Ben Pfaff [Mon, 16 Aug 2010 22:59:26 +0000 (15:59 -0700)]
Fix SSL boilerplate descriptions in manpages.
Some of the SSL boilerplate was specific to switches, but it was included
in OVSDB programs also. Make it more generic. Also document SSL options
in some manpages where they were missing.
Ben Pfaff [Mon, 16 Aug 2010 22:54:47 +0000 (15:54 -0700)]
ovs-vsctl: Fix parsing of short SSL options.
The short versions of the SSL options (e.g. -p, -c, -C) did not work,
because they were not in the string passed to getopt_long(). This commit
fixes the problem and should avoid its recurrence with any other short
options that we add in the future.
Ben Pfaff [Thu, 12 Aug 2010 00:24:13 +0000 (17:24 -0700)]
Remove vestigial support for Spanning Tree Protocol.
Open vSwitch has never properly supported IEEE 802.1D Spanning Tree
Protocol (STP), but it has various bits and pieces that claim to support
it. This commit deletes them, to reduce the amount of dead code in the
tree. We can always reintroduce it later if it proves to be a good idea.
Ben Pfaff [Thu, 12 Aug 2010 17:18:19 +0000 (10:18 -0700)]
Wait for daemons to die in init.d script "stop" commands.
Sometimes it takes a moment for the OVS daemons to die. When that happens,
the "start" half of "openvswitch restart" can fail when ovsdb-tool
runs, because ovsdb-server will still have the lock on the database if it
has not exited yet. So this commit just makes the "stop" half wait for
the daemons to really die.
Ben Pfaff [Thu, 12 Aug 2010 16:47:33 +0000 (09:47 -0700)]
daemon: Make sure that vlog is initialized when a process daemonizes.
If a process daemonizes itself, then it should be possible to control that
process's log levels with "ovs-appctl vlog/set" and related commands. The
vlog_init() function registers those commands. But vlog_init() doesn't
normally get called until the first log message is issued. This can take a
while, especially for ovs-controller, where I first noticed the problem.
This commit fixes the problem by calling vlog_init() from
daemonize_start(), which always gets called as a process daemonizes.
Ben Pfaff [Thu, 5 Aug 2010 17:59:26 +0000 (10:59 -0700)]
debian: Use dh_installmodules instead of calling "depmod" wrongly.
Until now, the postinst for kernel modules built by the Debian packaging
has simply run "depmod -a", which is wrong, since this command rebuilds
the dependencies for the *running* kernel, which is not necessarily the
kernel for which modules are being installed.
The dh_installmodules script automatically adds the correct invocation of
depmod to the postinst script, so this commit switches to using that
instead.
This commit moves the kernel modules from /lib/modules/$KVERS into the
"kernel" subdirectory of that directory because dh_installmodules does not
support modules that are directly in the $KVERS directory.
Ben Pfaff [Thu, 5 Aug 2010 17:23:36 +0000 (10:23 -0700)]
random: Implement a decent random number generator.
Until now this library has based its random number upon those returned
by libc's rand() function. This has always bugged me--it is not a good
solution since rand() varies in quality so much. This commit changes
the random library to use a simple but high-quality PRNG.
Ben Pfaff [Wed, 11 Aug 2010 22:29:36 +0000 (15:29 -0700)]
bridge: Don't pay attention to columns that vswitchd doesn't need.
Not replicating unneeded columns has some value in avoiding CPU time and
bandwidth to the database. In ovs-vswitchd, setting cur_cfg as write-only
also have great value in avoiding extra reconfiguration steps. When
ovs-vsctl is used in its default mode this essentially avoids half of the
reconfigurations that ovs-vswitchd currently does. What happens now is:
1. ovs-vsctl updates the database and increments next_cfg.
2. ovs-vswitchd notices the change to the database, reconfigures
itself, then increments cur_cfg to match next_cfg.
3. The database sends the change to cur_cfg back to ovs-vswitchd.
4. ovs-vswitchd reconfigures itself a second time.
