Ben Pfaff [Mon, 7 Oct 2013 21:26:28 +0000 (14:26 -0700)]
odp-util: Fix IPFIX breakage with old kernel modules.
Before commit e995e3df57ea (Allow OVS_USERSPACE_ATTR_USERDATA to be
variable length.) userdata attributes in userspace actions were expected
to be exactly 64 bits long. The kernel only actually enforced that they
were at least 64 bits long (the previously referenced commit's log message
contains misinformation on this account).
Initially this was no problem, because all of the userdata that userspace
actually used was exactly 8 bytes long. Commit 29089a540c (Implement IPFIX
export), however, exposed a problem by reducing the length of userdata for
IPFIX support to just 4 bytes. This meant that IPFIX no longer worked on
older datapaths, because the userdata was no longer at least 8 bytes long.
This commit fixes the problem by padding out userdata attributes less than
8 bytes long to 8 bytes.
CC: Romain Lenglet <rlenglet@vmware.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Romain Lenglet <rlenglet at vmware.com>
Ben Pfaff [Mon, 6 May 2013 17:55:06 +0000 (10:55 -0700)]
ofp-actions: Switch away from odd use of "q" in "enqueue" action format.
The formatting of the "enqueue" action uses a "q" to separate the port
number from the queue number, as in "enqueue:123q456". This is different
from every other action. This commit improves the situation by:
* Switching the formatting to use a colon (e.g. "enqueue:123:456"),
which is a little less odd-looking but still accepted by older
versions of Open vSwitch.
* Improving the parser to accept "enqueue(123,456)" also.
Ben Pfaff [Tue, 19 Mar 2013 20:30:33 +0000 (13:30 -0700)]
ofproto: Check ofproto_port_query_by_name() return value when adding port.
Otherwise, if the port add succeeds but the query that looks up the port
number fails, then ofproto_port_add() would return zero as the OpenFlow
port number and ignore the error.
Reported-by: Guolin Yang <gyang@vmware.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Joe Stringer [Wed, 6 Nov 2013 18:36:17 +0000 (10:36 -0800)]
cfm: Count flaps when logging is disabled
Previously, the flap count logic for CFM was dependent on the state of
the logging facility. This patch ensures flaps are always counted when
there is a transition between non-fault and fault (and vice versa).
Found by inspection.
Signed-off-by: Joe Stringer <joestringer@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Joe Stringer [Fri, 8 Nov 2013 17:41:19 +0000 (09:41 -0800)]
netdev: Make naming more consistent
netdev-dummy and netdev-vport use the function name netdev_poll_notify()
for the same purpose as netdev-linux/bsd's netdev_*_changed(). This patch
changes the former two to be more consistent with the linux/bsd naming
scheme.
Signed-off-by: Joe Stringer <joestringer@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Thu, 7 Nov 2013 00:12:34 +0000 (16:12 -0800)]
ofproto: Limit OVS-assigned port numbers to 32767 and below.
A couple of controller vendors have mentioned to me that they would like to
have some part of the OpenFlow port number space reserved for the
controller to use. This commit reserves 32768 and up (roughly the upper
half of the OF1.0 port range) to the controller.
Bug #18753. Signed-off-by: Ben Pfaff <blp@nicira.com>
ofproto-dpif: Disassociate datapath max_ports with openflow port numbers.
With single datapath, multiple userspace bridges share the same datapath.
As such it does not look beneficial that we decide a valid open flow port
number based on the number of ports in the datapath specially now that
we have the ofport_request column in OVSDB.
This commit does not remove ofproto_init_max_ports() interface as defined
in ofproto-provider.h as there may be other implementations that still use it.
But ofproto-dpif should not need it.
Bug #20163. Signed-off-by: Gurucharan Shetty <gshetty@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
'struct dp_netdev_flow' is currently being instantiated as 'flow'.
An upcoming commit introduces a classifier to dpif-netdev
which uses 'struct flow' at a few places and that can cause
confusion while reading code.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Fri, 11 Oct 2013 23:24:41 +0000 (16:24 -0700)]
ovs-controller: Rename test-controller and do not install or package.
