Ilya Maximets [Thu, 15 Jun 2017 11:57:30 +0000 (14:57 +0300)]
checkpatch: Fix skipping of the most recent commit.
'range(n_patches, 0, -1)' generates list starting from 'n_patches'
and not including zero. This leads to checking of N most recent
commits starting from the second one.
New version will generate right list starting from 'n_patches - 1'
and including zero. So, the most recent commit (HEAD~0) will be
checked and desired behavior will be achieved.
Also, 'reversed' looks better than 'range(n_patches - 1, -1, -1)'
Fixes: a1fccabce2cb ("checkpatch: Support checking recent commits in the current repo.") Signed-off-by: Ilya Maximets <i.maximets@samsung.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Paul Blakey [Tue, 13 Jun 2017 15:03:51 +0000 (18:03 +0300)]
tests: Add system-offloads-testsuite
The new system-offloads-testsuite, which can be launched via
`make check-offloads`, tests offloading capabilities
to makes sure that certian flows are actually offloaded.
The tests run on virtual netdevices (VETH).
Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Acked-by: Flavio Leitner <fbl@sysclose.org> Signed-off-by: Simon Horman <simon.horman@netronome.com>
Paul Blakey [Tue, 13 Jun 2017 15:03:46 +0000 (18:03 +0300)]
netdev-vport: Use common offloads interface
netdev vports are backed by actualy netdev at the kernel
level, so they can use the common netdev-tc offloads interface
for flow offloading (if enabled).
Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Acked-by: Flavio Leitner <fbl@sysclose.org> Signed-off-by: Simon Horman <simon.horman@netronome.com>
Paul Blakey [Tue, 13 Jun 2017 15:03:44 +0000 (18:03 +0300)]
netdev-tc-offloads: Implement flow get using tc interface
Search the requested ufid for a offloaded flow, and if found,
dump and parse it back to required format.
Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Reviewed-by: Simon Horman <simon.horman@netronome.com> Acked-by: Flavio Leitner <fbl@sysclose.org> Signed-off-by: Simon Horman <simon.horman@netronome.com>
Paul Blakey [Tue, 13 Jun 2017 15:03:38 +0000 (18:03 +0300)]
dpif-netlink: Use netdev flow put api to insert a flow
Using the new netdev flow api operate will now try and
offload flows to the relevant netdev of the input port.
Other operate methods flows will come in later patches.
Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Acked-by: Flavio Leitner <fbl@sysclose.org> Signed-off-by: Simon Horman <simon.horman@netronome.com>
Paul Blakey [Tue, 13 Jun 2017 15:03:35 +0000 (18:03 +0300)]
netdev-tc-offloads: Add ufid to tc/netdev map
Flows offloaded to tc are identified by priority
and handle pair while OVS flows are identified by ufid.
Added a hash map to convert between the two for later
retrieval and deleting of offloaded flows.
Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Acked-by: Flavio Leitner <fbl@sysclose.org> Signed-off-by: Simon Horman <simon.horman@netronome.com>
Paul Blakey [Tue, 13 Jun 2017 15:03:31 +0000 (18:03 +0300)]
dpif: Save added ports in a port map for netdev flow api use
To use netdev flow offloading api, dpifs needs to iterate over
added ports. This addition inserts the added dpif ports in a hash map,
The map will also be used to translate dpif ports to netdevs.
Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Acked-by: Flavio Leitner <fbl@sysclose.org> Signed-off-by: Simon Horman <simon.horman@netronome.com>
Paul Blakey [Tue, 13 Jun 2017 15:03:30 +0000 (18:03 +0300)]
other-config: Add tc-policy switch to control tc flower flag
Add a new configuration tc-policy option that controls tc
flower flag. Possible options are none, skip_sw, skip_hw.
The default is none which is to insert the rule both to sw and hw.
This option is only relevant if hw-offload is enabled.
Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Acked-by: Flavio Leitner <fbl@sysclose.org> Signed-off-by: Simon Horman <simon.horman@netronome.com>
Santosh Shukla [Mon, 12 Jun 2017 14:38:18 +0000 (14:38 +0000)]
netdev-dpdk: round up mbuf_size to cache_line_size
Some pmd driver(e.g: vNIC thunderx PMD) want mbuf_size to be multiple of
cache_line_size. With out this fix, Netdev-dpdk initialization would
fail for those PMD.
