Ben Pfaff [Thu, 6 Oct 2016 22:31:07 +0000 (15:31 -0700)]
expr: Better simplify some special cases of expressions.
It's pretty unlikely that a human would write expressions like these, but
they can come up in machine-generated expressions and it seems best to
simplify them in an efficient way.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Andy Zhou <azhou@ovn.org>
Ben Pfaff [Fri, 7 Oct 2016 01:08:30 +0000 (18:08 -0700)]
expr: Fix abort when simplifying "x != 0/0".
The test added by this commit is very specific to the particular problem,
whereas a more general test would be better. A later commit adds the
general test.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Andy Zhou <azhou@ovn.org>
Ben Pfaff [Fri, 7 Oct 2016 00:54:19 +0000 (17:54 -0700)]
expr: Simplify "x == 0/0" into 1.
An expression like "x == 0/0" does not test any actual bits in field x,
so it resolves to true, but expr_simplify() was not smart enough to see
this.
This goes beyond an optimization, to become a bug fix, because
expr_normalize() will assert-fail for expressions that become trivial
when this simplification is omitted. For example:
The test added by this commit is very specific to the particular problem,
whereas a more general test would be better. A later commit adds the
general test.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Andy Zhou <azhou@ovn.org>
Ben Pfaff [Wed, 21 Sep 2016 03:33:50 +0000 (20:33 -0700)]
ovn: Remove weird or unneeded keywords from tests.
AT_KEYWORDS are mostly there to make it easier to find the tests you're
looking for. One might, for example, mark tests as "positive" or
"negative" so you can select the tests you want to run on that basis.
They're also useful for cases where Autotest just isn't good at splitting
words: for example, Autotest includes punctuation so that a test name
that has a word followed by a comma or colon won't be selected using a
keyword that lacks the comma or the colon.
But a lot of OVN tests had keywords that just didn't seem helpful in one
of these ways. For example, it's hard to guess why running together
words into a longer word would help someone select a test, and it's not
helpful at all to repeat one of the words in the test name, since those
words are keywords by default anyway.
Therefore, this commit removes the keywords that don't seem helpful.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Gurucharan Shetty <guru@ovn.org>
Ben Pfaff [Sat, 1 Oct 2016 00:56:54 +0000 (17:56 -0700)]
ovn: Fix some races in ovn-controller-vtep tests.
This fixes a few races for port bindings appearing and being bound to
a chassis. The ones changed to use "ovn-sbctl wait-until" were previously
only waiting until a Port_Binding record appeared (created by ovn-northd),
but not until the Port_Binding record's 'chassis' column was set (by
ovn-controller).
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Gurucharan Shetty <guru@ovn.org>
ovn-northd: support IPAM with externally specified MAC
The current IPAM implementation allocates both a MAC address and
an IPv4 address when dynamic address allocation is requested. This
patch adds the ability to specify a fixed MAC address for use with
dynamic IPv4 address allocation.
Ryan Moats [Thu, 6 Oct 2016 01:55:03 +0000 (20:55 -0500)]
ovn-controller: honor ovs_idl_txn when calculating and installing flows.
ovs_idl_txn is checked before various routines (like patch_run) execute.
However, flow calculation and installation does not also check this
variable, which can lead to oscillations as described in [1].
The command "ovn-nbctl lrp-add" should not set the MAC address
which length is invalid to logical router port. This patch
updates the eth_addr_from_string() to check trailing characters.
We should use the ovs_scan() to check the "addresses" owned by
the logical port, instead of eth_addr_from_string(). This patch
also updates the ovn-nbctl tests.
Signed-off-by: nickcooper-zhangtonghao <nickcooper-zhangtonghao@opencloud.tech> Signed-off-by: Ben Pfaff <blp@ovn.org>
Numan Siddique [Wed, 5 Oct 2016 12:20:24 +0000 (17:50 +0530)]
python: Add SSL support to the python ovs client library
SSL support is added to the ovs/stream.py. pyOpenSSL library is used
to support SSL. If this library is not present, then the SSL stream
is not registered with the Stream class.
Signed-off-by: Numan Siddique <nusiddiq@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Jarno Rajahalme [Wed, 5 Oct 2016 01:03:59 +0000 (18:03 -0700)]
ofproto: Always delete rules before deleting a meter.
