Improve the tutorial of the basic OVN features. Update the contents of
the "Locally attached networks" and "Locally attached networks with VLANs"
in detail. The logical ports of type "l2gateway" is described.
Submitted-at: https://github.com/openvswitch/ovs/pull/144 Signed-off-by: nickcooper-zhangtonghao <nickcooper-zhangtonghao@opencloud.tech> Signed-off-by: Russell Bryant <russell@ovn.org>
ovn-controller: if 'ovn-bridge-mappings' unconfigured, return directly.
If the chassis doesn't configure the 'external-ids:ovn-bridge-mappings' in
the OVSDB, the 'add_bridge_mappings' should return directly to skip some
unnecessary code.
Signed-off-by: nickcooper-zhangtonghao <nickcooper-zhangtonghao@opencloud.tech> Signed-off-by: Russell Bryant <russell@ovn.org>
Mario Cabrera [Tue, 28 Jun 2016 21:14:53 +0000 (15:14 -0600)]
ovsdb: Fix OVSDB disconnect replication bug
Currently disconnecting from the replicator server means closing the
jsonrpc connection and destroying the monitored table names and
blacklisted table names.
This patch makes a distinction between disconnecting from the
remote server, applicable when the replication incurs in an error,
and destroying the remote server info, applicable when ovsdb-server
exits gracefully.
Signed-off-by: Mario Cabrera <mario.cabrera@hpe.com>
Joe Stringer [Mon, 1 Aug 2016 20:58:38 +0000 (13:58 -0700)]
compat: Properly handle fragment lru.
In kernels <=3.16 there is an LRU for managing fragment queues for IPv4
and IPv6. Because the backport code comes from more recent upstream
versions of Linux, this LRU management was missing from ip_frag_queue()
and nf_ct_frag6_queue().
Fixes: 595e069a0634 ("compat: Backport IPv4 reassembly.") Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Pravin B Shelar <pshelar@ovn.org>
Joe Stringer [Tue, 12 Jul 2016 22:26:23 +0000 (15:26 -0700)]
compat: Only call nf_defrag_ipv[46]_enable() once.
This function is just a dummy to ensure that the corresponding netfilter
fragment module is loaded, to initialize the shared structures. But it
doesn't need to be invoked once per namespace; one call per protocol
should do the trick.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Pravin B Shelar <pshelar@ovn.org>
Joe Stringer [Tue, 12 Jul 2016 22:26:19 +0000 (15:26 -0700)]
compat: Simplify inet_fragment backports.
The core fragmentation handling logic is exported on all supported
kernels, so it's not necessary to backport the latest version of this.
This greatly simplifies the code due to inconsistencies between the old
per-lookup garbage collection and the newer workqueue based garbage
collection.
As a result of simplifying and removing unnecessary backport code, a few
bugs are fixed for corner cases such as when some fragments remain in
the fragment cache when openvswitch is unloaded.
Some backported ip functions need a little extra logic than what is seen
on the latest code due to this, for instance on kernels <3.17:
* Call inet_frag_evictor() before defrag
* Limit hashsize in ip{,6}_fragment logic
The pernet init/exit logic also differs a little from upstream. Upstream
ipv[46]_defrag logic initializes the various pernet fragment parameters
and its own global fragments cache. In the OVS backport, the pernet
parameters are shared while the fragments cache is separate. The
backport relies upon upstream pernet initialization to perform the
shared setup, and performs no pernet initialization of its own. When it
comes to pernet exit however, the backport must ensure that all
OVS-specific fragment state is cleared, while the shared state remains
untouched so that the regular ipv[46] logic may do its own cleanup. In
practice this means that OVS must have its own divergent implementation
of inet_frags_exit_net().
Joe Stringer [Tue, 12 Jul 2016 22:26:18 +0000 (15:26 -0700)]
compat: Fix IPv6 frag expiry crash.
If a user sends some fragments of an IPv6 message through OVS, but OVS
fails to assemble the IPv6 message and the OVS module is then unloaded
before the fragments expire, it could lead to a kernel panic like the
following:
Justin Pettit [Sun, 26 Jun 2016 05:22:52 +0000 (22:22 -0700)]
ovn: Add support for link-local addresses.
Every IPv6-enabled interface is supposed to have a link-local address
available to it. This commit adds a link local interface to each router
port and scopes link-local routes to the ingress port that received the
packet.
Signed-off-by: Justin Pettit <jpettit@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
ovn: Don't require clearing inport to hair-pin packets.