Signed-off-by: Santosh Shukla <santosh.shukla@caviumnetworks.com> Acked-by: Mark Kavanagh <mark.b.kavanagh@intel.com> Tested-by: Mark Kavanagh <mark.b.kavanagh@intel.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Ian Stokes <ian.stokes@intel.com>
Ben Warren [Thu, 8 Jun 2017 20:47:02 +0000 (13:47 -0700)]
Debian: Rework libopenvswitch packages
The 'openvswitch-common' package did not work well with cross-compiling
since it required Python. This package is broken into two packages as
follows:
- libopenvwitch: contains library files (.a, .so)
- openvswitch-common: depends on libopenvswitch, contains command-line
tools such as ovs-ofctl, ovs-appctl etc.
In addition, this 'openvswitch-dev' library is renamed to
'libopenvswitch-dev' to align more closely with Debian policy. It
depends on libopenvswitch.
Signed-off-by: Ben Warren <ben@skyportsystems.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Wed, 14 Jun 2017 16:07:45 +0000 (09:07 -0700)]
netlink: Introduce helpers for 128-bit integer attributes.
Use the helpers in appropriate places. In most cases, this fixes a
misaligned reference, since ovs_be128 and ovs_u128 require 8-byte alignment
but Netlink only guarantees 4-byte.
Ben Pfaff [Tue, 13 Jun 2017 23:04:29 +0000 (16:04 -0700)]
ovs-ofctl: Avoid read overrun in ofperr_decode_msg().
vconn_add_bundle_error() was keeping at most 64 bytes of an OpenFlow
error message, then it was passing it to ofperr_decode_msg(), which assumed
that the full message was available. This led to a buffer overread.
There's no good reason why it was only keeping the first 64 bytes, so this
commit changes it to keep the whole error message, sidestepping the
problem.
struct vconn_bundle_error only existed for this special case, so remove it
in favor of a chain of ofpbufs.
Paul Blakey [Tue, 13 Jun 2017 15:03:29 +0000 (18:03 +0300)]
other-config: Add hw-offload switch to control netdev flow offloading
Add a new configuration option - hw-offload that enables netdev
flow api. Enabling this option will allow offloading flows
using netdev implementation instead of the kernel datapath.
This configuration option defaults to false - disabled.
Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Acked-by: Flavio Leitner <fbl@sysclose.org> Signed-off-by: Simon Horman <simon.horman@netronome.com>
Paul Blakey [Tue, 13 Jun 2017 15:03:28 +0000 (18:03 +0300)]
netdev: Adding a new netdev API to be used for offloading flows
Add a new API interface for offloading dpif flows to netdev.
The API consist on the following:
flow_put - offload a new flow
flow_get - query an offloaded flow
flow_del - delete an offloaded flow
flow_flush - flush all offloaded flows
flow_dump_* - dump all offloaded flows
In upcoming commits we will introduce an implementation of this
API for netdev-linux.
Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Acked-by: Flavio Leitner <fbl@sysclose.org> Signed-off-by: Simon Horman <simon.horman@netronome.com>
Roi Dayan [Tue, 13 Jun 2017 15:03:27 +0000 (18:03 +0300)]
tc: Add tc flower functions
Add tc helper functions to query and manipulate the flower classifier.
Signed-off-by: Paul Blakey <paulb@mellanox.com> Co-authored-by: Roi Dayan <roid@mellanox.com> Signed-off-by: Roi Dayan <roid@mellanox.com> Acked-by: Flavio Leitner <fbl@sysclose.org> Signed-off-by: Simon Horman <simon.horman@netronome.com>
Paul Blakey [Tue, 13 Jun 2017 15:03:24 +0000 (18:03 +0300)]
tc: Introduce tc module
Add tc module to expose tc operations to be used by other modules.
Move some tc related functions from netdev-linux.c to tc.c
This patch doesn't change any functionality.
Signed-off-by: Paul Blakey <paulb@mellanox.com> Co-authored-by: Roi Dayan <roid@mellanox.com> Signed-off-by: Roi Dayan <roid@mellanox.com> Acked-by: Joe Stringer <joe@ovn.org> Acked-by: Flavio Leitner <fbl@sysclose.org> Signed-off-by: Simon Horman <simon.horman@netronome.com>
Roi Dayan [Tue, 13 Jun 2017 15:03:23 +0000 (18:03 +0300)]
netdev-linux: Refactor two tc functions
Refactor tc_make_request and tc_add_del_ingress_qdisc to accept
ifindex instead of netdev struct.
