Simon Horman [Thu, 31 Oct 2013 04:00:02 +0000 (13:00 +0900)]
Return no protocols if mask is supplied for unmaskable match
Currently if a mask is supplied for an unmaskable match then NOT_REACHED()
is called. The effect of this for a user calling ovs-vsctl with a match
that includes a mask which is not permitted is to politely inform them of
the error of their ways by calling abort and segfaulting.
This patch takes an alternate approach to return no protocols which has the
has the effect when that ovs-vsctl is called with a match that includes a
mask which is not permitted an error message of the following form is
displayed.
ovs-ofctl: none of the usable flow formats (none) is among the allowed flow formats (OpenFlow10,NXM)
This patch also updates the ovs-ofctl test to test matches with masks
where possible.
Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
Jarno Rajahalme [Tue, 29 Oct 2013 23:39:52 +0000 (16:39 -0700)]
classifier: Rename struct cls_table as cls_subtable.
The naming of the classifier table has been a source of confusion,
since each OpenFlow table is implemented as a classifier, which
consists of multiple (sub)tables. This name change hopefully makes
classifier related discussion a bit less confusing.
For consistency, relevant field names as well as the function and
variable names have been renamed in similar fashion.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Tue, 29 Oct 2013 20:01:07 +0000 (13:01 -0700)]
vtep: Bring BFD specification in vtep.xml into sync with OVS.
A number of new key-value pairs have been added to the bfd and bfd_status
columns of the OVS schema since the VTEP schema was created. To aid
interoperability between OVS instances and VTEPs, this patch brings
the VTEP schema into line with that of OVS.
CC: Bruce Davie <bdavie@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Implement OFPT_QUEUE_GET_CONFIG_REQUEST and OFPT_QUEUE_GET_CONFIG_REPLY.
Open vSwitch has never implemented this request and reply, even though they
have been in OpenFlow since version 1.0. This commit adds an
implementation.
Signed-off: Venkitachalam Gopalakrishnan <gops@vmware.com> Co-authored-by: Ben Pfaff <blp@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Joe Stringer <joestringer@nicira.com>
Jarno Rajahalme [Mon, 28 Oct 2013 20:54:40 +0000 (13:54 -0700)]
TCP flags matching support.
tcp_flags=flags/mask
Bitwise match on TCP flags. The flags and mask are 16-bit num‐
bers written in decimal or in hexadecimal prefixed by 0x. Each
1-bit in mask requires that the corresponding bit in port must
match. Each 0-bit in mask causes the corresponding bit to be
ignored.
TCP protocol currently defines 9 flag bits, and additional 3
bits are reserved (must be transmitted as zero), see RFCs 793,
3168, and 3540. The flag bits are, numbering from the least
significant bit:
Jarno Rajahalme [Mon, 28 Oct 2013 20:54:39 +0000 (13:54 -0700)]
Widen TCP flags handling.
Widen TCP flags handling from 7 bits (uint8_t) to 12 bits (uint16_t).
The kernel interface remains at 8 bits, which makes no functional
difference now, as none of the higher bits is currently of interest
to the userspace.
Pravin B Shelar [Fri, 25 Oct 2013 20:42:12 +0000 (13:42 -0700)]
datapath: Enable all GSO features on internal port.
OVS already can handle all types of segmentation offloads that
are supported by the kernel.
Following patch specifically enables UDP and IPV6 segmentation
offloads.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
Ben Pfaff [Fri, 25 Oct 2013 20:31:50 +0000 (13:31 -0700)]
ofproto: Avoid abandoning an ofopgroup without committing it.
Commit e3b5693319c (Fix table checking for goto table instruction.) moved
action checking into modify_flows__(), for good reason, but as a side
effect made modify_flows__() abandon and never commit the ofopgroup that it
started, if action checking failed. This commit fixes the problem.
The following commands, run under "make sandbox", illustrate the problem.
Without this change, the final command hangs because the barrier request
that ovs-ofctl sends never gets a response (because barriers wait for all
ofopgroups to complete, which never happens). With this commit, the
commands complete quickly:
Ben Pfaff [Fri, 25 Oct 2013 16:22:37 +0000 (09:22 -0700)]
jsonrpc: Only compose message to log if it's really going to be logged.