By not replicating cur_cfg we avoid step 3 and save a whole reconfiguration
step.
Also, now that the database contains interface statistics, this avoids
reconfiguring every time that statistics are updated.
Ben Pfaff [Wed, 11 Aug 2010 22:41:41 +0000 (15:41 -0700)]
ovsdb-idl: Make it possible to omit or pay less attention to columns.
ovs-vswitchd has no need to replicate some parts of the database. In
particular, it doesn't need to replicate the bits that it never reads,
such as the external_ids column in the Open_vSwitch table. This saves
some memory, CPU time, and bandwidth to the database.
Another type of column that benefits from special treatment is "write-only
columns", that is, those that ovs-vswitchd writes and keeps up-to-date but
never expects another client to write, such as the cur_cfg column in the
Open_vSwitch table. If the IDL reports that the database has changed when
ovs-vswitchd updates such a column, then ovs-vswitchd reconfigures itself
for no reason, wasting CPU time. This commit also adds support for such
columns.
Ben Pfaff [Wed, 28 Jul 2010 00:00:54 +0000 (17:00 -0700)]
dpif-netdev: Properly track whether there is a vlan header.
It looks to me like the current dpif-netdev implementation doesn't handle
the case where a packet comes in without a VLAN and then is subjected to
multiple ODPAT_SET_VLAN_* operations. dp_netdev_modify_vlan_tci() just
checks the flow key each time to see whether there's a VLAN, but it doesn't
update the flow key to note that there is now a VLAN.
One fix would be to update the flow key, but it's "const" these days.
Instead, add a check for whether the Ethernet type is ETH_TYPE_VLAN,
which should be equivalent.
Ben Pfaff [Tue, 10 Aug 2010 18:38:55 +0000 (11:38 -0700)]
dpif-netdev: Tolerate undersized packets.
Actions that modify packets need to tolerate packets that are too small.
Most of the actions already implicitly do this check, since they check for
appropriate values in the flow key that would only be there if the
corresponding data was present. But actions to modify the Ethernet header
didn't have a guarantee that the packet was at least 14 bytes long, and
actions to modify the VLAN didn't have such a guarantee either, so this
adds appropriate checks.
Ben Pfaff [Tue, 10 Aug 2010 18:35:46 +0000 (11:35 -0700)]
datapath: Fix handling of 802.1Q and SNAP headers.
The kernel and user datapaths have code that assumes that 802.1Q headers
are used only inside Ethernet II frames, not inside SNAP-encapsulated
frames. But the kernel and user flow_extract() implementations would
interpret 802.1Q headers inside SNAP headers as being valid VLANs. This
would cause packet corruption if any VLAN-related actions were to be taken,
so change the two flow_extract() implementations only to accept 802.1Q as
an Ethernet II frame type, not as a SNAP-encoded frame type.
802.1Q-2005 says that this is correct anyhow:
Where the ISS instance used to transmit and receive tagged frames is
provided by a media access control method that can support Ethernet
Type encoding directly (e.g., is an IEEE 802.3 or IEEE 802.11 MAC) or
is media access method independent (e.g., 6.6), the TPID is Ethernet
Type encoded, i.e., is two octets in length and comprises solely the
assigned Ethernet Type value.
Where the ISS instance is provided by a media access method that
cannot directly support Ethernet Type encoding (e.g., is an IEEE
802.5 or FDDI MAC), the TPID is encoded according to the rule for
a Subnetwork Access Protocol (Clause 10 of IEEE Std 802) that
encapsulates Ethernet frames over LLC, and comprises the SNAP
header (AA-AA-03) followed by the SNAP PID (00-00-00) followed by
the two octets of the assigned Ethernet Type value.
All of the media that OVS handles supports Ethernet Type fields, so to me
that means that we don't have to handle 802.1Q-inside-SNAP.
On the other hand, we *do* have to handle SNAP-inside-802.1Q, because this
is actually allowed by the standards. So this commit also adds that
support.
