Yi-Hung Wei [Wed, 23 Aug 2017 00:52:30 +0000 (17:52 -0700)]
atlocal: Document find_l7_lib()
When a system traffic is skipped due to 'HAVE_FTP = no' or
'HAVE_TFTP = no', it takes some effort to figure out it is due to
missing the required python library. Add some comments around the
find_l7_lib(), so that user can figure that out by
$ git grep HAVE_FTP.
Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com> Signed-off-by: Joe Stringer <joe@ovn.org>
Alin Balutoiu [Tue, 22 Aug 2017 10:47:21 +0000 (10:47 +0000)]
windows, python: Fix event type returned from poller
The function poll from poller should return a list of tuples
containing the events and their types.
On Windows the event type is not returned at the moment.
Instead of returning zero all the time, we check to see
the type of event and we set it accordingly before returning
the list.
This is used only for debugging purposes inside the function
"__log_wakeup" later on.
Signed-off-by: Alin Balutoiu <abalutoiu@cloudbasesolutions.com> Acked-by: Russell Bryant <russell@ovn.org> Acked-by: Alin Gabriel Serdean <aserdean@ovn.org> Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
Justin Pettit [Mon, 7 Aug 2017 21:44:02 +0000 (14:44 -0700)]
ofproto-dpif: Mark packets as "untracked" after call to ct().
Packet and Connection state is only available to the processing path
that follows the "recirc_table" argument of the ct() action. The
previous behavior made these states available until the end of the
pipeline. This commit changes the behavior so that the Packet and
Connection state are cleared for the current processing path whenever
ct() is called (in addition to reaching the end of the pipeline.)
A future commit will remove the behavior that a "send to controller"
action causes all packets for that flow to be handled via the slow-path.
The current behavior of connection tracking state makes that difficult
due to datapath actions containing multiple OpenFlow rules that may
contain different connection tracking states. This change will make
that future commit possible.
Signed-off-by: Justin Pettit <jpettit@ovn.org> Acked-by: Joe Stringer <joe@ovn.org>
Joe Stringer [Thu, 17 Aug 2017 21:26:27 +0000 (14:26 -0700)]
checkpatch: Enforce bracing around conditionals.
The coding style states that BSD-style brace placement should be used,
and even single statements should be enclosed. Add checks to checkpatch
for this, particularly for 'else' statements.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Aaron Conole <aconole@redhat.com>
Lance Richardson [Sat, 19 Aug 2017 20:23:34 +0000 (16:23 -0400)]
ovn: support requested-chassis option for logical switch ports
This patch adds support for a "requested-chassis" option for logical
switch ports. If set, the only chassis that will claim this port is the
chassis identfied by this option; if already bound by another chassis,
it will be released.
The primary benefit of this enhancement is allowing a CMS to prevent
"thrashing" in the southbound database during live migration by keeping
the original chassis from attempting to re-bind a port that is in the
process of migrating.
This would also allow (with some additional work) RBAC to be applied
to the Port_Binding table for additional security.
Signed-off-by: Lance Richardson <lrichard@redhat.com> Signed-off-by: Russell Bryant <russell@ovn.org>
Roi Dayan [Thu, 17 Aug 2017 05:59:10 +0000 (08:59 +0300)]
dpif: Fix cleanup of netdev_ports map
Executing dpctl commands from userspace also calls to
dpif_open()/dpif_close() but not really creating another dpif
but using a clone.
As for netdev_ports map is global we avoid adding duplicate entries
but also need to make sure we are not removing needed entries.
With this commit we make sure only the last dpif close should clean
the netdev_ports map.
Fixes: 6595cb95a4a9 ("dpif: Clean up netdev_ports map on dpif_close().") Signed-off-by: Roi Dayan <roid@mellanox.com> Reviewed-by: Paul Blakey <paulb@mellanox.com> Signed-off-by: Joe Stringer <joe@ovn.org>
Alin Balutoiu [Wed, 16 Aug 2017 15:01:39 +0000 (15:01 +0000)]
python: fix python3 encode/decode on Windows
Fix double encoding/decoding on data, caused by
'get_decoded_buffer' and 'get_encoded_buffer'.