This suppresses a testsuite failure when the testsuite is run from a
directory whose name contains a non-ASCII character. I'd rather fix the
problem but webpages like the following make it sound difficult or
impossible on Python 2.x: http://stackoverflow.com/a/11742928
Ben Pfaff [Fri, 25 Oct 2013 16:22:36 +0000 (09:22 -0700)]
tests: Skip Python daemon tests in directory with non-ASCII name.
The Debian autobuild machines run their builds inside a top-level
directory named /«BUILDDIR». That name contains two non-ASCII characters
that cause the Python code in the interface-reconfigure and ovs-monitor-ipsec
tests to fail. The problem seems to be related to the locale, because
switching to a UTF-8 locale allows the tests to proceed farther but does
not fix the problem. I was not able to easily fix the actual problem.
Web searches turn up articles that imply that the problem is not
reasonably fixable with Python 2.x, e.g.:
http://stackoverflow.com/a/11742928
This commit instead avoids the problem by skipping these tests if the
current working directory's name contains non-ASCII characters. This is
a legitimate solution only because interface-reconfigure and
ovs-monitor-ipsec run from initscripts and thus their current working
directories are system directories. (Also, the current working directory
matters much less when run in a real environment because the --root-prefix
option that causes the issue is not used in a real environment.)
YAMAMOTO Takashi [Thu, 24 Oct 2013 03:07:44 +0000 (12:07 +0900)]
ofproto: Report multipart buffer overflow.
Because our size of the multipart request buffer is effectively 0,
always report multipart buffer overflow error for multipart requests
with "more" flag set.
While this might be simpler if done in ofp-msgs.c, i put this in
ofproto.c because it seems like a better place to implement the
buffering logic if/when desirable.
An option question: what to do for the following messages with the
same xid? especially for the last message which doesn't have the
"more" flag set? it would be neater to detect and drop them.
Signed-off-by: YAMAMOTO Takashi <yamamoto@valinux.co.jp> Signed-off-by: Ben Pfaff <blp@nicira.com>
Pravin B Shelar [Wed, 23 Oct 2013 21:34:39 +0000 (14:34 -0700)]
datapath: Per cpu flow stats.
With mega flow implementation ovs flow can be shared between
multiple CPUs which makes stats updates highly contended
operation. Following patch allocates separate stats for each
CPU to make stats update scalable.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
Jarno Rajahalme [Wed, 23 Oct 2013 19:52:57 +0000 (12:52 -0700)]
lib/ofp-actions: Enforce action consistency.
OpenFlow 1.1+ specs encourage switches to verify action consistency
at flow setup time. Implement this for OpenFlow 1.1+ only to not
break any current OF 1.0 based use.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Wed, 23 Oct 2013 20:46:57 +0000 (13:46 -0700)]
ofp-actions: Make union ofp_action more generic.
Make union ofp_action more generic by allowing it to be used for
all actions. OFP_ACTION_ALIGN (which is 8, as the sizeof(union
ofp_action) used to be) is now used where sizeof union ofp_action
was used before. On the same note, variable name 'n_actions' is
changed to 'max_actions' as the number of actions cannot be simply
divided when actions have various sizes.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Wed, 23 Oct 2013 16:58:34 +0000 (09:58 -0700)]
Allow OFPACT_SET_IP_DSCP to act on both IPv4 and IPv6 packets.
This removes semantic differences between different OpenFlow
versions, making it easier to translate between them.
Also, rename OFPACT_SET_IPV4_DSCP to OFPACT_SET_IP_DSCP.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Wed, 23 Oct 2013 04:58:58 +0000 (21:58 -0700)]
pinsched: Eliminate function callback in interface.
I'm not a fan of function callbacks because I feel that they obscure
interfaces. This eliminates the function callback used until now in
the pinsched code.
Ben Pfaff [Wed, 23 Oct 2013 04:36:22 +0000 (21:36 -0700)]
fail-open: Add function to identify fail-open's flows.
This seems slightly cleaner than embedding this logic directing into
ofproto-dpif, since it is an interface that theoretically could be useful
to other ofproto providers.
Ben Pfaff [Tue, 22 Oct 2013 23:57:46 +0000 (16:57 -0700)]
ofp-util: Use correct cookie value in "packet_in"s when no flow involved.
OpenFlow 1.3 uses all-1-bits in a packet_in to indicate that the packet_in
was not generated by a flow, but Open vSwitch incorrectly used 0. This
fixes the problem.
