Joe Stringer [Thu, 3 Dec 2015 07:53:38 +0000 (23:53 -0800)]
compat: Backport nf_ct_tmpl_alloc().
Loosely based upon Linux commit 0838aa7fcfcd "netfilter: fix netns
dependencies with conntrack templates" and commit 5e8018fc6142
"netfilter: nf_conntrack: add efficient mark to zone mapping".
Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
Pravin B Shelar [Thu, 3 Dec 2015 19:40:53 +0000 (11:40 -0800)]
datapath: Add support for lwtunnel
Following patch adds support for lwtunnel to OVS datapath.
With this change OVS datapath detect lwtunnel support and
make use of new APIs if available. On older kernel where the
support is not there the backported tunnel modules are used.
These backported tunnel devices acts as lwtunnel devices.
I tried to keep backported module same as upstream for easier
bug-fix backport. Since STT and LISP are not upstream OVS
always needs to use respective modules from tunnel compat layer.
To make it work on kernel 4.3 I have converted STT and LISP
modules to lwtunnel API model.
lwtunnel make use of skb-dst to pass tunnel information to the
tunnel module. On older kernel this is not possible. So the in
case of old kernel metadata ref is stored in OVS_CB and direct
call to tunnel transmit function is made by respective tunnel
vport modules. Similarly on receive side tunnel recv directly
call netdev-vport-receive to pass the skb to OVS.
Major backported components include:
Geneve, GRE, VXLAN, ip_tunnel, udp-tunnels GRO.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Joe Stringer <joe@ovn.org> Acked-by: Jesse Gross <jesse@kernel.org>
Joe Stringer [Wed, 2 Dec 2015 00:17:45 +0000 (16:17 -0800)]
ofp-actions: Refactor ofpact_get_mf_dst().
This function finds the mf destination field for any ofpact, returning
NULL if not applicable. It will be used by the next patch to properly
reject OpenFlow flows with conntrack actions when conntrack is
unsupported by the datapath.
Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Wenyu Zhang [Wed, 2 Dec 2015 02:43:49 +0000 (18:43 -0800)]
ipfix: Skip BFD packets.
The patch is to skip BFD packets in ipfix.
Bidirectional Forwarding Detection (BFD) packets are for monitoring
the tunnel link status and consumed by ovs itself, no need to sample
them.
Refer to IETF RFC 5881, BFD control packets are the UDP packets with
destination port 3784 and BFD echo packets are the UDP packets with dst
destination port 3785.
Ipfix will skip both BFD control packets and BFD echo packets.
Signed-off-by: Wenyu Zhang <wenyuz@vmware.com>
[blp@ovn.org added check for IP] Signed-off-by: Ben Pfaff <blp@ovn.org>
After some experimentation on Ubuntu15.04, I see the
following behavior.
1. If you install openvswitch-switch with 'apt-get install',
then you automatically get a upstart and systemd config files
for openvswitch. The integration with 'interfaces' fails
because both the upstart and systemd jobs do not have logic
to handle it.
The above behavior will likely get fixed soon in upstream
Ubuntu.
2. If you install openvswitch-switch via the packages
created from the openvswitch repo, there is no systemd or
upstart conf files installed. But systemd notices this
and creates a runtime openvswitch conf file which does
nothing but call back the sysv startup script.
In the above case when you call
"/etc/init.d/openvswitch-switch start", it inturn calls
"/bin/systemctl start openvswitch-switch.service" and
that inturn again calls "/etc/init.d/openvswitch-switch start".
But the above for some reason simply hangs. It looks like a call
to ifup when invoked in this manner does not return.
I am not sure why this is happening.
We can avoid the above behavior completely by skipping the
systemctl redirect as done in this commit. This should fix
both 1. and 2. above.
Signed-off-by: Gurucharan Shetty <guru@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Joe Stringer [Wed, 11 Nov 2015 19:39:51 +0000 (11:39 -0800)]
ofproto-dpif: Shortcut common case in rule_check().
Typically the datapath will support all available features, so check
that first before attempting to retrieve various values out of a
minimask as the latter doesn't need to be checked if all fields are
supported.
ct_state is an exception, because support for the bits in this field is
not binary; only some bits are defined so far, so they must still be
checked against the current known supported bits.
Joe Stringer [Wed, 11 Nov 2015 19:39:50 +0000 (11:39 -0800)]
ofproto-dpif: Validate ct_* field masks.
