Zhou Yangchao [Sun, 12 Mar 2017 03:57:37 +0000 (11:57 +0800)]
id-pool: Fix allocation overflow and the leak of the first ID.
The range of IDs should be [base, base + n_ids),
but id_pool_alloc_id() allocated the range of IDs is [base, base + n_ids].
And id_pool_free_id() cannot free the ID value base correctly.
Signed-off-by: Yangchao Zhou <zhouyates@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
While it does have a sort of equivalent called `WSASendMsg`
(https://msdn.microsoft.com/en-us/library/windows/desktop/ms741692(v=vs.85).aspx)
it uses a different structure `WSAMSG` instead of the normal msghdr which
in turn will have to be mapped properly (this goes further to iovec/wsabuf in the
structure itself).
Fixes broken build on Windows.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Shashank Ram <rams@vmware.com>
ofproto-dpif-ipfix: add Exporting Process Reliability Statistics
This patch adds support for The Exporting Process Reliability Statistics
Option Template, which is defined in RFC 5101, Section 4.3. For now, this
Option Template includes only exporting process ID scope field and a
single counter - notSentPacketTotalCount.
Currently, Data Records that contain exporting process statistics are
transmitted at regular intervals, immediately after sending (Options) Template
Records. This behavior could be changed later on to allow the interval of
sending exporting process statistics to be configurable as RFC recommends it.
According to RFC 5101, Section 10.3.6. the frequency of the (Options) Template
transmissions MUST be configurable. OvS doesn't comply to this requirement.
Therefore, it seems to be a good idea to make both intervals configurable at
the same time.
Signed-off-by: Przemyslaw Szczerbik <przemyslawx.szczerbik@intel.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Eric Garver [Fri, 30 Jun 2017 20:27:45 +0000 (16:27 -0400)]
netdev: fix missing shifts of VXLAN_EXT_GPE
Contrary to the comment by the enum value, these are actually regular
enum values that need shifted. VXLAN_EXT_GBP for example is used as a
netlink value for vports.
Fixes: 875ab13020b1 ("userspace: Handling of versatile tunnel ports") Signed-off-by: Eric Garver <e@erig.me> Signed-off-by: Ben Pfaff <blp@ovn.org>
As part of retrieving system statistics, process status APIs along with
helper functions were implemented. Some of them are very generic and can
be reused by other subsystems.
Move the APIs in system-stats.c to process.c and util.c and make them
available. This patch doesn't change any functionality.
Signed-off-by: Bhanuprakash Bodireddy <bhanuprakash.bodireddy@intel.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Tue, 11 Jul 2017 04:55:56 +0000 (21:55 -0700)]
util: Make PADDED_MEMBERS work more than once per struct.
Until now, if the PADDED_MEMBERS macro was used more than once in a struct,
it caused Clang and GCC warnings because of multiple definition of a member
named "pad". This commit fixes the problem by giving each of these a
unique name.
MSVC, Clang, and GCC all support the __COUNTER__ macro, although it is not
standardized.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Bhanuprakash Bodireddy <Bhanuprakash.bodireddy@intel.com>
Yi-Hung Wei [Tue, 27 Jun 2017 18:11:34 +0000 (11:11 -0700)]
ofproto/trace: Add --ct-next option to ofproto/trace
Previous patch enables ofproto/trace to automatically trace a flow
that involves multiple recirculation on conntrack. However, it always
sets the ct_state to trk|est when it processes recirculated conntrack flows.
With this patch, users can customize the expected next ct_state in the
aforementioned use case.
Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Yi-Hung Wei [Tue, 27 Jun 2017 18:11:33 +0000 (11:11 -0700)]
ofproto/trace: Add support for tracing conntrack recirculation
Previously, a user need to run ofproto/trace multiple times to derive the
final datapath actions if a flow hit conntrack actions that involves
recirculation. To improve the usability of ofproto/trace, in this patch,
we keep track of the conntrack actions, and automatically run the
recirculation process so that a user only need to execute the ofproto/trace
command once. Currently, this patch sets the default ct_state as
trk and new in the automatic recirculation process. A following patch
will provide an option to customize ct_state.
Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
For a while, ubuntu used upstart scripts as an alternative
for sysv scripts. For e.g popular releases like ubuntu12.04
and ubuntu14.04 have upstart infrastructure. From Ubuntu16.04,
they have moved to systemd.
Ubuntu maintainers have a fork of openvswitch packages with
upstart scripts. When a user installs openvswitch-switch
package on a ubuntu 14.04 with 'apt-get install openvswitch-switch',
two upstart files are added to /etc/init directory.
Now, when the same user builds debian packages from this repo
and then installs them, the older upstart files don't get
deleted. What this means is that a command like
'invoke-rc.d openvswitch-switch restart' calls initctl scripts
instead of sysv script that this repo provides. In our sysv
scripts we have logic to carefully upgrade kernel module and
save openflow flows. This breaks the intent of the package from
this repo.
This commit deletes any stale upstart files that have remained
in the system.
Signed-off-by: Gurucharan Shetty <guru@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Yi-Hung Wei [Tue, 27 Jun 2017 18:11:32 +0000 (11:11 -0700)]
conntrack: Move ct_state parsing to lib/flow.c
This patch moves conntrack state parsing function from ovn-trace.c to
lib/flow.c, because it will be used by ofproto/trace unixctl command
later on. It also updates the ct_state checking logic, since we no longer
assume CS_TRACKED is enable by default.
Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
zhaozhanxu [Mon, 26 Jun 2017 10:29:22 +0000 (18:29 +0800)]
tnl-ports: Fix loss of tunneling upon removal of a single tunnel port.
When OVS had multiple tunnel ports of a single kind, and any one of them
was removed, the remaining ports could no longer receive traffic. This
fixes the problem.
Signed-off-by: zhaozhanxu <zhaozhanxu@163.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Kevin Traynor [Mon, 26 Jun 2017 21:51:51 +0000 (22:51 +0100)]
netdev-dpdk: Log Rx checksum offload not supported.
Rx checksum offload is enabled by default on DPDK NICs where
supported. Previously Rx checksum offload not supported was
logged only once. It meant that if multiple NICs did not
support Rx checksum offload, it was only reported for the
first NIC configured.
Fixes: 1a2bb11817a4 ("netdev-dpdk: Enable Rx checksum offloading feature on DPDK physical ports.") Reported-by: Darrell Ball <dlu998@gmail.com> Signed-off-by: Kevin Traynor <ktraynor@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Kevin Traynor [Mon, 26 Jun 2017 21:51:50 +0000 (22:51 +0100)]
netdev-dpdk: Remove Rx checksum reconfigure.
Rx checksum offload is enabled by default on DPDK physical NICs
where available, with reconfiguration through
options:rx-checksum-offload. However, changing rx-checksum-offload
did not result in a reconfiguration of the NIC and wrong status is
reported for it.
As there seems to be diminishing reasons why a user would want
to disable Rx checksum offload, just remove the broken reconfiguration
option.
Fixes: 1a2bb11817a4 ("netdev-dpdk: Enable Rx checksum offloading feature on DPDK physical ports.") Reported-by: Kevin Traynor <ktraynor@redhat.com> Suggested-by: Sugesh Chandran <sugesh.chandran@intel.com> Acked-by: Darrell Ball <dlu998@gmail.com> Tested-by: Sugesh Chandran <sugesh.chandran@intel.com> Signed-off-by: Kevin Traynor <ktraynor@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
ovn-controller: fix use-after-free in physical_run()
The hmap "tunnels" is persistent across IDL loop iterations, but
stores pointers to strings in the local db replica which can be
freed as database updates are processed. Fix by storing a copy
of the string in the hmap instead of a pointer to the string in
the replica.
Found via valgrind.
Fixes: 40128e371ec3 ("physical: Refactor port binding processing.") Signed-off-by: Lance Richardson <lrichard@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Lance Richardson [Wed, 28 Jun 2017 18:54:47 +0000 (14:54 -0400)]
ovn-controller: avoid crash when vswitchd connection is lost
When ovs-vswitchd has dropped its connection to ovn-controller,
rconn_get_version() will return -1. OpenFlow messages built by
ofctrl_put() in this condition will have an invalid OpenFlow version
value of 255, which eventually leads to ovn-controller crashing
due to an assertion failure in raw_instance_get().