I verified that, with this change, both SNAP and Ethernet packets are
properly recognized both with and without 802.1Q encapsulation.
I was a bit surprised to find out that Linux does not accept
SNAP-encapsulated IP frames on Ethernet.
Here's a summary of how frames are handled before and after this commit:
--------------- --------------- -------------------------------------
Before After
this commit this commit
dl_type dl_vlan dl_type dl_vlan Notes
------- ------- ------- ------- -------------------------------------
1. TYPE ffff TYPE ffff no change
2. TYPE ffff TYPE ffff no change
3. TYPE VLAN TYPE VLAN no change
4. LEN VLAN TYPE VLAN proposal fixes behavior
5. TYPE VLAN 8100 ffff 802.1Q says this is invalid framing
6. 05ff ffff 05ff ffff no change
7. 05ff ffff 05ff ffff no change
8. LEN VLAN 05ff VLAN proposal fixes behavior
9. LEN VLAN 05ff VLAN proposal fixes behavior
Ben Pfaff [Fri, 6 Aug 2010 18:36:39 +0000 (11:36 -0700)]
vswitch: Clarify "arguments" versus "options".
Interface has an "options" column but some text referred to "arguments"
instead, which confused some readers. Also be even more explicit about
syntax, since this also confused some readers.
Ben Pfaff [Fri, 6 Aug 2010 23:49:14 +0000 (16:49 -0700)]
ovs-openflowd: Fix support for multiple controllers.
The multiple controller support here has apparently never been tested. I
still haven't tested it, but I fixed a few obvious problems in the source
code and in the manpage.
Ben Pfaff [Fri, 6 Aug 2010 18:46:24 +0000 (11:46 -0700)]
vswitchd: Only re-learn from flows that output to OFPP_NORMAL.
Commit e96a4d8035 "bridge: Feed flow stats into learning table." started
feeding flow statistics back into the learning table, but it did not
distinguish between flows with and flows without an action that outputs to
OFPP_NORMAL. Flows without such an action are not put into the learning
table initially, because bridge_normal_ofhook_cb() is not called for them,
but since that commit they have been put into the learning table when their
flows are reassessed.
This is inconsistent--flows without OFPP_NORMAL should either be learned
from all the time or never, not sometimes. I can see valid arguments both
ways, but since it was always my intention not to learn from such flows,
this commit disables learning from them.
Problem found by code inspection. I don't know of any observed bug that
this fixes.
Ben Pfaff [Thu, 5 Aug 2010 16:58:58 +0000 (09:58 -0700)]
vswitchd: Refresh SSL keys and certificates more frequently.
Until now, the ovs-vswitchd main loop has refreshed keys and certificates
from their files only when the database changes. This works fine if new
keys and certificates are installed with new file names, because the update
to the database to point to the new files will cause them to be read. But
if the new keys and certificates are copied over the existing files, then
the delay until they are read is indefinite.
This commit fixes the problem by changing the SSL configuration so that it
is rechecked on every trip through the ovs-vswitchd main loop.
Ben Pfaff [Thu, 5 Aug 2010 16:24:00 +0000 (09:24 -0700)]
stream-ssl: Make changing keys and certificate at runtime reliable.
OpenSSL is picky about the order in which keys and certificates are
changed: you have to change the certificate first, then the key. It
doesn't document this, but deep in the source code, in a function that sets
a new certificate, it has this comment:
/* don't fail for a cert/key mismatch, just free
* current private key (when switching to a different
* cert & key, first this function should be used,
* then ssl_set_pkey */
Ben Pfaff [Tue, 3 Aug 2010 21:40:29 +0000 (14:40 -0700)]
datapath: Detect and suppress flows that are implicated in loops.
In-kernel loops need to be suppressed; otherwise, they cause high CPU
consumption, even to the point that the machine becomes unusable. Ideally
these flows should never be added to the Open vSwitch flow table, but it
is fairly easy for a buggy controller to create them given the menagerie
of tunnels, patches, etc. that OVS makes available.
