Kevin Traynor [Tue, 6 Mar 2018 12:07:09 +0000 (12:07 +0000)]
Documentation: Add note about dpdkvhostuser and IOMMU.
The docs describe IOMMU support for dpdkvhostuserclient ports,
but it is not mentioned in the section about dpdkvhostuser
ports. Add an explicit note to say IOMMU is not supported for
dpdkvhostuser ports.
CC: Maxime Coquelin <maxime.coquelin@redhat.com> Signed-off-by: Kevin Traynor <ktraynor@redhat.com> Signed-off-by: Ian Stokes <ian.stokes@intel.com>
Roi Dayan [Mon, 12 Mar 2018 12:58:47 +0000 (14:58 +0200)]
netdev-tc-offloads: Add support for IP fragmentation
Add support for frag no, first and later.
Signed-off-by: Roi Dayan <roid@mellanox.com> Reviewed-by: Shahar Klein <shahark@mellanox.com> Reviewed-by: Paul Blakey <paulb@mellanox.com> Signed-off-by: Simon Horman <simon.horman@netronome.com>
ovsdb-client: Set binary mode when doing backup/restore
Add some needed consistency on Windows for STD_IN/OUT file descriptors
when doing backup and restore.
Reported-at:https://mail.openvswitch.org/pipermail/ovs-dev/2018-January/343518.html Suggested-by: Ben Pfaff <blp@ovn.org> Co-authored-by: Ben Pfaff <blp@ovn.org> Signed-off-by: Ben Pfaff <blp@ovn.org> Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Wed, 14 Mar 2018 21:57:23 +0000 (14:57 -0700)]
odp-util: Print eth() for Ethernet flows if packet_type is absent.
OVS datapaths have two different ways to indicate what kind of packet a
flow matches. One way, used by the userspace datapath, is
OVS_KEY_ATTR_PACKET_TYPE. Another way, used by the kernel datapath, is
OVS_KEY_ATTR_ETHERTYPE when used in the absence of OVS_KEY_ATTR_ETHERNET;
when the latter is present, the packet is always an Ethernet packet. The
code to print datapath flows wasn't paying attention to this distinction
and always omitted eth() from the output when OVS_KEY_ATTR_ETHERNET was
fully wildcarded, which meant that upon later re-parsing the
OVS_KEY_ATTR_ETHERNET key was omitted, which made it look like a
non-Ethernet match was being described.
This commit makes odp_util_format() add eth() to the output when
OVS_KEY_ATTR_ETHERNET is present and OVS_KEY_ATTR_PACKET_TYPE is absent,
avoiding the problem.
Reported-by: Amar Padmanabhan <amarpadmanabhan@fb.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2017-December/045817.html Reported-by: Su Wang <suwang@vmware.com>
VMWare-BZ: #2070488 Signed-off-by: Ben Pfaff <blp@ovn.org> Tested-by: Yi-Hung Wei <yihung.wei@gmail.com> Acked-by: Yi-Hung Wei <yihung.wei@gmail.com>
Miguel Angel Ajo [Mon, 12 Mar 2018 10:31:25 +0000 (10:31 +0000)]
ovs-vsctl: Include bfd_status in "show" output for interfaces
Since OVS 2.8 OVN provides L3HA capabilities via BFD monitoring,
but checking the status of BFD is not obvious, and we provide
a simple way to visualize the status with this simple patch.
Signed-off-by: Miguel Angel Ajo <majopela@redhat.com> Tested-by: Miguel Angel Ajo <majopela@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Daniel Alvarez [Sat, 10 Mar 2018 13:50:14 +0000 (14:50 +0100)]
ovsdb: Fix database compaction check
We want to compact database file if it has been over 24 hours since we
last compacted it and there's more than 100 commits regardless of the
size of the database. This patch fixes the previous comparisson which
checked if 24 hours was elapsed since the next scheduled compaction.
Signed-off-by: Daniel Alvarez <dalvarez@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Fri, 16 Feb 2018 22:03:51 +0000 (14:03 -0800)]
ofp-print: Move much of the printing code into message-specific files.
Until now, the ofp-print code has had a lot of logic specific to
individual messages. This code is better put with the other code specific
to those messages, so this commit starts to migrate it.
