There is no default value for the tunnel TTL, so it must be
specified when setting up a new flow. However, the flow rejection
log message indicates that the TTL must be non-zero, which is not
true.
CC: Andy Zhou <azhou@nicira.com> Signed-off-by: Jesse Gross <jesse@nicira.com>
datapath: Always include tunnel TTL in serialized Netlink attributes.
There is no default value for the tunnel TTL so it must always be
included in flow keys sent from userspace to kernel. The kernel
should also respect this convertion when sending flows to userspace
by always including the TTL in tunnel flows.
CC: Andy Zhou <azhou@nicira.com> Signed-off-by: Jesse Gross <jesse@nicira.com>
datapath: Use DP_MAX_PORTS when no IN_PORT attribute is present.
To indicate that a flow is not associated with any particular in port,
userspace may omit the IN_PORT attribute, which the kernel translates
internally to the special value DP_MAX_PORTS. After the megaflows
changes, this was no longer being done, resulting in it using port 0
(the internal port).
This also adopts a wildcarding scheme similar to 802.2 packets where
a mask can be specified for this non-existent key attribute but it
must either be completely wildcarded or completely exact match.
CC: Andy Zhou <azhou@nicira.com> Signed-off-by: Jesse Gross <jesse@nicira.com>
Ben Pfaff [Mon, 8 Jul 2013 17:47:37 +0000 (10:47 -0700)]
ovs-vsctl: Fix behavioral regression for "--if-exists del-port <bridge>".
Commit 89f3c258fe (ovs-vsctl: Improve error message for "ovs-vsctl del-port
<bridge>".) changed the behavior of
ovs-vsctl --if-exists del-port <bridge>
from a silent no-op to a hard failure. This commit fixes this regression.
This caused problems on XenServer, for which the Open vSwitch integration
runs commands like:
/usr/bin/ovs-vsctl --timeout=20 \
-- --with-iface --if-exists del-port xapi103 \
-- --if-exists del-br xapi103
Bug #18276. Reported-by: Michael Hu <mhu@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Ethan Jackson [Sun, 7 Jul 2013 01:55:45 +0000 (18:55 -0700)]
utilities: New helper script ovs-dev.py.
ovs-dev.py is a script I've written to help perform common tasks
necessary for developing Open vSwitch. It allows a developer to
configure, build, and run the switch with a minimum of effort or
knowledge of the various idiosyncrasies involved.
Thomas Graf [Tue, 9 Jul 2013 18:36:57 +0000 (20:36 +0200)]
datapath: rhel: Move RHEL OVS hook registration to netdev_rx_handler_register() backport
Moves the registration of the RHEL specific OVS hook to the compat
backport of netdev_rx_handler_register(). This moves the hook
unregistration from the RCU callback to the netdev_destroy()
callback directly.
This is purely cosmetic though, the RHEL hook is only used if the
IFF_OVS_DATAPATH flag is present which was removed under RTNL
protection before the RCU callback.
Signed-off-by: Thomas Graf <tgraf@redhat.com> Signed-off-by: Jesse Gross <jesse@nicira.com>
Ethan Jackson [Thu, 2 May 2013 22:22:19 +0000 (15:22 -0700)]
ofproto-dpif: Remove pointers between rules and facets.
Before this patch, facets maintained a pointer to the first rule
used when translating their actions, and rules maintained a pointer
to those facets. This made sense before the resubmit actions which
each facet used precisely one rule. However, today a facet may
require many rules to translate, and therefore it makes no
conceptual sense to designate one as the "owning rule".
Furthermore, as Open vSwitch becomes multithreaded, maintaining a
facet's rule pointer will become more difficult. One thread will
do the action translation, while another will maintain the facets.
During the hand-off between these threads, it's possible the
"owning rule" will expire leaving us with a stale pointer.
This patch does have a disadvantage, Pushing a facet's statistics
will become slightly less efficient as it will involve an
additional classifier lookup. We can revisit this issue once
multithreading is complete, but I suspect there's much lower
hanging fruit to worry about.
