Ben Pfaff [Tue, 3 Mar 2015 23:36:28 +0000 (15:36 -0800)]
ovs-lldp: Use better types for ISID and VLANs.
An ISID is 24 bits, so it fits in a uint32_t. A VLAN is 12 bits, so it
fits in a uint16_t. Use these types consistently, instead of int64_t.
This removes a check in aa_mapping_unregister() that seems a little
mysterious to me: it previously checked for ISID and VLAN values >= 0. I
don't see a way that they could be < 0 in this situation though.
Ben Pfaff [Tue, 3 Mar 2015 23:26:54 +0000 (15:26 -0800)]
lldp: Get rid of POKE macros in favor of inline functions.
The POKE macros previously used here don't match the style usually used in
OVS and they require the user to know exactly how many bytes to reserve.
This commit replaces them by easier-to-use inline functions that take
advantage of the ofpbuf interface.
Also removes a few PEEK macros that weren't used anywhere.
Dennis Flynn [Fri, 20 Feb 2015 19:17:11 +0000 (14:17 -0500)]
auto-attach: Add auto-attach support to bridge layer and command set
This is the final commit in the series of commits that deliver initial support
for Auto-Attach. Specifically this commit delivers auto-attach support to the
OVS bridge layer as well as the new auto-attach commands. The OVSDB schema is
modified to define the new auto-attach entries. The man pages, unit tests, and
news and license notice files are also updated. A unit test is provided to
validate the construction of auto-attach packets.
Signed-off-by: Ludovic Beliveau <ludovic.beliveau@windriver.com> Signed-off-by: Dennis Flynn <drflynn@avaya.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Dennis Flynn [Fri, 20 Feb 2015 19:17:09 +0000 (14:17 -0500)]
auto-attach: Initial support for Auto-Attach standard
This commit provides the initial delivery of support for the Auto-Attach
standard to Open vSwitch. This standard describes a compact method of using
IEEE 802.1AB Link Layer Discovery Protocol (LLDP) with a IEEE 802.1aq Shortest
Path Bridging (SPB) network to automatically attach network devices not
supporting IEEE 802.1ah to individual services in a SPB network. Specifically
this commit adds base LLDP support to OVS along with the LLDP extension
required to support Auto-Attach.
The base LLDP code within this commit is adapted from the open source LLDPD
project headed by Vincent Bernat. This base code is augmented with OVS specific
logic which integrates LLDP into OVS and which extends LLDP to support
Auto-Attach. The required build system changes are provided to include this new
Auto-Attach feature.
This is the first of a series of commits. Subsequent commits will be provided
to complete the task of adding Auto-Attach to OVS.
Signed-off-by: Ludovic Beliveau <ludovic.beliveau@windriver.com> Signed-off-by: Dennis Flynn <drflynn@avaya.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Pravin B Shelar [Tue, 3 Mar 2015 01:29:44 +0000 (17:29 -0800)]
ofpbuf: Simplify ofpbuf API.
ofpbuf was complicated due to its wide usage across all
layers of OVS, Now we have introduced independent dp_packet
which can be used for datapath packet, we can simplify ofpbuf.
Following patch removes DPDK mbuf and access API of ofpbuf
members.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Pravin B Shelar [Sun, 22 Feb 2015 11:21:09 +0000 (03:21 -0800)]
dp-packet: Remove ofpbuf dependency.
Currently dp-packet make use of ofpbuf for managing packet
buffers. That complicates ofpbuf, by making dp-packet
independent of ofpbuf both libraries can be optimized for
their own use case.
This avoids mapping operation between ofpbuf and dp_packet
in datapath upcalls.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Mark Maglana [Mon, 2 Mar 2015 21:41:35 +0000 (13:41 -0800)]
vtep: Limit the split elements to 2 (maxsplit + 1)
This change ensures that we always end up with two elements even
if the name of the physical port contains dashes. For example, a
binding of "0100-br0-eth1" will be split to ["0100", "br0-eth1"]
instead of ["0100", "br0", "eth1"].
Signed-off-by: Mark Maglana <mmaglana@gmail.com> Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Pravin B Shelar [Sun, 15 Feb 2015 22:58:51 +0000 (14:58 -0800)]
datapath: Fix masked key serialization.