Introduce the "flags.loopback" symbol to allow packets to be sent back
on their ingress ports. Previously, one needed to clear "inport" to
hair-pin packets, but this made "inport" not available for future
matching. This approach should be more intuitive, but it will also be
needed in future patches.
This patch also removes functionality from the OVN expression library
that clears the OpenFlow ingress port when the logical input port is
zeroed.
Signed-off-by: Justin Pettit <jpettit@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Justin Pettit [Tue, 17 May 2016 11:06:13 +0000 (04:06 -0700)]
ovn-northd: Implement basic IPv6 routing.
This commit only supports static MAC bindings. A future commit will add
support for dynamic IPv6/MAC bindings. It has a few other limitations
described in "ovn/TODO".
Signed-off-by: Justin Pettit <jpettit@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Justin Pettit [Thu, 23 Jun 2016 01:21:40 +0000 (18:21 -0700)]
ovn: Rename "nd" action to "nd_na".
Rename "nd" to "nd_na" to be more descriptive and consistent with other
ND messages and actions. This commit also fixes some minor
documentation issues and limits the action to responding to Neighbor
Solicitation messages.
Signed-off-by: Justin Pettit <jpettit@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Justin Pettit [Thu, 23 Jun 2016 01:18:14 +0000 (18:18 -0700)]
ovn-controller: Tighten "nd" definition, add "nd_ns" and "nd_na".
According to RFC 4861, Neighbor Discovery messages should only match
when the Hop Limit is 255 to prevent off-link senders from sending ND
messages. This commit limits matching to that Hop Limit.
It also introduces Neighbor Discovery Solicitation ("nd_ns") and
Advertisement ("nd_na") definitions.
The "nd.sll" and "nd.tll" only apply to "nd_ns" and "nd_na",
respectively. This commit limits those symbols appropriately. (Note
that Router and Redirect also use those fields, so we will need to
include them as well when they are added.)
Signed-off-by: Justin Pettit <jpettit@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Justin Pettit [Sat, 18 Jun 2016 00:17:58 +0000 (17:17 -0700)]
packets: Cleanup ND compose functions.
Rename "compose_nd" and "compose_na" to "compose_nd_ns" and
"compose_nd_na", respecively, to be clearer about their functionality.
This will also make it more consistent when we add Neighbor Discover
Router Solicitation/Advertisement compose functions.
Also change the source and destination IPv6 addresses to take
"struct in6_addr" arguments, which are more common in the code base.
Signed-off-by: Justin Pettit <jpettit@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Add support for flow-control(mac control frame) to DPDK enabled physical
port types. By default, the flow-control is OFF on both rx and tx side.
The flow control can be enabled/disabled either when adding a port to OVS
or at run time.
For eg:
To enable flow control support at tx side while adding a port, add the
'tx-flow-ctrl' option to the 'ovs-vsctl add-port' command-line as below.
Similarly to enable rx flow control,
'ovs-vsctl add-port br0 dpdk0 -- \
set Interface dpdk0 type=dpdk options:rx-flow-ctrl=true'
And to enable the flow control auto-negotiation,
'ovs-vsctl add-port br0 dpdk0 -- \
set Interface dpdk0 type=dpdk options:flow-ctrl-autoneg=true'
To turn ON the tx flow control at run time(After the port is being added
to OVS), the command-line input will be,
'ovs-vsctl set Interface dpdk0 options:tx-flow-ctrl=true'
The flow control parameters can be turned off by setting 'false' to the
respective parameter. To dsiable the flow control at tx side,
'ovs-vsctl set Interface dpdk0 options:tx-flow-ctrl=false'
ofproto internally modifies 'modify_cookie' field, and adding a
replica to ofproto_flow_mod allows the ofputil_flow_mod argument to be
changed to a const.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Allow adding group mods in OpenFlow bundles. Group mods are executed
atomically with any flow mods in the same bundle. Mods are executed
in order, so that groups appearing in flow actions need to be inserted
in to the bundle before the dependent flow mods.
ovs-ofctl is enhanced to allow the '--bundle' option with group mod
commands. add-groups file format is enhanced to allow each line to be
preceded by one of the keywords "add", "modify", "delete",
"add_or_mod", "insert_bucket", or "remove_bucket".
ovs-ofctl also has a new "bundle" command that reads a file in which
each line contains one flow mod or group mod, and then executes them
all as a single atomic bundle transaction.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Use ofputil_uninit_group_mod() instead of
ofputil_bucket_list_destroy(). Currently these have the same effect,
but this will change in a following patch.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
ofp-util: Do not free() field that is not allocated.
