Ben Pfaff [Wed, 6 Mar 2013 17:25:40 +0000 (09:25 -0800)]
ofproto: Merge all the CFM query functions into one.
This eliminates several function calls and in particular several
hash table lookups to find structures corresponding to a port
number from iface_refresh_cfm_stats().
This does not seem to reduce CPU use, but the code is shorter
and more readable.
Bug #15171. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Ethan Jackson <ethan@nicira.com>
Ben Pfaff [Tue, 5 Mar 2013 21:12:08 +0000 (13:12 -0800)]
timeval: Increase accuracy of cached time 4X, from 100 ms to 25 ms.
With CFM and other tunnel monitoring protocols, having a fairly precise
time is good. My measurements don't show this change increasing CPU use.
(In fact it appears to repeatably reduce CPU use slightly, from about
22% to about 20% with 1000 CFM instances, although it's not obvious why.)
Bug #15171. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Ethan Jackson <ethan@nicira.com>
Jesse Gross [Wed, 6 Mar 2013 08:10:01 +0000 (00:10 -0800)]
datapath: Fix circular dependency between bug.h and kernel.h.
In Linux 3.4 the definition for BUILD_BUG_ON_NOT_POWER_OF_2 was
moved from kernel.h to bug.h. On various kernels these header
files include each other in various orders (often through a
long chain of other header files), which can create circular
dependency issues. Since we not longer need this definition,
this simply removes the backport.
ovs-ctl.in: Restore interfaces and ofports for userspace restarts.
When we upgrade from pre-1.9 to 1.10 or later branches, when just
the user space daemons are restarted, with the older kernel module
intact, datapaths are recreated.
This results in loosing the internal interface states like ip addresses,
routing table entries etc. Also, the 'ofport' value of the older interfaces
change.
With this patch we restore the interface states, ofport values etc,
when "ovs-ctl restart" or "/etc/init.d/openvswitch[-switch] restart
--save-flows" is called. The later command is automatically called
when debian packages are installed.
Previously, we would null the variables holding the names of the restore
scripts in case there were any errors in creating the restore script or if
we did not need to run a particular restore script. That is not necessary,
as we can just check the execution permission set on those scirpts.
Also, carve out a couple of functions which will be used in the next commit.
Pravin B Shelar [Mon, 4 Mar 2013 21:00:25 +0000 (13:00 -0800)]
Tunnel: Cleanup old tunnel infrastructure.
Since userspace flow based tunneling code is checked in, the kernel
port based tunneling code can be removed.
Patch removes following components:
- tunnel ports hash table and moved tunnel ports list to individual
vports.
- Cleaned per tnl-port config.
- OVS_KEY_ATTR_TUN_ID action is removed.
Pravin B Shelar [Fri, 1 Mar 2013 00:15:00 +0000 (16:15 -0800)]
datapath: Increase maximum allocation size of action list.
The switch to flow based tunneling increased the size of each output
action in the flow action list. In extreme cases, this can result
in the action list exceeding the maximum buffer size.
This doubles the maximum buffer size to compensate for the increase
in action size.
Action list is recieved from netlink callback which is allocating
linear-skb, therefore allocating another multi-page buffer would
not increase probability of the allocation-failure a lot.
Simon Horman [Wed, 27 Feb 2013 07:12:16 +0000 (16:12 +0900)]
nx-match: Correct writing of value and length in set_field_to_ofast()
ofpbuf_put_* may reallocate the underlying buffer of the ofpbuf and
thus writing data after a ofpbuf_put_* call must write to memory
relative to the pointer returned by the call.
Prior to this change the length and trailing value would not be written to
the set_field action if ofpbuf_put_* may reallocated the underlying buffer.
Also make use of ofpbuf_put_zero() to avoid calling memset() directly.
Tested-by: Simon Horman <horms@verge.net.au> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
Andy Zhou [Thu, 28 Feb 2013 03:20:07 +0000 (19:20 -0800)]
python: Do not include time stamp in syslog messages.
vlog.py currently generates the same log messages, starts with the time stamp
information, for console, syslog and file. All messages start with current
time stamp information.