Fix typo where mask is used rather than key.
Fixes: 74ed7ab9264("openvswitch: Add support for unique flow IDs.") Reported-by: Joe Stringer <joestringer@nicira.com> Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Joe Stringer [Thu, 22 Jan 2015 00:42:52 +0000 (16:42 -0800)]
datapath: Add support for unique flow IDs.
Previously, flows were manipulated by userspace specifying a full,
unmasked flow key. This adds significant burden onto flow
serialization/deserialization, particularly when dumping flows.
This patch adds an alternative way to refer to flows using a
variable-length "unique flow identifier" (UFID). At flow setup time,
userspace may specify a UFID for a flow, which is stored with the flow
and inserted into a separate table for lookup, in addition to the
standard flow table. Flows created using a UFID must be fetched or
deleted using the UFID.
All flow dump operations may now be made more terse with OVS_UFID_F_*
flags. For example, the OVS_UFID_F_OMIT_KEY flag allows responses to
omit the flow key from a datapath operation if the flow has a
corresponding UFID. This significantly reduces the time spent assembling
and transacting netlink messages. With all OVS_UFID_F_OMIT_* flags
enabled, the datapath only returns the UFID and statistics for each flow
during flow dump, increasing ovs-vswitchd revalidator performance by 40%
or more.
Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Joe Stringer [Thu, 22 Jan 2015 00:42:51 +0000 (16:42 -0800)]
compat: Add genlmsg_parse() helper function.
The first user will be the next patch.
Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Joe Stringer [Thu, 22 Jan 2015 00:42:50 +0000 (16:42 -0800)]
datapath: Use sw_flow_key_range for key ranges.
These minor tidyups make a future patch a little tidier.
Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Joe Stringer [Thu, 22 Jan 2015 00:42:49 +0000 (16:42 -0800)]
datapath: Refactor ovs_flow_tbl_insert().
Rework so that ovs_flow_tbl_insert() calls flow_{key,mask}_insert().
This tidies up a future patch.
Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Joe Stringer [Thu, 22 Jan 2015 00:42:48 +0000 (16:42 -0800)]
datapath: Refactor ovs_nla_fill_match().
Refactor the ovs_nla_fill_match() function into separate netlink
serialization functions ovs_nla_put_{unmasked_key,mask}(). Modify
ovs_nla_put_flow() to handle attribute nesting and expose the 'is_mask'
parameter - all callers need to nest the flow, and callers have better
knowledge about whether it is serializing a mask or not.
Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Alex Wang [Fri, 27 Feb 2015 17:07:18 +0000 (09:07 -0800)]
test-hash: Remove the check_word_hash() for hash_bytes128_cb.
The original test fails on big-endian system due to the hash function
performing not as well when input is uint32_t. In reality, users should
only use hash_bytes128() to hash words larger than 128 bits (e.g. struct
flow). Besides, we do check the 1-bit set case for 16 128-bit words in
following test case. Therefore, the cleanest way to fix the failure
in big-endian system seems to be just removing the check_word_hash()
test for hash_bytes128_cb.
Signed-off-by: Alex Wang <alexw@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Andy Zhou [Tue, 24 Feb 2015 07:20:17 +0000 (23:20 -0800)]
ovsdb: Raise the jsonrpc server session limit
Raise the connection limit to allow larger number of concurrent
ovsdb-server connections. Note, ovsdb-server may not perform well
at the new limit. It is rather a prelude to further scaling tests and
optimizations.
Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Andy Zhou [Tue, 24 Feb 2015 07:15:23 +0000 (23:15 -0800)]
ovsdb: Warn about reaching max session limit
Without the log message, it was not obvious why ovsdb-server no longer
accepts new connections when the session limit was reached. This patch
adds a log message to make it obvious.
Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Russell Bryant <rbryant@redhat.com> Acked-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Sun, 22 Feb 2015 19:29:54 +0000 (11:29 -0800)]
FAQ.md: Mention Linux version that first could handle IPFIX flow monitoring.
I think that the critical commit is commit 4490108b4a5ada (openvswitch:
Allow OVS_USERSPACE_ATTR_USERDATA to be variable length.), which first
appeared in Linux 3.10.
