ovs-vtep: Delete flows with untagged vlan carefully.
A (physical port + vlan) or (physical port + no tag) can be bound to a
logical switch. When one unbinds (physical port + no tag) from a logical
switch, the emulator inadvertantly deletes flows for (physical port + vlan)
too. This commit fixes it.
VMware-BZ: #1609938 Reported-by: Mike Qing <mqing@vmware.com> Signed-off-by: Gurucharan Shetty <guru@ovn.org> Acked-by: Ryan Moats <rmoats@us.ibm.com>
Ben Pfaff [Wed, 16 Mar 2016 23:45:29 +0000 (16:45 -0700)]
ovs-ctl: Remove code for upgrading from Open vSwitch 1.6 and earlier.
OVS 1.7 was released in July 2012, so by the time current OVS is released,
it will be almost four years old. I think that this is long enough to
remove special upgrade code.
It's almost impossible to do this upgrade in any case since there is
no overlap in the base kernel versions supported by the out of tree
modules in the two versions (the only possibility is running the new
version of OVS on the upstream module from Linux 3.3).
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Jesse Gross <jesse@kernel.org>
Ben Pfaff [Thu, 17 Mar 2016 03:10:40 +0000 (20:10 -0700)]
ovs-ctl: Remove code for upgrading from Open vSwitch 1.9 and earlier.
OVS 1.10 was released in May 2013, so by the time current OVS is released,
it will be about three years old. I think that this is long enough to
remove special upgrade code from the startup scripts.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Jesse Gross <jesse@kernel.org>
Sairam Venugopal [Mon, 29 Feb 2016 19:42:12 +0000 (11:42 -0800)]
datapath-windows: Support for IPv6 in TCP segmentation
When a packet which needs segmentation is received, the header for
each segment is being calculated, i.e. IP length, checksum, TCP seq,
TCP checksum.
The problem with the current code is that it wrongly assumes that
the Ethernet frame payload is always an IPv4 packet.
This patch checks the EtherType field of the Ethernet frame to see
which protocol is encapsulated in its payload, IPv4 or IPv6, and
calculates the segment's header accordingly.
Pravin B Shelar [Mon, 14 Mar 2016 19:42:48 +0000 (12:42 -0700)]
datapath: Fix build failure related to missing vlan.h
---8<---
make[1]: Entering directory `/home/travis/build/openvswitch/ovs/datapath'
make[1]: *** No rule to make target `vlan.h', needed by `distdir'. Stop.
make[1]: Leaving directory `/home/travis/build/openvswitch/ovs/datapath'
make: *** [distdir] Error 1
cat: */_build/tests/testsuite.log: No such file or directory
Signed-off-by: Pravin B Shelar <pshelar@ovn.org> Acked-by: Jesse Gross <jesse@kernel.org>
Lance Richardson [Wed, 24 Feb 2016 15:48:34 +0000 (10:48 -0500)]
ovsdb-idl: improve error handling when schema is not available
A common error scenario with OVN is to attempt to use ovn-nbctl when
the OVN databases have not been created in ovsdb-server:
1. ovn-nbctl sends a "get_schema" request for the OVN db to ovsdb-server.
2. ovsdb-server fails to find requested db, sends error response
to ovn-nbctl.
3. ovn-nbctl receives the error response in ovsdb_idl_run(), but
takes no specific action.
4. ovn-nbctl hangs forever in IDL_S_SCHEMA_REQUESTED state (assuming
a timeout wasn't requested on the command line).
This commit adds a new IDL state, IDL_S_NO_SCHEMA, which is entered
when a negative response to a schema request is received. When in
this state, ovsdb_idl_is_alive() now returns 'false', allowing clients
(currently ovn-nbctl, ovn-sbctl, vtep-ctl, and ovs-vsctl) to detect this
condition and exit with an appropriate error message.
Signed-off-by: Lance Richardson <lrichard@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Pravin B Shelar [Mon, 29 Feb 2016 17:54:15 +0000 (09:54 -0800)]
datapath: Drop support for kernel older than 3.10
Currently OVS out of tree datapath supports a large number of kernel
versions. From 2.6.32 to 4.3 and various distribution-specific
kernels. But at this point major features are only available on more
recent kernels. For example, stateful services are only available
starting in kernel 3.10 and STT is available on starting with 3.5.
