.at  | 153 ++
>  tests/system-afxdp-testsuite.at   |  26 +
>  tests/system-afxdp-traffic.at | 978 
> ++
>  22 files changed, 2993 insertions(+), 51 deletions(-)
>  create mode 100644 Documentation/intro/install/afxdp.rst
>  create mode 100644 lib/netdev-afxdp.c
>  create mode 100644 lib/netdev-afxdp.h
>  create mode 100644 lib/xdpsock.c
>  create mode 100644 lib/xdpsock.h
>  create mode 100644 tests/system-afxdp-macros.at
>  create mode 100644 tests/system-afxdp-testsuite.at
>  create mode 100644 tests/system-afxdp-traffic.at
> 
> diff --git a/Documentation/automake.mk b/Documentation/automake.mk
> index 082438e09a33..11cc59efc881 100644
> --- a/Documentation/automake.mk
> +++ b/Documentation/automake.mk
> @@ -10,6 +10,7 @@ DOC_SOURCE = \
>   Documentation/intro/why-ovs.rst \
>   Documentation/intro/install/index.rst \
>   Documentation/intro/install/bash-completion.rst \
> + Documentation/intro/install/afxdp.rst \
>   Documentation/intro/install/debian.rst \
>   Documentation/intro/install/documentation.rst \
>   Documentation/intro/install/distributions.rst \
> diff --git a/Documentation/index.rst 

Re: [ovs-dev] [PATCHv7] netdev-afxdp: add new netdev type for AF_XDP.

[Ilya Maximets]

On 03.05.2019 22:02, William Tu wrote:
> +static struct xsk_socket_info *
> +xsk_configure(int ifindex, int xdp_queue_id, int xdpmode)
> +{
> +struct xsk_socket_info *xsk;
> +struct xsk_umem_info *umem;
> +void *bufs;
> +int ret;
> +
> +/* umem memory region */
> +ret = posix_memalign(&bufs, getpagesize(),
> + NUM_FRAMES * FRAME_SIZE);

Please, use 'get_page_size()' from lib/util.h instead of 'getpagesize()'
here and in other places. 'getpagesize()' is not portable.

Best regards, Ilya Maximets.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [patch v1] conntrack: Free conntrack context in 'conntrack_destroy()'.

[Darrell Ball]

Fixes: 57593fd24378 ( conntrack: Stop exporting internal datastructures.)
Signed-off-by: Darrell Ball 
---
 lib/conntrack.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/conntrack.c b/lib/conntrack.c
index 83fc8f2..49f6325 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -391,6 +391,7 @@ conntrack_destroy(struct conntrack *ct)
 ct_rwlock_unlock(&ct->resources_lock);
 ct_rwlock_destroy(&ct->resources_lock);
 ipf_destroy(ct->ipf);
+free(ct);
 }
 
 static unsigned hash_to_bucket(uint32_t hash)
-- 
1.9.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [patch v5 2/2] conntrack: Add rcu support.

[Ben Pfaff]

On Thu, May 02, 2019 at 09:34:05PM -0700, Darrell Ball wrote:
> For performance and code simplification reasons, add rcu support for
> conntrack. The array of hmaps is replaced by a cmap as part of this
> conversion.  Using a single map also simplifies the handling of NAT
> and allows the removal of the nat_conn map and friends.  Per connection
> entry locks are introduced, which are needed in a few code paths.
> 
> Signed-off-by: Darrell Ball 

In struct conn, what does the lock member protect?  I recommend noting
that in the struct definition.  It would aid code review.  Perhaps they
should be marked as OVS_GUARDED.

I think that 'conn_type' and 'exp_list_id' contain enumerated values, so
it would be best to declare them as those types, because it makes code
clearer and sometimes enables the compiler to give better diagnostics.
Maybe you are concerned about the sizes of those types?  You can use
OVS_PACKED_ENUM to keep them small.

I'd like to take another look once the locking is clearer to me.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH v2 0/3] netdev: Dynamic per-port Flow API + Offload Split Up.

[Ilya Maximets]

This is the combined patch-set for dynamic flow API along with
the further work about splitting up netdev offloading from the
generic netdev related code and making different netdev flow
offloading implementations more or less consistent.

Version 2:
  * No functional changes.
  * Patches combined in a single patch-set.
  * Fixed non-alphabetical order of files in mk file.
  * Added Acks from Ben.

For patch #1 since RFC:
  * Fixed sparce build.
  * Some logs turned from INFO to DBG.
  * Enabled HW offloading on non-Linux systems
(For testing with dummy provider).

Ilya Maximets (3):
  netdev: Dynamic per-port Flow API.
  netdev: Split up netdev offloading to separate module.
  netdev-offload: Rename offload providers.

 lib/automake.mk   |   9 +-
 lib/dpdk.c|   2 +
 lib/dpif-netdev.c |   1 +
 lib/dpif-netlink.c|   1 +
 lib/netdev-dpdk.c |  25 +-
 lib/netdev-dpdk.h |   3 +
 lib/netdev-dummy.c|  24 +-
 lib/netdev-linux.c|   3 -
 lib/netdev-linux.h|  10 -
 ...v-rte-offloads.c => netdev-offload-dpdk.c} |  56 +-
 lib/netdev-offload-provider.h | 105 +++
 ...tdev-tc-offloads.c => netdev-offload-tc.c} |  42 +-
 lib/netdev-offload.c  | 658 ++
 lib/netdev-offload.h  | 126 
 lib/netdev-provider.h |  88 +--
 lib/netdev-rte-offloads.h |  57 --
 lib/netdev-tc-offloads.h  |  44 --
 lib/netdev-vport.c|   6 +-
 lib/netdev.c  | 465 +
 lib/netdev.h  |  57 --
 tests/dpif-netdev.at  |   4 +-
 tests/ofproto-macros.at   |   1 -
 vswitchd/bridge.c |   1 +
 23 files changed, 1026 insertions(+), 762 deletions(-)
 rename lib/{netdev-rte-offloads.c => netdev-offload-dpdk.c} (93%)
 create mode 100644 lib/netdev-offload-provider.h
 rename lib/{netdev-tc-offloads.c => netdev-offload-tc.c} (98%)
 create mode 100644 lib/netdev-offload.c
 create mode 100644 lib/netdev-offload.h
 delete mode 100644 lib/netdev-rte-offloads.h
 delete mode 100644 lib/netdev-tc-offloads.h

-- 
2.17.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH v2 2/3] netdev: Split up netdev offloading to separate module.

[Ilya Maximets]

New module 'netdev-offload' created to manage different flow API
implementations. All the generic and provider independent code moved
there from the 'netdev' module.

Flow API providers further encapsulated.

The only function that was changed is 'netdev_any_oor'.
Now it uses offloading related hmap instead of common 'netdev_shash'.

Signed-off-by: Ilya Maximets 
Acked-by: Ben Pfaff 
---
 lib/automake.mk   |   3 +-
 lib/dpdk.c|   4 +-
 lib/dpif-netdev.c |   1 +
 lib/dpif-netlink.c|   1 +
 lib/netdev-dpdk.c |   1 -
 lib/netdev-offload-provider.h |   6 +
 lib/netdev-offload.c  | 658 ++
 lib/netdev-offload.h  | 126 +++
 lib/netdev-provider.h |  21 +-
 lib/netdev-rte-offloads.c |   8 +-
 lib/netdev-rte-offloads.h |  22 --
 lib/netdev.c  | 594 +-
 lib/netdev.h  |  57 ---
 vswitchd/bridge.c |   1 +
 14 files changed, 801 insertions(+), 702 deletions(-)
 create mode 100644 lib/netdev-offload.c
 create mode 100644 lib/netdev-offload.h
 delete mode 100644 lib/netdev-rte-offloads.h

diff --git a/lib/automake.mk b/lib/automake.mk
index c70fda3f8..b2d90da4e 100644
--- a/lib/automake.mk
+++ b/lib/automake.mk
@@ -137,9 +137,10 @@ lib_libopenvswitch_la_SOURCES = \
lib/namemap.c \
lib/netdev-dpdk.h \
lib/netdev-dummy.c \
+   lib/netdev-offload.c \
+   lib/netdev-offload.h \
lib/netdev-offload-provider.h \
lib/netdev-provider.h \
-   lib/netdev-rte-offloads.h \
lib/netdev-vport.c \
lib/netdev-vport.h \
lib/netdev-vport-private.h \
diff --git a/lib/dpdk.c b/lib/dpdk.c
index 6c6298635..a253bef71 100644
--- a/lib/dpdk.c
+++ b/lib/dpdk.c
@@ -34,7 +34,7 @@
 #include "dirs.h"
 #include "fatal-signal.h"
 #include "netdev-dpdk.h"
-#include "netdev-rte-offloads.h"
+#include "netdev-offload-provider.h"
 #include "openvswitch/dynamic-string.h"
 #include "openvswitch/vlog.h"
 #include "ovs-numa.h"
@@ -443,7 +443,7 @@ dpdk_init__(const struct smap *ovs_other_config)
 
 /* Finally, register the dpdk classes */
 netdev_dpdk_register();
-netdev_dpdk_flow_api_register();
+netdev_register_flow_api_provider(&netdev_dpdk_offloads);
 return true;
 }
 
diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c
index 5a6f2abac..4ad04fdd3 100644
--- a/lib/dpif-netdev.c
+++ b/lib/dpif-netdev.c
@@ -50,6 +50,7 @@
 #include "ipf.h"
 #include "latch.h"
 #include "netdev.h"
+#include "netdev-offload.h"
 #include "netdev-provider.h"
 #include "netdev-vport.h"
 #include "netlink.h"
diff --git a/lib/dpif-netlink.c b/lib/dpif-netlink.c
index c554666ac..ba80a0079 100644
--- a/lib/dpif-netlink.c
+++ b/lib/dpif-netlink.c
@@ -38,6 +38,7 @@
 #include "fat-rwlock.h"
 #include "flow.h"
 #include "netdev-linux.h"
+#include "netdev-offload.h"
 #include "netdev-provider.h"
 #include "netdev-vport.h"
 #include "netdev.h"
diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c
index c06c9ef81..6ea618951 100644
--- a/lib/netdev-dpdk.c
+++ b/lib/netdev-dpdk.c
@@ -47,7 +47,6 @@
 #include "dpif-netdev.h"
 #include "fatal-signal.h"
 #include "netdev-provider.h"
-#include "netdev-rte-offloads.h"
 #include "netdev-vport.h"
 #include "odp-util.h"
 #include "openvswitch/dynamic-string.h"
diff --git a/lib/netdev-offload-provider.h b/lib/netdev-offload-provider.h
index ceeaa50b0..2634efca0 100644
--- a/lib/netdev-offload-provider.h
+++ b/lib/netdev-offload-provider.h
@@ -19,6 +19,8 @@
 #define NETDEV_FLOW_API_PROVIDER_H 1
 
