netfilter: handle NF_REPEAT from nf_conntrack_in()
NF_REPEAT is only needed from nf_conntrack_in() under a very specific
case required by the TCP protocol tracker, we can handle this case
without returning to the core hook path. Handling of NF_REPEAT from the
nf_reinject() is left untouched.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
[Committer notes]
Shift the functionality into the compat code, protected by v4.10
version check. This allows the datapath/conntrack.c to match
upstream.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Signed-off-by: Joe Stringer <joe@ovn.org>
While looking into an MTU issue with sfc, I started noticing that almost
every NIC driver with an ndo_change_mtu function implemented almost
exactly the same range checks, and in many cases, that was the only
practical thing their ndo_change_mtu function was doing. Quite a few
drivers have either 68, 64, 60 or 46 as their minimum MTU value checked,
and then various sizes from 1500 to 65535 for their maximum MTU value. We
can remove a whole lot of redundant code here if we simple store min_mtu
and max_mtu in net_device, and check against those in net/core/dev.c's
dev_set_mtu().
In theory, there should be zero functional change with this patch, it just
puts the infrastructure in place. Subsequent patches will attempt to start
using said infrastructure, with theoretically zero change in
functionality.
CC: netdev@vger.kernel.org Signed-off-by: Jarod Wilson <jarod@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream commit:
commit 91572088e3fdbf4fe31cf397926d8b890fdb3237
Author: Jarod Wilson <jarod@redhat.com>
Date: Thu Oct 20 13:55:20 2016 -0400
net: use core MTU range checking in core net infra
...
openvswitch:
- set min/max_mtu, remove internal_dev_change_mtu
- note: max_mtu wasn't checked previously, it's been set to 65535, which
is the largest possible size supported
...
Signed-off-by: Jarod Wilson <jarod@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Upstream commit:
commit 425df17ce3a26d98f76e2b6b0af2acf4aeb0b026
Author: Jarno Rajahalme <jarno@ovn.org>
Date: Tue Feb 14 21:16:28 2017 -0800
openvswitch: Set internal device max mtu to ETH_MAX_MTU.
Commit 91572088e3fd ("net: use core MTU range checking in core net
infra") changed the openvswitch internal device to use the core net
infra for controlling the MTU range, but failed to actually set the
max_mtu as described in the commit message, which now defaults to
ETH_DATA_LEN.
This patch fixes this by setting max_mtu to ETH_MAX_MTU after
ether_setup() call.
Fixes: 91572088e3fd ("net: use core MTU range checking in core net infra") Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Signed-off-by: David S. Miller <davem@davemloft.net>
This backport detects the new max_mtu field in the struct netdevice
and uses the upstream code if it exists, and local backport code if
not. The latter case is amended with bounds checks with new upstream
macros ETH_MIN_MTU and ETH_MAX_MTU and the corresponding error
messages from the upstream commit.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Signed-off-by: Joe Stringer <joe@ovn.org>
Some symbols exported to other modules are really used only by
openvswitch.ko. Remove the exports.
Tested by loading all 4 openvswitch modules, nothing breaks.
Signed-off-by: Jiri Benc <jbenc@redhat.com> Acked-by: Pravin B Shelar <pshelar@ovn.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Signed-off-by: Joe Stringer <joe@ovn.org>
openvswitch: add NETIF_F_HW_VLAN_STAG_TX to internal dev
The internal device does support 802.1AD offloading since 018c1dda5ff1
("openvswitch: 802.1AD Flow handling, actions, vlan parsing, netlink
attributes").
Signed-off-by: Jiri Benc <jbenc@redhat.com> Acked-by: Pravin B Shelar <pshelar@ovn.org> Acked-by: Eric Garver <e@erig.me> Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream: 3145c037e749 ("openvswitch: add NETIF_F_HW_VLAN_STAG_TX to internal dev") Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Jarno Rajahalme <jarno@ovn.org>
openvswitch: avoid resetting flow key while installing new flow.
since commit commit db74a3335e0f6 ("openvswitch: use percpu
flow stats") flow alloc resets flow-key. So there is no need
to reset the flow-key again if OVS is using newly allocated
flow-key.
Signed-off-by: Pravin B Shelar <pshelar@ovn.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Signed-off-by: Joe Stringer <joe@ovn.org>
openvswitch: Fix Frame-size larger than 1024 bytes warning.
There is no need to declare separate key on stack,
we can just use sw_flow->key to store the key directly.