Since these features are becoming essential to many OVS deployments,
and the effort of maintaining the backports is high. We have decided
to drop support for older kernel. Following patch drops supports
for kernel older than 3.10.
Signed-off-by: Pravin B Shelar <pshelar@ovn.org> Acked-by: Jesse Gross <jesse@kernel.org>
Ben Pfaff [Sat, 20 Feb 2016 00:34:19 +0000 (16:34 -0800)]
ovn: Implement basic ARP support for L3 logical routers.
This is sufficient support that an L3 logical router can now transmit
packets to VMs (and other destinations) without having to know the
IP-to-MAC binding in advance. The details are carefully documented in all
of the appropriate places.
There are several important caveats that need to be fixed before this can
be taken seriously in production. These are documented in ovn/TODO. The
most important of these are renewal, expiration, and limiting the size of
the ARP table.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Justin Pettit <jpettit@ovn.org>
Ben Pfaff [Thu, 28 Jan 2016 05:17:11 +0000 (21:17 -0800)]
ovn-controller: Add data structure for indexing lports, multicast groups.
This was more or less implemented inside lflow.c until now, but some
upcoming code that shouldn't be in that file needs to use it too.
This also adds a second index on lports, so that lports can be looked up
based on the logical datapath tunnel key and the logical port tunnel key.
An upcoming commit will add a user for this new index.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Justin Pettit <jpettit@ovn.org>
Ben Pfaff [Thu, 28 Jan 2016 04:50:59 +0000 (20:50 -0800)]
ovn: Use callback function instead of simap for logical port number map.
An simap is convenient but it isn't very flexible. If the client wants to
keep extra data with each node then it has to build a second parallel data
structure. A callback function is kind of a pain for the clients from the
point of view of having to write it and deal with auxiliary data, etc., but
it allows the storage to be more flexible.
An upcoming commit will make further use of this capability.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Justin Pettit <jpettit@ovn.org>
lib/ovs-thread: make use of the pthread_attr object
The pthread_attr object needs to be passed to the pthread_create()
call in order to make use of it.
Fixes: 8147cec9ee (lib/ovs-thread: Ensure that thread stacks are
always at least 512 kB.) Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com> Acked-by: Andy Zhou <azhou@ovn.org>
Pravin B Shelar [Thu, 10 Mar 2016 00:40:40 +0000 (16:40 -0800)]
smap: bsd: Fix compilation error.
I saw following error while testing this series.
---8<---
In file included from lib/smap.c:16:
./lib/smap.h:75:56: warning: declaration of 'struct in6_addr' will not be visible outside of this function [-Wvisibility]
void smap_add_ipv6(struct smap *, const char *, struct in6_addr *);
^
lib/smap.c:102:1: error: conflicting types for 'smap_add_ipv6'
smap_add_ipv6(struct smap *smap, const char *key, struct in6_addr *addr)
^
./lib/smap.h:75:6: note: previous declaration is here
void smap_add_ipv6(struct smap *, const char *, struct in6_addr *);
Signed-off-by: Pravin B Shelar <pshelar@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
INSTALL.DPDK: remove issue with QEMU v2.4.0 and dpdkvhostuser
The patch mentioned in the commit e73b7508fb58 ("INSTALL.DPDK: Mention
issue with QEMU v2.4.0 & dpdkvhostuser") is present in DPDK v2.2.0,
then this issue is not valid anymore.
Signed-off-by: Mauricio Vasquez B <mauricio.vasquezbernal@studenti.polito.it> Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Yuanhan Liu [Tue, 8 Mar 2016 01:50:48 +0000 (09:50 +0800)]
netdev-dpdk: fix mbuf leaks
mbufs could be chained (by the "next" field of rte_mbuf struct), when
an mbuf is not big enough to hold a big packet, say when TSO is enabled.
rte_pktmbuf_free_seg() frees the head mbuf only, leading mbuf leaks.
This patch fix it by invoking the right API rte_pktmbuf_free(), to
free all mbufs in the chain.
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
andy zhou [Mon, 7 Mar 2016 23:44:34 +0000 (15:44 -0800)]
ovsdb-server: Fix a reference count leak bug
When destroying an ovsdb_jsonrpc_monitor, the jsonrpc monitor still
holds a reference count to the monitors 'changes' indexed with
'unflushed' transaction id. The bug is that the reference count was
not decremented as it should in the code path.