There is more work of a similar type to do, but this is a reasonable start.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Justin Pettit <jpettit@ovn.org>
Ben Pfaff [Fri, 16 Feb 2018 19:43:56 +0000 (11:43 -0800)]
ofp-packet: Better abstract packet-in format.
This commit relieves the caller of code that deals with the format of
packet-in messages from some of the burden of understanding the packet
format. It also renames the constants to appear to be at a higher level of
abstraction.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Justin Pettit <jpettit@ovn.org>
Ben Pfaff [Thu, 15 Feb 2018 22:38:28 +0000 (14:38 -0800)]
ofp-protocol: Better abstract changing the protocol used for flow matches.
The previous interface here required the client to understand, to some
extent, the low-level NXFF_* values and the encoding format for the
NXT_SET_FLOW_FORMAT and NXT_SET_FLOW_MOD_TABLE_ID messages. This commit
changes the interface so that the client only has to understand the
ofputil_protocol type used elsewhere and none of the encoding otherwise.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Justin Pettit <jpettit@ovn.org>
Ben Pfaff [Wed, 7 Mar 2018 18:26:35 +0000 (10:26 -0800)]
ovsdb-idl: Use modern form of <monitor-requests>.
Long ago, a <monitor-requests> object in the OVSDB protocol mapped a table
name to a single <monitor-request>. Since then, it has mapped a table name
to an *array of* <monitor-request> objects, but the OVSDB IDL has never
been updated to use the modern form. This commit makes that change.
When the Load_Balancer is added to the logical_switch,
the VIP has to be in a different subnet than the one used
for the logical_switch. Since VIP is in a different subnet,
you should connect your logical switch to either a OVN
logical router or a real router (this is because the client
can now send a packet with VIP as the destination IP address
and router's mac address as the destination MAC address).
Signed-off-by: Gurucharan Shetty <guru@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Lorenzo Bianconi [Tue, 20 Feb 2018 17:39:44 +0000 (18:39 +0100)]
OVN: add acl reject support using icmp4 action
Whenever the acl reject rule is hit send back an ICMPv4 destination
unreachable packet and do not handle reject rule as drop one.
Treat TCP connections as DROP for the moment since tcp_reset{} action
has not been implemented yet.
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Lorenzo Bianconi [Tue, 20 Feb 2018 17:39:43 +0000 (18:39 +0100)]
OVN: add icmp4{} action support
icmp4 action is used to replace the IPv4 packet been processed with
an ICMPv4 packet initialized based on incoming IPv4 one.
Ethernet and IPv4 fields not listed are not changed:
- ip.proto = 1 (ICMPv4)
- ip.frag = 0 (not a fragment)
- ip.ttl = 255
- icmp4.type = 3 (destination unreachable)
- icmp4.code = 1 (host unreachable)
Prerequisite: ip4
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-By: Mark Michelson <mmichels@redhat.com>
Guoshuai Li [Thu, 1 Mar 2018 06:27:37 +0000 (14:27 +0800)]
python: Fix decoding error when the received data is larger than 4096.
It can only receive 4096 bytes of data each time in jsonrpc,
when there are similar and Chinese characters occupy multiple bytes,
it may receive half a character, this time the decoding will be abnormal.
We need to receive the completed character to decode.
Signed-off-by: Guoshuai Li <ligs@dtdream.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Daniel Alvarez [Thu, 8 Mar 2018 22:20:56 +0000 (23:20 +0100)]
ovsdb: Loosen requirements for automatically compacting databases.
Before this patch, the databases were automatically compacted when a
transaction is logged when:
* It's been > 10 minutes after last compaction AND
* At least 100 commits have occurred AND
* Database has grown at least 4x since last compaction (and it's > 10M)
This patch changes the conditions as follows:
* It's been > 10 minutes after last compaction AND
* At least 100 commits have occurred AND either
- It's been > 24 hours after the last compaction OR
- Database has grown at least 2x since last compaction (and it's > 10M)
Reported-by: Daniel Alvarez <dalvarez@redhat.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2018-March/046309.html Signed-off-by: Daniel Alvarez <dalvarez@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Eric Garver [Thu, 1 Mar 2018 22:59:41 +0000 (17:59 -0500)]
ofproto-dpif-xlate: translate action_set in clone action
A clone action saves the action_set prior to performing the clone, then
restores it afterwards. However when xlating the actions it neglects to
consider the action_set so any write_action() inside a clone() are
ignored. Unfortunately patch ports are internally implemented via
clone(). So a frame traversing to a second bridge via patch port will
never be affected by write_action() in the second bridge's flow table.