This commit fixes following warning:
net/openvswitch/datapath.c: In function ‘ovs_flow_cmd_new’:
net/openvswitch/datapath.c:1080:1: warning: the frame size of 1040 bytes
is larger than 1024 bytes [-Wframe-larger-than=]
Signed-off-by: Pravin B Shelar <pshelar@ovn.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Signed-off-by: Joe Stringer <joe@ovn.org>
Upstream commit:
commit db74a3335e0f645e3139c80bcfc90feb01d8e304
Author: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Date: Thu Sep 15 19:11:53 2016 -0300
openvswitch: use percpu flow stats
Instead of using flow stats per NUMA node, use it per CPU. When using
megaflows, the stats lock can be a bottleneck in scalability.
On a E5-2690 12-core system, usual throughput went from ~4Mpps to
~15Mpps when forwarding between two 40GbE ports with a single flow
configured on the datapath.
This has been tested on a system with possible CPUs 0-7,16-23. After
module removal, there were no corruption on the slab cache.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> Cc: pravin shelar <pshelar@ovn.org> Acked-by: Pravin B Shelar <pshelar@ovn.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Signed-off-by: Joe Stringer <joe@ovn.org>
datapath: fix flow stats accounting when node 0 is not possible
Upstream commit:
commit 40773966ccf1985a1b2bb570a03cbeaf1cbd4e00
Author: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Date: Thu Sep 15 19:11:52 2016 -0300
openvswitch: fix flow stats accounting when node 0 is not possible
On a system with only node 1 as possible, all statistics is going to be
accounted on node 0 as it will have a single writer.
However, when getting and clearing the statistics, node 0 is not going
to be considered, as it's not a possible node.
Tested that statistics are not zero on a system with only node 1
possible. Also compile-tested with CONFIG_NUMA off.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> Acked-by: Pravin B Shelar <pshelar@ovn.org> Signed-off-by: David S. Miller <davem@davemloft.net>
This patch contained a memory leak that is fixed in this backport.
The next patch silently fixed that in upstream, too.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Signed-off-by: Joe Stringer <joe@ovn.org>
Add support for 802.1ad including the ability to push and pop double
tagged vlans. Add support for 802.1ad to netlink parsing and flow
conversion. Uses double nested encap attributes to represent double
tagged vlan. Inner TPID encoded along with ctci in nested attributes.
This is based on Thomas F Herbert's original v20 patch. I made some
small clean ups and bug fixes.
Signed-off-by: Thomas F Herbert <thomasfherbert@gmail.com> Signed-off-by: Eric Garver <e@erig.me> Acked-by: Pravin B Shelar <pshelar@ovn.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream commit:
commit 20ecf1e4e30005ad50f561a92c888b6477f99341
Author: Jiri Benc <jbenc@redhat.com>
Date: Mon Oct 10 17:02:42 2016 +0200
openvswitch: vlan: remove wrong likely statement
This code is called whenever flow key is being extracted from the packet.
The packet may be as likely vlan tagged as not.
Fixes: 018c1dda5ff1 ("openvswitch: 802.1AD Flow handling, actions, vlan parsing, netlink attributes") Signed-off-by: Jiri Benc <jbenc@redhat.com> Acked-by: Pravin B Shelar <pshelar@ovn.org> Acked-by: Eric Garver <e@erig.me> Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream commit:
commit 72ec108d701506fa6cd2f66ec5b15ea71df3c464
Author: Jiri Benc <jbenc@redhat.com>
Date: Mon Oct 10 17:02:43 2016 +0200
openvswitch: fix vlan subtraction from packet length
When the packet has its vlan tag in skb->vlan_tci, the length of the VLAN
header is not counted in skb->len. It doesn't make sense to subtract it.
Fixes: 018c1dda5ff1 ("openvswitch: 802.1AD Flow handling, actions, vlan parsing, netlink attributes") Signed-off-by: Jiri Benc <jbenc@redhat.com> Acked-by: Pravin B Shelar <pshelar@ovn.org> Acked-by: Eric Garver <e@erig.me> Signed-off-by: David S. Miller <davem@davemloft.net>
[Committer notes]
The following commits upstream fix bugs in this patch, so to retain
bisectability of the OVS tree they were rolled into this commit:
This is to simplify using double tagged vlans. This function allows all
valid vlan ethertypes to be checked in a single function call.
Also replace some instances that check for both ETH_P_8021Q and
ETH_P_8021AD.
Patch based on one originally by Thomas F Herbert.