The bug caused 'changes' that have been flushed to all jsonrpc
clients to linger around unnecessarily, occupying increasingly
large amount of memory. See "Reported-at" URL for more details.
This bug is tricky to find since the memory is not leaked; they will
eventually be freed when monitors are destroyed.
Reported-by: Lei Huang <huang.f.lei@gmail.com>
Reported-at: http://openvswitch.org/pipermail/dev/2016-March/067274.html Signed-off-by: Andy Zhou <azhou@ovn.org> Tested-by: Han Zhou <zhouhan@gmail.com> Acked-by: Han Zhou <zhouhan@gmail.com> Acked-by: Liran Schour <lirans@il.ibm.com>
Ben Pfaff [Mon, 7 Mar 2016 22:58:25 +0000 (14:58 -0800)]
Revert "ovn-controller: race between binding-run and patch-run for localnet ports"
This reverts commit 3a83007a76bbf05144cee1fda7ad81c1c717dca7. It's really
nonobvious from the code why the condition added by that commit makes sense.
The new condition should not be necessary now that binding_run() always keeps
track of the local datapaths, since commit 7c040135cf351 (binding: Track local
datapaths even when no transaction is possible).
CC: Ramu Ramamurthy <ramu.ramamurthy@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Russell Bryant <russell@ovn.org>
Ben Pfaff [Mon, 7 Mar 2016 23:13:15 +0000 (15:13 -0800)]
unixctl: Log commands received and their replies (at debug level).
These commands are also visible through the "jsonrpc" module, but turning
up the log level there also exposes a lot of OVSDB traffic that usually
isn't interesting.
Also, enable this logging for the tests.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Justin Pettit <jpettit@ovn.org>
Ben Pfaff [Mon, 7 Mar 2016 20:53:15 +0000 (12:53 -0800)]
binding: Track local datapaths even when no transaction is possible.
Plenty of other code depends on the set of local datapaths. Most notably,
the lflow code will drop logical flows when their logical datapaths aren't
present locally.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Russell Bryant <russell@ovn.org>
Russell Bryant [Mon, 7 Mar 2016 15:47:21 +0000 (10:47 -0500)]
ovs-sandbox: Add note about OVN to initial output.
When you run ovs-sandbox, it finishes with a note describing the dummy
environment it has set up. Add some additional text that indicates that
OVN is also enabled when that is the case.
Signed-off-by: Russell Bryant <russell@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org> Acked-by: Ryan Moats <rmoats@us.ibm.com>
William Tu [Fri, 4 Mar 2016 23:18:54 +0000 (15:18 -0800)]
ofp-util: Fix use-after-free in group append.
It is possible for ofpbuf_put() to realloc a newly allocated address,
casuing the previously referenced pointer, ogds, points to old/free'd
address. The issue is generated by forcing ofpbuf_put() to use newly
allocated buffer and valgrind reports invalid write. The similiar syndrome
is reported at: https://patchwork.ozlabs.org/patch/591330/
William Tu [Sat, 5 Mar 2016 02:00:46 +0000 (18:00 -0800)]
ofpbuf: Fix use-after-free in bundle parse.
Address pointed by bundle could be obsolete/free'd when
realloc, called from ofpbuf_put_zero(), returns new address.
Reported by Valgrind 367: ovs-ofctl parse-flows (NXM)
Jarno Rajahalme [Mon, 7 Mar 2016 19:00:44 +0000 (11:00 -0800)]
ofpbuf: Fix setting of 'msg' in ofpbuf_clone_with_headroom()
Commit 38876d31 fixed setting 'msg' when resizing an ofpbuf, but
failed to fix the same issue in ofpbuf_clone_with_headroom(). Without
this fix the newly cloned ofpbuf's 'msg', if non-NULL, will point to
the buffer of the original ofpbuf.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Joe Stringer <joe@ovn.org>
Ramu Ramamurthy [Sat, 5 Mar 2016 01:40:26 +0000 (20:40 -0500)]
ovn-controller: race between binding-run and patch-run for localnet ports
when ctx->ovnsb_idl_txn is null, binding_run exits early
and does not add any local_datapaths, but patch_run
doesnt check this, and ends up deleting localnet ports,
because there are no local datapaths for them,
They get readded in a subsequent run causing unnecessary
deletion and readdition.
