summaryrefslogtreecommitdiff
path: root/lib/ct-dpif.h
Commit message (Collapse)AuthorAgeFilesLines
* dpctl: Implement dpctl commands for conntrack per zone limitYi-Hung Wei2018-08-171-0/+4
| | | | | | | | | | | | | | | This patch implments the following three commands on dpctl so that users can use ovs-dpctl or ovs-appctl to set, delete, and get the per zone limit. For example, $ ovs-appctl dpctl/ct-set-limits default=10 zone=0,limit=5 zone=1,limit=3 $ ovs-appctl dpct/ct-del-limits zone=0 $ ovs-appctl dpct/ct-get-limits zone=1,2,3 Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com> Signed-off-by: Justin Pettit <jpettit@ovn.org>
* ct-dpif: Helper functions for conntrack zone limitYi-Hung Wei2018-08-171-0/+3
| | | | | | | | This patch implments some helper function for conntrack zone limit. It will be useful for the following patches. Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com> Signed-off-by: Justin Pettit <jpettit@ovn.org>
* dpif: Support conntrack zone limit.Yi-Hung Wei2018-08-171-0/+12
| | | | | | | | | | | This patch defines the dpif interface to support conntrack per zone limit. Basically, OVS users can use this interface to set, delete, and get the conntrack per zone limit for various dpif interfaces. The following patch will make use of the proposed interface to implement the feature. Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com> Signed-off-by: Justin Pettit <jpettit@ovn.org>
* dpctl conntrack: Add get number of connections.Darrell Ball2018-01-091-0/+1
| | | | | | | | | | | A get command is added for number of conntrack connections. This command is only supported in the userspace datapath at this time. Signed-off-by: Darrell Ball <dlu998@gmail.com> Signed-off-by: Antonio Fischetti <antonio.fischetti@intel.com> Co-authored-by: Antonio Fischetti <antonio.fischetti@intel.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
* dpctl conntrack: Add get and set maxconns command.Darrell Ball2018-01-091-0/+2
| | | | | | | | | | | Get and set dpctl commands are added for conntrack maxconns. These commands are only supported in the userspace datapath at this time. Signed-off-by: Darrell Ball <dlu998@gmail.com> Signed-off-by: Antonio Fischetti <antonio.fischetti@intel.com> Co-authored-by: Antonio Fischetti <antonio.fischetti@intel.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
* dpctl: Support flush conntrack by conntrack 5-tupleYi-Hung Wei2017-12-071-0/+1
| | | | | | | | | | | | | | | | | With this patch, "flush-conntrack" in ovs-dpctl and ovs-appctl accept a conntrack 5-tuple to delete the conntrack entry specified by the 5-tuple. For example, user can use the following command to flush a conntrack entry in zone 5. $ ovs-dpctl flush-conntrack zone=5 \ 'ct_nw_src=10.1.1.2,ct_nw_dst=10.1.1.1,ct_nw_proto=17,ct_tp_src=2,ct_tp_dst=1' $ ovs-appctl dpctl/flush-conntrack zone=5 \ 'ct_nw_src=10.1.1.2,ct_nw_dst=10.1.1.1,ct_nw_proto=17,ct_tp_src=2,ct_tp_dst=1' VMWare-BZ: #1983178 Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com> Signed-off-by: Justin Pettit <jpettit@ovn.org>
* ct-dpif,dpif-netlink: Support conntrack flush by ct 5-tupleYi-Hung Wei2017-12-071-1/+2
| | | | | | | | | | | | | This patch adds support of flushing a conntrack entry specified by the conntrack 5-tuple, and provides the implementation in dpif-netlink. The implementation of dpif-netlink in the linux datapath utilizes the NFNL_SUBSYS_CTNETLINK netlink subsystem to delete a conntrack entry in nf_conntrack. Future patches will add support for the userspace and Windows datapaths. VMWare-BZ: #1983178 Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com> Signed-off-by: Justin Pettit <jpettit@ovn.org>
* dpctl: Add new 'ct-bkts' command.Antonio Fischetti2017-08-021-1/+2
| | | | | | | | | | | | | | | | | With the command: ovs-appctl dpctl/ct-bkts shows the number of connections per bucket. By using a threshold: ovs-appctl dpctl/ct-bkts gt=N for each bucket shows the number of connections when they are greater than N. Signed-off-by: Antonio Fischetti <antonio.fischetti@intel.com> Signed-off-by: Bhanuprakash Bodireddy <bhanuprakash.bodireddy@intel.com> Co-authored-by: Bhanuprakash Bodireddy <bhanuprakash.bodireddy@intel.com> Signed-off-by: Darrell Ball <dlu998@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
* dpctl: add CT Stats for Connections per protocol.Antonio Fischetti2017-07-111-1/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | Adds CT stats to report number of connections grouped by protocol. By using utilities/ovs-appctl dpctl/ct-stats-show it can display something like: Connections Stats: Total: 1808 TCP: 1808 With the verbose options: utilities/ovs-appctl dpctl/ct-stats-show verbose it can display: Connections Stats: Total: 2671 TCP: 2671 Conn per TCP states: [ESTABLISHED]=1000 [CLOSING]=1 [TIME_WAIT]=1670 Signed-off-by: Antonio Fischetti <antonio.fischetti@intel.com> Signed-off-by: Bhanuprakash Bodireddy <bhanuprakash.bodireddy@intel.com> Co-authored-by: Bhanuprakash Bodireddy <bhanuprakash.bodireddy@intel.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
* lib: Indicate if netlink message had labels.Jarno Rajahalme2017-03-091-0/+1
| | | | | | | | | | Conntrack update events include labels only if they have changed. Record the presence of labels in the netlink message to OVS internal representation, so that the user may keep the old labels when an update does not modify them. Fixes: 6830a0c0e6bf ("netlink-conntrack: New module.") Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Joe Stringer <joe@ovn.org>
* conntrack: Track ICMP type and code.Daniele Di Proietto2016-07-271-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | From the connection tracker perspective, an ICMP connection is a tuple identified by source ip address, destination ip address and ICMP id. While this allows basic ICMP traffic (pings) to work, it doesn't take into account the icmp type: the connection tracker will allow requests/replies in any directions. This is improved by making the ICMP type and code part of the connection tuple. An ICMP echo request packet from A to B, will create a connection that matches ICMP echo request from A to B and ICMP echo replies from B to A. The same is done for timestamp and info request/replies, and for ICMPv6. A new modules conntrack-icmp is implemented, to allow only "request" types to create new connections. Also, since they're tracked in both userspace and kernel implementations, ICMP type and code are always printed in ct-dpif (a few testcase are updated as a consequence). Reported-by: Subramani Paramasivam <subramani.paramasivam@wipro.com> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Acked-by: Joe Stringer <joe@ovn.org>
* ct-dpif: Add ct_dpif_flush().Daniele Di Proietto2015-12-211-0/+1
| | | | | | | | | | | | | This function will flush the connection tracking tables of a specific datapath. It simply calls a function pointer in the dpif_class. No dpif currently implements the required interface. The next commits will provide an implementation in dpif-netlink. Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Acked-by: Joe Stringer <joe@ovn.org>
* ct-dpif: Add ct_dpif_dump_{start,next,done}().Daniele Di Proietto2015-12-211-0/+10
| | | | | | | | | | | | These function can be used to dump conntrack entries from a datapath. They simply call a function pointer in the dpif_class. No dpif currently implements the interface. The next commits will provide an implementation in dpif-netlink. Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Acked-by: Joe Stringer <joe@ovn.org>
* ct-dpif: New module.Daniele Di Proietto2015-12-211-0/+178
This defines some structures (and their related formatting functions) to manipulate entries in connection tracking tables. It will be used by next commits. Based on original work by Jarno Rajahalme Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Acked-by: Joe Stringer <joe@ovn.org>
View Lorry Controller Status