When deleting a bridge it is currently possible to delete a mater
without deleting the rules using the meter first. Fix this by moving
the meter's rule deletion to meter_delete().
Reported-by: Petr Machata <pertm@mellanox.com> Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
After profiling OVSDB insert performance it was found
that some significant portion of its time OVSDB is
calling the function json_clone.
Also, the current usages of json_clone never modify the json,
just keeps it to prevent it to be freed.
With that in mind the struct json, json_create, json_clone
and json_destroy were modified to keep a count of how many
references of the json struct are left. Only when that count
reaches zero the json struct is freed.
The old "json_clone" function was renamed as "json_deep_clone".
Some examples of the performance difference:
In these tests a test table with 4 columns (string, string,
bool, integer) was used. All the tests used "commit block".
*** 50 process each inserting 1000 rows ***
Master OVS
Test Duration 131 seconds
Average Inserts Per second 746.2687 inserts/s
Average Insert Duration 134.1382 ms
Minimal Insert Duration 0.166202 ms
Maximum Insert Duration 489.8593 ms
JSON GC Patch
Test Duration 86 seconds
Average Inserts Per second 1176 inserts/s
Average Insert Duration 82.26761 ms
Minimal Insert Duration 0.165448 ms
Maximum Insert Duration 751.2111 ms
*** 5 process each inserting 10000 rows ***
Master OVS
Test Duration 8 seconds
Average Inserts Per second 7142.857 inserts/s
Average Insert Duration 0.656431 ms
Minimal Insert Duration 0.125197 ms
Maximum Insert Duration 11.93203 ms
JSON GC Patch
Test Duration 7 seconds
Average Inserts Per second 8333.333 inserts/s
Average Insert Duration 0.55688 ms
Minimal Insert Duration 0.143233 ms
Maximum Insert Duration 26.26319 ms
Signed-off-by: Esteban Rodriguez Betancourt <estebarb@hpe.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Aaron Conole [Tue, 4 Oct 2016 20:18:10 +0000 (16:18 -0400)]
ovstest: Initialize command mode to RO
When the read-only infrastucture support was added, the test-suite
registration was missed. This causes tools like valgrind to complain
about uninitialized variable usage.
Fixes: 1f4a7252d9e7 ("Add read-only option to ovs-dpctl and...") Cc: Ryan Moats <rmoats@us.ibm.com> Signed-off-by: Aaron Conole <aconole@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Make sure we take the return values into consideration so we can
break early in case of failures. This makes the ovs-ctl helper more
accurate in reporting the real status of its managing processes.
Check and allocate free qdisc queue id for ports with qos parameters
ovn-northd processes the list of Port_Bindings and hashes the list of
queues per chassis. When it finds a port with qos_parameters and without
a queue_id, it allocates a free queue for the chassis that this port belongs.
The queue_id information is stored in the options field of Port_binding table.
Adds an action set_queue to the ingress table 0 of the logical flows
which will be translated to openflow set_queue by ovn-controller
ovn-controller opens the netdev corresponding to the tunnel interface's
status:tunnel_egress_iface value and configures a HTB qdisc on it. Then for
each SB port_binding that has queue_id set, it allocates a queue with the
qos_parameters of that port. It also frees up unused queues.
This patch replaces the older approach of policing
Signed-off-by: Babu Shanmugam <bschanmu@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Eric Garver [Tue, 4 Oct 2016 14:14:46 +0000 (10:14 -0400)]
netdev-linux: double tagged packets should use 0x88a8
We need to check if a packet is double tagged. If so make sure to push
0x88a8 instead of 0x8100. Without this a simple port redirect of 802.1ad
frames means the outer tag gets translated from 0x88a8 to 0x8100 by the
userspace datapath.
This only affected kernels that don't use TP_STATUS_VLAN_TPID_VALID,
which is kernels < 3.14.
Signed-off-by: Eric Garver <e@erig.me> Signed-off-by: Ben Pfaff <blp@ovn.org>
This patch provides the command line to create a load balancer.
You can create a load balancer independently and add it to multiple
switches or routers. A single load balancer can have multiple vips.