 #include "flow.h"
+#include "netdev-offload.h"
+#include "openvswitch/netdev.h"
 #include "openvswitch/types.h"
 #include "packets.h"
 
@@ -92,6 +94,10 @@ int netdev_unregister_flow_api_provider(const char *type);
 extern const struct netdev_flow_api netdev_tc_offloads;
 #endif
 
+#ifdef DPDK_NETDEV
+extern const struct netdev_flow_api netdev_dpdk_offloads;
+#endif
+
 #ifdef  __cplusplus
 }
 #endif
diff --git a/lib/netdev-offload.c b/lib/netdev-offload.c
new file mode 100644
index 0..e0731959d
--- /dev/null
+++ b/lib/netdev-offload.c
@@ -0,0 +1,658 @@
+/*
+ * Copyright (c) 2008 - 2014, 2016, 2017 Nicira, Inc.
+ * Copyright (c) 2019 Samsung Electronics Co.,Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include 
+#include "netdev-offload.h"
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include "cmap.h"

[ovs-dev] [PATCH v2 3/3] netdev-offload: Rename offload providers.

[Ilya Maximets]

Flow API providers renamed to be consistent with parent module
'netdev-offload' and look more like each other.

'_rte_' replaced with more convenient '_dpdk_'.

We'll have following structure:

  Common code:
lib/netdev-offload-provider.h
lib/netdev-offload.c
lib/netdev-offload.h

  Providers:
lib/netdev-offload-tc.c
lib/netdev-offload-dpdk.c

'netdev-offload-dummy' still resides inside netdev-dummy, but it
makes no much sence to move it out of there.

Signed-off-by: Ilya Maximets 
Acked-by: Ben Pfaff 
---
 lib/automake.mk   |  4 +--
 lib/dpdk.c|  2 +-
 lib/netdev-dummy.c|  4 +--
 ...v-rte-offloads.c => netdev-offload-dpdk.c} | 30 +--
 lib/netdev-offload-provider.h |  4 +--
 ...tdev-tc-offloads.c => netdev-offload-tc.c} |  5 ++--
 lib/netdev.c  |  2 +-
 7 files changed, 25 insertions(+), 26 deletions(-)
 rename lib/{netdev-rte-offloads.c => netdev-offload-dpdk.c} (96%)
 rename lib/{netdev-tc-offloads.c => netdev-offload-tc.c} (99%)

diff --git a/lib/automake.mk b/lib/automake.mk
index b2d90da4e..27bc376c0 100644
--- a/lib/automake.mk
+++ b/lib/automake.mk
@@ -394,7 +394,7 @@ lib_libopenvswitch_la_SOURCES += \
lib/if-notifier.h \
lib/netdev-linux.c \
lib/netdev-linux.h \
-   lib/netdev-tc-offloads.c \
+   lib/netdev-offload-tc.c \
lib/netlink-conntrack.c \
lib/netlink-conntrack.h \
lib/netlink-notifier.c \
@@ -414,7 +414,7 @@ if DPDK_NETDEV
 lib_libopenvswitch_la_SOURCES += \
lib/dpdk.c \
lib/netdev-dpdk.c \
-   lib/netdev-rte-offloads.c
+   lib/netdev-offload-dpdk.c
 else
 lib_libopenvswitch_la_SOURCES += \
lib/dpdk-stub.c
diff --git a/lib/dpdk.c b/lib/dpdk.c
index a253bef71..fc89a0931 100644
--- a/lib/dpdk.c
+++ b/lib/dpdk.c
@@ -443,7 +443,7 @@ dpdk_init__(const struct smap *ovs_other_config)
 
 /* Finally, register the dpdk classes */
 netdev_dpdk_register();
-netdev_register_flow_api_provider(&netdev_dpdk_offloads);
+netdev_register_flow_api_provider(&netdev_offload_dpdk);
 return true;
 }
 
diff --git a/lib/netdev-dummy.c b/lib/netdev-dummy.c
index 2e2e0c2ab..b305c08d4 100644
--- a/lib/netdev-dummy.c
+++ b/lib/netdev-dummy.c
@@ -1581,7 +1581,7 @@ netdev_dummy_offloads_init_flow_api(struct netdev *netdev)
 return is_dummy_class(netdev->netdev_class) ? 0 : -1;
 }
 
-static const struct netdev_flow_api netdev_dummy_offloads = {
+static const struct netdev_flow_api netdev_offload_dummy = {
 .type = "dummy",
 .flow_put = netdev_dummy_flow_put,
 .flow_del = netdev_dummy_flow_del,
@@ -2034,7 +2034,7 @@ netdev_dummy_register(enum dummy_level level)
 netdev_register_provider(&dummy_internal_class);
 netdev_register_provider(&dummy_pmd_class);
 
-netdev_register_flow_api_provider(&netdev_dummy_offloads);
+netdev_register_flow_api_provider(&netdev_offload_dummy);
 
 netdev_vport_tunnel_register();
 }
diff --git a/lib/netdev-rte-offloads.c b/lib/netdev-offload-dpdk.c
similarity index 96%
rename from lib/netdev-rte-offloads.c
rename to lib/netdev-offload-dpdk.c
index e5239eba6..64c0eab40 100644
--- a/lib/netdev-rte-offloads.c
+++ b/lib/netdev-offload-dpdk.c
@@ -27,7 +27,7 @@
 #include "packets.h"
 #include "uuid.h"
 
-VLOG_DEFINE_THIS_MODULE(netdev_rte_offloads);
+VLOG_DEFINE_THIS_MODULE(netdev_offload_dpdk);
 
 /* Thread-safety
  * =
@@ -411,7 +411,7 @@ add_flow_rss_action(struct flow_actions *actions,
 }
 
 static int
-netdev_rte_offloads_add_flow(struct netdev *netdev,
+netdev_offload_dpdk_add_flow(struct netdev *netdev,
  const struct match *match,
  struct nlattr *nl_actions OVS_UNUSED,
  size_t actions_len OVS_UNUSED,
@@ -617,7 +617,7 @@ out:
  * Check if any unsupported flow patterns are specified.
  */
 static int
-netdev_rte_offloads_validate_flow(const struct match *match)
+netdev_offload_dpdk_validate_flow(const struct match *match)
 {
 struct match match_zero_wc;
 const struct flow *masks = &match->wc.masks;
@@ -686,7 +686,7 @@ err:
 }
 
 static int
-netdev_rte_offloads_destroy_flow(struct netdev *netdev,
+netdev_offload_dpdk_destroy_flow(struct netdev *netdev,
  const ovs_u128 *ufid,
  struct rte_flow *rte_flow)
 {
@@ -707,7 +707,7 @@ netdev_rte_offloads_destroy_flow(struct netdev *netdev,
 }
 
 static int
-netdev_rte_offloads_flow_put(struct netdev *netdev, struct match *match,
+netdev_offload_dpdk_flow_put(struct netdev *netdev, struct match *match,
  struct nlattr *actions, size_t actions_len,
  const ovs_u128 *ufid, struct offload_info *info,
  struct dpif_flow_stats *stats OVS_UNUSED)
@@ -721,23 +721,23 @@ netdev_rte_offloads_flow_put(s

Re: [ovs-dev] [patch v5 2/2] conntrack: Add rcu support.

[Darrell Ball]

On Mon, May 6, 2019 at 8:01 AM Ben Pfaff  wrote:

> On Thu, May 02, 2019 at 09:34:05PM -0700, Darrell Ball wrote:
> > For performance and code simplification reasons, add rcu support for
> > conntrack. The array of hmaps is replaced by a cmap as part of this
> > conversion.  Using a single map also simplifies the handling of NAT
> > and allows the removal of the nat_conn map and friends.  Per connection
> > entry locks are introduced, which are needed in a few code paths.
> >
> > Signed-off-by: Darrell Ball 
>
> In struct conn, what does the lock member protect?  I recommend noting
> that in the struct definition.  It would aid code review.  Perhaps they
> should be marked as OVS_GUARDED.
>
>
yep


> I think that 'conn_type' and 'exp_list_id' contain enumerated values, so
> it would be best to declare them as those types, because it makes code
> clearer and sometimes enables the compiler to give better diagnostics.
> Maybe you are concerned about the sizes of those types?


yes


>   You can use
> OVS_PACKED_ENUM to keep them small.
>

good


Thanks !



>
> I'd like to take another look once the locking is clearer to me.
>
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH v2 1/3] netdev: Dynamic per-port Flow API.

[Ilya Maximets]

Current issues with Flow API:

* OVS calls offloading functions regardless of successful
  flow API initialization. (ex. on init_flow_api failure)
* Static initilaization of Flow API for a netdev_class forbids
  having different offloading types for different instances
  of netdev with the same netdev_class. (ex. different vports in
  'system' and 'netdev' datapaths at the same time)

Solution:

* Move Flow API from the netdev_class to netdev instance.
* Make Flow API dynamic, i.e. probe the APIs and choose the
  suitable one.

Side effects:

* Flow API providers localized as possible in their modules.
* Now we have an ability to make runtime checks. For example,
  we could check if particular device supports features we
  need, like if dpdk device supports RSS+MARK action.