When inserting rules that match on connection tracking fields, datapath
support must be checked before allowing or denying the rule insertion.
Previously we only disallowed flows that had non-zero values for the
ct_* field, but allowed non-zero masks. This meant that, eg:
ct_state=-trk,...
Would be allowed, while
ct_state=+trk,...
Would be disallowed, due to lack of datapath support.
Fix this by performing the check on masks instead of the flows.
Joe Stringer [Wed, 11 Nov 2015 19:39:49 +0000 (11:39 -0800)]
ofproto-dpif: Reject partial ct_labels if unsupported.
If only half of a ct_label is present in a miniflow/minimask (eg, only
matching on one specific bit), then rule_check() would allow the flow
even if ct_label was unsupported, because it required both 64-bit fields
that comprise the ct_label to be present in the miniflow before
performing the check.
Fix this by populating the stack copy of the label directly from the
miniflow fields if available (or zero each 64-bit word if unavailable).
Simon Horman [Tue, 1 Dec 2015 06:03:09 +0000 (15:03 +0900)]
dp-packet: use dp_packet_reset_offsets during initialisation
Use dp_packet_reset_offsets() in dp_packet_init__() to make it
clearer that initialisation includes a reset of packets
packets the same way as callers to dp_packet_reset_offsets() reset packets.
Signed-off-by: Simon Horman <simon.horman@netronome.com> Acked-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Simon Horman [Tue, 1 Dec 2015 06:03:02 +0000 (15:03 +0900)]
odp-util: Limit scope of vlan in format_odp_action().
Limit the scope of the local vlan variable in format_odp_action()
to where it is used. This is consistent with the treatment of mpls
in the same function.
Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Tue, 1 Dec 2015 04:00:14 +0000 (20:00 -0800)]
csum: Inline csum_add16(), csum_add32().
These two functions are really simple, to the point that inlining them
yields less code than calling them: with GCC 4.9 on i386, this change
reduces the code generated for packet_csum_pseudoheader() from 112 bytes
to 100 bytes.
I didn't measure whether there is a performance improvement.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Ambika Arora [Mon, 30 Nov 2015 11:22:47 +0000 (16:52 +0530)]
ofproto: Implement OF1.4 error code for set-async-config
This patch adds support for Openflow1.4 error codes for set-async-config.
In this patch, a new error type, OFPET_ASYNC_CONFIG_FAILED is introduced
that enables the switch to properly inform the controller when controller
tries to set invalid mask or unsupported configuration.
Signed-off-by: Ambika Arora <ambika.arora@tcs.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Aymerich, Edward [Fri, 27 Nov 2015 16:57:07 +0000 (16:57 +0000)]
ovsdb-idl: Improve ovsdb_idl_add_table() comment.
The new comment reflects with more clarity what ovsdb_idl_add_table() does.
Previous comment could be misunderstood, leading to believe that this function
replicates all columns on IDL. Hopefully this fix clarifies that columns are
not replicated, just minimal data for reference integrity is replicated.
A comment in ovsdb_idl_table_class is also modified to better reflect this
behaviour.
Signed-off-by: Edward Aymerich <edward.aymerich@hpe.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Jiri Benc [Wed, 25 Nov 2015 13:31:11 +0000 (11:31 -0200)]
tunneling: extend flow_tnl with ipv6 addresses
Note that because there's been no prerequisite on the outer protocol,
we cannot add it now. Instead, treat the ipv4 and ipv6 dst fields in the way
that either both are null, or at most one of them is non-null.
[cascardo: abstract testing either dst with flow_tnl_dst_is_set]
cascardo: using IPv4-mapped address is an exercise for the future, since this
would require special handling of MFF_TUN_SRC and MFF_TUN_DST and OpenFlow
messages.
Signed-off-by: Jiri Benc <jbenc@redhat.com> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> Co-authored-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
tnl-arp-cache: Rename module and functions to tnl-neigh-cache.