Avoid this crash by improving the ofctrl_can_put() test to ensure
that the negotiated version is available. (Note that checking
rconn_is_connected() would not be sufficient since rconn S_IDLE
state is considered "connected" but version negotiation is not
necessarily complete).
Signed-off-by: Lance Richardson <lrichard@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
For ingress/egress counters, flow direction is checked in order to
determine which counters should be increased. Utility functions
from lib/packets.h are used for checking if packet is unicast,
multicast or broadcast.
Co-authored-by: Michal Weglicki <michalx.weglicki@intel.com> Signed-off-by: Michal Weglicki <michalx.weglicki@intel.com> Signed-off-by: Przemyslaw Szczerbik <przemyslawx.szczerbik@intel.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Zhenyu Gao [Mon, 26 Jun 2017 10:30:55 +0000 (10:30 +0000)]
vswitchd: Fix IFACE_STAT name error in iface_refresh_stats
The element of rx_1024_to_1522_packets has wrong name(rx_1024_to_1518_packets).
Change it from rx_1024_to_1518_packets to rx_1024_to_1522_packets, it should
record packets between 1024 to 1522.
The element of tx_1024_to_1522_packets has wrong name(tx_1024_to_1518_packets).
Change it from tx_1024_to_1518_packets to tx_1024_to_1522_packets, it should
record packets between 1024 to 1522.
CC: mweglicx <michalx.weglicki@intel.com> Fixes: d6e3feb57c44 ("Add support for extended netdev statistics based on RFC 2819.") Signed-off-by: Zhenyu Gao <sysugaozhenyu@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Zoltán Balogh [Fri, 30 Jun 2017 15:29:40 +0000 (15:29 +0000)]
netdev: Fix crash when interface option is changed to invalid value.
When trying to modify an interface option (e.g. remote IP of a GRE port) to
an invalid value, the vswitchd does crash. For instance:
ovs-vsctl add-br br0
ovs-vsctl add-port br0 gre0 -- set interface gre0 type=gre \
options:remote_ip=10.0.0.2
ovs-vsctl set interface gre0 options:remote_ip=9.9.9
The bug is caused by trying to dereference a NULL pointer. It was introduced
by the commit 9fff138ec3a6. Before that, the NULL pointer was handled by the
VLOG_WARN_BUF macro.
Signed-off-by: Zoltán Balogh <zoltan.balogh@ericsson.com> CC: Daniele Di Proietto <diproiettod@vmware.com> Fixes: 9fff138ec3a6 ("netdev: Add 'errp' to set_config().") Signed-off-by: Ben Pfaff <blp@ovn.org>
Ilya Maximets [Tue, 20 Jun 2017 07:53:25 +0000 (10:53 +0300)]
dpif-netdev: Remove useless port checking.
Since commit ff073a71f9bb ("dpif-netdev: Use hmap instead of
list+array for tracking ports."), 'is_valid_port_number()' is
equal to 'port_no != ODPP_NONE', and the expression below will
never be true.
Signed-off-by: Ilya Maximets <i.maximets@samsung.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Greg Rose <gvrose8192@gmail.com>
Ciara Loftus [Fri, 23 Jun 2017 15:31:03 +0000 (16:31 +0100)]
dpif-netdev: Fix insertion probability
emc_conditional_insert uses pmd->last_cycles and the packet's RSS hash
to generate a random number used to determine whether or not an emc
entry should be inserted. This works for single-packet bursts as
last_cycles is updated for each burst. However, for bursts > 1 packet,
where the packets in the batch generate the same RSS hash,
pmd->last_cycles remains constant for the entire burst also, and thus
cannot be used as a random number for each packet in the burst.
This commit replaces the use of pmd->last_cycles with random_uint32()
for this purpose and subsequently fixes the behavior of the
emc_insert_inv_prob setting for high-throughput (large bursts)
single-flow cases.
Fixes: 4c30b24602c3 ("dpif-netdev: Conditional EMC insert") Reported-by: Kevin Traynor <ktraynor@redhat.com> Acked-by: Kevin Traynor <ktraynor@redhat.com> Acked-by: Darrell Ball <dlu998@gmail.com> Tested-by: Kevin Traynor <ktraynor@redhat.com> Signed-off-by: Ciara Loftus <ciara.loftus@intel.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Adds CT stats to report number of connections grouped by
protocol.