Signed-off-by: Ilya Maximets 
---
 lib/automake.mk   |   2 +-
 lib/dpdk.c|   2 +
 lib/netdev-dpdk.c |  24 +++-
 lib/netdev-dpdk.h |   3 +
 lib/netdev-dummy.c|  24 +++-
 lib/netdev-linux.c|   3 -
 lib/netdev-linux.h|  10 --
 lib/netdev-offload-provider.h |  99 +++
 lib/netdev-provider.h |  67 +--
 lib/netdev-rte-offloads.c |  40 +-
 lib/netdev-rte-offloads.h |  41 +--
 lib/netdev-tc-offloads.c  |  39 --
 lib/netdev-tc-offloads.h  |  44 ---
 lib/netdev-vport.c|   6 +-
 lib/netdev.c  | 221 +++---
 tests/dpif-netdev.at  |   4 +-
 tests/ofproto-macros.at   |   1 -
 17 files changed, 398 insertions(+), 232 deletions(-)
 create mode 100644 lib/netdev-offload-provider.h
 delete mode 100644 lib/netdev-tc-offloads.h

diff --git a/lib/automake.mk b/lib/automake.mk
index cc5dccf39..c70fda3f8 100644
--- a/lib/automake.mk
+++ b/lib/automake.mk
@@ -137,6 +137,7 @@ lib_libopenvswitch_la_SOURCES = \
lib/namemap.c \
lib/netdev-dpdk.h \
lib/netdev-dummy.c \
+   lib/netdev-offload-provider.h \
lib/netdev-provider.h \
lib/netdev-rte-offloads.h \
lib/netdev-vport.c \
@@ -393,7 +394,6 @@ lib_libopenvswitch_la_SOURCES += \
lib/netdev-linux.c \
lib/netdev-linux.h \
lib/netdev-tc-offloads.c \
-   lib/netdev-tc-offloads.h \
lib/netlink-conntrack.c \
lib/netlink-conntrack.h \
lib/netlink-notifier.c \
diff --git a/lib/dpdk.c b/lib/dpdk.c
index dc6171546..6c6298635 100644
--- a/lib/dpdk.c
+++ b/lib/dpdk.c
@@ -34,6 +34,7 @@
 #include "dirs.h"
 #include "fatal-signal.h"
 #include "netdev-dpdk.h"
+#include "netdev-rte-offloads.h"
 #include "openvswitch/dynamic-string.h"
 #include "openvswitch/vlog.h"
 #include "ovs-numa.h"
@@ -442,6 +443,7 @@ dpdk_init__(const struct smap *ovs_other_config)
 
 /* Finally, register the dpdk classes */
 netdev_dpdk_register();
+netdev_dpdk_flow_api_register();
 return true;
 }
 
diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c
index 47153dc60..c06c9ef81 100644
--- a/lib/netdev-dpdk.c
+++ b/lib/netdev-dpdk.c
@@ -4204,6 +4204,27 @@ unlock:
 return err;
 }
 
+bool
+netdev_dpdk_flow_api_supported(struct netdev *netdev)
+{
+struct netdev_dpdk *dev;
+bool ret = false;
+
+if (!is_dpdk_class(netdev->netdev_class)) {
+goto out;
+}
+
+dev = netdev_dpdk_cast(netdev);
+ovs_mutex_lock(&dev->mutex);
+if (dev->type == DPDK_DEV_ETH) {
+/* TODO: Check if we able to offload some minimal flow. */
+ret = true;
+}
+ovs_mutex_unlock(&dev->mutex);
+out:
+return ret;
+}
+
 int
 netdev_dpdk_rte_flow_destroy(struct netdev *netdev,
  struct rte_flow *rte_flow,
@@ -4268,8 +4289,7 @@ netdev_dpdk_rte_flow_create(struct netdev *netdev,
 .get_features = netdev_dpdk_get_features,   \
 .get_status = netdev_dpdk_get_status,   \
 .reconfigure = netdev_dpdk_reconfigure, \
-.rxq_recv = netdev_dpdk_rxq_recv,   \
-DPDK_FLOW_OFFLOAD_API
+.rxq_recv = netdev_dpdk_rxq_recv
 
 static const struct netdev_class dpdk_class = {
 .type = "dpdk",
diff --git a/lib/netdev-dpdk.h b/lib/netdev-dpdk.h
index 9bbb8d8d6..60631c4f0 100644
--- a/lib/netdev-dpdk.h
+++ b/lib/netdev-dpdk.h
@@ -34,6 +34,9 @@ struct rte_flow_action;
 
 void netdev_dpdk_register(void);
 void free_dpdk_buf(struct dp_packet *);
+
+bool netdev_dpdk_flow_api_supported(struct netdev *);
+
 int
 netdev_dpdk_rte_flow_destroy(struct netdev *netdev,
  struct rte_flow *rte_flow,
diff --git a/lib/netdev-dummy.c b/lib/netdev-dummy.c
index 3f90ffa09..2e2e0c2ab 100644
--- a/lib/netdev-dummy.c
+++ b/lib/netdev-dummy.c
@@ -24,6 +24,7 @@
 #include "dp-packet.h"
 #include "dpif-netdev.h"
 #include "flow.h"
+#include "netdev-offload-provider.h"
 #include "netdev-provider.h"
 #include "netdev-vport.h"
 #include "odp-util.h"
@@ -1523,10 +1524,6 @@ exit:
 return error ? -1 : 0;
 }
 
-#define DUMMY_FLOW_OF

Re: [ovs-dev] [RFC 0/5] Quicker pmd threads reloads

[Ilya Maximets]

On 30.04.2019 15:17, David Marchand wrote:
> We have been testing the rebalance code in different situations while
> having traffic going through OVS.
> Those tests have shown that part of the observed packets losses is due to
> some time wasted in signaling/waiting for the pmd threads to reload their
> polling configurations.
> 
> This RFC series is an attempt at getting pmd threads reloads quicker and
> more deterministic.
> 

Do you have some performance data to share?

Best regards, Ilya Maximets.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [patch v1] conntrack: Free conntrack context in 'conntrack_destroy()'.

[Ben Pfaff]

On Mon, May 06, 2019 at 07:37:18AM -0700, Darrell Ball wrote:
> Fixes: 57593fd24378 ( conntrack: Stop exporting internal datastructures.)
> Signed-off-by: Darrell Ball 

Thanks, applied.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [RFC 1/5] dpif-netdev: Convert exit latch to flag.

[Ilya Maximets]

On 30.04.2019 15:17, David Marchand wrote:
> No need for a latch here since we don't have to wait.
> A simple boolean flag is enough.
> 
> Fixes: e4cfed38b159 ("dpif-netdev: Add poll-mode-device thread.")
> Signed-off-by: David Marchand 
> ---
>  lib/dpif-netdev.c | 9 -
>  1 file changed, 4 insertions(+), 5 deletions(-)
> 
> diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c
> index f1422b2..30774ed 100644
> --- a/lib/dpif-netdev.c
> +++ b/lib/dpif-netdev.c
> @@ -681,10 +681,10 @@ struct dp_netdev_pmd_thread {
>  /* Current context of the PMD thread. */
>  struct dp_netdev_pmd_thread_ctx ctx;
>  
> -struct latch exit_latch;/* For terminating the pmd thread. */
>  struct seq *reload_seq;
>  uint64_t last_reload_seq;
>  atomic_bool reload; /* Do we need to reload ports? */
> +atomic_bool exit;   /* For terminating the pmd thread. */
>  pthread_t thread;
>  unsigned core_id;   /* CPU core id of this pmd thread. */
>  int numa_id;/* numa node id of this pmd thread. */
> @@ -5479,7 +5479,7 @@ reload:
>  ovs_mutex_unlock(&pmd->perf_stats.stats_mutex);
>  
>  poll_cnt = pmd_load_queues_and_ports(pmd, &poll_list);
> -exiting = latch_is_set(&pmd->exit_latch);
> +atomic_read_relaxed(&pmd->exit, &exiting);

I'm afraid that relaxed memory model is not suitable here.
You need to change memory models for both 'reload' and 'exit'
or put ack_rel thread fence between them. Otherwise reads/writes
could be reordered resulting in missed exit and main thread
hang on join.

>  /* Signal here to make sure the pmd finishes
>   * reloading the updated configuration. */
>  dp_netdev_pmd_reload_done(pmd);
> @@ -5898,7 +5898,7 @@ dp_netdev_configure_pmd(struct dp_netdev_pmd_thread 
> *pmd, struct dp_netdev *dp,
>  pmd->n_output_batches = 0;
>  
>  ovs_refcount_init(&pmd->ref_cnt);
> -latch_init(&pmd->exit_latch);
> +atomic_init(&pmd->exit, false);
>  pmd->reload_seq = seq_create();
>  pmd->last_reload_seq = seq_read(pmd->reload_seq);
>  atomic_init(&pmd->reload, false);
> @@ -5945,7 +5945,6 @@ dp_netdev_destroy_pmd(struct dp_netdev_pmd_thread *pmd)
>  cmap_destroy(&pmd->classifiers);
>  cmap_destroy(&pmd->flow_table);
>  ovs_mutex_destroy(&pmd->flow_mutex);
> -latch_destroy(&pmd->exit_latch);
>  seq_destroy(pmd->reload_seq);
>  xpthread_cond_destroy(&pmd->cond);
>  ovs_mutex_destroy(&pmd->cond_mutex);
> @@ -5967,7 +5966,7 @@ dp_netdev_del_pmd(struct dp_netdev *dp, struct 
> dp_netdev_pmd_thread *pmd)
>  pmd_free_static_tx_qid(pmd);
>  ovs_mutex_unlock(&dp->non_pmd_mutex);
>  } else {
> -latch_set(&pmd->exit_latch);
> +atomic_store_relaxed(&pmd->exit, true);
>  dp_netdev_reload_pmd__(pmd);
>  xpthread_join(pmd->thread, NULL);
>  }
> 
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] netdev: Dynamic per-port Flow API.

[Ophir Munk]

Hi,
Initial tests show that offload is broken as netdev_rte_offloads_flow_put() is 
not called.
It is not called because it is not registered.
When starting debugging it I noticed in function 
netdev_register_flow_api_provider()
that we may return an uninitialized error value. 
Because of this in my tests calling netdev_register_flow_api_provider() 
returned with errors.

Looking at this function:
Int netdev_register_flow_api_provider(const struct netdev_flow_api 
*new_flow_api)
OVS_EXCLUDED(netdev_flow_api_provider_mutex)
{
int error; // < should be initialized to 0
...
return error;
}

When initializing error to 0 this function returned successfully but 
netdev_rte_offloads_flow_put() is
still not called. 
It requires further debugging.

