Ben Pfaff [Fri, 9 May 2014 21:12:06 +0000 (14:12 -0700)]
ofp-util: Remove ofputil_get_phy_port_size().
The size is not fixed for OpenFLow 1.4 and later, so it's a little
deceptive to return any particular value. This function was only used in
one place, so move it inline there.
Ben Pfaff [Thu, 8 May 2014 06:35:35 +0000 (23:35 -0700)]
ofp-util: Reduce duplicate code.
ofputil_put_phy_port() and ofputil_append_port_desc_stats_reply() had a
lot of code duplication. This reduces it: it deletes some specialized
code from ofputil_put_phy_port(), moving it into its caller
ofputil_put_switch_features_port() that actually needed it. That change
then allows ofputil_append_port_desc_stats_reply() to become a simple
wrapper around ofputil_put_phy_port().
Ben Pfaff [Sat, 10 May 2014 02:29:56 +0000 (19:29 -0700)]
ofp-util: Generalize functions for parsing OF1.3+ properties.
The main effect is to move these functions a little earlier in the file.
Also, OpenFlow 1.4 changed the table-features specific error codes to new
values that apply to all property sets, so this commit updates the error
code names and adds the appropriate OpenFlow 1.4+ codes.
Ben Pfaff [Thu, 8 May 2014 04:39:00 +0000 (21:39 -0700)]
ofp-util: Remove ofputil_count_phy_ports().
It's harder to calculate the number of ports in a given amount of space in
OpenFlow 1.4 and later, because the ofp_port structure becomes variable
length in those versions. This commit removes the one caller, replacing
it by a version that doesn't need to know the number of ports in advance.
Ben Pfaff [Fri, 9 May 2014 04:20:22 +0000 (21:20 -0700)]
ovs-ofctl: Fix port lookup and "ovs-ofctl" behavior for OpenFlow 1.3+.
ovs-ofctl supports using port names in commands that operate on ports. It
does this by connecting to the switch, listing the ports, and picking out
the one with the specified name. However, this didn't work properly for
OpenFlow 1.3+, because it always used an OFPT_FEATURES_REQUEST to list the
ports, and in OpenFlow 1.3+ the reply to this request does not include a
list of ports. This commit fixes the problem (using code that previously
was just a fallback when there were too many ports to fit in an
OFPT_FEATURES_REPLY).
For similar reasons, "ovs-ofctl show" wasn't listing the switch's ports
when it connected to a switch over OpenFlow 1.3 or later. This commit
fixes that bug also.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Conflicts:
utilities/ovs-ofctl.c
Anoob Soman [Wed, 14 May 2014 13:32:16 +0000 (14:32 +0100)]
ofproto-dpif-xlate: Fix null pointer dereference
actions (in xlate_actions__) would be NULL when xlate_actions()
is called from packet_out()->ofproto_dpif_execute_actions().
This causes a NULL pointer to be dereferenced when
ctx.xbridge->netflow is set.
Signed-off-by: Anoob Soman <anoob.soman@citrix.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Simon Horman [Tue, 13 May 2014 05:46:18 +0000 (14:46 +0900)]
datapath: Free skb(s) on recirculation error
This patch attempts to ensure that skb(s) are always freed (once)
if if an error occurs in execute_recirc(). It does so in two ways:
1. Ensure that execute_recirc() always consimes skb passed to it.
Specifically, free the skb if the call to ovs_flow_extract() fails.
2. Return from the recirc case in execute_recirc() whenever
the skb has not been cloned immediately above.
This is only the case if the action is both the last action and the
keep_skb parameter of execute_recirc is not true. As it is the last
action and the skb is consumed one way or another by execute_recirc() it
is correct to return here. In particular this avoids the possibility of
the skb, which has been consumed by execute_recirc() from being freed.
Conversely if this is not the case then the skb has been cloned
and the clone has been consumed by execute_recirc().
This leads to three sub-cases:
* If execute_recirc() returned an error code then the original skb
will be freed by the error handling code below the case statement in
do_execute_actions().
* If this is not the last action then action processing will continue,
using the original skb.
* If this is the last action then it must also be the case that keep_skb
is true (otherwise the skb would not have been cloned). Thus
do_execute_actions() will return without freeing the original skb.
