Jakub Sitnicki [Fri, 17 May 2019 19:56:39 +0000 (12:56 -0700)]
coverage: Add command for reading counter value.
From: Jakub Sitnicki <jkbs@redhat.com>
Facilitate checking coverage counters from scripts and tests with a new
coverage/read-counter command that gets the total count for a counter.
Same could be achieved by scraping the output of coverage/show command
but the difficulties there are that output is in human readable format
and zero-value counters are not listed.
Signed-off-by: Jakub Sitnicki <jkbs@redhat.com> Acked-by: Han Zhou <hzhou8@ebay.com> Signed-off-by: Han Zhou <hzhou8@ebay.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Han Zhou [Fri, 17 May 2019 19:56:36 +0000 (12:56 -0700)]
ovn-controller: Incremental processing for address-set changes.
When the content of an address set changes, ovn-controller will
not recompute all flows but only the ones related to the changed
address-set. The performance test result is discussed at [1].
Han Zhou [Fri, 17 May 2019 19:56:35 +0000 (12:56 -0700)]
ovn-controller: Maintain resource references for logical flows.
This patch maintains the cross reference between logical flows and
the resources such as address sets and port groups that are used by
logical flows. This data will be needed in address set and port
group incremental processing.
Signed-off-by: Han Zhou <hzhou8@ebay.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Han Zhou [Fri, 17 May 2019 19:56:33 +0000 (12:56 -0700)]
ovsdb-idl: Tracking - preserve data for deleted rows.
OVSDB IDL can track changes, but for deleted rows, the data is
destroyed and only uuid is tracked. In some cases we need to
check the data of the deleted rows. This patch preserves data
for deleted rows until track clear is called.
Signed-off-by: Han Zhou <hzhou8@ebay.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Han Zhou [Fri, 17 May 2019 19:56:32 +0000 (12:56 -0700)]
ovn-controller: incremental processing for multicast group changes
This patch handles SB Multicast_Group table changes incrementally.
The Multicast_Group table changes can be triggered by creating/deleting
a lport of a lswitch. It can be also triggered indirectly by an
updating of a port-binding which is referenced by the multicast
group.
This patch together with previous incremental processing engine
related changes supports incremental processing for lflow changes
and port-binding changes of lports on other HVs, which are the most
common scenarios in a cloud where workloads come up and down.
In ovn-scale-test env [1], the total execution time of creating and
binding 10k ports on 1k HVs with 40 lswitches and 8 lrouters
(5 lswitches/lrouter), decreased from 3h40m to 1h50m because of the
less CPU on HVs. The CPU time of ovn-controller for additional 500
lports creating and binding (on top of already existed 10k lports)
decreased 90% comparing with master.
Latency for end-to-end operations of one extra port on top of the
10k lports, start from port-creation until all flows installation
on all related HVs is also improved significantly:
before: 20.6s in total
- lsp-add: 0.4s
- wait-until port up=true: 4.8s
- --wait=hv sync: 15.4s
after: 7.3s in total
- lsp-add: 0.4s
- wait-until port up=true: 4.0s
- --wait=hv sync: 2.9s
[1] https://github.com/openvswitch/ovn-scale-test
Signed-off-by: Han Zhou <hzhou8@ebay.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Han Zhou [Fri, 17 May 2019 19:56:31 +0000 (12:56 -0700)]
ovn-controller: port-binding incremental processing for physical flows
This patch implements change handler for port-binding in flow_output
for physical flows computing, so that physical flow computing will
be incremental.
Signed-off-by: Han Zhou <hzhou8@ebay.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Han Zhou [Fri, 17 May 2019 19:56:30 +0000 (12:56 -0700)]
ovn-controller: runtime_data change handler for SB port-binding
Evaluates change for SB port-binding in runtime_data node.
If the port-binding change has no impact for the runtime_data it will
not trigger runtime_data change.
Signed-off-by: Han Zhou <hzhou8@ebay.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Han Zhou [Fri, 17 May 2019 19:56:28 +0000 (12:56 -0700)]
ovn-controller: Initial use of incremental engine - quiet mode.
Incremental proccessing engine is used to compute flows. In this
patch we create below engine nodes:
- Engine nodes for each OVSDB table in local OVS DB and SB DB.
- runtime_data: compute and maintain intermediate result such
as local_datapath, etc.
- mff_ovn_geneve: MFF_* field ID for our Geneve option, which
is provided by switch.
- flow_output: compute and maintain computed flow table.
In this patch the ovn flow table is persistent across main loop
iterations, and a new index of SB uuid is maintained for the
desired flow table, which will be useful for next patches for
incremental processing.
This patch doesn't do any incremental processing yet, but it achieves
the "quiet mode": the flow computation won't be triggered by unrelated
events, such as pinctrl/ofctrl messages. The flow computation
(full compute) happens only when any of its related inputs are
changed.
Signed-off-by: Han Zhou <hzhou8@ebay.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Eli Britstein [Sun, 12 May 2019 05:51:00 +0000 (05:51 +0000)]
ofproto-dpif-xlate: Add "always" mode to priority tags
Configure "if-nonzero" priority tags to retain the 802.1Q header
when the VLAN ID is zero, except both the VLAN ID and priority are zero.
Add a "always" configuration option to retain the 802.1Q header in such
frames as well.