Syslogd, by default, prepends time stamp with each message already. Thus
the time stamp generated by vlog.py is redundant.
This patch removes time stamp from the message before vlog.py sends it
to syslogd.
Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Kyle Mestery [Thu, 28 Feb 2013 14:30:16 +0000 (09:30 -0500)]
tunnel: Only print non-default UDP dst_port for LISP/VXLAN tunnels
In get_tunnel_config(), distinguish between VXLAN and LISP when deciding
whether or not to print UDP destination port. Only add the UDP
destination port for either protocol if it is not the default UDP port.
Update the LISP unit test to match the new behavior as well.
Signed-off-by: Kyle Mestery <kmestery@cisco.com>
[jesse: merge common test for VXLAN and LISP] Signed-off-by: Jesse Gross <jesse@nicira.com>
Ethan Jackson [Wed, 27 Feb 2013 03:12:22 +0000 (19:12 -0800)]
ofproto-dpif: Handle tunnel config changes in facet_revalidate().
For most of the history of Open vSwitch, one could assume that a
given datapath flow key would consistently translate into the same
userspace struct flow representation. However, with the switch to
flow based tunneling, we now have a situation where a database
configuration change can cause a datapath flow key's in_port to
correspond to a completely different OpenFlow in_port possibly on a
completely different bridge. This can cause all sorts of problems,
including traffic black holes due to confused facet revalidations.
To solve the problem, this patch verifies that each facet's
subfacets still result in the appropriate struct flow. If a facet
fails this test, it is simply removed.
Bug #15213. Signed-off-by: Ethan Jackson <ethan@nicira.com>
Ethan Jackson [Wed, 27 Feb 2013 23:44:06 +0000 (15:44 -0800)]
ofproto-dpif: Ignore subfacet install errors.
When we fail to install a subfacet, there's not much we can do
other than note that it happened. However, doing this requires us
to maintain a pointer to a subfacet which theoretically could be
destroyed by facet_revalidate() later. This patch solves the
problem by simply assuming dpif_flow_put() always succeeds. This
should have no effect on behavior.
Ethan Jackson [Wed, 27 Feb 2013 04:10:46 +0000 (20:10 -0800)]
ofproto-dpif: Always maintain subfacet key.
Due to flow based tunneling, we can no longer assume that it's
possible to reconstruct a subfacet's key from its facet's flow.
The flow's in_port may be stale due to tunnel configuration
changes.
Lorand Jakab [Fri, 22 Feb 2013 05:52:04 +0000 (21:52 -0800)]
Add support for LISP tunneling
LISP is an experimental layer 3 tunneling protocol, described in RFC
6830. This patch adds support for LISP tunneling. Since LISP
encapsulated packets do not carry an Ethernet header, it is removed
before encapsulation, and added with hardcoded source and destination
MAC addresses after decapsulation. The harcoded MAC chosen for this
purpose is the locally administered address 02:00:00:00:00:00. Flow
actions can be used to rewrite this MAC for correct reception. As such,
this patch is intended to be used for static network configurations, or
with a LISP capable controller.
ovs-bugtool: Ability to collect number of logs through plugins.
A new option "--log-days" recently added lets us to control the
number of rotated logs included in the debug bundle. This option
only works on log files defined inside the ovs-bugtool code.
This patch lets us to do the same with logs collected through plugins.
The example format inside a plugin is:
<files type="logs">
/var/log/one
</files>
This will collect one, one.[1-x], one.[1-x].gz. Where 'x' is 20
by default and can be controlled by the option '--log-days' passed
to ovs-bugtool.
Shih-Hao Li [Fri, 22 Feb 2013 16:54:04 +0000 (08:54 -0800)]
Add binary option for command outputs collected by ovs-bugtool
Current ovs-bugtool collects command outputs as text strings.
Thus it reads the output by lines. For commands that generate
huge binary data, it becomes very inefficient to read the output.
The change here is to use a 1MB buffer to read binary data
instead of reading them by lines.
Signed-off-by: Shih-Hao Li <shihli@vmware.com> Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
debian: Remove openvswitch-ipsec dependency from dbg package.