Signed-off-by: Ramu Ramamurthy <ramu.ramamurthy@us.ibm.com> Signed-off-by: Russell Bryant <russell@ovn.org>
Use 'RUNDIR' from make for rhel/ovn-controller.service
Perviously it was using the platform's runtime directory which can be
different from the runtime directory of ovsdb-server started by the
openvswitch service
Pravin B Shelar [Fri, 4 Mar 2016 00:15:40 +0000 (16:15 -0800)]
datapath: STT: Fix checksum handling.
On packet receive STT verifies the checksum if not done in
hardware. But IP and TCP were pulled before the verification
step. The verification expect to see packet with TCP header.
This causes STT to drop packet in certain cases.
Signed-off-by: Pravin B Shelar <pshelar@ovn.org> Acked-by: Joe Stringer <joe@ovn.org>
Joe Stringer [Thu, 3 Mar 2016 08:22:50 +0000 (21:22 +1300)]
ofp-actions: Prevent integer overflow in decode.
When decoding a variable-length action, if the length of the action
exceeds the length storable in a uint16_t then something has gone
terribly wrong. Assert that this is not the case.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Jarno Rajahalme <jarno@ovn.org>
Joe Stringer [Thu, 3 Mar 2016 08:22:49 +0000 (21:22 +1300)]
ofp-actions: Fix use-after-free in bundle action.
If the actions list in an incoming flow mod is long enough, and there is
a bundle() action with 3 or more slaves, then it is possible for a
reallocation to occur after placing the ofpact_bundle into the ofpacts
buffer, while slave ports into the buffer. If the memory freed by this
reallocation is then passed to another thread, then that thread may
modify the value that bundle->n_slaves points to. If this occurs quickly
enough before the main thread finishes copying all of the slaves, then
the iteration may continue beyond the originally intended number of
slaves, copying (and swapping) an undetermined number of 2-byte chunks
from the openflow message. Finally, the length of the ofpact will be
updated based on how much data was written to the buffer, which may be
significantly longer than intended.
In many cases, the freed memory may not be allocated to another thread
and be left untouched. In some milder bug cases, this will lead to
'bundle' actions using more memory than required. In more serious cases,
this length may then exceed the maximum length of an OpenFlow action,
which is then stored (truncated) into the 16-bit length field in the
ofpact header. Later execution of ofpacts_verify() would then use this
length to iterate through the ofpacts, and may dereference memory in
unintended ways, causing crashes or infinite loops by attempting to
parse/validate arbitrary data as ofpact objects.
Fix the issue by updating 'bundle' within the iteration, immediately
after (potentially) expanding the bundle.
Thanks to Jarno Rajahalme for his keen pair of eyes on finding this
issue.
VMWare-BZ: #1614715 Fixes: f25d0cf3c366 ("Introduce ofpacts, an abstraction of OpenFlow actions.") Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Jarno Rajahalme <jarno@ovn.org>
Joe Stringer [Thu, 3 Mar 2016 08:22:48 +0000 (21:22 +1300)]
tests: Add bundle action test with buffer realloc.
Add a test which causes internal reallocation of the ofpacts buffer,
followed by a large bundle action which should cause a subsequent
reallocation while decoding slave ports. Running this test under
valgrind reveals the issue below, which is fixed in the following
commit.