Regards,
Ophir

> -Original Message-
> From: Ophir Munk
> Sent: Tuesday, April 30, 2019 6:02 PM
> To: Ilya Maximets ; ovs-dev@openvswitch.org
> Cc: Ian Stokes ; Flavio Leitner ;
> Kevin Traynor ; Roni Bar Yanai
> ; Finn Christensen ; Ben Pfaff
> ; Roi Dayan ; Simon Horman
> ; Olga Shern ;
> Asaf Penso ; Oz Shlomo ;
> Majd Dibbiny 
> Subject: RE: [PATCH] netdev: Dynamic per-port Flow API.
> 
> > >
> > > 1. This patch changes code related to OVS offload implementation.
> > > OVS
> > offload must be confirmed with this patch before it is accepted.
> >
> > Sure. And I'll appreciate any help with testing as I'm limited with
> > offloading capable hardware.
> >
> 
> Hopefully I will have test results of this patch regarding MARK+RSS offloads
> next week.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [patch v7] conntrack: Add rcu support.

[Darrell Ball]

For performance and code simplification reasons, add rcu support for
conntrack. The array of hmaps is replaced by a cmap as part of this
conversion.  Using a single map also simplifies the handling of NAT
and allows the removal of the nat_conn map and friends.  Per connection
entry locks are introduced, which are needed in a few code paths.

Signed-off-by: Darrell Ball 
---

v7: Document 'conn' locking better; not using OVS_GUARDED bcoz that
would require several OVS_NO_THREAD_SAFETY_ANALYSIS to avoid
clang false positive.

Use OVS_PACKED_ENUM.

v6: Patch 1 was applied.
Fixed and simplified the expiry list logic; minimal impact on
performance.

v5: Removed a wayward ovs_list_remove() from conn_update_expiration().

Merged some conn level locking that was missed b4 and adjusted const
specifier for conn, as a result.

v4: Just include first 2 patches as the other patches are moved to a
subsequent series.

Reinstated support for running multiple userpace datapaths at the
same time.

Fixed a bug where 'ovs_list_remove()' was misplaced.

Cleaned up some unneeded code.

v3: Dropped Patch 3 from the series since it was broken/incomplete
and not worth the fix, since there are some disadvantages in
terms of maintainability, including treating UDP/ICMP different
than TCP, while the performance benefit was borderline.

Fixed bug in 'nat_res_exhaustion' exception code.

Cleaned up a few APIs - 'conn_clean*'/'delete_conn*' and
removed an unneeded one, 'conn_available()'.  Added more
comments.

Removed non-essential 'nat' field from struct conn_lookup_ctx.

Fixed some splicing issues b/w Patch 1 and Patch 2, where some
aspects of Patch 2 were now moved to Patch 1.

v2: Put back somehow deleted '&' in Patch 1 in call to
check_orig_tuple() for bucket parameter (which is
removed in Patch 2).

 lib/conntrack-icmp.c|  27 +-
 lib/conntrack-other.c   |  14 +-
 lib/conntrack-private.h | 205 +++---
 lib/conntrack-tcp.c |  22 +-
 lib/conntrack.c | 965 
 lib/conntrack.h |   4 +-
 lib/ct-dpif.h   |   2 +-
 7 files changed, 410 insertions(+), 829 deletions(-)

diff --git a/lib/conntrack-icmp.c b/lib/conntrack-icmp.c
index 40fd1d8..fdf50ec 100644
--- a/lib/conntrack-icmp.c
+++ b/lib/conntrack-icmp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2016 Nicira, Inc.
+ * Copyright (c) 2015-2019 Nicira, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,14 +24,14 @@
 #include "conntrack-private.h"
 #include "dp-packet.h"
 
-enum icmp_state {
+enum OVS_PACKED_ENUM icmp_state {
 ICMPS_FIRST,
 ICMPS_REPLY,
 };
 
 struct conn_icmp {
 struct conn up;
-enum icmp_state state;
+enum icmp_state state /* 'conn' lock protected. */;
 };
 
 static const enum ct_timeout icmp_timeouts[] = {
@@ -46,16 +46,12 @@ conn_icmp_cast(const struct conn *conn)
 }
 
 static enum ct_update_res
-icmp_conn_update(struct conn *conn_, struct conntrack_bucket *ctb,
+icmp_conn_update(struct conntrack *ct, struct conn *conn_,
  struct dp_packet *pkt OVS_UNUSED, bool reply, long long now)
 {
 struct conn_icmp *conn = conn_icmp_cast(conn_);
-
-if (reply && conn->state != ICMPS_REPLY) {
-conn->state = ICMPS_REPLY;
-}
-
-conn_update_expiration(ctb, &conn->up, icmp_timeouts[conn->state], now);
+conn->state = reply ? ICMPS_REPLY : ICMPS_FIRST;
+conn_update_expiration(ct, &conn->up, icmp_timeouts[conn->state], now);
 
 return CT_UPDATE_VALID;
 }
@@ -79,15 +75,12 @@ icmp6_valid_new(struct dp_packet *pkt)
 }
 
 static struct conn *
-icmp_new_conn(struct conntrack_bucket *ctb, struct dp_packet *pkt OVS_UNUSED,
-   long long now)
+icmp_new_conn(struct conntrack *ct, struct dp_packet *pkt OVS_UNUSED,
+  long long now)
 {
-struct conn_icmp *conn;
-
-conn = xzalloc(sizeof *conn);
+struct conn_icmp *conn = xzalloc(sizeof *conn);
 conn->state = ICMPS_FIRST;
-
-conn_init_expiration(ctb, &conn->up, icmp_timeouts[conn->state], now);
+conn_init_expiration(ct, &conn->up, icmp_timeouts[conn->state], now);
 
 return &conn->up;
 }
diff --git a/lib/conntrack-other.c b/lib/conntrack-other.c
index 2920889..601d189 100644
--- a/lib/conntrack-other.c
+++ b/lib/conntrack-other.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2016 Nicira, Inc.
+ * Copyright (c) 2015-2019 Nicira, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,7 +19,7 @@
 #include "conntrack-private.h"
 #include "dp-packet.h"
 
-enum other_state {
+enum OVS_PACKED_ENUM other_state {
 OTHERS_FIRST,
 OTHERS_MULTIPLE,
 OTHERS_BIDIR,
@@ -27,7 +27,7 @@ enum other_state {
 
 struct conn_other {
 struct conn up;
-enum other_state

[ovs-dev] [patch v1] tests: Fix IPv4 checksums in zone limit test.

[Darrell Ball]

Userspace conntrack cares about IPv4 checksums, so this is a
prerequisite for adding zone limit support to userspace conntrack.

Fixes: 3f1087c70cf9 ("system-traffic: Add conntrack per zone limit test case.")
CC: Yi-Hung Wei 
Signed-off-by: Darrell Ball 
---
 tests/system-traffic.at | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/tests/system-traffic.at b/tests/system-traffic.at
index a358744..79d12fe 100644
--- a/tests/system-traffic.at
+++ b/tests/system-traffic.at
@@ -3444,11 +3444,11 @@ 
udp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=1,dport=6),reply=(src=10.1.1.2,dst=10.
 ])
 
 dnl Test UDP from port 2
-AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=2 
packet=5054000a505400090800451c0011a4cd0a0101030a010104000100020008
 actions=resubmit(,0)"])
-AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=2 
packet=5054000a505400090800451c0011a4cd0a0101030a010104000100030008
 actions=resubmit(,0)"])
-AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=2 
packet=5054000a505400090800451c0011a4cd0a0101030a010104000100040008
 actions=resubmit(,0)"])
-AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=2 
packet=5054000a505400090800451c0011a4cd0a0101030a010104000100050008
 actions=resubmit(,0)"])
-AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=2 
packet=5054000a505400090800451c0011a4cd0a0101030a010104000100060008
 actions=resubmit(,0)"])
+AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=2 
packet=5054000a505400090800451c0011a4c90a0101030a010104000100020008
 actions=resubmit(,0)"])
+AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=2 
packet=5054000a505400090800451c0011a4c90a0101030a010104000100030008
 actions=resubmit(,0)"])
+AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=2 
packet=5054000a505400090800451c0011a4c90a0101030a010104000100040008
 actions=resubmit(,0)"])
+AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=2 
packet=5054000a505400090800451c0011a4c90a0101030a010104000100050008
 actions=resubmit(,0)"])
+AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=2 
packet=5054000a505400090800451c0011a4c90a0101030a010104000100060008
 actions=resubmit(,0)"])
 
 AT_CHECK([ovs-appctl dpctl/ct-get-limits zone=0,3], [0], [dnl
 default limit=10
-- 
1.9.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] PURCHASE ORDER/INVOICE HS6109100010.PDF

[sending1]

H�rm%9tli sat1F meneceri!XahiF edirik biz%9 %9n yaxF1 qiym%9t 
g�nd%9rin. Flav%9 olaraq t%9tbiq olunmaq ���n qiym%9t v%9 m�vcudluq F = 
[MLT-2] iki s%9f%9r. (Apr - Sep) %9lav%9 olaraq F = [MLT-2] [MLT ^ -2] F = 
[MLT-2] kg = K�tl%9 (M) G�c vahidi kq.m / s ^ 2   H�rm%9tl%9,   WUNG zuhan 
-- Fancy -- 57�AC Fancy Yol yolu S17NAC �86 
Y29 Q6CSF8 Q6CSF8 Q6CSF8 Q6CSF8 Q6CSF8. Eirk%9t 0nformasiyas1 Pekin Longway 
Beyn%9lxalq S%9yah%9t Xidm%9tl%9ri A.E. Tel: 010-58797698-1187 S17NAC^02 
g1D�33 S3A g1DY16 Y27�57 f06f0E VFD�45 Y27SA6 1615 [A4 Flav%9: Vahid 1615. 
KunTai Beyn%9lxalq Mansion, Chao Wai St, ChaoYang District, Pekin 100020 �in
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] netdev: Dynamic per-port Flow API.

[Ilya Maximets]

Hi. Thanks for testing!

> Hi,
> Initial tests show that offload is broken as netdev_rte_offloads_flow_put() 
> is not called.
> It is not called because it is not registered.
> When starting debugging it I noticed in function 
> netdev_register_flow_api_provider()
> that we may return an uninitialized error value.
> Because of this in my tests calling netdev_register_flow_api_provider() 
> returned with errors.
>
> Looking at this function:
> Int netdev_register_flow_api_provider(const struct netdev_flow_api 
> *new_flow_api)
> OVS_EXCLUDED(netdev_flow_api_provider_mutex)
> {
> int error; // < should be initialized to 0

Good catch. However this value never used by callers. I'll fix.

