Gabe Beged-Dov [Thu, 29 Sep 2016 22:40:02 +0000 (15:40 -0700)]
ovn: update docs for l2gateway port vlan tag
update description of l2gateway logical switch ports to include optional
vlan tag. Also restore comment in ovn/controller/physical.c from original commit
by Russell Bryant (184bc3c ovn: Add software l2 gateway) on 7/1/2016.
Signed-off-by: Gabe Beged-Dov <gabe@begeddov.com> Co-authored-by: Russell Bryant <russell@ovn.org> Signed-off-by: Russell Bryant <russell@ovn.org>
netdev-dpdk: Allow configurable queue sizes for 'dpdk' ports
The 'options:n_rxq_desc' and 'n_txq_desc' fields allow the number of rx
and tx descriptors for dpdk ports to be modified. By default the values
are set to 2048, but can be modified to an integer between 1 and 4096
that is a power of two. The values can be modified at runtime, however
require the NIC to restart when changed.
Ben Pfaff [Thu, 29 Sep 2016 21:41:51 +0000 (14:41 -0700)]
ovs-ofctl: Tolerate differences in IPv6 formatting.
glibc formats single zeros as 0: fec0:0:1234:f045:8fff:1111:fe4e:571
Musl formats single zeros as ::: fec0::1234:f045:8fff:1111:fe4e:571
This patch makes the OVS testsuite tolerate either one.
Reported-by: Stuart Cardall <developer@it-offshore.co.uk>
Reported-at: http://openvswitch.org/pipermail/discuss/2016-September/022803.html Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Thu, 29 Sep 2016 21:41:50 +0000 (14:41 -0700)]
tests: Use Linux-specific way to get parent PID, to avoid noncompliant "ps".
POSIX defines "ps" -o and -p options, but the "ps" implementation in
busybox (used in Alpine Linux) doesn't support -p, which makes some tests
fail for no good reason. Therefore, this commit makes the testsuite
instead check for support for the Linux-specific /proc-based way to find
the parent of a process and prefer that over "ps" when available.
Reported-by: Stuart Cardall <developer@it-offshore.co.uk>
Reported-at: http://openvswitch.org/pipermail/discuss/2016-September/022803.html Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Fri, 30 Sep 2016 15:23:21 +0000 (08:23 -0700)]
ovn: Do not reply to ARP or ND NS for a VM's own IP address.
When a VM sends an ARP or an ND NS for its own IP address, it is trying to
check for a duplicate address in the network. OVN needs to suppress the
reply in such a case, otherwise the VM thinks that its address is a
duplicate.
Mark Kavanagh [Thu, 29 Sep 2016 10:27:03 +0000 (11:27 +0100)]
netdev-dpdk: Fix coding style
Coding style violations of the following conventions are present in netdev-dpdk.c:
- limit lines to 79 characters
- put a space after (but not before) the "sizeof" keyword
- put a space between the () used in a cast and the
expression whose type is cast: (void *) 0.
Resolve occurrences of each, and any other minor style infractions.
Signed-off-by: Mark Kavanagh <mark.b.kavanagh@intel.com> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Mark Kavanagh [Thu, 29 Sep 2016 10:27:02 +0000 (11:27 +0100)]
netdev-dpdk: consistent naming for mbuf variables
Pointers to struct rte_mbuf are typically denoted within functions as
'pkt'; similarly, arrays of, and pointer-to-pointer to, struct rte_mbuf
are denoted by 'pkts'.
Update discrepancies to the above convention for consistency.
Signed-off-by: Mark Kavanagh <mark.b.kavanagh@intel.com> Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
'dpdk_mutex' protects two independent things: list of dpdk devices
and list of memory pools. Let's spit it in two to avoid global blocking
inside 'netdev_dpdk.*_reconfigure()' as possible.