Too many users have incorrectly assumed that ovs-controller is a necessary
or desirable part of an Open vSwitch deployment. This commit should fix
the problem by renaming it test-controller and removing it from the
default install and from packaging.
Joe Stringer [Fri, 1 Nov 2013 23:34:29 +0000 (16:34 -0700)]
netdev-linux: Skip miimon execution when disabled
When dealing with a large number of ports, one of the performance
bottlenecks is that we loop through all netdevs in the main loop. Miimon
is a contributor to this, checking all devices even if it has never been
enabled.
This patch introduces a counter for the number of netdevs with miimon
configured. If this is 0, then we skip miimon_run() and miimon_wait().
In a test environment of 5000 internal ports and 50 tunnel ports with
bfd, this reduces CPU usage from about 50% to about 45%.
Signed-off-by: Joe Stringer <joestringer@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Simon Horman [Wed, 30 Oct 2013 09:17:20 +0000 (18:17 +0900)]
ofproto-dpif: Support weight for select groups
Signed-off-by: Simon Horman <horms@verge.net.au>
[blp@nicira.com adjusted this for highest random weight scoring and
updated the test] Signed-off-by: Ben Pfaff <blp@nicira.com>
Simon Horman [Wed, 30 Oct 2013 09:17:19 +0000 (18:17 +0900)]
ofproto-dpif: Implement translation of select groups.
Select bucket from those that are alive based on a hash of the destination
ethernet address of the packet.
Support for weights is proposed by a subsequent patch.
The selection is based on a hash of the destination ethernet
address of the flow. It should be possible to extend
this to cover a hash of user-specified elements of the flow.
Signed-off-by: Simon Horman <horms@verge.net.au>
[blp@nicira.com replaced bucket selection by "highest random weight"
method] Signed-off-by: Ben Pfaff <blp@nicira.com>
Simon Horman [Wed, 30 Oct 2013 09:17:15 +0000 (18:17 +0900)]
ofproto: Add group desc and stats tests
Lightly exercise group desc and stats
Signed-off-by: Simon Horman <horms@verge.net.au>
[blp@nicira.com found that a new test segfaulted and folded in fixes] Signed-off-by: Ben Pfaff <blp@nicira.com>
Simon Horman [Wed, 30 Oct 2013 09:17:14 +0000 (18:17 +0900)]
ofproto-dpif: Translation of indirect and all groups
Allow translation of indirect and all groups. Also allow insertion of
indirect and all groups by changing the maximum permitted number in the
groups table from 0 to OFPG_MAX.
Implementation note:
After translating the actions for each bucket ctx->flow is reset to its
state prior to translation of the buckets actions. This is equivalent to
cloning the bucket before applying actions. This is my interpretation of the
OpenFlow 1.3.2 specification section 5.6.1 Group Types, which includes the
following text. I believe there is room for other interpretations.
* On all groups: "The packet is effectively cloned for each bucket; one
packet is processed for each bucket of the group."
* On indirect groups: "This group type is effectively identical to an
all group with one bucket."
Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
Simon Horman [Wed, 30 Oct 2013 09:17:13 +0000 (18:17 +0900)]
ofproto: Break out resubmit resource checking
Break out resubmit resource checking into a helper function
xlate_resubmit_resource_check() and use this new function.
This is to allow the check to be re-used by a subsequent patch.
Suggested-by: Ben Pfaff <blp@nicira.com> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Sat, 2 Nov 2013 18:36:50 +0000 (11:36 -0700)]
nicira-ext: Update comment.
The ARP headers have been acceptable as NXAST_REG_MOVE destinations since
commit f6c8a6b163 (Add software switch support for modifying ARP headers
in OpenFlow.)
Reported-by: Anupam Chanda <achanda@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Joe Stringer <joestringer@nicira.com>
Ben Pfaff [Sat, 2 Nov 2013 15:43:14 +0000 (08:43 -0700)]
ofproto-dpif-xlate: Handle oversized actions more gracefully.
If the datapath actions exceed the maximum size of a Netlink attribute
(about 64 kB), then previously we would assert-fail (before commit 542024c4c3d36 "ofproto-dpif-xlate: Suppress oversize datapath actions.")
or just drop all of them (after that commit). This commit makes OVS cope
by slow-pathing the flow and executing all of its actions in userspace.