The openvswitch-dbg package does not have any binaries from
openvswitch-ipsec package. So remove the dependency.
While trying to install a openvswitch-dbg package currently,
we are forced to install racoon and openvswitch-ipsec package
which is not really necessary.
Ethan Jackson [Fri, 22 Feb 2013 03:13:16 +0000 (19:13 -0800)]
in-band: Use "internal" netdev type for local ports.
A bridge's local port always has type "internal", so opening it
with type "system" can't be correct. This was causing upgrade
problems. Specifically, in certain bridge topologies, if there was
a manager set force-reload-kmod would fail. This is because the
local port netdev would open in the in-band code with type
"system", confusing the more important netdev_open() in
iface_create().
Bug #15067. Signed-off-by: Ethan Jackson <ethan@nicira.com>
so after it, we should recompute the checksum to include these 4 bytes.
skb->data still points to the mac header, therefore VLAN header is at
(2 * ETH_ALEN = 12) bytes after it, not (ETH_HLEN = 14) bytes.
Therefore the VLAN_HLEN = 4 bytes after 2 * ETH_ALEN is the part
we want to sub from checksum.
Cc: David S. Miller <davem@davemloft.net> Cc: Jesse Gross <jesse@nicira.com> Signed-off-by: Cong Wang <amwang@redhat.com> Signed-off-by: Jesse Gross <jesse@nicira.com>
Pravin B Shelar [Sat, 23 Feb 2013 01:16:11 +0000 (17:16 -0800)]
datapath: Increase maximum allocation size of action list.
The switch to flow based tunneling increased the size of each output
action in the flow action list. In extreme cases, this can result
in the action list exceeding the maximum buffer size.
This doubles the maximum buffer size to compensate for the increase
in action size. In the common case, most allocations will be
less than a page and those uses kmalloc. Therefore, for the majority
of situations, this will have no impact.
Justin Pettit [Fri, 22 Feb 2013 22:07:47 +0000 (14:07 -0800)]
ofproto-dpif: Look at the flow's ofproto when handling flow misses.
When handling flow misses, an attempt is made to group identical packets
together. Before the single datapath, each OpenFlow port number was
unique, so the flow_equal() function was sufficient to check whether
packets are identical. With the single datapath, the OpenFlow port
numbers are shared across bridges, so packets that arrive at the same
time and are identical other than their ingress port were being serviced
by the same ofproto instance. This commit changes the duplicate flow
finding function to take the ofproto into account.
Bug #14934
Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ethan Jackson <ethan@nicira.com>
Justin Pettit [Fri, 22 Feb 2013 02:46:20 +0000 (18:46 -0800)]
match: Only print tp_src and tp_dst for TCP and UDP.
When printing a match, we would print "tp_src" and "tp_dst" if the
packet wasn't ICMPv4 or ICMPv6. Unfortunately, this doesn't cover ARP.
This changes the check to only print those keys if the network protocol
is TCP or UDP.
Ansis Atteka [Thu, 14 Feb 2013 00:48:46 +0000 (16:48 -0800)]
tunnel: set skb mark for IPsec tunnel packets
The new ovs-monitor-ipsec implementation will use skb marks in
IPsec policies. This patch will configure datapath to use these
skb marks for IPsec tunnel packets.
Pravin B Shelar [Tue, 19 Feb 2013 20:45:57 +0000 (12:45 -0800)]
datapath: Remove CAPWAP tunneling support.
The CAPWAP implementation is just the encapsulation format and
therefore really not the full protocol. While there were some
uses of it (primarily hardware support and UDP transport). But
these are most likely better provided by VXLAN.
Following patch removes CAPWAP tunneling support.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
Rich Lane [Fri, 8 Feb 2013 23:29:57 +0000 (15:29 -0800)]
datapath: Fix parsing invalid LLC/SNAP ethertypes
Before this patch, if an LLC/SNAP packet with OUI 00:00:00 had an ethertype
less than 1536 the flow key given to userspace in the upcall would contain the
invalid ethertype (for example, 3). If userspace attempted to insert a kernel
flow for this key it would be rejected by ovs_flow_from_nlattrs.