Signed-off-by: Ilya Maximets <i.maximets@samsung.com> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Joe Stringer [Tue, 20 Sep 2016 21:58:00 +0000 (14:58 -0700)]
revalidator: Simplify full-revalidation code.
Simplify the remaining bits of the original revalidation codepath to
only handle the "full-revalidation" case. Make the 'ukey' parameter
purely const by pushing the only piece that gets changed into a separate
argument.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Joe Stringer [Tue, 20 Sep 2016 21:08:21 +0000 (14:08 -0700)]
revalidator: Defer stats push to end of validation.
To make more of the core revalidate() functions do just one thing and
not modify state on the way, refactor them to prepare the xcache then
defer the ukey modification and stats/side effects execution to the end
of successful revalidation.
If revalidation causes deletion, then the xcache will be prepared and
attached to the ukey, but the actual execution will be skipped since it
will be executed on flow_delete very soon anyway with final stats.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Joe Stringer [Wed, 28 Sep 2016 21:42:39 +0000 (14:42 -0700)]
revalidator: Prepare xcache before xlate_lookup.
Functionally this has little change, but it allows the following patch
to refactor the translation code with less changes.
Strictly speaking the odp_flow_key_to_flow() and xlate_lookup() error
cases should free the ukey->xcache, since it's empty and was never
initialised via the later call to xlate_actions(). However, if one of
these error conditions is hit during a flow dump, then there's no way
that it will ever succeed on a subsequent revalidate/delete. Rather, the
later revalidate/delete would do no stats translation - the same result
as keeping the empty xcache here.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
The second macro represents tests 1 and 2, while the third macro
represents two variations on test 3: with and without TCP sequence
adjustment.
By using these macros to declare the tests, much of the code may be
reused and shared rather than copying/pasting. As a result, the
differences between tests are easier to identify.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Jarno Rajahalme <jarno@ovn.org>
ofp-actions: Always consider inconsistent CT actions as an error.
We can't downgrade to OF1.0 and expect inconsistent CT actions
be silently discarded. Instead, datapath flow install fails, so
it is better to flag inconsistent CT actions as hard errors.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Joe Stringer <joe@ovn.org>
upcall: Don't start new revalidation round too soon after the last one.
The execution time of 'ovs-ofctl add-flows' with a large number of
flows can be more than halved if revalidators are not running after
each flow mod separately. This was first suspected when it was found
that 'ovs-ofctl --bundle add-flows' is about 10 times faster than the
same command without the '--bundle' option in a scenario where there
is a large set of flows being added and no datapath flows at all. One
of the differences caused by the '--bundle' option is that the
revalidators are woken up only once, at the end of the whole set of
flow table changes, rather than after each flow table change
individually.
This patch limits the revalidation to run at most 200 times a second
by enforcing a minimum of 5ms time gap between the start times of
revalidation rounds. If nothing happens in, say 6 milliseconds, and
then a new flow table change is signaled, the revalidator threads wake
up immediately without any further delay. Values smaller than 5 were
found to increase the 'ovs-ofctl add-flows' execution time noticeably.
Since the revalidators are not running after each flow mod, the
overall OVS CPU utilization during the 'ovs-ofctl add-flows' run time
is reduced roughly by one core on a four core machine.
In testing the 'ovs-ofctl add-flows' execution time is not
significantly improved from this even if the revalidators are not
notified about the flow table changes at all.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
David Hill [Tue, 30 Aug 2016 19:13:31 +0000 (15:13 -0400)]
netdev-linux: Use ethtool when miimon fails.
Some network drivers might return true to SIOCGMIIPHY and an error on
SIOCGMIIREG when using MII to query phy state. Fall back to ethtool if this
happens to allow failover to work when using such nics.
Reported-at: http://openvswitch.org/pipermail/dev/2016-August/078800.html Signed-off-by: David Hill <dhill@redhat.com> Signed-off-by: Joe Stringer <joe@ovn.org>
OVS GRE IPsec tunnel support has multiple issues, Therefore
it was deprecated in OVS 2.6.
