Neil McKee [Fri, 27 Jun 2014 18:19:59 +0000 (11:19 -0700)]
sflow: Export LAG, PORTNAME, and OPENFLOWPORT information also.
Export standard sFlow LAG, PORTNAME and OPENFLOWPORT structures with each
counter-sample. Add unit-test for sFlow-LAG. Adjust other unit-tests to
accommodate these new annotations.
The sFlow-LAG structures are important for topology discovery, for
troubleshooting LAG instability, and for correctly combining
sFlow feeds from multiple sources.
The OPENFLOWPORT and PORTNAME structures are important for systems that
aim to combine sFlow monitoring with OpenFlow controls, as they
provide straightforward mapping (1) between sFlow agent IP and OpenFlow
datapath-id, and (2) between interface name,ifIndex and OpenFlow
port number.
Signed-off-by: Neil McKee <neil.mckee@inmon.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Simon Horman [Tue, 11 Nov 2014 03:39:22 +0000 (12:39 +0900)]
ofp-parse: Parse (draft) OpenFlow 1.5 bucket ids.
This is part of support for (draft) OpenFlow 1.5 flow mod messages.
This adds support for specifying the bucket_id of buckets of groups in
ovs-ofctl and documents that accordingly.
ONF-JIRA: EXT-350 Signed-off-by: Simon Horman <simon.horman@netronome.com>
[blp@nicira.com tweaked the documentation] Signed-off-by: Ben Pfaff <blp@nicira.com>
Simon Horman [Tue, 11 Nov 2014 03:39:19 +0000 (12:39 +0900)]
ofp-util: Encoding and decoding of (draft) OpenFlow 1.5 group messages.
This provides the bulk of the ofproto side of support for
OpenFlow 1.5 group messages. It provides for encoding and decoding
of updated group mod and group desc reply messages. This includes
a new bucket format and their properties.
Open Flow 1.5 Groups also have properties but as no non-experimenter
properties are defined this patch does not provide parsing or encoding
of group properties.
ONF-JIRA: EXT-350 Signed-off-by: Simon Horman <simon.horman@netronome.com>
[blp@nicira.com fixed minor bugs and style issues] Signed-off-by: Ben Pfaff <blp@nicira.com>
Jarno Rajahalme [Wed, 5 Nov 2014 18:10:13 +0000 (10:10 -0800)]
Fix setting transport ports with frags.
Packets with 'LATER' fragment do not have a transport header, so it is
not possible to either match on or set transport ports on such
packets. Matching is prevented by augmenting mf_are_prereqs_ok() with
a nw_frag 'LATER' bit check. Setting the transport headers on such
packets is prevented in three ways:
1. Flows with an explicit match on nw_frag, where the LATER bit is 1:
existing calls to the modified mf_are_prereqs_ok() prohibit using
transport header fields (port numbers) in OXM/NXM actions
(set_field, move). SET_TP_* actions need a new check on the LATER
bit.
2. Flows that wildcard the nw_frag LATER bit: At flow translation
time, add calls to mf_are_prereqs_ok() to make sure that we do not
use transport ports in flows that do not have them.
3. At action execution time, do not set transport ports, if the packet
does not have a full transport header. This ensures that we never
call the packet_set functions, that require a valid transport
header, with packets that do not have them. For example, if the
flow was created with a IPv6 first fragment that had the full TCP
header, but the next packet's first fragment is missing them.
3 alone would suffice for correct behavior, but 1 and 2 seem like a
right thing to do, anyway.
Currently, if we are setting port numbers, we will also match them,
due to us tracking the set fields with the same flow_wildcards as the
matched fields. Hence, if the incoming port number was not zero, the
flow would not match any packets with missing or truncated transport
headers. However, relying on no packets having zero port numbers
would not be very robust. Also, we may separate the tracking of set
and matched fields in the future, which would allow some flows that
blindly set port numbers to not match on them at all.