Signed-off-by: Thomas F Herbert <thomasfherbert@gmail.com> Signed-off-by: Eric Garver <e@erig.me> Acked-by: Pravin B Shelar <pshelar@ovn.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Yi Yang <yi.y.yang@intel.com> Acked-by: Eric Garver <e@erig.me> Signed-off-by: Joe Stringer <joe@ovn.org>
Signed-off-by: Thomas F Herbert <thomasfherbert@gmail.com> Acked-by: Pravin B Shelar <pshelar@ovn.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Yi Yang <yi.y.yang@intel.com> Acked-by: Eric Garver <e@erig.me> Signed-off-by: Joe Stringer <joe@ovn.org>
vlan: Introduce helper functions to check if skb is tagged
Separate the two checks for single vlan and multiple vlans in
netif_skb_features(). This allows us to move the check for multiple
vlans to another function later.
Signed-off-by: Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Yi Yang <yi.y.yang@intel.com> Acked-by: Eric Garver <e@erig.me> Signed-off-by: Joe Stringer <joe@ovn.org>
Fix cvlan test failure on old kernel versions with 802.1ad. The root
cause is the upcall re-inserts the VLAN back into the raw packet data,
but the TPID is hard coded to 0x8100. This affects kernels for which
HAVE_VLAN_INSERT_TAG_SET_PROTO is not set.
The below patch allows the cvlan and 802.ad tests to pass on debian
with 3.16 kernel.
Signed-off-by: Eric Garver <e@erig.me> Signed-off-by: Yi Yang <yi.y.yang@intel.com> Acked-by: Eric Garver <e@erig.me> Signed-off-by: Joe Stringer <joe@ovn.org>
Eelco Chaudron [Wed, 8 Feb 2017 16:28:22 +0000 (17:28 +0100)]
rhel-systemd: Document systemd behavior
This is a follow up patch to document the systemd behavior including
the change introduced by the "rhel-systemd: Restart openvswitch
service if a daemon crashes", still under review.
Eelco Chaudron [Mon, 27 Feb 2017 20:56:41 +0000 (15:56 -0500)]
rhel-systemd: Restart openvswitch service if a daemon crashes
Currently if either ovsdb-server or ovs-vswitchd is crashing the
daemon is not restarting leaving the system in faulty state.
This patch will detect the daemon crash and will restart the
openvswitch service.
Here is a (bit to wide) table showing the behavior before and after
the patch. Note that only the Crash behavior has changed:
The above command is a service trigger available since Windows 7.
More on the topic:
https://msdn.microsoft.com/en-us/library/windows/desktop/dd405513%28v=vs.85%29.aspx
In out case we will wait until Microsoft-Windows-Hyper-V-VMMS has triggered
that the WMI provider: VmmsWmiEventProvider has started.
The change is needed because the network service inside VMMS starts slower than
ovs-vswitchd, which will cause a race condition because we check if the OVS
extension is enabled on a single switch.
Aaron Conole [Tue, 21 Feb 2017 22:31:05 +0000 (17:31 -0500)]
ovs-ctl: allow passing user:group to daemons
The Open vSwitch daemons allow passing --user user[:group] to allow
spawning under different user privileges. ovs-ctl now accepts --ovs-user
in the same form to pass this argument on, as well as create databases and
data directories with the appropriate privileges.
Andy Zhou [Thu, 23 Feb 2017 08:38:16 +0000 (00:38 -0800)]
ofproto/bond: Fix bond post recirc rule leak.
When bond is removed or when its configuration changes,
the post recirculation rules that are installed by current
bond configuration, if any, should be also be removed.
Reported-by: Huanle Han <hanxueluo@gmail.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2017-February/328969.html CC: Huanle Han <hanxueluo@gmail.com> Signed-off-by: Andy Zhou <azhou@ovn.org> Acked-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Huanle Han <hanxueluo@gmail.com>
Andy Zhou [Thu, 23 Feb 2017 07:31:31 +0000 (23:31 -0800)]
ofproto/bond: Fix bond reconfiguration race condition.
During the upcall thread bond output translation, bond_may_recirc()
is currently called outside the lock. In case the main thread executes
bond_reconfigure() at the same time, the upcall thread may find bond
state to be inconsistent when calling bond_update_post_recirc_rules().
This patch fixes the race condition by acquiring the write lock
before calling bond_may_recirc(). The APIs are refactored slightly.
The race condition can result in the following stack trace. Copied
from 'Reported-at':
Numan Siddique [Wed, 22 Feb 2017 14:58:36 +0000 (20:28 +0530)]
ovn pacemaker: Pass --db-(n/s)b-addr option when starting ovsdb-servers
When pacemaker script, starts the ovsdb-servers in all the nodes,
it doesn't pass the --db-(n/s)b-addr=MASTER_IP option.
When pacemaker promotes a master, it won't be listening on the
master ip address unless "ovn-nbctl set-connection" is used.
In this patch this option, along with --db-(n/s)b-create-insecure-remote=yes
for "tcp" connection types is passed when starting the OVN ovsdb-servers
to overcome this issue.
