Alin Balutoiu [Tue, 22 Aug 2017 10:47:21 +0000 (10:47 +0000)]
windows, python: Fix event type returned from poller
The function poll from poller should return a list of tuples
containing the events and their types.
On Windows the event type is not returned at the moment.
Instead of returning zero all the time, we check to see
the type of event and we set it accordingly before returning
the list.
This is used only for debugging purposes inside the function
"__log_wakeup" later on.
Signed-off-by: Alin Balutoiu <abalutoiu@cloudbasesolutions.com> Acked-by: Russell Bryant <russell@ovn.org> Acked-by: Alin Gabriel Serdean <aserdean@ovn.org> Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
Justin Pettit [Mon, 7 Aug 2017 21:44:02 +0000 (14:44 -0700)]
ofproto-dpif: Mark packets as "untracked" after call to ct().
Packet and Connection state is only available to the processing path
that follows the "recirc_table" argument of the ct() action. The
previous behavior made these states available until the end of the
pipeline. This commit changes the behavior so that the Packet and
Connection state are cleared for the current processing path whenever
ct() is called (in addition to reaching the end of the pipeline.)
A future commit will remove the behavior that a "send to controller"
action causes all packets for that flow to be handled via the slow-path.
The current behavior of connection tracking state makes that difficult
due to datapath actions containing multiple OpenFlow rules that may
contain different connection tracking states. This change will make
that future commit possible.
Signed-off-by: Justin Pettit <jpettit@ovn.org> Acked-by: Joe Stringer <joe@ovn.org>
Lance Richardson [Sat, 19 Aug 2017 20:23:34 +0000 (16:23 -0400)]
ovn: support requested-chassis option for logical switch ports
This patch adds support for a "requested-chassis" option for logical
switch ports. If set, the only chassis that will claim this port is the
chassis identfied by this option; if already bound by another chassis,
it will be released.
The primary benefit of this enhancement is allowing a CMS to prevent
"thrashing" in the southbound database during live migration by keeping
the original chassis from attempting to re-bind a port that is in the
process of migrating.
This would also allow (with some additional work) RBAC to be applied
to the Port_Binding table for additional security.
Signed-off-by: Lance Richardson <lrichard@redhat.com> Signed-off-by: Russell Bryant <russell@ovn.org>
Alin Balutoiu [Wed, 16 Aug 2017 15:01:39 +0000 (15:01 +0000)]
python: fix python3 encode/decode on Windows
Fix double encoding/decoding on data, caused by
'get_decoded_buffer' and 'get_encoded_buffer'.
The functions 'get_decoded_buffer' and 'get_encoded_buffer'
from winutils have been removed. They are no longer
necessary since the buffers received/returned are already
in the right form.
The necessary encoding has been moved before any sending
function (this also includes named pipes send on Windows).
Anand Kumar [Tue, 15 Aug 2017 22:29:04 +0000 (15:29 -0700)]
datapath-windows: Do not modify port field for ICMP during SNAT/DNAT
During SNAT/DNAT, we should not be updating the port field of ct_endpoint
struct, as ICMP packets do not have port information. Since port and
icmp_id are overlapped in ct_endpoint struct, icmp_id gets changed.
As a result, NAT look up fails to find a matching entry.
This patch addresses this issue by not modifying icmp_id field during
SNAT/DNAT only for ICMP traffic
The current NAT module doesn't take the ICMP type/code into account
during the lookups. Fix this to make it similar with the other conntrack
module.
Acked-by: Alin Gabriel Serdean <aserdean@ovn.org> Acked-by: Shashank Ram <rams@vmware.com> Signed-off-by: Anand Kumar <kumaranand@vmware.com> Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
Joe Stringer [Thu, 10 Aug 2017 00:18:22 +0000 (17:18 -0700)]
netdev: Free ifidx mapping in netdev_ports_remove().
Previously, netdev_ports_insert() would allocate and insert an
ifindex->odp_port mapping, but netdev_ports_remove() would never remove
the mapping or free the mapping structure. This patch fixes these up.
Fixes: 32b77c316d9982("dpif: Save added ports in a port map.") Reported-by: Andy Zhou <azhou@ovn.org> Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Andy Zhou <azhou@ovn.org>
Lance Richardson [Thu, 10 Aug 2017 20:41:19 +0000 (16:41 -0400)]
travis: parallel builds and tests
Some recent travis builds have failed due to having exceeded the
per-job time limit of 50 minutes. This change enables parallel
builds and parallel test execution in order to reduce overall
execution time, and will hopefully allow this class of build
failures to be avoided.