> ...
> return error;
> }

> When initializing error to 0 this function returned successfully but 
> netdev_rte_offloads_flow_put() is
> still not called.
> It requires further debugging.

Sorry, It's a stupid bug while bool to int conversion.
Should be fixed by:

diff --git a/lib/netdev-rte-offloads.c b/lib/netdev-rte-offloads.c
index a3f0b82a8..44188dbf5 100644
--- a/lib/netdev-rte-offloads.c
+++ b/lib/netdev-rte-offloads.c
@@ -753,7 +753,7 @@ netdev_rte_offloads_flow_del(struct netdev
*netdev, const ovs_u128 *ufid,
 static int
 netdev_rte_offloads_init_flow_api(struct netdev *netdev)
 {
-return netdev_dpdk_flow_api_supported(netdev);
+return netdev_dpdk_flow_api_supported(netdev) ? 0 : EOPNOTSUPP;
 }
---

I'll update the patch tomorrow.

Best regards, Ilya Maximets.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [branch-2.9 3/3] conntrack: Replace structure copy by memcpy().

[Ben Pfaff]

On Thu, May 02, 2019 at 05:29:16PM -0700, Darrell Ball wrote:
> There are a few cases where structure copy can be replaced by
> memcpy(), for possible portability benefit.  This is because
> the structures involved have padding and elements of the
> structure are used to generate hashes.
> 
> Signed-off-by: Darrell Ball 

Thanks for the backports.  I applied them to branch-2.9.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 2/4] datapath: Add timeout support to ct action

[Aaron Conole]

0-day Robot  writes:

> Bleep bloop.  Greetings Yi-Hung Wei, I am a robot and I have tried out your 
> patch.
> Thanks for your contribution.
>
> I encountered some error that I wasn't expecting.  See the details below.
>
>
> checkpatch:
> ERROR: Author Dan Carpenter  needs to sign off.
> WARNING: Unexpected sign-offs from developers who are not authors or
> co-authors or committers: Yi-Hung Wei 
> Lines checked: 158, Warnings: 1, Errors: 1
>
>
> build:
> /bin/sh ./libtool --tag=CC --mode=compile gcc -std=gnu99
> -DHAVE_CONFIG_H -I.  -I ./include -I ./include -I ./lib -I ./lib
> -Wstrict-prototypes -Wall -Wextra -Wno-sign-compare -Wpointer-arith
> -Wformat -Wformat-security -Wswitch-enum -Wunused-parameter
> -Wbad-function-cast -Wcast-align -Wstrict-prototypes
> -Wold-style-definition -Wmissing-prototypes
> -Wmissing-field-initializers -fno-strict-aliasing -Wshadow -Werror
> -Werror -g -O2 -MT lib/dummy.lo -MD -MP -MF $depbase.Tpo -c -o
> lib/dummy.lo lib/dummy.c &&\
> mv -f $depbase.Tpo $depbase.Plo
> libtool: compile: gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I ./include -I
> ./include -I ./lib -I ./lib -Wstrict-prototypes -Wall -Wextra
> -Wno-sign-compare -Wpointer-arith -Wformat -Wformat-security
> -Wswitch-enum -Wunused-parameter -Wbad-function-cast -Wcast-align
> -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes
> -Wmissing-field-initializers -fno-strict-aliasing -Wshadow -Werror
> -Werror -g -O2 -MT lib/dummy.lo -MD -MP -MF lib/.deps/dummy.Tpo -c
> lib/dummy.c -o lib/dummy.o
> depbase=`echo lib/dpctl.lo | sed 's|[^/]*$|.deps/&|;s|\.lo$||'`;\
> /bin/sh ./libtool --tag=CC --mode=compile gcc -std=gnu99
> -DHAVE_CONFIG_H -I.  -I ./include -I ./include -I ./lib -I ./lib
> -Wstrict-prototypes -Wall -Wextra -Wno-sign-compare -Wpointer-arith
> -Wformat -Wformat-security -Wswitch-enum -Wunused-parameter
> -Wbad-function-cast -Wcast-align -Wstrict-prototypes
> -Wold-style-definition -Wmissing-prototypes
> -Wmissing-field-initializers -fno-strict-aliasing -Wshadow -Werror
> -Werror -g -O2 -MT lib/dpctl.lo -MD -MP -MF $depbase.Tpo -c -o
> lib/dpctl.lo lib/dpctl.c &&\
> mv -f $depbase.Tpo $depbase.Plo
> libtool: compile: gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I ./include -I
> ./include -I ./lib -I ./lib -Wstrict-prototypes -Wall -Wextra
> -Wno-sign-compare -Wpointer-arith -Wformat -Wformat-security
> -Wswitch-enum -Wunused-parameter -Wbad-function-cast -Wcast-align
> -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes
> -Wmissing-field-initializers -fno-strict-aliasing -Wshadow -Werror
> -Werror -g -O2 -MT lib/dpctl.lo -MD -MP -MF lib/.deps/dpctl.Tpo -c
> lib/dpctl.c -o lib/dpctl.o
> depbase=`echo lib/dp-packet.lo | sed 's|[^/]*$|.deps/&|;s|\.lo$||'`;\
> /bin/sh ./libtool --tag=CC --mode=compile gcc -std=gnu99
> -DHAVE_CONFIG_H -I.  -I ./include -I ./include -I ./lib -I ./lib
> -Wstrict-prototypes -Wall -Wextra -Wno-sign-compare -Wpointer-arith
> -Wformat -Wformat-security -Wswitch-enum -Wunused-parameter
> -Wbad-function-cast -Wcast-align -Wstrict-prototypes
> -Wold-style-definition -Wmissing-prototypes
> -Wmissing-field-initializers -fno-strict-aliasing -Wshadow -Werror
> -Werror -g -O2 -MT lib/dp-packet.lo -MD -MP -MF $depbase.Tpo -c -o
> lib/dp-packet.lo lib/dp-packet.c &&\
> mv -f $depbase.Tpo $depbase.Plo
> libtool: compile: gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I ./include -I
> ./include -I ./lib -I ./lib -Wstrict-prototypes -Wall -Wextra
> -Wno-sign-compare -Wpointer-arith -Wformat -Wformat-security
> -Wswitch-enum -Wunused-parameter -Wbad-function-cast -Wcast-align
> -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes
> -Wmissing-field-initializers -fno-strict-aliasing -Wshadow -Werror
> -Werror -g -O2 -MT lib/dp-packet.lo -MD -MP -MF
> lib/.deps/dp-packet.Tpo -c lib/dp-packet.c -o lib/dp-packet.o
> depbase=`echo lib/dpif-netdev.lo | sed 's|[^/]*$|.deps/&|;s|\.lo$||'`;\
> /bin/sh ./libtool --tag=CC --mode=compile gcc -std=gnu99
> -DHAVE_CONFIG_H -I.  -I ./include -I ./include -I ./lib -I ./lib
> -Wstrict-prototypes -Wall -Wextra -Wno-sign-compare -Wpointer-arith
> -Wformat -Wformat-security -Wswitch-enum -Wunused-parameter
> -Wbad-function-cast -Wcast-align -Wstrict-prototypes
> -Wold-style-definition -Wmissing-prototypes
> -Wmissing-field-initializers -fno-strict-aliasing -Wshadow -Werror
> -Werror -g -O2 -MT lib/dpif-netdev.lo -MD -MP -MF $depbase.Tpo -c -o
> lib/dpif-netdev.lo lib/dpif-netdev.c &&\
> mv -f $depbase.Tpo $depbase.Plo
> libtool: compile: gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I ./include -I
> ./include -I ./lib -I ./lib -Wstrict-prototypes -Wall -Wextra
> -Wno-sign-compare -Wpointer-arith -Wformat -Wformat-security
> -Wswitch-enum -Wunused-parameter -Wbad-function-cast -Wcast-align
> -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes
> -Wmissing-field-initializers -fno-strict-aliasing -Wshadow -Werror
> -Werror -g -O2 -MT lib/dpif-netdev.lo -MD -MP -MF
> lib/.deps/dpif-netdev.Tpo -c lib/dpif-netdev.c -o lib/dpif-netdev.o
> lib/dpif-netdev.c: In funct

Re: [ovs-dev] [PATCH 2/4] datapath: Add timeout support to ct action

[Yi-Hung Wei]

On Mon, May 6, 2019 at 1:02 PM Aaron Conole  wrote:
>
> > lib/.deps/dpif-netdev.Tpo -c lib/dpif-netdev.c -o lib/dpif-netdev.o
> > lib/dpif-netdev.c: In function 'dp_execute_cb':
> > lib/dpif-netdev.c:7112:13: error: enumeration value
> > 'OVS_CT_ATTR_TIMEOUT' not handled in switch [-Werror=switch]
> >  switch(sub_type) {
> >  ^
> > cc1: all warnings being treated as errors
>
> Are you taking a look at this?  It doesn't look to be related to the
> setup (but I haven't looked at the code or commit):
>
> https://travis-ci.org/ovsrobot/ovs/jobs/528009507

Thanks Aaron for bringing this up.  It is because this patch
introduced a new symbol OVS_CT_ATTR_TIMEOUT, but it is not handled in
lib/dpif-netdev.c with this patch. Actually, OVS_CT_ATTR_TIMEOUT will
be taken care of in the 3rd patch of this series.  When the whole
series is applied, the travis build will pass.

https://travis-ci.org/YiHungWei/ovs/builds/527968147

Anyway, it should not break the build when this patch is applied. I
will squash patch 2 and 3 together in the next revision.

Thanks,

-Yi-Hung
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [patch v1] tests: Fix IPv4 checksums in zone limit test.

[Yi-Hung Wei]

On Mon, May 6, 2019 at 9:48 AM Darrell Ball  wrote:
>
> Userspace conntrack cares about IPv4 checksums, so this is a
> prerequisite for adding zone limit support to userspace conntrack.
>
> Fixes: 3f1087c70cf9 ("system-traffic: Add conntrack per zone limit test 
> case.")
> CC: Yi-Hung Wei 
> Signed-off-by: Darrell Ball 
> ---

Thanks for the fix.