Since we don't distinguish between IPv4 and IPv6 lookups, consolidate ARP
and ND cache into neighbor cache. Other references to ARP related to the
ARP cache but that are not really about ARP have been renamed as well.
tnl_arp_lookup is kept for lookups using IPv4 instead of IPv4-mapped
addresses, but that is going to be removed in a later patch.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
ofproto-dpif-xlate: use IPv6 for orig_tunnel_ip_dst
orig_tunnel_ip_dst is replaced by orig_tunnel_ipv6_dst and represents IPv4
addresses as IPv4-mapped IPv6 addresses. Since this is only used in
ofproto-dpif-xlate, this change is well contained.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Jiri Benc [Wed, 25 Nov 2015 13:31:08 +0000 (11:31 -0200)]
tunneling: add IPv6 support to netdev_tunnel_config
Allow configuration of IPv6 tunnel endpoints.
Signed-off-by: Jiri Benc <jbenc@redhat.com> Co-authored-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
ipv6_string_mapped stores an IPv6 or IPv4 representation of an IPv6 address
into a string. If the address is IPv4-mapped, it's represented in IPv4
dotted-decimal format.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Saloni Jain [Tue, 24 Nov 2015 12:20:22 +0000 (17:50 +0530)]
Implement Vacancy Events for OFPMP_TABLE_DESC.
This patch adds support for vacancy events in table-desc.
ovs-ofctl -O OpenFlow14 dump-tables-desc <switch>
-This command is enhanced to display the Vacancy Event configuration
of the tables on a <switch>, which is set using the mod-table command.
Saloni Jain [Tue, 24 Nov 2015 12:19:42 +0000 (17:49 +0530)]
Implement Openflow 1.4 Vacancy Events for OFPT_TABLE_MOD.
OpenFlow 1.4 introduces the ability to turn on vacancy events with an
OFPT_TABLE_MOD message specifying OFPTC_VACANCY_EVENTS. This commit adds
support for the new feature in ovs-ofctl mod-table.
As per the openflow specification-1.4, vacancy event adds a mechanism
enabling the controller to get an early warning based on capacity
threshold chosen by the controller.
With this commit, vacancy events can be configured as:
ovs-ofctl -O OpenFlow14 mod-table <bridge> <table> vacancy:<low,high>
<low,high> specify vacancy threshold values in percentage for vacancy_down
and vacancy_up respectively.
To disable vacancy events, following command should be given:
ovs-ofctl -O OpenFlow14 mod-table <bridge> <table> novacancy
Signed-off-by: Saloni Jain <saloni.jain@tcs.com> Co-authored-by: Shashwat Srivastava <shashwat.srivastava@tcs.com> Signed-off-by: Shashwat Srivastava <shashwat.srivastava@tcs.com> Co-authored-by: Sandeep Kumar <sandeep.kumar16@tcs.com> Signed-off-by: Sandeep Kumar <sandeep.kumar16@tcs.com>
[blp@ovn.org fixed a few typos] Signed-off-by: Ben Pfaff <blp@ovn.org>
Han Zhou [Tue, 24 Nov 2015 23:26:52 +0000 (15:26 -0800)]
ovn: use name instead of uuid as key of logical router ports
Before this patch, logical switch ports were using name as key but
logical router ports using uuid, which confuses user when trouble-
shooting, and names of patch ports unreadable. This patch unifies
it by using "name" field also for logical router ports.
Signed-off-by: Han Zhou <zhouhan@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Sat, 28 Nov 2015 19:55:58 +0000 (11:55 -0800)]
ofp-util: Add "check_overlap" and "reset_counts" to stateful flags.
The OpenFlow specification implies that every flag is part of the flow
state, even though that isn't really meaningful for OFPFF_CHECK_OVERLAP
or OFPFF_RESET_COUNTS. This commit adds them to the flow state (reported
in flow stats replies).
Found by OFTest.
Signed-off-by: Ben Pfaff <blp@ovn.org> Co-authored-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: Simon Horman <simon.horman@netronome.com>
Ben Pfaff [Thu, 15 Oct 2015 00:11:09 +0000 (17:11 -0700)]
ofproto: Fix inserting buckets at the end of an empty group.
This caused a segfault.
Reported-by: Ray Li <rayli1107@gmail.com>
Reported-at: http://openvswitch.org/pipermail/discuss/2015-September/018746.html Signed-off-by: Ben Pfaff <blp@ovn.org> Reviewed-by: Simon Horman <simon.horman@netronome.com>
Ben Pfaff [Sun, 29 Nov 2015 18:51:25 +0000 (10:51 -0800)]
ofp-actions: Look inside write_actions for output ports and groups.
The out_port and out_group matches only looked at apply_actions
instructions, but my interpretation of the OpenFlow spec is that they
should also look inside write_actions.