We later want to move those outside netdev-linux module to be
used by other modules.
This patch doesn't change any functionality.
Signed-off-by: Roi Dayan <roid@mellanox.com> Co-authored-by: Paul Blakey <paulb@mellanox.com> Signed-off-by: Paul Blakey <paulb@mellanox.com> Acked-by: Joe Stringer <joe@ovn.org> Acked-by: Flavio Leitner <fbl@sysclose.org> Signed-off-by: Simon Horman <simon.horman@netronome.com>
Lance Richardson [Tue, 13 Jun 2017 17:51:06 +0000 (13:51 -0400)]
sandbox: disable ssl for backup ovn southbound db
Since the sandbox environment was changed to enable SSL usage for
OVN_Southbound connections, the backup southbound server emits
the log message "socket_util|ERR|6642: bind: Address already in use"
every 2.5 seconds.
Fix by configuring the backup db server to not use remote configuration
from the database (the unix: socket can still be used, as was the
case before SSL was enabled).
Fixes: 0ced2a5c5e47 ("sandbox: use ssl for ovn-controller to sb db connection") Signed-off-by: Lance Richardson <lrichard@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Darrell Ball [Tue, 13 Jun 2017 14:46:29 +0000 (07:46 -0700)]
conntrack: Reset nat_info in un_nat conns.
Un-nat conns have no nat_info as do default conns.
However, un-nat conns are originally templated from the
corresponding default conns and therefore need to
have their nat_info explicitly nulled. This
otherwise exposes a double free if conntrack_destroy()
were to be used to destroy the connection tracker. This
would apply to cleaning the datapath after testing.
Fixes: 286de2729955 ("dpdk: Userspace Datapath: Introduce NAT Support.") Signed-off-by: Darrell Ball <dlu998@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Greg Rose <gvrose8192@gmail.com>
Aaron Conole [Tue, 13 Jun 2017 18:26:03 +0000 (14:26 -0400)]
redhat: make the rpm aware of the lock file
Currently, the db lockfile will cause the openvswitch directory to
linger after uninstall because the rpm database isn't aware that it
should be treated as part of the system. This commit informs the rpmdb
properly as a 'ghost' so that when the package is uninstalled, it will
be removed automatically. This means that if no extra files exist in
/etc/openvswitch, the whole directory will be removed from /etc/.
When __SSE4_2__ && __x86_64__, it is declared as:
static inline uint32_t hash_finish(uint64_t hash, uint64_t final)
A recent commit added an unneeded prototype in the first form, which caused
an error due to the redeclaration of a different type when the second form
was actually used. This removes the prototype, fixing the problem.
It may not be a great idea to have two different forms for this function,
but it's long standing and so I don't want to change it immediately without
proper consideration.
Reported-by: "Fischetti, Antonio" <antonio.fischetti@intel.com> Fixes: 67702b79d845 ("hash: New helper functions for adding words in a buffer to a hash.") Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Darrell Ball <dlu998@gmail.com>
Ben Pfaff [Tue, 13 Jun 2017 04:51:14 +0000 (21:51 -0700)]
byte-order: Fix undefined behavior of BYTES_TO_BE32.
A left shift that would produce a result that is not representable
by the type of the expression's result has "undefined behavior"
according to the C language standard. Avoid this by casting values
that could set the upper bit to unsigned types.
Also document and convert a macro to a function.
While we're at it, delete the unused macro BE16S_TO_BE32.
Flavio Leitner [Fri, 9 Jun 2017 15:58:57 +0000 (12:58 -0300)]
testsuite: exit gracefully if it fails.
The daemon is killed leaving resources behind when a test fails.
This fixes to first signal the daemon to exit gracefully.
Fixes: 0f28164be02ac ("netdev-linux: make tap devices persistent") Suggested-by: Joe Stringer <joe@ovn.org> Co-authored-by: Ben Pfaff <blp@ovn.org> Signed-off-by: Flavio Leitner <fbl@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Joe Stringer <joe@ovn.org>
windows-datapath: Temporary workaround checksum issue with NAT
There is a known bug with NAT where checksum computation is wrong on
the RX path if offload is enabled. This patch works around the problem
by always computing a software checksum and should be reverted once
we figure out the root cause of checksum error.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com> Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Ben Pfaff [Mon, 12 Jun 2017 15:35:48 +0000 (08:35 -0700)]
ofp-actions: Properly interpret "output:in_port".