Signed-off-by: Eli Britstein <elibr@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Eli Britstein [Sun, 12 May 2019 05:50:59 +0000 (05:50 +0000)]
ofproto-dpif-xlate: Change priority tags from boolean to enum
Priority tags is a port configuration to determine how the port treats
priority tags, e.g. zero VLAN ID. Change the type from boolean to enum
as a pre-step towards introducing additional modes. The new options are
"never", equivalent to previously "false", and "if-nonzero",
equivalent to previously "true". "true" is still supported for backwards
compatibility.
Signed-off-by: Eli Britstein <elibr@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Aaron Conole [Tue, 21 May 2019 18:16:31 +0000 (14:16 -0400)]
conntrack: add display support for sctp
Currently, only the netlink datapath supports SCTP connection tracking,
but at least this removes the warning message that will pop up when
running something like:
ovs-appctl dpctl/dump-conntrack
This doesn't impact any conntrack functionality, just the display.
Signed-off-by: Aaron Conole <aconole@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Aaron Conole [Tue, 21 May 2019 18:16:30 +0000 (14:16 -0400)]
compat: add SCTP netfilter states for older kernels
Bake in the SCTP states from the kernel UAPI. This means an older
revision of the kernel headers won't interfere with the SCTP display
enhancement. Additionally, if a newer version is available, or if
x-compiling the datapath module we defer to that version (since this
is just meant to provide the missing definitions).
This will be used in a future commit.
Signed-off-by: Aaron Conole <aconole@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Liliia Butorina [Tue, 14 May 2019 13:08:43 +0000 (16:08 +0300)]
netdev-dpdk: Post-copy Live Migration support for vhost-user-client.
Post-copy Live Migration for vHost supported since DPDK 18.11 and
QEMU 2.12. New global config option 'vhost-postcopy-support' added
to control this feature. Ex.:
ovs-vsctl set Open_vSwitch . other_config:vhost-postcopy-support=true
Changing this value requires restarting the daemon. It's safe to
enable this knob even if QEMU doesn't support post-copy LM.
Feature marked as experimental and disabled by default because it may
cause PMD thread hang on destination host on page fault for the time
of page downloading from the source.
Feature is not compatible with 'mlockall' and 'dequeue zero-copy'.
Support added only for vhost-user-client.
Dumitru Ceara [Thu, 9 May 2019 08:09:23 +0000 (10:09 +0200)]
ovn: Properly set the index for chassis lookup
The chassis_lookup_by_name function now calls
sbrec_chassis_index_set_name instead of sbrec_chassis_set_name. Due to
the use of the wrong API memory was leaked every time a chassis was
looked up by name. This was mostly visible when chassis lookups had to
be done continuously (e.g., when two chassis were misconfigured
with the same system-id).
Acked-by: Han Zhou <hzhou8@ebay.com>
Reported-at: https://bugzilla.redhat.com/1698462 Reported-by: Alexander <alerom@rambler.ru> Signed-off-by: Dumitru Ceara <dceara@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ilya Maximets [Thu, 16 May 2019 14:58:16 +0000 (17:58 +0300)]
travis: Retry kernel download on 503 first byte timeout.
Sometimes it takes to long for CDN to reply in case of downloading
of not frequently used kernels.
For example, even on my local PC it fails to download linux-4.19.29
at the first try:
It seems that CDN downloads the tar for that time to the nearby
server and instant retry usually succeeds immediately.
503 is not a "fatal error" for wget and, unfortunately, wget on
TravisCI is too old and we can't just use "--retry-on-http-error=503"
to avoid failures in this case. So, let's just retry unconditionally.
Fallback to the direct download if CDN fails twice.
Fixes: ae6e4f12fcab ("travis: Speed up linux kernel downloads.") Signed-off-by: Ilya Maximets <i.maximets@samsung.com> Acked-by: Ben Pfaff <blp@ovn.org>
Yi-Hung Wei [Mon, 20 May 2019 19:39:10 +0000 (12:39 -0700)]
rhel: Add 4.12 kernel support in ovs-kmod-manage.sh
This patch extends c3570519ecaf ("rhel: add 4.4 kernel in kmod build
with mulitple versions, fedora") that updates ovs-kmod-manage.sh to
support SLES 12 SP4 kernel (4.12.x, x>=14).
For some distros, openvswitch-kmod rpm package may contain multiple
ovs kernel modules built against different kernels to deal with kernel
ABI changes and kernel module compatibility issues. For rpm that
packages with multiple kernel modules, ovs-kmod-manage.sh is invoked
during the rpm post installation stage to 1) select the proper kernel
module to be used; 2) create symbolic links to the proper kernel module
in the weak-updates directory if needed.
For SLES 12 SP4, since the weak-modules utility is not available, even
though there is no ovs related kernel ABI changes for its
currently 5 available kernels from 4.12.14-94.41.1 to 4.12.14-95.16.1,
we still want to invoke ovs-kmod-manage.sh to create weak-updates
symbolic links if the kernel that build the rpm package is different
from the installed kernel.
Notice that ovs-kmod-manage.sh assumes the oldest compatible kernel
is used to build the kernel module rpm. For example, on SLES 12 SP4
it would be,
Ilya Maximets [Thu, 16 May 2019 13:40:24 +0000 (16:40 +0300)]
doc: Fix cropped what-is-ovs page.
Despite of comments in both files no-one ever adjusted start/end-line
in 'what-is-ovs' document. As a result, current document contains
truncated "tools" section.
Let's replace start/end-line with start-after/end-before which requires
less attention. Additionally, 'make docs-check' will fail if specified
lines will not be found, i.e it'll be harder to mess up the docs again.