Signed-off-by: Numan Siddique <nusiddiq@redhat.com> Signed-off-by: Andy Zhou <azhou@ovn.org>
Joe Stringer [Fri, 10 Feb 2017 23:01:11 +0000 (15:01 -0800)]
doc: Describe backporting process.
This patch documents the backporting process, and provides a walkthrough
for developers who would like to backport upstream Linux patches into
the Open vSwitch tree. Nothing in this documentation should be
surprising or new; it merely puts the existing process into words.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org> Acked-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Stephen Finucane <stephen@that.guru>
Yi-Hung Wei [Sat, 18 Feb 2017 01:47:44 +0000 (17:47 -0800)]
meta-flow: Remove cmap dependency.
Previous patch 04f48a68 ("ofp-actions: Fix variable length meta-flow OXMs.")
introduced dependency of an internal library (cmap.h) to ovs public
interface (meta-flow.h) that may cause potential building problem. In this
patch, we remove cmap from struct mf_field, and provide a wrapper struct
vl_mff_map that resolve the dependency problem.
Fixes: 04f48a68c428 ("ofp-actions: Fix variable length meta-flow OXMs.") Suggested-by: Joe Stringer <joe@ovn.org> Suggested-by: Daniele Di Proietto <diproiettod@vmware.com> Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com> Signed-off-by: Joe Stringer <joe@ovn.org>
Andy Zhou [Wed, 15 Feb 2017 22:04:29 +0000 (14:04 -0800)]
ofproto/bond: Fix bond/show when all interfaces are disabled
Without this patch, when all slaves are disabled, the 'bond/show'
command still shows the mac address of last active slave in
'active slave mac' output. This patch clears them to zeros.
Signed-off-by: Andy Zhou <azhou@ovn.org> Acked-by: nickcooper-zhangtonghao <nic@opencloud.tech>
Terry Wilson [Fri, 17 Feb 2017 17:27:46 +0000 (11:27 -0600)]
python: Prevent extra unexpected reply debug logs.
Since __txn_process_reply always returns None, the existing code
will always hit the final else for replies and log a debug message
about receiving an unexpected reply. In the C version,
ovsdb_idl_txn_process_reply returns true any time the txn is found,
so that behavior is duplicated here.
Signed-off-by: Terry Wilson <twilson@redhat.com> Signed-off-by: Russell Bryant <russell@ovn.org>
Ian Stokes [Thu, 16 Feb 2017 15:31:22 +0000 (15:31 +0000)]
netdev-dpdk: Fix rx_error stat for dpdk ports.
"rx_error" stat for a DPDK interface was calculated with the assumption that
dropped packets due to hardware buffer overload were counted as errors
in DPDK and the rte ierror stat included rte imissed packets i.e.
rx_errors = rte_stats.ierrors - rte_stats.imissed
This results in negative statistic values as imissed packets are no longer
counted as part of ierror since DPDK v.16.04.
Fix this by setting rx_errors equal to ierrors only.
Fixes: 9e3ddd45 (netdev-dpdk: Add some missing statistics.) CC: Timo Puha <timox.puha@intel.com>) Reported-by: Stepan Andrushko <stepanx.andrushko@intel.com> Signed-off-by: Ian Stokes <ian.stokes@intel.com> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
ofproto/bond: Drop traffic in balance-tcp mode without lacp.
The balance-tcp mode requires the upstream switch to support 802.3ad
with successful LACP negotiation. When bond ports are configured to
balance-tcp mode without lacp, drop the traffic.
Signed-off-by: nickcooper-zhangtonghao <nic@opencloud.tech> Signed-off-by: Andy Zhou <azhou@ovn.org>
Ciara Loftus [Thu, 16 Feb 2017 10:22:10 +0000 (10:22 +0000)]
dpif-netdev: Conditional EMC insert
Unconditional insertion of EMC entries results in EMC thrashing at high
numbers of parallel flows. When this occurs, the performance of the EMC
often falls below that of the dpcls classifier, rendering the EMC
practically useless.
Instead of unconditionally inserting entries into the EMC when a miss
occurs, use a 1% probability of insertion. This ensures that the most
frequent flows have the highest chance of creating an entry in the EMC,
and the probability of thrashing the EMC is also greatly reduced.
The probability of insertion is configurable, via the
other_config:emc-insert-inv-prob option. This value sets the average
probability of insertion to 1/emc-insert-inv-prob.
