Ben Pfaff [Mon, 21 Dec 2015 23:39:10 +0000 (15:39 -0800)]
Better abstract OFPT_SET_CONFIG and OFPT_GET_CONFIG_REPLY, make stricter.
The OFPT_SET_CONFIG and OFPT_GET_CONFIG_REPLY messages, which have the
same format, have a 'flags' field in which OpenFlow defines some bits,
which change somewhat from one version to another, and does not define
others. Until now, Open vSwitch has not abstracted these messages at all
and has ignored the bits that OpenFlow leaves undefined. This commit
abstracts the messages in the same way as other OpenFlow messages and
validates in OFPT_SET_CONFIG messages that the undefined bits are set to
zero.
OpenFlow 1.1 and 1.2, but not OpenFlow 1.0, define a flag named
OFPC_INVALID_TTL_TO_CONTROLLER. Open vSwitch has until now also
implemented this as an extension to OpenFlow 1.0, and this commit retains
that extension.
Reported-by: Manpreet Singh <er.manpreet25@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Andy Zhou <azhou@ovn.org>
Ben Pfaff [Wed, 6 Jan 2016 23:44:39 +0000 (15:44 -0800)]
ofproto-dpif-upcall: Avoid double-delete of ukeys.
revalidate_sweep__() has two cases where it calls ukey_delete() to
remove a ukey from the umap via cmap_remove(). The first case is a direct
call to ukey_delete(), when !flow_exists. The second case is an indirect
call via push_ukey_ops(), when result != UKEY_KEEP. If both of these
conditions are simultaneously true, however, the code would call
ukey_delete() twice, causing an assertion failure in the second call. This
commit fixes the problem by eliminating one of the calls.
The version tested by Ben Warren differs from this version, see:
http://openvswitch.org/pipermail/dev/2016-January/064117.html
Reported-by: Keith Holleman <keith.holleman@gmail.com>
Reported-at: http://openvswitch.org/pipermail/discuss/2015-December/019772.html CC: Joe Stringer <joe@ovn.org>
VMware-BZ: #1579057 Signed-off-by: Ben Pfaff <blp@ovn.org> Tested-by: Ben Warren <ben@skyportsystems.com>
Russell Bryant [Wed, 6 Jan 2016 16:50:21 +0000 (11:50 -0500)]
python: Ignore all D,H warnings from flake8.
A previous patch added the list of warnings emitted by the docstrings
and hacking plugins for flake8. Switch to ignoring all warnings from
those plugins. We can use --select to enable specific ones that we want
if needed later on.
Signed-off-by: Russell Bryant <russell@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Numan Siddique [Wed, 6 Jan 2016 11:29:15 +0000 (16:59 +0530)]
Add some more flake8 types to ignore list to fix the compilation errors
with the flake8 check enabled, ovs compilation is failing. This
patch adds few more flake8 types to the igore list. These warnings
come from the hacking and docstrings flake8 plugins.
Signed-off-by: Numan Siddique <nusiddiq@redhat.com>
[russell@ovn.org added comments, also ignore W503] Signed-off-by: Russell Bryant <russell@ovn.org>
Ben Pfaff [Wed, 6 Jan 2016 00:51:54 +0000 (16:51 -0800)]
ofproto-dpif-rid: Fix memory leak in recirc_state.
recirc_state_clone() copies the stack and actions and nothing ever freed
them.
CC: Jarno Rajahalme <jarno@ovn.org> CC: Andy Zhou <azhou@ovn.org> Reported-by: William Tu <u9012063@gmail.com>
Reported-at: http://openvswitch.org/pipermail/dev/2016-January/064040.html Signed-off-by: Ben Pfaff <blp@ovn.org>
Russell Bryant [Sun, 13 Dec 2015 04:11:47 +0000 (23:11 -0500)]
python: Inherit from object.
class Vlog now inherits from "object". This is a "new style" Python
class, which isn't new at all at this point. This was introduced back
in Python 2.2, and some Python 2 code won't work as expected without it.
Signed-off-by: Russell Bryant <russell@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Russell Bryant [Tue, 22 Dec 2015 16:30:32 +0000 (11:30 -0500)]
python: Resolve a deprecation warning.
Resolve the following deprecation warning. This deprecation warning
advises to use an alternative syntax which is also compatible with
Python 3, where has_key() was removed.