Invalid read of size 4
at 0x4CED87: decode_bundle (ofp-actions.c:1253)
by 0x4CEDFC: decode_NXAST_RAW_BUNDLE (ofp-actions.c:1272)
by 0x4DBDE6: ofpact_decode (ofp-actions.inc2:3765)
by 0x4D6914: ofpacts_decode (ofp-actions.c:5735)
by 0x4D6A3D: ofpacts_pull_openflow_actions__ (ofp-actions.c:5772)
by 0x4D74F3: ofpacts_pull_openflow_instructions (ofp-actions.c:6352)
by 0x4F59FA: ofputil_decode_flow_mod (ofp-util.c:1704)
by 0x4EAD18: ofp_print_flow_mod (ofp-print.c:786)
by 0x4F0711: ofp_to_string__ (ofp-print.c:3220)
by 0x4F0D98: ofp_to_string (ofp-print.c:3453)
by 0x5486B3: do_recv (vconn.c:644)
by 0x548498: vconn_recv (vconn.c:598)
by 0x524582: rconn_recv (rconn.c:703)
by 0x45DA61: ofconn_run (connmgr.c:1370)
by 0x45B3B4: connmgr_run (connmgr.c:323)
by 0x41D1E8: ofproto_run (ofproto.c:1762)
by 0x40CEE0: bridge_run__ (bridge.c:2885)
by 0x40D093: bridge_run (bridge.c:2940)
by 0x412F7E: main (ovs-vswitchd.c:120)
Address 0x66aa460 is 1,152 bytes inside a block of size 1,184 free'd
at 0x4C2AF2E: realloc (vg_replace_malloc.c:692)
by 0x543D27: xrealloc (util.c:123)
by 0x5089EF: ofpbuf_resize__ (ofpbuf.c:243)
by 0x508B81: ofpbuf_prealloc_tailroom (ofpbuf.c:290)
by 0x508D5C: ofpbuf_put_uninit (ofpbuf.c:364)
by 0x508DEF: ofpbuf_put (ofpbuf.c:387)
by 0x4CED7D: decode_bundle (ofp-actions.c:1255)
by 0x4CEDFC: decode_NXAST_RAW_BUNDLE (ofp-actions.c:1272)
by 0x4DBDE6: ofpact_decode (ofp-actions.inc2:3765)
by 0x4D6914: ofpacts_decode (ofp-actions.c:5735)
by 0x4D6A3D: ofpacts_pull_openflow_actions__ (ofp-actions.c:5772)
by 0x4D74F3: ofpacts_pull_openflow_instructions (ofp-actions.c:6352)
by 0x4F59FA: ofputil_decode_flow_mod (ofp-util.c:1704)
by 0x4EAD18: ofp_print_flow_mod (ofp-print.c:786)
by 0x4F0711: ofp_to_string__ (ofp-print.c:3220)
by 0x4F0D98: ofp_to_string (ofp-print.c:3453)
by 0x5486B3: do_recv (vconn.c:644)
by 0x548498: vconn_recv (vconn.c:598)
by 0x524582: rconn_recv (rconn.c:703)
by 0x45DA61: ofconn_run (connmgr.c:1370)
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Jarno Rajahalme <jarno@ovn.org>
Ian Stokes [Wed, 2 Mar 2016 20:35:54 +0000 (20:35 +0000)]
netdev_dpdk.c: Add QoS functionality.
This patch provides the modifications required in netdev-dpdk.c and
vswitch.xml to allow for a DPDK user space QoS algorithm.
This patch adds a QoS configuration structure for netdev-dpdk and
expected QoS operations 'dpdk_qos_ops'. Various helper functions
are also supplied.
Also included are the modifications required for vswitch.xml to allow a
new QoS implementation for netdev-dpdk devices. This includes a new QoS type
`egress-policer` as well as its expected QoS table entries.
The QoS functionality implemented for DPDK devices is `egress-policer`.
This can be used to drop egress packets at a configurable rate.
The INSTALL.DPDK.md guide has also been modified to provide an example
configuration of `egress-policer` QoS.
Signed-off-by: Ian Stokes <ian.stokes@intel.com> Acked-by: Flavio Leitner <fbl@sysclose.org> Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Jarno Rajahalme [Wed, 17 Feb 2016 22:08:04 +0000 (14:08 -0800)]
ofp: Add support for bundles extension in OpenFlow 1.3.
ONF Extension 230 adds support for OpenFlow 1.4 bundles to OpenFlow
1.3. Supporting this allows OpenFlow 1.3 controllers to start using
bundles. Also the ovs-ofctl '--bundle' option can now be used with
OpenFlow 1.3.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Jarno Rajahalme [Mon, 29 Feb 2016 19:13:28 +0000 (11:13 -0800)]
odp-util: Use FLOW_MAX_MPLS_LABELS when parsing MPLS ODP keys.
Even though the number of supported MPLS labels may vary between a
datapath and the OVS userspace, it is better to use the
FLOW_MAX_MPLS_LABELS than a hard-coded '3' as the maximum number of
labels to scan.
Requested-by: Ben Pfaff <blp@ovn.org> Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Andy Zhou [Wed, 24 Feb 2016 01:48:11 +0000 (17:48 -0800)]
ovsdb-server: Refactoring and clean up remote status reporting.
When reporting remote status, A listening remote will randomly
pick a session and report its session status. This does not seem
to make much sense. It is probably better to leave those fields
untouched.