Commit ecbb6953b "datapath: Add loop checking" did the initial work
toward suppressing loops, by dropping packets that recursed more than 5
times. This at least prevented the kernel stack from overflowing and
thereby OOPSing the machine. But even with this commit, it is still
possible to waste a lot of CPU time due to loops. The problem is not
limited to 5 recursive calls per packet: any packet can be sent to
multiple destinations, which in turn can themselves be sent to multiple
destinations, and so on. We have actually seen in practice a case where
each packet was, apparently, sent to at least 2 destinations per hop, so
that each packet actually consumed CPU time for 2**5 == 32 packets,
possibly more.
This commit takes loop suppression a step further, by clearing the actions
of flows that are implicated in loops. Thus, after the first packet in
such a flow, later packets for either the "root" flow or for flows that
it ends up looping through are simply discarded, saving a huge amount of
CPU time.
This version of the commit just clears the actions from the flows that a
part of the loop. Probably, there should be some additional action to tell
ovs-vswitchd that a loop has been detected, so that it can in turn inform
the controller one way or another.
followed by sending a single "ping" packet from an attached Ethernet
port into the bridge. After this, without this commit the vswitch
userspace and kernel consume 50-75% of the machine's CPU (in my KVM
test setup on a single physical host); with this commit, some CPU is
consumed initially but it converges on 0% quickly.
A more challenging test sends a series of packets in multiple flows;
I used "hping3" with its default options. Without this commit, the
vswitch consumes 100% of the machine's CPU, most of which is in the
kernel. With this commit, the vswitch consumes "only" 33-50% CPU,
most of which is in userspace, so the machine is more responsive.
A refinement on this commit would be to pass the loop counter down to
userspace as part of the odp_msg struct and then back up as part of
the ODP_EXECUTE command arguments. This would, presumably, reduce
the CPU requirements, since it would allow loop detection to happen
earlier, during initial setup of flows, instead of just on the second
and subsequent packets of flows.
Ben Pfaff [Tue, 27 Jul 2010 17:02:07 +0000 (10:02 -0700)]
datapath: Don't track IP TOS value two different ways.
Originally, the datapath didn't care about IP TOS at all. Then, to support
NetFlow, we made it keep track of the last-seen IP TOS value on a per-flow
basis. Then, to support OpenFlow 1.0, we added a nw_tos field to
odp_flow_key. We don't need both methods, so this commit drops the
NetFlow-specific tracking.
This introduces a small kernel ABI break: upgrading the kernel module
without upgrading the OVS userspace will mean that NetFlow records will
all show an IP TOS value of 0. I don't consider that to be a serious
problem.
ovsdb-server should ordinarily connect to managers specified in the
database itself, as well as use the SSL configuration specified in the
database, but the suggested ovsdb-server command line didn't do that.
This commit adds all the relevant arguments that the XenServer integration
passes by default.
Ben Pfaff [Wed, 28 Jul 2010 21:10:13 +0000 (14:10 -0700)]
vswitch: Clarify and expand purpose of external_ids columns.
Until now we have intended external_ids for use by external frameworks, but
only for storing "identifiers" such as UUIDs and names. But there's no
reason that frameworks can't use it for whatever purposes they like. This
commit rewords the text describing the external_ids columns to be more
expansive.
Ben Pfaff [Mon, 2 Aug 2010 22:21:27 +0000 (15:21 -0700)]
xenserver: Add "reload" and "force-reload" support to init script.
I can't easily find anything that documents what commands Fedora init
scripts should support, but many of them support "reload" and
"force-reload". This commit adds support for them to the XenServer init
scripts. (The Debian init scripts already had support.)