"Fixes" tag points to commit that broke the lines first.
Fixes: 602e24ee189b ("doc: Remove experimental warning for DPDK.") Signed-off-by: Ilya Maximets <i.maximets@samsung.com> Acked-by: Stephen Finucane <stephen@that.guru>
Ilya Maximets [Tue, 14 May 2019 16:23:59 +0000 (19:23 +0300)]
cirrus: Disable coredumps on FreeBSD.
Some tests uses 'kill -SEGV' to simulate segfault of a child process.
This causes test failures on CirrusCI because process hangs in DL state
for more than 10 seconds:
./daemon-py.at:69: kill -SEGV $child
daemon-py.at:69: waiting while kill -0 $child...
daemon-py.at:69: wait failed after 10 seconds
./ovs-macros.at:219: hard failure
Testing shows that on CirrusCI with FreeBSD 11.2 coredump takes 4+
seconds and with FreeBSD 12.0 it takes 8+ seconds for successful runs
and fails the testsuite frequently. It's hard to determine the root
cause, but most probably it happens because of overloaded CirrusCI
community cluster.
Let's just disable coredumps in 'prepare_script'. This makes no harm
because we can't take them out of CI anyway.
Currently we have rhel/openvswitch.spec.in that provides
sysv scripts. The fedora package provides systemd scripts.
If one upgrades openvswitch package from sysv to systemd,
you will end up in a situation where old OVS daemons are
running, but systemd does not know about it. One "restart"
is needed for systemd to see the old daemons. Another "restart"
or "force-reload-kmod" is needed to actually use the new
daemons.
This commit, just takes care of the first restart. The "real"
restart/force-reload-kmod will still have to be done outside
the package installation.
fedora: Ability to auto enable openvswitch service.
We currently have rhel/openvswitch.spec.in that automatically
enables openvswitch service when the package is installed using
chkconfig.
But fedora rpm may not enable openvswitch service automatically.
The macro currently being used in fedora rpm (systemd_post) will
look for preset files in /etc/systemd/system-preset/ to figure
out whether openvswitch service needs to be automatically enabled.
But, the fedora package does not provide such a file. The argument
is that people may want to install the package for binaries and
not necessarily to run OVS.
If someone now wants to install the fedora package and automatically
enable openvswitch, he will have to create a new package that OVS
package depends on to install the preset file. This is unwieldy.
This commit, provides a rpm build time option to enable the openvswitch
service automatically. If you now run the below command, openvswitch
service will be automatically enabled during package installation.
Yifeng Sun [Fri, 10 May 2019 19:30:14 +0000 (12:30 -0700)]
datapath: Support kernel version 4.19.x and 4.20.x
This patch updated acinclude.m4 so that OVS can be compiled on 4.19.x
and 4.20.x kernels.
This patch also updated travis files so that latest kernel versions
are used during travis test builds.
Tested-by: Greg Rose <gvrose8192@gmail.com> Reviewed-by: Greg Rose <gvrose8192@gmail.com> Acked-by: Yi-Hung Wei <yihung.wei@gmail.com> Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
netfilter: Remove useless param helper of nf_ct_helper_ext_add
The param helper of nf_ct_helper_ext_add is useless now, then remove
it now.
Signed-off-by: Gao Feng <gfree.wind@vip.163.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This patch backports the above upstream patch to OVS.
Cc: Gao Feng <gfree.wind@vip.163.com> Tested-by: Greg Rose <gvrose8192@gmail.com> Reviewed-by: Greg Rose <gvrose8192@gmail.com> Acked-by: Yi-Hung Wei <yihung.wei@gmail.com> Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
openvswitch: use nf_ct_get_tuplepr, invert_tuplepr
These versions deal with the l3proto/l4proto details internally.
It removes only caller of nf_ct_get_tuple, so make it static.
After this, l3proto->get_l4proto() can be removed in a followup patch.
Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Pravin B Shelar <pshelar@ovn.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This patch backports the above upstream kernel patch to OVS.
Cc: Florian Westphal <fw@strlen.de> Tested-by: Greg Rose <gvrose8192@gmail.com> Reviewed-by: Greg Rose <gvrose8192@gmail.com> Acked-by: Yi-Hung Wei <yihung.wei@gmail.com> Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Yifeng Sun [Fri, 10 May 2019 19:30:11 +0000 (12:30 -0700)]
datapath: Fix conntrack_count related compilation errors
This patch fixes the compilation errors of OVS on 4.19+ kernels.
Tested-by: Greg Rose <gvrose8192@gmail.com> Reviewed-by: Greg Rose <gvrose8192@gmail.com> Acked-by: Yi-Hung Wei <yihung.wei@gmail.com> Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
ipv6: remove dependency of nf_defrag_ipv6 on ipv6 module
IPV6=m
DEFRAG_IPV6=m
CONNTRACK=y yields:
net/netfilter/nf_conntrack_proto.o: In function `nf_ct_netns_do_get':
net/netfilter/nf_conntrack_proto.c:802: undefined reference to `nf_defrag_ipv6_enable'
net/netfilter/nf_conntrack_proto.o:(.rodata+0x640): undefined reference to `nf_conntrack_l4proto_icmpv6'
Setting DEFRAG_IPV6=y causes undefined references to ip6_rhash_params
ip6_frag_init and ip6_expire_frag_queue so it would be needed to force
IPV6=y too.