Add a name column for the load balancer. With --add-duplicate,
the command really creates a new load balancer with a duplicate name.
This name has no special meaning or purpose other than to provide
convenience for human interaction with the ovn-nb database.
This patch also provides the unit tests and the documentation.
tests/bundle: test bundle action with ports up and down
Also, add the keyword bundle_action to all the tests in bundle.at,
distinguishing it from OF bundles.
It came to my attention recently that bundle_load will load 0xFFFF in case all
the slaves are down, as bundle_execute will return OFPP_NONE.
As I noticed this was not explicitly tested, not even for the bundle action, I
thought it would be nice to do it as a way of documenting this behavior.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Gabe Beged-Dov [Thu, 29 Sep 2016 22:40:02 +0000 (15:40 -0700)]
ovn: update docs for l2gateway port vlan tag
update description of l2gateway logical switch ports to include optional
vlan tag. Also restore comment in ovn/controller/physical.c from original commit
by Russell Bryant (184bc3c ovn: Add software l2 gateway) on 7/1/2016.
Signed-off-by: Gabe Beged-Dov <gabe@begeddov.com> Co-authored-by: Russell Bryant <russell@ovn.org> Signed-off-by: Russell Bryant <russell@ovn.org>
netdev-dpdk: Allow configurable queue sizes for 'dpdk' ports
The 'options:n_rxq_desc' and 'n_txq_desc' fields allow the number of rx
and tx descriptors for dpdk ports to be modified. By default the values
are set to 2048, but can be modified to an integer between 1 and 4096
that is a power of two. The values can be modified at runtime, however
require the NIC to restart when changed.
Ben Pfaff [Thu, 29 Sep 2016 21:41:51 +0000 (14:41 -0700)]
ovs-ofctl: Tolerate differences in IPv6 formatting.
glibc formats single zeros as 0: fec0:0:1234:f045:8fff:1111:fe4e:571
Musl formats single zeros as ::: fec0::1234:f045:8fff:1111:fe4e:571
This patch makes the OVS testsuite tolerate either one.
Reported-by: Stuart Cardall <developer@it-offshore.co.uk>
Reported-at: http://openvswitch.org/pipermail/discuss/2016-September/022803.html Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Thu, 29 Sep 2016 21:41:50 +0000 (14:41 -0700)]
tests: Use Linux-specific way to get parent PID, to avoid noncompliant "ps".
POSIX defines "ps" -o and -p options, but the "ps" implementation in
busybox (used in Alpine Linux) doesn't support -p, which makes some tests
fail for no good reason. Therefore, this commit makes the testsuite
instead check for support for the Linux-specific /proc-based way to find
the parent of a process and prefer that over "ps" when available.
Reported-by: Stuart Cardall <developer@it-offshore.co.uk>
Reported-at: http://openvswitch.org/pipermail/discuss/2016-September/022803.html Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Fri, 30 Sep 2016 15:23:21 +0000 (08:23 -0700)]
ovn: Do not reply to ARP or ND NS for a VM's own IP address.
When a VM sends an ARP or an ND NS for its own IP address, it is trying to
check for a duplicate address in the network. OVN needs to suppress the
reply in such a case, otherwise the VM thinks that its address is a
duplicate.
Mark Kavanagh [Thu, 29 Sep 2016 10:27:03 +0000 (11:27 +0100)]
netdev-dpdk: Fix coding style
Coding style violations of the following conventions are present in netdev-dpdk.c:
- limit lines to 79 characters
- put a space after (but not before) the "sizeof" keyword
- put a space between the () used in a cast and the
expression whose type is cast: (void *) 0.
Resolve occurrences of each, and any other minor style infractions.
Signed-off-by: Mark Kavanagh <mark.b.kavanagh@intel.com> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Mark Kavanagh [Thu, 29 Sep 2016 10:27:02 +0000 (11:27 +0100)]
netdev-dpdk: consistent naming for mbuf variables
Pointers to struct rte_mbuf are typically denoted within functions as
'pkt'; similarly, arrays of, and pointer-to-pointer to, struct rte_mbuf
are denoted by 'pkts'.
Update discrepancies to the above convention for consistency.