For consistency, this commit also changes NXT_PACKET_IN to use all-1-bits
for this case, event though NXT_PACKET_IN was previously defined to use
zero. This doesn't appear to make a difference for the NVP controller; if
it causes a problem for some other controller then I will revert that part
of the change.
Ben Pfaff [Tue, 22 Oct 2013 23:32:13 +0000 (16:32 -0700)]
connmgr: Move send_len from ofputil_packet_in to ofproto_packet_in.
send_len is not directly part of the OpenFlow packet_in message, at least
given that it is partially redundant with packet_len. send_len is, rather,
a request to the connmgr that expresses how many bytes the action requested
be sent to the controller, but the connmgr cannot always honor it.
Ben Pfaff [Tue, 22 Oct 2013 23:16:31 +0000 (16:16 -0700)]
ofproto, ofp-util: Begin disentangling packet-in wire format and handling.
struct ofputil_packet_in mixes data included in OpenFlow packet_in messages
with data that used internally by ofproto and connmgr to queue and route
packet_ins. This commit begins disentangling these purposes by adding a
new struct ofproto_packet_in that wraps struct ofputil_packet_in. Adding
this new level of indirection causes a lot of code churn, so this commit
mainly takes care of that to make the remaining changes easier to read.
This commit does move the list node used for queuing packet_ins into the
new wrapper structure.
Alex Wang [Sat, 19 Oct 2013 00:27:51 +0000 (17:27 -0700)]
odp-execute: Fix possible segfault.
In current code, the odp_execute_actions() function does not check
the value of "userspace" function pointer before invoking it. This
patch adds a check for it.
Signed-off-by: Alex Wang <alexw@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Joe Stringer [Thu, 17 Oct 2013 01:15:08 +0000 (10:15 +0900)]
ofp-actions: Distinguish OF1.1/1.2 push_mpls from OF1.3+.
In OpenFlow 1.1 and 1.2, the push_mpls action pushes the MPLS label after
any existing VLAN tag. In OpenFlow 1.3, it pushes the label before any
existing VLAN tag. Until now, the action parser didn't distinguish these
cases. This commit adds support. Nothing yet actually changes the
behavior of push_mpls.
enum ofpact_mpls_position contributed by Ben Pfaff.
Signed-off-by: Joe Stringer <joe@wand.net.nz> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
This commit changes VTEP simulator's flooding logic as follows:
1. Traffic coming from a VTEP physical port will only be flooded
to all the physical ports in the same VTEP that belongs to that logical
switch and to ONLY one of the devices that have been marked as 'unknown-dst'
2. Traffic coming from any device that has 'unknown-dst' marked, will only be
flooded by VTEP to its physical ports that belong to that logical switch.
Ansis Atteka [Fri, 18 Oct 2013 04:32:19 +0000 (21:32 -0700)]
configure: check for uuid python module
After introducing commit a5ae88ff8a276e86c842ac102145432662bf711a
"ovsdb-doc: generate vswitch.[pic|gv] files only if dot tool is
available" Open vSwitch did not build anymore on hosts that did not
have uuid python module installed (for example, we still support
XenServer that still uses old python 2.4 and hence does not have uuid).
After this commit ./configure will check whether uuid module is present
and, if it isn't, then it will add python/compat to the PYTHONPATH.
Acked-By: Ben Pfaff <blp@nicira.com> Signed-Off-By: Ansis Atteka <aatteka@nicira.com>
Issue: 20476
Pravin B Shelar [Mon, 14 Oct 2013 22:26:40 +0000 (15:26 -0700)]
datapath: Add support for Linux 3.11
Kernel 3.11 has support for extended GRE API required for
OVS datapath, But vxlan still needs out of tree tunneling
compatibility. Therefore to simplify, all tunneling modules
are forced to use compat tunneling.
CC: James Page <james.page@ubuntu.com> Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
Justin Pettit [Thu, 17 Oct 2013 21:58:17 +0000 (14:58 -0700)]
vswitchd: Use vswitch-specific variable name in automake.mk.
The variable OVSDB_DOT_DIAGRAM_ARG is describing the vswitch dot file,
so use the name VSWITCH_DOT_DIAGRAM_ARG to prevent confusion in the
generated makefile.
Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Justin Pettit [Wed, 9 Oct 2013 00:27:12 +0000 (17:27 -0700)]
vtep: Add Debian packaging.
Co-authored-by: David Yang <davidy@vmware.com> Signed-off-by: David Yang <davidy@vmware.com> Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Bruce Davie [Tue, 8 Oct 2013 21:37:51 +0000 (14:37 -0700)]
vtep: Initial checkin of vtep schema.