For example the following command changes the insertion probability to
(on average) 1 in every 20 packets ie. 1/20 ie. 5%.
ovs-vsctl set Open_vSwitch . other_config:emc-insert-inv-prob=20
Signed-off-by: Ciara Loftus <ciara.loftus@intel.com> Signed-off-by: Georg Schmuecking <georg.schmuecking@ericsson.com> Co-authored-by: Georg Schmuecking <georg.schmuecking@ericsson.com> Acked-by: Kevin Traynor <ktraynor@redhat.com> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Shashank Ram [Wed, 15 Feb 2017 18:02:40 +0000 (10:02 -0800)]
vswitchd: Move config_ofproto_types call before bridge_add_port
Currently, the call to config_ofproto_types() happens at the end
of bridge_reconfigure(), after missing ofprotos and ports are created.
However, it might be usefull to make this call before adding missing
ports through the dpif interface. With the current use case
(dpif-netdev), this will save us a reconfiguration cycle.
The call to config_ofproto_types() was introduced as a
part of passing the Openvswitch other_config smap to dpif.
However, if we want to do this before the ports are added,
it needs to be done after ofproto_create() is called so that
dpif_backer is added to all_dpif_backers list. Once the
dpif_backer is added, the call to config_ofproto_types()
will ensure that the set_config handler in dpif-netdev/netlink.c
is called.
Signed-off-by: Shashank Ram <rams@vmware.com> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
That the mac of active-slave is invalid(e.g. 00:00:00:00:00:00)
is incidental. The reason is described as below.
In the bridge_reconfig():
1. bond devices created in port_configure().
2. the bonded interfaces may be disabled even calling bridge_run__(),
because the interface link is not ready.
The OvS will run bridge_run__() in next loop. In next loop, the
active-slave may be selected. But OvS the bridge_reconfig() again,
the bond_reconfigure() set active-slave mac zero and flag false.
If using the 'ovs-appctl bond/show bond-name' to check active-slave
mac, you will find the mac is zero and mac in the ovsdb is also zero.
The active_slave_mac and active_slave_changed should be initialized
when created.
Signed-off-by: nickcooper-zhangtonghao <nic@opencloud.tech> Signed-off-by: Andy Zhou <azhou@ovn.org>
Justin Pettit [Tue, 14 Feb 2017 01:20:56 +0000 (17:20 -0800)]
Remove build-time generated files when "make clean" is run.
"make clean" should remove all files generated by building a program, while
"make distclean" should also remove files generated by configuring the
program. Previously some generated files during the build process, such
as man pages, were left behind when "make clean" was run. This commit
only leaves configuration files after "make clean" is run, and removes
all other generated files.
Signed-off-by: Justin Pettit <jpettit@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Andy Zhou [Mon, 6 Feb 2017 22:00:22 +0000 (14:00 -0800)]
ovsdb: Prevent OVSDB server from replicating itself.
Replication OVSDB server from itself is usually caused by configuration
errors. Such configuration errors can lead to OVSDB server data loss.
See "reported-at" for more details.
This patch adds logics that prevent OVSDB server from replicating
itself.
Reported-by: Guishuai Li <ligs@dtdream.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2017-January/326963.html Suggested-by: Ben Pfaff <blp@ovn.org> Signed-off-by: Andy Zhou <azhou@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Andy Zhou [Mon, 6 Feb 2017 20:43:35 +0000 (12:43 -0800)]
ovsdb: Add OVSDB server per instance UUID.
Currently, there is no way for an OVSDB server to ID itself. This patch
adds a UUID field that is populated every time OVSDB server runs.
Later patch will make use this UUID to detect and stop and OVSDB server
from replicating itself.
Signed-off-by: Andy Zhou <azhou@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Andy Zhou [Wed, 8 Feb 2017 03:38:13 +0000 (19:38 -0800)]
ovsdb: Gracefully handle replication errors.
Sometimes replication session can fail mostly due to replication
configurations. i.e. replicating from a database with a different
version of the schema.
Currently, those errors are treated as fatal errors, and stops the
OVSDB server. A better way to handle those error may be to stop
only the replication session, and leave the OVSDB server up, so that
the replication can be restarted, may be with a different configuration,
at a later time.
Signed-off-by: Andy Zhou <azhou@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Alan Pevec [Sat, 11 Feb 2017 00:03:19 +0000 (19:03 -0500)]
rhel: make openvswitch service start return when ready
In OVS 2.6 openvswitch systemd service was changed to use BindsTo
instead of Requires for sub-services but also removed them from After
This made main openvswitch service return before sub-services were ready
breaking scripts which assumed everything is ready after systemctl start
e.g. in OpenStack CI infra [1] is calling ovs-vsctl immediately after
service start exposing a race in virtualized CI environment:
2017-02-09T23:11:12.498Z|00007|bridge|INFO|ovs-vswitchd (Open vSwitch) 2.6.1
but ovs-ctl tried to access it few msec too early:
2017-02-09 23:11:12.352493 | ovs-vsctl: unix:/var/run/openvswitch/db.sock: database connection failed (No such file or directory)
Solution is to add ordering dependencies, BindsTo/Requires do not ensure it [2]
If users configure the 'vhost-sock-dir' for dpdk, the memory
allocated by xstrdup(ovs_rundir()) is not freed. This patch
allows the process_vhost_flags to xstrdup() for val or
default_val according to configuration and the caller must
free new_val when it is no longer needed.
