Yi-Hung Wei [Mon, 21 Nov 2016 21:42:41 +0000 (13:42 -0800)]
ovs-ofctl: Fix memory leak in bundle_print_errors().
In testcase "ofproto - bundle group mod with mod and add_or_mod command",
valgrind reports a memory leak with the following call stack.
xmalloc (util.c:112)
ofpbuf_resize__ (ofpbuf.c:246)
ofpbuf_push_uninit (ofpbuf.c:436)
ofpbuf_push (ofpbuf.c:459)
ofperr_decode_msg (ofp-errors.c:332)
bundle_print_errors (ovs-ofctl.c:692)
bundle_transact.constprop.25 (ovs-ofctl.c:728)
bundle_group_mod__ (ovs-ofctl.c:2663)
ofctl_group_mod__ (ovs-ofctl.c:2681)
ofctl_group_mod (ovs-ofctl.c:2736)
ovs_cmdl_run_command__ (command-line.c:115)
main (ovs-ofctl.c:151)
Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Kelly [Sun, 20 Nov 2016 09:34:41 +0000 (20:34 +1100)]
ofproto: Drop flows between protected ports
Protected ports can not forward frames to other protected ports.
Unprotected ports can receive and forward frames to protected and other
unprotected ports.
Signed-off-by: Ben Kelly <ben@benjii.net> Signed-off-by: Simon Horman <simon.horman@netronome.com>
Lance Richardson [Mon, 21 Nov 2016 22:47:13 +0000 (17:47 -0500)]
rhel: fix ovn-common rpm installation failure
The directory /usr/lib/ocf/ does not exist if the pacemaker
package has not been installed, which causes installation of the
ovn-common rpm to fail on "mkdir /usr/lib/ocf/resource.d/ovn".
Allow for the possibility that /usr/lib/ocf does not exist by
using "mkdir -p".
Fixes: a4245b7869c8 ("ovn: Add ovn db servers ocf script in fedora packager") Signed-off-by: Lance Richardson <lrichard@redhat.com> Acked-by: Babu Shanmugam <bschanmu@redhat.com> Tested-by: Babu Shanmugam <bschanmu@redhat.com> Signed-off-by: Simon Horman <simon.horman@netronome.com>
Babu Shanmugam [Wed, 16 Nov 2016 10:13:11 +0000 (15:43 +0530)]
ovn: Add ovndb servers ocf script in debian packager
The OCF script will be present in the ovn-common package and installed
in the openvswitch scripts folder and a symbolic link to this file will
be created in the OCF resources folder.
The OCF resource agent name for this resource is ocf:ovn:ovndb-servers
Signed-off-by: Babu Shanmugam <bschanmu@redhat.com> Acked-by: Andy Zhou <azhou@ovn.org> Signed-off-by: Andy Zhou <azhou@ovn.org>
Babu Shanmugam [Wed, 16 Nov 2016 10:13:10 +0000 (15:43 +0530)]
ovn: Add ovn db servers ocf script in fedora packager
The OCF script will be present in the ovn-common package and installed
in the openvswitch scripts folder. A symbolic link to this file will
be created in the OCF resources folder.
The OCF resource agent name for this resource is ocf:ovn:ovndb-servers
Signed-off-by: Babu Shanmugam <bschanmu@redhat.com> Acked-by: Andy Zhou <azhou@ovn.org> Signed-off-by: Andy Zhou <azhou@ovn.org>
Babu Shanmugam [Wed, 16 Nov 2016 10:13:08 +0000 (15:43 +0530)]
ovn: ovn-ctl support for HA ovn DB servers
This patch adds support to start_ovsdb() function in ovn-ctl to start the
ovn db servers in backup mode. This can be done in the following ways
1. Use parameters --ovn-nb-sync-from-addr and --ovn-sb-sync-from-addr to
set the addresses of the active server.
2. Create files $etcdir/ovnnb-active.conf and $etcdir/ovnsb-active.conf
with the tcp url of the active servers.
Additional functions to promote a backup server to active and demote
active server to backup mode are also added in this patch
One can optionally set the DB parameters for northd in
$etcdir/ovn-northd-db-params.conf. For example,
The parameters will be used as is, by start_northd(). If this file exists,
start_northd() will not start the DB servers even if $OVN_MANAGE_OVSDB is
'yes'.