Signed-off-by: Simon Horman <horms@verge.net.au>
[jesse: use kfree_skb instead of consume_skb on error path] Signed-off-by: Jesse Gross <jesse@nicira.com>
Jarno Rajahalme [Mon, 12 May 2014 06:38:44 +0000 (23:38 -0700)]
lib/classifier: Fix array splicing.
Array splicing was broken when multiple elements were being moved,
resulting in the priority order being mixed. This came up when the
highest priority rule from a subtable was removed and the subtable
needed to be moved down the priority list by more than one position.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Thomas Graf [Thu, 8 May 2014 18:45:25 +0000 (20:45 +0200)]
ovs-ctl: Don't decrease max open fds if already set higher
A user may set LimitNOFILE through systemd or other means to set
the maximum number of open file descriptors. Only modify the ulimit
if not already set to a higher value by the user.
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Andy Gospodarek <gospo@redhat.com>
Andy Zhou [Wed, 7 May 2014 05:31:00 +0000 (22:31 -0700)]
bond: raise minimal bond distribution per interface
Raise the minimal per interface packet distribution from 7 to 24.
With 256 packet distributing to 3 interfaces, the expected packets per
interface should be 256/3 = 85.3
Tested with 200 runs, the average number of packet sent to a single
interface is 85.9. close to the expected number, standard deviation
within the 200 run is 24.4. Tested with 2x standard deviation with
10K test runs, got around 0.1% failure rate. 2.5x standard deviation
passes 100K test runs without failure.
Using 2.5x for the unit test, 83.5 - 2.5 * 24.4, Round down to the
whole number of 24.
Signed-off-by: Andy Zhou <azhou@nicira.com> Reviewed-by: YAMAMOTO Takashi <yamamoto@valinux.co.jp>
Joe Stringer [Sun, 4 May 2014 22:14:18 +0000 (10:14 +1200)]
tunnel: Fix bug where misconfiguration persists.
Previously, misconfiguring a tunnel port to use the exact same settings
would cause the corresponding netdev to never be destroyed. When
attempting to re-use the port as a different type, this would fail and
result in a discrepancy between reported port type and actual netdev in
use.
An example configuration that would previously give unexpected behaviour:
ovs-vsctl add-port br0 p0 -- set int p0 type=gre options:remote_ip=1.2.3.4
ovs-vsctl add-port br0 p1 -- set int p1 type=internal
ovs-vsctl set int p1 type=gre options:remote_ip=1.2.3.4
ovs-vsctl set int p1 type=internal
The final command would report in the ovs-vswitchd logs that it is
attempting to configure the port with the same gre settings as p0,
despite the command specifying the type as internal. Even after
deleting and re-adding the port, the message would reappear.
This patch fixes the bug by dereferencing the netdev in the failure
case of tnl_port_add__(), and ensures that the tnl_port structure is
freed in that case as well.
Ben Pfaff [Wed, 7 May 2014 20:14:45 +0000 (13:14 -0700)]
lacp: Really fix mutex initialization.
Commit 2a3fb0aa3c (lacp: Don't lock potentially uninitialized mutex in
lacp_status().) fixed one bug related to acquiring the file scope 'mutex'
without initializing it. However, there was at least one other, in
lacp_unixctl_show(). One could just fix that one problem, but that leaves
the possibility that I might have missed one or two more. This commit
fixes the problem for good, by adding a helper that initializes the mutex
and then acquires it.
It's not entirely clear why 'mutex' is a recursive mutex. I think that it
might be just because of the callback in lacp_run(). An alternate fix,
therefore, would be to eliminate the callback and therefore the need for
runtime initialization of the mutex.
Bug #1245659. Reported-by: Jeffrey Merrick <jmerrick@vmware.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
Added a Tunnel table to the VTEP schema that allows
per-tunnel BFD configuration and status to be specified.
Removed the BFD configuration/status from the
Physical_Locator table.
Signed-off-by: Ashwin Swaminathan <ashwinds@arista.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Bruce Davie <bdavie@vmware.com>
Alex Wang [Wed, 7 May 2014 06:46:39 +0000 (23:46 -0700)]
bfd: Update bfd status on bfd creation and deletion.
Commit 88bf179aa3 (bfd/cfm: Check status change before update
status to database.) used a boolean flag to trigger bfd status
update. However, the flag is not set on bfd creation and deletion.