Debian does document that reload and force-reload should be supported:
http://www.debian.org/doc/debian-policy/ch-opersys.html#s-writing-init
Justin Pettit [Sun, 1 Aug 2010 00:09:31 +0000 (17:09 -0700)]
datapath: Clean-up previous undefined symbol commit
The previous commit still had some issues with the
"set_normalized_timespec" symbol being undefined. Here we just replace
it. We can search for a more elegant solution later if necessary.
datapath: Fix undefined symbol "set_normalized_timespec"
The commit "datapath: Don't query time for every packet." (6bfafa55)
introduced the use of "set_normalized_timespec". Unfortunately, older
kernels don't export the symbol. This implements the function on those
older kernels.
vswitchd: Don't act as learning switch in secure mode with no controllers
Don't act as a learning switch when the fail-mode is "secure" and no
controllers are defined. This allows the bridge to come up in a state
where it won't pass any traffic until a controller has told it to do so.
Configuration of the fail-mode was an attribute of the Controller table.
However, it makes more sense as an attribute of the Bridge table, since
the behavior defines what a bridge should do if it can't connect to
*any* controller. This commit makes the move.
vswitchd: Remove default controller config from Open_vSwitch table
An OpenFlow controller is normally associated with a bridge. It was
possible to define a default controller in the Open_vSwitch table that
would be used if one was not associated with a bridge. This was seldom
used and mostly just caused confusion. This commit removes that
support, so an OpenFlow controller must always be associated with a
bridge.
Ben Pfaff [Fri, 30 Jul 2010 21:51:35 +0000 (14:51 -0700)]
learning-switch: Avoid violating C aliasing rules initializing actions.
The C standard says that an object that is declared of one particular type
must not be accessed through a pointer to another type, with a few notable
exceptions. This code was violating those rules, and GCC 4.4 complains
about it. This commit fixes the problem by using one of the exceptions:
it's always OK to access an object as an array of character type (which is
what memcpy() does implicitly).
Ben Pfaff [Fri, 30 Jul 2010 21:47:29 +0000 (14:47 -0700)]
sflow: Avoid "unused parameter" warnings from GCC 4.4.
With GCC -Wno-unused by itself isn't enough to avoid "unused parameter"
warnings, since we also use -Wunused-parameter. We also need to check for
and use -Wno-unused-parameter.
'struct net_device' is refcounted and can stick around for quite a
while if someone is still holding a reference to it. However, we
free the vport that it is attached to in the next RCU grace period
after detach. This assigns the vport to NULL on detach and adds
appropriate checks.
When we detached a vport we would assign NULL to dp_port->vport
before calling synchronize_rcu(). However, since vports have a
longer lifetime than dp_ports there were no checks before
dereferencing dp_port->vport. This changes the behavior to
match the assumption by not assigning NULL during detach. This
avoids a potential NULL pointer dereference in do_output() among
other places.
On vport ingress we already check for shared SKBs but then later
warn in several other places. In a similar vein, we check every
packet to see if it is LRO but only certain vports can produce
these packets. Remove and consolidate checks to the places where
they are needed.
learning-switch: Add ability to define default flows
Add an argument to the function to create a learning switch, which
defines default flows to be pushed down to connecting switches. It does
nothing to enforce that they remain intact. It only pushes flows on
switch connection.
ofp-parse: Break string-to-openflow parsing into library functions
An upcoming commit will add the ability to load OpenFlow rules into
ovs-controller. Break out string-to-openflow parsing so that
ovs-ofctl and ovs-controller can use the same code.
Rather than actually query the time every time a packet comes through,
just store the current jiffies and convert it to actual time when
requested. GRE is the primary beneficiary of this because the traffic
travels through the datapath twice. This change reduces CPU utilization
3-4% with GRE.
Ben Pfaff [Fri, 23 Jul 2010 22:27:38 +0000 (15:27 -0700)]
vlog: Fix logic error in update_min_level().
Commit 480ce8ab "vlog: Make the vlog module catalog program-specific."
accidentally inverted the logic in this function, which broke the "-v"
to various OVS programs as well as other mechanisms to set logging to
non-default levels.
Ben Pfaff [Fri, 16 Jul 2010 17:53:14 +0000 (10:53 -0700)]
vlog: Make the vlog module catalog program-specific.
