daemon-windows: Set default error mode for services
Microsoft allows default process memory dumps via WER (Windows Error
Reporting).
WER can be set to collect dumps using in general using:
https://msdn.microsoft.com/en-us/library/windows/desktop/bb787181(v=vs.85).aspx
If a normal application crashes, the user will receive a pop-up dialog,
in which he will be asked of his consent on what will be the steps
after the dump was created (debug, close or send the dump to MSFT).
We disable the dump creation via WER in:
https://github.com/openvswitch/ovs/blob/master/lib/util.c#L492
because the idea is we don't want a pop-up if a OVS process (eg. ovs-vsctl)
has crashed.
(more information on the subject:
https://blogs.msdn.microsoft.com/oldnewthing/20040727-00/?p=38323)
Until we implement our own dump collection mechanism, we can set the default
error mode for services because there are no pop-ups allowed in that case.
The commit 7bc1aae71e89 ("rhel: make the selinux policy intermediate")
broke the centos RPM builds. This commit ensures that the centos rpmbuild
will first create the openvswitch-custom.te file, and then create the
final policy files.
Fixes: 7bc1aae71e89 ("rhel: make the selinux policy intermediate") Reported-by: Ansis Atteka <aatteka@ovn.org> Signed-off-by: Aaron Conole <aconole@redhat.com> Acked-by: Ansis Atteka <aatteka@ovn.org>
The selinux documentation mentions to check the selinux/openvswitch.te file
for any permissions that might need to be added. However, the commit 7bc1aae71e89 ("rhel: make the selinux policy intermediate") moved this
file to be generated from intermediate file selinux/openvswitch.te.in
instead.
Correct the documentation, so that users won't be trying to edit a generated
file.
Also, add a gitignore for the autogenerated file.
Fixes: 7bc1aae71e89 ("rhel: make the selinux policy intermediate") Reported-by: Ansis Atteka <aatteka@ovn.org> Signed-off-by: Aaron Conole <aconole@redhat.com> Acked-by: Ansis Atteka <aatteka@ovn.org>
Aaron Conole [Thu, 31 Aug 2017 23:22:45 +0000 (19:22 -0400)]
selinux: update policy to reflect non-root and dpdk support
The selinux policy that exists in the repository did not specify access to
all of the resources needed for Open vSwitch to properly function with
an enforcing selinux policy. This update allows Open vSwitch to operate
with selinux set to Enforcing mode, even while running as a non-root user.
Aaron Conole [Thu, 31 Aug 2017 23:22:44 +0000 (19:22 -0400)]
makefile: hook up dpdkstrip preprocessor
When building the openvswitch-custom.te file, it is important to have the
ability to filter out dpdk blocks depending on whether the system has been
configured with dpdk or not. This allows using all the standard .in file
blocks, as well as the dpdkstrip blocks, when constructing the selinux
policy file.
Additionally, this means any .in files which might want to change based on
configuration to exclude blocks based on dpdk can do so.
Ben Pfaff [Wed, 30 Aug 2017 16:33:14 +0000 (09:33 -0700)]
monitor: Simplify calculation of cond->conditional.
This removes n_true_cnd from struct ovsdb_monitor_session_condition.
It was an "optimization" that is not part of any inner loop, but
make the code harder to reason about.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Andy Zhou <azhou@ovn.org> Acked-by: Liran Schour <lirans@il.ibm.com>
Ben Pfaff [Wed, 30 Aug 2017 16:33:13 +0000 (09:33 -0700)]
monitor: Fix bad caching of conditional monitor_cond requests.
The current implementation of ovsdb-server caches only non-conditional
monitors, that is, monitors for every table row, not those that monitor
only rows that match some condition. To figure out which monitors are
conditional, the code track the number of tables that have conditions that
are uniformly true (cond->n_true_cnd) and compares that against the number
of tables in the condition (shash_count(&cond->tables)). If they are the
same, then every table has (effectively) no condition, and so
cond->conditional is set to false.
However, the implementation was buggy. The function that adds a new
table condition, ovsdb_monitor_table_condition_create(), only updated
cond->conditional if the table condition being added was true. This is
wrong; only adding a non-true condition can actually change
cond->conditional. This commit fixes the problem by always recalculating
cond->conditional.
The most visible side effect of cond->conditional being true when it
should be false, as caused by this bug, was that conditional monitors were
being mixed with unconditional monitors for the purpose of caching. This
meant that, if a client requested a conditional monitor that was the
same as an unconditional one, except for the condition, then the client
would receive the cached data previously sent for the unconditional one.