Acked-by: Yi-Hung Wei 
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 0/7] datapath: Support 4.19.x and 4.20.x kernel

[Yifeng Sun]

This series of patches enabled OVS to support kernel 4.19.x and 4.20.x.

Tests shows that this series of patches passed check-kmod tests or
didn't introduce new failed check-kmod tests for the following
kernel versions:
3.10.0-957.12.1.el7.x86_64 (rhel)
4.4.0-31-generic (ubuntu 14.04)
4.4.0-146-generic (ubuntu 16.04)
4.4.179
4.9.171
4.14.111
4.15.0-48-generic (ubuntu 18.04)
4.17.19
4.18.0-18-generic (ubuntu 18.10)
4.19.37
4.20.17

Travis passed at:
https://travis-ci.org/yifsun/ovs-travis/builds/528006159

In addition, build is successful on:
CentOS73, Fedora, RHEL74, RHEL75, RHEL76 and Ubuntu (bionic, trusty,
xenial).

Yifeng Sun (7):
  datapath: Handle removal of nf_conntrack_l3proto.h
  datapath: Pass nf_hook_state to nf_conntrack_in
  datapath: Use new header file net/ipv6_frag.h
  datapath: Fix conntrack_count related compilation errors
  openvswitch: use nf_ct_get_tuplepr, invert_tuplepr
  netfilter: Remove useless param helper of nf_ct_helper_ext_add
  datapath: Support kernel version 4.19.x and 4.20.x.

 .travis.yml| 18 +++--
 acinclude.m4   | 19 --
 datapath/conntrack.c   | 26 ---
 datapath/linux/Modules.mk  |  4 ++-
 datapath/linux/compat/include/linux/netfilter.h| 19 ++
 datapath/linux/compat/include/net/ipv6_frag.h  |  8 ++
 .../include/net/netfilter/nf_conntrack_core.h  | 30 ++
 .../include/net/netfilter/nf_conntrack_count.h |  4 +--
 .../include/net/netfilter/nf_conntrack_helper.h| 12 +
 datapath/linux/compat/nf_conncount.c   |  6 -
 datapath/linux/compat/nf_conntrack_core.c  | 21 +++
 datapath/linux/compat/nf_conntrack_proto.c |  2 ++
 12 files changed, 139 insertions(+), 30 deletions(-)
 create mode 100644 datapath/linux/compat/include/linux/netfilter.h
 create mode 100644 datapath/linux/compat/include/net/ipv6_frag.h

-- 
2.7.4

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 3/7] datapath: Use new header file net/ipv6_frag.h

[Yifeng Sun]

From: Florian Westphal 

Upstream commit:
commit 70b095c84326640eeacfd69a411db8fc36e8ab1a
Author: Florian Westphal 
Date:   Sat Jul 14 01:14:01 2018 +0200

ipv6: remove dependency of nf_defrag_ipv6 on ipv6 module

IPV6=m
DEFRAG_IPV6=m
CONNTRACK=y yields:

net/netfilter/nf_conntrack_proto.o: In function `nf_ct_netns_do_get':
net/netfilter/nf_conntrack_proto.c:802: undefined reference to 
`nf_defrag_ipv6_enable'
net/netfilter/nf_conntrack_proto.o:(.rodata+0x640): undefined reference to 
`nf_conntrack_l4proto_icmpv6'

Setting DEFRAG_IPV6=y causes undefined references to ip6_rhash_params
ip6_frag_init and ip6_expire_frag_queue so it would be needed to force
IPV6=y too.

This patch gets rid of the 'followup linker error' by removing
the dependency of ipv6.ko symbols from netfilter ipv6 defrag.

Shared code is placed into a header, then used from both.

Signed-off-by: Florian Westphal 
Signed-off-by: Pablo Neira Ayuso 

This patch backports the above upstream patch to OVS.

Cc: Florian Westphal 
Signed-off-by: Yifeng Sun 
---
 acinclude.m4  | 2 ++
 datapath/conntrack.c  | 1 +
 datapath/linux/compat/include/net/ipv6_frag.h | 8 
 3 files changed, 11 insertions(+)
 create mode 100644 datapath/linux/compat/include/net/ipv6_frag.h

diff --git a/acinclude.m4 b/acinclude.m4
index 372be5f4dccd..4f9aebc325ba 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -934,6 +934,8 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [
   OVS_FIND_PARAM_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_core.h],
 [nf_conntrack_in], [nf_hook_state],
 
[OVS_DEFINE([HAVE_NF_CONNTRACK_IN_TAKES_NF_HOOK_STATE])])
+  OVS_GREP_IFELSE([$KSRC/include/net/ipv6_frag.h], [IP6_DEFRAG_CONNTRACK_IN],
+  [OVS_DEFINE([HAVE_IPV6_FRAG_H])])
 
   if cmp -s datapath/linux/kcompat.h.new \
 datapath/linux/kcompat.h >/dev/null 2>&1; then
diff --git a/datapath/conntrack.c b/datapath/conntrack.c
index 8c1a80308d6a..52825a6b20fb 100644
--- a/datapath/conntrack.c
+++ b/datapath/conntrack.c
@@ -31,6 +31,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #ifdef CONFIG_NF_NAT_NEEDED
 #include 
diff --git a/datapath/linux/compat/include/net/ipv6_frag.h 
b/datapath/linux/compat/include/net/ipv6_frag.h
new file mode 100644
index ..5d1cc901bec1
--- /dev/null
+++ b/datapath/linux/compat/include/net/ipv6_frag.h
@@ -0,0 +1,8 @@
+#ifndef __NET_IPV6_FRAG_WRAPPER_H
+#define __NET_IPV6_FRAG_WRAPPER_H
+
+#if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6) && defined(HAVE_IPV6_FRAG_H)
+#include_next 
+#endif
+
+#endif /* __NET_IPV6_FRAG_WRAPPER_H */
-- 
2.7.4

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 5/7] openvswitch: use nf_ct_get_tuplepr, invert_tuplepr

[Yifeng Sun]

From: Florian Westphal 

Upstream commit:
commit 60e3be94e6a1c5162a0763c9aafb5190b2b1fdce
Author: Florian Westphal 
Date:   Mon Jun 25 17:55:32 2018 +0200

openvswitch: use nf_ct_get_tuplepr, invert_tuplepr

These versions deal with the l3proto/l4proto details internally.
It removes only caller of nf_ct_get_tuple, so make it static.

After this, l3proto->get_l4proto() can be removed in a followup patch.

Signed-off-by: Florian Westphal 
Acked-by: Pravin B Shelar 
Signed-off-by: Pablo Neira Ayuso 

This patch backports the above upstream kernel patch to OVS.

Cc: Florian Westphal 
Signed-off-by: Yifeng Sun 
---
 acinclude.m4|  2 ++
 datapath/conntrack.c| 17 +++--
 .../include/net/netfilter/nf_conntrack_core.h   | 19 +++
 datapath/linux/compat/nf_conntrack_core.c   | 21 +
 4 files changed, 45 insertions(+), 14 deletions(-)

diff --git a/acinclude.m4 b/acinclude.m4
index 4f9aebc325ba..4c533bb98949 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -936,6 +936,8 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [
 
[OVS_DEFINE([HAVE_NF_CONNTRACK_IN_TAKES_NF_HOOK_STATE])])
   OVS_GREP_IFELSE([$KSRC/include/net/ipv6_frag.h], [IP6_DEFRAG_CONNTRACK_IN],
   [OVS_DEFINE([HAVE_IPV6_FRAG_H])])
+  OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack.h],
+  [nf_ct_invert_tuplepr])
 
   if cmp -s datapath/linux/kcompat.h.new \
 datapath/linux/kcompat.h >/dev/null 2>&1; then
diff --git a/datapath/conntrack.c b/datapath/conntrack.c
index 52825a6b20fb..391755c25cb0 100644
--- a/datapath/conntrack.c
+++ b/datapath/conntrack.c
@@ -646,23 +646,12 @@ static struct nf_conn *
 ovs_ct_find_existing(struct net *net, const struct nf_conntrack_zone *zone,
 u8 l3num, struct sk_buff *skb, bool natted)
 {
-   const struct nf_conntrack_l3proto *l3proto;
-   const struct nf_conntrack_l4proto *l4proto;
struct nf_conntrack_tuple tuple;
struct nf_conntrack_tuple_hash *h;
struct nf_conn *ct;
-   unsigned int dataoff;
-   u8 protonum;
 
-   l3proto = __nf_ct_l3proto_find(l3num);
-   if (l3proto->get_l4proto(skb, skb_network_offset(skb), &dataoff,
-&protonum) <= 0) {
-   pr_debug("ovs_ct_find_existing: Can't get protonum\n");
-   return NULL;
-   }
-   l4proto = __nf_ct_l4proto_find(l3num, protonum);
-   if (!nf_ct_get_tuple(skb, skb_network_offset(skb), dataoff, l3num,
-protonum, net, &tuple, l3proto, l4proto)) {
+   if (!nf_ct_get_tuplepr(skb, skb_network_offset(skb), l3num,
+  net, &tuple)) {
pr_debug("ovs_ct_find_existing: Can't get tuple\n");
return NULL;
}
@@ -671,7 +660,7 @@ ovs_ct_find_existing(struct net *net, const struct 
nf_conntrack_zone *zone,
if (natted) {
struct nf_conntrack_tuple inverse;
 
-   if (!nf_ct_invert_tuple(&inverse, &tuple, l3proto, l4proto)) {
+   if (!nf_ct_invert_tuplepr(&inverse, &tuple, l3num, skb)) {
pr_debug("ovs_ct_find_existing: Inversion failed!\n");
return NULL;
}
diff --git a/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h 
b/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h
index d0e9aadcba76..8eba1242042b 100644
--- a/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h
+++ b/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h
@@ -3,6 +3,25 @@
 
 #include_next 
 
+#ifdef HAVE_NF_CT_INVERT_TUPLEPR
+
+#include 
+
+static inline bool
+rpl_nf_ct_invert_tuplepr(struct nf_conntrack_tuple *inverse,
+const struct nf_conntrack_tuple *orig,
+u8 l3num, struct sk_buff *skb)
+{
+   return nf_ct_invert_tuplepr(inverse, orig);
+}
+#else
+bool
+rpl_nf_ct_invert_tuplepr(struct nf_conntrack_tuple *inverse,
+const struct nf_conntrack_tuple *orig,
+u8 l3num, struct sk_buff *skb);
+#endif /* HAVE_NF_CT_INVERT_TUPLEPR */
+#define nf_ct_invert_tuplepr rpl_nf_ct_invert_tuplepr
+
 #ifndef HAVE_NF_CT_TMPL_ALLOC_TAKES_STRUCT_ZONE
 