Since the travis build environment is provisioned with two CPUs,
use -j2 for builds and -j4 for tests. Testing in a cloned repository
shows slightly more than a 50% reduction in overall test time.
Signed-off-by: Lance Richardson <lrichard@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Aaron Conole [Wed, 9 Aug 2017 20:00:53 +0000 (16:00 -0400)]
netdev-dpdk: include dpdk PCI header directly
As part of a devargs rework in DPDK, the PCI header file was removed, and
needs to be directly included. This isn't required to build with 17.05 or
earlier, but will be required should a future update happen.
Darrell Ball [Thu, 10 Aug 2017 20:22:16 +0000 (13:22 -0700)]
dp-packet: Reset DPDK hwol flags on init.
Reset the DPDK hwol flags in dp_packet_init_. The new hwol bad checksum
flag is uninitialized for non-dpdk ports and this is noticed as test
failures using netdev-dummy ports, when built with the --with-dpdk
flag set. Hence, in this case, packets may be falsely marked as having a
bad checksum. The existing APIs are simplified at the same time by
making them specific to either DPDK or otherwise; they also now
manage a single field.
aaron conole [Wed, 9 Aug 2017 20:36:53 +0000 (16:36 -0400)]
redhat: add vfio udev rules
This commit builds on the non-root ovs work and adds a udev rule which will
automatically set the group permissions of vfio devices.
Fixes: e3e738a3d058 ("redhat: allow dpdk to also run as non-root user") Signed-off-by: Aaron Conole <aconole@redhat.com> Signed-off-by: Russell Bryant <russell@ovn.org>
Ensure that JSON is utf-8 encoded and that bytes sent/received on
the stream sockets are in utf-8 form. Add a test case to verify
that unicode data can be sent/received successfully using Python
IDL module.
Co-authored-by: Terry Wilson <twilson@redhat.com> Signed-off-by: Terry Wilson <twilson@redhat.com> Signed-off-by: Lance Richardson <lrichard@redhat.com> Signed-off-by: Russell Bryant <russell@ovn.org>
Yi Yang [Tue, 8 Aug 2017 06:55:05 +0000 (14:55 +0800)]
Remove duplicate description about Experimenter classes
commit 3d2fbd70bda514f7327970b859663f34f994290c brought
duplicate description about Experimenter classes
ONFOXM_ET and NXOXM_NSH in lib/meta-flow.xml, branch-2.8
has the same issue.
Signed-off-by: Yi Yang <yi.y.yang@intel.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Paul Blakey [Tue, 8 Aug 2017 14:03:12 +0000 (17:03 +0300)]
netdev-vport: Always implement get_ifindex for netdev-vport
Always implement get_ifindex without checking if offload is
enabled or not as this should not be related. From ovs-dpctl
we cannot tell if offload is enabled or not as other_config is
not being read.
Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Fri, 14 Jul 2017 04:42:54 +0000 (21:42 -0700)]
ovs-vsctl-bashcomp: Make compatible with busybox "awk".
It seems that awk in busybox doesn't think that an empty string is part of
a larger string, but that GNU awk does. This commit adds an extra test to
make _ovs_vsctl_check_startswith_string work either way.
This allows the following tests to pass with busybox awk:
vsctl bashcomp unit tests
7: vsctl-bashcomp - basic verification ok
8: vsctl-bashcomp - argument completion ok
Reported-by: Stuart Cardall <developer@it-offshore.co.uk> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Lance Richardson <lrichard@redhat.com>
Darrell Ball [Wed, 9 Aug 2017 06:57:36 +0000 (23:57 -0700)]
travis: Fix DPDK builds in new environment.
The following error is seen:
17.05.1/build/build/lib/librte_eal/linuxapp/igb_uio/igb_uio.c:29:
/home/travis/build/darball/ovs/linux-3.16.46/arch/x86/include/asm/
dma-mapping.h:32:35: error: inlining failed in call to ‘get_dma_ops’:
call is unlikely and code size would grow [-Werror=inline]
-Wno-error=inline is used to address the issues with
the new environment.