Following patch removes support for GRE IPsec and allows external
IPsec tunnel management for any type of tunnel not just GRE.
e.g. user can encrypt Geneve or VxLan traffic.
It can be done by using openflow pipeline to set skb-mark
and using IPsec keying daemons to implement IPsec tunnels.
This packet can be matched for the skb-mark to encrypt
selective tunnel traffic.
Andy Zhou [Tue, 20 Sep 2016 19:44:32 +0000 (12:44 -0700)]
ovsdb: Fix segfalut during replication.
The newly added replication logic makes it possible for a monitor to
receive delete and insertion of the same row back to back, which
was not possible before. Add logic (and comment) to handle this
case to avoid follow crash reported by Valgrind:
#0 0x0000000000453edd in ovsdb_datum_compare_3way
(a=0x5efbe60, b=0x0, type=0x5e6a848) at lib/ovsdb-data.c:1626
#1 0x0000000000453ea4 in ovsdb_datum_equals
(a=0x5efbe60, b=0x0, type=0x5e6a848) at lib/ovsdb-data.c:1616
#2 0x000000000041b651 in update_monitor_row_data
(mt=0x5eda4a0, row=0x5efbe00, data=0x0) at ovsdb/monitor.c:310
#3 0x000000000041ed14 in ovsdb_monitor_changes_update
(old=0x0, new=0x5efbe00, mt=0x5eda4a0, changes=0x5ef7180)
at ovsdb/monitor.c:1255
#4 0x000000000041f12e in ovsdb_monitor_change_cb
(old=0x0, new=0x5efbe00, changed=0x5efc218, aux_=0xffefff040)
at ovsdb/monitor.c:1339
#5 0x000000000042ded9 in ovsdb_txn_for_each_change
(txn=0x5efbd90, cb=0x41ef50 <ovsdb_monitor_change_cb>,
aux=0xffefff040) at ovsdb/transaction.c:906
#6 0x0000000000420155 in ovsdb_monitor_commit
(replica=0x5eda2c0, txn=0x5efbd90, durable=false)
at ovsdb/monitor.c:1553
#7 0x000000000042dc04 in ovsdb_txn_commit_
(txn=0x5efbd90, durable=false) at ovsdb/transaction.c:868
#8 0x000000000042ddd4 in ovsdb_txn_commit (txn=0x5efbd90, durable=false)
at ovsdb/transaction.c:893
#9 0x0000000000422e0c in process_notification
(table_updates=0x5efad10, db=0x5e6bd40) at ovsdb/replication.c:575
#10 0x0000000000420ff3 in replication_run () at ovsdb/replication.c:184
#11 0x0000000000405cc8 in main_loop
(jsonrpc=0x5e67770, all_dbs=0xffefff3a0, unixctl=0x5ebd980,
remotes=0xffefff360, run_process=0x0, exiting=0xffefff3c0,
is_backup=0xffefff2de) at ovsdb/ovsdb-server.c:198
#12 0x0000000000406edb in main (argc=1, argv=0xffefff550)
at ovsdb/ovsdb-server.c:429
Reported-by: Joe Stringer <joe@ovn.org>
Reported-at: http://openvswitch.org/pipermail/dev/2016-September/079315.html Reported-by: Alin Serdean <aserdean@cloudbasesolutions.com>
Reported-at: http://openvswitch.org/pipermail/dev/2016-September/079586.html Co-authored-by: Joe Stringer <joe@ovn.org> Signed-off-by: Andy Zhou <azhou@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Fixes test failure seen due to the IPsec tunnel deprecation
messages in test logs.
Fixes: 9e9d0384910e ("openvswitch: deprecates support for IPsec tunnel port."). Reported-by: Joe Stringer <joe@ovn.org> Signed-off-by: Pravin B Shelar <pshelar@ovn.org> Acked-by: Joe Stringer <joe@ovn.org>
openvswitch: deprecates support for IPsec tunnel port.