Update ovs-vswitchd.conf.db(5) to match the change in implementation.
Signed-off-by: Andy Zhou <azhou@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Han Zhou [Fri, 26 Feb 2016 04:49:46 +0000 (20:49 -0800)]
ovn: Connect to remote lports through localnet port.
Before this patch, inter-chassis communication between VIFs of same
lswitch will always go through tunnel, which end up of modeling a
single physical network with many lswitches and pairs of lports, and
complexity in CMS like OpenStack neutron to manage the lswitches and
lports.
With this patch, inter-chassis communication can go through physical
networks via localnet port with a 1:1 mapping between lswitches and
physical networks. The pipeline becomes:
Han Zhou [Fri, 26 Feb 2016 04:26:23 +0000 (20:26 -0800)]
ovn: Avoid ARP responder for packets from localnet port
This is required by next commit that allows lswitch with localnet
port to be attached to multiple chassises. Without this patch, if
an ARP request comes from localnet port, on each chassis there will
be an ARP response, which is not desired.
An new stage ls_in_arp_rsp is introduced for ARP responder before
ls_in_l2_lkup.
Suggested-by: Russell Bryant <russell@ovn.org> Signed-off-by: Han Zhou <zhouhan@gmail.com> Acked-by: Russell Bryant <russell@ovn.org> Signed-off-by: Ben Pfaff <blp@ovn.org>
Detected internal interfaces: br-int p1 [ OK ]
Saving flows /usr/share/openvswitch/scripts/ovs-ctl:
line 267: /usr/share/openvswitch/scripts/ovs-save: No such file or directory
[FAILED]
Exiting ovsdb-server (3228) [ OK ]
Starting ovsdb-server [ OK ]
Configuring Open vSwitch system IDs [ OK ]
Exiting ovs-vswitchd (3243) [ OK ]
Saving interface configuration /usr/share/openvswitch/scripts/ovs-ctl:
line 294: /usr/share/openvswitch/scripts/ovs-save: No such file or directory
[FAILED]
Failed to save configuration, not replacing kernel module ... (warning).
Starting ovs-vswitchd [ OK ]
Enabling remote OVSDB managers [ OK ]
Ben Pfaff [Mon, 22 Feb 2016 17:57:50 +0000 (09:57 -0800)]
tests: Move Autotest compatibility macros into tests directory.
compat.at mixes compatibility for m4sh, which is used by Autoconf and
Autotest, with compatibility for Autotest. It makes more sense to separate
them. This moves the Autotest-only compatibility macros into an Autotest
specific file.
Ansis Atteka [Tue, 19 Jan 2016 17:59:12 +0000 (09:59 -0800)]
rhel: provide our own SELinux custom policy package
CentOS, RHEL and Fedora distributions ship with their own Open vSwitch
SELinux policy that is too strict and prevents Open vSwitch to work
normally out of the box.
As a solution, this patch introduces a new package which will "loosen"
up "openvswitch_t" SELinux domain so that Open vSwitch could operate
normally.
Intended use-cases of this package are:
1. to allow users to install newer Open vSwitch on already released Fedora,
RHEL and CentOS distributions where the default Open vSwitch SELinux policy
that shipped with the corresponding Linux distribution is not up to date
and did not anticipate that a newer Open vSwitch version might need to
invoke new system calls or need to access certain system resources that
it did not before; And
2. to provide alternative means through which Open vSwitch developers
can proactively fix SELinux related policy issues without waiting for
corresponding Linux distribution maintainers to update their central
Open vSwitch SELinux policy.
This patch was tested on Fedora 23 and CentOS 7. I verified that now
on Fedora 23 Open vSwitch can create a NetLink socket; and that I did
not see following error messages:
vlog|INFO|opened log file /var/log/openvswitch/ovs-vswitchd.log
ovs_numa|INFO|Discovered 2 CPU cores on NUMA node 0
ovs_numa|INFO|Discovered 1 NUMA nodes and 2 CPU cores
reconnect|INFO|unix:/var/run/openvswitch/db.sock: connecting...
reconnect|INFO|unix:/var/run/openvswitch/db.sock: connected
netlink_socket|ERR|fcntl: Permission denied
dpif_netlink|ERR|Generic Netlink family 'ovs_datapath' does not exist.
