On Sat, Nov 7, 2020 at 11:46 AM Jakub Kicinski wrote:
>
> On Tue, 3 Nov 2020 16:11:34 -0800 Yi-Hung Wei wrote:
> > TUNNEL_GENEVE_OPT is set on tun_flags in struct sw_flow_key when
> > a packet is coming from a geneve tunnel no matter the size of geneve
> > option is ze
On Tue, Nov 10, 2020 at 4:17 PM Yi-Hung Wei wrote:
>
> Currently, we may set the tunnel option flag when the size of metadata
> is zero. For example, we set TUNNEL_GENEVE_OPT in the receive function
> no matter the geneve option is present or not. As this may result in
> issue
:
*
https://lore.kernel.org/netdev/1604448694-19351-1-git-send-email-yihung@gmail.com/T/#u
Fixes: 256c87c17c53 ("net: check tunnel option type in tunnel flags")
Signed-off-by: Yi-Hung Wei
---
drivers/net/geneve.c | 3 +--
include/net/ip_tunnels.h | 7 ---
2 files
est, reg9=0x0/0xff
action=output:gnv1
table=2, priority=200, in_port=gnv0, icmp, ct_state=+trk+est, reg9=0x1/0xff
action=output:gnv1
Fixes: fc4099f17240 ("openvswitch: Fix egress tunnel info.")
Signed-off-by: Yi-Hung Wei
---
net/openvswitch/flow_netlink.c | 10 +-
1 fi
. After that the processing pipeline will further
check a couple of packets to determine if the connection belongs to
a particular application, and attach alg helper to the connection
in a later stage.
Signed-off-by: Yi-Hung Wei
---
v1->v2, Use logical OR instead of bitwise OR as Dave sugges
On Thu, Oct 3, 2019 at 8:31 AM David Miller wrote:
>
> From: Yi-Hung Wei
> Date: Mon, 30 Sep 2019 12:39:04 -0700
>
> > - if ((nf_ct_is_confirmed(ct) ? !cached : info->commit) &&
> > + if ((nf_ct_is_confirmed(ct) ? !cached | add
. After that the processing pipeline will further
check a couple of packets to determine if the connection belongs to
a particular application, and attach alg helper to the connection
in a later stage.
Signed-off-by: Yi-Hung Wei
---
net/openvswitch/conntrack.c | 21 +
1 file
On Thu, Aug 22, 2019 at 11:51 PM Pravin Shelar wrote:
>
> On Thu, Aug 22, 2019 at 1:28 PM Yi-Hung Wei wrote:
> >
> > This patch addresses a conntrack cache issue with timeout policy.
> > Currently, we do not check if the timeout extension is set properly in the
> >
aforementioned issue.
Fixes: 06bd2bdf19d2 ("openvswitch: Add timeout support to ct action")
Reported-by: kbuild test robot
Signed-off-by: Yi-Hung Wei
---
v1->v2: Fix rcu dereference issue reported by kbuild test robot.
---
net/openvswitch/conntrack.c | 13 +
1 file changed,
On Thu, Aug 22, 2019 at 11:12 AM kbuild test robot wrote:
>
> Hi Yi-Hung,
>
> Thank you for the patch! Perhaps something to improve:
>
> [auto build test WARNING on net/master]
>
> url:
> https://github.com/0day-ci/linux/commits/Yi-Hung-Wei/openvswitch-Fix-c
Fixes: 06bd2bdf19d2 ("openvswitch: Add timeout support to ct action")
Signed-off-by: Yi-Hung Wei
---
net/openvswitch/conntrack.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c
index 45498fcf540d..0d5ab4957
aforementioned issue.
Fixes: 06bd2bdf19d2 ("openvswitch: Add timeout support to ct action")
Signed-off-by: Yi-Hung Wei
---
net/openvswitch/conntrack.c | 13 +
1 file changed, 13 insertions(+)
diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c
index 848c6eb55064..45
ch: Add timeout support to ct action")
> Signed-off-by: Dan Carpenter
> ---
Thanks for the fix.
Acked-by: Yi-Hung Wei
applied.