Signed-off-by: Babu Shanmugam <bschanmu@redhat.com> Acked-by: Andy Zhou <azhou@ovn.org> Signed-off-by: Andy Zhou <azhou@ovn.org>
Russell Bryant [Thu, 17 Nov 2016 13:32:28 +0000 (08:32 -0500)]
rhel: Support ovn-ctl args through env vars.
Update the systemd units for ovn-controller and ovn-northd to support
passing additional arguments to the ovn-ctl scripts through environment
variables. Also add some documentation to the top of these files that
describes how to specify these environment variables in systemd
configuration files.
Add similar documentation to the top of the ovn-controller-vtep system
unit to describe how to specify environment variables for options
passed to ovn-controller-vtep.
Signed-off-by: Russell Bryant <russell@ovn.org> Co-authored-by: Babu Shanmugam <bschanmu@redhat.com> Signed-off-by: Babu Shanmugam <bschanmu@redhat.com> Acked-by: Simon Horman <simon.horman@netronome.com>
Russell Bryant [Sun, 6 Nov 2016 23:12:32 +0000 (18:12 -0500)]
.mailmap: Document file format.
Note that official file format documentation is in git-shortlog(1), but
provide a simple quick reference for the two types of entries currently
used in this file.
A third type of entry was used previously, but this commit simplifies
them into one of the two forms documented.
Signed-off-by: Russell Bryant <russell@ovn.org> Acked-by: Simon Horman <simon.horman@netronome.com>
Joe Stringer [Wed, 16 Nov 2016 00:15:04 +0000 (16:15 -0800)]
netdev: Count ports within mutex.
netdev_get_vports() previously counted the number of ports outside the
mutex, allocated enough memory for that number, then grabbed the mutex
to iterate through them and filled the array with the pointers.
This is logically wrong; in theory the number of ports could change
between allocating the memory and grabbing the mutex. In practice, only
the main thread manages these so there is no chance for a segfault. Fix
it up anyway.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Pravin B Shelar [Wed, 16 Nov 2016 05:15:26 +0000 (21:15 -0800)]
netdev: Fix sockaddr cast warning.
Following warning was reported by Travis:-
lib/netdev.c:1916:19: error: cast from 'struct sockaddr *' to 'struct
sockaddr_in *' increases required alignment from 2 to 4
[-Werror,-Wcast-align]
sin = (struct sockaddr_in *) ifa->ifa_netmask;
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lib/netdev.c:1924:20: error: cast from 'struct sockaddr *' to 'struct
sockaddr_in6 *' increases required alignment from 2 to 4
[-Werror,-Wcast-align]
sin6 = (struct sockaddr_in6 *) ifa->ifa_netmask;
Fixes: 3f31aded6 ("netdev: fix netmask in netdev_get_addrs"). Signed-off-by: Pravin B Shelar <pshelar@ovn.org> Acked-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Ilya Maximets [Thu, 27 Oct 2016 14:14:08 +0000 (17:14 +0300)]
netdev-dpdk: Return rx/tx queue sizes only for ETH devices.
'dev->requested_{rxq,txq}_size' and 'dev->{rxq,txq}_size' are
relevant only for DPDK_DEV_ETH devices and should be skipped
in 'netdev_dpdk_get_config()' for other ports.
Ilya Maximets [Tue, 15 Nov 2016 11:36:39 +0000 (14:36 +0300)]
dpif-netdev: Honor rxq affinity during pmd threads creation.
Currently, If user will set up 'pmd-rxq-affinity' to cores on
different numa node, they may not be polled, because pmd threads
will not be created there even if this cores are in 'pmd-cpu-mask'.
Fix that by creating threads on all numa nodes rxqs assigned to.
Patrik Andersson [Fri, 28 Oct 2016 11:32:08 +0000 (13:32 +0200)]
dpif-netdev: non-pmd thread static_tx_qid should be constant
The non-pmd thread static_tx_qid is assumed to be equal to the highest
core ID + 1. The function dp_netdev_del_pmds_on_numa() invalidates
this assumption by re-distributing the static_tx_qid:s on all pmd and
non-pmd threads of the "other" numa.
There might be a number of unwanted effects due to the non-pmd thread
static_tx_qid being changed. The actual fault, observed in OVS 2.5, was a
crash due to the TX burst queues containing a NULL packet buffer pointer
in the range of valid buffers, presumably caused by a race condition.