This affected the output of (and in one case the correctness of) some
tests, so this updates them.
Reported-by: Gavin Remaley <gavin_remaley@selinc.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Reviewed-by: Simon Horman <simon.horman@netronome.com>
Ben Pfaff [Thu, 26 Nov 2015 21:13:29 +0000 (13:13 -0800)]
tests: Make parse_listening_port entirely reliable.
In test runs, I've occasionally seen mysterious failures in which
parse_listening_port failed to find the listening port even though an
examination of the log file showed that it was there. I spent some time
trying to figure out what was going wrong. It seemed like everything was
lined up properly to ensure that a command like "ovs-vsctl set-controller
br0 tcp:127.0.0.1:0" would only return to the command prompt after the
new listener was ready and the proper log message was written. It was
obviously a very small race because I could only reproduce it with a large
test parallelism (e.g. -j10 on my quad-core laptop).
The problem turned out to be asynchronous logging in ovs-vswitchd. If I
turned that off, by commenting out the call to vlog_enable_async() in
bridge.c, parse_listening_port became reliable.
This commit works around the problem by making parse_listening_port retry
for a while if necessary. It also transforms the shell function into an
m4 macro (so that it can use OVS_WAIT_UNTIL) and renames it to
all-uppercase to follow the convention for macros.
Signed-off-by: Ben Pfaff <blp@ovn.org> Reviewed-by: Simon Horman <simon.horman@netronome.com> Acked-by: Flavio Leitner <fbl@sysclose.org>
Ben Pfaff [Sun, 5 Jul 2015 17:20:35 +0000 (10:20 -0700)]
tests: Make OVS_WAIT_WHILE, OVS_WAIT_UNTIL run even faster in some cases.
Sometimes OVS_WAIT_WHILE and OVS_WAIT_UNTIL are used for conditions that
tend to be true immediately but sometimes take a moment or two. This
change makes such cases 0.1 seconds faster (which could add up over
hundreds of tests).
Signed-off-by: Ben Pfaff <blp@ovn.org> Reviewed-by: Simon Horman <simon.horman@netronome.com> Acked-by: Flavio Leitner <fbl@sysclose.org>
Ben Pfaff [Sun, 5 Jul 2015 17:19:30 +0000 (10:19 -0700)]
tests: Run OVS_WAIT_WHILE, OVS_WAIT_UNTIL in main shell environment.
AT_CHECK runs its commands in a subshell. That means that (among other
effects), any variable assignments within its commands will disappear after
the commands' completion. That doesn't matter for any of the existing
users, which don't do the sorts of things that affect an outer shell
environment anyhow, but an upcoming user wants to make a shell assignment
that persists. This commit makes that possible, by using AT_CHECK
(actually AT_FAIL_IF but it's moot) only upon failure instead of bracketing
the entire test.
Signed-off-by: Ben Pfaff <blp@ovn.org> Reviewed-by: Simon Horman <simon.horman@netronome.com> Acked-by: Flavio Leitner <fbl@sysclose.org>
YAMAMOTO Takashi [Wed, 14 Oct 2015 18:41:41 +0000 (18:41 +0000)]
ofproto.at: Workaround a race
While a barrier serializes requests from the same connection,
it doesn't wait for requests from other connections to the switch.
Replace the barrier with infamous "sleep 1" to workaround the problem.
Signed-off-by: YAMAMOTO Takashi <yamamoto@midokura.com> Acked-by: Ben Pfaff <blp@ovn.org>
YAMAMOTO Takashi [Wed, 14 Oct 2015 06:36:20 +0000 (06:36 +0000)]
completion.at: Improve portability
NetBSD's /bin/sh complains on the syntax of bash array.
While the use of eval might seem overkill, it's tricky to avoid
the error because the generated code will be a part of the surrounding
subshell and the syntax check is done a bit earlier than the execution
of these conditionals.
Signed-off-by: YAMAMOTO Takashi <yamamoto@midokura.com> Acked-by: Ben Pfaff <blp@ovn.org>
Ilya Maximets [Wed, 25 Nov 2015 08:23:50 +0000 (11:23 +0300)]
netdev-linux: Remove unreachable code in netdev_linux_rx_recv_tap().
While splitting netdev_linux_rx_recv() into netdev_linux_rx_recv_sock()
and netdev_linux_rx_recv_tap() in commit b73c85181df9 ("netdev-linux: Read packet auxdata to obtain vlan_tid")
error handling part was copied 'as is' to both functions.
