datapath-windows: Use annotations instead for macros
We can safely use function annotations to instead of defining out own macros.
Nuke implementation of `OVS_VERIFY_IRQL_LE` and OVS_VERIFY_IRQL (unused).
Add function annotations to the functions which were using OVS_VERIFY_IRQL_LE`.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Shashank Ram <rams@vmware.com>
datapath-windows: Add annotations for OvsAcquirePidHashLock
Add annotations to the function ` OvsAcquirePidHashLock`.
We make it aware that it raises the dispatch level, where it saves the
dispatch level and it acquires a lock.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Shashank Ram <rams@vmware.com>
datapath-windows: Add annotations for OvsReleasePidHashLock
Add function annotations for ` OvsReleasePidHashLock`.
We make it aware that it requires a certain dispatch level, that it
restores the dispatch level, that it requires a lock held and releases
a lock.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Shashank Ram <rams@vmware.com>
datapath-windows: Add annotations for OvsReleaseEventQueueLock
Add function annotations for ` OvsReleaseEventQueueLock`.
We make it aware that it requires a certain dispatch level, that it
restores the dispatch level, that it requires a lock held and releases
a lock.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Shashank Ram <rams@vmware.com>
datapath-windows: Add annotations for OvsReleaseCtrlLock
Add function annotations for `OvsReleaseCtrlLock`.
We make it aware that it requires a certain dispatch level, that it
restores the dispatch level, that it requires a lock held and release
a lock.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Shashank Ram <rams@vmware.com>
datapath-windows: Add annotations for OvsAcquireCtrlLock
Add annotations to the function `OvsAcquireCtrlLock`.
We make it aware that it raises the dispatch level, where it saves the
dispatch level and it acquires a lock.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Shashank Ram <rams@vmware.com>
Jan Scheurich [Wed, 2 Aug 2017 08:04:12 +0000 (16:04 +0800)]
OF support and translation of generic encap and decap
This commit adds support for the OpenFlow actions generic encap
and decap (as specified in ONF EXT-382) to the OVS control plane.
CLI syntax for encap action with properties:
encap(<header>)
encap(<header>(<prop>=<value>,<tlv>(<class>,<type>,<value>),...))
For example:
encap(ethernet)
encap(nsh(md_type=1))
encap(nsh(md_type=2,tlv(0x1000,10,0x12345678),tlv(0x2000,20,0xfedcba9876543210)))
CLI syntax for decap action:
decap()
decap(packet_type(ns=<pt_ns>,type=<pt_type>))
For example:
decap()
decap(packet_type(ns=0,type=0xfffe))
decap(packet_type(ns=1,type=0x894f))
The first header supported for encap and decap is "ethernet" to convert
packets between packet_type (1,Ethertype) and (0,0).
This commit also implements a skeleton for the translation of generic
encap and decap actions in ofproto-dpif and adds support to encap and
decap an Ethernet header.
In general translation of encap commits pending actions and then rewrites
struct flow in accordance with the new packet type and header. In the
case of encap(ethernet) it suffices to change the packet type from
(1, Ethertype) to (0,0) and set the dl_type accordingly. A new
pending_encap flag in xlate ctx is set to mark that an corresponding
datapath encap action must be triggered at the next commit. In the
case of encap(ethernet) ofproto generetas a push_eth action.
The general case for translation of decap() is to emit a datapath action
to decap the current outermost header and then recirculate the packet
to reparse the inner headers. In the special case of an Ethernet packet,
decap() just changes the packet type from (0,0) to (1, dl_type) without
a need to recirculate. The emission of the pop_eth action for the
datapath is postponed to the next commit.
Hence encap(ethernet) and decap() on an Ethernet packet are OF octions
that only incur a cost in the dataplane when a modifed packet is
actually committed, e.g. because it is sent out. They can freely be
used for normalizing the packet type in the OF pipeline without
degrading performance.