Fixes: 01961bbdd34a ("dpdk: New module with some code from netdev-dpdk.") CC: Daniele Di Proietto <diproiettod@vmware.com> Signed-off-by: nickcooper-zhangtonghao <nic@opencloud.tech> Reviewed-by: Aaron Conole <aconole@redhat.com> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Aaron Conole [Fri, 10 Feb 2017 17:49:38 +0000 (12:49 -0500)]
rhel/ifup: support vhost-user client mode
This adds support for ifup to configure client-mode sockets by exposing
two new variables $OVS_PORT_MODE and $OVS_PORT_PATH to the ifcfg
scripts. When OVS_PORT_MODE is set to 'client', the OVS_PORT_PATH will
be passed as the vhost-server-path option.
No change is needed to ifdown because the OVSDPDKVhostUserPort type
already has an appropriate entry.
Signed-off-by: Aaron Conole <aconole@redhat.com> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Ian Stokes [Wed, 8 Feb 2017 10:08:14 +0000 (10:08 +0000)]
doc: Clarify how user space is experimental.
Clarify that the use of the user space datapath with non DPDK devices is
considered experimental.
Fixes: 602e24ee189b (doc: Remove experimental warning for DPDK.) Signed-off-by: Ian Stokes <ian.stokes@intel.com> Co-authored-by: Joe Stringer <joe@ovn.org> Signed-off-by: Joe Stringer <joe@ovn.org>
Ben Pfaff [Fri, 11 Nov 2016 23:52:01 +0000 (15:52 -0800)]
tests: Generate valgrind wrappers only for real test programs.
ovstest is the main test binary these days, and that has been so for a
long time, but the tests code was still generating valgrind wrappers for
other binaries that went away a long time ago. That's harmless but
confusing, so this commit fixes it.
Also fixes alphabetical ordering and adds the missing test-strtok_r
wrapper.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Andy Zhou <azhou@ovn.org>
Alin Serdean [Wed, 8 Feb 2017 06:41:24 +0000 (06:41 +0000)]
windows: netdev report error if query failed
The netdev Windows construct uses query_netdev to see if a port exists
in the datapath, in the case an error occurred in the reply message
we returned 0, meaning netdev_open was successful.
Commit 2f35b6c5c12c (system-ovn.at: Fix race conditions.)
fixed a number of race conditions, but left atleast one out.
This commit fixes that race condition.
Reported-by: Joe Stringer <joe@ovn.org> Signed-off-by: Gurucharan Shetty <guru@ovn.org> Acked-by: Joe Stringer <joe@ovn.org>
Ian Stokes [Mon, 6 Feb 2017 17:20:35 +0000 (17:20 +0000)]
doc: Remove experimental warning for DPDK.
Remove the experimental warning tag in documentation regarding OVS deployed
with DPDK.
Signed-off-by: Ian Stokes <ian.stokes@intel.com> Acked-by: Kevin Traynor <ktraynor@redhat.com> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
ofproto: Uses the VLOG_WARN_RL instead of VLOG_WARN.
There are a lot of logs when OvS bridges, connected to controllers,
can't find the right routes. So we may use the VLOG_WARN_RL instead
of VLOG_WARN to limit the log messages. The netdev-open and
arp-lookingup are in the same case in this function.
Signed-off-by: nickcooper-zhangtonghao <nic@opencloud.tech> Signed-off-by: Ben Pfaff <blp@ovn.org>
Russell Bryant [Sun, 5 Feb 2017 03:38:22 +0000 (22:38 -0500)]
rhel: Fix firewalld additions.
When I updated this patch for v2, I made some mistakes. This fixes them.
The first is that we need to create a directory in the rpm build root for
the firewalld service files before we can install them there. Second,
I made two typos when I updated the patch to use %{_prefix}.
Fixes: 55f36be59122 ("rhel: Firewall service files for OVN.") Signed-off-by: Russell Bryant <russell@ovn.org>
Andy Zhou [Thu, 12 Jan 2017 00:00:04 +0000 (16:00 -0800)]
odp: Fix sample action in userspace
User space implementation of the sample action is not consistent with
kernel datapath. In kernel datapath, the side effects of actions
within the sample actions are not visible to the subsequent actions.