This patch allows OVS to pass the OFTest pktact.DirectBadLlcPackets.
Signed-off-by: Rich Lane <rlane@bigswitch.com> Signed-off-by: Jesse Gross <jesse@nicira.com>
Jesse Gross [Tue, 19 Feb 2013 19:01:33 +0000 (11:01 -0800)]
datapath: Use nla_len() in queue_userspace_packet().
Commit e995e3df57ea4e27678bc0bea5eb30872994155b (Allow
OVS_USERSPACE_ATTR_USERDATA to be variable length.) introduced an
open coded version of nla_len() in queue_userspace_packet(). This
replaces it with the equivalent function call.
Ethan Jackson [Sat, 16 Feb 2013 20:07:18 +0000 (12:07 -0800)]
ofproto-dpif: Receive special packets on patch ports.
Commit 0a740f48293 (ofproto-dpif: Implement patch ports in
userspace.) allowed special packets (i.e. LACP, CFM, etc) to be
sent on patch ports, but not received. This patch implements the
logic required to receive special packets on patch ports.
Bug #15154. Signed-off-by: Ethan Jackson <ethan@nicira.com>
Ben Pfaff [Sat, 16 Feb 2013 00:48:32 +0000 (16:48 -0800)]
Allow OVS_USERSPACE_ATTR_USERDATA to be variable length.
Until now, the optional OVS_USERSPACE_ATTR_USERDATA attribute had to be
exactly 64 bits long, if it was present. However, 64 bits is not enough
space to associate as much information with a flow as would be convenient
for some userspace features now under development. This commit generalizes
the attribute, allowing it to be any length.
This generalization is backward-compatible: if userspace only uses 64-bit
attributes, then it will not see any change in behavior.
Currently we do not include ovs-bugtool in xenserver rpms.
This is because xen-bugtool provides the information required
to debug openvswitch. But xen-bugtool also provides a lot more
data that is not required for openvswitch debugging. This makes
the debug bundle quite huge.
Also, xen-bugtool takes a lot of time to collect the required
information. For example, in my xenserver6.0.2 with 100 OVS
interfaces, 'xen-bugtool -y -s' takes 180 seconds to finish
creating a debug bundle with a size of 124M.
On the other hand, if we run a ovs-bugtool command of the form
'ovs-bugtool -y -s --log-days=10 --outfile bundle.tar.gz', it
takes 5 seconds to finish with a debug bundle size of 28M.
In my tests, I see that creating a tar.gz takes a lot less
time than creating a tar.bz2. The difference in compressed
size of the debug bundle is not much different when either
of the above is used. So, use tar.gz as the default debug
bundle type.
Test results in my setup:
For an uncompressed debug bundle size of 250MB(95% of it is log files),
bz2 takes 50 seconds whereas gz takes 8 seconds. xz took 90 seconds.
gz, bz2 and xz compressed the debug bundle into 144M, 139M and 131M
respectively.
ovs-bugtool: Don't run a few ethtool commands on virtual devices.
There can be a few hundred virtual interfaces in a hypervisor.
Some of the ethtool commands that we currently run on these devices
probably does not provide any extra information. So remove them
for tap and vif interfaces.
Also bump up the size limitation for CAP_NETWORK_STATUS. The
current value is quite low and a 50 MB limit pre-compression
does not add much to the overall size.
ovs-bugtool: Ability to collect the number of rotated logs.
A big reason for a large debug bundle size is the size of log
files. By default we collect 20 rotated logs for each logfile.
Most of the times we collect the debug bundle as soon as we
hit a bug. In such cases, we know that we need only one day's
worth of logs.
This patch adds an option, '--log-days' to ovs-bugtool wherein
we can specify how many days worth of rotated logs do we need
as part of the debug bundle.
ovs-bugtool: Provide a separate capability to openvswitch logs.
Currently we have a 50 MB size limitation for all logs. This looks
quite less because a single uncompressed log can be 50 MB which
will result in ovs-bugtool picking a single log.