Suggested-by: Ben Pfaff <blp@ovn.org> Signed-off-by: Darrell Ball <dlu998@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Tue, 8 Aug 2017 23:37:15 +0000 (16:37 -0700)]
netdev-dummy: Close pcap files when dummy device is closed.
Fixes a fd leak.
Reported-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Daniel Alvarez [Fri, 21 Jul 2017 15:28:24 +0000 (15:28 +0000)]
netdev: check for NULL fields in netdev_get_addrs
When the interfaces list is retrieved through getiffaddrs(), there
might be elements with iface_name set to NULL.
This patch checks ifa_name to be not NULL before comparing it to the
actual device name in the loop that calculates how many interfaces
exist with that same name.
Also, this patch checks that ifa_netmask is not NULL for coherence
with the existing code so that it doesn't allocate more memory
than needed if this field is NULL.
Note, that these checks are already being done later in the function
so it should be done in both places.
Signed-off-by: Daniel Alvarez <dalvarez@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Lance Richardson <lrichard@redhat.com>
Joe Stringer [Tue, 8 Aug 2017 21:30:28 +0000 (14:30 -0700)]
include: Add struct declaration to ofp-print.h.
If a libopenvswitch user includes ofp-print.h before ofp-util.h (which
is standard alphabetical order), and turns on -Werror, then they would
hit this compilation error in the include:
error: 'struct ofputil_port_map' declared inside parameter list will not
be visible outside of this definition or declaration [-Werror]
void ofp_print(FILE *, const void *, size_t *, const struct ofputil_port_map *,
Fixes: 50f96b10e1c8 ("Support accepting and displaying port names in OVS tools.") Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Tue, 8 Aug 2017 23:02:20 +0000 (16:02 -0700)]
m4: Add pkg.m4 from pkg-config.
This way, users do not have to install the m4 file from pkg-config, which
was not previously a requirement. Without this change, "configure" fails
when pkg.m4 is not available via aclocal:
./configure: line 26189: ` PKG_CHECK_MODULES(DPDK, libdpdk,'
Reported-by: Alin Serdean <aserdean@cloudbasesolutions.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
acinclude: Also support pkg-config for configuring dpdk.
If available use dpdk pkg-config info of libdpdk to set the right
include paths.
That for example, allows packagers to provide non default include
paths in a common way (pkg-config).
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com> Suggested-by: Luca Boccassi <luca.boccassi@gmail.com> Acked-by: Luca Boccassi <luca.boccassi@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
aaron conole [Fri, 4 Aug 2017 17:00:57 +0000 (13:00 -0400)]
redhat: allow dpdk to also run as non-root user
After this commit, users may start a dpdk-enabled ovs setup as a
non-root user. This is accomplished by exporting the $HOME directory,
which dpdk uses to fill in it's semi-persistent RTE configuration.
This change may be a bit controversial since it modifies /dev/hugepages
as part of starting the ovs-vswitchd to set a hugetlbfs group
ownership. This is used to enable writing to /dev/hugepages so that the
dpdk_init will successfully complete. There is an alternate way of
accomplishing this - namely to initialize DPDK before dropping
privileges. However, this would mean that if DPDK ever grows an uninit
/ reinit function, non-root ovs likely could never use it.
This does not change OvS+DPDK's SELinux requirements. It still must be
disabled.
Signed-off-by: Aaron Conole <aconole@redhat.com> Signed-off-by: Russell Bryant <russell@ovn.org>
aaron conole [Fri, 4 Aug 2017 17:00:56 +0000 (13:00 -0400)]
redhat: dynamic service file for vswitchd
This commit changes the service file from static configuration to an
autogenerated file, produced during the build. This will be relevant in a
future commit.
Signed-off-by: Aaron Conole <aconole@redhat.com> Signed-off-by: Russell Bryant <russell@ovn.org>
aaron conole [Fri, 4 Aug 2017 17:00:55 +0000 (13:00 -0400)]
dpdkstrip: add a preprocessor tool for stripping dpdk blocks
Normally, in C code, pre-processing macros can be used to enable/disable
specific functionality based on switches passed to configure. This works
for DPDK using the --with-dpdk flag, which sets the DPDK_NETDEV define to
the appropriate value.
However, not all files are processed with the C pre-processor. For those
files which are not, this commit adds a new pre-processor tool for .in
files to either include or exclude those stanzas as appropriate.