In OVS 2.6 TX burst queues have been removed, nevertheless the current
behavior is incorrect.
The correction makes dp_netdev_del_pmds_on_numa() honor the constancy
of the non-pmd static_tx_qid value by excluding all non-pmd threads
from the deletion and from the re-ordering of the static_tx_qid.
Signed-off-by: Patrik Andersson <patrik.r.andersson@ericsson.com> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
netdev-dpdk: Fix the issue of physical port's admin state configuration
When we set physical port's admin state via ovs-appctl, the application
seems to work and returns "OK". But the application doesn't work perfectly,
the state stored in database doesn't change.
Signed-off-by: Binbin Xu <xu.binbin1@zte.com.cn> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Ariel Waizel [Tue, 15 Nov 2016 09:49:47 +0000 (01:49 -0800)]
ovs-router: Fix selection of source IP address when a gateway ip is introduced
When adding a VXLAN tunnel that connects to a VTEP residing in a different IP
network, the tunnel source ip needs to be selected by best fit (longest
matching netmask), based on the destination VTEP ip, and the specific route's
gateway ip.
A bug in ovs-router.c made the source ip to be decided only based on the
destination ip. Thus, if all source ips available to OVS and the destination ip
are in different ip networks - no source ip is selected, and an error is
returned.
This error occurred when using OVS-DPDK and configuring a VXLAN tunnel, where
source ip and destination ip are in different networks, and a gateway ip was in
place for the specific route.
The fix tries to match a source ip based on the gateway ip, if no matching
source ip was found based on the destination ip. This way, the gateway becomes
the first hop only if the tunnel crosses between ip networks.
Signed-off-by: Ariel Waizel <ariel.waizel@hpe.com> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> Acked-by: Pravin B Shelar <pshelar@ovn.org>
When iterating on getifaddrs result, ifa_netmask is dereferenced, but it's
already a pointer to struct sockaddr. This would result in wrong masks being
used when comparing addresses while calculating the source address given a
destination address at the routing code.
For example, the mask ::ffff:116.85.0.0 would be used, causing 172.16.100.0/24
to match 172.16.101.1, though they should not match.
This will not happen when using a dummy netdev, as netdev_get_addrs is not used
by it.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> Acked-by: Pravin B Shelar <pshelar@ovn.org>
qos_conf can be NULL. This can be easily reproduced by setting egress
QoS on a port:
```
ovs-vsctl set port dpdk2 qos=@newqos -- --id=@newqos create qos
type=egress-policer other-config:cir=46000000 other-config:cbs=2048
```
Reported-by: Ian Stokes <ian.stokes@intel.com> Fixes: 78bd47cf44a5 ("netdev-dpdk: Use RCU for egress QoS.") Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Tested-by: Ian Stokes <ian.stokes@intel.com> Acked-by: Ian Stokes <ian.stokes@intel.com>
This patch increases the number of packets processed in a batch during a
lookup from 16 to 32. Processing batches of 32 packets improves
performance and also one of the internal loops can be avoided here.
Signed-off-by: Bhanuprakash Bodireddy <bhanuprakash.bodireddy@intel.com> Co-authored-by: Antonio Fischetti <antonio.fischetti@intel.com> Signed-off-by: Antonio Fischetti <antonio.fischetti@intel.com> Acked-by: Jarno Rajahalme <jarno@ovn.org> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Jarno Rajahalme [Mon, 14 Nov 2016 21:24:55 +0000 (13:24 -0800)]
ofproto: Return the OFPC_BUNDLES bit in switch features reply.
Add definitions for the OpenFlow 1.4.1/1.5 specific capabilities bits
OFPC14_BUNDLES and OFPC14_FLOW_MONITORING. Return the bundles
capability bit in switch features reply.
Reported-by: Andrej Leitner <andrej.leitner@pantheon.tech> Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Lance Richardson [Mon, 14 Nov 2016 18:44:42 +0000 (13:44 -0500)]
ovn-sbctl: document logging and common options in man page
The ovn-sbctl is currently missing a description of logging and
common (-h/--help/-V/--version) command-line options. Add them
by including corresponding man page fragments.
Signed-off-by: Lance Richardson <lrichard@redhat.com> Signed-off-by: Russell Bryant <russell@ovn.org>
When iterating the list of mrouters, skip any that are not on the same
vlan as the multicast packet to be forwarded. This bug was causing
duplicate packets when more than one mrouter was behind a trunk port.
Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2016-November/042938.html Signed-off-by: Darragh O'Reilly <darragh.oreilly@hpe.com> Signed-off-by: Simon Horman <simon.horman@netronome.com>
Zhang Dongya [Mon, 14 Nov 2016 03:24:26 +0000 (19:24 -0800)]
datapath: compat: vxlan: Avoid possible NULL dereference in vxlan_gro_receive.
With Linux kernel that does not have HAVE_UDP_OFFLOAD_ARG_UOFF
macro detected, struct vxlan_sock *vs will be NULL, which will
make kernel crash when receiving VXLAN packet that have RCO
flag turn on or even invalid packet that is destined
to VXLAN port which have the bit on in the RCO flag position.
Signed-off-by: Zhang Dongya <fortitude.zhang@gmail.com> Acked-by: Pravin B Shelar <pshelar@ovn.org>
Shashank Ram [Fri, 11 Nov 2016 00:38:05 +0000 (16:38 -0800)]
datapath-windows: Fix the isActivated flag in OvsActivateSwitch
Previously, the driver would enter a deadlock because
the OvsInitConfiguredSwitchNics() function would wait
till switchContext->isActivated flag is set.
Russell Bryant [Sat, 29 Oct 2016 16:12:03 +0000 (18:12 +0200)]
release: Propose a shorter release cycle for 2.7.
OVS recently adopted a six month release cycle. OVS doesn't
have to align to other projects, but it can be beneficial.
The dates for OVS 2.6 aligned very well to OpenStack,
which is a major consumer of OVS that usually does 6 month releases.
OpenStack is doing a short release cycle for its Ocata release
to adjust to changes to their event schedule.
As a result, I propose that we adjust the schedule for OVS 2.7 to remain
just ahead of OpenStack. The specific target dates for 2.7 I propose
would be:
branch-2.7 created - Jan 11, 2017
2.7.0 released from branch-2.7 - Feb 8, 2017
The key differences are moving the release date from March to February
and also shortening the period between branch creation and release to
account for the shorter development cycle.
This patch also adjusts the release cycle target dates to indicate
February as the target release month instead of March.
Signed-off-by: Russell Bryant <russell@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Russell Bryant [Fri, 11 Nov 2016 02:36:55 +0000 (21:36 -0500)]
ovn-trace: Note that no match means drop.
ovn-trace will tell you when a packet processing ends because no flow is
matched in a given logical flow table. Update the output to clarify that
when this occurs, the packet is implicitly dropped.
The output now looks like this:
ingress(dp="sw0", inport="sw0-port1")
-------------------------------------
0. ls_in_port_sec_l2: no match (implicit drop)
Signed-off-by: Russell Bryant <russell@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
gwind [Thu, 10 Nov 2016 08:33:37 +0000 (16:33 +0800)]
rhel: python-six is required in the build process
the build error log is:
```
Traceback (most recent call last):
Traceback (most recent call last):
File "./ovsdb/ovsdb-idlc.in", line 8, in <module>
import ovs.json
File "/root/rpmbuild/BUILD/openvswitch-2.6.1/python/ovs/json.py", line 21, in <module>
import six
ImportError: No module named six
```
Submitted-at: https://github.com/openvswitch/ovs/pull/162 Signed-off-by: Jian Li <lijian@ooclab.com> Signed-off-by: Russell Bryant <russell@ovn.org>
Russell Bryant [Thu, 10 Nov 2016 20:48:23 +0000 (15:48 -0500)]
ovn-trace: Print stage name even without match.
Given a simple OVN configuration and a sample packet that fails to match
an L2 destination lookup flow, the output of ovn-trace looks something
like this:
ingress(dp="sw0", inport="sw0-port1")
-------------------------------------
0. ls_in_port_sec_l2 (ovn-northd.c:2827): inport == "sw0-port1" && eth.src == {00:00:00:00:00:01}, priority 50
next(1);
13. no match
In this case, I think it is helpful to still display the name of the
pipeline stage where we failed to match a flow. This patch adds
that to the output. This patch assumes that we always use the
same stage name for a given table ID in a given datapath, but I'm
pretty sure that is always true.
ingress(dp="sw0", inport="sw0-port1")
-------------------------------------
0. ls_in_port_sec_l2 (ovn-northd.c:2827): inport == "sw0-port1" && eth.src == {00:00:00:00:00:01}, priority 50
next(1);
13. ls_in_l2_lkup: no match
Signed-off-by: Russell Bryant <russell@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Fri, 7 Oct 2016 16:00:13 +0000 (09:00 -0700)]
ovn-nb: Document the syntax for an address set name.