Signed-off-by: Jan Scheurich <jan.scheurich@ericsson.com> Signed-off-by: Yi Yang <yi.y.yang@intel.com> Signed-off-by: Zoltan Balogh <zoltan.balogh@ericsson.com> Co-authored-by: Zoltan Balogh <zoltan.balogh@ericsson.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Russell Bryant [Tue, 1 Aug 2017 16:15:04 +0000 (12:15 -0400)]
ovn-northd: Add native active-standby HA.
Add native support for active-standby HA in ovn-northd by having each
instance attempt to acquire an OVSDB lock. Only the instance of
ovn-northd that currently holds the lock will make active changes to
the OVN databases.
Signed-off-by: Russell Bryant <russell@ovn.org> Acked-by: Han Zhou <zhouhan@gmail.com> Tested-by: Numan Siddique <nusiddiq@redhat.com> Acked-by: Numan Siddique <nusiddiq@redhat.com>
dpif-netdev: Reorder elements in dp_netdev_port structure.
By reordering the elements in dp_netdev_port structure, pad bytes can be
reduced there by saving a cache line. Marginal performance improvement
is also observed with this change.
Before: structure size: 136, holes: 7, sum padbytes:7, cachelines:3
After : structure size: 128, holes: 6, sum padbytes:0, cachelines:2
Signed-off-by: Bhanuprakash Bodireddy <bhanuprakash.bodireddy@intel.com> Reviewed-by: Greg Rose <gvrose8192@gmail.com> Tested-by: Greg Rose <gvrose8192@gmail.com> Signed-off-by: Darrell Ball <dlu998@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
DPDK ports use masks while reporting rx checksum flags. OVS should use these
mask along with reported checksum flag while validating the good checksum.
Added two new functions to validate bad checksum reported by DPDK NIC port.
These two functions will be used in the following patch for enabling rx checksum
offload in conntrack module.
Signed-off-by: Sugesh Chandran <sugesh.chandran@intel.com> Co-authored-by: Darrell Ball <dball@vmware.com> Signed-off-by: Darrell Ball <dball@vmware.com> Acked-by: Antonio Fishetti <antonio.fischetti@intel.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Commit "odp: Support conntrack orig tuple key." introduced new fields
in struct 'pkt_metadata'. pkt_metadata_init() is called for every
packet in the userspace datapath. When testing a simple single
flow case with DPDK, we observe a lower throughput after the above
commit (it was 14.88 Mpps before, it is 13 Mpps after).
This patch skips initializing ct_orig_tuple in pkt_metadata_init().
It should be enough to initialize ct_state, because nobody should look
at ct_orig_tuple unless ct_state is != 0.
and find the interface is NOT detached; there is
no info log ‘Device '0000:04:00.1' detached’.
A more verbose discussion is here:
https://mail.openvswitch.org/pipermail/ovs-dev/2017-June/333462.html
along with another possible solution.
Since we are nearing the end of a release, a safe approach is needed,
at this time.
One approach is to revert 5dcde09c80a8. This patch does not do that
but reinstates the command ovs-appctl netdev-dpdk/detach to handle
cases when del-port will not work.
To detach the device, run the reinstated command
ovs-appctl netdev-dpdk/detach 0000:04:00.1
Observe console output
‘Device '0000:04:00.1' has been detached’
Fixes: 5dcde09c80a8 ("netdev-dpdk: Fix device leak on port deletion.") CC: Ilya Maximets <i.maximets@samsung.com> Acked-by: Aaron Conole <aconole@redhat.com> Acked-by: Fischetti, Antonio <antonio.fischetti@intel.com> Signed-off-by: Darrell Ball <dlu998@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Michal Weglicki [Tue, 1 Aug 2017 23:14:10 +0000 (16:14 -0700)]
Update relevant artifacts to add support for DPDK 17.05.1.
Upgrading to DPDK 17.05.1 stable release adds new
significant features relevant to OVS, including,
but not limited to:
- tun/tap PMD,
- VFIO hotplug support,
- Generic flow API.
Following changes are applied:
- netdev-dpdk: Changes required by DPDK API modifications.
- doc: Because of DPDK API changes, backward compatibility
with previous DPDK releases will be broken, thus all
relevant documentation entries are updated.
- .travis: DPDK version change from 16.11.1 to 17.05.1.
