allow user to set vxlan_sys_4789 tx off

Makefile

@@ -167,6 +167,11 @@ base-arm64:
 	docker buildx build --platform linux/arm64 --build-arg ARCH=arm64 --build-arg GO_VERSION=$(GO_VERSION) -t $(REGISTRY)/kube-ovn-base:$(RELEASE_TAG)-arm64 -o type=docker -f dist/images/Dockerfile.base dist/images/
 	docker buildx build --platform linux/arm64 --build-arg ARCH=arm64 --build-arg GO_VERSION=$(GO_VERSION) --build-arg DEBUG=true -t $(REGISTRY)/kube-ovn-base:$(DEBUG_TAG)-arm64 -o type=docker -f dist/images/Dockerfile.base dist/images/
 
+
+.PHONY: build-kit
+build-kit: build-go
+	DOCKER_BUILDKIT=1 docker build -t $(REGISTRY)/kube-ovn:$(RELEASE_TAG) --build-arg VERSION=$(RELEASE_TAG) -o type=docker -f dist/images/Dockerfile dist/images/
+
 .PHONY: image-kube-ovn
 image-kube-ovn: image-kube-ovn-debug build-go
 	docker buildx build --platform linux/amd64 -t $(REGISTRY)/kube-ovn:$(RELEASE_TAG) --build-arg VERSION=$(RELEASE_TAG) -o type=docker -f dist/images/Dockerfile dist/images/

charts/kube-ovn/templates/ovncni-ds.yaml

@@ -119,6 +119,7 @@ spec:
           - --ovs-vsctl-concurrency={{ .Values.performance.OVS_VSCTL_CONCURRENCY }}
           - --secure-serving={{- .Values.func.SECURE_SERVING }}
           - --enable-ovn-ipsec={{- .Values.func.ENABLE_OVN_IPSEC }}
+          - --set-tx-off={{- .Values.func.SET_TX_OFF }}
         securityContext:
           runAsUser: {{ include "kubeovn.runAsUser" . }}
           runAsGroup: 0

charts/kube-ovn/values.yaml

@@ -75,6 +75,7 @@ func:
   ENABLE_NAT_GW: true
   ENABLE_OVN_IPSEC: false
   ENABLE_ANP: false
+  SET_TX_OFF: false
 
 ipv4:
   POD_CIDR: "10.16.0.0/16"

cmd/daemon/cniserver.go

@@ -72,6 +72,12 @@ func main() {
 		util.LogFatalAndExit(err, "failed to do the OS initialization")
 	}
 
+	if config.SetTxOff && config.NetworkType == util.NetworkTypeVxlan {
+		if err := setVxlanNicTxOff(); err != nil {
+			util.LogFatalAndExit(err, "failed to do the OS initialization for vxlan case")
+		}
+	}
+
 	ctrl.SetLogger(klog.NewKlogr())
 	ctx := signals.SetupSignalHandler()
 	stopCh := ctx.Done()

cmd/daemon/init.go

@@ -11,7 +11,10 @@ import (
 	"github.com/kubeovn/kube-ovn/pkg/daemon"
 )
 
-const geneveLinkName = "genev_sys_6081"
+const (
+	geneveLinkName = "genev_sys_6081"
+	vxlanLinkName  = "vxlan_sys_4789"
+)
 
 func printCaps() {
 	currentCaps := cap.GetProc()
@@ -30,3 +33,16 @@ func initForOS() error {
 	// disable checksum for genev_sys_6081 as default
 	return daemon.TurnOffNicTxChecksum(geneveLinkName)
 }
+
+func setVxlanNicTxOff() error {
+	if _, err := netlink.LinkByName(vxlanLinkName); err != nil {
+		if _, ok := err.(netlink.LinkNotFoundError); ok {
+			return nil
+		}
+		klog.Errorf("failed to get link %s: %v", vxlanLinkName, err)
+		return err
+	}
+
+	// disable checksum for vxlan_sys_4789 as default
+	return daemon.TurnOffNicTxChecksum(vxlanLinkName)
+}

cmd/daemon/init_windows.go

@@ -50,3 +50,8 @@ func initForOS() error {
 
 	return nil
 }
+
+func setVxlanNicTxOff() error {
+	// TODO: implement this function
+	return nil
+}

dist/images/install.sh

@@ -41,6 +41,7 @@ ENABLE_COMPACT=${ENABLE_COMPACT:-false}
 SECURE_SERVING=${SECURE_SERVING:-false}
 ENABLE_OVN_IPSEC=${ENABLE_OVN_IPSEC:-false}
 ENABLE_ANP=${ENABLE_ANP:-false}
+SET_TX_OFF=${SET_TX_OFF:-false}
 
 # debug
 DEBUG_WRAPPER=${DEBUG_WRAPPER:-}
@@ -4494,6 +4495,7 @@ spec:
           - --ovs-vsctl-concurrency=$OVS_VSCTL_CONCURRENCY
           - --secure-serving=${SECURE_SERVING}
           - --enable-ovn-ipsec=$ENABLE_OVN_IPSEC
+          - --set-tx-off=$SET_TX_OFF
         securityContext:
           runAsUser: ${RUN_AS_USER}
           runAsGroup: 0

pkg/daemon/config.go

@@ -71,6 +71,7 @@ type Configuration struct {
 	UDPConnCheckPort          int32
 	EnableTProxy              bool
 	OVSVsctlConcurrency       int32
+	SetTxOff                  bool
 }
 
 // ParseFlags will parse cmd args then init kubeClient and configuration
@@ -114,6 +115,7 @@ func ParseFlags() *Configuration {
 		argEnableTProxy              = pflag.Bool("enable-tproxy", false, "enable tproxy for vpc pod liveness or readiness probe")
 		argOVSVsctlConcurrency       = pflag.Int32("ovs-vsctl-concurrency", 100, "concurrency limit of ovs-vsctl")
 		argEnableOVNIPSec            = pflag.Bool("enable-ovn-ipsec", false, "Whether to enable ovn ipsec")
+		argSetTxOff                  = pflag.Bool("set-tx-off", false, "Whether to set vxlan_sys_4789 tx off")
 	)
 
 	// mute info log for ipset lib
@@ -173,6 +175,7 @@ func ParseFlags() *Configuration {
 		UDPConnCheckPort:          *argUDPConnectivityCheckPort,
 		EnableTProxy:              *argEnableTProxy,
 		OVSVsctlConcurrency:       *argOVSVsctlConcurrency,
+		SetTxOff:                  *argSetTxOff,
 	}
 	return config
 }

pkg/daemon/ovs_linux.go

@@ -1839,6 +1839,7 @@ func TurnOffNicTxChecksum(nicName string) error {
 	elapsed := float64((time.Since(start)) / time.Millisecond)
 	klog.V(4).Infof("command %s %s in %vms", "ethtool", strings.Join(args, " "), elapsed)
 	if err != nil {
+		klog.Error(err)
 		return fmt.Errorf("failed to turn off nic tx checksum, output %s, err %s", string(output), err.Error())
 	}
 	return nil