W601 .has_key() is deprecated, use 'in'
Also fix this related error:
E713 test for membership should be 'not in'
Signed-off-by: Russell Bryant <russell@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Russell Bryant [Tue, 5 Jan 2016 23:16:20 +0000 (18:16 -0500)]
python: Fix several pep8 whitespace errors.
Fix the following pep8 errors:
E201 whitespace after '('
E203 whitespace before ','
E222 multiple spaces after operator
E225 missing whitespace around operator
E226 missing whitespace around arithmetic operator
E231 missing whitespace after ':'
E241 multiple spaces after ':'
E251 unexpected spaces around keyword / parameter equals
E261 at least two spaces before inline comment
E262 inline comment should start with '# '
E265 block comment should start with '# '
E271 multiple spaces after keyword
Signed-off-by: Russell Bryant <russell@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Russell Bryant [Sat, 12 Dec 2015 17:54:31 +0000 (12:54 -0500)]
python: Resolve pep8 comparison errors.
Resolve pep8 errors:
E711 comparison to None should be 'if cond is None:'
The reason comparing against None with "is None" is preferred over
"== None" is because a class can define its own equality operator and
produce bizarre unexpected behavior. Using "is None" has a very
explicit meaning that can not be overridden.
E721 do not compare types, use 'isinstance()'
This one is actually a mistake by the tool in most cases.
'from ovs.db import types' looks just like types from the Python stdlib.
In those cases, use the full ovs.db.types name. Fix one case where it
actually was types from the stdlib.
Signed-off-by: Russell Bryant <russell@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Russell Bryant [Mon, 4 Jan 2016 21:02:51 +0000 (16:02 -0500)]
CONTRIBUTING: Add example Submitted-at header.
Document a Submitted-at header to be used for GitHub pull request URLs,
or any other case where a patch was submitted somewhere other than the
OVS dev mailing list.
Signed-off-by: Russell Bryant <russell@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
openvswitch-switch.init: Redirect error to /dev/null.
The latest Open vSwitch kernel module from Upstream linux does not
list "version". During debian package installation, we would see
a non-harmful error in the log. This patch suppresses it.
Signed-off-by: Gurucharan Shetty <guru@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
William Tu [Tue, 5 Jan 2016 00:18:41 +0000 (16:18 -0800)]
odp-util: Fix memory leak reported by valgrind.
Test case: OVS datapath key parsing and formatting (377)
Return without freeing buf:
xmalloc(util.c:112)
ofpbuf_init(ofpbuf.c:124)
parse_odp_userspace_action(odp-util.c:987)
parse_odp_action(odp-util.c:1552)
odp_actions_from_string(odp-util.c:1721)
parse_actions(test-odp.c:132)
Test case: OVS datapath actions parsing and formatting (380)
Exit withtou uninit in test-odp.c
xrealloc(util.c:123)
ofpbuf_resize__(ofpbuf.c:243)
ofpbuf_put_uninit(ofpbuf.c:364)
nl_msg_put_uninit(netlink.c:178)
nl_msg_put_unspec_uninit(netlink.c:216)
nl_msg_put_unspec(netlink.c:243)
parse_odp_key_mask_attr(odp-util.c:3974)
odp_flow_from_string(odp-util.c:4151)
parse_keys(test-odp.c:49)
test_odp_main(test-odp.c:237)
ovstest_wrapper_test_odp_main__(test-odp.c:251)
ovs_cmdl_run_command(command-line.c:121)
main(ovstest.c:132)
Signed-off-by: William Tu <u9012063@gmail.com> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Co-authored-by: Daniele Di Proietto <diproiettod@vmware.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
William Tu [Tue, 5 Jan 2016 00:18:40 +0000 (16:18 -0800)]
ovs-ofctl: Fix memory leak reported by valgrind.