Also, it is not necessary to specify that the name must be unique because
the schema documentation generator does that for us.
Reported-by: Kevin Lin <kevinlin@berkeley.edu>
Reported-at: http://openvswitch.org/pipermail/dev/2016-October/080386.html Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Russell Bryant <russell@ovn.org> Acked-by: Justin Pettit <jpettit@ovn.org>
Russell Bryant [Sat, 5 Nov 2016 01:22:02 +0000 (21:22 -0400)]
Add .mailmap file.
Create a .mailmap file as described in git-shortlog(1). This is used to
map commits that contain different names or email addresses to the same
person.
This file will automatically be used by git-shortlog. It can also be
used by other commands, such as git-log by providing the --use-mailmap
option.
Signed-off-by: Russell Bryant <russell@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
There's a mismash of absolute and relative URLs, but these will be
resolved by the move to Sphinx.
In addition, the URLs pointing to the test scripts are removed as they
will break when we move to Sphinx. This is because they won't be
published with the Sphinx docs, ruling out relative links, and OVS
evolves too fast to rely on non-breaking links to GitHub. Better to
rely on shell examples like we do elsewhere and let the user figure it
out.
Signed-off-by: Stephen Finucane <stephen@that.guru> Signed-off-by: Russell Bryant <russell@ovn.org>
OVN currently supports multiple gateway routers (residing on
different chassis) connected to the same logical topology.
When external traffic enters the logical topology, they can enter
from any gateway routers and reach its eventual destination. This
is achieved with proper static routes configured on the gateway
routers.
But when traffic is initiated in the logical space by a logical
port, we do not have a good way to distribute that traffic across
multiple gateway routers.
This commit introduces one particular way to do it. Based on the
source IP address or source IP network of the packet, we can now
jump to a specific gateway router.
This is very useful for a specific use case of Kubernetes.
When traffic is initiated inside a container heading to outside world,
we want to be able to send such traffic outside the gateway router
residing in the same host as that of the container. Since each
host gets a specific subnet, we can use source IP address based
policy routing to decide on the gateway router.
Rationale for using the same routing table for both source and
destination IP address based routing:
Some hardware network vendors support policy routing in a different table
on arbitrary "match". And when a packet enters, if there is a match
in policy based routing table, the default routing table is not
consulted at all. In case of OVN, we mainly want policy based routing
for north-south traffic. We want east-west traffic to flow as-is. Creating
a separate table for policy based routing complicates the configuration
quite a bit. For e.g., if we have a source IP network based rule added,
to decide a particular gateway router as a next hop, we should add rules at
a higher priority for all the connected routes to make sure that east-west
traffic is not effected in the policy based routing table itself.
Signed-off-by: Gurucharan Shetty <guru@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
ovn-controller: Container can have connection to a hosting VM.
A Container running inside a VM can have a connection to the
hosting VM (parent port) in the logical topology (for e.g via a router).
So we should be able to loop-back into the same VM, even if the
final packet delivered does not have any tags in it.
Add a connection table to the southbound db schema, similar
to the Open_vSwitch "Manager" table.
Add tests for pssl: and ptcp: read-only connection types.
Add support to ovn-sbctl for listing the SB Connection table.
Potential future work:
- Test cases for other connection types (punix, ssl, tcp, unix).
- SSL configuration table for southbound db.
- Connection table for NB schema.
- Add a way to specify a read-only connection as an ovsdb-server
command-line option.
Signed-off-by: Lance Richardson <lrichard@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Pravin B Shelar [Tue, 1 Nov 2016 19:06:15 +0000 (12:06 -0700)]
datapath: geneve: Handle vlan tag
The compat vlan code ignores vlan tag for inner packet
on egress path. Following patch fixes this by inserting the
tag for inner packet before tunnel encapsulation.
Signed-off-by: Pravin B Shelar <pshelar@ovn.org> Acked-by: Joe Stringer <joe@ovn.org>
projects / mirror_ovs.git / log