Lorand Jakab [Mon, 27 May 2013 11:54:54 +0000 (04:54 -0700)]
LISP: update documentation for "null" ports
Since commit 0ad90c8 it is possible to set tunnel destination IP address
in the flow. This allows creating a LISP "map-cache" in the flow table.
Update the LISP documentation to reflect these possibilities.
Signed-off-by: Lorand Jakab <lojakab@cisco.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Thu, 23 May 2013 23:07:43 +0000 (16:07 -0700)]
OPENFLOW-1.1+: OFPCML_NO_BUFFER is effectively already implemented.
OpenFlow 1.2 and later define a value of 65535 (OFPCML_NO_BUFFER) for
the max_len field in an output action to mean that the switch should send
the entire packet without buffering it. Open vSwitch never buffers packets
sent via an output action, so it trivially satisfies this requirement.
ovs-xapi-sync: Handle exceptions from XAPI for get_single_bridge_id.
There are possibilities when records disappear underneath ovs-xapi-sync.
In this particular case, when VLAN network was deleted, the corresponding
record in bridge's external_ids:xs_network_ids column was not deleted by
xenserver. In situations like that handle the exceptions cleanly.
Simon Horman [Wed, 22 May 2013 07:08:06 +0000 (16:08 +0900)]
dpif-netdev: Move decoding of data out of dp_netdev_output_userspace()
This is in preparation for making dp_netdev_action_userspace()
more generic and passing dp_netdev_output_userspace() as a callback.
In this case it makes sense to decode userdata in generic code.
Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
YAMAMOTO Takashi [Tue, 21 May 2013 08:49:55 +0000 (17:49 +0900)]
keep "kernel name" for each netdev
where interface renaming is not supported (NetBSD), remember both of
our netdev name and the correspoinding kernel name separately.
the latter is necessary to talk with kernel using interface names.
eg. ifioctls, bpf
XXX there should be a proper way to query kernel name.
Ben Pfaff suggested ovs-appctl but this patch doesn't implement it. (yet)
Signed-off-by: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp> Signed-off-by: Ben Pfaff <blp@nicira.com>
Ethan Jackson [Wed, 15 May 2013 21:31:06 +0000 (14:31 -0700)]
cfm: Implement "demand mode".
The new CFM "demand mode" (named after BFD's demand mode) uses
data traffic to indicate interface liveness. It's helpful on
heavily congested networks where CCMs may be dropped.
Ben Pfaff [Tue, 21 May 2013 22:42:44 +0000 (15:42 -0700)]
netdev: New function netdev_ref().
I suspect that this makes it easier to make sure that a netdev stays open
as long as needed in some cases where a module needs access to a netdev
opened by some higher-level module.
CC: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Alex Wang [Mon, 20 May 2013 18:36:05 +0000 (11:36 -0700)]
ofproto/ofproto-dpif.c: Re-implement the ofproto/trace command
Since the use of single datapath, all bridges belonging to the same type of
datapath will use the same (single) datapath. This causes confusion in the
current 'ofproto/trace' command. Especially, when given the unrelated
'bridge' and 'in_port' combination, the current implementation will still
be able to process and give misleading output. Thusly, this patch changes
the 'ofproto/trace' command syntax to formats shown as follow.
Ben Pfaff [Mon, 20 May 2013 19:21:51 +0000 (12:21 -0700)]
ofp-util: Make ofputil_port_from_ofp11() return OFPP_NONE on error.
This makes life easier for a few callers, and it agrees with my usual
preference that a function should fill in its output parameters whether it
succeeds or not.
CC: Jarno Rajahalme <jarno.rajahalme@nsn.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Jarno Rajahalme [Sun, 19 May 2013 12:44:53 +0000 (15:44 +0300)]
meta-flow: Add MFF_IN_PORT_OXM, a 32-bit in_port.
This helps get rid of one special case in nx_pull_raw() and allows
loading of 32-bit values from/to OXM_OF_IN_PORT in NXAST_LEARN actions.
Previously the 16-bit limit acted the same on both NXM_OF_IN_PORT and
OXM_OF_IN_PORT, even though OF1.1+ controllers would expect OXM_OF_IN_PORT
to be 32 bits wide.
Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
ovs-xapi-sync: Handle multiple xs-network-uuids for xs 6.1.