Test case: ovs-ofctl replace-flows with --bundle(376) reports two leaks:
ofpbuf_new(ofpbuf.c:151)
ofpraw_alloc_xid(ofp-msgs.c:533)
ofpraw_alloc(ofp-msgs.c:525)
ofputil_encode_flow_mod(ofp-util.c:2290)
bundle_flow_mod__(ovs-ofctl.c:1312)
ofctl_flow_mod__(ovs-ofctl.c:1331)
ofctl_flow_mod_file.isra.13(ovs-ofctl.c:1365)
ovs_cmdl_run_command(command-line.c:121)
main(ovs-ofctl.c:135)
and
ofpraw_alloc(ofp-msgs.c:525)
ofputil_encode_flow_mod(ofp-util.c:2290)
fte_make_flow_mod(ovs-ofctl.c:2936)
ofctl_replace_flows(ovs-ofctl.c:2981)
ovs_cmdl_run_command(command-line.c:121)
main(ovs-ofctl.c:135)
Signed-off-by: William Tu <u9012063@gmail.com> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Co-authored-by: Daniele Di Proietto <diproiettod@vmware.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
William Tu [Tue, 5 Jan 2016 00:18:39 +0000 (16:18 -0800)]
ovsdb-client: Fix memory leak reported by valgrind.
Free memory allocated from table_add_column and table_add_row.
Test case: vsctl-bashcomp - basic verification/argument completion(7,8)
Call stack is below:
xrealloc (util.c:123)
table_add_column (table.c:146) or table_add_row (table.c:172)
do_list_tables (ovsdb-client.c:449)
main (ovsdb-client.c:151)
Signed-off-by: William Tu <u9012063@gmail.com> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Co-authored-by: Daniele Di Proietto <diproiettod@vmware.com>
[blp@ovn.org removed an unneeded "if"] Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Sun, 29 Nov 2015 19:48:43 +0000 (11:48 -0800)]
physical: Improve treatment of localnet non-VLAN logical ports.
Until now, the flow table treated localnet logical ports that have a VLAN
quite differently from those that don't. The ones without a VLAN were
essentially trunk ports: any packets that came in, that weren't picked off
by a localnet port with a VLAN, were passed to the ones without a VLAN.
This wasn't the intended behavior.
This commit changes behavior to the intended behavior. Now, localnet ports
without a specific VLAN only receive packets without a VLAN header or those
with VLAN ID 0 (with that header stripped off).
Found by inspection.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Russell Bryant <russell@ovn.org>
Ben Pfaff [Wed, 23 Dec 2015 21:23:48 +0000 (13:23 -0800)]
ofp-actions: Make composing actions harder to screw up.
Until now, composing a fixed-length action with ofpact_put_<NAME>() failed
to append any padding required after the action. This commit changes that
so that these calls now add padding. This meant that the function
ofpact_pad(), which was until now required in various unintuitive places,
is no longer required, and removes it.
Variable-length actions still require calling ofpact_update_len() after
composition. I don't see a way to avoid that.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Russell Bryant <russell@ovn.org>
The policy of the subscribe packets is defined by the following:
const NL_POLICY policy[] = {
[OVS_NL_ATTR_PACKET_PID] = {.type = NL_A_U32 },
[OVS_NL_ATTR_PACKET_SUBSCRIBE] = {.type = NL_A_U8 }
};
Switch the value of the join operation with the one from the policy.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
l0310 [Wed, 2 Dec 2015 11:20:07 +0000 (19:20 +0800)]
ovn-northd: Can't use ct() for router ports.
This patch ensures that we do not attempt to use connection tracking for
logical ports with type=router. This does not work as the traffic
through a logical router port is not symmetric since logical routers are
distributed. The result was that traffic between logical ports on
different hypervisors that went through a logical router would fail if
ACLs were in use.
William Tu [Thu, 24 Dec 2015 18:28:40 +0000 (10:28 -0800)]
ofp-print: Fix memory leak at ofp_print_bundle_add().
Call ds_put_and_free_cstr instead of ds_put_cstr to free msg.
Reported by test cases: 325, 326
ofp_print_bundle_add (ofp-print.c:3027)
ofp_to_string__ (ofp-print.c:3410)
ofp_to_string (ofp-print.c:3465)
ofp_print (ofp-print.c:3497)
ofctl_ofp_print (ovs-ofctl.c:3818)
ovs_cmdl_run_command (command-line.c:121)
main (ovs-ofctl.c:135)
Signed-off-by: William Tu <u9012063@gmail.com> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Co-authored-by: Daniele Di Proietto <diproiettod@vmware.com>
[blp@ovn.org simplified the code slightly] Signed-off-by: Ben Pfaff <blp@ovn.org> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Mon, 4 Jan 2016 19:36:14 +0000 (11:36 -0800)]
Use initializers for struct ofputil_flow_mod instead of assignments.