Ethan Jackson [Fri, 14 Jun 2013 01:38:24 +0000 (18:38 -0700)]
ofproto-dpif: Modularize ofproto-dpif-xlate.
This patch modularizes ofproto-dpif-xlate by disentangling it from
ofproto-dpif. Instead of poking around in ofproto-dpif's internal
data structures, ofproto-dpif-xlate is updated with a simple API
which can easily be made thread safe. There are still some places
where ofproto-dpif-xlate needs to call into ofproto-dpif, but this
patch makes significant progress towards the final goal.
Signed-off-by: Ethan Jackson <ethan@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Ethan Jackson [Thu, 20 Jun 2013 20:00:27 +0000 (13:00 -0700)]
ofproto-dpif: Modularize mirror code.
This code modularizes ofproto-dpif's mirror code by moving it to
ofproto-dpif-mirror. Not only does this shorten ofproto-dpif and
hide complexity, but its also necessary for future patches which
modularize ofproto-dpif-xlate in preparation for multi-threading.
Signed-off-by: Ethan Jackson <ethan@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Ethan Jackson [Thu, 20 Jun 2013 01:51:28 +0000 (18:51 -0700)]
ofproto-dpif: Handle dest mirrors in compose_output_action().
Before this patch, the mirroring code would retroactively insert
actions for destination mirrors after actions were translated.
This relied on converting datapath output actions into ofports
which doesn't work for tunnels and patch ports. This patch
refactors the code to handle destination mirrors at output.
Signed-off-by: Ethan Jackson <ethan@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Ethan Jackson [Wed, 19 Jun 2013 21:40:21 +0000 (14:40 -0700)]
lacp: Handle unknown slaves in lacp_process_packet().
In future patches, ofproto-dpif-xlate may be temporarily out of
sync with ofproto-dpif proper, and pass an unknown ofport to
lacp_process_packet(). This patch handles that edge case
gracefully.
Signed-off-by: Ethan Jackson <ethan@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
bitmap: Fix bitmap_allocate1() bug when n_bits is a multiple of 32.
In function bitmap_allocate1(), the last "unsigned long" in bitmap was
set to all 0-bits when (n_bits % BITMAP_ULONG_BITS == 0). This commit
correctly sets it to all 1-bits.
Signed-off-by: ZhengLingyun <konghuarukhr@163.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Pavithra Ramesh [Sat, 29 Jun 2013 10:09:02 +0000 (10:09 +0000)]
BFD: Add forwarding_override command for BFD.
Added appctl commands to override the bfd forwarding status. Values
of true/false/normal are allowed. When set to normal, the bfd
forwarding status is left unchanged. Else, the forwarding status is
set to the specified value - true/false.
Signed-off-by: Pavithra Ramesh <paramesh@vmware.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Acked-by: Ethan Jackson <ethan@nicira.com>
Ben Pfaff [Mon, 8 Jul 2013 17:15:00 +0000 (10:15 -0700)]
ofp-parse: Do not exit() upon a parse error.
Until now, failure to parse a flow in the ofp-parse module has caused the
program to abort immediately with a fatal error. This makes it hard to
use these functions from any long-lived program. This commit fixes the
problem.
Andy Zhou [Wed, 3 Jul 2013 16:18:27 +0000 (09:18 -0700)]
datapath: add netlink error message to help kernel userspace integration.
When kernel rejects a netlink message, it usually returns EINVAL
error code to the userspace. The actual reason for rejecting the
netlinke message is not available, making it harder to debug netlink
issues. This patch adds kernel log messages whenever a netlink message
is rejected with reasons. Those messages are logged at the info level.
Those messages are logged only once per message, to keep kernel log noise
level down. Reload the kernel module to re-enable already logged
messages.
The messages are meant to help developers to debug userspace and kernel
intergration issues. The actual message may change or be removed over time.
These messages are not expected to show up in a production environment.
Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Jesse Gross <jesse@nicira.com>
odp-util: Always encode mask of 0xffff for dl_type < ETH_TYPE_MIN.
For non-Ethernet II packets, we don't set an EtherType netlink attribute
and set the Ethertype mask attribute to 0xffff. The code was encoding
whatever mask was passed in, which could lead to bugs if the caller
didn't know the userspace-kernel interface.
Found by inspection.
Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
Andy Zhou [Tue, 2 Jul 2013 22:58:19 +0000 (15:58 -0700)]
datapath: Fix tunnel source port selection for mega flow
Tunnel source port selection was based on hash value cached in the
flow. This no longer works with mega flow, since all flows matching
a mega flow will be transmitted with the same tunnel source port.
This patch computes the tunnel source port at run time based on each
incoming packet. Packets belong to the same micro flow would still get
the same source port, but multiple micro flows hitting the same mega flow
can get different source ports.
Packets injected from the usespace will be assigned to the same
source port as if they are forwarded in the kernel.
Bug #18216
Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Jesse Gross <jesse@nicira.com>
> commit 10a89ef04df5669c5cdd02f786150a7ab8454e01
> Author: Ben Pfaff <blp@nicira.com>
> Date: Mon Jun 24 10:54:49 2013 -0700
>
> Replace all uses of strerror() by ovs_strerror(), for thread safety.
>
> Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Sat, 29 Jun 2013 15:18:54 +0000 (08:18 -0700)]
test-atomic: Drop atomic read-modify-write tests for the moment.
XenServer builds are failing because of link errors reporting that
__sync_fetch_and_<op>_<size> were not found, for <op> in add/sub/and/xor/or
and <size> in 1/2/4/8. We're not actually using these RMW operations yet,
so as a stopgap measure just drop the tests.
The correct long-term fix is probably to do Autoconf linkage tests for
these operations instead of just testing the GCC version (if we really need
the operations at all).
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Ethan Jackson <ethan@nicira.com>
Justin Pettit [Sat, 29 Jun 2013 00:13:50 +0000 (17:13 -0700)]
ofproto-dpif: Add ability to disable megaflows.
Add new "dpif/disable-megaflows" and "dpif/enable-megaflows" commands to
ovs-appctl to disable and enable megaflows, respectively. By default,
megaflows are enabled, and these commands should only be used for
debugging.
Ben Pfaff [Tue, 25 Jun 2013 16:22:11 +0000 (09:22 -0700)]
Use random_*() instead of rand(), for thread safety.
None of these test programs are threaded, but has little cost and means
that "grep" doesn't turn up any instances of these thread-unsafe functions
in our tree.
Ben Pfaff [Wed, 19 Jun 2013 18:21:47 +0000 (11:21 -0700)]
ovs-thread: Add support for convenient once-only initializers.
pthread_once() is portable but it does not allow passing any parameters to
the initialization function, which is often inconvenient, because it means
that the function can only access data declared at file scope. This commit
introduces an alternative with a more convenient interface.
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Ethan Jackson <ethan@nicira.com>
Ethan Jackson [Tue, 18 Jun 2013 22:24:33 +0000 (15:24 -0700)]
tunnel: Hide 'struct tnl_port' internally.
This simplifies the tunnel module's interface and prevents us from
having to sync 'struct tnl_port' once ofproto-dpif and
ofproto-dpif-xlate are disentangled.
Signed-off-by: Ethan Jackson <ethan@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Jesse Gross [Tue, 25 Jun 2013 19:27:13 +0000 (12:27 -0700)]
datapath: Resolve external module dependencies.
The Open vSwitch kernel module now has dependencies on symbols
exported by other kernel modules (currently just for GRE). In
order for it to load, the dependencies must be correctly resolved
ahead of time. This runs depmod as part of the module installation
process and updates the installation instructions.
Jarno Rajahalme [Fri, 28 Jun 2013 16:44:03 +0000 (19:44 +0300)]
Fix table checking for goto table instruction.