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Romain Lenglet <romain.lenglet@oracle.com>
ovs-docker: Use a different mechanism to check for commands.
Currently, the script uses '--version' option from different commands
to check for their availability. uuidgen on Centos6 has been reported
not to have the '--version' option causing failure in script invocation.
This commit looks for the utilities in $PATH instead. The code is
copied from build-aux/dist-docs.
Reported-by: Michael J. Smalley <michaeljsmalley@gmail.com> Suggested-by: Ben Pfaff <blp@nicira.com> Signed-off-by: Gurucharan Shetty <gshetty@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Andy Zhou [Fri, 20 Feb 2015 20:55:25 +0000 (12:55 -0800)]
ovs-sandbox: Show the running program on xterm's title
When debugging multiple programs under GDB, it will be easier to
identify xterms with the program name displayed as title. Without
this patch, xterms will have the title of "gdb", which is the first
program the xterm executes. This change is useful for the next patch.
Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Jesse Gross [Wed, 18 Feb 2015 01:46:09 +0000 (17:46 -0800)]
datapath: Account for "openvswitch: Add support for checksums on UDP tunnels."
Upstream commit:
openvswitch: Add support for checksums on UDP tunnels.
Currently, it isn't possible to request checksums on the outer UDP
header of tunnels - the TUNNEL_CSUM flag is ignored. This adds
support for requesting that UDP checksums be computed on transmit
and properly reported if they are present on receive.
Signed-off-by: Jesse Gross <jesse@nicira.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream: b8693877 ("openvswitch: Add support for checksums on UDP tunnels.") Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
This resolves the differences between the OVS Geneve implementation
and the upstream kernel, particularly in the area of the split
between vport-geneve.c and the generic Geneve data plane.
Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
Jesse Gross [Wed, 18 Feb 2015 01:28:58 +0000 (17:28 -0800)]
datapath: Account for "udp: Do not require sock in udp_tunnel_xmit_skb"
Upstream commit:
udp: Do not require sock in udp_tunnel_xmit_skb
The UDP tunnel transmit functions udp_tunnel_xmit_skb and
udp_tunnel6_xmit_skb include a socket argument. The socket being
passed to the functions (from VXLAN) is a UDP created for receive
side. The only thing that the socket is used for in the transmit
functions is to get the setting for checksum (enabled or zero).
This patch removes the argument and and adds a nocheck argument
for checksum setting. This eliminates the unnecessary dependency
on a UDP socket for UDP tunnel transmit.
Signed-off-by: Tom Herbert <therbert@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream: d998f8ef ("udp: Do not require sock in udp_tunnel_xmit_skb") Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
Jesse Gross [Sun, 8 Feb 2015 06:40:52 +0000 (22:40 -0800)]
datapath: Account for "vxlan: Refactor vxlan driver to make use of the common UDP tunnel functions."
Upstream commit:
vxlan: Refactor vxlan driver to make use of the common UDP tunnel functions.
Simplify vxlan implementation using common UDP tunnel APIs.
Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Using the upstream functions where available also has the side effect
of ensuring that we can use hardware offloads. The GBP changes forced
the use of the OVS emulated GSO path on kernels that lack GBP. This
resulted in the loss of VXLAN offload on earlier kernels. This restores
the offload support (for both GBP and non-GBP VXLAN).
Upstream: acbf74a7 ("vxlan: Refactor vxlan driver to make use of the common UDP tunnel functions.") Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
Jesse Gross [Wed, 18 Feb 2015 00:27:04 +0000 (16:27 -0800)]
datapath: Consistently set skb->inner_protocol for tunnels.
skb->inner_protocol is used by GSO and TSO for tunnels on new
kernels. Since we are setting up packets to be handled by the
kernel's GSO and not just our own, we need to initialize this
field properly.
Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
Jesse Gross [Sat, 7 Feb 2015 03:25:09 +0000 (19:25 -0800)]
datapath: Account for "udp-tunnel: Add a few more UDP tunnel APIs"
Upstream commit:
udp-tunnel: Add a few more UDP tunnel APIs
Added a few more UDP tunnel APIs that can be shared by UDP based
tunnel protocol implementation. The main ones are highlighted below.
setup_udp_tunnel_sock() configures UDP listener socket for
receiving UDP encapsulated packets.
udp_tunnel_xmit_skb() and upd_tunnel6_xmit_skb() transmit skb
using UDP encapsulation.
udp_tunnel_sock_release() closes the UDP tunnel listener socket.
Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream: 6a93cc90 ("udp-tunnel: Add a few more UDP tunnel APIs") Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
Jesse Gross [Wed, 18 Feb 2015 22:27:17 +0000 (14:27 -0800)]
datapath: Enable OVS GSO to be used up to 3.18 if necessary.
There are two important GSO tunnel features that were introduced
after the 3.12 cutoff for our current out of tree GSO implementation:
* 3.16 introduced support for outer UDP checksums.
* 3.18 introduced support for verifying hardware support for protocols
other than VXLAN.
In cases where these features are used, we should use OVS GSO to
ensure correct behavior. However, we also want to continue to use
kernel GSO or hardware TSO in existing situations. Therefore, this
extends the range of kernels where OVS GSO is available to 3.18 and
makes it easier to select which one to use.
Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
Pravin B Shelar [Fri, 20 Feb 2015 22:59:47 +0000 (14:59 -0800)]
datapath: Fix net exit.
Open vSwitch allows moving internal vport to different namespace
while still connected to the bridge. But when namespace deleted
OVS does not detach these vports, that results in dangling
pointer to netdevice which causes kernel panic as follows.
This issue is fixed by detaching all ovs ports from the deleted
namespace at net-exit.
Reported-by: Assaf Muller <amuller@redhat.com> Fixes: 46df7b81454("openvswitch: Add support for network namespaces.") Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Reviewed-by: Thomas Graf <tgraf@noironetworks.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream: 7b4577a9da ("openvswitch: Fix net exit"). Acked-by: Andy Zhou <azhou@nicira.com>
Ben Pfaff [Fri, 20 Feb 2015 20:32:08 +0000 (12:32 -0800)]
userspace: Replace all uses of strncpy() by ovs_strlcpy().
strncpy() has a lot of pitfalls. A while back we replaced all its uses by
calls to ovs_strlcpy() or ovs_strzcpy(), but some more have crept in. This
commit fixes them.
Reported-by: Russell Bryant <rbryant@redhat.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com>
Ben Pfaff [Fri, 20 Feb 2015 19:30:50 +0000 (11:30 -0800)]
socket-util: Use correct address family in set_dscp(), instead of guessing.
The set_dscp() function, until now, tried to set the DSCP as IPv4 and as
IPv6. This worked OK on Linux, where an ENOPROTOOPT error made it really
clear which one was wrong, but FreeBSD uses EINVAL instead, which has
multiple meanings and which it therefore seems somewhat risky to ignore.
Instead, this commit just tries to set the correct address family's DSCP
option.
Tested by Alex Wang on FreeBSD 9.3.
Reported-by: Atanu Ghosh <atanu@acm.org> Signed-off-by: Ben Pfaff <blp@nicira.com> Co-authored-by: Alex Wang <alexw@nicira.com> Signed-off-by: Alex Wang <alexw@nicira.com> Tested-by: Alex Wang <alexw@nicira.com>
Ben Pfaff [Fri, 20 Feb 2015 16:44:48 +0000 (08:44 -0800)]
stream: Eliminate pstream_set_dscp().
This function is really of marginal utility. This commit drops it and
makes the existing callers instead open a new pstream with the desired
dscp.
The ulterior motive here is that the set_dscp() function that actually sets
the DSCP on a socket really wants to know the address family (AF_INET vs.
AF_INET6). We could plumb that down through the stream code, and that's
one reasonable option, but I thought that simply eliminating some calls
to set_dscp() where we don't already have the address family handy was
another reasonable way to go.
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Alex Wang <alexw@nicira.com>
Russell Bryant [Fri, 20 Feb 2015 18:22:14 +0000 (13:22 -0500)]
timeval: Remove duplicate memset().
init_clock begins with a memset of 0 of the full clock struct. This
memset at the end of a single struct member just makes extra sure that
it's set to 0, which is unnecessary.