To prevent any stale status in database, this commit makes bfd module
always set the flag on bfd creation and deletion.
Signed-off-by: Alex Wang <alexw@nicira.com> Acked-by: Ethan Jackson <ethan@nicira.com>
Alex Wang [Wed, 7 May 2014 06:21:36 +0000 (23:21 -0700)]
cfm: Update cfm status on cfm creation and deletion.
Commit 88bf179aa3 (bfd/cfm: Check status change before update
status to database.) used a boolean flag to trigger cfm status
update. However, the flag is not set on cfm creation and deletion.
And this causes stale status in database which may confuse users.
This commit fixes the issue by making cfm module trigger status
update on creation and deletion.
Ben Pfaff [Wed, 30 Apr 2014 17:45:16 +0000 (10:45 -0700)]
rconn: Preserve the name of an unreliable connection beyond disconnection.
An rconn has a human-readable name that typically designates both endpoints
of the connection. For a "reliable" rconn, that automatically reconnects,
the name remains constant regardless of whether the rconn is currently
connected. Until now, though, an "unreliable" rconn, that cannot
automatically reconnect, kept its name only until disconnection occurred.
This is OK for the uses currently in the OVS tree, which only use the name
of a rconn while it is connected, but an upcoming commit will add a final
log message following disconnection in some cases, and it makes the log
messages less useful if unreliable rconns just report "void" in that case.
This commit, therefore, modifies the rconn code so that unreliable rconns
preserve their names past disconnection, just like reliable ones.
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Alex Wang <alexw@nicira.com>
Andy Zhou [Mon, 28 Apr 2014 22:46:30 +0000 (15:46 -0700)]
netdev-linux: favor netlink stats for physical ports
Currently physical ports stats are collected from kernel datapath.
However, those counter do not reflect actual wire packet counters
when GSO, TSO or GRO are enabled by the NIC. In the meantime, the
stats collected form routing stack does. While both stats are valid,
Reporting kernel netdev stats for packet counts and byte counts make
it easier to correlate those numbers with external measurements.
Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Alex Wang [Thu, 1 May 2014 17:53:48 +0000 (10:53 -0700)]
netdev-vport: Checks tunnel status change when route-table is reset.
Commit 3e912ffcbb (netdev: Add 'change_seq' back to netdev.) added per-
netdev change number for indicating status change. Future commits used
this change number to optimize the netdev status update to database.
However, the work also introduced the bug in the following scenario:
- assume interface eth0 has address 1.2.3.4, eth1 has adddress 10.0.0.1.
- assume tunnel port p1 is set with remote_ip=10.0.0.5.
- after setup, 'ovs-vsctl list interface p1 status' should show the
'tunnel_egress_iface="eth1"'.
- now if the address of eth1 is change to 0 via 'ifconfig eth1 0'.
- expectedly, after change, 'ovs-vsctl list interface p1 status' should
show the 'tunnel_egress_iface="eth0"'
However, 'tunnel_egress_iface' will not be updated on current master.
This is in that, the 'netdev-vport' module corresponding to p1 does
not react to routing related changes.
To fix the bug, this commit adds a change sequence number in the route-
table module and makes netdev-vport check the sequence number for
tunnel status update.
Alex Wang [Thu, 3 Apr 2014 20:27:22 +0000 (13:27 -0700)]
bridge: Allow users to configure statistics update to OVSDB.
This commit adds a new configuration "stats-update-interval" in
"other_config" of Open_Vswitch table. So users can control the
statistics update frequency. A possible use case is that, users
can lower the update frequency to reduce the cpu consumption of
the ovs-vswitchd thread.
The configured value should always be greater than or equal to
5000 ms. And more frequent statistics update should be achieved
via OpenFlow.
Signed-off-by: Alex Wang <alexw@nicira.com> Acked-by: Joe Stringer <joestringer@nicira.com>
Alex Wang [Fri, 4 Apr 2014 01:31:13 +0000 (18:31 -0700)]
ofproto-dpif-monitor: Fix deadlock.
Commit 6b59b543 (ovs-thread: Use fair (but nonrecursive)
rwlocks on glibc.) changed the rwlocks to nonrecursive,
writer-biased lock. It also made the following deadlock
possible.
Assume BFD is used on both end of a link. Consider the
following events:
1. Handler at one end received the BFD control packet with
POLL flag set while holding the read lock of 'xlate_rwlock'.