For xenservers with version less than 6.1, interface reconfiguration
happened through interface-reconfigure scripts in this repo. In cases
where there were multiple xs-network-uuids for a single bridge,
interface-reconfigure script would add the network uuid associated
with the non-VLAN network as the first record. ovs-xapi-sync would
just blindly use the first record to create the bridge-id
But it looks like for xenserver 6.1, interface-reconfigure script
is no longer used and xenserver natively writes the xs-network-uuids.
So, in ovs-xapi-sync we no longer can copy the first value in
xs-network-uuids as bridge-id. This commit fetches the PIF record
for each xs-network-uuids and the network that does not have a VLAN
associated with it is copied over to bridge-id.
Ben Pfaff [Sat, 18 May 2013 15:27:20 +0000 (08:27 -0700)]
netdev-dummy: Remove FreeBSD dependency.
There's no particular reason that netdev_dummy_register() has to care about
the particular OS, except that the tests like to use the special Linux-only
tunnel vport types. But that can be done better, I think, by just always
registering them from netdev_dummy_register() and making that function
idempotent, so that calling it twice under Linux has no additional effect.
This commit implements that solution.
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Ed Maste <emaste@freebsd.org>
Simon Horman [Fri, 17 May 2013 05:14:14 +0000 (14:14 +0900)]
Allow hexdump of packet data of PACKET_{IN, OUT} messages
If verbosity parameter of ofp_print_packet_{in,out}() is greater than 2
then when formatting packet data include a hex dump as well as the output
of ofp_packet_to_string(), which is already included if verbosity is
greater than 0.
This feature may be accesed in serveral ways including:
* Including the -m parameter in an invoocation of ovs-ofctl monitor.
* Including a verbosity greater than 2 in an invocation of
ovs-ofctl ofp-print.
This patch includes tests to exercise this feature using ovs-ofctl ofp-print.
The motivation of this is to allow tests to be written that use ovs-ofctl
-m monitor to check packet data which is not output by
ofp_packet_to_string(). Specifically, as the protocol of the inner-packet
is not known by ofp_packet_to_string() it only decodes and stringifies an
MPLS packet up to and including the first MPLS label stack entry. However
it may be useful to create tests which verify the contents of the inner
packet.
One example may be verify the effect of dec_ttl in the following sequence
of actions applied to a packet with a single MPLS label stack entry.
pop_mpls(0x800),dec_ttl,push_mpls(0x8847)
Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
Simon Horman [Fri, 17 May 2013 05:14:13 +0000 (14:14 +0900)]
ofp-print: ofp_packet_to_string() Do not emit extra trailing newline
The string produced by ofp_packet_to_string() includes a trailing
newline, so in the case where packet data is formatted by
ofp_print_packet_out() there is already a newline present.
This patch updates ofp_print_packet_out() so that it does not
add a second newline in this case.
It is not necessary to update the case where there is packet data
to ensure that the result it is terminated by a "\n" as the higher-level
ofp_to_string() function will ensure that the result is "\n" terminated.
The test-suite has be updated to exercise output of packet data by
ofp_packet_to_string()
Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
Alex Wang [Thu, 16 May 2013 21:11:51 +0000 (14:11 -0700)]
netdev: Prevent using reserved names
This commit adds a function to lib/netdev.c to check that the interface name
is not the same as any of the registered vport providers' dpif_port name
(e.g. gre_system) or the datapath's internal port name (e.g. ovs-system).
Bug #15077. Signed-off-by: Alex Wang <alexw@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Jesse Gross [Mon, 13 May 2013 15:27:21 +0000 (08:27 -0700)]
datapath: Check for positive packet length in vport_send().
When sending a packet, a positive length indicates success and a
negative length indicates failure. However, the check for success
looked for non-zero values which catches both of these cases. This
can result in incorrect stats and leak memory on failure.
Ben Pfaff [Fri, 15 Mar 2013 22:54:36 +0000 (15:54 -0700)]
netdev: Get rid of netdev_dev.
The distinction between struct netdev_dev and struct netdev has always
been confusing. Now that previous commits have eliminated all interesting
state from struct netdev, this commit deletes it and renames struct
netdev_dev to take its place. Now the situation makes much more sense and
I won't have to continue making embarrassed explanations in the future.
Ben Pfaff [Fri, 10 May 2013 21:39:19 +0000 (14:39 -0700)]
netdev: Add new "struct netdev_rx" for capturing packets from a netdev.
Separating packet capture from "struct netdev" means that there is no
remaining per-"struct netdev" state, which will allow us to get rid of
"struct netdev_dev" (by renaming it "struct netdev").
