xenserver: Correct location of xen-bugtool plugins.
xen-bugtool plugins were stored in "/etc/xensource/bugtool/bugtool-plugins/*",
but xen-bugtool will not traverse deeper than "/etc/xensource/bugtool/*".
This commit corrects the location and makes our plugins run.
signed-off-by: Justin Pettit <jpettit@nicira.com>
acked-by: Ben Pfaff <blp@nicira.com>
in-band: Classifier rules should use OpenFlow ports.
The in-band rules want to allow traffic to and from the local port
but the rule to be inserted in the classifier table for DHCP traffic
used the datapath constant for local traffic instead of the OpenFlow
one.
make_packet_out() operates solely at the OpenFlow layer, so it
should never receive OVSP_LOCAL as an in_port. This function is
used only by the learning switch, which will never generate
a packet with OVSP_LOCAL so this fixes not a bug but a violation
of semantics.
datapath-protocol.h is increasingly a Linux-specific header so its
usage should be restricted from generic code. Nothing in flow.c
uses it, so drop it to avoid layer violations.
Ben Pfaff [Thu, 29 Sep 2011 16:49:37 +0000 (09:49 -0700)]
datapath: Avoid use-after-free error in dp_device_event().
Commit f14d80834 "datapath: genl_notify() on port disappearances" frees the
vport before passing it to ovs_vport_cmd_build_info(), which reads the
freed data.
Without this commit, the following commands consistently trigger a kernel
BUG report on my test VM (which has slab debugging enabled) on 3 attempts:
tunctl
ovs-vsctl add-port br0 tap0
tunctl -d tap0
With this commit, I consistently don't see the BUG, on a few hundred tries
in a tight loop.
The interesting log information is:
device tap0 entered promiscuous mode
device tap0 left promiscuous mode
BUG: unable to handle kernel paging request at 6b6b6ba7
IP: [<c88269ed>] get_vport_protected+0x8/0x52 [openvswitch_mod]
*pde = 00000000
Oops: 0000 [#1] SMP
last sysfs file: /sys/devices/pci0000:00/0000:00:04.0/net/eth1/carrier
Modules linked in: brcompat_mod openvswitch_mod
Ben Pfaff [Wed, 28 Sep 2011 16:36:13 +0000 (09:36 -0700)]
bridge: Clear out all Interface fields when an interface cannot be created.
When an Interface record is invalid (for example, when the interface that
it specifies does not exist and cannot be created), ovs-vswitchd would
leave any pre-existing data in its columns, except that it would set the
ofport column to -1 to indicate the error. This was sometimes confusing
because, for example, the lacp_current field could still be set to "true"
if LACP has previously been active and up-to-date.
This commit changes ovs-vswitchd to reset all such data to its default
values when an interface is invalid.
Bug #7450. Reported-by: Duffie Cooley <dcooley@nicira.com>
Bug #7491. Reported-by: Ethan Jackson <ethan@nicira.com>
Release Notes #7500. Reported-by: Keith Amidon <keith@nicira.com>
Ben Pfaff [Thu, 29 Sep 2011 06:07:11 +0000 (23:07 -0700)]
ovs.daemon: Fix semantics of --pidfile option.
The --pidfile option is supposed to work like this:
* Without --pidfile, you don't get a pidfile.
* With --pidfile, you get the default pidfile.
* With --pidfile=FILE, you get FILE as your pidfile.
However, it actually worked like this:
* Without --pidfile, you got the default pidfile.
* With --pidfile, you got no pidfile at all.
* With --pidfile=FILE, you got FILE as your pidfile.
This is because of the semantics of "default" in argparse. It is
documented as:
The default keyword argument of add_argument(), whose value defaults to
None, specifies what value should be used if the command-line argument
is not present. For optional arguments, the default value is used when
the option string was not present at the command line.
We actually want "const", which is documented under the description of
nargs="?" as:
If no command-line argument is present, the value from default will be
produced. Note that for optional arguments, there is an additional
case - the option string is present but not followed by a command-line
argument. In this case the value from const will be produced.
If the routing table is destroyed and re-created then it will
trigger another assertion because route_notifier is not NULL,
even though it has already been freed.