Signed-off-by: Mark Kavanagh <mark.b.kavanagh@intel.com> Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
'dpdk_mutex' protects two independent things: list of dpdk devices
and list of memory pools. Let's spit it in two to avoid global blocking
inside 'netdev_dpdk.*_reconfigure()' as possible.
Signed-off-by: Ilya Maximets <i.maximets@samsung.com> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Joe Stringer [Tue, 20 Sep 2016 21:58:00 +0000 (14:58 -0700)]
revalidator: Simplify full-revalidation code.
Simplify the remaining bits of the original revalidation codepath to
only handle the "full-revalidation" case. Make the 'ukey' parameter
purely const by pushing the only piece that gets changed into a separate
argument.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Joe Stringer [Tue, 20 Sep 2016 21:08:21 +0000 (14:08 -0700)]
revalidator: Defer stats push to end of validation.
To make more of the core revalidate() functions do just one thing and
not modify state on the way, refactor them to prepare the xcache then
defer the ukey modification and stats/side effects execution to the end
of successful revalidation.
If revalidation causes deletion, then the xcache will be prepared and
attached to the ukey, but the actual execution will be skipped since it
will be executed on flow_delete very soon anyway with final stats.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Joe Stringer [Wed, 28 Sep 2016 21:42:39 +0000 (14:42 -0700)]
revalidator: Prepare xcache before xlate_lookup.
Functionally this has little change, but it allows the following patch
to refactor the translation code with less changes.
Strictly speaking the odp_flow_key_to_flow() and xlate_lookup() error
cases should free the ukey->xcache, since it's empty and was never
initialised via the later call to xlate_actions(). However, if one of
these error conditions is hit during a flow dump, then there's no way
that it will ever succeed on a subsequent revalidate/delete. Rather, the
later revalidate/delete would do no stats translation - the same result
as keeping the empty xcache here.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
The second macro represents tests 1 and 2, while the third macro
represents two variations on test 3: with and without TCP sequence
adjustment.
By using these macros to declare the tests, much of the code may be
reused and shared rather than copying/pasting. As a result, the
differences between tests are easier to identify.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Jarno Rajahalme <jarno@ovn.org>
ofp-actions: Always consider inconsistent CT actions as an error.
We can't downgrade to OF1.0 and expect inconsistent CT actions
be silently discarded. Instead, datapath flow install fails, so
it is better to flag inconsistent CT actions as hard errors.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Joe Stringer <joe@ovn.org>
upcall: Don't start new revalidation round too soon after the last one.
The execution time of 'ovs-ofctl add-flows' with a large number of
flows can be more than halved if revalidators are not running after
each flow mod separately. This was first suspected when it was found
that 'ovs-ofctl --bundle add-flows' is about 10 times faster than the
same command without the '--bundle' option in a scenario where there
is a large set of flows being added and no datapath flows at all. One
of the differences caused by the '--bundle' option is that the
revalidators are woken up only once, at the end of the whole set of
flow table changes, rather than after each flow table change
individually.
This patch limits the revalidation to run at most 200 times a second
by enforcing a minimum of 5ms time gap between the start times of
revalidation rounds. If nothing happens in, say 6 milliseconds, and
then a new flow table change is signaled, the revalidator threads wake
up immediately without any further delay. Values smaller than 5 were
found to increase the 'ovs-ofctl add-flows' execution time noticeably.
Since the revalidators are not running after each flow mod, the
overall OVS CPU utilization during the 'ovs-ofctl add-flows' run time
is reduced roughly by one core on a four core machine.
In testing the 'ovs-ofctl add-flows' execution time is not
significantly improved from this even if the revalidators are not
notified about the flow table changes at all.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
David Hill [Tue, 30 Aug 2016 19:13:31 +0000 (15:13 -0400)]
netdev-linux: Use ethtool when miimon fails.
Some network drivers might return true to SIOCGMIIPHY and an error on
SIOCGMIIREG when using MII to query phy state. Fall back to ethtool if this
happens to allow failover to work when using such nics.
Reported-at: http://openvswitch.org/pipermail/dev/2016-August/078800.html Signed-off-by: David Hill <dhill@redhat.com> Signed-off-by: Joe Stringer <joe@ovn.org>
OVS GRE IPsec tunnel support has multiple issues, Therefore
it was deprecated in OVS 2.6.