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Ethan Jackson <ethan@nicira.com>
Ben Pfaff [Fri, 10 May 2013 15:55:25 +0000 (08:55 -0700)]
netdev: Factor restoring flags into new "struct netdev_saved_flags".
This gets rid of the only per-instance data in "struct netdev", which
will make it possible to merge "struct netdev_dev" into "struct netdev" in
a later commit.
Ed Maste wrote the netdev-bsd changes in this commit.
Signed-off-by: Ben Pfaff <blp@nicira.com> Co-authored-by: Ed Maste <emaste@freebsd.org> Signed-off-by: Ed Maste <emaste@freebsd.org> Tested-by: Ed Maste <emaste@freebsd.org>
Jarno Rajahalme [Thu, 9 May 2013 12:24:16 +0000 (15:24 +0300)]
OpenFlow-level flow-based tunneling support.
Adds tun_src and tun_dst match and set capabilities via new NXM fields
NXM_NX_TUN_IPV4_SRC and NXM_NX_TUN_IPV4_DST. This allows management of
large number of tunnels via the flow tables, without requiring the tunnels
to be pre-configured.
Flow-based tunnels can be configured with options remote_ip=flow and
local_ip=flow. local_ip=flow requires remote_ip=flow. When set, the
tunnel remote IP address and/or local IP address is set from the flow,
instead of the tunnel configuration.
Example:
$ ovs-vsctl add-port br0 gre -- set Interface gre ofport_request=1 type=gre options:remote_ip=flow options:key=flow
$ ovs-ofctl add-flow br0 "in_port=LOCAL actions=set_tunnel:1,set_field:192.168.0.1->tun_dst,output:1"
$ ovs-ofctl add-flow br0 "in_port=1 tun_src=192.168.0.1 tun_id=1 actions=LOCAL"
Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Simon Horman [Fri, 10 May 2013 02:00:06 +0000 (11:00 +0900)]
Use updated dl_type when checking actions that use fields
Update handling of the following actions to use the dl_type set by MPLS
push and pop actions if it differs from the original dl_type. This is
consistent with the existing checking of load actions and allows
their existing checks to enforce dl_type pre-requisites correctly.
In order to avoid the verbosity of updating the flow for each applicable
action the update is treated as a common case and performed in
ofpact_check(). This was suggested by Jesse Gross.
IPv6 fragmented packet (except first fragment) will not be handled
correctly. When extracting packet at parse_ipv6(), although nw_frag
should have both of FLOW_NW_FRAG_ANY and FLOW_NW_FRAG_LATER for
later fragment, only FLOW_NW_FRAG_LATER is set.
Ethan Jackson [Thu, 2 May 2013 22:39:06 +0000 (15:39 -0700)]
ofproto-dpif: Update 'facet->rule' stats in facet_push_stats().
Before this patch, stats for 'facet->rule' were handled differently
than stats which 'facet' resubmitted into. The former were
maintained in 'facet' until it was destroyed, while the latter were
pushed regularly in facet_push_stats().
This inconsistent behavior was not only confusing, it was often
incorrect. In some circumstances, if a facet changed rules, it
could carry the statistics from the entirety of its lifetime from
the old rule to the new one. This patch remedies the issue by
handling all rule stats in facet_push_stats().
Reported-by: Tmusic <Tmusic987@gmail.com> Signed-off-by: Ethan Jackson <ethan@nicira.com>
Ethan Jackson [Wed, 8 May 2013 22:21:24 +0000 (15:21 -0700)]
ofproto-dpif: Simplify send_packet().
Before this patch, send_packet() manually constructed the required
datapath output actions. This worked fine when these actions were
simple, however as outputting to tunnels and patch ports became
more complex, this required quite a bit of complex duplicated code.
This patch solves the problem by running through the standard
xlate_actions() code path instead.
Ben Pfaff [Wed, 8 May 2013 20:21:11 +0000 (13:21 -0700)]
tunnel: Make tnl_port_receive() parameter 'const'.
This function no longer has much need to modify its argument, because the
caller can now easily do the modification itself, so this commit makes
that change.
Ben Pfaff [Wed, 8 May 2013 20:18:12 +0000 (13:18 -0700)]
ofproto-dpif: Make ofport_dpif_cast() internally consistent.
This function's assertion would dereference a null pointer given a null
'ofport' argument, but its return statement checked for a null pointer
argument. This commit fixes the inconsistency in favor of supporting
null pointer arguments. (I discovered this problem while writing a piece
of code that wanted support for a null pointer argument, otherwise I would
resolve the inconsistency in the other direction.)