Current user space handling does not follow the same logic. This patch
makes them consistent.
Signed-off-by: Andy Zhou <azhou@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Fri, 3 Feb 2017 16:58:27 +0000 (08:58 -0800)]
netdev: Reject empty names in netdev_open().
The empty string is not a valid name for a network device. I would have
expected that each of the netdev provider implementations would reject an
empty string, but there was a special case for Linux tap devices where they
instead caused unexpected behavior. This commit should fix the problem for
those devices and every other kind.
Reported-by: Gabor Locsei <gabor.locsei@ericsson.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2017-February/043613.html Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Girish Moodalbail <girish.moodalbail@oracle.com> Acked-by: Andy Zhou <azhou@ovn.org>
Ian Stokes [Thu, 2 Feb 2017 16:30:15 +0000 (16:30 +0000)]
doc: Update DPDK version for 2.7 release.
Add DPDK version required for the OVS 2.7 release in documentation.
Signed-off-by: Ian Stokes <ian.stokes@intel.com> Acked-by: Kevin Traynor <ktraynor@redhat.com> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
dpif-netdev: Pass Openvswitch other_config smap to dpif.
Currently we parse the 'other_config' column in Openvswitch table in
bridge.c. We extract the values (just 'pmd-cpu-mask' for now) and we
pass them down to the datapath, via different layers.
If we want to pass other values to dpif-netdev.c (like we recently
discussed) we would have to touch ofproto.c, ofproto-dpif.c and dpif.c.
This patch sends the entire other_config column to dpif-netdev, so that
dpif-netdev can extract the values it's interested in.
No functional change.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Acked-by: Ben Pfaff <blp@ovn.org>
Russell Bryant [Thu, 2 Feb 2017 07:04:07 +0000 (02:04 -0500)]
ovn: Add missing netdev_close in setup_qos.
We missed calling netdev_close in a couple of places. One was in an error
condition rarely hit. The second was just introduced and would be hit in
all cases where QoS is not in use.
Fixes: dc2dab6e6de5 ("ovn-controller: Configure interface QoS only if it would actually be used.") Signed-off-by: Russell Bryant <russell@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Russell Bryant [Thu, 2 Feb 2017 07:02:34 +0000 (02:02 -0500)]
docs: Add OVS and OVN headings to pages.
Update the "deep dive" and "howto" pages with headings that more clearly
indicate the separate lists of OVS or OVN content. Also add a link to
ovn-architecture from the "deep dive" page as it seems quite relevant
there.
Signed-off-by: Russell Bryant <russell@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
The code to wait for a particular type of flow
in ovs-vswitchd was not specific enough. This commit
changes that and to be doubly sure, also uses the
sync command.
Reported-by: Andy Zhou <azhou@ovn.org> Reported-by: Joe Stringer <joe@ovn.org> Signed-off-by: Gurucharan Shetty <guru@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Alin Serdean [Tue, 10 Jan 2017 16:48:30 +0000 (16:48 +0000)]
datapath-windows: GENEVE Check for flow destination port
Change the UDP destination port(GENEVE header) to check if it was set by
the userspace, use it if it was set.
If the userspace did not specify a destination port, use the configured
vport destination port.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Sairam Venugopal <vsairam@vmware.com>
Alin Serdean [Tue, 10 Jan 2017 16:48:29 +0000 (16:48 +0000)]
datapath-windows: STT Check for flow destination port
Change the TCP destination port(STT header) to check if it was set by
the userspace, use it if it was set.
If the userspace did not specify a destination port, use the configured
vport destination port.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Sairam Venugopal <vsairam@vmware.com>
Alin Serdean [Tue, 10 Jan 2017 16:48:29 +0000 (16:48 +0000)]
datapath-windows: VXLAN Check for flow destination port
Change the UDP destination port(VXLAN header) to check if it was set by
the userspace, use it if it was set.
If the userspace did not specify a destination port, use the configured
vport destination port.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Sairam Venugopal <vsairam@vmware.com>
bridge("br0")
-------------
>>>> Recirculation context not found for ID 2 <<<<
Final flow: unchanged
Megaflow: recirc_id=0x2,ip,in_port=1,nw_frag=no
Datapath actions: drop
Translation failed (No recirculation context), packet is dropped.
"
Since eviction of the flows is not needed for the current logic,
this commit adds a time/stop to bypass the problem.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Yi-Hung Wei [Fri, 20 Jan 2017 23:12:21 +0000 (15:12 -0800)]
ofp-actions: Fix variable length meta-flow OXMs.