But in case of netdev_linux_rx_recv_tap(), according to POSIX, the
number of bytes read shall never be greater than 'size'.
Signed-off-by: Ilya Maximets <i.maximets@samsung.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Panu Matilainen [Wed, 25 Nov 2015 14:04:41 +0000 (16:04 +0200)]
rpms: %exclude has side-effects, remove the files from buildroot instead
Due to the way debuginfo package creation is done in existing rpm
versions, its better to physically remove any non-packaged files
from the buildroot, using %exclude for the purposes causes artifacts
like broken symlinks in the -debuginfo packages.
Jarno Rajahalme [Tue, 24 Nov 2015 23:47:56 +0000 (15:47 -0800)]
conntrack: Add support for NAT.
Extend OVS conntrack interface to cover NAT. New nested NAT action
may be included with a CT action. A bare NAT action only mangles
existing connections. If a NAT action with src or dst range attribute
is included, new (non-committed) connections are mangled according to
the NAT attributes.
This work extends on a branch by Thomas Graf at
https://github.com/tgraf/ovs/tree/nat.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Jarno Rajahalme [Wed, 25 Nov 2015 23:19:38 +0000 (15:19 -0800)]
system-tests: Workaround for pyftpdlib bug handling IPv6 addresses.
Hack around a bug in pyftpdlib that rejects EPRT connection due to
mismatching textual representation of the IPv6 address when the
address is not in the normalized format. This happens when the
control connection is mangled by Linux NAT.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Joe Stringer <joe@ovn.org>
Jarno Rajahalme [Wed, 25 Nov 2015 23:19:37 +0000 (15:19 -0800)]
packets: Reorder CS_* flags to remove gap.
This changes the conntrack state flags used in the OpenFlow interface
to match the ones we currently use in the datapath. While these do
not need to be synced, it is nice to get rid of the gap.
This should be merged before the first OVS release with connection
tracking, or not at all.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Jarno Rajahalme [Wed, 25 Nov 2015 23:19:37 +0000 (15:19 -0800)]
ofproto: Enable in-place modification for recirc actions.
When modifying an existing datapath flow with recirculation actions,
the references to old (if any) recirculation actions need to be freed,
and references to new recirculation actions need to be stored.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Joe Stringer <joestringer@nicira.com> Acked-by: Ben Pfaff <blp@ovn.org>
Jarno Rajahalme [Wed, 25 Nov 2015 23:19:37 +0000 (15:19 -0800)]
ofproto: Allow xlate_actions() to fail.
Sometimes xlate_actions() fails due to too deep recursion, too many
MPLS labels, or missing recirculation context. Make xlate_actions()
clear out the produced odp actions in these cases to make it easy for
the caller to install a drop flow (instead or installing a flow with
partially translated actions). Also, return a specific error code, so
that the error can be properly propagated where meaningful.
There are may cases in which the NORMAL action decides to drop the
packet. Most of these are not, however, traslation errors, but just
reactions to malformed input. In these cases it is correct to make the
NORMAL action do nothing, but allow other actions in the pipeline (if
any) to take effect.
Before this patch it was possible that the revalidation installed a
flow with a recirculation ID with an invalid recirc ID (== 0), due to
the introduction of in-place modification in commit 43b2f131a229
(ofproto: Allow in-place modifications of datapath flows).
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Joe Stringer <joe@ovn.org>
Nithin Raju [Wed, 25 Nov 2015 20:00:58 +0000 (12:00 -0800)]
datapath-windows: Fix HvUpdateNic() to handle name changes
If the name of an internal or external NIC changes, we need to
disconnect the NIC from OVS since the name is the key. In this
change, we generate a link down event. It is as though we got a
call to HvDisconnectNic() for the old name and got a HvConnectNic()
for the new name.
Also, HvCreateNic() has been cleaned up to remove the code to look
for existing vport. We won't have a vport now since we'd have deleted
the vport in HvDeleteNic().
Nithin Raju [Wed, 25 Nov 2015 20:00:57 +0000 (12:00 -0800)]
datapath-windows: cleanup AssignNicNameSpecial()
AssignNicNameSpecial() needed to be called outside of a lock and was
moved out in a previous change. But, it was accessing vport structure
outside of the lock which isn't safe. In this change, we take care of
that.