A few bugs have been fixed lately that were related to struct
ofputil_flow_mod not being fully initialized in a few places. This commit
changes several pieces of code from using individual assignments to fields
in struct ofputil_flow_mod, to using whole initializers or assignments to
a whole struct. This should help prevent similar problems in the future.
CC: Ilya Maximets <i.maximets@samsung.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Russell Bryant <russell@ovn.org>
Ilya Maximets [Thu, 24 Dec 2015 10:22:53 +0000 (13:22 +0300)]
test-sflow: Fix memory leak in main function.
Reported by valgrind on test case 886.
912 (24 direct, 888 indirect) bytes in 1 blocks are definitely lost
at malloc
by xmalloc (util.c:112)
by unixctl_server_create (unixctl.c:250)
by test_sflow_main (test-sflow.c:688)
by ovstest_wrapper_test_sflow_main__ (test-sflow.c:786)
by ovs_cmdl_run_command (command-line.c:121)
by main (ovstest.c:132)
1,500 bytes in 1 blocks are definitely lost
at malloc
by xmalloc (util.c:112)
by ofpbuf_init (ofpbuf.c:124)
by test_sflow_main (test-sflow.c:696)
by ovstest_wrapper_test_sflow_main__ (test-sflow.c:786)
by ovs_cmdl_run_command (command-line.c:121)
by main (ovstest.c:132)
Signed-off-by: Ilya Maximets <i.maximets@samsung.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ilya Maximets [Thu, 24 Dec 2015 07:57:44 +0000 (10:57 +0300)]
ofproto: Fix using uninitialized delete_reason.
replace_rule_finish() makes decision using uninitialized
for intrenal flow fm->delete_reason.
Reported by valgrind for test cases 886, 942 and 943.
Conditional jump or move depends on uninitialised value(s)
at rule_insert (ofproto-dpif.c:4134)
by replace_rule_finish (ofproto.c:4831)
by add_flow_finish (ofproto.c:4661)
by modify_flows_finish (ofproto.c:4994)
by ofproto_flow_mod_finish (ofproto.c:6821)
by handle_flow_mod__ (ofproto.c:5323)
by ofproto_dpif_add_internal_flow (ofproto-dpif.c:5680)
by add_internal_miss_flow (ofproto-dpif.c:1385)
by add_internal_flows (ofproto-dpif.c:1412)
by construct (ofproto-dpif.c:1367)
by ofproto_create (ofproto.c:577)
by bridge_reconfigure (bridge.c:633)
by bridge_run (bridge.c:2975)
by main (ovs-vswitchd.c:120)
Uninitialised value was created by a stack allocation
at ofproto_dpif_add_internal_flow (ofproto-dpif.c:5658)
Signed-off-by: Ilya Maximets <i.maximets@samsung.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Russell Bryant [Wed, 23 Dec 2015 16:29:33 +0000 (11:29 -0500)]
tests: OVN localnet port test case.
Add a test case for OVN localnet ports. We set up two hypervisors
connected by a network. We create two ports on each hypervisor and
attach them to this network using OVN localnet ports. Two ports are on
the untagged network, and the other two are on VLAN 101.
Signed-off-by: Russell Bryant <russell@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Wed, 23 Dec 2015 22:24:32 +0000 (14:24 -0800)]
Makefile.am: Fix Automake warning.
The warning is as follows:
Makefile.am:363: warning: .PHONY was already defined in condition TRUE,
which includes condition VSTUDIO_DDK ...
Makefile.am:200: ... '.PHONY' previously defined here
Simon Horman [Fri, 18 Dec 2015 04:50:01 +0000 (20:50 -0800)]
datapath: ip4_dst_hoplimit compat code is needed prior to v2.6.38
ip4_dst_hoplimit was introduced in v2.6.38 rather than v2.6.39.
Fixes: e23775f20e1a ("datapath: Add support for lwtunnel") Signed-off-by: Simon Horman <simon.horman@netronome.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
Yin Lin [Wed, 23 Dec 2015 21:18:29 +0000 (13:18 -0800)]
Makefile: Mark non-file targets as .PHONY.
Some lately added targets (ovsext_make and thread-safety-check) are not
files but were not marked as .PHONY. This causes them to be rebuilt
unnecessarily during "make check" and "make install" process.