This commit fixes the problem.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Andy Zhou <azhou@ovn.org> Acked-by: Liran Schour <lirans@il.ibm.com>
Aaron Conole [Mon, 14 Aug 2017 20:18:14 +0000 (16:18 -0400)]
redhat: fix upgrades where group doesn't exist
The upgrade from older Open vSwitch versions on RHEL will try, as much as
possible, to preserve the system. This means no new users or groups are
created. As an effect, it's possible for the chown to fail, because the
hugetlbfs group may not exist. While it did on my systems, it was not
there on others.
This change allows the ExecStartPre commands to fail. In the case that the
user doesn't use DPDK, it won't matter anyway.
Fixes: e3e738a3d058 ('redhat: allow dpdk to also run as non-root user') Signed-off-by: Aaron Conole <aconole@redhat.com> Reported-by: Jean-Tsung Hsiao <jhsiao@redhat.com> Tested-by: Jean-Tsung Hsiao <jhsiao@redhat.com> Acked-by: Flavio Leitner <fbl@sysclose.org> Signed-off-by: Russell Bryant <russell@ovn.org>
Lance Richardson [Fri, 25 Aug 2017 21:35:31 +0000 (14:35 -0700)]
netdev-dpdk: use 64-bit arithmetic when converting rates.
Force 64-bit arithmetic to be used when converting uint32_t rate
and burst parameters from kilobits per second to bytes per second,
avoiding incorrect behavior for rates exceeding UINT_MAX bits
per second.
Lily Huang [Fri, 25 Aug 2017 20:39:00 +0000 (13:39 -0700)]
conntrack: Fix ct-clean thread crash bug.
Conn should be removed from the connection expiry list when
the connection tracker experiences NAT resource exhaustion
and the connection needing NAT mapping cannot get it.
If this is not done, the connection tracker can crash during
cleanup of expired connections by the clean thread.
This crash will be triggered when a established flow do ct(nat)
again, like
"ip,actions=ct(table=1)
table=1,in_port=1,ip,actions=ct(commit,nat(dst=5.5.5.5)),2
table=1,in_port=2,ip,ct_state=+est,actions=1
table=1,in_port=1,ip,ct_state=+est,actions=2"
Fixes: bd5e81a0e596 ("Userspace Datapath: Add ALG infra and FTP.") Signed-off-by: Lili Huang <huanglili.huang@huawei.com> Signed-off-by: Darrell Ball <dlu998@gmail.com>
Rxqs consumed processing cycles are used to improve the balance
of how rxqs are assigned to pmds. Currently some reconfiguration
is needed to perform a reassignment.
Add an ovs-appctl command to perform a new assignment in order
to balance based on the latest rxq processing cycle information.
Note: Jan requested this for testing purposes.
Suggested-by: Jan Scheurich <jan.scheurich@ericsson.com> Signed-off-by: Kevin Traynor <ktraynor@redhat.com> Signed-off-by: Darrell Ball <dlu998@gmail.com>
Kevin Traynor [Fri, 25 Aug 2017 07:51:18 +0000 (00:51 -0700)]
dpif-netdev: Change pmd selection order.
Up to his point rxqs are sorted by processing cycles they
consumed and assigned to pmds in a round robin manner.
Ian pointed out that on wrap around the most loaded pmd will be
the next one to be assigned an additional rxq and that it would be
better to reverse the pmd order when wraparound occurs.
In other words, change from assigning by rr to assigning in a forward
and reverse cycle through pmds.
Also, now that the algorithm has finalized, document an example.
Suggested-by: Ian Stokes <ian.stokes@intel.com> Signed-off-by: Kevin Traynor <ktraynor@redhat.com> Signed-off-by: Darrell Ball <dlu998@gmail.com>
Kevin Traynor [Fri, 25 Aug 2017 07:48:01 +0000 (00:48 -0700)]
dpif-netdev: Change rxq_scheduling to use rxq processing cycles.
Previously rxqs were assigned to pmds by round robin in
port/queue order.
Now that we have the processing cycles used for existing rxqs,
use that information to try and produced a better balanced
distribution of rxqs across pmds. i.e. given multiple pmds, the
rxqs which have consumed the largest amount of processing cycles
will be placed on different pmds.
The rxqs are sorted by their processing cycles and assigned (in
sorted order) round robin across pmds.
Signed-off-by: Kevin Traynor <ktraynor@redhat.com> Signed-off-by: Darrell Ball <dlu998@gmail.com>
Kevin Traynor [Fri, 25 Aug 2017 07:44:25 +0000 (00:44 -0700)]
dpif-netdev: Count the rxq processing cycles for an rxq.
Count the cycles used for processing an rxq during the
pmd rxq interval. As this is an in flight counter and
pmds run independently, also store the total cycles used
during the last full interval.