Ben Pfaff [Mon, 30 Sep 2013 21:46:50 +0000 (14:46 -0700)]
flow: Fill in ->l7 in flow_compose().
flow_extract() fills in ->l7 but flow_compose() wasn't doing it, which
confused bfd_process_packet() when invoked via the ofproto/trace appctl
command.
Ben Pfaff [Sat, 2 Nov 2013 13:55:40 +0000 (06:55 -0700)]
util: Allow set_subprogram_name() to take a printf() format string.
This will be convenient in an upcoming commit.
I had to add -Wno-format-zero-length to suppress a GCC warning about a
zero-length format string in this monitor_daemon() call:
set_subprogram_name("");
I don't know what that warning is good for anyway, and I guess the Clang
developers don't either because Clang didn't warn.
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Ethan Jackson <ethan@nicira.com>
Simon Horman [Wed, 30 Oct 2013 09:17:10 +0000 (18:17 +0900)]
ofproto: Verify compatibility of liveness of groups with their type
Require liveness for fast-failover groups as it is mandated by OpenFlow1.3.
Allow livness for select groups which is in keeping with OpenFlow1.3.
Disallow liveness it for other group types.
Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Sat, 2 Nov 2013 04:45:28 +0000 (21:45 -0700)]
ofproto: Centralize action checking, doing it at decode time.
Jarno pointed out that modify_flows__() didn't really need to check every
instance of the flow separately. After some further investigation I
decided that this was even more of an improvement.
Jarno Rajahalme [Thu, 24 Oct 2013 20:19:28 +0000 (13:19 -0700)]
OXM inspired match field names.
Adds OXM inspired aliases for match fields that don't have them
already ("ip_proto", "ip_ecn", "ip_dscp", and "tunnel_id").
"ip_dscp" replaces the earlier undocumented "nw_tos_shifted",
and takes the DSCP value (0-63), which is then shifted
appropriately when applied to an IP packet.
The number of bits for this field is fixed from 8 to 6.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Simon Horman [Thu, 31 Oct 2013 04:00:02 +0000 (13:00 +0900)]
Return no protocols if mask is supplied for unmaskable match
Currently if a mask is supplied for an unmaskable match then NOT_REACHED()
is called. The effect of this for a user calling ovs-vsctl with a match
that includes a mask which is not permitted is to politely inform them of
the error of their ways by calling abort and segfaulting.
This patch takes an alternate approach to return no protocols which has the
has the effect when that ovs-vsctl is called with a match that includes a
mask which is not permitted an error message of the following form is
displayed.
ovs-ofctl: none of the usable flow formats (none) is among the allowed flow formats (OpenFlow10,NXM)
This patch also updates the ovs-ofctl test to test matches with masks
where possible.
Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
Jarno Rajahalme [Tue, 29 Oct 2013 23:39:52 +0000 (16:39 -0700)]
classifier: Rename struct cls_table as cls_subtable.
The naming of the classifier table has been a source of confusion,
since each OpenFlow table is implemented as a classifier, which
consists of multiple (sub)tables. This name change hopefully makes
classifier related discussion a bit less confusing.
For consistency, relevant field names as well as the function and
variable names have been renamed in similar fashion.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Tue, 29 Oct 2013 20:01:07 +0000 (13:01 -0700)]
vtep: Bring BFD specification in vtep.xml into sync with OVS.
A number of new key-value pairs have been added to the bfd and bfd_status
columns of the OVS schema since the VTEP schema was created. To aid
interoperability between OVS instances and VTEPs, this patch brings
the VTEP schema into line with that of OVS.
CC: Bruce Davie <bdavie@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Implement OFPT_QUEUE_GET_CONFIG_REQUEST and OFPT_QUEUE_GET_CONFIG_REPLY.
Open vSwitch has never implemented this request and reply, even though they
have been in OpenFlow since version 1.0. This commit adds an
implementation.