Signed-off-by: Aaron Conole <aconole@redhat.com> Signed-off-by: Russell Bryant <russell@ovn.org>
aaron conole [Fri, 4 Aug 2017 17:00:54 +0000 (13:00 -0400)]
redhat: dynamically allocate and reference ovs user
After this commit, the fedora RPM will create the openvswitch user, from the
non-static pool, for use as an Open vSwitch daemon user. This only happens
on install - not upgrade. This will be the default user:group
combination for the openvswitch daemons.
To do this in a way that doesn't impact existing installations, the
/etc/openvswitch directory will be created during the installation,
rather than being provided as part of the rpm.
aaron conole [Fri, 4 Aug 2017 17:00:53 +0000 (13:00 -0400)]
redhat: allow arbitrary user:group
Under rpm based distributions, the only user:group that the rhel daemons run
as is 'root:root'. This is fine as a default, but as part of a security
procedure, users may want to run as an alternate uid/gid. This commit
adds an OVS_USER_ID environment variable for systemd, which defaults to
root:root, but can be overridden by changing the /etc/sysconfig/openvswitch
environment file.
Joe Stringer [Mon, 7 Aug 2017 21:58:45 +0000 (14:58 -0700)]
system-kmod-macros: Load TFTP module.
Just like the FTP module needs to be loaded to ensure that the FTP tests
work, the TFTP module needs to be loaded to ensure that the TFTP tests
work. This patch does so.
Joe Stringer [Mon, 31 Jul 2017 23:54:22 +0000 (16:54 -0700)]
ofproto-dpif-upcall: Fix key attr iteration.
This call is operating on messages generated by the datapath. If a
datapath implementation sends improperly formatted netlink attributes,
then it's possible for a revalidator thread to end up trapped in an
infinite loop iterating across these attributes. Rather than using the
UNSAFE variation of this iterator, use the regular version.
Fixes: 994fcc5a15d3 ("upcall: Check for recirc_id in ukey_create_from_dpif_flow()") Signed-off-by: Joe Stringer <joe@ovn.org> Reviewed-by: Greg Rose <gvrose8192@gmail.com> Acked-by: Ben Pfaff <blp@ovn.org>
Joe Stringer [Mon, 31 Jul 2017 23:54:21 +0000 (16:54 -0700)]
ofproto-dpif-upcall: Fix action attr iteration.
This calls is operating on messages generated by the datapath. If a
datapath implementation sends improperly formatted netlink attributes,
then it's possible for a revalidator thread to end up trapped in an
infinite loop iterating across the actions attributes. Rather than using
the UNSAFE variation of this iterator, use the regular version.
Fixes: e672ff9b4d22 ("ofproto-dpif: Restore metadata and registers on recirculation.") Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Jan Scheurich [Sat, 5 Aug 2017 05:41:12 +0000 (13:41 +0800)]
NSH unit test cases using encap and decap actions
With the support of generic encap and decap actions for Ethernet and NSH
it is now possible to build test cases that mimic realistic OVS
configurations and OF pipelines for Service Function Chaining. Packets
are being encapsulated in NSH, forwarded based on NSH headers, sent over
Ethernet links and VXLAN-GPE tunnels, and decapsulated at the end of
a service chain.
Signed-off-by: Jan Scheurich <jan.scheurich@ericsson.com> Signed-off-by: Yi Yang <yi.y.yang@intel.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Jan Scheurich [Sat, 5 Aug 2017 05:41:11 +0000 (13:41 +0800)]
Generic encap and decap support for NSH
This commit adds translation and netdev datapath support for generic
encap and decap actions for the NSH MD1 header. The generic encap and
decap actions are mapped to specific encap_nsh and decap_nsh actions
in the datapath.
The translation follows that general scheme that decap() of an NSH
packet triggers recirculation after decapsulation, while encap(nsh)
just modifies struct flow and sets the ctx->pending_encap flag to
generate the encap_nsh action at the next commit to be able to include
subsequent set_field actions for NSH headers.
Support for the flexible MD2 format using TLV properties is foreseen
in encap(nsh), but not yet fully implemented.
The CLI syntax for encap of NSH is
encap(nsh(md_type=1))
encap(nsh(md_type=2[,tlv(<tlv_class>,<tlv_type>,<hex_string>),...]))