This patch gets rid of the 'followup linker error' by removing
the dependency of ipv6.ko symbols from netfilter ipv6 defrag.
Shared code is placed into a header, then used from both.
Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This patch backports the above upstream patch to OVS.
Cc: Florian Westphal <fw@strlen.de> Tested-by: Greg Rose <gvrose8192@gmail.com> Reviewed-by: Greg Rose <gvrose8192@gmail.com> Acked-by: Yi-Hung Wei <yihung.wei@gmail.com> Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
netfilter: conntrack: pass nf_hook_state to packet and error handlers
nf_hook_state contains all the hook meta-information: netns, protocol family,
hook location, and so on.
Instead of only passing selected information, pass a pointer to entire
structure.
This will allow to merge the error and the packet handlers and remove
the ->new() function in followup patches.
Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This patch backports the above upstream patch to OVS and fixes compiling
errors on RHEL kernels.
Cc: Florian Westphal <fw@strlen.de> Tested-by: Greg Rose <gvrose8192@gmail.com> Reviewed-by: Greg Rose <gvrose8192@gmail.com> Acked-by: Yi-Hung Wei <yihung.wei@gmail.com> Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Yifeng Sun [Fri, 10 May 2019 19:30:08 +0000 (12:30 -0700)]
datapath: Handle removal of nf_conntrack_l3proto.h
Upstream kernel commit a0ae2562 ("netfilter: conntrack: remove l3proto
abstraction") removed header file net/netfilter/nf_conntrack_l3proto.h.
This patch detects it and fixes compilation errors of OVS on 4.19+ kernels.
Tested-by: Greg Rose <gvrose8192@gmail.com> Reviewed-by: Greg Rose <gvrose8192@gmail.com> Acked-by: Yi-Hung Wei <yihung.wei@gmail.com> Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Darrell Ball [Thu, 9 May 2019 15:15:07 +0000 (08:15 -0700)]
conntrack: Add rcu support.
For performance and code simplification reasons, add rcu support for
conntrack. The array of hmaps is replaced by a cmap as part of this
conversion. Using a single map also simplifies the handling of NAT
and allows the removal of the nat_conn map and friends. Per connection
entry locks are introduced, which are needed in a few code paths.
Signed-off-by: Darrell Ball <dlu998@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
ovs-save: Handle cases of upgrades from very old OVS versions.
We have added code to ovs-save over the last few releases
which makes the following bad assumptions.
1. The default OpenFlow version of running daemon is OpenFlow14.
Impact: This causes upgrades from older OVS versions to end up with no
flows in their bridges (even the default 'NORMAL' ones) causing traffic
to stop.
2. That ovs-ofctl commands like dump-groups and dump-tlv-map
will just work with old OVS versions.
Impact: Does not look like it effects the upgrade in a bad away - except
you get some errors.
Since OpenFlow14 was enabled by default in OVS 2.8, this commit makes
a lazy assumption that any upgrade of OVS from versions before 2.7
will not attempt to save and restore flows.
VMware-BZ: #2340482 Signed-off-by: Gurucharan Shetty <guru@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Use sb mac binding table to trigger ip buffer dequeueing instead of
the APR/ND packet reception since the ARP reply can be managed on a
different chassis if a gw router port is scheduled on a different
node
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Leonid Ryzhyk [Thu, 2 May 2019 17:37:57 +0000 (10:37 -0700)]
ovn: Added missing --wait in ovn tests
Several of the ovn tests did not use the `--wait` flag to to wait for a
configuration change to propagate through the system. As a result,
these tests fail when `ovn-northd` is slow.
Fixed by adding `--wait=hv` or `--wait=sb` as appropriate.
Signed-off-by: Leonid Ryzhyk <ryzhyk@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
system-offloads-traffic.at: Fix requesting HW offloaded flows from veth.
veth pair doesn't offload anything to HW. i.e. we should use 'tc' type
while requesting flows. 'offloaded' kept just in case to not update the
test if veths will be HW offloaded someday.
Additionally fixed missed for unknown reason 'ipv4' fields. Also
dropped stripping of the errors from log.
Fixes test:
2: offloads - ping between two ports - offloads enabled ok
CC: Gavi Teitz <gavi@mellanox.com> Fixes: d63ca5329ff9 ("dpctl: Properly reflect a rule's offloaded to HW state") Acked-by: Roi Dayan <roid@mellanox.com> Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Yifeng Sun [Fri, 26 Apr 2019 21:42:07 +0000 (14:42 -0700)]
datapath: Fix compiling error for 4.14.111+ kernel
Acked-by: Yi-Hung Wei <yihung.wei@gmail.com> Tested-by: Greg Rose <gvrose8192@gmail.com> Reviewed-by: Greg Rose <gvrose8192@gmail.com> Fixes: f72469405eec9 ("datapath: meter: Use struct_size() in kzalloc()") Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
ovn-northd: Fix the HA_Chassis sync issue in OVN SB DB
ovn-northd deletes and recreates HA_Chassis rows (which belong
to a HA_Chassis_Group) whenever the HA_Chassis_Group/Gateway_Chassis
rows in Northbound DB are out of sync. If a Chassis table row in
Southbound DB is deleted and if this row is referenced by HA_Chassis
row (in Southbound DB), then the present code syncs the HA_Chassis
rows continously and this causes the ovn-controller's to wake up
and results in 100% cpu usage.
This was a simple case which the commit 1be1e0e5e0d1 ("ovn: Add generic HA chassis group") missed out addressing.