Signed-off: Venkitachalam Gopalakrishnan <gops@vmware.com> Co-authored-by: Ben Pfaff <blp@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Joe Stringer <joestringer@nicira.com>
Jarno Rajahalme [Mon, 28 Oct 2013 20:54:40 +0000 (13:54 -0700)]
TCP flags matching support.
tcp_flags=flags/mask
Bitwise match on TCP flags. The flags and mask are 16-bit num‐
bers written in decimal or in hexadecimal prefixed by 0x. Each
1-bit in mask requires that the corresponding bit in port must
match. Each 0-bit in mask causes the corresponding bit to be
ignored.
TCP protocol currently defines 9 flag bits, and additional 3
bits are reserved (must be transmitted as zero), see RFCs 793,
3168, and 3540. The flag bits are, numbering from the least
significant bit:
Jarno Rajahalme [Mon, 28 Oct 2013 20:54:39 +0000 (13:54 -0700)]
Widen TCP flags handling.
Widen TCP flags handling from 7 bits (uint8_t) to 12 bits (uint16_t).
The kernel interface remains at 8 bits, which makes no functional
difference now, as none of the higher bits is currently of interest
to the userspace.
Pravin B Shelar [Fri, 25 Oct 2013 20:42:12 +0000 (13:42 -0700)]
datapath: Enable all GSO features on internal port.
OVS already can handle all types of segmentation offloads that
are supported by the kernel.
Following patch specifically enables UDP and IPV6 segmentation
offloads.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
Ben Pfaff [Fri, 25 Oct 2013 20:31:50 +0000 (13:31 -0700)]
ofproto: Avoid abandoning an ofopgroup without committing it.
Commit e3b5693319c (Fix table checking for goto table instruction.) moved
action checking into modify_flows__(), for good reason, but as a side
effect made modify_flows__() abandon and never commit the ofopgroup that it
started, if action checking failed. This commit fixes the problem.
The following commands, run under "make sandbox", illustrate the problem.
Without this change, the final command hangs because the barrier request
that ovs-ofctl sends never gets a response (because barriers wait for all
ofopgroups to complete, which never happens). With this commit, the
commands complete quickly:
Ben Pfaff [Fri, 25 Oct 2013 16:22:37 +0000 (09:22 -0700)]
jsonrpc: Only compose message to log if it's really going to be logged.
This suppresses a testsuite failure when the testsuite is run from a
directory whose name contains a non-ASCII character. I'd rather fix the
problem but webpages like the following make it sound difficult or
impossible on Python 2.x: http://stackoverflow.com/a/11742928
Ben Pfaff [Fri, 25 Oct 2013 16:22:36 +0000 (09:22 -0700)]
tests: Skip Python daemon tests in directory with non-ASCII name.
The Debian autobuild machines run their builds inside a top-level
directory named /«BUILDDIR». That name contains two non-ASCII characters
that cause the Python code in the interface-reconfigure and ovs-monitor-ipsec
tests to fail. The problem seems to be related to the locale, because
switching to a UTF-8 locale allows the tests to proceed farther but does
not fix the problem. I was not able to easily fix the actual problem.
Web searches turn up articles that imply that the problem is not
reasonably fixable with Python 2.x, e.g.:
http://stackoverflow.com/a/11742928
This commit instead avoids the problem by skipping these tests if the
current working directory's name contains non-ASCII characters. This is
a legitimate solution only because interface-reconfigure and
ovs-monitor-ipsec run from initscripts and thus their current working
directories are system directories. (Also, the current working directory
matters much less when run in a real environment because the --root-prefix
option that causes the issue is not used in a real environment.)
YAMAMOTO Takashi [Thu, 24 Oct 2013 03:07:44 +0000 (12:07 +0900)]
ofproto: Report multipart buffer overflow.
Because our size of the multipart request buffer is effectively 0,
always report multipart buffer overflow error for multipart requests
with "more" flag set.
While this might be simpler if done in ofp-msgs.c, i put this in
ofproto.c because it seems like a better place to implement the
buffering logic if/when desirable.
An option question: what to do for the following messages with the
same xid? especially for the last message which doesn't have the
"more" flag set? it would be neater to detect and drop them.
Signed-off-by: YAMAMOTO Takashi <yamamoto@valinux.co.jp> Signed-off-by: Ben Pfaff <blp@nicira.com>