Signed-off-by: Kevin Traynor <ktraynor@redhat.com> Signed-off-by: Darrell Ball <dlu998@gmail.com>
Kevin Traynor [Fri, 25 Aug 2017 07:42:06 +0000 (00:42 -0700)]
dpif-netdev: Add rxq processing cycle counters.
Add counters to dp_netdev_rxq which will later be used for storing the
processing cycles of an rxq. Processing cycles will be stored in reference
to a defined time interval. We will store the cycles of the current in progress
interval, a number of completed intervals and the sum of the completed
intervals.
cycles_count_intermediate was used to count cycles for a pmd. With some small
additions we can also use it to count the cycles used for processing an rxq.
Signed-off-by: Kevin Traynor <ktraynor@redhat.com> Signed-off-by: Darrell Ball <dlu998@gmail.com>
Darrell Ball [Fri, 25 Aug 2017 05:09:58 +0000 (22:09 -0700)]
dp-packet: Refactor DPDK packet initialization.
DPDK uses dp-packet pools and manages the mbuf portion of
each packet. When a pool is created, partial initialization is
also done on the OVS portion (i.e. non-mbuf). Since packet
memory is reused, this is not very useful for transient
fields and is also misleading. Furthermore, some of these
transient fields are properly initialized for DPDK packets
entering OVS anyways, which is the only reasonable way to do this.
Another field, cutlen, is initialized in this manner in the pool
and intended to be reset when cutlen is applied on sending the
packet out. However, if cutlen context is set but the packet is
not sent out for some reason, then the packet header would be
corrupted in the memory pool. It is better to just reset the
cutlen in the packets when received. I did not detect a
degradation in performance, however, I would be willing to
have some degradation, since this is a proper way to handle
this. In addition to initializing cutlen in received packets,
the other OVS transient fields are removed from the DPDK pool
initialization.
Darrell Ball [Fri, 25 Aug 2017 04:46:51 +0000 (21:46 -0700)]
docs/dpdk: Consolidate pmd-cpu-mask references.
The DPDK introductory documentation has various references to
pmd-cpu-mask, including a section devoted to it. These parts of
the documentation seemed to have been written at different times
and look like they were individually ported from other sources.
They all include an example command which gets repeated several times.
Here, we consolidate those referenes to make the documentation
easier to maintain. At the same time, create linkages to the
pmd-cpu-mask section from other sections to provide some level of
coherence.
Reviewed-by: Greg rose <gvrose8192@gmail.com> Acked-by: Kevin Traynor <ktraynor@redhat.com> Signed-off-by: Darrell Ball <dlu998@gmail.com>
Gao Zhenyu [Sun, 20 Aug 2017 14:37:31 +0000 (14:37 +0000)]
ovn: Fix BFD error config on gateway
The bfd_calculate_chassis function calculates gateway's peer datapaths
to figure out which tunnel's BFD should be enabled to from the current chassis.
Existing algorithm only calculats peer datapaths at one hop, but multiple
logical switches and E/W routers could be in the path, making several hops
which were not considered on the calculation.
It may disable BFD on some gw's tunnel ports. Then a port on a remote ovs
cannot send packet out because it believes all remote gateways are down.
This patch will go through whole graph and visit all datapath's port
which has connection with gateways.
Yi-Hung Wei [Wed, 23 Aug 2017 00:52:30 +0000 (17:52 -0700)]
atlocal: Document find_l7_lib()
When a system traffic is skipped due to 'HAVE_FTP = no' or
'HAVE_TFTP = no', it takes some effort to figure out it is due to
missing the required python library. Add some comments around the
find_l7_lib(), so that user can figure that out by
$ git grep HAVE_FTP.
Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com> Signed-off-by: Joe Stringer <joe@ovn.org>
Alin Balutoiu [Tue, 22 Aug 2017 10:47:21 +0000 (10:47 +0000)]
windows, python: Fix event type returned from poller
The function poll from poller should return a list of tuples
containing the events and their types.
On Windows the event type is not returned at the moment.
Instead of returning zero all the time, we check to see
the type of event and we set it accordingly before returning
the list.
This is used only for debugging purposes inside the function
"__log_wakeup" later on.
Signed-off-by: Alin Balutoiu <abalutoiu@cloudbasesolutions.com> Acked-by: Russell Bryant <russell@ovn.org> Acked-by: Alin Gabriel Serdean <aserdean@ovn.org> Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
Justin Pettit [Mon, 7 Aug 2017 21:44:02 +0000 (14:44 -0700)]
ofproto-dpif: Mark packets as "untracked" after call to ct().