The hardware VTEP OVSDB schema specifies relations that a VTEP can use
to integrate physical ports into logical switches maintained by a
network virtualization controller such as NVP.
Co-authored-by: Ben Pfaff <blp@nicira.com> Co-authored-by: Kenneth Duda <kduda@aristanetworks.com> Co-authored-by: Justin Pettit <jpettit@nicira.com> Signed-off-by: Bruce Davie <bdavie@vmware.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Signed-off-by: Kenneth Duda <kduda@aristanetworks.com> Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Thu, 20 Dec 2012 19:02:32 +0000 (11:02 -0800)]
ovsdb-dot: Include arrows by default.
When ovsdb-dot generates diagrams for use in the manpages, the dot2pic
postprocessor makes nicer output if the arrowheads are omitted (dot2pic
adds the arrowheads itself). But for other uses that don't go through
the postprocessor, we generally want the arrowheads. So this commit adds
an option. On the principle that the default should be the least
surprising to a naive user, arrowheads are included by default.
Jarno Rajahalme [Thu, 17 Oct 2013 21:28:20 +0000 (14:28 -0700)]
More accurate wildcarding and fragment handling.
This patch gets rid of the need for having explicit padding in struct
flow as new fields are being added. flow_wildcards_init_exact(), which
used to set bits in both compiler generated and explicit padding, is
removed. match_wc_init() is now used instead, which generates the mask
based on a given flow, setting bits only in fields which make sense.
Places where random bits were placed in struct flow have been changed to
only set random bits on fields that are significant in the given context.
This avoids setting padding bits.
- lib/flow:
- Properly initialize struct flow also in places we used to zero out
padding before.
- Add flow_random_hash_fields() used for testing.
- Remove flow_wildcards_init_exact() to avoid initializing
masks where compiler generated padding has bits set.
- lib/match.c match_wc_init(): Wildcard transport layer fields for later
fragments, remove match_init_exact(), which used
flow_wildcards_init_exact().
- tests/test-flows.c: use match_wc_init() instead of match_init_exact()
- tests/flowgen.pl: generate more accurate packets and flows when
fragmenting, mark unavailable fields as wildcarded.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Ansis Atteka [Fri, 11 Oct 2013 20:17:07 +0000 (13:17 -0700)]
ovsdb-doc: generate vswitch.[pic|gv] files only if dot tool is available
These are auto-generated files, so it would be better not to keep them
inside Open vSwitch repository.
Behaviour before this patch was that if dot tool was not present on
the system, then ovs-vswitchd.conf.db.5 would have used pre-generated
vswitch.pic file that was already checked in the git repository. After
this patch ovs-vswitchd.conf.db.5 will simply not have a dot diagram,
if dot was not present at the time when Open vSwitch was built.
Jarno Rajahalme [Wed, 16 Oct 2013 23:16:03 +0000 (16:16 -0700)]
include/openflow: Move union ofp_action away from headers.
union ofp_action cannot remain in the OF 1.0 header as it is expanded
to include actions from later versions. Also, it is not part of the
protocol interface and will be easier to update where it is actually
used.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
ovs-dpctl: Add a 'filter' option to match wildcarded 'dump-flows'.
With mega-flows, many flows in the kernel datapath are wildcarded.
For someone that is debugging a system and wants to find a particular
flow and its actions, it is a little hard to zero-in on the flow
because some fields are wildcarded.
With the filter='$filter' option, we can now filter on the o/p
of 'ovs-dpctl dump-flows'.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Alex Wang [Wed, 16 Oct 2013 03:32:34 +0000 (03:32 +0000)]
ofproto-dpif-monitor: Use heap to order the mport wakeup time.
Before this commit, each time ofproto-dpif-monitor thread wakes up,
all monitored ports will be iterated over. This adds a huge overhead
to the monitor thread. This commit uses a heap to order the wakeup
time of monitored ports. So each time the monitor thread is waken up,
it will only iterate those monitored ports that have timed out.
This commit greatly increases the number of monitored interfaces
openvswitch could support.
Signed-off-by: Alex Wang <alexw@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Acked-by: Ethan Jackson <ethan@nicira.com>
Alex Wang [Wed, 16 Oct 2013 03:32:30 +0000 (03:32 +0000)]
ofproto-dpif-monitor: Run ofproto-dpif-monitor in a thread.
