subject:"\[ovs\-dev\] \[PATCH ovn\] northd, controller\: Add CoPP for SVC monitor"

Re: [ovs-dev] [PATCH ovn] northd, controller: Add CoPP for SVC monitor

2023-08-29 Thread 0-day Robot

Bleep bloop.  Greetings Mark Michelson, I am a robot and I have tried out your 
patch.
Thanks for your contribution.

I encountered some error that I wasn't expecting.  See the details below.


checkpatch:
ERROR: Committer Mark Michelson  needs to sign off.
Lines checked: 131, Warnings: 0, Errors: 1


Please check this out.  If you feel there has been an error, please email 
acon...@redhat.com

Thanks,
0-day Robot
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn] northd, controller: Add CoPP for SVC monitor

2023-08-29 Thread Mark Michelson


Thanks Ales,

Acked-by: Mark Michelson 

I pushed the change to main and all branches back to 22.03.

On 8/29/23 11:24, Mark Michelson wrote:

From: Ales Musil 

The SVC monitor was exposed without any limitation.
Add CoPP for the SVC monitor flow, which adds a way
for CMSs to limit the traffic that this flow accepts.

Signed-off-by: Ales Musil 
---
  lib/copp.c  |  1 +
  lib/copp.h  |  1 +
  northd/northd.c |  8 +---
  ovn-nb.xml  |  4 
  tests/ovn-northd.at |  2 +-
  tests/system-ovn.at | 20 +++-
  6 files changed, 31 insertions(+), 5 deletions(-)

diff --git a/lib/copp.c b/lib/copp.c
index 603e3f5bf..11dd9029d 100644
--- a/lib/copp.c
+++ b/lib/copp.c
@@ -38,6 +38,7 @@ static char *copp_proto_names[COPP_PROTO_MAX] = {
  [COPP_ND_RA_OPTS]= "nd-ra-opts",
  [COPP_TCP_RESET] = "tcp-reset",
  [COPP_REJECT]= "reject",
+[COPP_SVC_MONITOR]   = "svc-monitor",
  [COPP_BFD]   = "bfd",
  };
  
diff --git a/lib/copp.h b/lib/copp.h

index f03004aa6..b99737220 100644
--- a/lib/copp.h
+++ b/lib/copp.h
@@ -37,6 +37,7 @@ enum copp_proto {
  COPP_TCP_RESET,
  COPP_BFD,
  COPP_REJECT,
+COPP_SVC_MONITOR,
  COPP_PROTO_MAX,
  COPP_PROTO_INVALID = COPP_PROTO_MAX,
  };
diff --git a/northd/northd.c b/northd/northd.c
index 8519617de..b43a67b87 100644
--- a/northd/northd.c
+++ b/northd/northd.c
@@ -9804,9 +9804,11 @@ build_lswitch_destination_lookup_bmcast(struct 
ovn_datapath *od,
  {
  ovs_assert(od->nbs);
  
-ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 110,

-  "eth.dst == $svc_monitor_mac && (tcp || icmp || icmp6)",
-  "handle_svc_check(inport);");
+ovn_lflow_metered(lflows, od, S_SWITCH_IN_L2_LKUP, 110,
+  "eth.dst == $svc_monitor_mac && (tcp || icmp || icmp6)",
+  "handle_svc_check(inport);",
+  copp_meter_get(COPP_SVC_MONITOR, od->nbs->copp,
+ meter_groups));
  
  struct mcast_switch_info *mcast_sw_info = >mcast_info.sw;
  
diff --git a/ovn-nb.xml b/ovn-nb.xml

index 4fbf4f7e5..b7ddd50c5 100644
--- a/ovn-nb.xml
+++ b/ovn-nb.xml
@@ -514,6 +514,10 @@
  
Rate limiting meter for packets that trigger a reject action
  
+
+  Rate limiting meter for packets that are arriving to service
+  monitor MAC address.
+
  
See External IDs at the beginning of this document.
  
diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at
index aa59754c1..5c2b78f2f 100644
--- a/tests/ovn-northd.at
+++ b/tests/ovn-northd.at
@@ -3655,7 +3655,7 @@ AT_CHECK([ovn-sbctl list logical_flow | grep 
trigger_event -A 2 | grep -q meter0
  