Packet and Connection state is only available to the processing path
that follows the "recirc_table" argument of the ct() action. The
previous behavior made these states available until the end of the
pipeline. This commit changes the behavior so that the Packet and
Connection state are cleared for the current processing path whenever
ct() is called (in addition to reaching the end of the pipeline.)
A future commit will remove the behavior that a "send to controller"
action causes all packets for that flow to be handled via the slow-path.
The current behavior of connection tracking state makes that difficult
due to datapath actions containing multiple OpenFlow rules that may
contain different connection tracking states. This change will make
that future commit possible.
Signed-off-by: Justin Pettit <jpettit@ovn.org> Acked-by: Joe Stringer <joe@ovn.org>
Joe Stringer [Thu, 17 Aug 2017 21:26:27 +0000 (14:26 -0700)]
checkpatch: Enforce bracing around conditionals.
The coding style states that BSD-style brace placement should be used,
and even single statements should be enclosed. Add checks to checkpatch
for this, particularly for 'else' statements.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Aaron Conole <aconole@redhat.com>
Lance Richardson [Sat, 19 Aug 2017 20:23:34 +0000 (16:23 -0400)]
ovn: support requested-chassis option for logical switch ports
This patch adds support for a "requested-chassis" option for logical
switch ports. If set, the only chassis that will claim this port is the
chassis identfied by this option; if already bound by another chassis,
it will be released.
The primary benefit of this enhancement is allowing a CMS to prevent
"thrashing" in the southbound database during live migration by keeping
the original chassis from attempting to re-bind a port that is in the
process of migrating.
This would also allow (with some additional work) RBAC to be applied
to the Port_Binding table for additional security.
Signed-off-by: Lance Richardson <lrichard@redhat.com> Signed-off-by: Russell Bryant <russell@ovn.org>
Roi Dayan [Thu, 17 Aug 2017 05:59:10 +0000 (08:59 +0300)]
dpif: Fix cleanup of netdev_ports map
Executing dpctl commands from userspace also calls to
dpif_open()/dpif_close() but not really creating another dpif
but using a clone.
As for netdev_ports map is global we avoid adding duplicate entries
but also need to make sure we are not removing needed entries.
With this commit we make sure only the last dpif close should clean
the netdev_ports map.
Fixes: 6595cb95a4a9 ("dpif: Clean up netdev_ports map on dpif_close().") Signed-off-by: Roi Dayan <roid@mellanox.com> Reviewed-by: Paul Blakey <paulb@mellanox.com> Signed-off-by: Joe Stringer <joe@ovn.org>
Alin Balutoiu [Wed, 16 Aug 2017 15:01:39 +0000 (15:01 +0000)]
python: fix python3 encode/decode on Windows
Fix double encoding/decoding on data, caused by
'get_decoded_buffer' and 'get_encoded_buffer'.
The functions 'get_decoded_buffer' and 'get_encoded_buffer'
from winutils have been removed. They are no longer
necessary since the buffers received/returned are already
in the right form.
The necessary encoding has been moved before any sending
function (this also includes named pipes send on Windows).
Anand Kumar [Tue, 15 Aug 2017 22:29:04 +0000 (15:29 -0700)]
datapath-windows: Do not modify port field for ICMP during SNAT/DNAT
During SNAT/DNAT, we should not be updating the port field of ct_endpoint
struct, as ICMP packets do not have port information. Since port and
icmp_id are overlapped in ct_endpoint struct, icmp_id gets changed.
As a result, NAT look up fails to find a matching entry.
This patch addresses this issue by not modifying icmp_id field during
SNAT/DNAT only for ICMP traffic
The current NAT module doesn't take the ICMP type/code into account
during the lookups. Fix this to make it similar with the other conntrack
module.
Acked-by: Shashank Ram <rams@vmware.com> Acked-by: Alin Gabriel Serdean <aserdean@ovn.org> Signed-off-by: Anand Kumar <kumaranand@vmware.com> Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
Joe Stringer [Tue, 15 Aug 2017 23:15:54 +0000 (16:15 -0700)]
tests: Put maximum timeout on netcat calls.
This was causing test script execution to hang forever on Ubuntu Zesty.
Make sure it times out within 5 seconds, so at least it will fail out
properly.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Flavio Leitner <fbl@sysclose.org>
Joe Stringer [Fri, 11 Aug 2017 18:06:46 +0000 (11:06 -0700)]
ovsdb-idl: Avoid new expression.
In C++, 'new' is a keyword. If this is used as the name for a field,
then C++ compilers can get confused about the context and fail to
compile references to such fields. Rename the field to 'new_datum' to
avoid this issue.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Joe Stringer [Fri, 11 Aug 2017 18:06:45 +0000 (11:06 -0700)]
ovsdb-idl: Avoid mutable type specifier.