By using
utilities/ovs-appctl dpctl/ct-stats-show
it can display something like:
Connections Stats:
Total: 1808
TCP: 1808
With the verbose options:
utilities/ovs-appctl dpctl/ct-stats-show verbose
it can display:
Connections Stats:
Total: 2671
TCP: 2671
Conn per TCP states:
[ESTABLISHED]=1000
[CLOSING]=1
[TIME_WAIT]=1670
Signed-off-by: Antonio Fischetti <antonio.fischetti@intel.com> Signed-off-by: Bhanuprakash Bodireddy <bhanuprakash.bodireddy@intel.com> Co-authored-by: Bhanuprakash Bodireddy <bhanuprakash.bodireddy@intel.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Numan Siddique [Thu, 15 Jun 2017 08:37:59 +0000 (14:07 +0530)]
ofproto-dpif: Fix the clone issue with continuation
When the clone action is composed and if the inner clone actions
modifies any of the metadata fields, the updated values are not
preserved when xlate_clone() returns. This causes the controller
to receive invalid metadata if the cloned packet has a 'controller'
action with the 'pause' flag set. When the controller resumes the
packet the resumed packet will not continue properly.
This patch addresses this issue.
The issue can be reproduced running the test case added in this
patch without the fix.
Signed-off-by: Numan Siddique <nusiddiq@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Timothy Redaelli [Mon, 19 Jun 2017 14:50:21 +0000 (16:50 +0200)]
make logs not readable by other
The Open vSwitch log directory and files are currently set world readable.
However, since only Open vSwitch users and processes need to access this
directory and these files there is no need to allow the world to access them,
since it can result in the exposure of sensitive information.
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Han Zhou [Wed, 7 Jun 2017 16:32:45 +0000 (09:32 -0700)]
ovn-controller: decouple localnet_port update from patch_run
We figure out local datapaths in binding_run() but update the field
localnet_port for each local datapath that has localnet port in
patch_run(). This patch updates the localnet_port field in binding_run
directly and removes the logic in patch_run(), since the logic is
more about port-binding processing, and patch_run() is focusing on
patch port creation only.
In a future patch binding_run() will be used in a new thread for
pinctrl, but patch_run() will not.
Signed-off-by: Han Zhou <zhouhan@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Fri, 7 Jul 2017 16:16:27 +0000 (09:16 -0700)]
configure: Fix check for rte_config.h to handle cross-compilation.
The check for rte_config.h in acinclude.m4 used AC_CHECK_FILE, but this
macro is intended to check for a file on the host system, not the build
system, which means that it fails unconditionally in a cross-compilation
environment. However, the intended check here is for a header file,
which is part of the build system. To check for part of the build system,
we can just use "test", so this commit makes that change.
Ben Pfaff [Fri, 26 May 2017 20:22:26 +0000 (13:22 -0700)]
ofp-print: Don't abort on unknown reason in role status message.
A buggy or malicious switch could send a role status message with a bad
reason code, which if printed by OVS would cause it to abort. This fixes
the problem.
Ben Pfaff [Thu, 6 Jul 2017 22:12:00 +0000 (15:12 -0700)]
Makefiles: Fail build for flake8 only when configured with --enable-Werror.
flake8 checking is useful. Until now, it always failed the build for any
flake8 errors. This is too aggressive, for the same reason that always
failing the build for any compiler warnings is too aggressive: compilers
change over time and asynchronously from OVS itself. Thus, if we release
some version of OVS today, even if it's flake8-clean today, it might not
be flake8-clean tomorrow, even with the same settings. We don't want to
have to track flake8 warnings on every release branch.
Thus, this adopts the same policy for compiler warnings: always report
them, but only fail the build if --enable-Werror was configured. Usually
just developers use that configure option, and they're prepared to deal
with the fallout.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Russell Bryant <russell@ovn.org>
Jason Wessel [Fri, 30 Jun 2017 03:33:23 +0000 (20:33 -0700)]
Python3 compatibility: unicode to str
When transitioning from python2 to python3 the following type class
changes occured:
python2 -> python3
unicode -> str
str -> bytes
That means we have to check the python version and do the right type
check python3 will throw an error when it tries to use the unicode
type because it doesn't exist.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Jason Wessel [Fri, 30 Jun 2017 03:33:23 +0000 (20:33 -0700)]
Python3 compatibility: fix integer problems
In python3 maxint is not defined, but maxsize is defined in both
python2 and python3.