It was being misinterpreted as output:NXM_OF_IN_PORT[]. This
interpretation is incorrect because of OpenFlow rules that say that only
the special form generated by output:in_port (or "in_port" on its own)
actually outputs to the input port. The interpretation here was a no-op.
Fixes: 21b2fa617126 ("ofp-parse: Allow match field names in actions and brackets in matches.") Reported-by: nickcooper-zhangtonghao <nic@opencloud.tech> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Jarno Rajahalme <jarno@ovn.org> Signed-off-by: Ben Pfaff <blp@ovn.org>
Aaron Conole [Thu, 8 Jun 2017 20:41:32 +0000 (16:41 -0400)]
dpdk: Deprecate vhost-user server ports.
Since vhost-user server mode ports are the preferred mechanism for
interconnecting Open vSwitch with VMs when using DPDK, and since there
are currently no known use cases for vhost-user server mode ports apart
from version incompatibilities with QEMU, announce that server mode ports
are considered deprecated and will be removed in a future release.
Cc: Ciara Loftus <ciara.loftus@intel.com> Cc: Kevin Traynor <ktraynor@redhat.com> Suggested-by: Darrell Ball <dball@vmware.com> Signed-off-by: Aaron Conole <aconole@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Darrell Ball <dlu998@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
This patch is useful to debug rstp subsystem and log the
port name instead of port number. This patch will also
be used to display rstp info for next patches.
Lance Richardson [Wed, 31 May 2017 23:04:32 +0000 (19:04 -0400)]
ovsdb: add support for role-based access controls
Add suport for ovsdb RBAC (role-based access control). This includes:
- Support for "RBAC_Role" table. A db schema containing a table
by this name will enable role-based access controls using
this table for RBAC role configuration.
The "RBAC_Role" table has one row per role, with each row having a
"name" column (role name) and a "permissions" column (map of
table name to UUID of row in separate permission table.) The
permission table has one row per access control configuration,
with the following columns:
"name" - name of table to which this row applies
"authorization" - set of column names and column:key pairs
to be compared against client ID to
determine authorization status
"insert_delete" - boolean, true if insertions and
authorized deletions are allowed.
"update" - Set of columns and column:key pairs for
which authorized updates are allowed.
- Support for a new "role" column in the remote configuration
table.
- Logic for applying the RBAC role and permission tables, in
combination with session role from the remote connection table
and client id, to determine whether operations modifying database
contents should be permitted.
- Support for specifying RBAC role string as a command-line option
to ovsdb-tool (Ben Pfaff).
Signed-off-by: Lance Richardson <lrichard@redhat.com> Co-authored-by: Ben Pfaff <blp@ovn.org> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Tue, 6 Jun 2017 15:39:34 +0000 (08:39 -0700)]
checkpatch: Also allow .at files to have leading tabs.
Autotest .at files often have lines with samples of expected output from
various programs, which fairly often includes leading tabs, so this warning
causes false positives there.
Signed-off-by: Ben Pfaff <blp@ovn.org> Reviewed-by: Aaron Conole <aconole@redhat.com>
Flavio Leitner [Wed, 7 Jun 2017 20:58:10 +0000 (17:58 -0300)]
testsuite: release resources when vswitch exits.
This change the testsuite macro to release the resources
configured by ovs-vswitchd when exiting as it used to be.
Fixes: 0f28164be02ac ("netdev-linux: make tap devices persistent") Fixes: fe13ccdca6a22 ("vswitchd: Add --cleanup option to the 'appctl
exit' command")
Reported-by: Eric Garver <e@erig.me> Signed-off-by: Flavio Leitner <fbl@redhat.com> Signed-off-by: Joe Stringer <joe@ovn.org>
Joe Stringer [Fri, 26 May 2017 21:11:31 +0000 (14:11 -0700)]
test-hash: Fix unaligned pointer value error.