In C++, 'mutable' is a keyword. If this is used as the name for a field,
then C++ compilers can get confused about the context and fail to
compile references to such fields. Rename the field to 'is_mutable' to
avoid this issue.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Joe Stringer [Fri, 11 Aug 2017 18:06:44 +0000 (11:06 -0700)]
ovsdb-idl: Avoid class declaration.
In C++, 'class' is a keyword. If this is used as the name for a field,
then C++ compilers can get confused about the context and fail to
compile references to such fields. Rename the field to 'class_' to
avoid this issue.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Paul Blakey [Mon, 7 Aug 2017 15:19:11 +0000 (18:19 +0300)]
netdev-tc-offloads: Offload match on tcp_flags
Add support to offload rules matching on tcp_flags.
Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Acked-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: Joe Stringer <joe@ovn.org>
Paul Blakey [Mon, 7 Aug 2017 15:19:10 +0000 (18:19 +0300)]
tc: Add matching on tcp flags
To be used later for offloading rules matching on tcp_flags.
Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Acked-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: Joe Stringer <joe@ovn.org>
Paul Blakey [Mon, 7 Aug 2017 15:19:09 +0000 (18:19 +0300)]
odp-util: Put tcp_flags value to netlink if value is 0
If tcp_flags value is 0 it isn't put to netlink, even if mask
isn't zero. Fix that so we can have matching on value 0.
Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Acked-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: Joe Stringer <joe@ovn.org>
Paul Blakey [Mon, 7 Aug 2017 15:19:08 +0000 (18:19 +0300)]
netdev-tc-offloads: Add nw_ttl matching using flower
Add matching (put/dump) on ip layer ttl.
Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Acked-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: Joe Stringer <joe@ovn.org>
Paul Blakey [Mon, 7 Aug 2017 15:19:07 +0000 (18:19 +0300)]
match: Add helper function to set nw_ttl with mask
Add help function match_set_nw_ttl_masked()
Will be used later to set ttl value.
Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Acked-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: Joe Stringer <joe@ovn.org>
Paul Blakey [Mon, 7 Aug 2017 15:19:06 +0000 (18:19 +0300)]
tc: Add ip layer ttl matching
Add matching on ip layer ttl, to be used later.
Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Acked-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: Joe Stringer <joe@ovn.org>
Paul Blakey [Mon, 7 Aug 2017 15:19:05 +0000 (18:19 +0300)]
compat: Update tc compatibility header
Update to include up to flower ttl matching.
Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Acked-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: Joe Stringer <joe@ovn.org>
Joe Stringer [Thu, 10 Aug 2017 00:18:22 +0000 (17:18 -0700)]
netdev: Free ifidx mapping in netdev_ports_remove().
Previously, netdev_ports_insert() would allocate and insert an
ifindex->odp_port mapping, but netdev_ports_remove() would never remove
the mapping or free the mapping structure. This patch fixes these up.
Fixes: 32b77c316d9982("dpif: Save added ports in a port map.") Reported-by: Andy Zhou <azhou@ovn.org> Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Andy Zhou <azhou@ovn.org>
Russell Bryant [Thu, 10 Aug 2017 20:18:06 +0000 (16:18 -0400)]
sandbox: Add ports to br-int in ovn-setup.
ovs-sandbox comes with a script to quickly set up a simple
OVN configuration, ovn-setup.sh. This script set up config in the OVN
northbound database, but didn't create the corresponding ports on
br-int. Add that to save another step in provisioning this simple
environment.
Add "ovn-sbctl show" output as well, to follow the existing "ovn-nbctl
show" output.
Signed-off-by: Russell Bryant <russell@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Lance Richardson [Thu, 10 Aug 2017 20:41:19 +0000 (16:41 -0400)]
travis: parallel builds and tests
Some recent travis builds have failed due to having exceeded the
per-job time limit of 50 minutes. This change enables parallel
builds and parallel test execution in order to reduce overall
execution time, and will hopefully allow this class of build
failures to be avoided.
Since the travis build environment is provisioned with two CPUs,
use -j2 for builds and -j4 for tests. Testing in a cloned repository
shows slightly more than a 50% reduction in overall test time.
Signed-off-by: Lance Richardson <lrichard@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Aaron Conole [Wed, 9 Aug 2017 20:00:53 +0000 (16:00 -0400)]
netdev-dpdk: include dpdk PCI header directly
As part of a devargs rework in DPDK, the PCI header file was removed, and
needs to be directly included. This isn't required to build with 17.05 or
earlier, but will be required should a future update happen.