The put_text() will not automatically use a value which came in as
float due to a pior math function and python3 will throw an exception.
The simple answer is to convert it with int() and move on.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Alin Serdean [Tue, 20 Jun 2017 16:31:12 +0000 (16:31 +0000)]
Fix nonstandard isatty on Windows
A lot of tests are failing, due to the open flow ports being outputted using
names instead of numbers.
i.e.: http://64.119.130.115/ovs/beb75a40fdc295bfd6521b0068b4cd12f6de507c/testsuite.dir/0464/testsuite.log.gz
The issues encountered above is because 'monitor' with 'detach' arguments are
specified, that in turn will call 'close_standard_fds'
(https://github.com/openvswitch/ovs/blob/master/lib/daemon-unix.c#L472)
which will create a duplicate fd over '/dev/null' on Linux and 'nul' on Windows.
'isatty' will be called on those FDs.
What POSIX standard says:
http://pubs.opengroup.org/onlinepubs/009695399/functions/isatty.html
'The isatty() function shall test whether fildes, an open file descriptor,
is associated with a terminal device.'
What MSDN says:
https://msdn.microsoft.com/en-us/library/f4s0ddew(VS.80).aspx
'The _isatty function determines whether fd is associated with a character
device (a terminal, console, printer, or serial port).'
This patch adds another check using 'GetConsoleMode'
https://msdn.microsoft.com/en-us/library/windows/desktop/ms683167(v=vs.85).aspx
which will fail if the handle pointing to the file descriptor is not associated
to a console.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com> Co-authored-by: Ben Pfaff <blp@ovn.org> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Anand Kumar <kumaranand@vmware.com>
Joe Stringer [Tue, 4 Jul 2017 14:16:46 +0000 (07:16 -0700)]
checkpatch: Use default encoding from email library.
There are three paths for running the core checkpatch path: From a file,
from stdin, or reading from git output. Currently, the file version of
this calls the "email" library's decode routine which translates the
stream into a bytes array, which we later call decode() to turn it back
into a regular string. This works on python2 and python3, but the other
paths don't work in python3 due to the following error:
$ utilities/checkpatch.py -1
== Checking HEAD~0 ==
Traceback (most recent call last):
File "utilities/checkpatch.py", line 491, in <module>
if ovs_checkpatch_parse(patch, revision):
File "utilities/checkpatch.py", line 324, in ovs_checkpatch_parse
for line in text.decode().split('\n'):
AttributeError: 'str' object has no attribute 'decode'
Rather than performing this extra encode/decode, strip these out from
this path so that the stdin and git variants of checkpatch can work in
python3.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Justin Pettit [Wed, 28 Jun 2017 00:26:52 +0000 (17:26 -0700)]
ofp-parse: Improve comment for parse_ofp_packet_out_str().
This function is a wrapper for parse_ofp_packet_out_str__(), which
states that a couple members must be freed on success. This commit
updates the wrapper's description to indicate the same.
The existing callers appear to be properly freeing members.
Signed-off-by: Justin Pettit <jpettit@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Justin Pettit [Wed, 28 Jun 2017 00:12:00 +0000 (17:12 -0700)]
ofp-parse: Fix small memory leak when calling parse_ofp_meter_mod_str().
The function parse_ofp_meter_mod_str() allocates a buffer called
'bands', which parse_ofp_meter_mod_str__() then steals for the member
'mm->meter.bands'. Calling functions didn't free that stolen value and
the comments for those function didn't indicate that was necessary.
Found by valgrind.
Signed-off-by: Justin Pettit <jpettit@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Sat, 27 May 2017 04:14:21 +0000 (21:14 -0700)]
ofproto-dpif-ipfix: Fix inefficent memory use in ipfix_send_template_msgs().
This fixes inefficient use of memory in ipfix_send_template_msgs().