- rhel/openvswitch-fedora.spec.in: DPDK version change
from 16.11 to 17.05.1
Signed-off-by: Michal Weglicki <michalx.weglicki@intel.com> Acked-by: Kevin Traynor <ktraynor@redhat.com> Acked-by: Mark Kavanagh <mark.b.kavanagh@intel.com> Tested-by: Ian Stokes <ian.stokes@intel.com> Acked-by: Aaron Conole <aconole@redhat.com> Signed-off-by: Darrell Ball <dlu998@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Mark Kavanagh [Tue, 1 Aug 2017 22:03:08 +0000 (15:03 -0700)]
netdev-dpdk: use rte_eth_dev_set_mtu.
DPDK provides an API to set the MTU of compatible physical devices -
rte_eth_dev_set_mtu(). Prior to DPDK v16.07 however, this API was not
implemented in some DPDK PMDs (i40e, specifically). To allow the use
of jumbo frames with affected NICs in OvS-DPDK, MTU configuration was
achieved by setting the jumbo frame flag, and corresponding maximum
permitted Rx frame size, in an rte_eth_conf structure for the NIC
port, and subsequently invoking rte_eth_dev_configure() with that
configuration.
However, that method does not set the MTU field of the underlying DPDK
structure (rte_eth_dev) for the corresponding physical device;
consequently, rte_eth_dev_get_mtu() reports the incorrect MTU for an
OvS-DPDK phy device with non-standard MTU.
Resolve this issue by invoking rte_eth_dev_set_mtu() when setting up
or modifying the MTU of a DPDK phy port.
Fixes: 0072e93 ("netdev-dpdk: add support for jumbo frames") Reported-by: Aaron Conole <aconole@redhat.com> Reported-by: Vipin Varghese <vipin.varghese@intel.com> Reviewed-by: Aaron Conole <aconole@redhat.com> Acked-by: Sugesh Chandran <sugesh.chandran@intel.com> Tested-by: Sugesh Chandran <sugesh.chandran@intel.com> Signed-off-by: Mark Kavanagh <mark.b.kavanagh@intel.com> Signed-off-by: Darrell Ball <dlu998@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Billy O'Mahony [Tue, 1 Aug 2017 21:38:43 +0000 (14:38 -0700)]
dpif-netdev: Assign ports to pmds on non-local numa node.
Previously if there is no available (non-isolated) pmd on the numa node
for a port then the port is not polled at all. This can result in a
non-operational system until such time as nics are physically
repositioned. It is preferable to operate with a pmd on the 'wrong' numa
node albeit with lower performance. Local pmds are still chosen when
available.
Signed-off-by: Billy O'Mahony <billy.o.mahony@intel.com> Signed-off-by: Ilya Maximets <i.maximets@samsung.com> Co-authored-by: Ilya Maximets <i.maximets@samsung.com> Tested-by: Ian Stokes <ian.stokes@intel.com> Acked-by: Ian Stokes <ian.stokes@intel.com> Signed-off-by: Darrell Ball <dlu998@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ilya Maximets [Tue, 1 Aug 2017 21:22:17 +0000 (14:22 -0700)]
dpif-netdev: Don't uninit emc on reload.
There are many reasons for reloading of pmd threads:
* reconfiguration of one of the ports.
* Adjusting of static_tx_qid.
* Adding new tx/rx ports.
In many cases EMC is still useful after reload and uninit
will only lead to unnecessary upcalls/classifier lookups.
Such behaviour slows down the datapath. Uninit itself slows
down the reload path. All this factors leads to additional
unexpected latencies/drops on events not directly connected
to current PMD thread.
Lets not uninitialize emc cache on reload path.
'emc_cache_slow_sweep()' and replacements should free all
the old/unwanted entries.
Ilya Maximets [Tue, 1 Aug 2017 20:46:33 +0000 (13:46 -0700)]
dpif-netdev: Incremental addition/deletion of PMD threads.
Currently, change of 'pmd-cpu-mask' is very heavy operation.
It requires destroying of all the PMD threads and creating
them back. After that, all the threads will sleep until
ports' redistribution finished.