Previously, if a flow action that involves a tunnel metadata meta-flow
field is dumped from vswitchd, the replied field length in the OXM header
is filled with the maximum possible field length, instead of the length
configured in the tunnel TLV mapping table. To solve this issue, this patch
introduces the following changes.
In order to maintain the correct length of variable length mf_fields (i.e.
tun_metadata), this patch creates a per-switch based map (struct vl_mff_map)
that hosts the variable length mf_fields. This map is updated when a
controller adds/deletes tlv-mapping entries to/from a switch. Although the
per-swtch based vl_mff_map only hosts tun_metadata for now, it is able to
support new variable length mf_fields in the future.
With this commit, when a switch decodes a flow action with mf_field, the switch
firstly looks up the global mf_fields map to identify the mf_field type. For
the variable length mf_fields, the switch uses the vl_mff_map to get the
configured mf_field entries. By lookig up vl_mff_map, the switch can check
if the added flow action access beyond the configured size of a variable
length mf_field, and the switch reports an ofperr if the controller adds a flow
with unmapped variable length mf_field. Later on, when a controller request
flows from the switch, with the per-switch based mf_fields, the switch will
encode the OXM header with correct length for variable length mf_fields.
To use the vl_mff_map for decoding flow actions, extract-ofp-actions is
updated to pass the vl_mff_map to the required action decoding functions.
Also, a new error code is introduced to identify a flow with an invalid
variable length mf_field. Moreover, a testcase is added to prevent future
regressions.
Committer notes:
- Factor out common code
- Style fixups
- Rename OFPERR_NXFMFC_INVALID_VL_MFF -> OFPERR_NXFMFC_INVALID_TLV_FIELD
VMWare-BZ: #1768370 Reported-by: Harold Lim <haroldl@vmware.com> Suggested-by: Joe Stringer <joe@ovn.org> Suggested-by: Jarno Rajahalme <jarno@ovn.org> Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com> Signed-off-by: Joe Stringer <joe@ovn.org>
Ben Pfaff [Wed, 1 Feb 2017 17:21:38 +0000 (09:21 -0800)]
ovn-controller: Configure interface QoS only if it would actually be used.
Until now, ovn-controller has unconditionally configured linux-htb on
physical interfaces. QoS is pretty much always trouble, but it's even more
trouble if we set it up for no good reason. We received a bug report, in
particular, that doing this disrupts connectivity in Docker.
This commit attempts to make that less likely, by making ovn-controller
only configure a qdisc if QoS support has in turn been configured in OVN.
The same problems as before will recur if QoS support is actually
configured, but at least now there's some purpose, and possibly a symptom
that the user can better diagnose ("I turned on QoS and OVN stopped
working" is at least a cause-and-effect chain that makes some sense).
Reported-by: Ritesh Rekhi <ritesh.rekhi@nutanix.com> Reported-by: Hexin Wang <hexin.wang@nutanix.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2017-February/043564.html Tested-by: Hexin Wang <hexin.wang@nutanix.com>
Tested-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2017-February/043575.html Signed-off-by: Ben Pfaff <blp@ovn.org>
Guoshuai Li [Wed, 11 Jan 2017 12:11:33 +0000 (04:11 -0800)]
ovn: fix slave node can not connect to the master node using SSL, for pacemaker
The default slave node connect to the master node using TCP, and
the pacemaker can not modify the protocol and port of the
connection. Add pacemaker parameters to support the connection of
the slave node to the master node using a different protocol and port.
Signed-off-by: Guoshuai Li <ligs@dtdream.com> Acked-by: Andy Zhou <azhou@ovn.org>
Sha Zhang [Tue, 31 Jan 2017 23:07:15 +0000 (15:07 -0800)]
ofproto-dpif: Reduce the time to create many bridges.
This patch moves xlate_txn_start() and xlate_txn_commit() out of the loop
traversing all the ofproto-dpifs to reduce the time of creating a large mount
of bridges in separate database transactions. As a global variable, new_xcfg
should only be allocated at the beginning and commited at the end once time,
rather than doing it repeatedly in the loop body.
Signed-off-by: Sha Zhang <zhangsha.zhang@huawei.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Numan Siddique [Sun, 15 Jan 2017 07:06:09 +0000 (12:36 +0530)]
ovn-controller: Provide the option to set Encap.options:csum
ovn-controller by default enables tunnel encapsulation checksums
for geneve tunnels. With this patch user can set the desired value
in Open_vSwitch.external_ids:ovn_encap_csum.
This option will be useful in cases where enabling tunnel
encapsulation checksums incur significant performance loss due to
limitations in checksum offloading capabilities of the nics.
Signed-off-by: Numan Siddique <nusiddiq@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
projects / mirror_ovs.git / log