The Open vSwitch kernel module is p robably not loaded.
dpif|WARN|failed to enumerate system datapaths: Permission denied
dpif|WARN|failed to create datapath ovs-system: Permission denied
I did not test all Open vSwitch features so there still could be some
OVS configuration that would get "Permission denied" errors.
Since, Open vSwitch daemons on Ubuntu 15.10 by default run under "unconfined"
SELinux domain, then there is no need to create a similar debian package
for Ubuntu, because it works on default Ubuntu installation.
Numan Siddique [Mon, 22 Feb 2016 10:29:37 +0000 (15:59 +0530)]
ovn-northd: Allow lport 'addresses' to store multiple ips in each set
If a logical port has two ipv4 addresses and one ipv6 address
it will be stored as ["MAC IPv41 IPv42 IPv61"] instead of
["MAC IPv41", "MAC IPv42", "MAC IPv61"].
Signed-off-by: Numan Siddique <nusiddiq@redhat.com>
[blp@ovn.org made changes to comments and ovn.at] Signed-off-by: Ben Pfaff <blp@ovn.org>
Lance Richardson [Thu, 25 Feb 2016 15:57:28 +0000 (10:57 -0500)]
tests: Gracefully terminate daemons in OVN tests
Daemons started in OVN tests are currently killed (via "on_exit kill"
in start_daemon()). This is problematic for tools (such as gcov) that
rely on exit() being called.
Fix by using "ovs-appctl ... exit" to gracefully terminate the daemons.
Jarno Rajahalme [Thu, 25 Feb 2016 00:10:42 +0000 (16:10 -0800)]
xlate: Always recirculate after an MPLS POP to a non-MPLS ethertype.
So far we have tried to optimize MPLS POP action not to recirculate
unless later matching actually needs the inner headers. This made the
code complex and error-prone. Also the cases where this optimization
would have been useful seem rare, as one would typically want to do
something else with the inner packet than blindly send it to some
output port.
With this change multiple consecutive MPLS POPs do not need
recirculation in between, so even if the blind output case is now
little bit less optimal, the multiple POP case is correspondingly
faster with this change.
Suggested-by: Ben Pfaff <blp@ovn.org> Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Jarno Rajahalme [Thu, 25 Feb 2016 00:10:42 +0000 (16:10 -0800)]
odp-util: Format and scan multiple MPLS labels.
So far we have been limited to including only one MPLS label in the
textual datapath flow format. Allow upto 3 labels to be included so
that testing with multiple labels becomes easier.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Jarno Rajahalme [Thu, 25 Feb 2016 00:10:42 +0000 (16:10 -0800)]
tests: Fix MPLS tests.
Some MPLS tests used non-MPLS ethertype for popping a label from a
multi-label stack. Also, reveal actions in some MPLS tests. This
will make later patches more easily understandable.
Fix the mpls-xlate banner and remove '-generate' option from MPLS
tests as it is no longer needed to create recirculation state.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Andy Zhou [Mon, 22 Feb 2016 08:35:28 +0000 (00:35 -0800)]
ovsdb: avoid unnecessary call to ovsdb_monitor_get_update()
Optimizing ovsdb_jsonrpc_mintor_flush_all() by avoiding calling
ovsdb_monitor_get_update() on monitors that do not have any
unflushed updates. This change saves CPU cycles on ovsdb-server's
main loop, but should not introduce any client visible changes.
Reported-by: Liran Schour <lirans@il.ibm.com> Signed-off-by: Andy Zhou <azhou@ovn.org> Acked-by: Liran Schour <lirans@il.ibm.com> Acked-by: Ben Pfaff <blp@ovn.org>
Andy Zhou [Mon, 22 Feb 2016 08:24:06 +0000 (00:24 -0800)]
ovsdb: Fix one off error in tracking monitor changes
dbmon's changes should be stored with the next transaction number,
rather than the current transaction number. This bug causes the
changes of a transaction stored in a monitor to be unnoticed by
the jsonrpc connections that is responsible for flush the monitor
content.
However, the bug was not noticed until it was exposed by a later
optimization patch: "avoid unnecessary call to ovsdb_monitor_get_update()."
The lack of optimization means that the update is still generated
when 'unflushed' equals to n_transactions + 1, which should have
indicated the monitor has been flushed already.