Usually the table id in flow mods is 255, which means that goto table
instruction cannot be checked before the table is picked (for flow add),
or the rules to be modified are found (flow mod).
Move goto table checking from decode (ofp-util) to actions checking
(ofp-actions), and postpone the action checking until the table in
which the actions are added is known.
This fixes OFPBRC_BAD_TABLE_ID errors for flow adds that specify the table
id as 255, and have a goto table instruction.
Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Fri, 28 Jun 2013 17:06:58 +0000 (10:06 -0700)]
ofp-util: OpenFlow 1.0 can match IPv6 Ethertype even though not L3 or L4.
OpenFlow 1.0 can match on flows that have the IPv6 Ethertype, but
ofputil_usable_protocols() incorrectly reported that such a match required
NXM or OXM. This commit fixes the problem.
Also, add some related tests.
Reported-by: Nagi Reddy Jonnala <njonnala@Brocade.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Andy Zhou [Fri, 28 Jun 2013 05:02:58 +0000 (22:02 -0700)]
ovs-dpctl: Fix mega flow output
ovs-dpctl sometimes displays wildcarded fields as exact match. This
patch fixes those cases.
This patch implements the following logic. When OVS_FLOW_ATTR_MASK is
missing, the entire key attributes will be displayed as exact match fields.
When OVS_FLOW_ATTR_MASK is present, but some individual key attributes do
not have matching attributes in the mask, those key attributes will be
displayed as wildcarded fields.
Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Justin Pettit [Wed, 26 Jun 2013 23:37:16 +0000 (16:37 -0700)]
flow: Only un-wildcard relevant IP headers.
When determining the fields to un-wildcard, we need to be careful
about only un-wildcarding fields that are relevant. Also, we
didn't properly handle IPv6 addresses.
Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ethan Jackson <ethan@nicira.com>
Justin Pettit [Fri, 28 Jun 2013 00:57:57 +0000 (17:57 -0700)]
odp-util: Fix converting masked VLAN from flow.
When converting the VLAN from a flow to an ODP key, the processing logic
would always store the VLAN ethertype. However, when handling a mask,
it should be a mask, not an ethertype. And since we don't support
bit-wise masking of the ethertype, just make it an exact-match mask.
Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ethan Jackson <ethan@nicira.com>
Ethan Jackson [Wed, 19 Jun 2013 21:34:35 +0000 (14:34 -0700)]
bond: Handle unknown slaves in bond_check_admissibility().
In future patches, ofproto-dpif-xlate may be temporarily out of
sync with ofproto-dpif and pass a non-bonded ofport into
bond_check_admissibility(). This patch handles that edge case
gracefully.
Signed-off-by: Ethan Jackson <ethan@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Wed, 26 Jun 2013 21:44:39 +0000 (14:44 -0700)]
ofproto-dpif: Refactor checking for in-band special case.
The comments on in_band_rule_check() were more or less wrong (the return
value was no longer used to determine whether a flow could be set up).
This commit fixes the comments and refactors the interface to make better
sense in the current context.
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Ethan Jackson <ethan@nicira.com>
Ethan Jackson [Sat, 22 Jun 2013 17:48:42 +0000 (10:48 -0700)]
connmgr: Remove connmgr_must_output_local().
connmgr_must_output_local() requires a 'struct connmgr' handle,
when in principle, it should simply be enough to know whether or
not in_band is enabled. Breaking this up will allow
ofproto-dpif-xlate to disentangle itself from ofproto-dpif in future
patches.
Signed-off-by: Ethan Jackson <ethan@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Ethan Jackson [Sat, 22 Jun 2013 20:21:39 +0000 (13:21 -0700)]
ofproto-dpif: Remove 'has_bundle_action'.
It requires ofproto-dpif-xlate to poke into 'struct ofproto-dpif'
which won't be allowed in future patches. It's also a case of
premature optimization.