Signed-off-by: Jan Scheurich <jan.scheurich@ericsson.com> Signed-off-by: Yi Yang <yi.y.yang@intel.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Jan Scheurich [Sat, 5 Aug 2017 05:41:08 +0000 (13:41 +0800)]
userspace: Add support for NSH MD1 match fields
This patch adds support for NSH packet header fields to the OVS
control plane and the userspace datapath. Initially we support the
fields of the NSH base header as defined in
https://www.ietf.org/id/draft-ietf-sfc-nsh-13.txt
and the fixed context headers specified for metadata format MD1.
The variable length MD2 format is parsed but the TLV context headers
are not yet available for matching.
The NSH fields are modelled as experimenter fields with the dedicated
experimenter class 0x005ad650 proposed for NSH in ONF. The following
fields are defined:
Co-authored-by: Johnson Li <johnson.li@intel.com> Signed-off-by: Yi Yang <yi.y.yang@intel.com> Signed-off-by: Jan Scheurich <jan.scheurich@ericsson.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Darrell Ball [Sun, 6 Aug 2017 17:51:17 +0000 (10:51 -0700)]
System tests: Add 4 new ftp and tftp tests.
In order to have full coverage of ALGs for the userspace
datapath, it is necessary to add 4 new tests. Three of these will
cover passive ftp, including basic V6 passive ftp, V4 passive ftp
with NAT and sequence skew and V6 passive ftp with NAT. The last
test will cover tftp with NAT. Before these additions, there was
only one part of one test covering passive ftp without NAT and
one basic tftp test without NAT.
Signed-off-by: Darrell Ball <dlu998@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Darrell Ball [Sun, 6 Aug 2017 17:51:13 +0000 (10:51 -0700)]
Userspace Datapath: Introduce conn_key_cmp().
A new function conn_key_cmp() is introduced and used to replace
memcmp of conn_keys. Given that OVS runs on with many compilers and
on many architectures, it seems prudent to avoid memcmp in case
existing and future holes in conn_key are not handled by a given
compiler for a given architecture.
Signed-off-by: Darrell Ball <dlu998@gmail.com> Suggested-by: Ben Pfaff <blp@ovn.org> Signed-off-by: Ben Pfaff <blp@ovn.org>
Paul Blakey [Mon, 7 Aug 2017 04:32:02 +0000 (07:32 +0300)]
netdev-vport: Always implement get_ifindex for netdev-vport
Always implement get_ifindex without checking if offload is
enabled or not as this should not be related. From ovs-dpctl
we cannot tell if offload is enabled or not as other_config is
not being read.
Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Roi Dayan [Sun, 6 Aug 2017 07:54:59 +0000 (10:54 +0300)]
netdev-tc-offloads: Fix parsing SCTP in dump flows
After splitting the unions of tcp/udp the sctp was forgotten
when parsing flower back to match.
Fixes: 2b1d9fa90909 ("tc: Split IPs and transport layer ports unions in flower struct") Signed-off-by: Roi Dayan <roid@mellanox.com> Reviewed-by: Paul Blakey <paulb@mellanox.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Simon Horman <simon.horman@netronome.com>
ovn-controller: use idl indexes for logical datapath
Use IDL index to iterate over all logical ports in a given logical
datapath, avoiding the overhead of creating/destroying an indexing
data structure in each iteration of the ovn-controller main loop.
Signed-off-by: Lance Richardson <lrichard@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
ovn-controller: use idl indexes for logical port table
Use IDL index for logical port table lookups, avoiding the overhead
of creating/destroying an index hmap for each iteration of the
ovn-controller main loop.
Signed-off-by: Lance Richardson <lrichard@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
ovn-controller: use idl index for multicast group table
Use IDL index for multicast group table lookups, avoiding the overhead
of creating/destroying an index hmap for each iteration of the
ovn-controller main loop.
Signed-off-by: Lance Richardson <lrichard@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
ovsdb-idl: Autogenerated functions for compound indexes
Generates and fills in the default comparators for columns with
type int, real, string. Also creates the macros that allow
iteration over the contents of the index, and perform
queries.
In the work made in our projects, it was found the need to have a faster
access to the rows contained in tables in the replica, as well to have
the possibility to loop over a subset of rows that meet some specified
criteria.
Those needs lead us to design and implement a functionality that
satisfies those requirements, so an implementation of special indexes were
done.
In order to keep the OVSDB server implementation unmodified and avoid
extra load of processing, the indexes are created as part of the IDL.