Example usage:
$ nfct timeout add timeout_1 inet tcp syn_sent 100 established 200
$ ovs-ofctl add-flow br0 in_port=1,ip,tcp,action=ct(commit,timeout=timeout_1)
CC: Pravin Shelar
CC: Pablo Neira Ayuso
Signed-off-by: Yi-Hung Wei
---
v1-> v2: Utilize nf_ct_set_timeout().
v2-> v4: No
finer-grain conntrack timeout feature.
CC: Pablo Neira Ayuso
CC: Pravin Shelar
Signed-off-by: Yi-Hung Wei
---
v1-> v2: Export nf_ct_set_timeout().
v2-> v3: Fix build issue when CONFIG_NF_CONNTRACK_TIMEOUT is not set.
v3-> v4: Remove unnessary #ifdef CONFIG_NF_CONNTRACK_TIMEOUT
---
in
applied.
Example usage:
$ nfct timeout add timeout_1 inet tcp syn_sent 100 established 200
$ ovs-ofctl add-flow br0 in_port=1,ip,tcp,action=ct(commit,timeout=timeout_1)
CC: Pravin Shelar
CC: Pablo Neira Ayuso
Signed-off-by: Yi-Hung Wei
---
v1-> v2: Utilize nf_ct_set_timeout().
v2-> v3: No
finer-grain conntrack timeout feature.
CC: Pablo Neira Ayuso
CC: Pravin Shelar
Signed-off-by: Yi-Hung Wei
---
v1-> v2: Export nf_ct_set_timeout().
v2-> v3: Fix build issue when CONFIG_NF_CONNTRACK_TIMEOUT is not set.
---
include/net/netfilter/nf_conntrack_timeout.h | 15 +
net/net
applied.
Example usage:
$ nfct timeout add timeout_1 inet tcp syn_sent 100 established 200
$ ovs-ofctl add-flow br0 in_port=1,ip,tcp,action=ct(commit,timeout=timeout_1)
CC: Pravin Shelar
Signed-off-by: Yi-Hung Wei
---
include/uapi/linux/openvswitch.h | 3 +++
net/openvswitch/conntrack.c
finer-grain conntrack timeout feature.
CC: Pablo Neira Ayuso
Signed-off-by: Yi-Hung Wei
---
include/net/netfilter/nf_conntrack_timeout.h | 3 +
net/netfilter/nf_conntrack_timeout.c | 97
net/netfilter/xt_CT.c| 93
> > +static void ovs_ct_add_timeout(struct net *net, struct nf_conn *ct,
> > + const char *timeout_name, u16 l3num, u8
> > l4num)
> > +{
> This code looks very similar to xt_ct_set_timeout(), can you refactor
> it to avoid code duplication?
Thanks Prvain's feedback. I
Ayuso
Signed-off-by: Yi-Hung Wei
---
include/net/netfilter/nf_conntrack_timeout.h | 1 +
net/netfilter/nf_conntrack_timeout.c | 21 +
net/netfilter/xt_CT.c| 22 +-
3 files changed, 23 insertions(+), 21 deletions(-)
diff
applied.
Example usage:
$ nfct timeout add timeout_1 inet tcp syn_sent 100 established 200
$ ovs-ofctl add-flow br0 in_port=1,ip,tcp,action=ct(commit,timeout=timeout_1)
CC: Pravin Shelar
Signed-off-by: Yi-Hung Wei
---
include/uapi/linux/openvswitch.h | 3 ++
net/openvswitch/conntrack.c
On Sun, Feb 3, 2019 at 1:13 AM Eli Britstein wrote:
>
> Declare ovs key structures using macros as a pre-step towards to
> enable retrieving fields information, as a work done in proposed
> commit in the OVS tree https://patchwork.ozlabs.org/patch/1023406/
> ("odp-util: Do not rewrite fields with
IP protocol number for IPv6 later
frags")
Signed-off-by: Yi-Hung Wei
---
net/openvswitch/flow.c | 8 +---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/net/openvswitch/flow.c b/net/openvswitch/flow.c
index 57e07768c9d1..f54cf17ef7a8 100644
--- a/net/openvswitch/flow.