For TCP in case 3 we use ofpbuf_get_tcp_payload() that requires the
whole (potentially variable size) TCP header to be present. However,
when parsing a flow, we only require the fixed size portion of the TCP
header to be present, which would be enough to set the port numbers
and fix the TCP checksum.
Finally, we add tests testing the new behavior.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Jarno Rajahalme [Wed, 5 Nov 2014 18:10:13 +0000 (10:10 -0800)]
miniflow_extract: Properly handle small IP packets.
Ethernet frames may contain padding after the IP payload. When
parsing IP packets, check the IP total size (IPv4) or IP payload size
(IPv6) to detect the size of l2 padding. The l2 padding size is
stored in the ofpbuf to prevent ofpbuf_pull from entering the padding,
as well as to allow ofpbuf_l4_size() to return the size of the IP
payload without the l2 padding.
This helps avoiding parsing truncated transport headers, for example.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Jarno Rajahalme [Mon, 10 Nov 2014 21:14:29 +0000 (13:14 -0800)]
ofproto-dpif: Clean up table lookup code.
Keep knowledge about ofproto-dpif internal rules within ofproto-dpif.
This removes duplication of code (accross multiple files), and allows
making the ofproto-dpif-xlate interface a bit smaller.
'may_packet_in' was previously not honored for the
'LOOKUP_VERDICT_DEFAULT' case. Now it is, but this change did not
break any unit tests.
Also, previously in the 'LOOKUP_VERDICT_CONTROLLER' case packet-in
messages would have been generated when the in_port could not be found
('config' was set to zero in this case, causing 'OFPUTIL_PC_NO_PACKET_IN'
flag to be zero as well). This patch changes this behavior and never
issues packet-in messages when the in_port cannot be found. This did
not break any unit tests either.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Rishi Bamba [Fri, 7 Nov 2014 12:48:48 +0000 (18:18 +0530)]
Add support for OpenFlow 1.4+ "importance" values.
This patch enables a user to set importance for a new rule via add-flow
OF1.4+ in the OVS and display the same via dump-flows command OF1.4+.
The changes are made in accordance with OpenFlow 1.4 specs to implement
eviction on the basis of "importance". This patch also enhances the
diff-flows & replace-flows CLI for addition of importance parameter in
a rule.
This doesn't actually implement eviction on the basis of importance, which
will happen in a later patch.
Signed-off-by: Rishi Bamba <rishi.bamba@tcs.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Simon Horman [Mon, 10 Nov 2014 04:47:49 +0000 (13:47 +0900)]
id-pool: Refactor id_pool_alloc_id to allow any 32 bit value to be an id
id_pool_alloc_id() was created by breaking out the recirculation
allocation code. As it is now a library call it makes sense to remove
the restriction that id 0 is reserved.
Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Simon Horman [Mon, 10 Nov 2014 04:47:48 +0000 (13:47 +0900)]
id-pool: Re-factor recirculation id allocator into standalone id pool.
Refactor the lock-free portion of the recirculation id allocator
into stand-alone id pool. This is in preparation for re-using
that portion to allocate bucket ids which are part of (draft)
OpenFlow 1.5 groups.
ONF-JIRA: EXT-350 Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Pravin B Shelar [Sat, 8 Nov 2014 15:24:42 +0000 (07:24 -0800)]
datapath: fix coding style.
Kernel datapath code has diverged from upstream code. This
makes porting patches between these two code bases harder
than it needs to be. Following patch fixes this by fixing
coding style issues on this branch.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Simon Horman [Sat, 8 Nov 2014 21:53:52 +0000 (13:53 -0800)]
datapath: Rename last_action() as nla_is_last() and move to netlink.h
The original motivation for this change was to allow the helper to be used
in files other than actions.c as part of work on an odp select group
action.
It was as pointed out by Thomas Graf that this helper would be best off
living in netlink.h. Furthermore, I think that the generic nature of this
helper means it is best off in netlink.h regardless of if it is used more
than one .c file or not. Thus, I would like it considered independent of
the work on an odp select group action.