The indexes are created as part of the initialization of the replica request
and are maintained automatically when there are changes in the replica.
This document explains the design rationale of the compound indexes feature.
Ben Pfaff [Thu, 6 Jul 2017 23:40:30 +0000 (16:40 -0700)]
ovs-ofctl: Avoid unnecessary flow replacement in "replace-flows" command.
The ovs-ofctl "diff-flows" and "replace-flows" command compare the flows
in two flow tables. Until now, the "replace-flows" command has considered
certain almost meaningless differences related to the version of OpenFlow
used to add a flow as significant, which caused it to replace a flow by an
identical-in-practice version, e.g. in the following, the "replace-flows"
command prints a FLOW_MOD that adds the flow that was already added
previously:
Re-adding an existing flow has some effects, for example, it resets the
flow's duration, so it's better to avoid it.
This commit fixes the problem using the same trick previously used for a
similar problem with the "diff-flows" command, which was fixed in commit 98f7f427bf8b ("ovs-ofctl: Avoid printing false differences on "ovs-ofctl
diff-flows".").
Reported-by: Kevin Lin <kevin@quilt.io> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Andy Zhou <azhou@ovn.org>
ovs-ovctl: Fix "OpenFlow versions" in ovs-ofctl -V
Fix the output of "ovs-ofctl -V" to show OpenFlow 1.4 as max supported
versions since OpenFlow 1.4 was enabled by default in commit 8d3485791188 ("OpenFlow: Enable OpenFlow 1.4 by default.")
CC: Ben Pfaff <blp@ovn.org> Signed-off-by: Timothy Redaelli <tredaelli@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Paul Blakey [Wed, 2 Aug 2017 11:17:29 +0000 (14:17 +0300)]
tnl-ports: Open tunnel type if device name has special prefix
There is a race between listening on route changes from route-table
netlink which then calls ovs_router_insert() where it adds the involved
netdev to the tnl-ports map (tnl_port_map_insert_ipdev()),
and netdev_open from from normal opening of the port.
tnl-ports open the netdev as type system (type == NULL) when it doesn't
exists before it is opened normally, e.g from dumping the ports
in dpctl.
This solves 'ovs-dpctl show' EExists error on vxlan ports as both
(dpctl/tnl-ports) will open the ports as vxlan type.
Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Paul Blakey [Sun, 30 Jul 2017 05:01:52 +0000 (08:01 +0300)]
tc: Correct convert ticks to msecs on parsing tc TM
Use sysconf(_SC_CLK_TCK) to read run time "number of clock ticks per
second" and use that to convert ticks to msecs.
This is how iproute does the conversion when parsing tc filters.
The system call is done only once.
Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Acked-by: Joe Stringer <joe@ovn.org> Signed-off-by: Ben Pfaff <blp@ovn.org>
Andy Zhou [Tue, 18 Jul 2017 05:30:01 +0000 (22:30 -0700)]
xlate: Emit datapath clone only when necessary.
Currently the open flow 'clone' action is always translated into
datapath clone. While this is valid translation, the datapath
'clone' action is more expensive and has more restrictions than
not using them.
This patch optimizing the open flow 'clone' translation. Whenever
the open flow actions within the 'clone' is reversible, i.e.
any datapath actions that modifies a packet can be reversed
by using another datapath action. Reversible actions can be
translated without emitting datapath clone.
This patch combines xlate_clone() and compose_clone() into
a single compose_clone() API, since the layering boundary is not
obvious.
Signed-off-by: Andy Zhou <azhou@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Andy Zhou [Sat, 17 Jun 2017 06:39:31 +0000 (23:39 -0700)]
ofproto-dpif: Add boottime support field.
When changing support fields, it may be unsafe to set support level
beyond what datapath can support.
This patch introduce the notion of boot time support and
runtime support fields. Boot time support are set only
once during ofproto start up phase, and not changed during
runtime. The runtime support fields are the same as boot time
support fields at the startup time, but can be changed via
the 'ovs-appctl' command. However, each change will
be checked against the corresponding boot time support field. Only
feature reduction from the boot time support is allowed.
Signed-off-by: Andy Zhou <azhou@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Andy Zhou [Sat, 17 Jun 2017 06:22:32 +0000 (23:22 -0700)]
ofproto-dpif: A new command for changing dpif support fields
dpif support fields contain various datapath capabilities detected
by ofproto at start up time. Usually those fields are read-only,
not intended to be changed at runtime.