Signed-off-by: Russell Bryant <rbryant@redhat.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Jesse Gross [Sat, 7 Feb 2015 03:24:32 +0000 (19:24 -0800)]
datapath: Account for "udp: Generic functions to set checksum"
Upstream commit:
udp: Generic functions to set checksum
Added udp_set_csum and udp6_set_csum functions to set UDP checksums
in packets. These are for simple UDP packets such as those that might
be created in UDP tunnels.
Signed-off-by: Tom Herbert <therbert@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream: af5fcba7 ("udp: Generic functions to set checksum") Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com>
Jesse Gross [Fri, 6 Feb 2015 23:42:04 +0000 (15:42 -0800)]
datapath: Account for "vxlan: Call udp_sock_create"
Upstream commit:
vxlan: Call udp_sock_create
In vxlan driver call common function udp_sock_create to create the
listener UDP port.
Signed-off-by: Tom Herbert <therbert@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream: 3ee64f39 ("vxlan: Call udp_sock_create") Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com>
Jesse Gross [Fri, 6 Feb 2015 23:16:20 +0000 (15:16 -0800)]
datapath: Account for "udp: Add udp_sock_create for UDP tunnels to open listener socket"
Upstream commit:
udp: Add udp_sock_create for UDP tunnels to open listener socket
Added udp_tunnel.c which can contain some common functions for UDP
tunnels. The first function in this is udp_sock_create which is used
to open the listener port for a UDP tunnel.
Signed-off-by: Tom Herbert <therbert@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream: 8024e028 ("udp: Add udp_sock_create for UDP tunnels to open listener socket") Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com>
Jesse Gross [Fri, 6 Feb 2015 23:19:38 +0000 (15:19 -0800)]
datapath: Remove compat vxlan_src_port().
vxlan_src_port() has been replaced with the more generic
udp_flow_src_port() upstream. We already have a backport for this and
it is used everywhere where this is needed, so we can remove the
dead vxlan_src_port() function.
Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com>
Andy Zhou [Thu, 19 Feb 2015 01:17:33 +0000 (17:17 -0800)]
ovs-sandbox: Add an option to allow running ovs-vswitchd under gdb
It is some times useful to leverage the sandbox facility to experiment
and explore the internals of ovs-vswitchd. Since GDB requires console
access for user inputs, this patch launch an xterm for GDB, The main
terminal continue to run the sub-shell as before. Exiting the sub-shell
will also kill the ovs-vswitchd under GDB (but not GDB itself currently)
Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Thu, 19 Feb 2015 19:09:22 +0000 (11:09 -0800)]
ovsdb-doc: Add license and copyright notice.
The copyright dates are taken from "git log --follow ovsdb/ovsdb-doc",
considering only Nicira authors' changes. (Only one change was from
a non-Nicira author anyhow.)
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com>
Ben Pfaff [Thu, 19 Feb 2015 00:09:21 +0000 (16:09 -0800)]
vswitch: Document columns that had been previously overlooked.
A fair number of columns had been overlooked. This documents them.
The patch is smaller than it appears because this rearranges the STP and
RSTP documentation to group configuration, status, and statistics together
in the documentation for clarity.
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Gurucharan Shetty <gshetty@nicira.com>
Russell Bryant [Thu, 19 Feb 2015 18:10:51 +0000 (13:10 -0500)]
ovsdb-idlc: Constify 'char **'.
Update the logic used in constify() to add const to a 'char **' while
still excluding all other cases of more than one level of indirection.
This results in adding const to a parameter of a generated setter
function where we're generally passing in array of constant strings.
As a result, this patch includes the other necessary fixes to the code
base to reflect the const addition.
Signed-off-by: Russell Bryant <rbryant@redhat.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Russell Bryant [Thu, 19 Feb 2015 18:03:53 +0000 (13:03 -0500)]
CodingStyle: recommend PEP 8 for Python code
Add a new section about Python code to the coding style document.
Suggest that all new Python code should adhere to the PEP 8 standard.
Also include a reference to tools that can quickly check code for
style issues.
Signed-off-by: Russell Bryant <rbryant@redhat.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Thu, 19 Feb 2015 07:50:18 +0000 (23:50 -0800)]
AUTHORS: Add Madhu Venugopal.