While debugging issues related to openvswitch, it is important that
we have all logs related to openvswitch atleast. This patch provides
a new capability for openvswitch logs with no size limitation. This
should not be a problem since compression reduces the size of the logs
quite a bit.
Also increase the size limitation for the regular system logs to 200 MB.
A future commit adds an option '--log-days' to control the number of logs
that we collect.
rhel, xenserver: Make logrotate daily and compress old logs.
The default values can be different and usually comes from /etc/logrotate.conf.
For xenserver6.0.2, the values in /etc/logrotate.conf is daily and compress.
So this patch does not make any difference. But it does future proof against
any changes in xenserver in the future.
For rhel6.1, the values are weekly and un-compress.
Kyle Mestery [Thu, 14 Feb 2013 14:37:28 +0000 (09:37 -0500)]
vxlan: Change dpif_backer->tnl backer to a "struct simap"
Move dpif_backer->tnl_backers from a "struct sset" to a
"struct simap". Store odp_port in the new map. This will make it easier to
access the odp_port for future patches.
Signed-off-by: Kyle Mestery <kmestery@cisco.com> Acked-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Wed, 13 Feb 2013 23:50:54 +0000 (15:50 -0800)]
ofproto-dpif: Move 'orig_flow' from action_xlate_ctx to local variable.
A comment said that this was necessary to silence a false-positive warning
from GCC 4.4. However, it no longer triggers a warning for me, so enough
must have changed in the meantime to make GCC happy.
Ben Pfaff [Tue, 12 Feb 2013 23:56:10 +0000 (15:56 -0800)]
ofproto-dpif: Reduce number of get_ofp_port() calls during flow xlate.
Until now the flow translation code has done one get_ofp_port() call
initially to check for special processing, then one for each level of
action processing. Only one call is actually necessary, though, because
the in_port of a flow doesn't change in ordinary circumstances, and so this
commit eliminates the unnecessary calls.
The one case where the in_port can change is when a packet passes through
a patch port. The implementation here was buggy anyway: when the patch
port's peer had forwarding disabled by STP, then the code would drop all
ODP actions, even those that were executed before the packet crossed the
patch port. This commit fixes that case.
With a complicated flow table involving multiple levels of resubmit, this
increases flow setup performance by 2-3%.
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Ethan Jackson <ethan@nicira.com>
Ben Pfaff [Tue, 12 Feb 2013 23:49:12 +0000 (15:49 -0800)]
ofp-msgs: ensure that l2 is set in ofpmp_reserve()
Ensure that the buffer returned by ofpmp_reserve() has buf->l2 set
as this may be required by nxm_reg_load_to_nxast() when generating
the reply to an stats request
This problem was observed when dumping a large number of flows
with set_field actions using ovs-ofctl dump-flows.
Signed-off-by: Ben Pfaff <blp@nicira.com> Co-authored-by: Simon Horman <horms@verge.net.au> Signed-off-by: Simon Horman <horms@verge.net.au>
In fact, the "target" column cannot be made unique within the
Controller table, because different bridges are allowed to have
the same target. OVSDB does not have a way to express this
constraint, so it must be omitted entirely.
Reported-by: Saul St. John <sstjohn@cs.wisc.edu> CC: Natasha Gude <natasha@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Tue, 12 Feb 2013 08:00:42 +0000 (00:00 -0800)]
Make OpenFlow 1.2+ role replies return the generation ID.
OpenFlow extensibility working group issue EXT-272 clarifies the use of
the generation_id in role reply messages as used for the current generation
ID or all-1-bits if there is no current generation ID. This commit
implements EXT-272 in Open vSwitch.
Unfortunately the full text of EXT-272 is not available freely online.
(The "open" part of the Open Networking Foundation is the network, not
the foundation)
EXT-272. CC: Jarno Rajahalme <jarno.rajahalme@nsn.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Tue, 12 Feb 2013 07:55:31 +0000 (23:55 -0800)]
ofp-util: Simplify struct ofputil_role_request.
It makes more sense to use enum ofp12_controller_role here than
to use enum nx_role, because the former is a superset of the latter and
we can then get rid of a bool member too.