Following patch adds sampling action which takes probability and set
of actions as arguments. When probability is hit, actions are executed for
given packet.
USERSPACE action's userdata (u64) is used to store struct
user_action_cookie as cookie. CONTROLLER action is fixed accordingly.
Now we can remove sFlow code from kernel and implement sFlow generically
as SAMPLE action. sFlow is defined as SAMPLE Action with probability (sFlow
sampling rate) and USERSPACE action as argument. USERSPACE action's data
is used as cookie. sFlow uses this cookie to store output-port, number of
output ports and vlan-id. sample-pool is calculated by using vport
stats.
route-table: Close netlink notifier before closing nln.
Commit 2ee6545f2bff7eb27e8c84965e3ff38dfa909bf6 "notifiers: Create
and destroy nln_notifiers." requires callers to explicitly create
and destroy netlink notifiers but route-table only did the creation
part. This causes an assertion failure any time the netdev for a
vport is destroyed (for example ovs-dpctl show when there is a
tunnel port).
Ethan Jackson [Wed, 21 Sep 2011 22:43:27 +0000 (15:43 -0700)]
python: Create new vlog module.
Currently, each python daemon has to come up with it's own logging
solution. These logging strategies are not consistent across the
python code or with the C vlog module. This patch adds a new
logging module which hopes to solve the problem. This new module
generates log messages in a manner consistent with the C code.
Furthermore, it can easily be extended to support things like rate
limiters in the future.
This patch does not update any python code to use the new module.
Ethan Jackson [Thu, 22 Sep 2011 19:05:18 +0000 (12:05 -0700)]
python: Backport argparse to older platforms.
Argparse has some convenient advantages over optparse including the
ability to handle optional arguments to flags. It also supports
parsing arguments as well as options.
This patch copies argparse.py from Python 2.7 into a newly created
compat directory. It made some very minor syntactic updates in the
process. Platforms which have a Python version too old to include
argparse by default will have this compat version installed as a
workaround.
Ben Pfaff [Mon, 26 Sep 2011 20:15:54 +0000 (13:15 -0700)]
ofproto-dpif: Get rid of OFP_VLAN_NONE pollution.
OFP_VLAN_NONE used to be convenient as a value for struct dst's 'vlan'
member, because it ended up being used in actions anyway, but now it's
much better to just use 0.
Ben Pfaff [Sat, 24 Sep 2011 00:11:49 +0000 (17:11 -0700)]
ofproto-dpif: Fix VLAN and other field handling in OFPP_NORMAL.
compose_actions(), which is part of the OFPP_NORMAL implementation, had
multiple flaws that this commit corrects.
First, it did not commit changes made to the flow by actions preceding
the output to OFPP_NORMAL. This means that, for example, if an OpenFlow
action to modify an L2 or L3 header preceded the output to OFPP_NORMAL,
then OFPP_NORMAL would output its packets without those changes.
Second, it did not update the action_xlate_ctx's notion of the VLAN that
was currently set, in the cases where it modified the current VLAN. This
means that actions following the output to OFPP_NORMAL could output to
unexpected VLANs.
Third, when it switched to VLAN 0, it unconditionally also stripped the
whole 802.1Q header, so that if the packet originally was priority tagged,
the output packet was not priority tagged. This is reasonable behavior,
but it is a change in behavior from what previous releases of OVS did, so
this commit reverts it.
Based on a patch from and a conversation with Pravin Shelar
<pshelar@nicira.com>.
Ethan Jackson [Sat, 24 Sep 2011 06:43:12 +0000 (23:43 -0700)]
python: Style cleanup.
This patch does minor style cleanups to the code in the python and
tests directory. There's other code floating around that could use
similar treatment, but updating it is not convenient at the moment.
ovs-bugtool: Use RUNDIR macro for ovs-appctl target.
Correct the target path used by ovs-appctl. The previous value was
hard-coded to "/var/run", but the common path is actually
"/var/run/openvswitch". However, it's better to use RUNDIR, since the
default location is build-time configurable.
dpif-linux: Prevent a single port from monopolizing upcalls.