Darrell Ball [Thu, 10 Aug 2017 20:22:16 +0000 (13:22 -0700)]
dp-packet: Reset DPDK hwol flags on init.
Reset the DPDK hwol flags in dp_packet_init_. The new hwol bad checksum
flag is uninitialized for non-dpdk ports and this is noticed as test
failures using netdev-dummy ports, when built with the --with-dpdk
flag set. Hence, in this case, packets may be falsely marked as having a
bad checksum. The existing APIs are simplified at the same time by
making them specific to either DPDK or otherwise; they also now
manage a single field.
aaron conole [Wed, 9 Aug 2017 20:36:53 +0000 (16:36 -0400)]
redhat: add vfio udev rules
This commit builds on the non-root ovs work and adds a udev rule which will
automatically set the group permissions of vfio devices.
Fixes: e3e738a3d058 ("redhat: allow dpdk to also run as non-root user") Signed-off-by: Aaron Conole <aconole@redhat.com> Signed-off-by: Russell Bryant <russell@ovn.org>
Joe Stringer [Wed, 9 Aug 2017 20:37:51 +0000 (13:37 -0700)]
checkpatch: Fix matching on C filenames.
Most of the prerequisite checks so far matched on filenames that ended
in some character followed by 'c' or 'h', rather than a filename that
ends in '.c' or '.h'. Fix this.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Joe Stringer [Wed, 9 Aug 2017 20:37:50 +0000 (13:37 -0700)]
checkpatch: Check for infix operator whitespace.
The 'Expressions' section of the coding style specifies that one space
should be on either side of infix binary and ternary operators. This
adds a check to checkpatch.py for most of these.
The regex won't match if there are speech marks on the line, because
the style should not apply to the contents of strings.
This check is left at warning level because there isn't a good way to
determine whether a line is within a multiline comment or string, so it
will occasionally flag such lines which contain hyphenated words.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Joe Stringer [Wed, 9 Aug 2017 00:10:58 +0000 (17:10 -0700)]
dpif: Clean up netdev_ports map on dpif_close().
Commit 32b77c316d9982("dpif: Save added ports in a port map.")
introduced tracking of all dpif ports by taking a reference on each
available netdev when the dpif is opened, but it failed to clear out and
release references to these netdevs when the dpif is closed.
One of the problems introduced by this was that upon clean exit of
ovs-vswitchd via "ovs-appctl exit --cleanup", the "ovs-netdev" device
was not deleted. This which could cause problems in subsequent start up.
Commit 5119e258da92 ("dpif: Fix cleanup of userspace datapath.") fixed
this particular problem by not adding such devices to the netdev_ports
map, but the referencing/unreferencing upon dpif_open()/dpif_close() is
still not balanced.
Balance the referencing of netdevs by clearing these during dpif_close().
Fixes: 32b77c316d9982("dpif: Save added ports in a port map.") Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Andy Zhou <azhou@ovn.org>
Ensure that JSON is utf-8 encoded and that bytes sent/received on
the stream sockets are in utf-8 form. Add a test case to verify
that unicode data can be sent/received successfully using Python
IDL module.
Co-authored-by: Terry Wilson <twilson@redhat.com> Signed-off-by: Terry Wilson <twilson@redhat.com> Signed-off-by: Lance Richardson <lrichard@redhat.com> Signed-off-by: Russell Bryant <russell@ovn.org>
Ben Pfaff [Tue, 6 Jun 2017 01:04:50 +0000 (18:04 -0700)]
ofproto-dpif-ipfix: Use common OVS functions for getting current time.
OVS has common infrastructure functions for getting the current time, but
this code was not using them. It is not clear why, so this commit changes
it to use them.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Andy Zhou <azhou@ovn.org>
Yi Yang [Tue, 8 Aug 2017 06:55:05 +0000 (14:55 +0800)]
Remove duplicate description about Experimenter classes
commit 3d2fbd70bda514f7327970b859663f34f994290c brought
duplicate description about Experimenter classes
ONFOXM_ET and NXOXM_NSH in lib/meta-flow.xml, branch-2.8
has the same issue.
Signed-off-by: Yi Yang <yi.y.yang@intel.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Paul Blakey [Tue, 8 Aug 2017 14:03:12 +0000 (17:03 +0300)]
netdev-vport: Always implement get_ifindex for netdev-vport
Always implement get_ifindex without checking if offload is
enabled or not as this should not be related. From ovs-dpctl
we cannot tell if offload is enabled or not as other_config is
not being read.
Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Darrell Ball [Wed, 9 Aug 2017 06:57:36 +0000 (23:57 -0700)]
travis: Fix DPDK builds in new environment.