  # let's try to add an usupported protocol "dhcp"

  AT_CHECK([ovn-nbctl --wait=hv copp-add copp5 dhcp meter1],[1],[],[dnl
-ovn-nbctl: Invalid control protocol. Allowed values: arp, arp-resolve, 
dhcpv4-opts, dhcpv6-opts, dns, event-elb, icmp4-error, icmp6-error, igmp, 
nd-na, nd-ns, nd-ns-resolve, nd-ra-opts, tcp-reset, bfd, reject.
+ovn-nbctl: Invalid control protocol. Allowed values: arp, arp-resolve, 
dhcpv4-opts, dhcpv6-opts, dns, event-elb, icmp4-error, icmp6-error, igmp, 
nd-na, nd-ns, nd-ns-resolve, nd-ra-opts, tcp-reset, bfd, reject, svc-monitor.
  ])
  
  #Let's try to add a valid protocol to an unknown datapath

diff --git a/tests/system-ovn.at b/tests/system-ovn.at
index 55c5ddc19..59d0cb2a0 100644
--- a/tests/system-ovn.at
+++ b/tests/system-ovn.at
@@ -7469,6 +7469,23 @@ OVS_WAIT_UNTIL([
  ])
  kill $(pidof tcpdump)
  
+check ovn-nbctl set nb_global . options:svc_monitor_mac="33:33:33:33:33:33"

+check ovn-nbctl meter-add svc-meter drop 1 pktps 0
+check ovn-nbctl --wait=hv copp-add copp4 svc-monitor svc-meter
+check ovn-nbctl --wait=hv ls-copp-add copp4 sw0
+check ovn-appctl -t ovn-controller vlog/set vconn:dbg
+AT_CHECK([ovn-nbctl copp-list copp4], [0], [dnl
+svc-monitor: svc-meter
+])
+
+ip netns exec sw01 scapy -H <<-EOF
+p = Ether(dst="33:33:33:33:33:33", src="f0:00:00:01:02:03") /\
+IP(dst="192.168.1.100", src="192.168.1.2") / TCP(dport=1234, sport=1234)
+sendp(p, iface='sw01', loop=0, verbose=0, count=20)
+EOF
+
+OVS_WAIT_UNTIL([test "1" = "$(grep -c "dl_dst=33:33:33:33:33:33" 
ovn-controller.log)"])
+
  OVS_APP_EXIT_AND_WAIT([ovn-controller])
  
  as ovn-sb

@@ -7482,7 +7499,8 @@ OVS_APP_EXIT_AND_WAIT([NORTHD_TYPE])
  
  as

  OVS_TRAFFIC_VSWITCHD_STOP(["/.*error receiving.*/d
-/.*terminating with signal 15.*/d"])
+/.*terminating with signal 15.*/d
+/.*Service monitor not found/d"])
  
  AT_CLEANUP

  ])


___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn] northd, controller: Add CoPP for SVC monitor

2023-08-29 Thread Mark Michelson

From: Ales Musil 

The SVC monitor was exposed without any limitation.
Add CoPP for the SVC monitor flow, which adds a way
for CMSs to limit the traffic that this flow accepts.

Signed-off-by: Ales Musil 
---
 lib/copp.c  |  1 +
 lib/copp.h  |  1 +
 northd/northd.c |  8 +---
 ovn-nb.xml  |  4 
 tests/ovn-northd.at |  2 +-
 tests/system-ovn.at | 20 +++-
 6 files changed, 31 insertions(+), 5 deletions(-)

diff --git a/lib/copp.c b/lib/copp.c
index 603e3f5bf..11dd9029d 100644
--- a/lib/copp.c
+++ b/lib/copp.c
@@ -38,6 +38,7 @@ static char *copp_proto_names[COPP_PROTO_MAX] = {
 [COPP_ND_RA_OPTS]= "nd-ra-opts",
 [COPP_TCP_RESET] = "tcp-reset",
 [COPP_REJECT]= "reject",
+[COPP_SVC_MONITOR]   = "svc-monitor",
 [COPP_BFD]   = "bfd",
 };
 
diff --git a/lib/copp.h b/lib/copp.h
index f03004aa6..b99737220 100644
--- a/lib/copp.h
+++ b/lib/copp.h
@@ -37,6 +37,7 @@ enum copp_proto {
 COPP_TCP_RESET,
 COPP_BFD,
 COPP_REJECT,
+COPP_SVC_MONITOR,
 COPP_PROTO_MAX,
 COPP_PROTO_INVALID = COPP_PROTO_MAX,
 };
diff --git a/northd/northd.c b/northd/northd.c
index 8519617de..b43a67b87 100644
--- a/northd/northd.c
+++ b/northd/northd.c
@@ -9804,9 +9804,11 @@ build_lswitch_destination_lookup_bmcast(struct 
ovn_datapath *od,
 {
 ovs_assert(od->nbs);
 
-ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 110,
-  "eth.dst == $svc_monitor_mac && (tcp || icmp || icmp6)",
-  "handle_svc_check(inport);");
+ovn_lflow_metered(lflows, od, S_SWITCH_IN_L2_LKUP, 110,
+  "eth.dst == $svc_monitor_mac && (tcp || icmp || icmp6)",
+  "handle_svc_check(inport);",
+  copp_meter_get(COPP_SVC_MONITOR, od->nbs->copp,
+ meter_groups));
 
 struct mcast_switch_info *mcast_sw_info = >mcast_info.sw;
 
diff --git a/ovn-nb.xml b/ovn-nb.xml
index 4fbf4f7e5..b7ddd50c5 100644
--- a/ovn-nb.xml
+++ b/ovn-nb.xml
@@ -514,6 +514,10 @@
 
   Rate limiting meter for packets that trigger a reject action
 
+
+  Rate limiting meter for packets that are arriving to service
+  monitor MAC address.
+
 
   See External IDs at the beginning of this document.
 
diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at
index aa59754c1..5c2b78f2f 100644
--- a/tests/ovn-northd.at
+++ b/tests/ovn-northd.at
@@ -3655,7 +3655,7 @@ AT_CHECK([ovn-sbctl list logical_flow | grep 
trigger_event -A 2 | grep -q meter0
 
 # let's try to add an usupported protocol "dhcp"
 AT_CHECK([ovn-nbctl --wait=hv copp-add copp5 dhcp meter1],[1],[],[dnl
-ovn-nbctl: Invalid control protocol. Allowed values: arp, arp-resolve, 
dhcpv4-opts, dhcpv6-opts, dns, event-elb, icmp4-error, icmp6-error, igmp, 
nd-na, nd-ns, nd-ns-resolve, nd-ra-opts, tcp-reset, bfd, reject.
+ovn-nbctl: Invalid control protocol. Allowed values: arp, arp-resolve, 
dhcpv4-opts, dhcpv6-opts, dns, event-elb, icmp4-error, icmp6-error, igmp, 
nd-na, nd-ns, nd-ns-resolve, nd-ra-opts, tcp-reset, bfd, reject, svc-monitor.
 ])
 
 #Let's try to add a valid protocol to an unknown datapath
diff --git a/tests/system-ovn.at b/tests/system-ovn.at
index 55c5ddc19..59d0cb2a0 100644
--- a/tests/system-ovn.at
+++ b/tests/system-ovn.at
@@ -7469,6 +7469,23 @@ OVS_WAIT_UNTIL([
 ])
 kill $(pidof tcpdump)
 
+check ovn-nbctl set nb_global . options:svc_monitor_mac="33:33:33:33:33:33"
+check ovn-nbctl meter-add svc-meter drop 1 pktps 0
+check ovn-nbctl --wait=hv copp-add copp4 svc-monitor svc-meter
+check ovn-nbctl --wait=hv ls-copp-add copp4 sw0
+check ovn-appctl -t ovn-controller vlog/set vconn:dbg
+AT_CHECK([ovn-nbctl copp-list copp4], [0], [dnl
+svc-monitor: svc-meter
+])
+
+ip netns exec sw01 scapy -H <<-EOF
+p = Ether(dst="33:33:33:33:33:33", src="f0:00:00:01:02:03") /\
+IP(dst="192.168.1.100", src="192.168.1.2") / TCP(dport=1234, sport=1234)
+sendp(p, iface='sw01', loop=0, verbose=0, count=20)
+EOF
+
+OVS_WAIT_UNTIL([test "1" = "$(grep -c "dl_dst=33:33:33:33:33:33" 
ovn-controller.log)"])
+
 OVS_APP_EXIT_AND_WAIT([ovn-controller])
 
 as ovn-sb
@@ -7482,7 +7499,8 @@ OVS_APP_EXIT_AND_WAIT([NORTHD_TYPE])
 
 as
 OVS_TRAFFIC_VSWITCHD_STOP(["/.*error receiving.*/d
-/.*terminating with signal 15.*/d"])
+/.*terminating with signal 15.*/d
+/.*Service monitor not found/d"])
 
 AT_CLEANUP
 ])
-- 
2.40.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn] northd, controller: Add CoPP for SVC monitor

Re: [ovs-dev] [PATCH ovn] northd, controller: Add CoPP for SVC monitor

[ovs-dev] [PATCH ovn] northd, controller: Add CoPP for SVC monitor

3 matches

Site Navigation

Mail list logo

Footer information