Group properties field array is not dynamically allocated, so it
should not be freed. This has not been a problem, as this function
has not been called by anyone so far, but following patch will.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
ofproto-dpif-xlate: Hash only fields specified for 'hash' selection method.
The mask for non-present fields in struct field_array is always zero,
so hashing a prerequisite field that was not also specified for the
"hash" selection method boiled down to hashing a all-zeroes value and
unwildcarding the prerequisite field. Now that mf_are_prereqs_ok()
already takes care of unwildcarding, we can simplify the code by
hashing only the specified fields.
Also change the test case to include fields that have prerequisities.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
meta-flow: Clean up masking with prerequisities checking.
Change mf_are_prereqs_ok() take a flow_wildcards pointer, so that the
wildcards can be set at the same time as the prerequisiteis are
checked. This makes it easier to write more obviously correct code.
Remove the functions mf_mask_field_and_prereqs() and
mf_mask_field_and_prereqs__(), and make the callers first check the
prerequisites, while supplying 'wc' to mf_are_prereqs_ok(), and if
successful, mask the bits of the field that were read or set using
mf_mask_field_masked().
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
ofproto-dpif: Always forward 'used' from the old_rule.
Use new rule's flags to determine whether stats should be forwarded
from the old, modified rule to the new rule. This captures the fact
that prior to OpenFlow 1.2, which defines the reset counts flag, the
reset counts semantics was assumed by default. However, in that case
the reset counts flag is only present in the new flow, not on the
corresponding flow mod.
Having the above fixed revealed that the 'used' timestamp was not
forwarded from the old rule to the new rule when counts were not being
forwarded. Fix this by always forwarding the 'used' timestamp.
It is possible that a bundle add message fails, but the following
commit succeeds, since the message was not added to the bundle. Make
ovs-ofctl fail also in these cases.
Also, the commit should not be sent if any of the bundled messages
failed. To make sure all the errors are received before the commit is
sent, a barrier is required before sending the commit message.
Finally, make vconn collect bundle errors into a list instead of
calling a callback. This makes bundle error management simpler.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Variable length messages need their length updated before they can be
added to the bundle.
Message length updating after encoding is sometimes done by the
encoding function, but always latest when the message is sent out. As
an OpenFlow message is added to a bundle add message, it will not be
sent by itself, and we need to update the length explicitly instead.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Remove flow from ofproto data structures in the 'start' phase, even if
we may need to add them back in 'revert' phase.
This makes bundled group mods easier, as a group delete may also
delete flows, and we need the referring flows to be updated in the
'start' phase so that we will not have stale references to the
referring flows.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Make groups RCU protected and make group lookups lockless. While this
makes group lookups perform better, the main motivation is to have an
unified memory management model for versioned data supported in
OpenFlow bundles. Later patches will make groups versioned and add
bundle support for groups.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Recent commits reorganizing bindings handling and also moving ct zone
assignment to ovn-controller.c caused ct zone assignment to no longer
work. The code relies on an "all_lports" sset that should contain all
logical ports that we should be assigning ct zones for. Prior to this
change, all_lports was always empty.
Signed-off-by: Babu Shanmugam <bschanmu@redhat.com> Co-authored-by: Russell Bryant <russell@ovn.org> Signed-off-by: Russell Bryant <russell@ovn.org> Acked-by: Ryan Moats <rmoats@us.ibm.com>
netdev-*: Do not use dp_packet_pad() in recv() functions.
All the netdevs used by dpif-netdev (except for netdev-dpdk) have a
dp_packet_pad() call in the receive function, probably because the
userspace datapath couldn't handle properly short packets.
This doesn't appear to be the case anymore.
This commit removes the call to have a more consistent behavior with the
kernel datapath.
All the testsuite changes in this commit adjust the expectations for
packet lengths in flow dumps and other stats. There's only one fix in
ovn.at: one of the test_ip() functions generated an incomplete udp
packet, which was not a problem until now, because of the padding.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Acked-by: Ben Pfaff <blp@ovn.org>
Russell Bryant [Fri, 29 Jul 2016 18:51:07 +0000 (14:51 -0400)]
travis: Fix flake8 failures from flake8 3.0.
The "hacking" plugin for flake8 is not currently compatible with flake8
3.0. Ensure that we install flake8 2.x on travis-ci. Also update the
docs to indicate this incompatibility.