Currently it is possible for a client on a single port to generate
a huge number of packets that miss in the kernel flow table and
monopolize the userspace/kernel communication path. This
effectively DoS's the machine because no new flow setups can take
place. This adds some additional fairness by separating each upcall
type for each object in the datapath onto a separate socket, each
with its own queue. Userspace then reads round-robin from each
socket so other flow setups can still succeed.
Since the number of objects can potentially be large, we don't always
have a unique socket for each. Instead, we create 16 sockets and
spread the load around them in a round robin fashion. It's theoretically
possible to do better than this with some kind of active load balancing
scheme but this seems like a good place to start.
netlink: Expose version of nl_attr_find for key and len.
Many of our functions pass around a pointer to Netlink attributes
and a length. This exposes the version of nl_attr_find that takes
that format so it can be used by callers outside the Netlink library.
poll-loop: Enable checking whether a FD caused a wakeup.
Each time we run through the poll loop, we check all file descriptors
that we were waiting on to see if there is data available. However,
this requires a system call and poll already provides information on
which FDs caused the wakeup so it is inefficient as the number of
active FDs grows. This provides a way to check whether a given FD
has data.
ofproto-dpif: Flush flows before dpif_recv_set_mask().
Now that upcalls from the kernel use unicast sockets, we need to
tell the kernel where to send them explicitly. This means that
when the switch is restarted it's necessary to take control of any
existing objects, which is done when the dpif listen mask becomes
non-zero. Since we're going to blow away the flows anyways, we
might as well do it before going through the trouble of updating
all of them.
datapath: Use unicast Netlink sockets for upcalls.
Currently we publish several multicast groups for upcalls and let
userspace sockets subscribe to them. The benefit of this is mostly
that userspace is the one doing the subscription - the actual
multicast capability is not currently used and probably wouldn't be
even if we moved to a multiprocess model. Despite the convenience,
multicast sockets have a number of disadvantages, primarily that
we only have a limited number of them so there could be collisions.
In addition, unicast sockets give additional flexibility to userspace
by allowing every object to potentially have a different socket
chosen by userspace for upcalls. Finally, any future optimizations
for upcalls to reduce copying will likely not be compatible with
multicast anyways so disallowing it potentially simplifies things.
We also never unregistered the multicast groups registered for upcalls
and leaked them on module unload. As a side effect, this solves that
problem.
Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
netlink: Expose method to get Netlink pid of a socket.
In the future, the kernel will use unicast messages instead of
multicast to send upcalls. As a result, we need to be able to
tell it where to direct the traffic. This adds a function to expose
the Netlink pid of a socket so it can be included in messages to the
kernel.
Ben Pfaff [Wed, 21 Sep 2011 17:43:03 +0000 (10:43 -0700)]
python: Implement write support in Python IDL for OVSDB.
Until now, the Python bindings for OVSDB have not supported writing to the
database. Instead, writes had to be done with "ovs-vsctl" subprocesses.
This commit adds write support and brings the Python bindings in line with
the C bindings.
This commit deletes the Python-specific IDL tests in favor of using the
same tests as the C version of the IDL, which now pass with both
implementations.
This commit updates the two users of the Python IDL to use the new write
support. I tested this updates only by writing unit tests for them,
which appear in upcoming commits.
Ben Pfaff [Tue, 20 Sep 2011 18:24:44 +0000 (11:24 -0700)]
ovs.db.types: Add table reference to ovs.db.types.BaseType.
Until now ovs.db.types.BaseType has kept track of the name of the
referenced table but not a reference to it. This commit renames the
ref_table attribute to ref_table_name and adds a new ref_table attribute
whose value is a reference to the named table.
This will be useful in an upcoming commit where table references are
actually followed.
Ben Pfaff [Fri, 16 Sep 2011 00:17:36 +0000 (17:17 -0700)]
python: Accept multiple forms of strings and lists when parsing JSON.
The JSON parser in OVS always yields unicode strings and lists, never
non-unicode strings or tuples, but it's easy to create them when building
JSON elsewhere, so accept both forms.
Ben Pfaff [Thu, 22 Sep 2011 18:54:22 +0000 (11:54 -0700)]
netdev-linux: Fix broken build on RHEL 6.