Following patch removes support for GRE IPsec and allows external
IPsec tunnel management for any type of tunnel not just GRE.
e.g. user can encrypt Geneve or VxLan traffic.
It can be done by using openflow pipeline to set skb-mark
and using IPsec keying daemons to implement IPsec tunnels.
This packet can be matched for the skb-mark to encrypt
selective tunnel traffic.
Andy Zhou [Tue, 20 Sep 2016 19:44:32 +0000 (12:44 -0700)]
ovsdb: Fix segfalut during replication.
The newly added replication logic makes it possible for a monitor to
receive delete and insertion of the same row back to back, which
was not possible before. Add logic (and comment) to handle this
case to avoid follow crash reported by Valgrind:
#0 0x0000000000453edd in ovsdb_datum_compare_3way
(a=0x5efbe60, b=0x0, type=0x5e6a848) at lib/ovsdb-data.c:1626
#1 0x0000000000453ea4 in ovsdb_datum_equals
(a=0x5efbe60, b=0x0, type=0x5e6a848) at lib/ovsdb-data.c:1616
#2 0x000000000041b651 in update_monitor_row_data
(mt=0x5eda4a0, row=0x5efbe00, data=0x0) at ovsdb/monitor.c:310
#3 0x000000000041ed14 in ovsdb_monitor_changes_update
(old=0x0, new=0x5efbe00, mt=0x5eda4a0, changes=0x5ef7180)
at ovsdb/monitor.c:1255
#4 0x000000000041f12e in ovsdb_monitor_change_cb
(old=0x0, new=0x5efbe00, changed=0x5efc218, aux_=0xffefff040)
at ovsdb/monitor.c:1339
#5 0x000000000042ded9 in ovsdb_txn_for_each_change
(txn=0x5efbd90, cb=0x41ef50 <ovsdb_monitor_change_cb>,
aux=0xffefff040) at ovsdb/transaction.c:906
#6 0x0000000000420155 in ovsdb_monitor_commit
(replica=0x5eda2c0, txn=0x5efbd90, durable=false)
at ovsdb/monitor.c:1553
#7 0x000000000042dc04 in ovsdb_txn_commit_
(txn=0x5efbd90, durable=false) at ovsdb/transaction.c:868
#8 0x000000000042ddd4 in ovsdb_txn_commit (txn=0x5efbd90, durable=false)
at ovsdb/transaction.c:893
#9 0x0000000000422e0c in process_notification
(table_updates=0x5efad10, db=0x5e6bd40) at ovsdb/replication.c:575
#10 0x0000000000420ff3 in replication_run () at ovsdb/replication.c:184
#11 0x0000000000405cc8 in main_loop
(jsonrpc=0x5e67770, all_dbs=0xffefff3a0, unixctl=0x5ebd980,
remotes=0xffefff360, run_process=0x0, exiting=0xffefff3c0,
is_backup=0xffefff2de) at ovsdb/ovsdb-server.c:198
#12 0x0000000000406edb in main (argc=1, argv=0xffefff550)
at ovsdb/ovsdb-server.c:429
Reported-by: Joe Stringer <joe@ovn.org>
Reported-at: http://openvswitch.org/pipermail/dev/2016-September/079315.html Reported-by: Alin Serdean <aserdean@cloudbasesolutions.com>
Reported-at: http://openvswitch.org/pipermail/dev/2016-September/079586.html Co-authored-by: Joe Stringer <joe@ovn.org> Signed-off-by: Andy Zhou <azhou@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Fixes test failure seen due to the IPsec tunnel deprecation
messages in test logs.
Fixes: 9e9d0384910e ("openvswitch: deprecates support for IPsec tunnel port."). Reported-by: Joe Stringer <joe@ovn.org> Signed-off-by: Pravin B Shelar <pshelar@ovn.org> Acked-by: Joe Stringer <joe@ovn.org>
openvswitch: deprecates support for IPsec tunnel port.
OVS IPsec tunnel support has issues:
1. It only works for GRE.
2. only works on Debian.
3. It does not allow user to match on packet-mark
on packet received on tunnel ports.