Signed-off-by: Russell Bryant <russell@ovn.org> Acked-by: Andy Zhou <azhou@ovn.org>
Joe Stringer [Fri, 29 Jul 2016 00:09:38 +0000 (17:09 -0700)]
fedora: Prioritize OVS modules in weak-updates.
Out-of-tree modules are installed into the kernel's "extra" modules
directory for the version that kmod-openvswitch is compiled against. For
all other kernels on the system at install time, a symlink is created in
the "weak-updates" directory. This provides a path for the same kernel
module to be used when minor kernel updates are done on a system.
However, without updating the depmod configuration the weak-update will
not be prioritized, so modprobe will switch back to using upstream
kernel modules when you upgrade. This patch introduces that depmod
configuration to ensure that the out-of-tree module is always used when
it is installed, regardless of kernel upgrades.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Pravin B Shelar <pshelar@ovn.org> Acked-by: Flavio Leitner <fbl@sysclose.org>
Joe Stringer [Fri, 29 Jul 2016 00:09:37 +0000 (17:09 -0700)]
rhel: Prioritize our vport-foo modules in depmod.
We've done the same for openvswitch.ko previously, but we really should
be doing this for vport modules as well; otherwise, depmod may try to
pair upstream vport modules with the out-of-tree openvswitch module
(leading to depmod warnings on package install, and failure to load the
module at runtime).
VMware-BZ: #1700293 Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Pravin B Shelar <pshelar@ovn.org> Acked-by: Flavio Leitner <fbl@sysclose.org>
Allow clients to use the whole priority range. Note that this changes
the semantics of PVECTOR_FOR_EACH_PRIORITY so that the iteration still
continues for entries at the given priority.
Suggested-by: Ben Pfaff <blp@ovn.org> Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
datapath-windows: Update OvsReadEventCmdHandler in Datapath.c to support different events
OvsReadEventCmdHandler must now reflect the right event being read. If the
event is a Conntrack related event, then convert the entry to netlink
format and send it to userspace. If it's Vport event, retain the existing
workflow.
Signed-off-by: Sairam Venugopal <vsairam@vmware.com> Acked-by: Paul Boca <pboca@cloudbasesolutions.com> Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com> Signed-off-by: Gurucharan Shetty <guru@ovn.org>
datapath-windows: Add support for multiple event queue in Event.c
Update Event.c to have multiple event queues and mechanism to retrieve the
associated queue. Introduce OvsPostCtEvent and OvsRemoveCtEventEntry
similar to OvsPostVportEvent and OvsRemoveVportEventEntry.
Signed-off-by: Sairam Venugopal <vsairam@vmware.com> Acked-by: Paul Boca <pboca@cloudbasesolutions.com> Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com> Acked-By: Yin Lin <linyi@vmware.com> Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com> Signed-off-by: Gurucharan Shetty <guru@ovn.org>
datapath-windows: Modify OvsCreateNlMsgFromCtEntry to make it reusable
Tweak the OvsCreateNlMsgFromCtEntry() method to reuse it for creating
netlink messages from other files. Also define the function in Conntrack.h
to make it accessible.
Signed-off-by: Sairam Venugopal <vsairam@vmware.com> Acked-By: Yin Lin <linyi@vmware.com> Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com> Acked-By: Yin Lin <linyi@vmware.com> Signed-off-by: Gurucharan Shetty <guru@ovn.org>
datapath-windows: Define new multicast conntrack events and netlink protocol
The Hyper-V datapath supports NETLINK_GENERIC and NETLINK_NETFILTER
protocols for netlink communication. Define these two protocols in the
datapath.
Define new Conntrack events (new and delete) and add support for
subscribing to these events. Parse out OVS_NL_ATTR_MCAST_GRP and store it
as part of OVS_EVENT_SUBSCRIBE structure.
Signed-off-by: Sairam Venugopal <vsairam@vmware.com> Acked-By: Yin Lin <linyi@vmware.com> Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com> Signed-off-by: Gurucharan Shetty <guru@ovn.org>
datapath-windows: Fix bugs in Event.c around subscribe and lock
When userspace tries to resubscribe to an existing queue, return
STATUS_INVALID_PARAMETER since it's not supported. The current bug
overwrites status to STATUS_SUCCESS.
The second bug fix is around releasing the EventQueue lock if an open
instance couldn't be found. The current version returns back without
releasing the lock. Moving the OvsAcquireEventQueueLock() after the
instance is verified.
OvsGetOpenInstance does not enforce a safe read for
gOvsSwitchContext->dpNo. Use the gOvsSwitchContext->dispatchLock for
accessing the parameter.