This commit moves the ofproto-dpif-monitor module into a
dedicated thread. This helps eliminate the burden of main
thread having to wake up very frequently for periodic
interface monitoring (bfd, cfm). Thusly, this commit greatly
increases the number of bfd/cfm sessions that can be supported
by ovs.
Signed-off-by: Alex Wang <alexw@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Acked-by: Ethan Jackson <ethan@nicira.com>
Alex Wang [Wed, 16 Oct 2013 03:32:29 +0000 (03:32 +0000)]
tests: Relax the requirement of bfd tests on timing.
Before this commit, the bfd related tests check the change of
states with very strict timing requirement. This makes the tests
fragile, especially when ofproto-dpif-monitor module is moved to
its own thread.
Thusly, this commit relaxes the requirement on timing, making the
tests more reliable.
Signed-off-by: Alex Wang <alexw@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Acked-by: Ethan Jackson <ethan@nicira.com>
The combination of two commits:
commit 8e4e1713e4
("openvswitch: Simplify datapath locking.")
commit 2537b4dd0a
("openvswitch:: link upper device for port devices")
introduced a bug where upper_dev wasn't unlinked upon
netdev_unregister notification
The following steps:
modprobe openvswitch
ovs-dpctl add-dp test
ip tuntap add dev tap1 mode tap
ovs-dpctl add-if test tap1
ip tuntap del dev tap1 mode tap
This patch also affects moving devices between net namespaces.
OVS used to ignore netns move notifications which caused problems.
Like:
ovs-dpctl add-if test tap1
ip link set tap1 netns 3512
and then removing tap1 inside the namespace will cause hang on missing dev_put.
With this patch OVS will detach dev upon receiving netns move event.
ofproto: Re-use port numbers of ports that were deleted an hour ago.
We have a least recently used algorithm for assigning ofport values
to newly created ports. i.e., when we don't have any unused ofport
numbers, we use ofport numbers from the oldest deleted port.
What this means is that after using ~65000 previously unused ofport
numbers, we will have to go through all of the possible ports
to see which one was least recently used. This will eventually
slow down ofport allocation.
With this commit, any port that was deleted more than an hour ago is
considered never to have been used. So it's ofport number becomes
free to be used.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Simon Horman [Wed, 16 Oct 2013 10:17:01 +0000 (19:17 +0900)]
netdev-dummy: Count rx packets regardless of source
This alters the way rx packets are accounted for by
counting them when they are processed by netdev_dummy_rx_recv(),
which seems to be a common path used by all received packets.
Previously accounting was done earlier, in netdev_dummy_receive(),
however this does not appear to count packets that are received via
a socket.
This resolves packet counting errors reported by the following
OFtest tests:
Jarno Rajahalme [Tue, 15 Oct 2013 19:40:38 +0000 (12:40 -0700)]
Set datapath mask bits when setting a flow field.
Since at the datapath interface we do not have set actions for
individual fields, but larger sets of fields for a given protocol
layer, the set action will in practice only ever apply to exactly
matched flows for the given protocol layer. For example, if the
reg_load changes the IP TTL, the corresponding datapath action will
rewrite also the IP addresses and TOS byte. Since these other field
values may not be explicitly set, they depend on the incoming flow field
values, and are hence all of them are set in the wildcards masks, when
the action is committed to the datapath. For the rare case, where the
reg_load action does not actually change the value, and no other flow
field values are set (or loaded), the datapath action is skipped, and
no mask bits are set. Such a datapath flow should, however, be
dependent on the specific field value, so the corresponding wildcard
mask bits must be set, lest the datapath flow be applied to packets
containing some other value in the field and the field value remain
unchanged regardless of the incoming value.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Jarno Rajahalme [Tue, 15 Oct 2013 19:40:37 +0000 (12:40 -0700)]
meta-flow: Add mf_mask_field_and_prereqs().
Sets mask bits for the given field and its prerequisite fields.
Needed for unwildcarding the proper bits from datapath masks.
Removed old prototype for mf_force_prereqs().
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Pravin B Shelar [Fri, 11 Oct 2013 19:40:13 +0000 (12:40 -0700)]
vxlan: Optimize vxlan rcv
vxlan-udp-recv function lookup vxlan_sock struct on every packet
recv by using udp-port number. we can use sk->sk_user_data to
store vxlan_sock and avoid lookup.
This commit also allows us to get rid of socket hash table.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>