Clang 4.0 complains:
../tests/test-hash.c:160:16: error: taking address of packed member 'b' of
class or structure 'offset_ovs_u128' may result in an unaligned pointer value
[-Werror,-Waddress-of-packed-member]
in0 = &in0_data.b;
Set the bit in the aligned u128 first then copy the contents into the
offset u128 so that we don't have to take the address of the non-aligned
u128 and pass it to set_bit128.
For the 256byte_hash, fix it up so that it's actually testing the 256B
hash inside a 32-bit offset u128 as well.
Suggested-by: Ben Pfaff <blp@ovn.org> Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Copy external_ids from Logical_Switch_Port to SB database
This patch makes ovn-northd copy all string-string pairs in
external_ids column of the Logical_Switch_Port table in Northbound
database to the equivalent column of the Port_Binding table in
Southbound database.
OpenStack Neutron will add some useful data to NB database that can be
later read by networking-ovn-metadata-agent without the need of
maintaining a connection to NB database. This data would include
the CIDR's of a port or the project and device ID's which are needed
when talking to Nova to request metadata.
Signed-off-by: Daniel Alvarez <dalvarez@redhat.com> Signed-off-by: Russell Bryant <russell@ovn.org>
Add SSL protocol and cipher columns to SSL tables in northbound
and southbound databases. Start nb/sb ovsdb-server with command-
line options to use these columns. Add support to ovn-nbctl
and ovn-sbctl "set-ssl" commands for user-friendly management
of these settings.
Signed-off-by: Lance Richardson <lrichard@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Darrell Ball [Mon, 5 Jun 2017 13:34:33 +0000 (06:34 -0700)]
flow: Refactor ct_orig_tuple check in miniflow_extract().
The checks to populate ct_orig_tuple in miniflow_extract
include recirc_id being non-zero. Now, ct_orig_tuple
is only populated if the packet has passed through the
connection tracker, which is a prerequisite for having
valid ct_orig_tuple information. This is recognized by
having a non-zero ct_state. This has an added benefit
of saving some processing time.
Signed-off-by: Darrell Ball <dlu998@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Darrell Ball [Tue, 30 May 2017 21:21:33 +0000 (14:21 -0700)]
dpdk: Move tcp_payload_length to include file.
The function tcp_payload_length is moved to a private
include file to be used by other conntrack files. A
sanity check is added for general use, although
previous usage was safe in that filtering is already
done by the time it is called.
Signed-off-by: Darrell Ball <dlu998@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
tests: Export PYTHONCOERCECLOCALE=0 for python3 tests
This patch exports PYTHONCOERCECLOCALE=0 when you have Python3 tests
enabled.
This is needed since testsuite forces LC_ALL=C and Python 3, with PEP 538,
prints the following warning on stderr:
"Python runtime initialized with LC_CTYPE=C (a locale with default ASCII
encoding), which may cause Unicode compatibility problems. Using C.UTF-8,
C.utf8, or UTF-8 (if available) as alternative Unicode-compatible locales is
recommended."
AT_CHECK reports it as an error since stderr is not empty as it should be.
This patch is needed, at least, on Fedora 26 and Rawhide (backported PEP
538 on Python 3.6).
This will also be needed on any distribution with Python 3.7 (PEP 538).
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
stream: include ssl protocol/cipher options in run-time help
Include --ssl-protocols and --ssl-ciphers options in run-time
help output.
Sample output with this change:
PKI configuration (required to use SSL):
-p, --private-key=FILE file with private key
-c, --certificate=FILE file with certificate for private key
-C, --ca-cert=FILE file with peer CA certificate
--bootstrap-ca-cert=FILE file with peer CA certificate to read or create
SSL options:
--ssl-protocols=PROTOS list of SSL protocols to enable
--ssl-ciphers=CIPHERS list of SSL ciphers to enable
Output formatting options:
Signed-off-by: Lance Richardson <lrichard@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Stephen Finucane [Fri, 26 May 2017 14:12:38 +0000 (15:12 +0100)]
docs: Document dpdkr ports
I has an idea what these were but that idea was somewhat incorrect and
out-of-date. Add a minimal guide to fill in these gaps, along with a
warning about how useless these things generally are now (yay,
vhost-user).
Signed-off-by: Stephen Finucane <stephen@that.guru> Cc: Ciara Loftus <ciara.loftus@intel.com> Cc: Kevin Traynor <ktraynor@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Stephen Finucane [Fri, 26 May 2017 14:12:37 +0000 (15:12 +0100)]
docs: Clarify the superiority of dpdkvhostuserclient
Apparently dpdkvhostuser interfaces are inferior to dpdkvhostuserclient.