Signed-off-by: Sairam Venugopal <vsairam@vmware.com> Acked-By: Yin Lin <linyi@vmware.com> Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com> Signed-off-by: Gurucharan Shetty <guru@ovn.org>
datapath-windows: Explicitly name vport related event to vportEvent
OVS_EVENT_ENTRY currently handles only Vport related events. Updating the
name of the struct to OVS_VPORT_EVENT_ENTRY. Remove OVS_EVENT_STATUS since
it's currently not in use. Update the datapath to refer to events as
vportEvents. This will aid in the introduction of other events.
Signed-off-by: Sairam Venugopal <vsairam@vmware.com> Acked-By: Yin Lin <linyi@vmware.com> Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com> Acked-By: Yin Lin <linyi@vmware.com> Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Ben Pfaff [Wed, 27 Jul 2016 06:50:06 +0000 (23:50 -0700)]
tests: Remove most packet-forwarding related "sleep"s from OVN tests.
These arbitrary sleeps are often longer than necessary and can be too short
in corner cases. This commit replaces them by a common macro that waits
only as long as necessary.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Ryan Moats <rmoats@us.ibm.com> Acked-by: Flavio Fernandes <flavio@flaviof.com>
Ben Pfaff [Wed, 27 Jul 2016 06:18:12 +0000 (23:18 -0700)]
ovn: Make two end-to-end tests more reliable.
These tests change the northbound configuration and then immediately check
that the changes have taken effect on the hypervisors. This can't work
reliably, so add a sleep to each one.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Ryan Moats <rmoats@us.ibm.com>
Russell Bryant [Thu, 28 Jul 2016 21:22:41 +0000 (17:22 -0400)]
ovn-controller: Remove old values from local_ids.
local_ids is supposed to be the set of interface iface-id values from
this chassis that correspond to OVN logical ports. We use this for
detecting when an interface has been removed as well as if child-ports
should be bound to this chassis.
Old values were not being removed from local_ids. The most immediate
effect of this was that once an interface has been removed from a
chassis, we would think a removal has occured *every* time through
binding_run and trigger the full binding processing. This was
a performance problem.
The second problem this would cause is if a port that had child ports
was moved to another chassis. We would end up with two chassis fighting
over the binding of the child ports.
Signed-off-by: Russell Bryant <russell@ovn.org> Acked-by: Ryan Moats <rmoats@us.ibm.com>
Added an IPv4 and MAC addresses management system to ovn-northd. When a logical
switch's other_config:subnet field is set, logical ports attached to that
switch that have the keyword "dynamic" in their addresses column will
automatically be allocated a globally unique MAC address/unused IPv4 address
within the provided subnet. The allocated address will populate the
dynamic_addresses column. This can be useful for a user who wants to deploy
many VM's or containers with networking capabilities, but does not care about
the specific MAC/IPv4 addresses that are assigned.
When ifdown isn't executed (system didn't shut down properly),
ports remain in the openvswitch's database. In that case, an
inconsitency is left behind when the ifcfg was modified because
ovs-vsctl won't do anything to update existing port's configuration
in the database.
The ifup/ifdown will operate only on configured interfaces, so
this patch fixes the issue by deleting the port from the database
before attempt to configure it with fresh configuration.
Signed-off-by: Flavio Leitner <fbl@redhat.com> Signed-off-by: Joe Stringer <joe@ovn.org>
Russell Bryant [Tue, 26 Jul 2016 20:29:25 +0000 (16:29 -0400)]
ovn: Rename "gateway" to "l3gateway".
When L3 gateway support was added, it introduced a port type called
"gateway" and a corresponding option called "gateway-chassis". Since
that time, we also have an L2 gateway port type called "l2gateway" and a
corresponding option called "l2gateway-chassis". This patch renames the
L3 gateway port type and option to "l3gateway" and "l3gateway-chassis"
to make things a little more clear and consistent.
Ryan Moats [Thu, 28 Jul 2016 16:53:03 +0000 (16:53 +0000)]
ovn: Add ovn-controller-vtep debian package
Having a separate debian package for deploying
the ovn-controller-vtep binary enables the ability
to assign specific nodes the role of communicating
with VTEP enabled TORs.
Change-Id: Ia36aea7d89bd011a57918820b2a9f6e3469b3e04 Signed-off-by: Ryan Moats <rmoats@us.ibm.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ryan Moats [Thu, 28 Jul 2016 18:10:16 +0000 (18:10 +0000)]
ovn-controller: Clean up cases that lead to duplicate OF flows.