Lets make clone() aware of the action_set.
Signed-off-by: Eric Garver <e@erig.me> Signed-off-by: Ben Pfaff <blp@ovn.org>
m4: Try to use "python" as Python2 interpreter only as last resort
This patch tries to find Python 2 as "python2", then "python2.7" and finally
"python".
This is needed since "/usr/bin/python" is used as Python 3 on some Linux
distributions (for example on Arch Linux) and on Fedora 28
"/usr/bin/python" will be deprecated [1]:
"All scripts shall explicitly use /usr/bin/python2."
Anand Kumar [Tue, 6 Mar 2018 23:48:08 +0000 (15:48 -0800)]
datapath-windows: Do not drop Ip fragments less than MIN_FRAGMENT_SIZE
Previously ipfragment module would drop any fragments less than
MIN_FRAGMENT_SIZE (400 bytes), which was added to safeguard against the
vulnerability CVE-2000-0305. This check is incorrect, since minimum size
of the Ipfragment is 68 bytes (i.e. max length of Ip Header + 8 bytes of
L4 header). So Ip fragments less than MIN_FRAGMENT_SIZE (400 bytes) is not
guranted to be malformed or illegal.
To guard against security vulnerability CVE-2000-0305, for a given ip
datagram, ipfragments should be dropped only when number of smallest
fragments recieved reaches a certain threshold.
Signed-off-by: Anand Kumar <kumaranand@vmware.com> Acked-by: Alin Gabriel Serdean <aserdean@ovn.org> Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
Fix two $PYTHON leftovers.
One in JSONRPC_REQ_REPLY_SUCCESS_PYN and the other in JSONRPC_REQ_REPLY_ERROR_PYN
Fixes: 58bed3df484b ("jsonrpc-py.at: Run tests with Python 2 and 3.") Signed-off-by: Timothy Redaelli <tredaelli@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Mark Michelson [Wed, 7 Mar 2018 15:31:00 +0000 (09:31 -0600)]
ovn: Calculate UDP checksum for DNS over IPv6
Unlike IPv4, IPv6 mandates the calculation of the UDP checksum. For DNS
resolution in OVN, we were setting the checksum to 0, which results in
errors.
This patch fixes the problem by calculating the checksum for DNS over
IPv6. It also alters the applicable test by skipping the checksum when
comparing the expected and actual packets.
Signed-off-by: Mark Michelson <mmichels@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Tue, 6 Mar 2018 01:04:32 +0000 (17:04 -0800)]
tests: Wait for entire trace to hit log.
"over max translation" appears in the log before the trace, but we're
checking for the trace immediately after waiting. This changes the test
to wait for "packet is dropped" instead, which appears at the end of the
trace. This created a race and occasional test failures.
CC: William Tu <u9012063@gmail.com> Fixes: d1ea2cc3de99 ("xlate: auto ofproto trace when recursion too deep") Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: William Tu <u9012063@gmail.com>
Daniel Alvarez [Wed, 7 Mar 2018 18:02:30 +0000 (19:02 +0100)]
ovsdb: Fix time in log traces when compacting database
Current code is mixing wall and monotonic clocks and the traces are not
useful since the timestamps are not accurate. This patch fixes it by
using the same time reference for the log as used in the code.
Without this patch, the traces look like this:
compacting database online (1519124364.908 seconds old, 951 transactions)
Signed-off-by: Daniel Alvarez <dalvarez@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
rhel: Avoid losing bridge configuration after adding DPDK ports
Whenever a DPDK port is added to or deleted from an OVS bridge, the bridge
interface is reconfigured with the lowest MAC address among the connected DPDK
ports. When changing the MAC address, OVS performs a sequences of events
UP -> DOWN -> UP on the bridge interface. In deployments of OVS in RHEL
distribution this results in loosing Linux networking configuration attached to
the bridge interface (e.g. static routes).