OVS IPsec tunnel support has issues:
1. It only works for GRE.
2. only works on Debian.
3. It does not allow user to match on packet-mark
on packet received on tunnel ports.
This patch deprecates support for IPsec tunnel port.
Signed-off-by: Pravin B Shelar <pshelar@ovn.org> Acked-by: Ansis Atteka <aatteka@ovn.org>
ovn-controller: Store conntrack zone mappings to OVS database.
If ovn-controller is restarted, it may choose different conntrack zones
than had been previously used, which could cause the wrong conntrack
entries to be associated with a logical port. This commit stores in the
integration bridge's OVS "Bridge" table the mapping to the conntrack zone.
Signed-off-by: Justin Pettit <jpettit@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Joe Stringer [Fri, 23 Sep 2016 00:25:46 +0000 (17:25 -0700)]
ovs-lib: Fix SELinux contexts for created dirs.
ovs-lib creates several directories directly from the script, but
doesn't make any attempt to ensure that the correct SELinux context is
applied to these directories. As a result, the created directories end
up with type var_run_t rather than openvswitch_var_run_t.
During reboot using a tmpfs for /var/run, startup scripts will invoke
ovs-lib to create these directories with the wrong context. If SELinux
is enabled, OVS will fail to start as it cannot write to this directory.
Fix the issue by sprinkling "restorecon" in each of the places where
directories are created. In practice, many of these should otherwise be
handled by packaging scripts but if they exist then we should ensure the
correct SELinux context is set.
On systems where 'restorecon' is unavailable, this should be a no-op.
IPv4 and IPv6 packets have separate flows and should not overlap with a
catch-all flow that treats all packets like IPv4. It's unpredictable what
flow actually gets chosen in this situation.
Found by inspection.
Fixes: c34a87b6c570 ("ovn: Add support for IPv6 dynamic bindings.") Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Justin Pettit <jpettit@ovn.org>
ofproto-dpif-xlate: Adjust generated mask for fragments.
It's possible to install an OpenFlow flow that matches on udp source and
destination ports without matching on fragments. If the subtable where
such flow stays is visited during translation of a later fragment, the
generated mask will have incorrect prerequisited for the datapath and it
would be revalidated away at the first chance.
This commit fixes it by adjusting the mask for later fragments after
translation.
Other prerequisites of the mask are also prerequisites in OpenFlow, but
not the ip fragment bit, that's why we need a special case here.
For completeness, this commits also fixes a related problem in bfd,
where we check the udp destination port without checking if the frame is
an ip fragment. It's not really necessary to address this separately,
given the adjustment that we perform.
ovn-northd uses ct_label[0] to keep track of the ACL changes on
existing connections.This patch replaces the usage of ct_label[0]
in the logical flows with a symbolic name ct_label.blocked
ofproto: Do not signal revalidation for group mods twice.
The new group mod implementation signals revalidation through
'->set_tables_version()', so the separate '->group_modify()' is no
longer needed. The ofproto-provider API is changed to allow
'group_modify' to be NULL.
Fixes: 5d08a275cd ("ofproto: Make groups versioned.") Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
ovn-controller: Fix possible null pointer dereference.
The code dereferences "chassis", which could be null if chassis_run()
returns null. "chassis" will always be null if "chassis_id" is null, so
checking "chassis" is sufficient to check both.
datapath: avoid deferred execution of recirc actions
Port upstream fix to datapath module. The only notable difference
between this patch and the upstream version is that the value of
ovs_recursion_limit (5 for upstream kernel, 4 for out-of-tree
module) is maintained in this patch.
openvswitch: avoid deferred execution of recirc actions
The ovs kernel data path currently defers the execution of all
recirc actions until stack utilization is at a minimum.