However in practice, when writing tests or running experiments, it
becomes necessary to set those fields to emulate different
datapath feature combinations.
Currently there are several separate commands that can be used
defeature individual support fields. This patch generalize those
implementations, provides a single command to change any support
fields. Later patches will remove those individual defeature
commands.
The new command also allow the support fields to be
changed multiple times. Currently defeature commands does not
allow the support level to be restored.
Signed-off-by: Andy Zhou <azhou@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Paul Blakey [Thu, 3 Aug 2017 13:38:23 +0000 (16:38 +0300)]
tc: Refactor nl_msg_put_flower_options
Refactor nl_msg_put_flower_options to be more readable.
This commit doesn't change functionality.
Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Acked-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
ovs-ctl: Remove a leftover restore_interfaces in restart
Since commit c416eaf8c247 ("ovs-ctl: Remove code for upgrading from Open
vSwitch 1.9 and earlier.") the kernel configuration of the specified
network interfaces is not saved anymore for restart command so there is no
need to try to restore it.
CC: Ben Pfaff <blp@ovn.org> Fixes: c416eaf8c247 ("ovs-ctl: Remove code for upgrading from Open vSwitch 1.9 and earlier.") Signed-off-by: Timothy Redaelli <tredaelli@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
pkt_metadata_init() is called for every packet in userspace datapath and
initializes few members in pkt_metadata. Before this the members that
needs to be initialized are prefetched using pkt_metadata_prefetch_init().
The above functions are critical to the userspace datapath performance
and should be in sync. Any changes to the pkt_metadata should also include
changes to metadata_init() and prefetch_init() if necessary.
This commit slightly refactors the pkt_metadata structure and introduces
cache line markers to catch any violations to the structure. Also only
prefetch the cachelines having the members that needs to be zeroed out.
Signed-off-by: Bhanuprakash Bodireddy <bhanuprakash.bodireddy@intel.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
util: Add PADDED_MEMBERS_CACHELINE_MARKER macro to mark cachelines.
PADDED_MEMBERS_CACHELINE_MARKER macro introduces a way to mark
cachelines.
This macro expands to an anonymous union containing cacheline marker,
members in nested anonymous structure, followed by array of bytes that
is multiple of UNIT bytes.
Signed-off-by: Bhanuprakash Bodireddy <bhanuprakash.bodireddy@intel.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Mark Michelson [Wed, 2 Aug 2017 18:43:04 +0000 (13:43 -0500)]
rhel: Use systemd Restart option for ovn-controllers.
This change stops the use of OVS's monitor for the ovn-controller and
ovn-controller-vtep systemd services. Instead, the services use the
systemd Restart option to restart the services automatically if they
fail.
This patch changes the ovn-controller service Type from "oneshot" to
"forking". The Restart option is incompatible with oneshot services. The
patch does not change the ovn-controller-vtep service type from
"simple", however.
Signed-off-by: Mark Michelson <mmichels@redhat.com> Acked-by: Lance Richardson <lrichard@redhat.com> Signed-off-by: Russell Bryant <russell@ovn.org>
Zhenyu Gao [Wed, 2 Aug 2017 21:58:24 +0000 (14:58 -0700)]
netdev-linux: Replace sendmsg with sendmmsg in netdev_linux_send
Sendmmsg can reduce cpu cycles in sending packets to kernel.
Replace sendmsg with sendmmsg in function netdev_linux_send to send
batch packets if sendmmsg is available.
If kernel side doesn't support sendmmsg, will fallback to sendmsg.
ofproto-dpif-ipfix: add support for per-flow drop counters
Patch based on RFC 5102, section 5.10. It implements per-flow drop counters:
- droppedPacketDeltaCount
- droppedPacketTotalCount
- droppedOctetDeltaCount
- droppedOctetTotalCount
In order to determine if packet is going to be dropped, flow actions associated
with packet are read. If at least one of the following conditions is met,
packet is not marked as dropped.