Until now, the collection of vlog modules supported by a given OVS program
was not specific to that program. That means that, for example, even
though ovs-dpctl does not have anything to do with jsonrpc, it still has
a vlog module for it. This is confusing, at best.
This commit fixes the problem on some systems, in particular on ones that
use GCC and the GNU linker. It uses the feature of the GNU linker
described in its manual as:
If an orphaned section's name is representable as a C identifier then
the linker will automatically see PROVIDE two symbols: __start_SECNAME
and __end_SECNAME, where SECNAME is the name of the section. These
indicate the start address and end address of the orphaned section
respectively.
Systems that don't support these features retain the earlier behavior.
This commit also fixes the annoyance that modifying lib/vlog-modules.def
causes all sources files that #include "vlog.h" to recompile.
Ben Pfaff [Fri, 16 Jul 2010 18:02:49 +0000 (11:02 -0700)]
vlog: Introduce VLOG_DEFINE_THIS_MODULE for declaring vlog module in use.
Adding a macro to define the vlog module in use adds a level of
indirection, which makes it easier to change how the vlog module must be
defined. A followup commit needs to do that, so getting these widespread
changes out of the way first should make that commit easier to review.
Ben Pfaff [Fri, 16 Jul 2010 18:23:31 +0000 (11:23 -0700)]
vlog: Make vlog initialize itself when necessary.
It's more convenient if clients don't have to initialize modules
explicitly.
The most important part of this change is to initialize the default
log levels statically. Previously, by initializing log levels only
from vlog_init(), all the log levels appeared to be VLL_EMER (0) if
vlog_init() was accidentally not called at all. This was not intended
behavior, so this commit fixes it.
This commit also fixes up a few test programs whose tests accidentally
depended on this behavior, by making them explicitly turn off log
messages that were implicitly turned off before.
Ben Pfaff [Wed, 21 Jul 2010 22:42:22 +0000 (15:42 -0700)]
timeval: Make time_init() static and remove calls to it.
Since the timeval module now initializes itself on-demand, there is no
longer any need to initialize it explicitly, or to provide an interface to
do so.
Ben Pfaff [Fri, 16 Jul 2010 17:41:16 +0000 (10:41 -0700)]
timeval: Integrate CLOCK_MONOTONIC detection into time_init().
I don't see a reason that set_up_monotonic() should be separate from
time_init(). Doing all the time initialization in one place seems
reasonable, so this commit makes that change.
Ben Pfaff [Wed, 21 Jul 2010 22:38:23 +0000 (15:38 -0700)]
debian: Check for accurate Debian changelog version at build time too.
When we increment the Open vSwitch version number, we tend to forget to
update it in debian/changelog at the same time. Right now this gets
fixed up automatically at "make dist" time, but it's even better if we can
always have it be correct in the repository. This commit should help with
that, by making both "make" and "make dist" refuse to proceed if the
version number is out of sync.
Ben Pfaff [Thu, 15 Jul 2010 17:50:33 +0000 (10:50 -0700)]
tests: Disable profiling for "wait-until must wait" test.
This test tends to break when run with lcov profiling since the lcov
wrapper script can't synchronize access to profiling data across all the
ovs-vsctl instances running in parallel.
Ben Pfaff [Fri, 16 Jul 2010 22:50:57 +0000 (15:50 -0700)]
netdev-linux: Avoid minor number 0 in traffic control.
Linux traffic control handles with minor number 0 refer to qdiscs, not
to classes. This commit deals with this by using a conversion function:
OpenFlow queue 0 maps to minor 1, queue 1 to minor 2, and so on.
Ben Pfaff [Fri, 16 Jul 2010 22:47:23 +0000 (15:47 -0700)]
netdev-linux: Dump all queues, not just direct children of the root.
A netdev-linux traffic control implementation has to dump all of a port's
traffic classes in a couple of different situations. start_queue_dump()
is supposed to do that. But it was specifying TC_H_ROOT as tcm_parent,
which only dumped classes that were direct children of the root. This
commit changes tcm_parent to 0, which obtains all traffic classes
regardless of parent.