This is too limiting for some packet forwarding scenarios due to
the small size of the deferred action FIFO (10 entries). For
example, broadcast traffic sent out more than 10 ports with
recirculation results in packet drops when the deferred action
FIFO becomes full, as reported here:
Since the current recursion depth is available (it is already tracked
by the exec_actions_level pcpu variable), we can use it to determine
whether to execute recirculation actions immediately (safe when
recursion depth is low) or defer execution until more stack space is
available.
With this change, the deferred action fifo size becomes a non-issue
for currently failing scenarios because it is no longer used when
there are three or fewer recursions through ovs_execute_actions().
Ryan Moats [Tue, 20 Sep 2016 15:35:46 +0000 (10:35 -0500)]
ofproto-dpif-xlate: Fix memory leak in execute_controller_action.
commit df70a7731 ("ofproto-dpif-xlate: Allow translating
without side-effects.") created a memory leak by removing the
dp_packet_delete statement in execute_controller_action that
freed the earlier cloned packet. This commit restores this
statement to the end of the method.
Fixes: df70a7731 ("ofproto-dpif-xlate: Allow translating without side-effects.") Signed-off-by: Ryan Moats <rmoats@us.ibm.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
We start the communication between VM1 and VM2, for example, ICMP.
At the meantime, disconnect OVS and SDN controller, and reconnect
them again, the process ovs-vswitchd crashes.
backtrace:
0 0x00007f658082ffe4 in cls_rule_make_invisible_in_version ()
1 0x00007f65807f6bb3 in delete_flows_start__ ()
2 0x00007f65807f7ee9 in ofproto_group_mod_start ()
3 0x00007f65807fa07b in handle_openflow ()
4 0x00007f658082119b in connmgr_run ()
5 0x00007f65807f3ba6 in ofproto_run ()
6 0x00007f65807e101c in bridge_run__ ()
7 0x00007f65807e715d in bridge_run ()
8 0x00007f658065784d in main ()
Signed-off-by: Binbin Xu <xu.binbin1@zte.com.cn> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ciara Loftus [Fri, 19 Aug 2016 09:22:30 +0000 (10:22 +0100)]
netdev-dpdk: Add new 'dpdkvhostuserclient' port type
The 'dpdkvhostuser' port type no longer supports both server and client
mode. Instead, 'dpdkvhostuser' ports are always 'server' mode and
'dpdkvhostuserclient' ports are always 'client' mode.
Suggested-by: Daniele Di Proietto <diproiettod@vmware.com> Signed-off-by: Ciara Loftus <ciara.loftus@intel.com> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
tun-metadata: Manage tunnel TLV mapping table on a per-bridge basis.
When using tunnel TLVs (at the moment, this means Geneve options), a
controller must first map the class and type onto an appropriate OXM
field so that it can be used in OVS flow operations. This table is
managed using OpenFlow extensions.
The original code that added support for TLVs made the mapping table
global as a simplification. However, this is not really logically
correct as the OpenFlow management commands are operating on a per-bridge
basis. This removes the original limitation to make the table per-bridge.
One nice result of this change is that it is generally clearer whether
the tunnel metadata is in datapath or OpenFlow format. Rather than
allowing ad-hoc format changes and trying to handle both formats in the
tunnel metadata functions, the format is more clearly separated by function.
Datapaths (both kernel and userspace) use datapath format and it is not
changed during the upcall process. At the beginning of action translation,
tunnel metadata is converted to OpenFlow format and flows and wildcards
are translated back at the end of the process.