Cc: Thomas Graf <tgraf@suug.ch> Cc: Pravin Shelar <pshelar@nicira.com> Cc: Andy Zhou <azhou@nicira.com> Signed-off-by: Simon Horman <simon.horman@netronome.com> Acked-by: Thomas Graf <tgraf@noironetworks.com> Signed-off-by: David S. Miller <davem@davemloft.net> Acked-by: Pravin B Shelar <pshelar@nicira.com>
Jarno Rajahalme [Mon, 27 Oct 2014 17:57:28 +0000 (10:57 -0700)]
classifier: Constify fields.
Some struct cls_match and cls_subtable fields were already documented
of being const. Make them const and use CONST_CAST where appropriate
to initialize them.
This will help catch future errors modifying those fields after
initialization.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Jarno Rajahalme [Mon, 3 Nov 2014 17:56:54 +0000 (09:56 -0800)]
classifier: Make classifier_find_rule_exactly() lockless.
struct cls_match 'list' member was recently changed to an rculist.
This allows classifier_find_rule_exactly() to be made lockless.
Since subtable's 'max_priority' member would still require a lock, we
no longer check it before calling find_equal(). This adds a hash
table lookup in cases where the subtable may already be known to not
contain any rule of the target priority.
classifier_find_rule_exactly() is never called on the fastpath, so
this should not be significant.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
The systemd requires some actions when the package is
installed, upgraded or removed. This patch adds the
needed RPM sections with the missing systemd actions.
There is a change in behavior - the service is not enabled
or started by default.
Signed-off-by: Flavio Leitner <fbl@redhat.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Flavio Leitner [Thu, 6 Nov 2014 18:45:29 +0000 (16:45 -0200)]
fedora-spec: add openvswitch-test package
Put the utilities that are useful to diagnose performance
and connectivity issues in Open vSwitch setup into another
package since they are not needed in most cases.
Signed-off-by: Flavio Leitner <fbl@redhat.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Thu, 6 Nov 2014 21:48:39 +0000 (13:48 -0800)]
FAQ: Describe how to add new fields and new actions.
We get these questions from time to time and it would be nice to just be
able to cut and paste the answer. (And possibly some people might actually
read the answer straight from the FAQ.)
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
Simon Horman [Wed, 5 Nov 2014 23:55:47 +0000 (15:55 -0800)]
ovs-ofctl: Only allow usable protocols for group commands
parse_ofp_group_mod_str() may limit the usable protocols according
to the group and in particular its actions. However, without this
change ovs-ofctl ignores this calculation.
Signed-off-by: Simon Horman <simon.horman@netronome.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Andy Zhou [Thu, 16 Oct 2014 22:23:11 +0000 (15:23 -0700)]
bridge: Store datapath version into ovsdb
OVS userspace are backward compatible with older Linux kernel modules.
However, not having the most up-to-date datapath kernel modules can
some times lead to user confusion. Storing the datapath version in
OVSDB allows management software to check and optionally provide
notifications to users.
Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Pravin B Shelar [Wed, 29 Oct 2014 09:45:48 +0000 (02:45 -0700)]
datapath: Convert dp rcu read operation to locked operations
dp read operations depends on ovs_dp_cmd_fill_info(). This API
needs to looup vport to find dp name, but vport lookup can
fail. Therefore to keep vport reference alive we need to
take ovs lock.
Found by code inspection.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
Ben Pfaff [Tue, 4 Nov 2014 19:17:11 +0000 (11:17 -0800)]
ofproto-dpif: Make ofproto/trace a bit more like real packet translation.
Until now, ofproto/trace has looked up the flow itself. xlate_actions()
can do the flow lookup internally and, since that is what happens when a
packet arrives, having it do its own packet lookup makes a lot of sense.
I noticed this in connection with the actset_output field, which
xlate_actions() should set to OFPP_UNSET at the beginning of translation
before looking up the flow. ofproto/trace didn't do that, so it looked
up a rule with actset_output=0 instead. By having xlate_actions() do the
lookup, the behavior can be consistent and correct.
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Motonori Shindo [Tue, 4 Nov 2014 16:12:18 +0000 (01:12 +0900)]
netflow: Fix interpretation of flow_seq.