This patch adds ability to not stop the datapath while
adjusting number/placement of PMD threads. All not affected
threads will forward traffic without any additional latencies.
id-pool created for static tx queue ids to keep them sequential
in a flexible way. non-PMD thread will always have
static_tx_qid = 0 as it was before.
Signed-off-by: Ilya Maximets <i.maximets@samsung.com> Tested-by: Mark Kavanagh <mark.b.kavanagh@intel.com> Acked-by: Mark Kavanagh <mark.b.kavanagh@intel.com> Signed-off-by: Darrell Ball <dlu998@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Numan Siddique [Wed, 2 Aug 2017 14:20:57 +0000 (19:50 +0530)]
ovn: Fix the failing "2335: ovn -- ACL logging" test case
The test case is failing mainly because of timing issue. Looking into the
ovn-controller.log it is evident that the last packet injected just before the
AT_CHECK, is still not processed by ovn-controller.
Fixes: d383eed59589 ("ovn: Add support for ACL logging.") Suggested-by: Lance Richardson <lrichard@redhat.com> Signed-off-by: Numan Siddique <nusiddiq@redhat.com> Signed-off-by: Justin Pettit <jpettit@ovn.org>
Roi Dayan [Thu, 27 Jul 2017 11:40:02 +0000 (14:40 +0300)]
dpif-netlink-rtnl: Fix false errors on interfaces without tunnel config
When we skip adding a port using rtnetlink and not because of an error we
need to return EOPNOTSUPP to avoid logging an error message.
Fixes: 2fd3d5eda508 ("dpif-netlink-rtnl: Support layer3 GRE") Signed-off-by: Roi Dayan <roid@mellanox.com> Reviewed-by: Paul Blakey <paulb@mellanox.com> Acked-by: Eric Garver <e@erig.me> Acked-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: Joe Stringer <joe@ovn.org>
Eric Garver [Tue, 1 Aug 2017 22:47:18 +0000 (18:47 -0400)]
dpif-netlink-rtnl: Fix VXLAN port create for regular VXLAN
When VXLAN-GPE was introduced we added IFLA_VXLAN_GPE to the policy
parsing, but did not mark it as optional. The kernel only returns this
netlink attribute if it's actually configured.
This also adds a missing entry for IFLA_VXLAN_GBP. Apparently we have no
system-traffic test coverage there.
Fixes: c33c412fb139 ("dpif-netlink-rtnl: Support VXLAN-GPE") Fixes: 825e45e0109f ("dpif-netlink-rtnl: Support VXLAN creation") Reported-by: Joe Stringer <joe@ovn.org> Signed-off-by: Eric Garver <e@erig.me> Signed-off-by: Joe Stringer <joe@ovn.org>
Joe Stringer [Tue, 1 Aug 2017 00:16:11 +0000 (17:16 -0700)]
ofpbuf: Fix parameter for const initializer.
Clang 4.0 complains:
In file included from include/openvswitch/cxxtest.cc:11:0:
../include/openvswitch/ofpbuf.h: In function ‘ofpbuf ofpbuf_const_initializer(const void*, size_t)’:
../include/openvswitch/ofpbuf.h:107:5: warning: narrowing conversion of ‘size’ from ‘size_t {aka long unsigned int}’ to ‘uint32_t {aka unsigned int}’ inside { } [-Wnarrowing]
};
^
../include/openvswitch/ofpbuf.h:107:5: warning: narrowing conversion of ‘size’ from ‘size_t {aka long unsigned int}’ to ‘uint32_t {aka unsigned int}’ inside { } [-Wnarrowing]
This is because the ofpbuf struct's "size" parameter is a uint32_t,
while ofpbuf_const_initializer() takes a size_t for the size. Fix this
function to take a uint32_t instead.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
odp-util: Remove unnecessary optimization in odp_key_to_dp_packet()
The optimization logic in odp_key_to_dp_packet() used to be useful if the
number of wanted key attributes are small. However, as the expected key
attributes increase, and the optimization logic need to check all the
netlink attributes if one of the wanted key attributes is missing, the
benefit of the optimization logic is minimal. Therefore, this patch removes
the optimization.