The functions 'get_decoded_buffer' and 'get_encoded_buffer'
from winutils have been removed. They are no longer
necessary since the buffers received/returned are already
in the right form.
The necessary encoding has been moved before any sending
function (this also includes named pipes send on Windows).
Anand Kumar [Tue, 15 Aug 2017 22:29:04 +0000 (15:29 -0700)]
datapath-windows: Do not modify port field for ICMP during SNAT/DNAT
During SNAT/DNAT, we should not be updating the port field of ct_endpoint
struct, as ICMP packets do not have port information. Since port and
icmp_id are overlapped in ct_endpoint struct, icmp_id gets changed.
As a result, NAT look up fails to find a matching entry.
This patch addresses this issue by not modifying icmp_id field during
SNAT/DNAT only for ICMP traffic
The current NAT module doesn't take the ICMP type/code into account
during the lookups. Fix this to make it similar with the other conntrack
module.
Acked-by: Shashank Ram <rams@vmware.com> Acked-by: Alin Gabriel Serdean <aserdean@ovn.org> Signed-off-by: Anand Kumar <kumaranand@vmware.com> Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
Joe Stringer [Tue, 15 Aug 2017 23:15:54 +0000 (16:15 -0700)]
tests: Put maximum timeout on netcat calls.
This was causing test script execution to hang forever on Ubuntu Zesty.
Make sure it times out within 5 seconds, so at least it will fail out
properly.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Flavio Leitner <fbl@sysclose.org>
Joe Stringer [Fri, 11 Aug 2017 18:06:46 +0000 (11:06 -0700)]
ovsdb-idl: Avoid new expression.
In C++, 'new' is a keyword. If this is used as the name for a field,
then C++ compilers can get confused about the context and fail to
compile references to such fields. Rename the field to 'new_datum' to
avoid this issue.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Joe Stringer [Fri, 11 Aug 2017 18:06:45 +0000 (11:06 -0700)]
ovsdb-idl: Avoid mutable type specifier.
In C++, 'mutable' is a keyword. If this is used as the name for a field,
then C++ compilers can get confused about the context and fail to
compile references to such fields. Rename the field to 'is_mutable' to
avoid this issue.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Joe Stringer [Fri, 11 Aug 2017 18:06:44 +0000 (11:06 -0700)]
ovsdb-idl: Avoid class declaration.
In C++, 'class' is a keyword. If this is used as the name for a field,
then C++ compilers can get confused about the context and fail to
compile references to such fields. Rename the field to 'class_' to
avoid this issue.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Paul Blakey [Mon, 7 Aug 2017 15:19:11 +0000 (18:19 +0300)]
netdev-tc-offloads: Offload match on tcp_flags
Add support to offload rules matching on tcp_flags.
Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Acked-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: Joe Stringer <joe@ovn.org>
Paul Blakey [Mon, 7 Aug 2017 15:19:10 +0000 (18:19 +0300)]
tc: Add matching on tcp flags
To be used later for offloading rules matching on tcp_flags.
Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Acked-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: Joe Stringer <joe@ovn.org>
Paul Blakey [Mon, 7 Aug 2017 15:19:09 +0000 (18:19 +0300)]
odp-util: Put tcp_flags value to netlink if value is 0
If tcp_flags value is 0 it isn't put to netlink, even if mask
isn't zero. Fix that so we can have matching on value 0.
Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Acked-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: Joe Stringer <joe@ovn.org>
Paul Blakey [Mon, 7 Aug 2017 15:19:08 +0000 (18:19 +0300)]
netdev-tc-offloads: Add nw_ttl matching using flower
Add matching (put/dump) on ip layer ttl.
Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Acked-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: Joe Stringer <joe@ovn.org>
Paul Blakey [Mon, 7 Aug 2017 15:19:07 +0000 (18:19 +0300)]
match: Add helper function to set nw_ttl with mask
Add help function match_set_nw_ttl_masked()
Will be used later to set ttl value.
Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Acked-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: Joe Stringer <joe@ovn.org>
Paul Blakey [Mon, 7 Aug 2017 15:19:06 +0000 (18:19 +0300)]
tc: Add ip layer ttl matching
Add matching on ip layer ttl, to be used later.
Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Acked-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: Joe Stringer <joe@ovn.org>
Paul Blakey [Mon, 7 Aug 2017 15:19:05 +0000 (18:19 +0300)]
compat: Update tc compatibility header
Update to include up to flower ttl matching.
Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Acked-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: Joe Stringer <joe@ovn.org>
Joe Stringer [Thu, 10 Aug 2017 00:18:22 +0000 (17:18 -0700)]
netdev: Free ifidx mapping in netdev_ports_remove().
Previously, netdev_ports_insert() would allocate and insert an
ifindex->odp_port mapping, but netdev_ports_remove() would never remove
the mapping or free the mapping structure. This patch fixes these up.
Fixes: 32b77c316d9982("dpif: Save added ports in a port map.") Reported-by: Andy Zhou <azhou@ovn.org> Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Andy Zhou <azhou@ovn.org>
Russell Bryant [Thu, 10 Aug 2017 20:18:06 +0000 (16:18 -0400)]
sandbox: Add ports to br-int in ovn-setup.
ovs-sandbox comes with a script to quickly set up a simple
OVN configuration, ovn-setup.sh. This script set up config in the OVN
northbound database, but didn't create the corresponding ports on
br-int. Add that to save another step in provisioning this simple
environment.
Add "ovn-sbctl show" output as well, to follow the existing "ovn-nbctl
show" output.
Signed-off-by: Russell Bryant <russell@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Lance Richardson [Thu, 10 Aug 2017 20:41:19 +0000 (16:41 -0400)]
travis: parallel builds and tests
Some recent travis builds have failed due to having exceeded the
per-job time limit of 50 minutes. This change enables parallel
builds and parallel test execution in order to reduce overall
execution time, and will hopefully allow this class of build
failures to be avoided.
Since the travis build environment is provisioned with two CPUs,
use -j2 for builds and -j4 for tests. Testing in a cloned repository
shows slightly more than a 50% reduction in overall test time.
Signed-off-by: Lance Richardson <lrichard@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Aaron Conole [Wed, 9 Aug 2017 20:00:53 +0000 (16:00 -0400)]
netdev-dpdk: include dpdk PCI header directly
As part of a devargs rework in DPDK, the PCI header file was removed, and
needs to be directly included. This isn't required to build with 17.05 or
earlier, but will be required should a future update happen.
Darrell Ball [Thu, 10 Aug 2017 20:22:16 +0000 (13:22 -0700)]
dp-packet: Reset DPDK hwol flags on init.
Reset the DPDK hwol flags in dp_packet_init_. The new hwol bad checksum
flag is uninitialized for non-dpdk ports and this is noticed as test
failures using netdev-dummy ports, when built with the --with-dpdk
flag set. Hence, in this case, packets may be falsely marked as having a
bad checksum. The existing APIs are simplified at the same time by
making them specific to either DPDK or otherwise; they also now
manage a single field.
aaron conole [Wed, 9 Aug 2017 20:36:53 +0000 (16:36 -0400)]
redhat: add vfio udev rules
This commit builds on the non-root ovs work and adds a udev rule which will
automatically set the group permissions of vfio devices.
Fixes: e3e738a3d058 ("redhat: allow dpdk to also run as non-root user") Signed-off-by: Aaron Conole <aconole@redhat.com> Signed-off-by: Russell Bryant <russell@ovn.org>
Joe Stringer [Wed, 9 Aug 2017 20:37:51 +0000 (13:37 -0700)]
checkpatch: Fix matching on C filenames.