Madhu reported a bug last year, mentioned in commit 639b6d9c9093
(ovsdb-server: Document RFC 7047 extensions to ovsdb <error>s.) but I
forgot to credit him in AUTHORS at the time.
Andy Zhou [Thu, 12 Feb 2015 23:10:28 +0000 (15:10 -0800)]
ofproto/bond: Fix a race condition in updating post recirculation rules
When updating post recirc rules, rule management requires calls to
hmap APIs, which requires proper locking to ensure mutual exclsion in
accessing the hmap internal data structure. The locking currently is
missing from the output_normal() xlate path, thus causing
a race condition.
The race condition leads to segfault crash of ovs-vswitchd, with the
following stack trace:
The crash was found by adding and deleting bond interfaces repeatedly
with on-going traffic hitting the bond interfaces. The same test was
ran over multiple days with this patch to ensure the same crash was
not seen.
The patch added the necessary lock annotation that would have caught
the bug.
Tested-by: Salvatore Cambria <salvatore.cambria@citrix.com> Reported-by: Salvatore Cambria <salvatore.cambria@citrix.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Patches that modify existing code can break expected behaviour.
Flag this by testing the patch with 'make check' prior to submission.
Furthermore, it is not sufficient to only test patches that add files
using 'make distcheck'; the compile flags for this target could change
the definition of some functions (ovs_assert, for example), altering
the outcome of some unit tests. Rather, it is preferable to use a
combination of 'make distcheck' with 'make check' to cover all bases.
Signed-off-by: Mark Kavanagh <mark.b.kavanagh@intel.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Fri, 13 Feb 2015 22:31:21 +0000 (14:31 -0800)]
ofp-parse: Correctly update bucket lists if they are empty.
Previously, list_moved() only worked with non-empty lists, but this was a
caveat that was really easy to miss. parse_ofp_group_mod_file() had a bug
because it didn't honor that restriction. This commit fixes the problem,
by modifying the list_moved() interface to be harder to use incorrectly
and then updating the callers.
Reported-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com>
tests: Enable running parallel unit tests for Windows.
testsuite uses mkfifo in its job dispatcher that manages
parallel unit tests. MinGW does not have a mkfifo. This
results in unit tests running serially on Windows. Right
now it takes up to approximately 40 minutes to run all the
unit tests on Windows.
This commit provides a job dispatcher for MinGW that uses
temporary files instead of mkfifo to manage parallel jobs.
With this commit, on a Windows machine with 4 cores and with
8 parallel unit test sessions, it takes approximately 8
minutes to finish a unit test run.
Shu Shen [Wed, 11 Feb 2015 05:20:12 +0000 (21:20 -0800)]
docs: Fix overlapping 'weak' edges in ovs-vswitchd.conf.db.5.
Multiple weak edges between nodes at the same rank overlaps with each other in
a dot/graphviz diagram. The vswitchd.pic used in ovs-vswitchd.conf.db.5 suffers
this problem.
Removing "constraint=false" allows graphviz to rank the nodes using the weak
edages as well so that the nodes at the ends of a weak edge won't be at the
same rank and allows mutlple 'weak' edges to be visible.
Signed-off-by: Shu Shen <shu.shen@radisys.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Thu, 12 Feb 2015 07:34:50 +0000 (23:34 -0800)]
mac-learning: Implement per-port MAC learning fairness.
In "MAC flooding", an attacker transmits an overwhelming number of frames
with unique Ethernet source address on a switch port. The goal is to
force the switch to evict all useful MAC learning table entries, so that
its behavior degenerates to that of a hub, flooding all traffic. In turn,
that allows an attacker to eavesdrop on the traffic of other hosts attached
to the switch, with all the risks that that entails.
Before this commit, the Open vSwitch "normal" action that implements its
standalone switch behavior (and that can be used by OpenFlow controllers
as well) was vulnerable to MAC flooding attacks. This commit fixes the
problem by implementing per-port fairness for MAC table entries: when
the MAC table is at its maximum size, MAC table eviction always deletes an
entry from the port with the most entries. Thus, MAC entries will never
be evicted from ports with only a few entries if a port with a huge number
of entries exists.