Explain why.
Signed-off-by: Stephen Finucane <stephen@that.guru> Cc: Ciara Loftus <ciara.loftus@intel.com> Cc: Kevin Traynor <ktraynor@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Kevin Traynor <ktraynor@redhat.com>
Szucs Gabor [Tue, 6 Jun 2017 15:11:54 +0000 (17:11 +0200)]
bfd: Detect Multiplier configuration
Mult value (bfd.DetectMult in RFC5880) is hard-coded and equal to 3 in
current openvswitch. As a consequence remote and local mult is the same.
In this commit the mult (Detect Multiplier/bfd.DetectMult/Detect Mult)
can be set on each interface setting the mult=<value> in bfd Column
in Interface table of ovsdb database.
Example:
ovs-vsctl set Interface p1 bfd:mult=4
sets mult=4 on p1 interface
The modification based on RFC5880 June 2010.
The relevant paragraphs are:
4.1. Generic BFD Control Packet Format
6.8.4. Calculating the Detection Time
6.8.7. Transmitting BFD Control Packets
6.8.12. Detect Multiplier Change
The mult value is set to default 3 if it is not set in ovsdb. This
provides backward compatibility to previous openvswitch behaviour.
The RFC5880 says in 6.8.1 that DetectMult shall be a non-zero integer.
In RFC5880 4.1. "Detect Mult" has 8 bit length and is declared
as a 8 bit unsigned integer in bfd.c.
Consequently mult value shall be greater than 0 and less then 256.
In case of incorrect mult value is given in ovsdb the default value (3)
will be set and a message is logged into ovs-vswitchd.log on that.
Local or remote mult value change is also logged into ovs-vswitchd.log.
Since remote and local mult is not the same calculation of detect time
has been changed. Due to RFC5880 6.8.4 Detection Time is calculated using
mult value of the remote system.
Detection time is recalculated due to remote mult change.
The BFD packet transmission jitter is different in case of mult=1
due to RFC5880 6.8.7. The maximum interval of the transmitted bfd packet
is 90% of the transmission interval.
The value of remote mult is printed in the last line of the output of
ovs-appctl bfd/show command with label: Remote Detect Mult.
There is a feature in openvswitch connected with forwarding_if_rx that
is not the part of RFC5880. This feature also uses mult value but it is
not specified if local or remote since it was the
same in original code. The relevant description in code:
/* When 'bfd->forwarding_if_rx' is set, at least one bfd control packet
* is required to be received every 100 * bfd->cfg_min_rx. If bfd
* control packet is not received within this interval, even if data
* packets are received, the bfd->forwarding will still be false. */
Due to lack of specification local mult value is used for calculation of
forwarding_if_rx_detect_time. This detect time is recalculated at mult
change if forwarding_if_rx is true and bfd is in UP state.
A new unit test has been added: "bfd - Edit the Detect Mult values"
The following cases are tested:
- Without setting mult the mult will be the default value (3).
- The setting of the lowest (1) and highest (255) valid mult value
and the detection of remote mult value.
- The setting of out of range mult value (0, 256) in ovsdb results
sets default value in ovs-vswitchd
- Clearing non default mult value from ovsdb results sets default
value in ovs-vswitchd.
Signed-off-by: Gábor Szűcs <gabor.sz.cs@ericsson.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Darrell Ball [Tue, 30 May 2017 17:49:27 +0000 (10:49 -0700)]
dpdk: Userspace Datapath: Introduce NAT Support.
This patch introduces NAT support for the userspace datapath.
Most conntrack module changes are in this patch, with the
exception of icmp related handling and recent orig tuple
support.
The per packet scope of lookups for NAT and un_NAT is at
the bucket level rather than global. One hash table is
introduced to support create/delete handling. The create/delete
events may be further optimized, if the need becomes clear.
Some NAT options with limited utility (persistent, random) are
not supported yet, but will be supported in a later patch.
Signed-off-by: Darrell Ball <dlu998@gmail.com> Acked-by: Flavio Leitner <fbl@sysclose.org> Acked-by: Daniele Di Proietto <diproiettod@ovn.org> Signed-off-by: Ben Pfaff <blp@ovn.org>
projects / mirror_ovs.git / log