This function was setting up a buffer with a stub, but only the first 4
or 8 bytes of the stub were actually used because the "sizeof" call used
to size it was actually getting the size of a pointer. This meant that
every template message was causing a series of allocations and
reallocations.
This commit fixes the problem.
Found by Coverity.
Reported-at: https://scan3.coverity.com/reports.htm#v16889/p10449/fileInstanceId=14762995&defectInstanceId=4304799&mergedDefectId=180398 Signed-off-by: Ben Pfaff <blp@ovn.org> Signed-off-by: Justin Pettit <jpettit@ovn.org>
Ben Pfaff [Wed, 5 Jul 2017 22:42:49 +0000 (15:42 -0700)]
Revert "ofproto-dpif-ipfix: Fix severe memory leak in ipfix_send_template_msgs()."
This reverts commit 4d6f69df54b7d6ec2956875c683a9564cb175662.
There is nothing wrong with the commit itself, but the commit message is
misleading. The following commit will re-apply it with a corrected commit
message.
When we use the 'ovs-appctl ofproto/trace' to send packets,
which include the 'vlan' field, but exclude the 'encap',
the ovs-vswitchd will crash. We should check 'encap' field
in parse_8021q_onward(), before using it.
Ilya Maximets [Fri, 30 Jun 2017 11:00:14 +0000 (14:00 +0300)]
dp-packet: Copy trunc flag on batch clone.
Without this applying of the cutlen action will not work
on copied batch. Cutlen works for linux and dummy netdevs
only because they tries to apply it per-packet inside
send function.
Cutlen action doesn't work for dpdk ports in case batch clone
occured because invoked by the 'dp_packet_batch_apply_cutlen()'.
CC: Andy Zhou <azhou@ovn.org> Fixes: 72c84bc2db23 ("dp-packet: Enhance packet batch APIs.") Signed-off-by: Ilya Maximets <i.maximets@samsung.com> Signed-off-by: Andy Zhou <azhou@ovn.org>
It's possible to race with the udev service, such that dpdk ports are
not finished being bound until after ovs-vswitchd has been started.
This means that attempts to use the port will fail. While it is
possible to work around this for some NICs using port hotplug, not all
port types are supported (for instance vfio), and it requires manual
intervention.
Fixes: 36af136b690c ("rhel-systemd: Delay shutting down the services")
Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1397299 Suggested-by: Flavio Leitner <fbl@sysclose.org> Signed-off-by: Aaron Conole <aconole@redhat.com> Tested-by: Karthik Sundaravel <ksundara@redhat.com> Signed-off-by: Russell Bryant <russell@ovn.org>
Ben Pfaff [Sat, 27 May 2017 04:14:21 +0000 (21:14 -0700)]
ofproto-dpif-ipfix: Fix severe memory leak in ipfix_send_template_msgs().
This fixes a seemingly severe memory leak in ipfix_send_template_msgs().
This function was setting up a buffer with a stub, but only the first 4
or 8 bytes of the stub were actually used because the "sizeof" call used
to size it was actually getting the size of a pointer. It never freed
the buffer, leaking it.
Additionally, after this code sent a template message, it started over
from the same undersized stub, leaking another block of memory.
This commit fixes both problems.
Found by Coverity.
Reported-at: https://scan3.coverity.com/reports.htm#v16889/p10449/fileInstanceId=14762995&defectInstanceId=4304799&mergedDefectId=180398 Signed-off-by: Ben Pfaff <blp@ovn.org> Signed-off-by: Justin Pettit <jpettit@ovn.org>
Ben Pfaff [Mon, 19 Jun 2017 23:30:41 +0000 (07:30 +0800)]
openvswitch.h: OVS_KEY_ATTR_PACKET_TYPE is userspace-only.
This wasn't clear before.
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2017-June/334271.html Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Greg Rose <gvrose8192@gmail.com>
Jan Scheurich [Fri, 23 Jun 2017 16:48:34 +0000 (16:48 +0000)]
tests: Added unit tests in packet-type-aware.at
First and second unit tests perform basic verification.
The third one is a triangular bridge setup test case. It tests dataplane
in non-PTAP and ptap bridges in conjunction with L2 and L3 GRE tunnels.
It uses veth ports, therefore requires root privileges.