Jarno Rajahalme [Mon, 6 May 2013 11:56:17 +0000 (14:56 +0300)]
ofproto-dpif: Remove initial_vals.tunnel_ip_tos.
As tunnel metadata is no longer cleared on input, and the input
values are retained in 'ctx->flow' accross tunnel output actions,
there is no need to store the tunnel.ip_tos to initial_vals.
Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Thu, 2 May 2013 23:16:06 +0000 (16:16 -0700)]
Always check return value of strftime().
strftime() returns 0 and leaves the contents of the output buffer
unspecified if the output buffer is not big enough. Thus, one should
check strftime()'s return value. Until now, OVS has had a few invocations
of strftime() that did not check the return value. This commit fixes
those. I believe that the buffers were always large enough in each case,
but it's better to be safe.
Reported-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Simon Horman [Wed, 8 May 2013 01:50:15 +0000 (10:50 +0900)]
Do not perform validation in learn_parse();
I believe this is consistent with the handling of all other action
parsing called from parse_named_action().
Verification of all actions, including learn actions, occurs separately
in ofpact_check__(). It also occurs via in a call to ofpacts_check()
in parse_ofp_str(),
This patch is larger than might otherwise be expected as the flow argument
of learn_parse() is now unused and thus removed. This propagates up the
call-chain some way.
This implementation was suggested by Jesse Gross in response to an
enhancement I made to the validation performed during parsing learn actions
to allow it to correctly account for changes to the dl_type due to MPLS
push and pop actions.
Tests have also been updated to check for the less specific messages
generated by the call to ofpacts_check() in parse_ofp_str() which at the
suggestion of Ben Pfaff was added by a prior patch for this purpose.
Cc: Jesse Gross <jesse@nicira.com> Cc: Ben Pfaff <blp@nicira.com> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
Simon Horman [Wed, 8 May 2013 01:50:14 +0000 (10:50 +0900)]
Check actions prerequisites in parse_ofp_str()
Add a call to ofpacts_check() in parse_ofp_str() to check pre-requisites.
This is in preparation for removing special-case pre-requisite checking
of learn actions which is useful for the test-suite.
This patch also fixes two tests which this change revealed to be incorrect.
1. Open Flow 1.0 action which sets NXM_NX_IPV6_SRC
without any pre-requisites
This is not valid because there should be an IPv6 pre-requisite.
This portion of the test has been removed as IPv6 pre-requisites are
only valid when using OXM or NXM, however the test appears
to be a (non-NXM) Open Flow 1.0 test.
It has been replaced with a similar test of an action
that sets the IPv4 source address.
2. Open Flow 1.2 action which sets NXM_NX_IPV6_SRC
without any pre-requisites.
This is not valid because there should be an IPv6 pre-requisite.
This test has been corrected by adding IPv6 as a pre-requisite,
which is valid for Open Flow 1.2 as it uses OXM.
Use of ofpacts_check() in parse_ofp_str() suggested by Ben Pfaff.
Cc: Ben Pfaff <blp@nicira.com> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Wed, 8 May 2013 17:20:10 +0000 (10:20 -0700)]
ovs-pki: Reduce CA certificate validity to 10 years to fix 32-bit OpenSSL.
Before I applied this commit, when I generated CA certificate with OpenSSL
0.9.8o on my 32-bit Debian system, I got a certificate that expired
sometime in 1977. This made all SSL-based tests fail with an invalid
certificate.
32-bit time_t only extends to 2038, so this must be a bug in OpenSSL.
This commit works around the problem by reducing the validity period of
certificates to 10 years.
CC: Gurucharan Shetty <gshetty@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Mon, 6 May 2013 22:38:36 +0000 (15:38 -0700)]
meta-flow: Make 'in_port' field writable.
OpenFlow says that an "output" action to a flow's input port is ordinarily
dropped, unless the flow explicitly outputs to OFPP_IN_PORT. We've
occasionally been asked to implement some way to avoid this behavior in
cases where it is not easily known in advance whether a given port is the
input port (so that OFPP_IN_PORT is not easy to use).
This commit implements such a feature. With this commit, one may write:
actions=load:0->NXM_OF_IN_PORT[],output:123
which will output to port 123 regardless of whether it is the input port.