Packet has at least one:
- OVS_ACTION_ATTR_OUTPUT action
- OVS_ACTION_ATTR_CLONE action with nested OVS_ACTION_ATTR_OUTPUT action
- OVS_ACTION_ATTR_SAMPLE action with nested OVS_ACTION_ATTR_OUTPUT action and
sampling probability is set to 100%
Signed-off-by: Przemyslaw Szczerbik <przemyslawx.szczerbik@intel.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Previously, the function would take the curNbl and nextNbl
as inputs, and modify the linked list, and merge the input
linked list with the newly generated newNbl list.
This is confusing for the caller, and the function has
unnecessary logic for merging linked lists that instead
the caller should take care of. This is because the
OvsCreateNewNBLsFromMultipleNBs() is a generic API
that can be used by other functions as well, and its
natural for different callers to have different needs.
This patch refactors the behavior of OvsCreateNewNBLsFromMultipleNBs
to take in the curNbl and lastNbl, and it returns
a linked list of NBLs and sets the HEAD and TAIL of the
new list obtained from the curNbl. If the caller wants
to chain a new linked list at the HEAD or TAIL, it
can make use of the curNbl and lastNbl to do so.
Ben Pfaff [Tue, 11 Jul 2017 18:32:52 +0000 (11:32 -0700)]
ofproto-dpif-xlate: Always process IGMP packets in userspace.
Open vSwitch needs to always process IGMP packets in the userspace slow
path so that they can have their desired side effects. However, userspace
was only applying SLOW_ACTION to IGMP packets in some cases, as opposed to
all cases, which meant that sometimes IGMP packets were ignored. This
fixes that particular problem.
A problem remains: there is a mismatch between userspace support for IGMP
matching and kernel (lack of) support for IGMP matching. This should
probably be handled better. See the original report for more information.
Reported-by: Huanle Han <hanxueluo@gmail.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2017-July/335690.html Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Wed, 2 Aug 2017 22:03:06 +0000 (15:03 -0700)]
Eliminate most shadowing for local variable names.
Shadowing is when a variable with a given name in an inner scope hides a
different variable with the same name in a surrounding scope. This is
generally undesirable because it can confuse programmers. This commit
eliminates most of it.
Found with -Wshadow=local in GCC 7. The repo is not really ready to enable
this option by default because of a few cases that are harder to fix, and
harmless, such as nested use of CMAP_FOR_EACH.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Andy Zhou <azhou@ovn.org>
Ben Pfaff [Thu, 13 Jul 2017 17:15:42 +0000 (10:15 -0700)]
hash: Add "fall through" annotations for 32-bit builds as well.
Commit 73c7216a5329 ("Fix some -Wimplicit-fallthrough warnings building with
GCC 7") missed a few fall through annotations that only appear in 32-bit
builds. This commit adds them.
CC: Timothy Redaelli <tredaelli@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Andy Zhou <azhou@ovn.org>
netdev: Fix netdev_open() to track and recreate classless interfaces
Due to commit 67ac844 an existing issue with OVS persisten ports
surfaced. If we revert the commit we no longer get the error, and
basic traffic will flow. However the wrong netdev class is used, hence
the wrong callbacks get called.
The main issue is with netdev_open() being called with type = NULL
before the interface is actually configured in the system. This patch
tracks these "auto" generated interfaces, and once netdev_open() gets
called with a valid type, re-configures (re-create) it.
Signed-off-by: Eelco Chaudron <echaudro@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
wangqianyu [Wed, 2 Aug 2017 20:36:29 +0000 (13:36 -0700)]
ovn-controller: Monitor port bindings of parent ports.
Neutron configure a trunk-sub port. The parent-port and sub-port located
in different network. there is a vm attached to parent port. And no vm
attached to the network of sub-port in the same chassis. In this
situation, the ovn-controller can not get the configuration info of
sub-port.
The reason is that ovn-controller does not monitor the port-binding with
parent.
This patch fix this bug.
Signed-off-by: wangqianyu <wang.qianyu@zte.com.cn> Signed-off-by: Ben Pfaff <blp@ovn.org>
Huanle Han [Wed, 12 Jul 2017 14:35:58 +0000 (22:35 +0800)]
lacp: enable bond slave immediately after lacp attach
There is a long interval (5~20 seconds) between lacp slave attach
and bond slave enable. During the interval, ovs drop all received
packets from that slave because bond_check_admissibility() check
fails. The root cause is that connectivity_seq is not changed
after lacp update and lacp status is not populated into port->may_enable
by port_run() immediately.
Signed-off-by: Huanle Han <hanxueluo@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
projects / ovs.git / log