Disable pcap optimisation of encrypted sleeve

Prior to optional encryption support, enabling encryption disabled the fast datapath overlay (because it doesn't support encryption) but left the OVS datapath netdev in place for bridging (so that users could switch encryption on and off without resetting the bridge). In this situation the ODP miss handler is guaranteed to be invoked for every packet, so as an optimisation the weave script configured the router to use pcap to capture packets from the bridge as that is slightly more efficient. The introduction of optional encryption means the guarantee no longer holds, and so the optimisation must be removed.
weaveworks · Dec 15, 2015 · e12dbb4 · e12dbb4
1 parent 85d4b1f
commit e12dbb4
Showing 1 changed file with 2 additions and 38 deletions.
diff --git a/weave b/weave
@@ -298,8 +298,6 @@ DATAPATH=datapath
 BRIDGE_IFNAME=link-${BRIDGE}
 DATAPATH_IFNAME=${DATAPATH}-link
 CONTAINER_IFNAME=ethwe
-# ROUTER_HOSTNETNS_IFNAME is only used for fastdp with encryption
-ROUTER_HOSTNETNS_IFNAME=veth-weave
 PORT=${WEAVE_PORT:-6783}
 HTTP_PORT=6784
 PROXY_PORT=12375
@@ -742,27 +740,7 @@ ask_version() {
 }
 
 router_opts_fastdp() {
-    if [ -z "$WEAVE_PASSWORD" ] ; then
-        echo "--datapath $DATAPATH"
-    else
-        # When using encryption, we still do bridging on the ODP
-        # datapath, because you can 'weave launch' without encryption
-        # and then later restart the router with encryption, or vice
-        # versa.  Encryption disables the use of the fastdp Overlay,
-        # but the router could still use the fastdp Bridge to receive
-        # packets.  However, pcap has better performance when sniffing
-        # every packet.  So we pass --iface to use the pcap Bridge.
-        #
-        # Why don't we simply pass "--iface $BRIDGE".  We could,
-        # except for the fact that NetworkManager likes to down the
-        # odp $BRIDGE netdev (at least under ubuntu), and you can only
-        # use pcap on an interface that is up.  We avoid that by use
-        # pcap via a veth pair (NetworkManager leaves them alone).
-        # Having a netdev in the host netns called "ethwe" might
-        # surprise people, so it is called $ROUTER_HOSTNETNS_IFNAME
-        # instead.
-        echo "--datapath $DATAPATH --iface $ROUTER_HOSTNETNS_IFNAME"
-    fi
+    echo "--datapath $DATAPATH"
 }
 
 router_opts_bridge() {
@@ -778,15 +756,7 @@ router_opts_bridged_fastdp() {
 ######################################################################
 
 setup_router_iface_fastdp() {
-    if [ -n "$WEAVE_PASSWORD" ] ; then
-        # See router_opts_fastdp
-        # No-op if already attached
-        if ip link show $LOCAL_IFNAME >/dev/null 2>&1 ; then
-            return 0
-        fi
-        connect_container_to_bridge $ROUTER_HOSTNETNS_IFNAME &&
-            ip link set $ROUTER_HOSTNETNS_IFNAME up
-    fi
+    true
 }
 
 setup_router_iface_bridge() {
@@ -1581,8 +1551,6 @@ launch_router() {
     if [ "$BRIDGE_TYPE" != bridge ] ; then
         NETHOST_OPT="--net=host"
         HTTP_IP=127.0.0.1
-        # In case there is a lingering veth-weave netdev
-        ip link del $ROUTER_HOSTNETNS_IFNAME >/dev/null 2>&1 || true
     fi
 
     # Set WEAVE_DOCKER_ARGS in the environment in order to supply
@@ -1635,10 +1603,6 @@ attach_router() {
 stop_router() {
     stop $CONTAINER_NAME "Weave"
     conntrack -D -p udp --dport $PORT >/dev/null 2>&1 || true
-    # Remove the veth-weave netdev in a fastdp context
-    if detect_bridge_type && [ "$BRIDGE_TYPE" != bridge ] ; then
-        ip link del $ROUTER_HOSTNETNS_IFNAME >/dev/null 2>&1 || true
-    fi
 }
 
 launch_proxy() {