This patch fixes this issue.
Fixes: 1be1e0e5e0d1 ("ovn: Add generic HA chassis group")
Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2019-April/048580.html Reported-by: Daniel Alvarez Sanchez (dalvarez@redhat.com) Signed-off-by: Numan Siddique <nusiddiq@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
datapath-windows: Do not send out nbls when cloned nbls are being accessed
As per MSDN documentation, "As soon as a filter driver calls the
NdisFSendNetBufferLists function, it relinquishes ownership of
the NET_BUFFER_LIST structures and all associated resources.
A filter driver should never try to examine the NET_BUFFER_LIST
structures or any associated data after calling NdisFSendNetBufferLists".
When freeing up memory of a cloned nbl, parent's nbl and context
is being accessed, which is incorrect can cause BSOD.
With this patch, original nbl is sent out only when cloned nbl is done
with packet processing and its memory is freed.
Signed-off-by: Anand Kumar <kumaranand@vmware.com> Acked-by: Alin Gabriel Serdean <aserdean@ovn.org> Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
Ben Pfaff [Tue, 23 Apr 2019 23:42:32 +0000 (16:42 -0700)]
sparse: Configure target operating system and fix fallout.
cgcc, the "sparse" wrapper that OVS uses, can be told the host architecture
or the host OS or both. Until now, OVS has told it the host architecture
because it is fairly common that it doesn't guess it automatically. Until
now, OS has not told it the host OS, assuming that it would get it right.
However, it doesn't--if you tell it the host OS or the host architecture,
it doesn't really have a default for the other. This means that on Linux
(presumably the only OS where sparse works properly for OVS), it was not
defining __linux__, which caused some weird behavior.
This commit adds a flag to the cgcc invocation to make it define __linux__
on Linux, and it fixes some errors that this would otherwise cause.
Acked-by: Ilya Maximets <i.maximets@samsung.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Recent commit in "sparse" broke checking the OVS sources, because
'make' uses '-MD' flag to generate dependencies as a side effect
within compilation commands, but "sparse" skips all the build commands
that contains '-MD' and friends.
Let's revert the bad commit as a workaround before installing "sparse"
in TravisCI.
Additionally fixed a false-positive:
./lib/bitmap.h:64:29: error: shift too big (64) for type unsigned long
Currently, rule_insert() API does not have return value. There are some
possible scenarios where rule insertions can fail at run-time even though the
static checks during rule_construct() had passed previously. Some possible
scenarios for failure of rule insertions:
**) Rule insertions can fail dynamically in Hybrid mode (both Openflow and
Normal switch functioning coexist) where the CAM space could get suddenly
filled up by Normal switch functioning and Openflow gets devoid of available
space.
**) Some deployments could have separate independent layers for HW rule
insertions and application layer to interact with OVS. HW layer could face any
dynamic issue during rule handling which application could not have
predicted/captured in rule-construction phase.
Rule-insert errors for bundles are handled too.
Testing: Tested failures of rule insertions and also with bundles.
Signed-off-by: Aravind Prasad S <aravind.sridharan at dell.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Zhantao Fu [Tue, 23 Apr 2019 11:04:25 +0000 (19:04 +0800)]
Double postponing to free subtables.
Subtable destruction should be double postponed because readers could still obtain old values while iterating over pvector implementation before its new version published.
Signed-off-by: Zhantao Fu <fuzhantao@huawei.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
OVN: Clarify docs about the default transport zone
This patch is extending the documentation about the new transport zones
feature to clarify that if no transport zones are set, the chassis will
belong to a default group.
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
This patch is adding support for Transport Zones. Transport zones (a.k.a
TZs) is way to enable users of OVN to separate Chassis into different
logical groups that will only form tunnels between members of the same
groups. Each Chassis can belong to one or more Transport Zones. If
not set, the Chassis will be considered part of a default group.
Configuring Transport Zones is done by creating a key called
"ovn-transport-zones" in the external_ids column of the Open_vSwitch
table from the local OVS instance. The value is a string with the name
of the Transport Zone that this instance is part of. Multiple TZs can
be specified with a comma-separated list. For example:
$ sudo ovs-vsctl set open . external-ids:ovn-transport-zones=tz1
or
$ sudo ovs-vsctl set open . external-ids:ovn-transport-zones=tz1,tz2,tz3
This configuration is also exposed in the Chassis table of the OVN
Southbound Database in a new column called "transport_zones".
The use for Transport Zones includes but are not limited to:
* Edge computing: As a way to preventing edge sites from trying to create
tunnels with every node on every other edge site while still allowing
these sites to create tunnels with the central node.
* Extra security layer: Where users wants to create "trust zones"
and prevent computes in a more secure zone to communicate with a less
secure zone.
This patch is also backward compatible so the upgrade guide for OVN [0]
is still valid and the ovn-controller service can be upgraded before the
OVSDBs.
The old git tree git://git.kernel.org/pub/scm/devel/sparse/chrisl/sparse.git
has not been updated since 2016, and that triggers the following build error
on Ubuntu 18.04 host with 2.27-3 libc6-dev. So update the sparse git repo
to the new one.