Signed-off-by: Andy Zhou <azhou@ovn.org> Acked-by: Liran Schour <lirans@il.ibm.com> Acked-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Tue, 9 Feb 2016 19:44:40 +0000 (11:44 -0800)]
travis: Automatically recheck failed tests.
This should make the automatic testsuite more reliable on Travis. It's
better to fix tests to be more reliable, of course, but in practie it's
difficult to make all of them 100% reliable.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Andy Zhou <azhou@ovn.org>
Linux kernel network devices in a guest should have the number of
multi-purpose channels configured when used with DPDK multiqueue on the host.
This commit adds an example of how this can be done. Also add QEMU 2.5
requirements for multiqueue with DPDK in NEWS.
Signed-off-by: Ian Stokes <ian.stokes@intel.com> Acked-by: Flavio Leitner <fbl@sysclose.org> Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Ilya Maximets [Wed, 24 Feb 2016 14:14:43 +0000 (17:14 +0300)]
netdev-dpdk: vhost-user: Fix sending packets to queues not enabled by guest.
Currently virtio driver in guest operating system have to be configured
to use exactly same number of queues. If number of queues will be less,
some packets will get stuck in queues unused by guest and will not be
received.
Fix that by using new 'vring_state_changed' callback, which is
available for vhost-user since DPDK 2.2.
Implementation uses additional mapping from configured tx queues to
enabled by virtio driver. This requires mandatory locking of TX queues
in __netdev_dpdk_vhost_send(), but this locking was almost always anyway
because of calling set_multiq with n_txq = 'ovs_numa_get_n_cores() + 1'.
OVS_VHOST_MAX_QUEUE_NUM = 1024 chosen based on the fact that this is
the maximum number of queues supported by QEMU.
Saloni Jain [Thu, 18 Feb 2016 10:24:26 +0000 (15:54 +0530)]
Implement OFPT_TABLE_STATUS Message.
On change in a table state, the controller needs to be informed with
the OFPT_TABLE_STATUS message. The message is sent with reason
OFPTR_VACANCY_DOWN or OFPTR_VACANCY_UP in case of change in remaining
space eventually crossing any one of the threshold.
Signed-off-by: Saloni Jain <saloni.jain@tcs.com> Co-authored-by: Rishi Bamba <rishi.bamba@tcs.com> Signed-off-by: Rishi Bamba <rishi.bamba@tcs.com>
[blp@ovn.org added vacancy event initialization and tests
and updated NEWS] Signed-off-by: Ben Pfaff <blp@ovn.org>
Simon Horman [Wed, 20 Jan 2016 06:15:01 +0000 (15:15 +0900)]
flow: add miniflow_pad_from_64
Provide leading padding to allow pushing a value to a miniflow where
the value is not aligned to 64 bytes and no value has already been
pushed to the same word.
This will be used by a follow-up patch to allow layer 3 packet - that is
packets without an ethernet header - to be represented in flows.
Signed-off-by: Simon Horman <simon.horman@netronome.com> Acked-by: Jarno Rajahalme <jarno@ovn.org>
netdev-dpdk: Do not add vhost-user ports with '/' or '\' in name.
This check prevents an obvious way for a vhost-user socket to escape the
intended directory.
There might be other ways to escape the directory (none comes to mind at
the moment), but this is a problem that should be properly solved by
mandatory access control.
A similar check is done for a bridge name, since that name is used as
part of a socket as well.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Acked-by: Flavio Leitner <fbl@sysclose.org>
Mauricio Vásquez [Tue, 23 Feb 2016 22:06:38 +0000 (23:06 +0100)]
tests/dpdk/ring_client: extend range of supported dpdkr ports
Current implementation of the ring_client test only supports until the
dpdkr255 port, this patch extends it to support the full range of possible
dpdkr ports.
Signed-off-by: Mauricio Vasquez B <mauricio.vasquezbernal@studenti.polito.it> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Lance Richardson [Mon, 15 Feb 2016 15:08:51 +0000 (10:08 -0500)]
lib: Fix netbsd compilation error.
NetBSD requires <netinet/in.h> to be included before <netinit/ip6.h>.
Without this fix we have:
In file included from lib/netdev-vport.c:25:0:
/usr/include/netinet/ip6.h:82:18: error: field 'ip6_src' has incomplete type
/usr/include/netinet/ip6.h:83:18: error: field 'ip6_dst' has incomplete type
Signed-off-by: Lance Richardson <lrichard@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>