Most of the prerequisite checks so far matched on filenames that ended
in some character followed by 'c' or 'h', rather than a filename that
ends in '.c' or '.h'. Fix this.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Joe Stringer [Wed, 9 Aug 2017 20:37:50 +0000 (13:37 -0700)]
checkpatch: Check for infix operator whitespace.
The 'Expressions' section of the coding style specifies that one space
should be on either side of infix binary and ternary operators. This
adds a check to checkpatch.py for most of these.
The regex won't match if there are speech marks on the line, because
the style should not apply to the contents of strings.
This check is left at warning level because there isn't a good way to
determine whether a line is within a multiline comment or string, so it
will occasionally flag such lines which contain hyphenated words.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Joe Stringer [Wed, 9 Aug 2017 00:10:58 +0000 (17:10 -0700)]
dpif: Clean up netdev_ports map on dpif_close().
Commit 32b77c316d9982("dpif: Save added ports in a port map.")
introduced tracking of all dpif ports by taking a reference on each
available netdev when the dpif is opened, but it failed to clear out and
release references to these netdevs when the dpif is closed.
One of the problems introduced by this was that upon clean exit of
ovs-vswitchd via "ovs-appctl exit --cleanup", the "ovs-netdev" device
was not deleted. This which could cause problems in subsequent start up.
Commit 5119e258da92 ("dpif: Fix cleanup of userspace datapath.") fixed
this particular problem by not adding such devices to the netdev_ports
map, but the referencing/unreferencing upon dpif_open()/dpif_close() is
still not balanced.
Balance the referencing of netdevs by clearing these during dpif_close().
Fixes: 32b77c316d9982("dpif: Save added ports in a port map.") Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Andy Zhou <azhou@ovn.org>
Ensure that JSON is utf-8 encoded and that bytes sent/received on
the stream sockets are in utf-8 form. Add a test case to verify
that unicode data can be sent/received successfully using Python
IDL module.
Co-authored-by: Terry Wilson <twilson@redhat.com> Signed-off-by: Terry Wilson <twilson@redhat.com> Signed-off-by: Lance Richardson <lrichard@redhat.com> Signed-off-by: Russell Bryant <russell@ovn.org>
Ben Pfaff [Tue, 6 Jun 2017 01:04:50 +0000 (18:04 -0700)]
ofproto-dpif-ipfix: Use common OVS functions for getting current time.
OVS has common infrastructure functions for getting the current time, but
this code was not using them. It is not clear why, so this commit changes
it to use them.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Andy Zhou <azhou@ovn.org>
Yi Yang [Tue, 8 Aug 2017 06:55:05 +0000 (14:55 +0800)]
Remove duplicate description about Experimenter classes
commit 3d2fbd70bda514f7327970b859663f34f994290c brought
duplicate description about Experimenter classes
ONFOXM_ET and NXOXM_NSH in lib/meta-flow.xml, branch-2.8
has the same issue.
Signed-off-by: Yi Yang <yi.y.yang@intel.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Paul Blakey [Tue, 8 Aug 2017 14:03:12 +0000 (17:03 +0300)]
netdev-vport: Always implement get_ifindex for netdev-vport
Always implement get_ifindex without checking if offload is
enabled or not as this should not be related. From ovs-dpctl
we cannot tell if offload is enabled or not as other_config is
not being read.
Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Darrell Ball [Wed, 9 Aug 2017 06:57:36 +0000 (23:57 -0700)]
travis: Fix DPDK builds in new environment.
The following error is seen:
17.05.1/build/build/lib/librte_eal/linuxapp/igb_uio/igb_uio.c:29:
/home/travis/build/darball/ovs/linux-3.16.46/arch/x86/include/asm/
dma-mapping.h:32:35: error: inlining failed in call to ‘get_dma_ops’:
call is unlikely and code size would grow [-Werror=inline]
-Wno-error=inline is used to address the issues with
the new environment.