Controllers could introduce their own MAC flooding vulnerabilities into
OVS. For a controller that adds destination MAC based flows to an OpenFlow
flow table as a reaction to "packet-in" events, such a bug, if it exists,
would be in the controller code itself and would need to be fixed in the
controller. For a controller that relies on the Open vSwitch "learn"
action to add destination MAC based flows, Open vSwitch has existing
support for eviction policy similar to that implemented in this commit
through the "groups" column in the Flow_Table table documented in
ovs-vswitchd.conf.db(5); we recommend that users of "learn" not already
familiar with eviction groups to read that documentation.
In addition to implementation of per-port MAC learning fairness,
this commit includes some closely related changes:
- Access to client-provided "port" data in struct mac_entry
is now abstracted through helper functions, which makes it
easier to ensure that the per-port data structures are maintained
consistently.
- The mac_learning_changed() function, which had become trivial,
vestigial, and confusing, was removed. Its functionality was folded
into the new function mac_entry_set_port().
- Many comments were added and improved; there had been a lot of
comment rot in previous versions.
CERT: VU#784996 Reported-by: "Ronny L. Bull - bullrl" <bullrl@clarkson.edu>
Reported-at: http://www.irongeek.com/i.php?page=videos/derbycon4/t314-exploring-layer-2-network-security-in-virtualized-environments-ronny-l-bull-dr-jeanna-n-matthews Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Ethan Jackson <ethan@nicira.com>
Thomas Graf [Thu, 12 Feb 2015 20:23:08 +0000 (21:23 +0100)]
datapath: vxlan: Only set has-GBP bit in header if any other bits would be set
vxlan: Only set has-GBP bit in header if any other bits would be set
This allows for a VXLAN-GBP socket to talk to a Linux VXLAN socket by
not setting any of the bits.
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream: db79a621835e ("vxlan: Only set has-GBP bit in header if any other bits would be set") Signed-off-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
Nithin Raju [Thu, 12 Feb 2015 18:53:10 +0000 (10:53 -0800)]
lib/util.h: use types compatible with DWORD
_BitScanForward() and friends are part of the Windows API and
take DWORD as parameter type. DWORD is defined to be 'unsigned long'
in Windows' header files.
We call into these functions from within lib/util.h. Currently, we
pass arguments of type uint32_t which is type defined to
'unsigned int'. This incompatiblity causes failures when we compile
the code as C++ code or with warnings enabled, when compiled as C
code.
The fix is to use 'unsigned long' rather than fixed size type.
Co-Authored-by: Linda Sun <lsun@vmware.com> Signed-off-by: Nithin Raju <nithin@vmware.com> Signed-off-by: Linda Sun <lsun@vmware.com> Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
daemon.at: Fix a race condition with windows service test.
OVS daemon service for Windows creates the pidfile and then
registers with the Windows services manager that the service
is running. There is a small time gap between the two steps.
So retry a few times in the test.
Ben Pfaff [Wed, 11 Feb 2015 02:00:22 +0000 (18:00 -0800)]
timeval: Correctly report usage statistics in log_poll_interval().
Most of the information that timeval was reporting for long poll intervals
was comparing per-thread with per-process statistics, which yielded
nonsense a lot of the time.
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Alex Wang <alexw@nicira.com>
Alex Wang [Wed, 4 Feb 2015 01:08:13 +0000 (17:08 -0800)]
netdev-dpdk: Allow changing NON_PMD_CORE_ID for testing purpose.
For testing purpose, developers may want to change the NON_PMD_CORE_ID
and use a different core for non-pmd threads. Since the netdev-dpdk
module is hard-coded to assert the non-pmd threads using core 0, such
change will cause abortion of OVS.
This commit fixes the assertion and allows changing NON_PMD_CORE_ID.
Signed-off-by: Alex Wang <alexw@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
Andy Zhou [Sat, 7 Feb 2015 00:14:10 +0000 (16:14 -0800)]
test: Reverse the order of commands added by ON_EXIT macro
Executing clean-up commands in the reverse order of their addition
seems to be better for most of the cleanup situations. For example,
in kmod tests, we should remove name spaces before remove kernel
modules.
Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Ben Pfaff <blp@nicira.comugi