Currently, OVS only parses the IP protocol number for the first
IPv6 fragment, but sets the IP protocol number for the later fragments
to be NEXTHDF_FRAGMENT. This patch tries to derive the IP protocol
number for the IPV6 later frags so that we can match that.
Signed-off-by: Yi-Hung Wei
On Mon, Aug 13, 2018 at 10:48 AM William Tu wrote:
> > > --- a/net/openvswitch/flow.c
> > > +++ b/net/openvswitch/flow.c
> > > @@ -297,7 +297,13 @@ static int parse_ipv6hdr(struct sk_buff *skb, struct
> > > sw_flow_key *key)
> > >
> > > nh_len = payload_ofs - nh_ofs;
> > > skb_set
Currently, OVS only parses the IP protocol number for the first
IPv6 fragment, but sets the IP protocol number for the later fragments
to be NEXTHDF_FRAGMENT. This patch tries to derive the IP protocol
number for the IPV6 later frags so that we can match that.
Signed-off-by: Yi-Hung Wei
commit log typos suggested by Greg.
- Fixes memory free issue that Julia found.
Yi-Hung Wei (2):
openvswitch: Add conntrack limit netlink definition
openvswitch: Support conntrack zone limit
include/uapi/linux/openvswitch.h | 28 ++
net/openvswitch/Kconfig | 3 +-
net/openvswitch/connt
Define netlink messages and attributes to support user kernel
communication that uses the conntrack limit feature.
Signed-off-by: Yi-Hung Wei
---
include/uapi/linux/openvswitch.h | 28
1 file changed, 28 insertions(+)
diff --git a/include/uapi/linux/openvswitch.h b
cular zone
- OVS_CT_LIMIT_CMD_DEL:
* remove the connection limit for a particular zone
- OVS_CT_LIMIT_CMD_GET:
* get the default connection limit for all zones
* get the connection limit for a particular zone
Signed-off-by: Yi-Hung Wei
---
net/openvswitch/Kconfig | 3 +-
ssages when the ct
limit is reached.
- Rebases to master.
v1->v2:
- Fixes commit log typos suggested by Greg.
- Fixes memory free issue that Julia found.
Yi-Hung Wei (2):
openvswitch: Add conntrack limit netlink definition
openvswitch: Support conntrack zone limit
incl
Define netlink messages and attributes to support user kernel
communication that uses the conntrack limit feature.
Signed-off-by: Yi-Hung Wei
---
include/uapi/linux/openvswitch.h | 26 ++
1 file changed, 26 insertions(+)
diff --git a/include/uapi/linux/openvswitch.h b
cular zone
- OVS_CT_LIMIT_CMD_DEL:
* remove the connection limit for a particular zone
- OVS_CT_LIMIT_CMD_GET:
* get the default connection limit for all zones
* get the connection limit for a particular zone
Signed-off-by: Yi-Hung Wei
---
net/openvswitch/Kconfig | 3 +-
cular zone
- OVS_CT_LIMIT_CMD_DEL:
* remove the connection limit for a particular zone
- OVS_CT_LIMIT_CMD_GET:
* get the default connection limit for all zones
* get the connection limit for a particular zone
Signed-off-by: Yi-Hung Wei
---
net/openvswitch/Kconfig | 3 +-
issue that Julia found.
Yi-Hung Wei (2):
openvswitch: Add conntrack limit netlink definition
openvswitch: Support conntrack zone limit
include/uapi/linux/openvswitch.h | 62 +
net/openvswitch/Kconfig | 3 +-
net/openvswitch/conntrack.c
Define netlink messages and attributes to support user kernel
communication that uses the conntrack limit feature.
Signed-off-by: Yi-Hung Wei
---
include/uapi/linux/openvswitch.h | 62
1 file changed, 62 insertions(+)
diff --git a/include/uapi/linux
>> +#ifIS_ENABLED(CONFIG_NETFILTER_CONNCOUNT)
>> +#define OVS_CT_LIMIT_UNLIMITED 0
>> +#define OVS_CT_LIMIT_DEFAULT OVS_CT_LIMIT_UNLIMITED
>> +#define CT_LIMIT_HASH_BUCKETS 512
>> +
> Can you use static key when the limit is not set.
> This would avoid overhead in datapath when these limits are
On Tue, Apr 24, 2018 at 10:42 AM, David Miller wrote:
> From: Pravin Shelar
> Date: Mon, 23 Apr 2018 23:34:48 -0700
>
>> OK. Thanks for the info.
>
> So, ACK, Reviewed-by, etc.? :-)
>
Parvin provides feedback in a previous email. I will address them and
send out v3.
Thanks,
-Yi-Hung
On Mon, Apr 23, 2018 at 1:10 PM, Pravin Shelar wrote:
> On Mon, Apr 23, 2018 at 6:39 AM, David Miller wrote:
>> From: Yi-Hung Wei
>> Date: Tue, 17 Apr 2018 17:30:27 -0700
>>
>>> Currently, nf_conntrack_max is used to limit the maximum number of
>>> connt
> s/to commit/from committing/
> s/entry/entries/
Thanks, will fix that in both patches in v2.
> I think this is a great idea but I suggest porting to the iproute2 package
> so everyone can use it. Then git rid of the OVS specific prefixes.
> Presuming of course that the conntrack connection
>
- Fixes memory free issue that Julia found.
Yi-Hung Wei (2):
openvswitch: Add conntrack limit netlink definition
openvswitch: Support conntrack zone limit
include/uapi/linux/openvswitch.h | 62 +
net/openvswitch/Kconfig | 3 +-
net/openvswitch/conntrack.c
Define netlink messages and attributes to support user kernel
communication that uses the conntrack limit feature.
Signed-off-by: Yi-Hung Wei
---
include/uapi/linux/openvswitch.h | 62
1 file changed, 62 insertions(+)
diff --git a/include/uapi/linux
cular zone
- OVS_CT_LIMIT_CMD_DEL:
* remove the connection limit for a particular zone
- OVS_CT_LIMIT_CMD_GET:
* get the default connection limit for all zones
* get the connection limit for a particular zone
Signed-off-by: Yi-Hung Wei
---
net/openvswitch/Kconfig | 3 +-
Define netlink messages and attributes to support user kernel
communication that using conntrack limit feature.
Signed-off-by: Yi-Hung Wei
---
include/uapi/linux/openvswitch.h | 62
1 file changed, 62 insertions(+)
diff --git a/include/uapi/linux
zone
- OVS_CT_LIMIT_CMD_DEL:
* remove the connection limit for a particular zone
- OVS_CT_LIMIT_CMD_GET:
* get the default connection limit for all zones
* get the connection limit for a particular zone
Signed-off-by: Yi-Hung Wei
---
net/openvswitch/Kconfig | 3 +-
net/openvs
, the limit
defaults to zero that is no limitation, which is backward compatible to
the behavior without this patch.
The first patch defines the conntrack limit netlink definition, and the
scecond patch provides the implementation.
Yi-Hung Wei (2):
openvswitch: Add conntrack limit netlink defin
wever, the commit does not update the code path in ovs_flow_key_update()
to revalidate the flow key which may cause BUG_ON() on execute_recirc().
This patch addresses the aforementioned issue.
Fixes: 329f45bc4f19 ("openvswitch: add mac_proto field to the flow key")
Signed-off-by: Y
On Thu, Mar 30, 2017 at 6:22 AM, Jiri Benc wrote:
> On Wed, 29 Mar 2017 17:14:10 -0700, Yi-Hung Wei wrote:
>> ovs_flow_key_update() is called when the flow key is invalid, and it is
>> used to update and revalidate the flow key. Commit 329f45bc4f19
>> ("openvswitch:
wever, the commit does not update the code path in ovs_flow_key_update()
to revalidate the flow key which may cause BUG_ON() on execute_recirc().
This patch addresses the aforementioned issue.
Fixes: 329f45bc4f19 ("openvswitch: add mac_proto field to the flow key")
Signed-off-by: Y
49 matches
Mail list logo