If the input port is important, then one may save and restore it on the
stack:
actions=push:NXM_OF_IN_PORT[],load:0->NXM_OF_IN_PORT[],output:123,
pop:NXM_OF_IN_PORT[]
(Sometimes I am asked whether "resubmit" changes the in_port and would
therefore interact badly with this feature. It does not. "resubmit" only
(optionally) changes the in_port used for the resubmit's flow table lookup.
It does not otherwise have any effect on in_port.)
Ben Pfaff [Sat, 4 May 2013 00:14:19 +0000 (17:14 -0700)]
ofproto-dpif: Avoid figuring out sFlow and IPFIX actions twice.
Not only is it easier to re-use the actions we already have, this avoids
potential problems due to the state that add_sflow_action() and
add_ipfix_action() look at having possibly been changed by
do_xlate_actions(). Currently those functions appear to look only at
the flow's 'in_port', which currently can't change. However, an upcoming
commit will make it possible for actions to change the flow's 'in_port',
and in addition, with this change, one doesn't have to wonder whether these
functions might look at other state that translation might change.
Traditionally, Open vSwitch has used a variant of 802.1ag "CFM" for
interface liveness detection. This has served us well until now,
but has several serious drawbacks which have steadily become more
inconvenient. First, the 802.1ag standard does not implement
several useful features forcing us to (optionally) break
compatibility. Second, 802.1.ag is not particularly popular
outside of carrier grade networking equipment. Third, 802.1ag is
simply quite awkward.
In an effort to solve the aforementioned problems, this patch
implements BFD which is ubiquitous, well designed, straight
forward, and implements required features in a standard way. The
initial cut of the protocol focuses on getting the basics of the
specification correct, leaving performance optimizations, and
advanced features as future work. The protocol should be
considered experimental pending future testing.
Commit 66980be9 (ovsdb-client: Avoid assertion with multiple databases.)
passed in a pointer to an svec pointer, when it should have just been an
svec pointer. This corrects the bug.
Justin Pettit [Mon, 6 May 2013 19:43:48 +0000 (12:43 -0700)]
ovsdb-client: Avoid assertion with multiple databases.
When using ovsdb-client with an ovsdb-server with multiple databases, an
assertion could trigger due to them being returned in non-sorted order.
This commit changes the fetch_dbs() function to always return databases
in sorted order, since both callers are expecting that behavior.
Ben Pfaff [Mon, 6 May 2013 22:41:29 +0000 (15:41 -0700)]
Allow master to build on Fedora with the recent threading changes
The recent threading changes have broken the build on Fedora,
and presumably other Red Hat based distributions. This adds an explicit
"-lpthread" to the linker command line and allows the latest master to build
on Fedora. I've also tested this on Ubuntu and it builds fine there.
Signed-off-by: Kyle Mestery <kmestery@cisco.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Ed Maste <emaste@freebsd.org>
Pravin B Shelar [Mon, 6 May 2013 17:34:19 +0000 (10:34 -0700)]
datapath: Kill VPORT_F_TUN_ID vport flag.
VPORT_F_TUN_ID is last remaining flag, once we remove it, flags
field from vport-ops can be removed. Since it does not complicate
much code, we decided to remove this flag.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
Pravin B Shelar [Mon, 6 May 2013 17:29:08 +0000 (10:29 -0700)]
tunneling: Remove struct tnl_vport and tnl_ops.
After flow based tunneling, kernel tunneling is greatly simplified.
There is no need to have extra tunneling layer between vport and
particular protocol.
Following patch removes tunneling struct which make code easy to read.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
Ben Pfaff [Wed, 24 Oct 2012 16:47:44 +0000 (09:47 -0700)]
rconn: Discard messages received on monitor connections.
Otherwise, if a monitor connection happens to be talking to a (misguided?)
peer that sends it messages, such as replies to what the peer perceives as
echo requests meant for it, then the peer will eventually hang trying to
send data because the monitor connection never sinks it.
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Ethan Jackson <ethan@nicira.com>
Ed Maste [Fri, 3 May 2013 20:31:02 +0000 (16:31 -0400)]
socket-util: restore building on FreeBSD.
FreeBSD does not have EAI_ADDRFAMILY or EAI_NODATA and thus failed to build
after commit 3cbb5dc7e89df2b40bb6f715873cf2b6b25a7054 "socket-util: Use
getaddrinfo() instead of gethostbyname() for thread safety."
Signed-off-by: Ed Maste <emaste@freebsd.org> Signed-off-by: Ben Pfaff <blp@nicira.com>