Since a BFD control packet with FINAL flag set should be
sent back immediately, it calls the
ofproto_dpif_monitor_port_send_soon(), in which, it tries
to grab the 'monitor_mutex'.
2. The main thread needs to configure the ofproto-dpif-xlate
module. It tries to grab the write lock of 'xlate_rwlock'
and is blocked by event 1.
3. The monitor thread, after acquired the 'monitor_mutex',
wants to acquire the read lock of 'xlate_rwlock'.
Since the rwlock is now writer-biased, the attempt of acquiring
read lock in event 3 will be blocked by event 2. This will
subsequently cause the block of event 1, since monitor thread
is holding the 'monitor_mutex'. So the deadlock happens.
This commit resolves the above issue by removing the requirement of
acquiring 'monitor_mutex' in ofproto_dpif_monitor_port_send_soon().
Signed-off-by: Alex Wang <alexw@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Alexandru Copot [Fri, 2 May 2014 06:54:27 +0000 (09:54 +0300)]
Add basic implementation for OpenFlow 1.4 bundles
This is only the communication part of the bundles functionality.
The actual message pre-validation and commits are not implemented.
We also enable OF1.4 for all the tests.
Signed-off-by: Alexandru Copot <alex.mihai.c@gmail.com> Cc: Daniel Baluta <dbaluta@ixiacom.com>
[blp@nicira.com made ofputil_decode_bundle_add() more obviously correct] Signed-off-by: Ben Pfaff <blp@nicira.com>
Simon Horman [Fri, 2 May 2014 08:41:32 +0000 (17:41 +0900)]
flow: Add mf_is_l3_or_higher()
This is in preparation for using the same helper as part of support
for using recirculation in conjunction series of actions including
with MPLS actions that are currently not able to be translated.
In that scenario this helper will be used to test if load, move and
set_field actions require recirculation to occur.
Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
Andy Zhou [Wed, 30 Apr 2014 23:13:27 +0000 (16:13 -0700)]
datapath: handle recirculation loop detection
Current datapath limits the number of times same packet can loop
through action execution to avoid blowing out the kernel stack.
Recirculation also adds to action execution count, but does not use
the same amount of stack compare to other services, such as IPsec.
This patch introduces the concept of stack cost. Recirculation has a
stack cost of 1 while other services have stack cost of 4. Datapath
packet process can accommodate packets that need both services and
recirculation as long as the total stack cost does not exceed the max
stack cost. Packets exceed the limit will be treated as looped packets
and dropped.
The max stack cost is set to allow up to 4 regular services, plus up
to 3 recirculation. The behavior of packets do not recirculate does
not change.
Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
If one tries to install a rule that's identical to another rule in
another OpenFlow table which is being deleted, it's possible that
is_flow_deletion_pending() might confuse them and block the
installation. This is such an edge case I doubt it has ever actually
happened.
Found by inspection.
Signed-off-by: Ethan Jackson <ethan@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Simon Horman [Thu, 1 May 2014 16:40:17 +0000 (16:40 +0000)]
ofproto-dpif: Make bonding balance test more robust
It is my observation that when sending 91 packets to a mode=balance
bond interface with three underlying ports in some cases not all ports
receive at least 7 packets. This causes the test to fail.
It may be that failure indicates that the bonding code
needs improvement. But it seems to me that its more likely to
be a valid behaviour.
I have found that by sending 256 packets instead of 91 the test passes
more reliably: I am yet to see it fail.
Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Andy Zhou <azhou@nicira.com>
Ben Pfaff [Thu, 1 May 2014 15:46:45 +0000 (08:46 -0700)]
ovs-thread: Fix OVS_ADAPTIVE_MUTEX_INITIALIZER.
Commit 05bf6d3c62e1d (ovs-thread: Add checking for mutex and rwlock
initialization.) updated mutex and rwlock initializers to set the "where"
member to a nonnull value, but missed this one. This commit fixes the
problem.
This does not cause real problems in practice because
OVS_ADAPTIVE_MUTEX_INITIALIZER has no existing users.
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Alex Wang [Wed, 16 Apr 2014 23:00:40 +0000 (16:00 -0700)]
bfd: Require bfd control packet received in forwarding_if_rx mode.