Suggested-by: Joe Stringer <joe@ovn.org> Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com> Signed-off-by: Joe Stringer <joe@ovn.org>
Ben Pfaff [Mon, 31 Jul 2017 19:36:48 +0000 (12:36 -0700)]
odp-util: Make checks for exact or wildcard masks more precise.
Checking whether an ODP mask is all-0s or all-1s is a little more
complicated than one might expect because the structures sometimes have
trailing padding. The function odp_mask_is_exact() was fairly careful
about this, but odp_mask_attr_is_wildcard() didn't take padding into
consideration at all, which caused test failures on Travis and on some
machines because of uninitialized padding.
This commit fixes the problem by unifying the two different functions so
that both of them are careful about checking only significant bytes. It
also adds support for the ct_orig_tuples for IPv4 and IPv6, which also
have trailing padding but weren't special cased before.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Andy Zhou <azhou@ovn.org>
Ben Pfaff [Mon, 31 Jul 2017 16:40:57 +0000 (09:40 -0700)]
odp-util: Drop special case for OVS_KEY_ATTR_TUNNEL for exact mask checks.
This special case isn't actually necessary. Commit 48954dab23ee
("odp-util: Remove last use of odp_tun_key_from_attr for formatting.")
retained it "as a safety measure" but that isn't really needed.
This makes an upcoming change more straightforward.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Andy Zhou <azhou@ovn.org>
Ben Pfaff [Fri, 28 Jul 2017 21:43:57 +0000 (14:43 -0700)]
odp-util: More carefully validate attribute length in odp_flow_format().
odp_flow_format() passes masks to odp_mask_attr_is_wildcard() without
first checking that they are the correct length. This is OK for the
moment because odp_mask_attr_is_wildcard() doesn't care that the length
is correct. An upcoming commit will change odp_mask_attr_is_wildcard()
to make it pickier, so this prepares for that change.
This adds a few comments to make it a little harder to get length
validation wrong in the future.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Andy Zhou <azhou@ovn.org>
Mark Michelson [Thu, 27 Jul 2017 18:34:23 +0000 (13:34 -0500)]
ovn: Restrict encap modification to its creating chassis
This patch extends RBAC restrictiveness of the encap table in
the ovn southbound database by only allowing modification by the
chassis that created the encap.
Signed-off-by: Mark Michelson <mmichels@redhat.com> Reported-by: Lance Richardson <lrichard@redhat.com> Acked-by: Lance Richardson <lrichard@redhat.com> Signed-off-by: Russell Bryant <russell@ovn.org>
Mark Michelson [Wed, 26 Jul 2017 21:28:12 +0000 (16:28 -0500)]
tests: Use ovn-nbctl lsp-set-dhcpvX-options
Existing OVN tests manually added DHCP options to the
Logical_Switch_Port database. There is a shortcut CLI command for doing
the same thing, so we may as well use it and get the extra test coverage
as a result.
Signed-off-by: Mark Michelson <mmichels@redhat.com> Signed-off-by: Russell Bryant <russell@ovn.org>
OVN offers a shortcut to set DHCPv4 options on a logical switch port,
but it did not offer the same for DHCPv6. This commit adds a similar
option for DHCPv6.
Signed-off-by: Mark Michelson <mmichels@redhat.com> Signed-off-by: Russell Bryant <russell@ovn.org>
Tunnel metadata was only stored if the tunnel destination was set. It's
possible, for example, that a flow could set the tunnel id field before
recirculation and then set the destination field afterwards. The
previous behavior is that the tunnel id would be lost during
recirculation under such a circumstance. This changes the behavior to
always copy the tunnel metadata, regardless of whether the tunnel
destination is set. It also adds a unit test.
Signed-off-by: Justin Pettit <jpettit@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
ofproto-dpif-rid: Store tunnel metadata in frozen metadata directly.
"recirc_id_node" contains a 'state_metadata_tunnel' member field. The
"frozen_metadata" structure used by "recird_id_node" had a 'tunnel'
member that always pointed to 'state_metadata_tunnel". This commit just
stores the tunnel information directly in "frozen_metadata" instead of
accessing it through a pointer.