The following error is seen:
17.05.1/build/build/lib/librte_eal/linuxapp/igb_uio/igb_uio.c:29:
/home/travis/build/darball/ovs/linux-3.16.46/arch/x86/include/asm/
dma-mapping.h:32:35: error: inlining failed in call to ‘get_dma_ops’:
call is unlikely and code size would grow [-Werror=inline]
-Wno-error=inline is used to address the issues with
the new environment.
Suggested-by: Ben Pfaff <blp@ovn.org> Signed-off-by: Darrell Ball <dlu998@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Tue, 8 Aug 2017 23:37:15 +0000 (16:37 -0700)]
netdev-dummy: Close pcap files when dummy device is closed.
Fixes a fd leak.
Reported-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Daniel Alvarez [Fri, 21 Jul 2017 15:28:24 +0000 (15:28 +0000)]
netdev: check for NULL fields in netdev_get_addrs
When the interfaces list is retrieved through getiffaddrs(), there
might be elements with iface_name set to NULL.
This patch checks ifa_name to be not NULL before comparing it to the
actual device name in the loop that calculates how many interfaces
exist with that same name.
Also, this patch checks that ifa_netmask is not NULL for coherence
with the existing code so that it doesn't allocate more memory
than needed if this field is NULL.
Note, that these checks are already being done later in the function
so it should be done in both places.
Signed-off-by: Daniel Alvarez <dalvarez@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Lance Richardson <lrichard@redhat.com>
Ben Pfaff [Tue, 8 Aug 2017 23:11:46 +0000 (16:11 -0700)]
ofp-print: #include its own header first.
The OVS coding style document says that a .c file should include the
corresponding .h file first, to ensure that the .h file includes all of
its dependencies, but this file didn't do that.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Joe Stringer <joe@ovn.org>
Joe Stringer [Tue, 8 Aug 2017 21:30:28 +0000 (14:30 -0700)]
include: Add struct declaration to ofp-print.h.
If a libopenvswitch user includes ofp-print.h before ofp-util.h (which
is standard alphabetical order), and turns on -Werror, then they would
hit this compilation error in the include:
error: 'struct ofputil_port_map' declared inside parameter list will not
be visible outside of this definition or declaration [-Werror]
void ofp_print(FILE *, const void *, size_t *, const struct ofputil_port_map *,
Fixes: 50f96b10e1c8 ("Support accepting and displaying port names in OVS tools.") Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Tue, 8 Aug 2017 23:02:20 +0000 (16:02 -0700)]
m4: Add pkg.m4 from pkg-config.
This way, users do not have to install the m4 file from pkg-config, which
was not previously a requirement. Without this change, "configure" fails
when pkg.m4 is not available via aclocal:
./configure: line 26189: ` PKG_CHECK_MODULES(DPDK, libdpdk,'
Reported-by: Alin Serdean <aserdean@cloudbasesolutions.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Ben Pfaff [Fri, 14 Jul 2017 04:42:54 +0000 (21:42 -0700)]
ovs-vsctl-bashcomp: Make compatible with busybox "awk".
It seems that awk in busybox doesn't think that an empty string is part of
a larger string, but that GNU awk does. This commit adds an extra test to
make _ovs_vsctl_check_startswith_string work either way.
This allows the following tests to pass with busybox awk:
vsctl bashcomp unit tests
7: vsctl-bashcomp - basic verification ok
8: vsctl-bashcomp - argument completion ok
Reported-by: Stuart Cardall <developer@it-offshore.co.uk> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Lance Richardson <lrichard@redhat.com>
aaron conole [Fri, 4 Aug 2017 17:00:57 +0000 (13:00 -0400)]
redhat: allow dpdk to also run as non-root user
After this commit, users may start a dpdk-enabled ovs setup as a
non-root user. This is accomplished by exporting the $HOME directory,
which dpdk uses to fill in it's semi-persistent RTE configuration.
This change may be a bit controversial since it modifies /dev/hugepages
as part of starting the ovs-vswitchd to set a hugetlbfs group
ownership. This is used to enable writing to /dev/hugepages so that the
dpdk_init will successfully complete. There is an alternate way of
accomplishing this - namely to initialize DPDK before dropping
privileges. However, this would mean that if DPDK ever grows an uninit
/ reinit function, non-root ovs likely could never use it.
This does not change OvS+DPDK's SELinux requirements. It still must be
disabled.
Signed-off-by: Aaron Conole <aconole@redhat.com> Signed-off-by: Russell Bryant <russell@ovn.org>
aaron conole [Fri, 4 Aug 2017 17:00:56 +0000 (13:00 -0400)]
redhat: dynamic service file for vswitchd
This commit changes the service file from static configuration to an
autogenerated file, produced during the build. This will be relevant in a
future commit.