Ben Pfaff [Mon, 11 Feb 2013 21:46:42 +0000 (13:46 -0800)]
vswitchd: Require "target" column to be unique in OVS database.
Commit cc7ecee48 (vswitchd: Add unique indexes for some columns.) says,
in part:
With this commit, the database server itself rejects attempts to add
Port or Interface records with duplicate names or Controller or
Manager records with duplicate targets.
but in fact didn't change the Controller table as described. This commit
fixes that.
This commit updates the schema version number's major version, because this
is a potentially non-backward compatible change, if some user depended on
the ability to add Controller records with duplicate targets. However, if
anyone thinks this is a bad idea, then I'm open to discussion.
Reported-by: Natasha Gude <natasha@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Ethan Jackson <ethan@nicira.com>
Ben Pfaff [Fri, 17 Aug 2012 23:08:17 +0000 (16:08 -0700)]
tests: Set explicit bond mode in LACP test.
This avoids a log warning:
bridge|WARN|port bond: Using the default bond_mode active-backup.
Note that in previous versions, the default bond_mode was balance-slb
This warning is harmless, but I'm trying to add checks for "warn" and
higher severity log messages to the tests, so it makes sense to get rid of
this one.
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Ethan Jackson <ethan@nicira.com>
Pavithra Ramesh [Fri, 8 Feb 2013 20:37:18 +0000 (12:37 -0800)]
stream-unix: Use rundir as root for relative paths.
Until now, "unix:" and "punix:" paths that are not absolute have
been considered relative to the current working directory. It
is more useful to consider them relative to the rundir, so this
commit makes that change to the C and Python implementations of
the stream code.
This commit also relaxes the whitelist check in the bridge code
so that any name that does not contain a "/" is considered OK.
Signed-off-by: Pavithra Ramesh <paramesh@vmware.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Jarno Rajahalme [Thu, 7 Feb 2013 22:06:23 +0000 (00:06 +0200)]
classifier: Maintain tables in descending priority order.
Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com>
[blp@nicira.com: this along with Jarno's previous patch to the
classifier give me a combined 15% boost in "ovs-benchmark rate"
with a complicated flow table involving multiple resubmits] Signed-off-by: Ben Pfaff <blp@nicira.com>
ovs-pki: Increase the validity period for all certificates.
This patch increases the certificate validity to 100 years
for certificate authorities, the certificates that they certify
and for self signed certificates.
Ethan Jackson [Fri, 8 Feb 2013 02:39:24 +0000 (18:39 -0800)]
tunnel: Treat in_key=0 the same as a missing in_key.
The documented behavior of ovs is that a missing key is the
same as a zero key. However, the tunneling code actually treated
them differently. This could cause problems with tunneling modes
such as vxlan which always have a key. Specifically, a tunnel with
no key configured, would send have to send traffic with a key of
zero. However, the same tunnel would drop incoming traffic with a
zero key because it was expecting there to be none at all.
Ethan Jackson [Thu, 7 Feb 2013 00:45:38 +0000 (16:45 -0800)]
tunnel: Log tunneling changes at INFO level.
These log messages occur infrequently, and are quite useful when
debugging problems after the fact. So they should be logged at
info level which makes them more readily available.
Cong Wang [Wed, 6 Feb 2013 22:40:36 +0000 (14:40 -0800)]
datapath: adjust skb_gso_segment() for calling in rx path
skb_gso_segment() is almost always called in tx path,
except for openvswitch. It calls this function when
it receives the packet and tries to queue it to user-space.
In this special case, the ->ip_summed check inside
skb_gso_segment() is no longer true, as ->ip_summed value
has different meanings on rx path.
This patch adjusts skb_gso_segment() so that we can at least
avoid such warnings on checksum.
Cc: Jesse Gross <jesse@nicira.com> Cc: David S. Miller <davem@davemloft.net> Signed-off-by: Cong Wang <amwang@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
[jesse: backport to kernels before 3.9 and add to tunnel.c] Signed-off-by: Jesse Gross <jesse@nicira.com>