This patch changes the interface configuration scripts used in a RHEL deployment
to trigger post-up operations on the bridge device after a change of MAC address.
Signed-off-by: Vishal Deep Ajmera <vishal.deep.ajmera@ericsson.com> Signed-off-by: Flavio Leitner <fbl@sysclose.org> Acked-by: Flavio Leitner <fbl@sysclose.org> Signed-off-by: Russell Bryant <russell@ovn.org>
The WDK 10 static analysis complains:
stt.c(427): warning C30030: Warning: Allocating executable memory via
specifying a MM_PAGE_PRIORITY type without a bitwise OR with
MdlMappingNoExecute.
Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org> Acked-by: Sairam Venugopal <vsairam@vmware.com>
William Tu [Thu, 1 Mar 2018 00:32:27 +0000 (16:32 -0800)]
xlate: auto ofproto trace when recursion too deep
Usually ofproto/trace is used to debug the flow translation error.
When translation error such as recursion too deep or too many resubmit,
the issue might happen momentary; flows causing the recursion expire
when users try to debug it. This patch enables the ofproto trace
automatically when recursion is too deep or too many resubmit, by
invoking the translation again, and log the ofproto trace as warnings.
Since the log will be huge, rate limit to one per minute.
VMWare-BZ: #2054659 Signed-off-by: William Tu <u9012063@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Shashank Ram [Tue, 27 Feb 2018 19:57:37 +0000 (11:57 -0800)]
datapath-windows: Support to selectively compile targets
Adds support to selectively compile kernel driver for
target versions. This is useful when environments to
compile for all targets might not be available on the
user's machine, or if the user wants to only compile
some targets selectively.
Also once appveyor has support to build Win10 targets,
we will not pass the "--with-vstudiotargetver" to the
configure script.
Signed-off-by: Shashank Ram <rams@vmware.com> Acked-by: Anand Kumar <kumaranand@vmware.com> Acked-by: Alin Gabriel Serdean <aserdean@ovn.org> Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
Anand Kumar [Wed, 28 Feb 2018 04:59:40 +0000 (20:59 -0800)]
datapath-windows: On Debug builds, dump NBL info based on OVS_DBG_DEFAULT macro
Currently nbl information is getting dumped whenever a nbl is copied or
allocated, since OVS_DBG_DEFAULT is set to OVS_DBG_INFO for debug builds,
which affects the ovs performance. Instead dump nbl information only when
OVS_DBG_DEFAULT is set to OVS_LOG_LOUD
Signed-off-by: Anand Kumar <kumaranand@vmware.com> Acked-by: Alin Gabriel Serdean <aserdean@ovn.org> Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
Daniel Alvarez [Wed, 28 Feb 2018 09:11:09 +0000 (10:11 +0100)]
python: avoid useless JSON conversion to enhance performance
This patch removes a useless conversion to/from JSON in the
processing of any 'modify' operations inside the process_update2
method in Python IDL implementation.
Previous code will make resources creation take longer as the number
of elements in the row grows because of that JSON conversion. This
patch eliminates it and now the time remains consant regardless
of the database contents improving performance and scaling.
Reported-by: Daniel Alvarez <dalvarez@redhat.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2018-February/046263.html Signed-off-by: Daniel Alvarez <dalvarez@redhat.com> Acked-by: Terry Wilson <twilson@redhat.com> Tested-By: Terry Wilson <twilson@redhat.com> Acked-by: Han Zhou <hzhou8@ebay.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Jakub Sitnicki [Wed, 28 Feb 2018 16:06:45 +0000 (17:06 +0100)]
Fix type-setting in ovsdb-idlc man page.
- Remove extra escape sequences for switching to bold font.
- Add missing escape sequences for switching back to normal font.
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2018-February/344591.html Signed-off-by: Jakub Sitnicki <jkbs@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Greg Rose [Mon, 26 Feb 2018 22:10:15 +0000 (14:10 -0800)]
compat: Fix RHEL 7 compile
frag_percpu_counter_batch is a variable, not a define, so checking if
it is defined is an error and causes warning messages during compile
on RHEL 7 (or other 3.10 based) builds. Use a compat #define from
acinclude.m4 instead.