A simplified version of the third test is added to system userspace unit tests.
Ben Pfaff [Fri, 23 Jun 2017 16:47:59 +0000 (16:47 +0000)]
userspace: Handling of versatile tunnel ports
In netdev_gre_build_header(), GRE protocol and VXLAN next_potocol is set based
on packet_type of flow. If it's about an Ethernet packet, it is set to
ETP_TYPE_TEB. Otherwise, if the name space is OFPHTN_ETHERNET, it is set
according to the name space type.
Signed-off-by: Jan Scheurich <jan.scheurich@ericsson.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Jan Scheurich [Fri, 23 Jun 2017 16:47:57 +0000 (16:47 +0000)]
userspace: Add OXM field MFF_PACKET_TYPE
Allow packet type namespace OFPHTN_ETHERTYPE as alternative pre-requisite
for matching L3 protocols (MPLS, IP, IPv6, ARP etc).
Change the meta-flow definition of packet_type field to use the new
custom format MFS_PACKET_TYPE representing "(NS,NS_TYPE)".
Parsing routine for MFS_PACKET_TYPE added to meta-flow.c. Formatting
routine for field packet_type extracted from match_format() and moved to
flow.c to be used from meta-flow.c for formatting MFS_PACKET_TYPE.
Updated the ovs-fields man page source meta-flow.xml with documentation
for packet-type-aware bridges and added documentation for field packet_type.
Added packet_type to the matching properties in tests/ofproto.at.
If dl_type is unwildcarded due to later packet modification, make sure it
is cleared again if the original packet_type was not PT_ETH.
Signed-off-by: Jan Scheurich <jan.scheurich@ericsson.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Fri, 23 Jun 2017 16:47:54 +0000 (16:47 +0000)]
nx-match: Add context argument to nxm_put__().
An upcoming commit will need to pass an extra piece of data from
nx_put_raw() into all of its direct and indirect calls to nxm_put__().
This commit prepares for that by switching from a "struct ofpbuf *"
parameter to a context structure that, currently, contains just a
struct ofpbuf *. The upcoming commit will add another member to the
context struct.
Anand Kumar [Fri, 23 Jun 2017 21:05:12 +0000 (14:05 -0700)]
datapath-windows: Include ICMP type and code fields to find a matching ct entry
In conntrack lookup, ICMP type and code fields were not being used to
determine a matching entry. As a result, ICMP4_ECHO_REQUEST packet could
be tracked as ICMP4_ECHO_REPLY packet and vice versa, which is invalid.
To fix this, add ICMP type and code fields for matching a conntrack entry.
Darrell Ball [Tue, 27 Jun 2017 02:42:01 +0000 (19:42 -0700)]
dpif: Fix cleanup of userspace datapath.
Hardware offload introduced extra tracking of netdev ports. This
included ovs-netdev, which is really for internal infra usage for
the userpace datapath. This breaks cleanup of the userspace
datapath. One effect is that all userspace datapath system tests
fail except for the first one run. There is no need to do this
extra tracking of tap devices for the hardware offload effort.
Hence, the approach taken is to filter both internal device
and tap device types for hardware offload. Internal devices are
'internal' from the kernel datapath perspective and tap devices
are 'internal' from the userpace datapath perspective.
Reviewed-by: Roi Dayan <roid@mellanox.com> Signed-off-by: Darrell Ball <dlu998@gmail.com> Signed-off-by: Joe Stringer <joe@ovn.org>
Ben Pfaff [Sun, 18 Jun 2017 01:46:54 +0000 (09:46 +0800)]
ovs-dpctl: New --names option to use port names in flow dumps.
Until now, printing names in "ovs-dpctl dump-flows" was tied to the overall
output verbosity, which in practice meant that to see port names a user had
to see a distracting amount of verbosity. This decouples names from
verbosity.
I'd like to make showing names the default for interactive usage, but so
far names aren't accepted in input so that would frustrate cut-and-paste,
which is an important use of "ovs-dpctl dump-flows" output.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Jan Scheurich <jan.scheurich@ericsson.com> Tested-by: Jan Scheurich <jan.scheurich@ericsson.com>
Shashank Ram [Thu, 15 Jun 2017 22:15:47 +0000 (15:15 -0700)]
datapath-windows: Add validations for IP_HEADER_LEN
Adds validations in OvsGetIp() to make sure the IHL is
within valid bounds. If IHL is invalid, then the packet
is dropped by the callers of this function.