This patch deprecates support for IPsec tunnel port.
Signed-off-by: Pravin B Shelar <pshelar@ovn.org> Acked-by: Ansis Atteka <aatteka@ovn.org>
ovn-controller: Store conntrack zone mappings to OVS database.
If ovn-controller is restarted, it may choose different conntrack zones
than had been previously used, which could cause the wrong conntrack
entries to be associated with a logical port. This commit stores in the
integration bridge's OVS "Bridge" table the mapping to the conntrack zone.
Signed-off-by: Justin Pettit <jpettit@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Joe Stringer [Fri, 23 Sep 2016 00:25:46 +0000 (17:25 -0700)]
ovs-lib: Fix SELinux contexts for created dirs.
ovs-lib creates several directories directly from the script, but
doesn't make any attempt to ensure that the correct SELinux context is
applied to these directories. As a result, the created directories end
up with type var_run_t rather than openvswitch_var_run_t.
During reboot using a tmpfs for /var/run, startup scripts will invoke
ovs-lib to create these directories with the wrong context. If SELinux
is enabled, OVS will fail to start as it cannot write to this directory.
Fix the issue by sprinkling "restorecon" in each of the places where
directories are created. In practice, many of these should otherwise be
handled by packaging scripts but if they exist then we should ensure the
correct SELinux context is set.
On systems where 'restorecon' is unavailable, this should be a no-op.
IPv4 and IPv6 packets have separate flows and should not overlap with a
catch-all flow that treats all packets like IPv4. It's unpredictable what
flow actually gets chosen in this situation.
Found by inspection.
Fixes: c34a87b6c570 ("ovn: Add support for IPv6 dynamic bindings.") Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Justin Pettit <jpettit@ovn.org>
ofproto-dpif-xlate: Adjust generated mask for fragments.
It's possible to install an OpenFlow flow that matches on udp source and
destination ports without matching on fragments. If the subtable where
such flow stays is visited during translation of a later fragment, the
generated mask will have incorrect prerequisited for the datapath and it
would be revalidated away at the first chance.
This commit fixes it by adjusting the mask for later fragments after
translation.
Other prerequisites of the mask are also prerequisites in OpenFlow, but
not the ip fragment bit, that's why we need a special case here.
For completeness, this commits also fixes a related problem in bfd,
where we check the udp destination port without checking if the frame is
an ip fragment. It's not really necessary to address this separately,
given the adjustment that we perform.
ovn-northd uses ct_label[0] to keep track of the ACL changes on
existing connections.This patch replaces the usage of ct_label[0]
in the logical flows with a symbolic name ct_label.blocked
ofproto: Do not signal revalidation for group mods twice.
The new group mod implementation signals revalidation through
'->set_tables_version()', so the separate '->group_modify()' is no
longer needed. The ofproto-provider API is changed to allow
'group_modify' to be NULL.
Fixes: 5d08a275cd ("ofproto: Make groups versioned.") Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
ovn-controller: Fix possible null pointer dereference.
The code dereferences "chassis", which could be null if chassis_run()
returns null. "chassis" will always be null if "chassis_id" is null, so
checking "chassis" is sufficient to check both.
datapath: avoid deferred execution of recirc actions
Port upstream fix to datapath module. The only notable difference
between this patch and the upstream version is that the value of
ovs_recursion_limit (5 for upstream kernel, 4 for out-of-tree
module) is maintained in this patch.
openvswitch: avoid deferred execution of recirc actions
The ovs kernel data path currently defers the execution of all
recirc actions until stack utilization is at a minimum.
This is too limiting for some packet forwarding scenarios due to
the small size of the deferred action FIFO (10 entries). For
example, broadcast traffic sent out more than 10 ports with
recirculation results in packet drops when the deferred action
FIFO becomes full, as reported here:
Since the current recursion depth is available (it is already tracked
by the exec_actions_level pcpu variable), we can use it to determine
whether to execute recirculation actions immediately (safe when
recursion depth is low) or defer execution until more stack space is
available.
With this change, the deferred action fifo size becomes a non-issue
for currently failing scenarios because it is no longer used when
there are three or fewer recursions through ovs_execute_actions().