This makes the code a bit simpler and easier to reason about.
Signed-off-by: Justin Pettit <jpettit@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Thu, 27 Jul 2017 23:48:54 +0000 (16:48 -0700)]
travis: Explicitly disable LLVM for sparse build.
Newer travis environments claim to have LLVM support (llvm-config exists
and works) but in reality don't, which prevents sparse from building and
later parts of the build from succeeding.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Justin Pettit <jpettit@ovn.org>
Russell Bryant [Thu, 27 Jul 2017 00:30:34 +0000 (20:30 -0400)]
Documentation/conf.py: Fix line length.
A previous commit introduced a line that was greater than 79
characters long, causing a flake8 warning to be emitted.
Reported-by: Joe Stringer <joe@ovn.org> Fixes: 5ca89127382d ("docs: Refer to correct package name for sphinx theme.") Signed-off-by: Russell Bryant <russell@ovn.org>
openvswitch: fix potential out of bound access in parse_ct
Before the 'type' is validated, we shouldn't use it to fetch the
ovs_ct_attr_lens's minlen and maxlen, else, out of bound access
may happen.
Fixes: 7f8a436eaa2c ("openvswitch: Add conntrack action") Signed-off-by: Liping Zhang <zlpnobody@gmail.com> Acked-by: Pravin B Shelar <pshelar@ovn.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Pick up an upstream bug fix.
Fixes: a94ebc39996b ("datapath: Add conntrack action") Signed-off-by: Greg Rose <gvrose8192@gmail.com> Signed-off-by: Joe Stringer <joe@ovn.org>
Joe Stringer [Wed, 26 Jul 2017 19:49:48 +0000 (12:49 -0700)]
system-userspace-macros: Fix ethtool with new kernels.
The latest net-next kernels have removed the UFO feature, which results
in older ethtool reporting the following error:
Cannot get device udp-fragmentation-offload settings: Operation not
supported
Currently, we rely on no errors being reported, and if there is an error
then a failure is reported. However, in this case we can safely ignore
the stderr output. We still check the return code so if something is
truly fatal, a failure will still be reported; otherwise, we will not
fail the test due to the above.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Andy Zhou <azhou@ovn.org>
Localnet port is not an endpoint, and have no security requirements
to use localnet port at present. So, for performance consideration, we
could do not use ct for localnet port.
The more specific discussion can be found from
https://mail.openvswitch.org/pipermail/ovs-dev/2017-July/335048.html
Signed-off-by: wangqianyu <wang.qianyu@zte.com.cn> Acked-by: Han Zhou <zhouhan@gmail.com> Signed-off-by: Russell Bryant <russell@ovn.org>
Currently to check more than one patch or file it's required
to invoke script for each file separately.
Fix that by iterating over all the passed filenames.
Note: If '-f' option passed, all the files treated as usual files.
Without '-f' all the files treated as patch files.
Avoid null pointer dereference in fdb_calculate_active_tunnels()
when integration bridge isn't present. This is easily encountered
by executing "make sandbox SANDBOXFLAGS=--ovn".
Fixes: 3475695ea61c ("ovn: l3ha, enable bfd between tunnel endpoints") Signed-off-by: Lance Richardson <lrichard@redhat.com> Signed-off-by: Russell Bryant <russell@ovn.org>
Andy Zhou [Tue, 25 Jul 2017 18:28:37 +0000 (11:28 -0700)]
bond: Adjust bond hash masks
Commit 42781e77035d (bond: Unify hash functions in hash action and entry
lookup.) changed the BM_TCP's hash function, but did not update
hash mask fields accordingly. Found by inspection.
netdev-dummy: Fix setting length in recieve command.
Currently, if '--len' option passed to 'netdev-dummy/receive' command,
only 'size' field of dp_packet will changes.
This is incorrect behaviour, because memory for that size is not
allocated and also packet headers not fixed to reflect the new size.
This leads to flow_extract() failure, because it checks the
'ip->tot_len' and stops further parsing if it doesn't match the
dp_packet_size(). As a result packets created while processing of the
'receive' command can't be parsed to the same flow.