This commit adds a requirement that bfd session must receive at least
one bfd control packet every 100 * bfd->cfg_min_rx amount of time in
forwarding_if_rx mode. Otherwise, even if the data packets are received
on the monitored interface, the bfd->forwarding is still false.
Since the datapath flow is not purged when the userspace Open Vswitch
crashes, data packet can still be forwarded through the tunnel and
fool the remote BFD session in forwarding_if_rx mode. Thus, this commit
can prevent the remote BFD session from falsely declaring tunnel liveness
in this situation.
Signed-off-by: Alex Wang <alexw@nicira.com> Acked-by: Ethan Jackson <ethan@nicira.com>
Alex Wang [Wed, 9 Apr 2014 17:58:54 +0000 (10:58 -0700)]
cfm: Require ccm received in demand mode.
This commit adds a new requirement that cfm session must receive
at least one ccm every 100 * cfm_interval amount of time in demand
mode. Otherwise, even if the data packets are received on the
monitored interface, the cfm session still reports "[recv]" fault.
Since the datapath flow is not purged when the userspace Open Vswitch
crashes, data packet can still be forwarded through the tunnel and
fool the remote CFM session in demand mode. Thus, this commit can
prevent the remote CFM session from falsely declaring tunnel liveness
in this situation.
Signed-off-by: Alex Wang <alexw@nicira.com> Acked-by: Ethan Jackson <ethan@nicira.com>
lib/classifier: Use a prefix tree to optimize ports wildcarding.
Using a prefix tree (aka 'trie') for transport ports matching produces
less specific (more wildcarded) datapath megaflows.
Each subtable that matches on transport ports has it's own ports trie.
This trie is consulted only after a failing lookup to determine the
number of bits that need to be unwildcarded to guarantee that any
packet that should match on any of the other rules will not match this
megaflow.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ethan Jackson <ethan@nicira.com>
Ben Pfaff [Wed, 30 Apr 2014 18:07:46 +0000 (11:07 -0700)]
ofproto-dpif: Close race between processing packet_ins and checking seqno.
If a packet-in were to be queued, and the sequence number changed, after
grabbing the list of packet-ins, then the existing code could have gone to
sleep until something happened. By grabbing the sequence number before
the list of packet-ins, we avoid this race.
Patch fixes following warning:
datapath/linux/flow_table.c:580:40: warning: symbol 'flow' shadows an earlier one
datapath/linux/flow_table.c:558:24: originally declared here
Reported-by: Ben Pfaff <blp@nicira.com> Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
Ben Pfaff [Wed, 30 Apr 2014 13:54:09 +0000 (06:54 -0700)]
Enable OpenFlow 1.0, 1.1, 1.2, and 1.3 by default.
The Open vSwitch software switch now supports all the required features of
OpenFlow 1.0 through 1.3, with one known trivial exception[*]. Enable them
by default in ovs-vswitchd.
For now, ovs-ofctl only enables OpenFlow 1.0 by default. This is
because ovs-ofctl implements command such as "add-flow" as raw
OpenFlow requests, but those requests have subtly different semantics
in different OpenFlow versions. For example:
- In OpenFlow 1.0, a "mod-flow" operation that does not find any
existing flow to modify adds a new flow.
- In OpenFlow 1.1, a "mod-flow" operation that does not find any
existing flow to modify adds a new flow, but only if the
mod-flow did not match on the flow cookie.
- In OpenFlow 1.2 and a later, a "mod-flow" operation never adds a
new flow.
[*] OpenFlow 1.1, but not any earlier or later version of OpenFlow,
requires support for VLANs introduced by Ethertype 0x88a8, but Open
vSwitch does not support this Ethertype.
Signed-off-by: Ben Pfaff <blp@nicira.com> Reviewed-by: YAMAMOTO Takashi <yamamoto@valinux.co.jp>
Added a build-time dependency on openssl-devel, so you can easily build
a source RPM and then pass it into mock for building in a clean build
environment (without manually having to install the buildrequires).
Change the classifier to allocate variable sized miniflows and
minimasks in cls_match and cls_subtable, respectively. Do not
duplicate the mask in cls_rule any more.
miniflow_clone and miniflow_move can now take variably sized miniflows
as source. The destination is assumed to be regularly sized miniflow.
Inlining miniflow and mask values reduces memory indirection and helps
reduce cache misses.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ethan Jackson <ethan@nicira.com>