'flow_seq" field in NetFlow v5 header should represent a number of NetFlow
flow records exported while it is representing the number of NetFlow
packets exported in the current code. This patch fixes this problem.
Signed-off-by: Motonori Shindo <motonori@shin.do> Signed-off-by: Ben Pfaff <blp@nicira.com>
David Verbeiren [Tue, 14 Oct 2014 17:01:49 +0000 (19:01 +0200)]
netdev-dpdk: Fix DPDK rings broken by multi queue
DPDK rings don't need one queue per PMD thread and don't support multiple
queues (set_multiq function is undefined). To fix operation with DPDK rings,
this patch ignores EOPNOTSUPP error on netdev_set_multiq() and provides, for
DPDK rings, a netdev send() function that ignores the provided queue id
(= PMD thread core id).
Suggested-by: Maryam Tahhan <maryam.tahhan@intel.com> Signed-off-by: David Verbeiren <david.verbeiren@intel.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
Ben Pfaff [Fri, 10 Oct 2014 05:57:47 +0000 (22:57 -0700)]
nx-match: Add support for multiple OXM field assignments for one field.
actset_output, to be added in an upcoming commit, has one OXM assignment
in OpenFlow 1.3 and another one in OpenFlow 1.5. This commit allows both
of them to be supported in appropriate OpenFlow versions.
This feature is difficult to test on its own, so the same commit that adds
actset_output support also tests this feature.
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Jarno Rajahalme [Mon, 3 Nov 2014 22:40:22 +0000 (14:40 -0800)]
ofproto-dpif-xlate: Do not clear ports with frags in xlate_actions().
Transport ports are already cleared for lookup if need be, and they
should be available for action processing, so do not clear them in
xlate_actions().
A drop flow takes care of dropping the packet, so no special case is
needed in xlate_actions().
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Jarno Rajahalme [Mon, 3 Nov 2014 22:40:22 +0000 (14:40 -0800)]
tests/ofproto-dpif - fragment handling: Add detail.
Add transport port modifications to the existing frags handling test
case.
This demonstrates incorrect behavior by not moving the destination
port number to source port in normal mode for first fragment, as the
transport port numbers have been zeroed and the move has no effect,
and by allowing moves to/from transport ports on later fragments
(which do not have a transport header).
Next patches fix these problems.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Pravin B Shelar [Thu, 16 Oct 2014 18:38:16 +0000 (11:38 -0700)]
route-table: extract gw information.
Routing table will be used by ovs userspace tunneling, it need to
know gw address, following commit extract gw information from
netlink message so that ovs can populate it in ovs route table.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com>
Pravin B Shelar [Thu, 16 Oct 2014 18:38:12 +0000 (11:38 -0700)]
route-table: Use classifier to store routing table.
Rather than using hmap for storing routing entries we can directly use
classifier which has support for priority and wildcard entries.
This makes route lookup lockless. This help when we use route lookup
for native tunneling.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Pravin B Shelar [Thu, 16 Oct 2014 18:38:06 +0000 (11:38 -0700)]
route-table: get rid of name-table
name table maintains device ifindex to name mapping. On any name
table changes it invalidate name table and routing table. So
rather than building two tables this patch moves dev name to routing
entry and build routing table on any name table changes.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com>
Ben Pfaff [Fri, 3 Oct 2014 22:49:23 +0000 (15:49 -0700)]
xenserver: Turn on SSE and SSE2 for the build, for atomic 64-bit ops.
The ovs-atomic-i586 implementation of atomic operations can implement
64-bit atomics more efficiently when SSE is supported. XenServer runs only
on 64-bit capable processors, in 32-bit mode, so we know on XenServer that
SSE and SSE2 are supported because they are architectural for amd64. Thus,
this commit enables SSE and SSE2 when building for XenServer to get the
improved atomics support.
I tested that this successfully adds -msse -msse2 to the compiler flags
inside a XenServer DDK, but I didn't actually run it on a real XenServer
install.
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>