Commit 00fa9d37c2b "Do not include net/ethernet.h and linux/if_tunnel.h"
introduced a compile error on RHEL 6:
lib/netdev-linux.c: In function 'netdev_linux_listen':
lib/netdev-linux.c:734: error: 'ETH_P_ALL' undeclared (first use in this
function)
This fixes the problem.
I verified that the Android NDK r6b mentioned in the previous commit
contains a file named android-ndk-r6b/platforms/android-3/arch-x86/use/
linux/if_ether.h that defines ETH_P_ALL. I didn't try building on that
platform.
Ben Pfaff [Thu, 22 Sep 2011 18:36:39 +0000 (11:36 -0700)]
netlink-socket: Async notifications are incompatible with other operations.
A Netlink socket that receives asynchronous notifications (e.g. from a
multicast group) cannot be used for transactions or dumps, because those
operations would discard asynchronous messages that arrive while waiting
for replies.
This commit documents this issue in a comment on nl_sock_join_mcgroup().
It also removes an internal attempt to avoid mixing multicast reception
with other operations. The attempt was incomplete, because it only
handled dumps even though ordinary transactions are also problematic. It
seems better to remove it than to fix it because, first, all of the
existing users in OVS already separate multicast reception from other
operations and, second, an upcoming commit will start using unicast
Netlink for asynchronous notifications, which has the same issues but
doesn't use nl_sock_join_mcgroup().
Ben Pfaff [Wed, 21 Sep 2011 21:56:55 +0000 (14:56 -0700)]
ovs-xapi-sync: Make pychecker-able.
pychecker imports the code that it checks, which means that code at top
level runs, so "ovs-xapi-sync" failed to import unless the user had write
access to /var/log/openvswitch.
Simon Horman [Thu, 22 Sep 2011 12:24:14 +0000 (21:24 +0900)]
Remove netdev_find_dev_by_in4
netdev_find_dev_by_in4() appears to no longer be used and thus
can be removed. This also allows netdev_enumerate(), the
enumerate member of struct netdev_class and netdev_linux_enumerate()
to be removed.
I noticed this as netdev_linux_enumerate() makes use of if_nameindex()
and if_freenameindex() which are not available when compiling using
the Android NDK r6b (Android API level 13).
datapath: IFF_BRIDGE_PORT is backported by Centos 5.6.
Some versions of Centos 5.6 backport the flag IFF_BRIDGE_PORT
without the associated rx_handler changes, so this changes to
use a version check since we really don't care about the actual
symbol.
datapath: Send to userspace errors shouldn't halt processing.
If we encounter an error when sending a packet to userspace due to
an explicit action we stop processing further actions. This makes
sense for things like push vlan, where to continue means outputting
an incorrect packet. However, sending to userspace is more akin
to outputting to a port, which does not halt further processing.
For consistency, ignore errors in this case as well.
Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
datapath: Correctly validate vport attributes on old kernels.
The vport policy for OVS_VPORT_ATTR_PORT_NO and OVS_VPORT_ATTR_TYPE
are present only in the section for newer kernels. This means that
on older kernels the length of these attributes are never checked
anywhere but we go ahead and read from them anyways.
Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
We never allow shared skbs to be present inside of the OVS datapath
but the presence of a check in the core makes this less clear. Since
the check is very old and no longer relevant, drop it.
Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
datapath: Fully initialize datapath before local port.
It's possible to start receiving packets on a datapath as soon as
the internal device is created. It's therefore important that the
datapath be fully initialized before this, which it currently isn't.
In particular, the fact that dp->stats_percpu is not yet set is
potentially fatal. In addition, if allocation of the Netlink response
failed it would leak the percpu memory. This fixes both problems.
Found by code inspection, in practice the datapath is probably always
done initializing before someone can send a packet on it.
Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
datapath: Correctly set error code in queue_userspace_packets().
In a few places in queue_userspace_packets() when we encounter an
error, we don't actually set the 'err' variable. Although we
free the packets we don't correctly account for these packets as
being lost.
Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
datapath-protocol: vport_stats types are unsigned.
The 'u' in uint64_t apparently got clipped off of the tx_dropped
member of struct vport_stats in between review and push, incorrectly
making this a signed type.