Signed-off-by: Yin Lin <linyi@vmware.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ansis Atteka [Wed, 23 Dec 2015 02:23:42 +0000 (18:23 -0800)]
debian: Remove old PKI directory migration code
Open vSwitch 1.3 and older was creating certificates and private
key in /usr/share/openvswitch/pki. However, since PKI directory
is mutable, then this was considered a bug and PKI directory was
moved to /var directory in Open vSwitch 1.4 Commit 14bd2d51 (debian:
Move PKI directory to FHS-compliant location.)
Note, that Ubuntu 12.04 already was shipping with Open vSwitch 1.4
and should have created (in case of fresh install) or moved (in
case of upgrade from Open vSwitch 1.3) this directory to the right
location.
So I am inclined to remove this code because the only reason for it
to exist would be, if someone would be upgrading from Open vSwitch
1.3 or older version directly to 2.5 without using any intermediary
upgrade releases.
Signed-Off-By: Ansis Atteka <aatteka@nicira.com> Acked-by: Ben Pfaff <blp@ovn.org>
William Tu [Wed, 23 Dec 2015 18:58:15 +0000 (10:58 -0800)]
ovsdb-server: Fix memory leak using perf counter without initialization.
perf_counter_accumulate() is invoked without perf_counters_init() being
called first, which leads to a memory leak reported by Valgrind (test
cases 104, 106, and 107). A call trace is below:
xmalloc (util.c:112)
shash_add_nocopy__ (shash.c:109)
shash_add_nocopy (shash.c:121)
shash_add (shash.c:129)
shash_add_once (shash.c:136)
shash_add_assert (shash.c:146)
perf_counter_init (perf-counter.c:86)
perf_counter_accumulate (perf-counter.c:95)
ovsdb_txn_commit (transaction.c:850)
ovsdb_file_open__ (file.c:217)
open_db (ovsdb-server.c:418)
main (ovsdb-server.c:263)
Signed-off-by: William Tu <u9012063@gmail.com> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Co-authored-by: Daniele Di Proietto <diproiettod@vmware.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Joe Stringer [Wed, 23 Dec 2015 00:47:26 +0000 (16:47 -0800)]
system-traffic: Skip all vxlan tests if unsupported.
The vxlan tests require a new enough 'ip' tool to configure native VXLAN
tunnels on the host kernel (as well as a new enough kernel). If this
isn't available, simply skip the test. This commit makes the cases where
this is checked consistent.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org> Acked-by: Russell Bryant <russell@ovn.org>
William Tu [Fri, 11 Dec 2015 01:58:15 +0000 (17:58 -0800)]
ofp-actions: Add padding in ofpacts_pull_openflow_instructions()
ofpacts_pull_openflow_instructions() should fill 'ofpacts' with a list
of OpenFlow actions and each action (including the last one) should be
padded to OFP_ACTION_ALIGN(8) bytes.
In most of the cases this is taken care of (e.g. by ofpacts_decode), but
for the Goto-Table instruction (and Clear-Actions, based on a quick code
inspection), this wasn't the case.
This caused the copy operation in recirc_unroll_actions() to read two
extra bytes after an allocated area (not a big deal, but enough to
displease the AddressSanitizer).
Signed-off-by: William Tu <u9012063@gmail.com> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Co-authored-by: Daniele Di Proietto <diproiettod@vmware.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
William Tu [Fri, 11 Dec 2015 01:58:13 +0000 (17:58 -0800)]
test-classifier: Use `in_port.ofp_port`, instead of `in_port`.
The test uses 16-bit ofp_port_t, however the struct flow member
`in_port` is 32-bit, causing a memcpy to read uninitialized data.
We should restrict the test to the `ofp_port` member of the `in_port`
union
Signed-off-by: William Tu <u9012063@gmail.com> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Co-authored-by: Daniele Di Proietto <diproiettod@vmware.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Simon Horman [Tue, 1 Dec 2015 06:03:16 +0000 (15:03 +0900)]
flow: Pass last field to miniflow_pad_to_64().
Make miniflow_pad_to_64() a little more robust with regards to updates to
struct flow by passing the last field, whose end should be considered for
padding, rather than the next field, whose start should be considered.
Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
ZoltĂ¡n Balogh [Wed, 23 Dec 2015 01:10:40 +0000 (17:10 -0800)]
ofproto: Remove flows from all tables upon group deletion.