 #include 
diff --git a/datapath/linux/compat/nf_conntrack_core.c 
b/datapath/linux/compat/nf_conntrack_core.c
index a7d3d4331e4a..397a5f69ffe9 100644
--- a/datapath/linux/compat/nf_conntrack_core.c
+++ b/datapath/linux/compat/nf_conntrack_core.c
@@ -11,3 +11,24 @@ const struct nf_conntrack_zone nf_ct_zone_dflt = {
 };
 
 #endif /* HAVE_NF_CT_ZONE_INIT */
+
+#ifndef HAVE_NF_CT_INVERT_TUPLEPR
+bool
+rpl_nf_ct_invert_tuplepr(struct nf_conntrack_tuple *inverse,
+const struct nf_conntrack_tuple *orig,
+u8 l3num, struct sk_buff *s

[ovs-dev] [PATCH 6/7] netfilter: Remove useless param helper of nf_ct_helper_ext_add

[Yifeng Sun]

From: Gao Feng 

Upstream commit:
commit 440534d3c56be04abfb26850ee882d19d223557a
Author: Gao Feng 
Date:   Mon Jul 9 18:06:33 2018 +0800

netfilter: Remove useless param helper of nf_ct_helper_ext_add

The param helper of nf_ct_helper_ext_add is useless now, then remove
it now.

Signed-off-by: Gao Feng 
Signed-off-by: Pablo Neira Ayuso 

This patch backports the above upstream patch to OVS.

Cc: Gao Feng 
Signed-off-by: Yifeng Sun 
---
 acinclude.m4 |  3 +++
 .../linux/compat/include/net/netfilter/nf_conntrack_helper.h | 12 
 2 files changed, 15 insertions(+)

diff --git a/acinclude.m4 b/acinclude.m4
index 4c533bb98949..91e07d871f58 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -938,6 +938,9 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [
   [OVS_DEFINE([HAVE_IPV6_FRAG_H])])
   OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack.h],
   [nf_ct_invert_tuplepr])
+  OVS_FIND_PARAM_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_helper.h],
+[nf_ct_helper_ext_add], [nf_conntrack_helper],
+[OVS_DEFINE([HAVE_NF_CT_HELPER_EXT_ADD_TAKES_HELPER])])
 
   if cmp -s datapath/linux/kcompat.h.new \
 datapath/linux/kcompat.h >/dev/null 2>&1; then
diff --git a/datapath/linux/compat/include/net/netfilter/nf_conntrack_helper.h 
b/datapath/linux/compat/include/net/netfilter/nf_conntrack_helper.h
index 19c35cd95f6f..0b685cc1a05a 100644
--- a/datapath/linux/compat/include/net/netfilter/nf_conntrack_helper.h
+++ b/datapath/linux/compat/include/net/netfilter/nf_conntrack_helper.h
@@ -9,4 +9,16 @@ static inline void nf_conntrack_helper_put(struct 
nf_conntrack_helper *helper) {
 }
 #endif
 
+static inline struct nf_conn_help *
+rpl_nf_ct_helper_ext_add(struct nf_conn *ct,
+struct nf_conntrack_helper *helper, gfp_t gfp)
+{
+#ifdef HAVE_NF_CT_HELPER_EXT_ADD_TAKES_HELPER
+   return nf_ct_helper_ext_add(ct, helper, gfp);
+#else
+   return nf_ct_helper_ext_add(ct, gfp);
+#endif
+}
+#define nf_ct_helper_ext_add rpl_nf_ct_helper_ext_add
+
 #endif /* _NF_CONNTRACK_HELPER_WRAPPER_H */
-- 
2.7.4

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH] datapath: Support kernel version 4.19.x and 4.20.x

[Yifeng Sun]

This patch updated acinclude.m4 so that OVS can be compiled on 4.19.x
and 4.20.x kernels. 
This patch also updated travis files so that latest kernel versions
are used during travis test builds.

Signed-off-by: Yifeng Sun 
---
 .travis.yml  | 18 ++
 NEWS |  2 ++
 acinclude.m4 |  4 ++--
 3 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 468c39ecd505..765692f7a2b2 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -31,19 +31,21 @@ env:
   - TESTSUITE=1 KERNEL=3.16.54
   - TESTSUITE=1 OPTS="--enable-shared"
   - BUILD_ENV="-m32" OPTS="--disable-ssl"
-  - KERNEL=3.16.54 DPDK=1 OPTS="--enable-shared"
-  - KERNEL=3.16.54 TESTSUITE=1 DPDK=1
-  - KERNEL=3.16.54 DPDK_SHARED=1
-  - KERNEL=3.16.54 DPDK_SHARED=1 OPTS="--enable-shared"
+  - KERNEL=3.16.65 DPDK=1 OPTS="--enable-shared"
+  - KERNEL=3.16.65 TESTSUITE=1 DPDK=1
+  - KERNEL=3.16.65 DPDK_SHARED=1
+  - KERNEL=3.16.65 DPDK_SHARED=1 OPTS="--enable-shared"
+  - KERNEL=4.20.17
+  - KERNEL=4.19.37
   - KERNEL=4.18.20
   - KERNEL=4.17.19
   - KERNEL=4.16.18
   - KERNEL=4.15.18
-  - KERNEL=4.14.111
-  - KERNEL=4.9.149
-  - KERNEL=4.4.148
+  - KERNEL=4.14.114
+  - KERNEL=4.9.171
+  - KERNEL=4.4.179
   - KERNEL=3.19.8
-  - KERNEL=3.16.57
+  - KERNEL=3.16.65
   - TESTSUITE=1 LIBS=-ljemalloc
 
 matrix:
diff --git a/NEWS b/NEWS
index 293531db0615..3b4160c27834 100644
--- a/NEWS
+++ b/NEWS
@@ -40,6 +40,8 @@ Post-v2.11.0
members of the same transport zone(s).
- New QoS type "linux-netem" on Linux.
- Added support for TLS Server Name Indication (SNI).
+   - Linux datapath:
+ * Support for the kernel versions 4.19.x and 4.20.x.
 
 
 v2.11.0 - 19 Feb 2019
diff --git a/acinclude.m4 b/acinclude.m4
index 91e07d871f58..e5ff093c1b57 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -151,10 +151,10 @@ AC_DEFUN([OVS_CHECK_LINUX], [
 AC_MSG_RESULT([$kversion])
 
 if test "$version" -ge 4; then
-   if test "$version" = 4 && test "$patchlevel" -le 18; then
+   if test "$version" = 4 && test "$patchlevel" -le 20; then
   : # Linux 4.x
else
-  AC_ERROR([Linux kernel in $KBUILD is version $kversion, but version 
newer than 4.18.x is not supported (please refer to the FAQ for advice)])
+  AC_ERROR([Linux kernel in $KBUILD is version $kversion, but version 
newer than 4.20.x is not supported (please refer to the FAQ for advice)])
fi
 elif test "$version" = 3 && test "$patchlevel" -ge 10; then
: # Linux 3.x
-- 
2.7.4

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 7/7] datapath: Support kernel version 4.19.x and 4.20.x

[Yifeng Sun]

This patch updated acinclude.m4 so that OVS can be compiled on 4.19.x
and 4.20.x kernels. 
This patch also updated travis files so that latest kernel versions
are used during travis test builds.

Signed-off-by: Yifeng Sun 
---
 .travis.yml  | 18 ++
 NEWS |  2 ++
 acinclude.m4 |  4 ++--
 3 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 468c39ecd505..765692f7a2b2 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -31,19 +31,21 @@ env:
   - TESTSUITE=1 KERNEL=3.16.54
   - TESTSUITE=1 OPTS="--enable-shared"
   - BUILD_ENV="-m32" OPTS="--disable-ssl"
-  - KERNEL=3.16.54 DPDK=1 OPTS="--enable-shared"
-  - KERNEL=3.16.54 TESTSUITE=1 DPDK=1
-  - KERNEL=3.16.54 DPDK_SHARED=1
-  - KERNEL=3.16.54 DPDK_SHARED=1 OPTS="--enable-shared"
+  - KERNEL=3.16.65 DPDK=1 OPTS="--enable-shared"
+  - KERNEL=3.16.65 TESTSUITE=1 DPDK=1
+  - KERNEL=3.16.65 DPDK_SHARED=1
+  - KERNEL=3.16.65 DPDK_SHARED=1 OPTS="--enable-shared"
+  - KERNEL=4.20.17
+  - KERNEL=4.19.37
   - KERNEL=4.18.20
   - KERNEL=4.17.19
   - KERNEL=4.16.18
   - KERNEL=4.15.18
-  - KERNEL=4.14.111
-  - KERNEL=4.9.149
-  - KERNEL=4.4.148
+  - KERNEL=4.14.114
+  - KERNEL=4.9.171
+  - KERNEL=4.4.179
   - KERNEL=3.19.8
-  - KERNEL=3.16.57
+  - KERNEL=3.16.65
   - TESTSUITE=1 LIBS=-ljemalloc
 
 matrix:
diff --git a/NEWS b/NEWS
index 293531db0615..3b4160c27834 100644
--- a/NEWS
+++ b/NEWS
@@ -40,6 +40,8 @@ Post-v2.11.0
members of the same transport zone(s).
- New QoS type "linux-netem" on Linux.
- Added support for TLS Server Name Indication (SNI).
+   - Linux datapath:
+ * Support for the kernel versions 4.19.x and 4.20.x.
 
 
 v2.11.0 - 19 Feb 2019
diff --git a/acinclude.m4 b/acinclude.m4
index 91e07d871f58..e5ff093c1b57 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -151,10 +151,10 @@ AC_DEFUN([OVS_CHECK_LINUX], [
 AC_MSG_RESULT([$kversion])
 
 if test "$version" -ge 4; then
-   if test "$version" = 4 && test "$patchlevel" -le 18; then
+   if test "$version" = 4 && test "$patchlevel" -le 20; then
   : # Linux 4.x
else
-  AC_ERROR([Linux kernel in $KBUILD is version $kversion, but version 
newer than 4.18.x is not supported (please refer to the FAQ for advice)])
+  AC_ERROR([Linux kernel in $KBUILD is version $kversion, but version 
newer than 4.20.x is not supported (please refer to the FAQ for advice)])
fi
 elif test "$version" = 3 && test "$patchlevel" -ge 10; then
: # Linux 3.x
-- 
2.7.4

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 1/7] datapath: Handle removal of nf_conntrack_l3proto.h

[Yifeng Sun]

Upstream kernel commit a0ae2562 ("netfilter: conntrack: remove l3proto
abstraction") removed header file net/netfilter/nf_conntrack_l3proto.h.
This patch detects it and fixes compilation errors of OVS on 4.19+ kernels.