As an additional benefit, this change improves performance in some flow
setup situations by keeping the tunnel metadata in the original packet
format in more cases. This helps when copies need to be made as the amount
of data touched is only what is present in the packet rather than the
maximum amount of metadata supported.
datapath: backport: openvswitch: use alias for genetlink family names
Upstream commit:
commit ed227099dac95128e2aecd62af51bb9d922e5977
Author: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Date: Fri Sep 9 17:42:30 2016 -0300
openvswitch: use alias for genetlink family names
When userspace tries to create datapaths and the module is not loaded,
it will simply fail. With this patch, the module will be automatically
loaded.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> Acked-by: Pravin B Shelar <pshelar@ovn.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> Signed-off-by: Jesse Gross <jesse@kernel.org>
Ben Pfaff [Thu, 15 Sep 2016 03:59:10 +0000 (20:59 -0700)]
ofp-parse: Fix sparse warnings about comparing ofp_port_ts.
Without this, sparse complains:
lib/ofp-parse.c:588:19: warning: restricted ofp_port_t degrades to integer
lib/ofp-parse.c:588:31: warning: restricted ofp_port_t degrades to integer
This is one of the irritating bits of using sparse, but on the whole I
think it saves us pretty often.
CC: Jarno Rajahalme <jarno@ovn.org> Fixes: 6dd3c787f591 ("ofproto: Support packet_outs in bundles.") Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Joe Stringer <joe@ovn.org>
Ben Pfaff [Thu, 15 Sep 2016 18:43:46 +0000 (11:43 -0700)]
ofproto-dpif-xlate: Fix treatment of mirrors across patch port.
When the bridges on both sides of a patch port included mirrors, the
translation code incorrectly conflated them instead of treating them as
independent.
Reported-by: Zoltán Balogh <zoltan.balogh@ericsson.com> Reported-by: Sugesh Chandran <sugesh.chandran@intel.com>
Reported-at: http://openvswitch.org/pipermail/discuss/2016-September/022689.html Signed-off-by: Ben Pfaff <blp@ovn.org> Tested-by: Zoltán Balogh <zoltan.balogh@ericsson.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Add a new select group selection method "dp_hash", which uses minimal
number of bits from the datapath calculated packet hash to inform the
select group bucket selection. This makes the datapath flows more
generic resulting in less upcalls to userspace, but adds recirculation
prior to group selection.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
ofp-parse: Remove double uninit of group mod if parsing fails.
Double ofputil_uninit_group_mod() used to be harmless, but leads to
double free after commit e8dba7197, which will crash if any error in
group parsing happens.
Add a test to prevent this regression from happening again.
datapath: compat: tunnels: Log error during initialization.
At present OVS compat tunneling can fail due to conflict with
already loaded tunneling kernel module. In this case openvswitch
kernel module loading fails silently. Following patch give more
clues about what went wrong.
Signed-off-by: Pravin B Shelar <pshelar@ovn.org> Acked-by: Jesse Gross <jesse@kernel.org>
Patch b0d38b2f17 unified flow mod reporting in ofproto for both
stand-alone flow mods and bundle flow mods, but left bundle-specific
reporting to the bundle removal code. This patch fixes this by
removing the bundle-specific reporting of flow mods.
Found by inspection.
Fixes: b0d38b2f17 ("ofproto: Report flow mods also from bundles.") Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Thu, 15 Sep 2016 03:39:03 +0000 (20:39 -0700)]
socket-util-unix: Avoid buffer read overrun in get_unix_name_len().
If the socket length does not include any of the bytes of the path, then
the code should not read even the first byte of the path.
Found by valgrind.
Reported-by: Joe Stringer <joe@ovn.org> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> Acked-by: Joe Stringer <joe@ovn.org>
After adding log messages to better understand IPAM-related code
in ovn northd, the IPAM tests began to fail occasionally. Adding
--wait=sb to commands triggering address allocation eliminated
these failures (there were no failures with 100 executions when
testing with this change).
Signed-off-by: Lance Richardson <lrichard@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Add support for OFPT_PACKET_OUT messages in bundles.
While ovs-ofctl already has a packet-out command, we did not have a
string parser for it, as the parsing was done directly from command
line arguments.