Suggested-by: Ben Pfaff <blp@ovn.org> Signed-off-by: Darrell Ball <dlu998@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Tue, 8 Aug 2017 23:37:15 +0000 (16:37 -0700)]
netdev-dummy: Close pcap files when dummy device is closed.
Fixes a fd leak.
Reported-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Daniel Alvarez [Fri, 21 Jul 2017 15:28:24 +0000 (15:28 +0000)]
netdev: check for NULL fields in netdev_get_addrs
When the interfaces list is retrieved through getiffaddrs(), there
might be elements with iface_name set to NULL.
This patch checks ifa_name to be not NULL before comparing it to the
actual device name in the loop that calculates how many interfaces
exist with that same name.
Also, this patch checks that ifa_netmask is not NULL for coherence
with the existing code so that it doesn't allocate more memory
than needed if this field is NULL.
Note, that these checks are already being done later in the function
so it should be done in both places.
Signed-off-by: Daniel Alvarez <dalvarez@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Lance Richardson <lrichard@redhat.com>
Ben Pfaff [Tue, 8 Aug 2017 23:11:46 +0000 (16:11 -0700)]
ofp-print: #include its own header first.
The OVS coding style document says that a .c file should include the
corresponding .h file first, to ensure that the .h file includes all of
its dependencies, but this file didn't do that.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Joe Stringer <joe@ovn.org>
Joe Stringer [Tue, 8 Aug 2017 21:30:28 +0000 (14:30 -0700)]
include: Add struct declaration to ofp-print.h.
If a libopenvswitch user includes ofp-print.h before ofp-util.h (which
is standard alphabetical order), and turns on -Werror, then they would
hit this compilation error in the include:
error: 'struct ofputil_port_map' declared inside parameter list will not
be visible outside of this definition or declaration [-Werror]
void ofp_print(FILE *, const void *, size_t *, const struct ofputil_port_map *,
Fixes: 50f96b10e1c8 ("Support accepting and displaying port names in OVS tools.") Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Tue, 8 Aug 2017 23:02:20 +0000 (16:02 -0700)]
m4: Add pkg.m4 from pkg-config.
This way, users do not have to install the m4 file from pkg-config, which
was not previously a requirement. Without this change, "configure" fails
when pkg.m4 is not available via aclocal:
./configure: line 26189: `Â Â Â Â Â Â Â PKG_CHECK_MODULES(DPDK, libdpdk,'
Reported-by: Alin Serdean <aserdean@cloudbasesolutions.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Ben Pfaff [Fri, 14 Jul 2017 04:42:54 +0000 (21:42 -0700)]
ovs-vsctl-bashcomp: Make compatible with busybox "awk".
It seems that awk in busybox doesn't think that an empty string is part of
a larger string, but that GNU awk does. This commit adds an extra test to
make _ovs_vsctl_check_startswith_string work either way.
This allows the following tests to pass with busybox awk:
vsctl bashcomp unit tests
7: vsctl-bashcomp - basic verification ok
8: vsctl-bashcomp - argument completion ok
Reported-by: Stuart Cardall <developer@it-offshore.co.uk> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Lance Richardson <lrichard@redhat.com>
aaron conole [Fri, 4 Aug 2017 17:00:57 +0000 (13:00 -0400)]
redhat: allow dpdk to also run as non-root user
After this commit, users may start a dpdk-enabled ovs setup as a
non-root user. This is accomplished by exporting the $HOME directory,
which dpdk uses to fill in it's semi-persistent RTE configuration.
This change may be a bit controversial since it modifies /dev/hugepages
as part of starting the ovs-vswitchd to set a hugetlbfs group
ownership. This is used to enable writing to /dev/hugepages so that the
dpdk_init will successfully complete. There is an alternate way of
accomplishing this - namely to initialize DPDK before dropping
privileges. However, this would mean that if DPDK ever grows an uninit
/ reinit function, non-root ovs likely could never use it.