When a group is deleted, all flows which include a Group action with the ID
of the deleted group should be removed. Until now, only flows in table 0
were removed. This fixes the problem.
Signed-off-by: ZoltĂ¡n Balogh <zoltan.balogh@ericsson.com>
[blp@ovn.org added a test] Signed-off-by: Ben Pfaff <blp@ovn.org>
Flavio Leitner [Tue, 22 Dec 2015 17:02:31 +0000 (15:02 -0200)]
ofp-util: return BAD_TYPE for consistency at ofputil_decode_group_mod().
Code earlier in this function validated that gm->type is valid, so
the default case at the end of the function would be impossible, but
since the code can change or perhaps get copied, return the correct
error to keep consistency and avoid reintroducing the bug fixed by
commit 09d4b951636b ("ofp-util: Reject bad group type and command
with error instead of abort.")
Signed-off-by: Flavio Leitner <fbl@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Jesse Gross [Wed, 9 Dec 2015 20:55:17 +0000 (12:55 -0800)]
dpif-netdev: Avoid using uninitialized memory with tunnel options.
When handling an upcall with the userspace datapath, it's currently
possible for a flow from a packet with no tunnel options to come back
with matches on the options. If that happens, dpif-netdev will
attempt to translate the wildcards provided by ofproto into the format
used by dpif. The translation requires use of the original wildcards
from the flow, which since they didn't exist, is uninitalized memory.
Matching on fields which don't actually exist is itself a bug. However,
this can occur when we attempt to set a tunnel option on the packet -
ofproto generates a match on the field in the original packet. This is
being fixed separately.
In other situations where we have a match on an unexpected field, we
simply ignore it. This happens with tunnel options with the kernel
datapath, non-tunnel fields that don't exist in the packet, and even
with Geneve where we do have some options but not the particular one
that was matched on. This brings the same behavior for this case and
avoids the possibility of accessing uninitialized memory.
Reported-by: Daniele Di Proietto <diproiettod@vmware.com> Signed-off-by: Jesse Gross <jesse@kernel.org> Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Joe Stringer [Mon, 21 Dec 2015 23:56:40 +0000 (15:56 -0800)]
types: Define OVS_*128_MAX statically.
The previous definitions of these variables using designated
initializers caused a variety of issues when attempting to compile with
MSVC, particularly if including these headers from C++ code. By defining
them like this, we can appease MSVC and keep the definitions the same on
all platforms.
VMware-BZ: #1517163 Suggested-by: Yin Lin <linyi@vmware.com> Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
system-traffic: use `dpctl/*conntrack` instead of `conntrack` tool.
Often in the tests we inspect the conntrack tables with the 'conntrack'
command line utility. Since this may not always be available, and since
these tests are supposed to run with the upcoming userspace connection
tracker, it is better to use the newly implemented dpctl command.
Due to the tcp state mapping done in tcp_state_coalesce(), SYN_RECV is
replaced by ESTABLISHED in four places in the testsuite. The rest of
the changes are just done to match the formatting style.
Also, check the conntrack entries for the IPv6 HTTP test.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Acked-by: Joe Stringer <joe@ovn.org>
This member function is used by the ct-dpif module to provide its
services. It's implemented using the netlink-conntrack module.
N.B. The Linux kernel datapaths share the connection tracker among them
and with the rest of the system. Therefore the operations are not
really dpif specific.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Acked-by: Joe Stringer <joe@ovn.org>
These member functions are used by the ct-dpif module to provide its
services. They're implemented using the netlink-conntrack module.
N.B. The Linux kernel datapaths share the connection tracker among them
and with the rest of the system. Therefore the operations are not
really dpif specific.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Acked-by: Joe Stringer <joe@ovn.org>
Pravin B Shelar [Mon, 21 Dec 2015 22:57:36 +0000 (14:57 -0800)]
datapath: Backport: openvswitch: Fix serialization of non-masked set actions.
I found this missing commit while checking diff against upstream OVS.
Upstream Commit msg:
Set actions consist of a regular OVS_KEY_ATTR_* attribute nested inside
of a OVS_ACTION_ATTR_SET action attribute. When converting masked actions
back to regular set actions, the inner attribute length was not changed,
ie, double the length being serialized. This patch fixes the bug.