/usr/include/stdlib.h:140:17: error: Expected ; at end of declaration
/usr/include/stdlib.h:140:17: error: got strtof32
/usr/include/stdlib.h:146:17: error: Expected ; at end of declaration
/usr/include/stdlib.h:146:17: error: got strtof64
/usr/include/stdlib.h:158:18: error: Expected ; at end of declaration
/usr/include/stdlib.h:158:18: error: got strtof32x
/usr/include/stdlib.h:233:33: error: Expected ) in function declarator
/usr/include/stdlib.h:233:33: error: got __f
/usr/include/stdlib.h:239:33: error: Expected ) in function declarator
/usr/include/stdlib.h:239:33: error: got __f
/usr/include/stdlib.h:251:35: error: Expected ) in function declarator
/usr/include/stdlib.h:251:35: error: got __f
/usr/include/stdlib.h:316:17: error: Expected ; at end of declaration
/usr/include/stdlib.h:316:17: error: got strtof32_l
/usr/include/stdlib.h:323:17: error: Expected ; at end of declaration
/usr/include/stdlib.h:323:17: error: got strtof64_l
/usr/include/stdlib.h:337:18: error: Expected ; at end of declaration
/usr/include/stdlib.h:337:18: error: got strtof32x_l
Makefile:5288: recipe for target 'lib/aes128.lo' failed
make[2]: *** [lib/aes128.lo] Error 1
...
Tested on Jarvis: https://travis-ci.org/YiHungWei/ovs/builds/521979625
Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Han Zhou [Fri, 19 Apr 2019 19:17:47 +0000 (12:17 -0700)]
ovsdb raft: Avoid unnecessary reconnecting during leader election.
If a server claims itself as "disconnected", all clients connected
to that server will try to reconnect to a new server in the cluster.
However, currently a server would claim itself as disconnected even
when itself is the candidate and try to become the new leader (most
likely it will be), and all its clients will reconnect to another
node.
During a leader fail-over (e.g. due to a leader failure), it is
expected that all clients of the old leader will have to reconnect
to other nodes in the cluster, but it is unnecessary for all the
clients of a healthy node to reconnect, which could cause more
disturbance in a large scale environment.
This patch fixes the problem by slightly change the condition that
a server regards itself as disconnected: if its role is candidate,
it is regarded as disconnected only if the election didn't succeed
at the first attempt. Related failure test cases are also unskipped
and all passed with this patch.
Signed-off-by: Han Zhou <hzhou8@ebay.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
In commit-2bcb3b70 (ovsdb raft: Move ovsdb cluster tests to separate
testsuite.) the "clustered transactions" tests were left unexecuted
because they depend on "EXECUTION_EXAMPLES", which is defined in
ovsdb-execution.at.
Signed-off-by: Han Zhou <hzhou8@ebay.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
ovn: Generate ICMPv4 packet in router pipeline for larger packets
This patch adds 2 stages in router pipeline after ARP_RESOLVE
and adds the logical flows to check the packet length and
generate ICMPv4 packet.
* S_ROUTER_IN_CHK_PKT_LEN - Which checks the packet length using
check_pkt_larger OVN action
* S_ROUTER_IN_LARGER_PKTS - Which generates icmp packet with
type 3 (Destination Unreachable),
code 4 (Frag Needed and DF was Set)
icmp4.frag_mtu = gw_mtu
In order to add these logical flows, CMS should set the
option 'gateway_mtu' for the distributed logical router port.
Signed-off-by: Numan Siddique <nusiddiq@redhat.com> Acked-by: Mark Michelson <mmichels@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Previous commit added a new OVS action 'check_pkt_larger'. This
patch supports that action in OVN. The syntax to use this would be
reg0[0] = check_pkt_larger(LEN)
Upcoming commit will make use of this action in ovn-northd and
will generate an ICMPv4 packet if the packet length is greater than
the specified length.
Signed-off-by: Numan Siddique <nusiddiq@redhat.com> Acked-by: Mark Michelson <mmichels@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
This action is similar to the existing 'icmp4' OVN action except that
that this action is expected to be used to generate an ICMPv4 packet
in response to an error in original IP packet. When this action
injects the icmpv4 packet, it also copies the original IP datagram
following the icmp4 header as per RFC 1122: 3.2.2
Signed-off-by: Numan Siddique <nusiddiq@redhat.com> Acked-by: Mark Michelson <mmichels@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
In order to support OVN specific fields (which are not yet
supported in OpenvSwitch to set or modify values) a generic
OVN field support is added in this patch. These OVN fields
gets translated to controller actions.
This patch adds only one field for now - icmp4.frag_mtu.
It should be fairly straightforward to add similar fields in the
near future.
pinctrl module of ovn-controller will set the specified value
in the the low-order 16 bits of the ICMP4 header field that is
labelled "unused" in the ICMP specification as defined in the RFC 1191.
Upcoming patch will use it to send an icmp4 packet if the
source IPv4 packet destined to go via external gateway needs to
be fragmented.
Signed-off-by: Numan Siddique <nusiddiq@redhat.com> Acked-by: Mark Michelson <mmichels@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
This patch adds a new action - 'check_pkt_len' which checks the
packet length and executes a set of actions if the packet
length is greater than the specified length or executes
another set of actions if the packet length is lesser or equal to.
This action takes below nlattrs
* OVS_CHECK_PKT_LEN_ATTR_PKT_LEN - 'pkt_len' to check for
* OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER - Nested actions
to apply if the packet length is greater than the specified 'pkt_len'
* OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL - Nested
actions to apply if the packet length is lesser or equal to the
specified 'pkt_len'.
The main use case for adding this action is to solve the packet
drops because of MTU mismatch in OVN virtual networking solution.