Anand Kumar [Wed, 21 Jun 2017 20:33:55 +0000 (13:33 -0700)]
datapath-windows: Add support for UPDATE events in Conntrack
Introduce a new event type OVS_EVENT_CT_UPDATE to send a conntrack event
whenever a MARK and/or LABEL gets changed for an existing conntrack entry.
- Parse netlink conntrack attribute OVS_CT_ATTR_EVENTMASK, which is used
to set the mask of bits specifying which conntrack events (IPCT_*)
should be delivered via the Netfilter netlink multicast groups.
- Send update event only when OVS_CT_ATTR_EVENTMASK attribute has the mask
of bits set for IPCT_MARK and/or IPCT_LABEL.
Sairam Venugopal [Wed, 21 Jun 2017 17:08:57 +0000 (10:08 -0700)]
datapath-windows: Fix potential memory leak while creating conntrack entry
OvsCtAddEntry returns TRUE or FALSE depending on whether
OvsNatTranslateCtEntry was successful or not. In the case of an
unsuccesful NAT translation, this will fail to insert the newly created
entry to the Conntrack Table. This entry needs to be freed and the states
should be accordingly in the flowKey instead of returning out.
Consolidated the parentEntry lookup and assignment portion across
different protocols and some minor refactoring to make the code more
readable.
Tests Done: Enabled driver verifier and tested the following:
- TCP & ICMP traffic through Conntrack Module.
- Flushed Conntrack Entries while traffic was flowing.
- Uninstalled and re-installed the driver when traffic was in progress.
Joe Stringer [Wed, 21 Jun 2017 23:25:19 +0000 (16:25 -0700)]
distclean: Fix ovs-vtep and docker drivers.
Commit b49a959bac47 ("Use @PYTHON@ directly instead of "#! /usr/bin/env"")
broke distclean, as it doesn't clean up the generated python scripts
after building. Fix by adding the new script files to CLEANFILES.
Fixes: b49a959bac47 ("Use @PYTHON@ directly instead of "#! /usr/bin/env"") Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Joe Stringer [Tue, 20 Jun 2017 22:17:33 +0000 (15:17 -0700)]
ofp-actions: Store raw type for NXAST_LEARN2.
Previously, if a controller wrote a flow with action NXAST_LEARN2, then
OVS would internally store an ofpact_learn structure with the raw type
set to NXAST_LEARN. When re-encoding, if the learn action happened to
have a limit or dst_ofs specified (which can only be specified for
NXAST_LEARN2), then it would re-encode using NXAST_LEARN2. However, if
these fields were both zero then OVS relies on the ofpact 'raw' type to
re-encode the action, so would end up encoding it as NXAST_LEARN in
subsequent serialization.
Fix this issue by storing the raw type when decoding learn actions.
VMWare-BZ: #1897275 Fixes: 4c71600d2256 ("ofp-actions: Add limit to learn action.") Reported-by: Harold Lim <haroldl@vmware.com> Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Yi-Hung Wei <yihung.wei@gmail.com>
Timothy Redaelli [Tue, 20 Jun 2017 17:53:55 +0000 (19:53 +0200)]
Use @PYTHON@ directly instead of "#! /usr/bin/env"
In some installed python scripts /usr/bin/env is unnecessarily used in
shebang, replace it directly with @PYTHON@.
This will also avoid implicit dependency to /usr/bin/env in RPM distributions
and it will correctly add implicit dependency to /usr/bin/python instead.
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com> Signed-off-by: Joe Stringer <joe@ovn.org>
Anand Kumar [Fri, 16 Jun 2017 17:06:26 +0000 (10:06 -0700)]
windows: Remove vlog_init() from service_start function
When --syslog-method is passed as a cmd line argument and
ovs daemons are started as a service, --syslog-method argument is not
honoured, as vlog module is initialized by service_start function
before parsing the command line arguments.
Easy way to fix this, is to remove vlog_init() from the service start
function and let the first log message to initialize the vlog module.