Additionally this may lead to wrong memory accesses in case someone
will try to read or modify packets data.
Fix that by creating right packets using recently introduced
'flow_compose_size()'.
CC: Andy Zhou <azhou@ovn.org> Fixes: d8ada2368cbe ("netdev-dummy: Add --len option for netdev-dummy/receive command") Signed-off-by: Ilya Maximets <i.maximets@samsung.com> Signed-off-by: Andy Zhou <azhou@ovn.org>
This allows to compose packets with different real lenghts from
odp flows i.e. memory will be allocated for requested packet
size and all required headers like ip->tot_len filled correctly.
Will be used in netdev-dummy to properly handle '--len' option.
Suggested-by: Andy Zhou <azhou@ovn.org> Signed-off-by: Ilya Maximets <i.maximets@samsung.com> Signed-off-by: Andy Zhou <azhou@ovn.org>
Mark Michelson [Fri, 21 Jul 2017 20:46:00 +0000 (15:46 -0500)]
stream-ssl: Fix memory leak in error scenario
ssl_new_stream() takes ownership of the passed-in 'name' parameter.
In error scenarios, the name is leaked. I was able to trigger this
leak by attempting to connect to an ovsdb over SSL and specifying
non-existent certificate, private key, and CA cert files.
This patch fixes the problem by freeing 'name' in the error label.
Signed-off-by: Mark Michelson <mmichels@redhat.com> Signed-off-by: Russell Bryant <russell@ovn.org>
Since introduction of 'hash_mac()' function in
commit 7e36ac42e33a ("lib/packet.h: add hash_mac()"), there is no
need to have additional wrapper for mac address hashing.
Lets use 'hash_mac()' directly and remove 'bond_hash_src()' to
simplify the code.
Suggested-by: Andy Zhou <azhou@ovn.org> Signed-off-by: Ilya Maximets <i.maximets@samsung.com> Signed-off-by: Andy Zhou <azhou@ovn.org>
bond: Unify hash functions in hash action and entry lookup.
'lookup_bond_entry' currently uses 'flow_hash_symmetric_l4' while
OVS_ACTION_ATTR_HASH uses 'flow_hash_5tuple'. This may lead to
inconsistency in slave choosing for the new flows. In general,
there is no point to unify hash functions, because it's not
required for correct work, but it's logically wrong to use
different hash functions there.
Unfortunately we're not able to use RSS hash here, because we have
no packet at this point, but we may reduce inconsistency by using
'flow_hash_5tuple' instead of 'flow_hash_symmetric_l4' because
symmetric quality is not needed.
'flow_hash_symmetric_l4' was used previously just because there
was no other implemented hash function at the moment and L2
fields was additionally involved in hash calculation. Now we
have 5tuple hash and L2 not used anymore, so, we may replace the
old function.
'flow_hash_5tuple' is preferable solution because it in 2 - 8 times
(depending on the flow) faster than symmetric function.
So, this change will also speed up handling of the new flows and
statistics accounting.
Additionally function 'bond_hash_tcp()' was removed for the reasons
of code simplification and possible additional speed up.
Co-authored-by: Andy Zhou <azhou@ovn.org> Signed-off-by: Ilya Maximets <i.maximets@samsung.com> Signed-off-by: Andy Zhou <azhou@ovn.org>
vswitch.xml: Fix L2 balancing mentioning for balance-tcp bond.
L2 fields are not used in userspace hash action since
commit 4f150744921f ("dpif-netdev: Use miniflow as a flow key.").
In kernel datapath RSS (which is not include L2 by default for
most of the NICs) was used from the beginning. This means that
if recirculation is in use, L2 fields are not used for flow
balancing.
Fix the documentation accordingly.
Signed-off-by: Ilya Maximets <i.maximets@samsung.com> Signed-off-by: Andy Zhou <azhou@ovn.org>
Russell Bryant [Mon, 24 Jul 2017 20:52:30 +0000 (16:52 -0400)]
ovn-architecture: Remove outdated comment.