When a VM (which belongs to a logical switch of OVN) sends a packet
destined to go via the gateway router and if the nic which provides
external connectivity, has a lesser MTU, OVS drops the packet
if the packet length is greater than this MTU.
With the help of this action, OVN will check the packet length
and if it is greater than the MTU size, it will generate an
ICMP packet (type 3, code 4) and includes the next hop mtu in it
so that the sender can fragment the packets.
Reported-at:
https://mail.openvswitch.org/pipermail/ovs-discuss/2018-July/047039.html Suggested-by: Ben Pfaff <blp@ovn.org> Signed-off-by: Numan Siddique <nusiddiq@redhat.com> CC: Gregory Rose <gvrose8192@gmail.com> CC: Pravin B Shelar <pshelar@ovn.org> Acked-by: Pravin B Shelar <pshelar@ovn.org> Tested-by: Greg Rose <gvrose8192@gmail.com> Reviewed-by: Greg Rose <gvrose8192@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Use of 'nla_parse_strict()' (in validate_and_copy_check_len()) is available
only in recent kernels. So changed it to 'nla_parse_nested()'.
Signed-off-by: Numan Siddique <nusiddiq@redhat.com> Tested-by: Greg Rose <gvrose8192@gmail.com> Reviewed-by: Greg Rose <gvrose8192@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
This patch adds a new action 'check_pkt_larger' which checks if the
packet is larger than the given size and stores the result in the
destination register.
This patch makes use of the new datapath action - 'check_pkt_len'
which was recently added in the commit [1].
At the start of ovs-vswitchd, datapath is probed for this action.
If the datapath action is present, then 'check_pkt_larger'
makes use of this datapath action.
Datapath action 'check_pkt_len' takes these nlattrs
* OVS_CHECK_PKT_LEN_ATTR_PKT_LEN - 'pkt_len' to check for
* OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER (optional) - Nested actions
to apply if the packet length is greater than the specified 'pkt_len'
* OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL (optional) - Nested
actions to apply if the packet length is lesser or equal to the
specified 'pkt_len'.
Let's say we have these flows added to an OVS bridge br-int
Then the action 'check_pkt_larger' will be translated as
- check_pkt_len(size=100,gt(3),le(4))
datapath will check the packet length and if the packet length is greater than 100,
it will output to port 3, else it will output to port 4.
In case, datapath doesn't support 'check_pkt_len' action, the OVS action
'check_pkt_larger' sets SLOW_ACTION so that datapath flow is not added.
This OVS action is intended to be used by OVN to check the packet length
and generate an ICMP packet with type 3, code 4 and next hop mtu
in the logical router pipeline if the MTU of the physical interface
is lesser than the packet length. More information can be found here [2]
William Tu [Fri, 19 Apr 2019 22:26:41 +0000 (15:26 -0700)]
dpif-netdev: fix meter at high packet rate.
When testing packet rate around 1Mpps with meter enabled, the frequency
of hitting meter action becomes much higher, around 30us each time.
As a result, the meter's calculation of 'uint32_t delta_t' becomes
always 0 and meter action has no effect. This is due to the previous
commit 05f9e707e194 divides the delta by 1000, in order to convert to
msec granularity. The patch fixes it updating the time when across
millisecond boundary.
Fixes: 05f9e707e194 ("dpif-netdev: Use microsecond granularity.") Acked-by: Yi-Hung Wei <yihung.wei@gmail.com> Acked-by: Ilya Maximets <i.maximets@samsung.com> Signed-off-by: William Tu <u9012063@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
dpif-netdev: Update comment about flow installation race.
Userspace datapath uses per-PMD flow tables/classifiers for a long
time. However, it was decided to keep this race window to not block
revalidators. Comment should be updated to reflect the current state.
Fixes: 1c1e46ed8457 ("dpif-netdev: Add per-pmd flow-table/classifier.") Signed-off-by: Ilya Maximets <i.maximets@samsung.com> Reviewed-by: Greg Rose <gvrose8192@gmail.com> Signed-off-by: Ian Stokes <ian.stokes@intel.com>
Commit bde94613e627 was aimed to slightly ( < 1%) increase performance
in the case where EMC disabled, but it avoids RSS hash calculation and
OVS has to calculate it while executing OVS_ACTION_ATTR_HASH in order
to handle balanced-tcp bonding. At the time of executing that action
there is no parsed flow, and OVS parses the packet for the second time
to calculate the hash. This happens for all packets received from the
virtual interfaces because they have no HW RSS.
Here is the example of 'perf' output for VM --> (bonded PHY) traffic:
We can see that packet parsed twice. First time by 'miniflow_extract'
right after receiving and the second time by 'flow_extract' while
executing actions.
In this particular case calculating RSS on receive saves > 7% of the
total CPU processing time. It varies from ~7 to ~10 % depending on
scenario/traffic types.
It's better to calculate hash each time because performance
improvements of avoiding are negligible in compare with performance
drop in case of sending packets to bonded interface.
Another solution could be to pass the parsed flow explicitly through
the datapath, but this will require big code changes and will have
additional overhead for metadata updating on packet changes.
Also, this change should have small impact since SMC works well in most
cases and will be enabled/recommended by default in the future.