This does not change OvS+DPDK's SELinux requirements. It still must be
disabled.
Signed-off-by: Aaron Conole <aconole@redhat.com> Signed-off-by: Russell Bryant <russell@ovn.org>
aaron conole [Fri, 4 Aug 2017 17:00:56 +0000 (13:00 -0400)]
redhat: dynamic service file for vswitchd
This commit changes the service file from static configuration to an
autogenerated file, produced during the build. This will be relevant in a
future commit.
Signed-off-by: Aaron Conole <aconole@redhat.com> Signed-off-by: Russell Bryant <russell@ovn.org>
aaron conole [Fri, 4 Aug 2017 17:00:55 +0000 (13:00 -0400)]
dpdkstrip: add a preprocessor tool for stripping dpdk blocks
Normally, in C code, pre-processing macros can be used to enable/disable
specific functionality based on switches passed to configure. This works
for DPDK using the --with-dpdk flag, which sets the DPDK_NETDEV define to
the appropriate value.
However, not all files are processed with the C pre-processor. For those
files which are not, this commit adds a new pre-processor tool for .in
files to either include or exclude those stanzas as appropriate.
Signed-off-by: Aaron Conole <aconole@redhat.com> Signed-off-by: Russell Bryant <russell@ovn.org>
aaron conole [Fri, 4 Aug 2017 17:00:54 +0000 (13:00 -0400)]
redhat: dynamically allocate and reference ovs user
After this commit, the fedora RPM will create the openvswitch user, from the
non-static pool, for use as an Open vSwitch daemon user. This only happens
on install - not upgrade. This will be the default user:group
combination for the openvswitch daemons.
To do this in a way that doesn't impact existing installations, the
/etc/openvswitch directory will be created during the installation,
rather than being provided as part of the rpm.
aaron conole [Fri, 4 Aug 2017 17:00:53 +0000 (13:00 -0400)]
redhat: allow arbitrary user:group
Under rpm based distributions, the only user:group that the rhel daemons run
as is 'root:root'. This is fine as a default, but as part of a security
procedure, users may want to run as an alternate uid/gid. This commit
adds an OVS_USER_ID environment variable for systemd, which defaults to
root:root, but can be overridden by changing the /etc/sysconfig/openvswitch
environment file.
Joe Stringer [Mon, 7 Aug 2017 21:58:45 +0000 (14:58 -0700)]
system-kmod-macros: Load TFTP module.
Just like the FTP module needs to be loaded to ensure that the FTP tests
work, the TFTP module needs to be loaded to ensure that the TFTP tests
work. This patch does so.
Fixes: 200a9af97d1c ("System tests: Add 4 new ftp and tftp tests.") Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Andy Zhou <azhou@ovn.org>
acinclude: Also support pkg-config for configuring dpdk.
If available use dpdk pkg-config info of libdpdk to set the right
include paths.
That for example, allows packagers to provide non default include
paths in a common way (pkg-config).
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com> Suggested-by: Luca Boccassi <luca.boccassi@gmail.com> Acked-by: Luca Boccassi <luca.boccassi@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Joe Stringer [Mon, 31 Jul 2017 23:54:22 +0000 (16:54 -0700)]
ofproto-dpif-upcall: Fix key attr iteration.
This call is operating on messages generated by the datapath. If a
datapath implementation sends improperly formatted netlink attributes,
then it's possible for a revalidator thread to end up trapped in an
infinite loop iterating across these attributes. Rather than using the
UNSAFE variation of this iterator, use the regular version.