Fixes: 83d2b9b ("net: openvswitch: Support masked set actions.") Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream: f4f8e738505 ("openvswitch: Fix serialization of non-masked set
actions") Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Joe Stringer <joe@ovn.org>
Aaron Conole [Tue, 24 Nov 2015 20:28:35 +0000 (15:28 -0500)]
datapath/vport: Remove an invalid comment
Commit 3544358aa596 ("datapath: Improve kernel hash table") removed the
failure condition of ovs_vport_del by switching away from a custom
hashtable which allocated a new bucket, to an hlist with flexible-array
buckets. The function stopped returning failure code at that point, so
remove the misleading comment.
Signed-off-by: Aaron Conole <aconole@redhat.com> Acked-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
Pravin B Shelar [Mon, 21 Dec 2015 01:05:24 +0000 (17:05 -0800)]
datapath: stt: Fix device list management.
STT receive can accept packet on device which is not UP state.
Following patch fixes this issue by introducing another list
of devices which contains only devices in up state. This list can
be used for searching stt devices on packet receive.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@kernel.org>
Ben Pfaff [Sat, 19 Dec 2015 06:09:57 +0000 (22:09 -0800)]
stream-ssl: Fix misleading bound address format.
When the SSL code presents the name of the address to which it is bound,
it should include an "ssl:" or "pssl:" prefix instead of "tcp:" or "ptcp:".
Reported-by: meishengxin <meishengxin@huawei.com>
Reported-at: http://openvswitch.org/pipermail/discuss/2015-December/019694.html Fixes: e731d71bf47b ("Add IPv6 support for OpenFlow, OVSDB, NetFlow, and sFlow.") Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Russell Bryant <russell@ovn.org>
Anupam Chanda [Mon, 21 Dec 2015 20:20:06 +0000 (12:20 -0800)]
ovs-vtep: Clean up local mac entries on startup.
This change handles a corner case where local mac entries are not cleared if a
vlan binding is deleted while the emulator is not running. The fix is to clean
up the local mac entries once on restart.
Pravin B Shelar [Sun, 20 Dec 2015 03:19:22 +0000 (19:19 -0800)]
datapath: stt: Do not access stt_dev socket in lookup.
STT device is added to the device list at device create time. and
the dev socket is initialized when dev is UP. So avoid accessing
stt socket while searching a device.
Joe Stringer [Tue, 15 Dec 2015 19:24:34 +0000 (11:24 -0800)]
compat: Backport conntrack strictly to v3.10+.
The conntrack/ipfrag backport was previously not entirely consistent in
its include for versions 3.9 and 3.10. The intention was to build it for
all kernels 3.10 and newer, so fix the version checks.
Reported-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Pravin B Shelar <pshelar@nicira.com> Tested-by: Simon Horman <simon.horman@netronome.com>
Joe Stringer [Tue, 15 Dec 2015 19:24:33 +0000 (11:24 -0800)]
compat: Always use own __ipv6_select_ident().
If the ip fragmentation backport is enabled, we should always use our
own {,__}ipv6_select_ident(). This fixes the following issue on some
v3.19 kernels:
datapath/linux/ip6_output.c:93:12: error: conflicting types for
‘__ipv6_select_ident’
static u32 __ipv6_select_ident(struct net *net, u32 hashrnd,
Reported-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Pravin B Shelar <pshelar@nicira.com> Tested-by: Simon Horman <simon.horman@netronome.com>
Han Zhou [Fri, 18 Dec 2015 06:23:22 +0000 (22:23 -0800)]
ovsdb: separate json cache for different monitor versions
Cached json objects were reused when sending notifications to
clients. This created a problem when there were different versions
of monitors coexisting. E.g. clients expecting version2 notification
would receive messages with method == "update2" but payload in
version1 format, which end up failure of processing the updates.
This patch fixes the issue by including version in cache node.
Signed-off-by: Han Zhou <zhouhan@gmail.com> Acked-by: Andy Zhou <azhou@ovn.org> Signed-off-by: Andy Zhou <azhou@ovn.org>
Ben Pfaff [Wed, 16 Dec 2015 02:04:20 +0000 (18:04 -0800)]
Use ip_parse() and ipv6_parse() and variants in more places.
This saves some code and improves clarity, in my opinion.
Some of these changes just change an inet_pton() call into a similar
ip_parse() or ipv6_parse() call. In those cases the benefit is better
type safety, since inet_pton()'s output parameter is type "void *".
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Justin Pettit <jpettit@ovn.org>