CC: Antonio Fischetti <antonio.fischetti@intel.com> Fixes: bde94613e627 ("dpif-netdev: Avoid reading RSS hash when EMC is disabled.") Signed-off-by: Ilya Maximets <i.maximets@samsung.com> Signed-off-by: Ian Stokes <ian.stokes@intel.com>
ovn/utilities/ovn-nbctl.c: In function 'print_routing_policy':
ovn/utilities/ovn-nbctl.c:3620:23: error: format '%ld' expects argument
of type 'long int', but argument 3 has type 'int64_t'
policy->match, policy->action, next_hop);
^
ovn/utilities/ovn-nbctl.c:3624:23: error: format '%ld' expects argument
of type 'long int', but argument 3 has type 'int64_t'
policy->match, policy->action);
^
ovn/utilities/ovn-nbctl.c: In function 'cmd_ha_ch_grp_list':
ovn/utilities/ovn-nbctl.c:5056:27: error: format '%lu' expects argument
of type 'long unsigned int', but argument 10 has type 'int64_t'
ha_ch->priority);
^
cc1: all warnings being treated as errors
make[2]: *** [ovn/utilities/ovn-nbctl.o] Error 1
I confirmed that the dst entry also has dst->input set to
dst_md_discard, so it looks like it's an entry that's been
initialized via __metadata_dst_init alright.
I think the fix here is to use skb_valid_dst(skb) - it checks
for DST_METADATA also, and with that fix in place, the
problem - which was previously 100% reproducible - disappears.
The below patch resolves the panic and all bpf tunnel tests pass
without incident.
Fixes: c8b34e680a09 ("ip_tunnel: Add tnl_update_pmtu in ip_md_tunnel_xmit") Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org> Signed-off-by: Alan Maguire <alan.maguire@oracle.com> Acked-by: Alexei Starovoitov <ast@kernel.org> Tested-by: Anders Roxell <anders.roxell@linaro.org> Reported-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Tested-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Acked-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Fixed up for backward compatibility to our own compat layer ip_tunnel.c
module.
Cc: Alan Maguire <alan.maguire@oracle.com> Reviewed-by: Yifeng Sun <pkusunyifeng@gmail.com> Signed-off-by: Greg Rose <gvrose8192@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
net: openvswitch: fix missing checks for nla_nest_start
nla_nest_start may fail and thus deserves a check.
The fix returns -EMSGSIZE when it fails.
Signed-off-by: Kangjie Lu <kjlu@umn.edu> Signed-off-by: David S. Miller <davem@davemloft.net> Cc: Kangjie Lu <kjlu@umn.edu> Reviewed-by: Yifeng Sun <pkusunyifeng@gmail.com> Signed-off-by: Greg Rose <gvrose8192@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
upcall is dereferenced even when genlmsg_put fails. The fix
goto out to avoid the NULL pointer dereference in this case.
Signed-off-by: Kangjie Lu <kjlu@umn.edu> Signed-off-by: David S. Miller <davem@davemloft.net> Cc: Kangjie Lu <kjlu@umn.edu> Reviewed-by: Yifeng Sun <pkusunyifeng@gmail.com> Signed-off-by: Greg Rose <gvrose8192@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Patch series "generic radix trees; drop flex arrays".
This patch (of 7):
There was no real need for this code to be using flexarrays, it's just
implementing a hash table - ideally it would be using rhashtables, but
that conversion would be significantly more complicated.
Link: http://lkml.kernel.org/r/20181217131929.11727-2-kent.overstreet@gmail.com Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com> Reviewed-by: Matthew Wilcox <willy@infradead.org> Cc: Pravin B Shelar <pshelar@ovn.org> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Dave Hansen <dave.hansen@intel.com> Cc: Eric Paris <eparis@parisplace.org> Cc: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Cc: Neil Horman <nhorman@tuxdriver.com> Cc: Paul Moore <paul@paul-moore.com> Cc: Shaohua Li <shli@kernel.org> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Vlad Yasevich <vyasevich@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: Kent Overstreet <kent.overstreet@gmail.com> Reviewed-by: Yifeng Sun <pkusunyifeng@gmail.com> Signed-off-by: Greg Rose <gvrose8192@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
ovn-fedora spec generates the rpms - ovn, ovn-common, ovn-host etc
in which ovn is an empty package. The ovn fedora spec file here [1]
has moved all the ovn-common files to the 'ovn' package.
This patch does the same.
Flavio Leitner [Tue, 26 Mar 2019 17:15:00 +0000 (14:15 -0300)]
netlink linux: fix to append the netnsid netlink attr.
The attribute was being prepended to the netlink buffer, but
the function nl_sock_transact_multiple__() expects to find the
netlink header as first to update the length, seq and pid fields.
This patch fixes to append the attribute instead of prepending it.
Fixes: 756819ddd788 ("netdev-linux: use netlink to update netdev.") Acked-by: Aaron Conole <aconole@redhat.com> Signed-off-by: Flavio Leitner <fbl@sysclose.org> Signed-off-by: Ben Pfaff <blp@ovn.org>
Flavio Leitner [Tue, 26 Mar 2019 17:14:59 +0000 (14:14 -0300)]
netlink linux: account for the netnsid netlink attr.
The buffer needs to be reallocated and data copied when
the netnsid netlink attribute is included, so avoid that
by accounting the attribute when the buffer is initially
allocated.
Fixes: 756819ddd788 ("netdev-linux: use netlink to update netdev.") Acked-by: Aaron Conole <aconole@redhat.com> Signed-off-by: Flavio Leitner <fbl@sysclose.org> Signed-off-by: Ben Pfaff <blp@ovn.org>