I tried to trigger a call to HvUpdateNic() by renaming the interface
from the GUI and didn't see any callback. Other changes are tested.
Nithin Raju [Wed, 25 Nov 2015 20:00:55 +0000 (12:00 -0800)]
datapath-windows: cleanup events code
Turns out that we don't need to generate an event is practically
useful only in case of a port disconnect to let userspace know.
Hence, this event is being posted from HvDisconnectNic().
In case of a new port appearing, it seems that userspace is not
interested in a new port unless it was added by userspace itself.
In my tests, userspce would end up deleting the port when it got
a new port notification, despite the port existing in OVSDB.
The reasoning seems simple enough:
- On Linux, OVS is integrated with the hypervisor (libvirt for eg)
and a port (ie. netdev) gets created in the Linux kernel and then
get added to OVSDB. When vswitchd picks up the port addition in OVSDB,
it adds the port in the OVS kernel DP.
- If the kernel netdev does not exist while OVS userspace tries to
create the port in OVS kernel DP, port addition fails. Moreover, the
only way to re-add the port is to trigger userspace to re-add the port
by deleting the port in OVSDB and re-adding it.
With this patch, I have verified that if a VIF gets disconnected on the
Hyper-V switch, it disappears from the OVS kernel DP as well.
Nithin Raju [Wed, 25 Nov 2015 20:00:54 +0000 (12:00 -0800)]
datapath-windows: cleanup InitHvVportCommon()
The workflow being implemented is that, we need to assign a special
name to the internal and external NICs, and it it not necessary to do
that from InitHvVportCommon(). The purpose of InitHvVportCommon() is to
insert the vport into the hash tables and update the switch context.
We special case the name assignment in HvCreateNIC() for
internal and external NICs. That seems more meaningful.
Also, reused HvCreatePort() to allocate a Vport for each of the external
NICs with NicIndex != 0. Due to this HvCreatePort() now takes 'nicIndex'
as an additional parameter.
Renamed InitHvVportCommon() to UpdateSwitchCtxWithVport().
Nithin Raju [Wed, 25 Nov 2015 20:00:53 +0000 (12:00 -0800)]
datapath-windows: refactor port enumeration code
We already have functions HvCreatePort() and HvCreateNic() to
do the work. Might as well use that during port enumeration.
More refactoring in later patches.
Ben Pfaff [Wed, 25 Nov 2015 16:15:04 +0000 (08:15 -0800)]
ofproto: Correctly reject duplicate bucket ID for OFPGC_INSERT_BUCKET.
Otherwise duplicate bucket IDs cause linked list loops and other nastiness
because the ofputil_bucket_find() in the OFPG15_BUCKET_LAST case later in
copy_buckets_for_insert_bucket() will find the new bucket instead of the
old one and the list_splice() call becomes nonsensical.
Reported-by: Ray Li <rayli1107@gmail.com>
Reported-at: http://openvswitch.org/pipermail/discuss/2015-September/018731.html Signed-off-by: Ben Pfaff <blp@ovn.org> Reviewed-by: Simon Horman <simon.horman@netronome.com>
stream-ssl: Replace client CA list instead of adding to it.
SSL_CTX_add_client_CA() appends to the client CA list without replacing any
already on the list, and furthermore wastes memory if the certificate in
the file is already on the list. This commit thus fixes an effective
memory leak.
Signed-off-by: YongQiangLiu <liu.liuyongqiang@huawei.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Joe Stringer [Sat, 7 Nov 2015 20:00:00 +0000 (12:00 -0800)]
system-traffic: Add internal port conntrack tests.
Add an additional test that ensures that when receiving packets from
internal ports that reside in a foreign namespace, the conntrack
information is not populated in the flow.
Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Joe Stringer [Sat, 7 Nov 2015 19:59:58 +0000 (11:59 -0800)]
system-traffic: Remove netcat from ICMP test.
Netcat is different on each platform I tried (Debian, Ubuntu, RHEL),
so rather than handling version differences it's better to just do the
same test with some hardcoded packets.
Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Jarno Rajahalme [Tue, 24 Nov 2015 21:33:22 +0000 (13:33 -0800)]
system-tests: Use '--bundle'
Use OpenFlow bundles for setting up flow tables. This has the benefit
that when debugging test failures, no packet gets processed by
partially set-up flow table, which may seem confusing.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>