Signed-off-by: Aaron Conole <aconole@redhat.com> Signed-off-by: Russell Bryant <russell@ovn.org>
aaron conole [Fri, 4 Aug 2017 17:00:55 +0000 (13:00 -0400)]
dpdkstrip: add a preprocessor tool for stripping dpdk blocks
Normally, in C code, pre-processing macros can be used to enable/disable
specific functionality based on switches passed to configure. This works
for DPDK using the --with-dpdk flag, which sets the DPDK_NETDEV define to
the appropriate value.
However, not all files are processed with the C pre-processor. For those
files which are not, this commit adds a new pre-processor tool for .in
files to either include or exclude those stanzas as appropriate.
Signed-off-by: Aaron Conole <aconole@redhat.com> Signed-off-by: Russell Bryant <russell@ovn.org>
aaron conole [Fri, 4 Aug 2017 17:00:54 +0000 (13:00 -0400)]
redhat: dynamically allocate and reference ovs user
After this commit, the fedora RPM will create the openvswitch user, from the
non-static pool, for use as an Open vSwitch daemon user. This only happens
on install - not upgrade. This will be the default user:group
combination for the openvswitch daemons.
To do this in a way that doesn't impact existing installations, the
/etc/openvswitch directory will be created during the installation,
rather than being provided as part of the rpm.
aaron conole [Fri, 4 Aug 2017 17:00:53 +0000 (13:00 -0400)]
redhat: allow arbitrary user:group
Under rpm based distributions, the only user:group that the rhel daemons run
as is 'root:root'. This is fine as a default, but as part of a security
procedure, users may want to run as an alternate uid/gid. This commit
adds an OVS_USER_ID environment variable for systemd, which defaults to
root:root, but can be overridden by changing the /etc/sysconfig/openvswitch
environment file.
Joe Stringer [Mon, 7 Aug 2017 21:58:45 +0000 (14:58 -0700)]
system-kmod-macros: Load TFTP module.
Just like the FTP module needs to be loaded to ensure that the FTP tests
work, the TFTP module needs to be loaded to ensure that the TFTP tests
work. This patch does so.
Fixes: 200a9af97d1c ("System tests: Add 4 new ftp and tftp tests.") Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Andy Zhou <azhou@ovn.org>
acinclude: Also support pkg-config for configuring dpdk.
If available use dpdk pkg-config info of libdpdk to set the right
include paths.
That for example, allows packagers to provide non default include
paths in a common way (pkg-config).
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com> Suggested-by: Luca Boccassi <luca.boccassi@gmail.com> Acked-by: Luca Boccassi <luca.boccassi@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Joe Stringer [Mon, 31 Jul 2017 23:54:22 +0000 (16:54 -0700)]
ofproto-dpif-upcall: Fix key attr iteration.
This call is operating on messages generated by the datapath. If a
datapath implementation sends improperly formatted netlink attributes,
then it's possible for a revalidator thread to end up trapped in an
infinite loop iterating across these attributes. Rather than using the
UNSAFE variation of this iterator, use the regular version.
Fixes: 994fcc5a15d3 ("upcall: Check for recirc_id in ukey_create_from_dpif_flow()") Signed-off-by: Joe Stringer <joe@ovn.org> Reviewed-by: Greg Rose <gvrose8192@gmail.com> Acked-by: Ben Pfaff <blp@ovn.org>
Joe Stringer [Mon, 31 Jul 2017 23:54:21 +0000 (16:54 -0700)]
ofproto-dpif-upcall: Fix action attr iteration.
This calls is operating on messages generated by the datapath. If a
datapath implementation sends improperly formatted netlink attributes,
then it's possible for a revalidator thread to end up trapped in an
infinite loop iterating across the actions attributes. Rather than using
the UNSAFE variation of this iterator, use the regular version.
Fixes: e672ff9b4d22 ("ofproto-dpif: Restore metadata and registers on recirculation.") Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Jan Scheurich [Sat, 5 Aug 2017 05:41:12 +0000 (13:41 +0800)]
NSH unit test cases using encap and decap actions
With the support of generic encap and decap actions for Ethernet and NSH
it is now possible to build test cases that mimic realistic OVS
configurations and OF pipelines for Service Function Chaining. Packets
are being encapsulated in NSH, forwarded based on NSH headers, sent over
Ethernet links and VXLAN-GPE tunnels, and decapsulated at the end of
a service chain.
Signed-off-by: Jan Scheurich <jan.scheurich@ericsson.com> Signed-off-by: Yi Yang <yi.y.yang@intel.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
projects / mirror_ovs.git / log