Ben Pfaff [Tue, 20 Jul 2010 18:23:21 +0000 (11:23 -0700)]
dpif: Abstract translation from OpenFlow queue ID into ODP priority value.
When the QoS code was integrated, I didn't yet know how to abstract the
translation from a queue ID in an OpenFlow OFPAT_ENQUEUE action into a
priority value for an ODP ODPAT_SET_PRIORITY action. This commit is a
first attempt that works OK for Linux, so far. It's possible that in fact
this translation needs the 'netdev' as an argument too, but it's not needed
yet.
Ben Pfaff [Fri, 16 Jul 2010 00:08:17 +0000 (17:08 -0700)]
ovs-controller: Add support for OpenFlow queues.
Before, ovs-controller always sent packets using OFPAT_OUTPUT, which always
uses the default OpenFlow queue. To help me debug the Open vSwitch QoS
implementation, I want to be able to send packets on other queues, so
this commit adds that feature.
Ben Pfaff [Tue, 20 Jul 2010 18:18:24 +0000 (11:18 -0700)]
learning-switch: Add support for OpenFlow queues.
Before, an lswitch always sent packets using OFPAT_OUTPUT, which always
uses the default OpenFlow queue. To help me debug the Open vSwitch QoS
implementation, I want to be able to send packets on other queues, so
this commit adds that feature.
Ben Pfaff [Thu, 15 Jul 2010 23:20:37 +0000 (16:20 -0700)]
learning-switch: Refactor wildcards calculation.
There's no need to calculate the wildcards to use for each flow, since it
is a constant across every flow. In my opinion this also makes
process_packet_in() a little easier to understand, since it deletes a few
lines of code from a relatively complicated function.
Ben Pfaff [Thu, 15 Jul 2010 23:02:46 +0000 (16:02 -0700)]
learning-switch: Reserved addresses are destinations, not sources.
A switch is not supposed to forward packets directed to MAC addresses
01:80:c2:00:00:0x. This code was instead dropping packets *from* those
addresses.
(This code is only used by ovs-controller, so the bug is not a big deal.)
The compiler pointed out two variables that it thought were used
without being initialized. The first was just a spurious warning
but the second could result in an unitialized pointer being freed.
This fixes both of those issues.
Ben Pfaff [Thu, 15 Jul 2010 00:04:22 +0000 (17:04 -0700)]
ovs-vsctl: Do not allow record names to be abbreviated.
It's pretty risky to allow record names to be abbreviated. If eth1 through
eth20 all exist, and then someone deletes eth1, then until now an ovs-vsctl
command that mentioned eth1 would actually use eth10. This is too much of
a caveat to let loose on unsuspecting scripts, so this commit removes that
functionality.
Ben Pfaff [Fri, 16 Jul 2010 16:22:23 +0000 (09:22 -0700)]
xenserver: Kill bond slaves' dhclients when bringing up bond master.
This fixes the converse of the problem addressed by commit fe19e820
"xenserver: Kill bond master's dhclient when bringing up bond slave". In
that commit's log message, I claimed that the converse was not a problem,
but I was wrong. I must have screwed up in testing, because it really is
a problem. This commit fixes it.
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Ian Campbell <Ian.Campbell@citrix.com> CC: Dominic Curran <dominic.curran@citrix.com> Reported-by: Michael Mao <mmao@nicira.com>
Bug #2668.
doc: Make explicit that ovs-vswitchd is the preferred switch.
Many people who are looking for an OpenFlow switch assume that
the only way to do it is using ovs-openflowd. Sometimes they also
run ovs-vswitchd at the same time. Try to clarify that neither
of these are necessary and ovs-vswitchd can handle OpenFlow by
itself and is the preferred method of doing so.
datapath: Don't update flow key when applying actions.
Currently the flow key is updated to match an action that is applied
to a packet but these field are never looked at again. Not only is
this a waste of time it also makes optimizations involving caching
the flow key more difficult.