Fixes: 994fcc5a15d3 ("upcall: Check for recirc_id in ukey_create_from_dpif_flow()") Signed-off-by: Joe Stringer <joe@ovn.org> Reviewed-by: Greg Rose <gvrose8192@gmail.com> Acked-by: Ben Pfaff <blp@ovn.org>
Joe Stringer [Mon, 31 Jul 2017 23:54:21 +0000 (16:54 -0700)]
ofproto-dpif-upcall: Fix action attr iteration.
This calls is operating on messages generated by the datapath. If a
datapath implementation sends improperly formatted netlink attributes,
then it's possible for a revalidator thread to end up trapped in an
infinite loop iterating across the actions attributes. Rather than using
the UNSAFE variation of this iterator, use the regular version.
Fixes: e672ff9b4d22 ("ofproto-dpif: Restore metadata and registers on recirculation.") Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Jan Scheurich [Sat, 5 Aug 2017 05:41:12 +0000 (13:41 +0800)]
NSH unit test cases using encap and decap actions
With the support of generic encap and decap actions for Ethernet and NSH
it is now possible to build test cases that mimic realistic OVS
configurations and OF pipelines for Service Function Chaining. Packets
are being encapsulated in NSH, forwarded based on NSH headers, sent over
Ethernet links and VXLAN-GPE tunnels, and decapsulated at the end of
a service chain.
Signed-off-by: Jan Scheurich <jan.scheurich@ericsson.com> Signed-off-by: Yi Yang <yi.y.yang@intel.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Jan Scheurich [Sat, 5 Aug 2017 05:41:11 +0000 (13:41 +0800)]
Generic encap and decap support for NSH
This commit adds translation and netdev datapath support for generic
encap and decap actions for the NSH MD1 header. The generic encap and
decap actions are mapped to specific encap_nsh and decap_nsh actions
in the datapath.
The translation follows that general scheme that decap() of an NSH
packet triggers recirculation after decapsulation, while encap(nsh)
just modifies struct flow and sets the ctx->pending_encap flag to
generate the encap_nsh action at the next commit to be able to include
subsequent set_field actions for NSH headers.
Support for the flexible MD2 format using TLV properties is foreseen
in encap(nsh), but not yet fully implemented.
The CLI syntax for encap of NSH is
encap(nsh(md_type=1))
encap(nsh(md_type=2[,tlv(<tlv_class>,<tlv_type>,<hex_string>),...]))
Signed-off-by: Jan Scheurich <jan.scheurich@ericsson.com> Signed-off-by: Yi Yang <yi.y.yang@intel.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Jan Scheurich [Sat, 5 Aug 2017 05:41:08 +0000 (13:41 +0800)]
userspace: Add support for NSH MD1 match fields
This patch adds support for NSH packet header fields to the OVS
control plane and the userspace datapath. Initially we support the
fields of the NSH base header as defined in
https://www.ietf.org/id/draft-ietf-sfc-nsh-13.txt
and the fixed context headers specified for metadata format MD1.
The variable length MD2 format is parsed but the TLV context headers
are not yet available for matching.
The NSH fields are modelled as experimenter fields with the dedicated
experimenter class 0x005ad650 proposed for NSH in ONF. The following
fields are defined:
Co-authored-by: Johnson Li <johnson.li@intel.com> Signed-off-by: Yi Yang <yi.y.yang@intel.com> Signed-off-by: Jan Scheurich <jan.scheurich@ericsson.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Darrell Ball [Sun, 6 Aug 2017 17:51:17 +0000 (10:51 -0700)]
System tests: Add 4 new ftp and tftp tests.
In order to have full coverage of ALGs for the userspace
datapath, it is necessary to add 4 new tests. Three of these will
cover passive ftp, including basic V6 passive ftp, V4 passive ftp
with NAT and sequence skew and V6 passive ftp with NAT. The last
test will cover tftp with NAT. Before these additions, there was
only one part of one test covering passive ftp without NAT and
one basic tftp test without NAT.