Signed-off-by: Yifeng Sun 
---
 acinclude.m4   | 3 +++
 datapath/linux/compat/nf_conntrack_proto.c | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/acinclude.m4 b/acinclude.m4
index b532a4579266..c9b744db0b94 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -926,6 +926,9 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [
   [OVS_DEFINE([HAVE_KVMALLOC_ARRAY])])
   OVS_GREP_IFELSE([$KSRC/include/linux/mm.h], [kvmalloc_node],
   [OVS_DEFINE([HAVE_KVMALLOC_NODE])])
+  OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_l3proto.h],
+  [nf_conntrack_l3proto],
+  [OVS_DEFINE([HAVE_NF_CONNTRACK_L3PROATO_H])])
 
   if cmp -s datapath/linux/kcompat.h.new \
 datapath/linux/kcompat.h >/dev/null 2>&1; then
diff --git a/datapath/linux/compat/nf_conntrack_proto.c 
b/datapath/linux/compat/nf_conntrack_proto.c
index 4ac66f61c70d..fe291dbf25e1 100644
--- a/datapath/linux/compat/nf_conntrack_proto.c
+++ b/datapath/linux/compat/nf_conntrack_proto.c
@@ -1,7 +1,9 @@
 #include 
 
 #include 
+#ifdef HAVE_NF_CONNTRACK_L3PROATO_H
 #include 
+#endif
 
 /*
  * Upstream net-next commmit 7e35ec0e8044
-- 
2.7.4

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 2/7] datapath: Pass nf_hook_state to nf_conntrack_in

[Yifeng Sun]

From: Florian Westphal 

Upstream Commit:
commit 93e66024b0249cec81e91328c55a754efd3192e0
Author: Florian Westphal 
Date:   Wed Sep 12 15:19:07 2018 +0200

netfilter: conntrack: pass nf_hook_state to packet and error handlers

nf_hook_state contains all the hook meta-information: netns, protocol 
family,
hook location, and so on.

Instead of only passing selected information, pass a pointer to entire
structure.

This will allow to merge the error and the packet handlers and remove
the ->new() function in followup patches.

Signed-off-by: Florian Westphal 
Signed-off-by: Pablo Neira Ayuso 

This patch backports the above upstream patch to OVS and fixes compiling
errors on RHEL kernels.

Cc: Florian Westphal 
Signed-off-by: Yifeng Sun 
---
 acinclude.m4  |  5 +
 datapath/conntrack.c  |  8 ++--
 datapath/linux/Modules.mk |  4 +++-
 datapath/linux/compat/include/linux/netfilter.h   | 19 +++
 .../compat/include/net/netfilter/nf_conntrack_core.h  | 11 +++
 5 files changed, 44 insertions(+), 3 deletions(-)
 create mode 100644 datapath/linux/compat/include/linux/netfilter.h

diff --git a/acinclude.m4 b/acinclude.m4
index c9b744db0b94..372be5f4dccd 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -603,6 +603,8 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [
 [ndo_change_mtu], [OVS_DEFINE([HAVE_RHEL7_MAX_MTU])])
 
   OVS_GREP_IFELSE([$KSRC/include/linux/netfilter.h], [nf_hook_state])
+  OVS_FIND_FIELD_IFELSE([$KSRC/include/linux/netfilter.h], [nf_hook_state],
+[struct net ], [OVS_DEFINE([HAVE_NF_HOOK_STATE_NET])])
   OVS_GREP_IFELSE([$KSRC/include/linux/netfilter.h], [nf_register_net_hook])
   OVS_GREP_IFELSE([$KSRC/include/linux/netfilter.h], [nf_hookfn.*nf_hook_ops],
   [OVS_DEFINE([HAVE_NF_HOOKFN_ARG_OPS])])
@@ -929,6 +931,9 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [
   OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_l3proto.h],
   [nf_conntrack_l3proto],
   [OVS_DEFINE([HAVE_NF_CONNTRACK_L3PROATO_H])])
+  OVS_FIND_PARAM_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_core.h],
+[nf_conntrack_in], [nf_hook_state],
+
[OVS_DEFINE([HAVE_NF_CONNTRACK_IN_TAKES_NF_HOOK_STATE])])
 
   if cmp -s datapath/linux/kcompat.h.new \
 datapath/linux/kcompat.h >/dev/null 2>&1; then
diff --git a/datapath/conntrack.c b/datapath/conntrack.c
index 52208bad3029..8c1a80308d6a 100644
--- a/datapath/conntrack.c
+++ b/datapath/conntrack.c
@@ -987,6 +987,11 @@ static int __ovs_ct_lookup(struct net *net, struct 
sw_flow_key *key,
struct nf_conn *ct;
 
if (!cached) {
+   struct nf_hook_state state = {
+   .hook = NF_INET_PRE_ROUTING,
+   .pf = info->family,
+   .net = net,
+   };
struct nf_conn *tmpl = info->ct;
int err;
 
@@ -998,8 +1003,7 @@ static int __ovs_ct_lookup(struct net *net, struct 
sw_flow_key *key,
nf_ct_set(skb, tmpl, IP_CT_NEW);
}
 
-   err = nf_conntrack_in(net, info->family,
- NF_INET_PRE_ROUTING, skb);
+   err = nf_conntrack_in(skb, &state);
if (err != NF_ACCEPT)
return -ENOENT;
 
diff --git a/datapath/linux/Modules.mk b/datapath/linux/Modules.mk
index caa2525ff0ab..e8483385dcbb 100644
--- a/datapath/linux/Modules.mk
+++ b/datapath/linux/Modules.mk
@@ -114,5 +114,7 @@ openvswitch_headers += \
linux/compat/include/net/erspan.h \
linux/compat/include/uapi/linux/netfilter.h \
linux/compat/include/linux/mm.h \
-   linux/compat/include/linux/overflow.h
+   linux/compat/include/linux/overflow.h \
+   linux/compat/include/net/ipv6_frag.h \
+   linux/compat/include/linux/netfilter.h
 EXTRA_DIST += linux/compat/build-aux/export-check-whitelist
diff --git a/datapath/linux/compat/include/linux/netfilter.h 
b/datapath/linux/compat/include/linux/netfilter.h
new file mode 100644
index ..a6ed6172d49f
--- /dev/null
+++ b/datapath/linux/compat/include/linux/netfilter.h
@@ -0,0 +1,19 @@
+#ifndef __NETFILTER_WRAPPER_H
+#define __NETFILTER_WRAPPER_H
+
+#include_next 
+
+#if !defined(HAVE_NF_HOOK_STATE) || !defined(HAVE_NF_HOOK_STATE_NET)
+struct rpl_nf_hook_state {
+   unsigned int hook;
+   u_int8_t pf;
+   struct net_device *in;
+   struct net_device *out;
+   struct sock *sk;
+   struct net *net;
+   int (*okfn)(struct net *, struct sock *, struct sk_buff *);
+};
+#define nf_hook_state rpl_nf_hook_state
+#endif
+
+#endif /* __NETFILTER_WRAPPER_H */
diff --git a/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h 
b/datapath/linux/compa

[ovs-dev] [PATCH 4/7] datapath: Fix conntrack_count related compilation errors

[Yifeng Sun]

This patch fixes the compilation errors of OVS on 4.19+ kernels.

Signed-off-by: Yifeng Sun 
---
 datapath/linux/compat/include/net/netfilter/nf_conntrack_count.h | 4 ++--
 datapath/linux/compat/nf_conncount.c | 6 +-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/datapath/linux/compat/include/net/netfilter/nf_conntrack_count.h 
b/datapath/linux/compat/include/net/netfilter/nf_conntrack_count.h
index fd536f3e1854..614017309efe 100644
--- a/datapath/linux/compat/include/net/netfilter/nf_conntrack_count.h
+++ b/datapath/linux/compat/include/net/netfilter/nf_conntrack_count.h
@@ -2,6 +2,8 @@
 #define _NF_CONNTRACK_COUNT_WRAPPER_H
 
 #include 
+#include 
+#include 
 
 #ifdef HAVE_UPSTREAM_NF_CONNCOUNT
 #include_next 
@@ -16,8 +18,6 @@ static inline void rpl_nf_conncount_modexit(void)
 }
 
 #else
-#include 
-#include 
 #define CONFIG_NETFILTER_CONNCOUNT 1
 struct nf_conncount_data;
 
diff --git a/datapath/linux/compat/nf_conncount.c 
b/datapath/linux/compat/nf_conncount.c
index 0bee96274b00..eeae440f872d 100644
--- a/datapath/linux/compat/nf_conncount.c
+++ b/datapath/linux/compat/nf_conncount.c
@@ -13,6 +13,8 @@
  * only ignore TIME_WAIT or gone connections
  *   (C) CC Computer Consultants GmbH, 2007
  */
+#ifndef HAVE_UPSTREAM_NF_CONNCOUNT
+
 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 #include 
 #include 
@@ -138,7 +140,7 @@ static bool conn_free(struct nf_conncount_list *list,
 
if (list->count == 0) {
spin_unlock(&list->list_lock);
-return free_entry;
+   return free_entry;
}
 
list->count--;
@@ -635,3 +637,5 @@ void rpl_nf_conncount_modexit(void)
kmem_cache_destroy(conncount_conn_cachep);
kmem_cache_destroy(conncount_rb_cachep);
 }
+
+#endif /* HAVE_UPSTREAM_NF_CONNCOUNT */
-- 
2.7.4

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev