7941f9b2da
MR: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/4658 JIRA: https://issues.redhat.com/browse/RHEL-31876 Upstream-Status: net-next.git Tested: manual testing + OVS testsuite including psample-specific tests from [1] + upstream kernel selftests tests including psample-specific tests. OpenvSwitch currently supports a feature called "per-flow sampling" by which a controller such as OVN can configure certain flows that make the matched packet get "sampled". The sample is sent via IPFIX alongside OVN-generated metadata. This is very useful to enhance visibility on the datapath. E.g: it can be used to know what NetworkPolicy impacted a certain packet (and the packet header contents). However, a big limitation makes this solution non-production ready: samples have to go through ovs-vswitchd via upcall (userspace action) sharing both netlink socket buffer and ovs-vswitchd thread time with actual packet processing. This series adds support for a new action called "psample" that, when used by OVS, allows samples to go directly to some external observer through the psample netlink multicast group fixing the current limitation and enabling observability solutions to be built on top of OVS/OVN. [1] https://patchwork.ozlabs.org/project/openvswitch/cover/20240707200905.2719071-1-amorenoz@redhat.com/ Signed-off-by: Adrian Moreno <amorenoz@redhat.com> Approved-by: Antoine Tenart <atenart@redhat.com> Approved-by: Florian Westphal <fwestpha@redhat.com> Approved-by: Eelco Chaudron <echaudro@redhat.com> Approved-by: CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> Merged-by: Lucas Zampieri <lzampier@redhat.com> |
||
|---|---|---|
| .. | ||
| specs | ||
| genetlink-c.yaml | ||
| genetlink-legacy.yaml | ||
| genetlink.yaml | ||
| netlink-raw.yaml | ||