Signed-off-by: Ethan Jackson <ethan@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Jesse Gross [Mon, 24 Jun 2013 22:02:18 +0000 (15:02 -0700)]
datapath: Make GRE support conditional on CONFIG_NET_IPGRE_DEMUX.
Now that GRE support has been upstreamed into Linux, OVS is
using the components in the native kernel when available. However,
this means that it is now dependent on the appropriate kernel
config, which is CONFIG_NET_IPGRE_DEMUX on 2.6.37 and later.
Reported-by: Ben Pfaff <blp@nicira.com> Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
Justin Pettit [Thu, 27 Jun 2013 20:42:14 +0000 (13:42 -0700)]
datapath: Convert IPv6 TCP and UDP port netlink attributes properly.
The code that converts netlink attributes to a flow match always
stored TCP and UDP ports in the IPv4 structure. This commit
properly puts TCP and UDP traffic into appropriate IPv4 and IPv6
structures.
Swap places of OFPRR_METER_DELETE and OFPRR_EVICTION in enumeration to be
compatible with OpenFlow 1.4.
Prior to OpenFlow 1.4 OFPRR_EVICTION was a Nicira specific flow removal reason
code. OpenFlow 1.3 added support for meters, which require dependent flow
removal when meters are deleted. The reason code for this is also added in
OpenFlow 1.4, but OFPRR_METER_DELETE now has the value OVS previously had for
OFPRR_EVICTION.
Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
ovsdb-server: Make database name mandatory when specifying db paths.
Currently, if we have just one database, we can optionally skip the
database name when providing the DB path for certain options (ex:
--remote=db:[db,]table,column). But in case we have multiple databases,
it is mandatory.
With this commit, we make the database name mandatory. This provides
increased flexibility for an upcoming commit that provides the ability
to add and remove databases during run time.
Feature #14595. Acked-by: Ben Pfaff <blp@nicira.com> Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
ovsdb-server: Store databases in shash instead of array.
An upcoming commit provides the ability to add and remove databases.
Having the databases in a shash instead of an array makes it easier
to add and remove databases.
Feature #14595. Acked-by: Ben Pfaff <blp@nicira.com> Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
This adds support for specifying flow miss handling behaviour at
runtime, through a new "other-config" option in the Open_vSwitch table.
This takes precedence over flow-eviction-threshold.
By default, the behaviour is the same as before. If force-miss-model is
set to 'with-facets', then flow miss handling will always result in the
creation of new facets and flow-eviction-threshold will be ignored. If
force-miss-model is set to 'without-facets', then flow miss handling will never
result in the creation of new facets (effectively the same as setting the
flow-eviction-threshold to 0, which is not currently configurable).
We intend to use this configuration option in the testsuite to force
particular code paths to be used, allowing us to improve test coverage.
Signed-off-by: Joe Stringer <joe@wand.net.nz> Signed-off-by: Ben Pfaff <blp@nicira.com>
Justin Pettit [Tue, 25 Jun 2013 23:40:50 +0000 (16:40 -0700)]
tunnel: Only un-wildcard the ECN bits for IP traffic.
With tunnels carrying IP packets, ECN bits are always inherited by
the encapsulating tunnel. However, it doesn't make sense to
unwildcard the inner packet's TOS fields if the packet is not IP.
Ben Pfaff [Tue, 25 Jun 2013 20:50:26 +0000 (13:50 -0700)]
ovs-thread: Add per-thread data support.
POSIX defines a portable pthread_key_t API for per-thread data. GCC and
C11 have two different forms of per-thread data that are generally faster
than the POSIX API, where they are available. This commit adds a
macro-based wrapper, DEFINE_PER_THREAD_DATA, that takes advantage of these
features where they are available and falls back to the POSIX API
otherwise.
The Clang compiler implements C11 thread_local in its <threads.h>.
This commit also adds a convenience wrapper for the POSIX API, via the
DEFINE_PER_THREAD_MALLOCED_DATA macro.
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Ethan Jackson <ethan@nicira.com>