In physical_run, there are multiple places where OF flows can be
produced each cycle. Because the desired flow table may not have
been completely cleared first, remove flows created during previous
runs before creating new flows. This avoid collisions.
Signed-off-by: Ryan Moats <rmoats@us.ibm.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
route-table: flush addresses list when route table is reset
When the route table is reset, the addresses list may be out of date, as we race
for the many netlink socket notifications.
A quick fix for this is flushing the addresses list, before dumping the routes
and gathering source addresses for them.
That way, instead of using invalid source addresses or preventing an entry to be
added because of missing source addresses, repeated tests showed the correct
entry is always added.
As route-table.c is only built for Linux, we don't need to be concerned that
Windows does not have netdev_get_addrs_list_flush, since it uses
route-table-stub.c instead.
Fixes: a8704b502785 ("tunneling: Handle multiple ip address for given device.") Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
doc: Update INSTALL.Docker.md to reflect it's focus on OVN
While reading this document, the title stood out to me as not
accurate. The title indicates it will discuss how to use
Open vSwitch with Docker, but in reality, it's about using
Open Virtual Networking with Docker.
This change updates the title, as well as the opening paragraphs
to more accurately reflect what the document is talking about.
From the connection tracker perspective, an ICMP connection is a tuple
identified by source ip address, destination ip address and ICMP id.
While this allows basic ICMP traffic (pings) to work, it doesn't take
into account the icmp type: the connection tracker will allow
requests/replies in any directions.
This is improved by making the ICMP type and code part of the connection
tuple. An ICMP echo request packet from A to B, will create a
connection that matches ICMP echo request from A to B and ICMP echo
replies from B to A. The same is done for timestamp and info
request/replies, and for ICMPv6.
A new modules conntrack-icmp is implemented, to allow only "request"
types to create new connections.
Also, since they're tracked in both userspace and kernel
implementations, ICMP type and code are always printed in ct-dpif (a few
testcase are updated as a consequence).
Reported-by: Subramani Paramasivam <subramani.paramasivam@wipro.com> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Acked-by: Joe Stringer <joe@ovn.org>
This commit implements the OVS_ACTION_ATTR_CT action in dpif-netdev.
To allow ofproto-dpif to detect the conntrack feature, flow_put will not
discard anymore flows with ct_* fields set. We still shouldn't allow
flows with NAT bits set, since there is no support for NAT.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Acked-by: Flavio Leitner <fbl@sysclose.org> Acked-by: Antonio Fischetti <antonio.fischetti@intel.com>
This introduces a very limited but simple benchmark for
conntrack_execute(). It just sends repeatedly the same batch of packets
through the connection tracker and returns the time spent to process
them.
While this is not a realistic benchmark, it has proven useful during
development to evaluate different batching and locking strategies.
This commit adds a thread that periodically removes expired connections.
The expiration time of a connection can be expressed by:
expiration = now + timeout
For each possible 'timeout' value (there aren't many) we keep a list.
When the expiration is updated, we move the connection to the back of the
corresponding 'timeout' list. This ways, the list is always ordered by
'expiration'.
When the cleanup thread iterates through the lists for expired
connections, it can stop at the first non expired connection.
Suggested-by: Joe Stringer <joe@ovn.org> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Acked-by: Joe Stringer <joe@ovn.org>
It is a connection tracker that resides entirely in userspace. Its
primary user will be the dpif-netdev datapath.
The module main goal is to provide conntrack_execute(), which offers a
convenient interface to implement the datapath ct() action.
The conntrack module uses two submodules to deal with the l4 protocol
details (conntrack-other for UDP and ICMP, conntrack-tcp for TCP).
The conntrack-tcp submodule implementation is adapted from FreeBSD's pf
subsystem, therefore it's BSD licensed. It has been slightly altered to
match the OVS coding style and to allow the pickup of already
established connections.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Acked-by: Antonio Fischetti <antonio.fischetti@intel.com> Acked-by: Joe Stringer <joe@ovn.org>
Linux and FreeBSD have slightly different names for these constants.
Windows doesn't define them. It is simpler to redefine them from
scratch for OVS. The new names are different than those used in Linux
and FreeBSD.
These definitions will be used by a future commit.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Acked-by: Joe Stringer <joe@ovn.org> Acked-by: Flavio Leitner <fbl@sysclose.org> Acked-by: Ryan Moats <rmoats@us.ibm.com>
projects / mirror_ovs.git / log