This patch adds the string parser for packet-out messages, adds
support for it into the 'ovs-ofctl packet-out' command, and adds a new
ofctl/packet-out ovs-appctl command that can be used when ovs-ofctl is
used as a flow monitor. The old 'ovs-ofctl packet-out syntax is
deprecated' and will be removed in a later OVS release.
The new packet-out parser is further supported with the ovs-ofctl
bundle command, which allows bundles to mix flow mods, group mods and
packet-out messages. Also the packet-outs in bundles are only
executed if the whole bundle is successful. A failing packet-out
translation may also make the whole bundle to fail.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Refactor handle_packet_out() to prepare for bundle support for packet
outs in a later patch.
Two new callbacks are introduced in ofproto-provider class:
->packet_xlate() and ->packet_execute(). ->packet_xlate() translates
the packet using the flow and actions provided by the caller, but
defers all OpenFlow-visible side-effects (stats, learn actions, actual
packet output, etc.) to be explicitly executed with the
->packet_execute() call.
Adds a new ofproto_rule_reduce_timeouts__() that must be called with
'ofproto_mutex' held. This is used in the next patch.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
ofproto-dpif-xlate: Allow translating without side-effects.
Extend 'may_learn' attribute to also control the treatment of
FIN_TIMEOUT action and asynchronous messages (packet ins,
continuations), so that when 'may_learn' is 'false' and
'resubmit_stats' is 'NULL', no OpenFlow-visible side effects are
generated by the translation.
Correspondingly, add support for one-time asynchronous messages to
xlate cache, so that all side-effects of the translation may be
executed at a later stage. This will be useful for bundle commits.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
ofproto: Use ofproto_flow_mod for learn execution from xlate cache.
Use ofproto_flow_mod with a reference to an existing or new rule
instead of ofputil_flow_mod for learn action execution from xlate
cache
Typically we would find that when a learn xlate cache entry is
created, a preceding upcall has already created the learned flow. In
this case the xlate cache entry takes a reference to that flow and
keeps refreshing it without needing to perform any flow table lookups.
Otherwise the creation of the xlate cache entry creates the new rule,
which is then subsequently added to the classifier. In both cases
this is both faster and shrinks the memory cost of each learn cache
entry from ~3.5kb to about 0.3kb.
If the learned rule does not yet exist, it is created and attached to
the ofproto_flow_mod, from which it is then added. If the referred
rule happens to expire, or is modified in any way and is thus removed
from the classifier tables, we create a new rule using the old rule as
a template, so that we can avoid storing the ofputil_flow_mod in all
cases.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
ofproto-dpif-xlate: Add xlate cache type XC_TABLE.
Xlate cache entry type XC_TABLE is required for the table stats
(number of misses and matches) to be correctly attributed.
It appears that table stats have been off ever since xlate cache was
introduced. This was now revealed by a PACKET_OUT unit test case in a
later patch that checks for table stats explicitly.
Later patches will need to create xlate cache entries from different
modules. This patch refactors the xlate cache code in preparation
without any functional changes, so that the changes are clearly
visible in the following patches.
The definition of XC_ENTRY_FOR_EACH() iterator macro is changed so
that it now does not take the xlate cache pointer to unify the usage
accross all call sites.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Make mac table update functions part of the mac-learning module, which
also helps in figuring what is the minimal set of struct flow fields
needed for the update. Use this to change the xlate cache entry for
XC_NORMAL to not take a copy of the struct flow, but only save the
in_port, dl_src, and some auxiliary fields. This reduces the memory
burden of XC_NORMAL by roughly 0.5kb.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Zongkai LI [Fri, 9 Sep 2016 06:39:17 +0000 (06:39 +0000)]
ovn-northd: add dhcpv6 stateless option support
This patch adds DHCPv6 stateless option support, to allow ovn native dhcpv6
work in stateless mode.