Signed-off-by: Darrell Ball <dlu998@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Darrell Ball [Sun, 6 Aug 2017 17:51:13 +0000 (10:51 -0700)]
Userspace Datapath: Introduce conn_key_cmp().
A new function conn_key_cmp() is introduced and used to replace
memcmp of conn_keys. Given that OVS runs on with many compilers and
on many architectures, it seems prudent to avoid memcmp in case
existing and future holes in conn_key are not handled by a given
compiler for a given architecture.
Signed-off-by: Darrell Ball <dlu998@gmail.com> Suggested-by: Ben Pfaff <blp@ovn.org> Signed-off-by: Ben Pfaff <blp@ovn.org>
We had a note about the issues with adding OVS interfaces
in the "auto" section. This commit clarifies what an
"auto" section is and also adds another note about
how adding OVS bridges in the "auto" section can cause
race conditions with systemd.
Signed-off-by: Gurucharan Shetty <guru@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
ovs-bugtool: Run the 'dmesg' command without condition.
Currently we look for files with the name of "dmesg"
in "/var/log". If it exists, we don't run the command
"dmesg". This is unreliable as the file does not always
contain the latest dmesg information.
Since OVS kernel module emits information to dmesg,
we need this information to debug bugs. So always
run the "dmesg" command and collect its output.
Signed-off-by: Gurucharan Shetty <guru@ovn.org> Reviewed-by: Greg Rose <gvrose8192@gmail.com> Tested-by: Greg Rose <gvrose8192@gmail.com> Acked-by: Ben Pfaff <blp@ovn.org>
ovs-bugtool: Collect OVS logs with "--ovs" option.
ovs-bugtool collects a lot of data. This can be time
consuming and can end up collecting a lot of redundant data.
A option "--ovs" was added a while ago to only collect
OVS relevent data. We missed adding the OVS logs to this
filter.
Signed-off-by: Gurucharan Shetty <guru@ovn.org> Reviewed-by: Greg Rose <gvrose8192@gmail.com> Tested-by: Greg Rose <gvrose8192@gmail.com> Acked-by: Ben Pfaff <blp@ovn.org>
Paul Blakey [Mon, 7 Aug 2017 04:32:02 +0000 (07:32 +0300)]
netdev-vport: Always implement get_ifindex for netdev-vport
Always implement get_ifindex without checking if offload is
enabled or not as this should not be related. From ovs-dpctl
we cannot tell if offload is enabled or not as other_config is
not being read.
Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Roi Dayan [Sun, 6 Aug 2017 07:54:59 +0000 (10:54 +0300)]
netdev-tc-offloads: Fix parsing SCTP in dump flows
After splitting the unions of tcp/udp the sctp was forgotten
when parsing flower back to match.
Fixes: 2b1d9fa90909 ("tc: Split IPs and transport layer ports unions in flower struct") Signed-off-by: Roi Dayan <roid@mellanox.com> Reviewed-by: Paul Blakey <paulb@mellanox.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Simon Horman <simon.horman@netronome.com>
ovn-controller: use idl indexes for logical datapath
Use IDL index to iterate over all logical ports in a given logical
datapath, avoiding the overhead of creating/destroying an indexing
data structure in each iteration of the ovn-controller main loop.
Signed-off-by: Lance Richardson <lrichard@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
ovn-controller: use idl indexes for logical port table
Use IDL index for logical port table lookups, avoiding the overhead
of creating/destroying an index hmap for each iteration of the
ovn-controller main loop.
Signed-off-by: Lance Richardson <lrichard@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
ovn-controller: use idl index for multicast group table
Use IDL index for multicast group table lookups, avoiding the overhead
of creating/destroying an index hmap for each iteration of the
ovn-controller main loop.
Signed-off-by: Lance Richardson <lrichard@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
ovsdb-idl: Autogenerated functions for compound indexes
Generates and fills in the default comparators for columns with
type int, real, string. Also creates the macros that allow
iteration over the contents of the index, and perform
queries.