This outdated comment said that support for hardware gateways that
support the vtep schema would come later. This was actually
implemented a long time ago.
Signed-off-by: Russell Bryant <russell@ovn.org> Acked-by: Miguel Angel Ajo <majopela@redhat.com>
When there is an established connection in direction A->B, it is
possible to receive a packet on port B which then executes
ct(commit,force) without first performing ct() - ie, a lookup.
In this case, we would expect that this packet can delete the
existing entry so that we can commit a connection with direction B->A.
However, currently we only perform a check in skb_nfct_cached() for
whether OVS_CS_F_TRACKED is set and OVS_CS_F_INVALID is not set, ie
that a lookup previously occurred. In the above scenario, a lookup
has not occurred but we should still be able to statelessly look
up the existing entry and potentially delete the entry if it is
in the opposite direction.
This patch extends the check to also hint that if the action has the
force flag set, then we will lookup the existing entry so that the
force check at the end of skb_nfct_cached has the ability to delete
the connection.
Fixes: dd41d330b03 ("openvswitch: Add force commit.") CC: Pravin Shelar <pshelar@nicira.com> CC: dev@openvswitch.org Signed-off-by: Joe Stringer <joe@ovn.org> Signed-off-by: Greg Rose <gvrose8192@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Co-authored-by: Joe Stringer <joe@ovn.org> Signed-off-by: Joe Stringer <joe@ovn.org> Signed-off-by: Greg Rose <gvrose8192@gmail.com>
openvswitch: fix mis-ordered comment lines for ovs_skb_cb
I was trying to wrap my head around meaning of mru, and realised
that the second line of the comment defining it had somehow
ended up after the line defining cutlen, leading to much confusion.
Reorder the lines to make sense.
Signed-off-by: Daniel Axtens <dja@axtens.net> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Rose <gvrose8192@gmail.com> Signed-off-by: Joe Stringer <joe@ovn.org>
When compiling OvS-master on 4.4.0-81 kernel,
there is a warning:
CC [M] /root/ovs/datapath/linux/datapath.o
/root/ovs/datapath/linux/datapath.c: In function
'ovs_flow_cmd_set':
/root/ovs/datapath/linux/datapath.c:1221:1: warning:
the frame size of 1040 bytes is larger than 1024 bytes
[-Wframe-larger-than=]
This patch factors out match-init and action-copy to avoid
"Wframe-larger-than=1024" warning. Because mask is only
used to get actions, we new a function to save some
stack space.
Signed-off-by: Tonghao Zhang <xiangxia.m.yue@gmail.com> Acked-by: Pravin B Shelar <pshelar@ovn.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Tonghao Zhang <xiangxia.m.yue@gmail.com> Signed-off-by: Joe Stringer <joe@ovn.org>
Switches and modern SR-IOV enabled NICs may multiplex traffic from Port
representators and control messages over single set of hardware queues.
Control messages and muxed traffic may need ordered delivery.
Those requirements make it hard to comfortably use TC infrastructure today
unless we have a way of attaching metadata to skbs at the upper device.
Because single set of queues is used for many netdevs stopping TC/sched
queues of all of them reliably is impossible and lower device has to
retreat to returning NETDEV_TX_BUSY and usually has to take extra locks on
the fastpath.
This patch attempts to enable port/representative devs to attach metadata
to skbs which carry port id. This way representatives can be queueless and
all queuing can be performed at the lower netdev in the usual way.
Traffic arriving on the port/representative interfaces will be have
metadata attached and will subsequently be queued to the lower device for
transmission. The lower device should recognize the metadata and translate
it to HW specific format which is most likely either a special header
inserted before the network headers or descriptor/metadata fields.
Metadata is associated with the lower device by storing the netdev pointer
along with port id so that if TC decides to redirect or mirror the new
netdev will not try to interpret it.
This is mostly for SR-IOV devices since switches don't have lower netdevs
today.
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: Sridhar Samudrala <sridhar.samudrala@intel.com> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream: 3fcece12bc1b ("net: store port/representator id in metadata_dst") Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Greg Rose <gvrose8192@gmail.com>