User can add new option dhcpv6_stateless with string value true in
DHCP_Options.options column, to let ovn dhcpv6 only reply other configurations
for DHCPv6 request messages come from VM/VIF ports, and let VM/VIF ports get
their IPv6 addresses configured via stateless way.
Signed-off-by: Zongkai LI <zealokii@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Add a few messages at INFO to help debug the vif lifecycle.
A logsearch on mac or ip helps debug what happened to the
vif and when. This helps easily correlate logs across CMS and ovn.
Logs appear like this:
2016-09-01T18:15:48Z|00014|binding|INFO|Claiming lport eee1a9af-7513-4540-9385-9e3972bfca05 for this chassis.
2016-09-01T18:15:48Z|00015|binding|INFO|Claiming fa:16:3e:01:c3:4a 10.0.0.7 fd93:b509:aa46:0:f816:3eff:fe01:c34a
2016-09-01T18:15:59Z|00016|pinctrl|INFO|DHCPOFFER fa:16:3e:01:c3:4a 10.0.0.7
2016-09-01T18:15:59Z|00017|pinctrl|INFO|DHCPACK fa:16:3e:01:c3:4a 10.0.0.7
2016-09-01T18:16:22Z|00018|binding|INFO|Releasing lport eee1a9af-7513-4540-9385-9e3972bfca05 from this chassis.
2016-09-01T18:16:22Z|00019|binding|INFO|Releasing fa:16:3e:01:c3:4a 10.0.0.7 fd93:b509:aa46:0:f816:3eff:fe01:c34a
Signed-off-by: Ramu Ramamurthy <ramu.ramamurthy@us.ibm.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ramu Ramamurthy [Tue, 30 Aug 2016 23:58:34 +0000 (23:58 +0000)]
ovn: add lsp-deletion and bcast-flow removal tests for localnet
Add 2 tests for scenarios around lsp-deletion and flow removal
which have escaped current unit tests.
This test depends on the following patch:
"ovn-controller: Back out incremental processing" and passes
after applying it, but fails currently on master.
1) In the following sequence of events,
createi&bind vif1, create&bind vif2, delete vif1
we find that the localnet patch port
got deleted, whereas it should exist because there is a
bound vif2.
2) The flow broadcasting to tunnels in table=32 must be deleted
when a localnet port gets bound, but we find that the flow remains
in table 32 causing broadcasts to both tunnels and localnet patch.
Signed-off-by: Ramu Ramamurthy <ramu.ramamurthy@us.ibm.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
lib: Create $(sysconfdir)/openvswitch upon install
In cases where dbdir and etcdir are not the same, there is a need
for creating etcdir (i.e. $(sysconfdir)/openvswitch) explicitly.
Note that there is no attempt being made here to make the etcdir
configurable as in "--with-dbdir".
Reported-at: http://openvswitch.org/pipermail/dev/2016-September/TBD.html Fixes: f973f2af2fd4 ("Make the location of the database separately configurable.") Signed-off-by: Flavio Fernandes <flavio@flaviof.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Windows: Extend support for binaries which allow detach
On Windows we require service_start to be called to parse and setup
requirements for '--detach' argument.
Affected binaries: ovn-trace, ovsdb-client, ovs-testcontroller.
Subsequent patches will be sent to adapt the tests with the new features.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com> Signed-off-by: Gurucharan Shetty <guru@ovn.org>
connmgr: Make connmgr_wants_packet_in_on_miss() lock-free.
Make connmgr_wants_packet_in_on_miss() use an atomic int instead of a
list traversal taking the 'ofproto_mutex'. This allows
connmgr_wants_packet_in_on_miss() to be called also when
'ofproto_mutex' is already held, and makes it faster, too.
ofproto: Change rule's 'removed' member to a tri-state 'state'.
As a rule may not be re-inserted to ofproto data structures, it is
cleaner to have three states for the rule, rather than just two. This
will be useful for managing learned flows in later patches.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
projects / mirror_ovs.git / log