Fixes: 64d8cb7295 ("compat:inet_frag.h: Check for frag_percpu_counter_batch") Signed-off-by: Greg Rose <gvrose8192@gmail.com> Acked-by: Pravin B Shelar <pshelar@ovn.org>
Balazs Nemeth [Mon, 26 Feb 2018 09:10:35 +0000 (09:10 +0000)]
tests: Make packet-type-aware.at hash independent
When compiling with -msse4.2 a test case of packet-type-aware.at will
fail due to the CRC32 based hash function is different from mhash.
Fix this issue with parsing the port statistics one-by-one.
Signed-off-by: Balazs Nemeth <balazs.nemeth@ericsson.com> CC: Jan Scheurich <jan.scheurich@ericsson.com> CC: Zoltan Balogh <zoltan.balogh@ericsson.com> Fixes: 00135b869d7c ("xlate: fix xport lookup for recirc") Signed-off-by: Ben Pfaff <blp@ovn.org>
Mark Michelson [Mon, 26 Feb 2018 20:04:02 +0000 (14:04 -0600)]
Refer to database manpages in *ctl manpages
The ovn-nbctl, ovn-sbctl, and ovs-vsctl manpages are inconsistent in
their "Database Commands" section when it comes to referring to what
database tables exist. This commit amends this by making each *ctl
manpage reference the corresponding database manpage instead.
To aid in having a more handy list, the --help text of ovn-nbctl,
ovn-sbctl, and ovs-vsctl have been modified to list the available
tables. This is also referenced in the manpages for those applications.
Signed-off-by: Mark Michelson <mmichels@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Fri, 23 Feb 2018 21:03:07 +0000 (13:03 -0800)]
ovn-northd: Consistently use Datapath_Binding UUID for hashing flows.
In one place, ovn-northd was hashing Logical_Switch or Logical_Router UUIDs
for ovn_lflow, and in another place it was hashing Datapath_Binding UUIDs.
This caused problems. This commit changes ovn-northd to always hash the
Datapath_Binding UUID.
Jacob Sitnicki reported the following performance improvement for a similar
fix:
Ilya Maximets [Mon, 26 Feb 2018 08:10:11 +0000 (11:10 +0300)]
ofproto-dpif-upcall: Fix using uninitialized fitness.
'upcall_xlate()' makes a decision to compose slow path actions
by checking the 'upcall->fitness', which is not initialized in
case of calling from the 'upcall_cb()'.
'upcall_cb()' receives the real flow, so the fitness should be
initialized as perfect.
zhangliping [Sat, 24 Feb 2018 03:30:58 +0000 (11:30 +0800)]
vlog: fix the incorrect zero padding in format_log_message
If the format specifier does not have the 0 flag, we should pad with
blanks instead of zeroes.
Signed-off-by: zhangliping <zhangliping02@baidu.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Mark Michelson <mmichels@redhat.com> Tested-by: Mark Michelson <mmichels@redhat.com>
Ben Pfaff [Fri, 23 Feb 2018 22:03:15 +0000 (14:03 -0800)]
ofproto: Make ofproto_port_open_type() faster.
ofproto_port_open_type() was surprisingly slow because it called the
function ofproto_class_find__(), which itself was surprisingly slow because
it actually creates a set of strings and enumerates all of the available
classes.
This patch improves performance by eliminating the call to
ofproto_class_find__() from ofproto_port_open_type(). In turn that
required changing a parameter type and updating all the callers.
Possibly it would be worth making ofproto_class_find__() itself faster,
but it doesn't look like any of its other callers would be used in inner
loops.
For more background, see also
https://mail.openvswitch.org/pipermail/ovs-discuss/2018-February/046140.html
This patch arises as a result of testing done by Ali Ginwala and Han Zhou.
Their test showed that commit 2d4beba resulted in slower performance of
ovs-vswitchd than was seen in previous versions of OVS.
With this patch, Ali retested and reported that performance drastically
improved by ~60%. The test for 10k lports, 40 LSs and 8 LRs and 1k HVs just
got completed in 3 hours 39 min vs 8+ hours for branch-2.9. Cpu utilization
graph of a farm comparing Ben's ofproto patch vs branch-2.9 is available @
https://raw.githubusercontent.com/noah8713/ovn-scale-test/scale_results/results/ovs_2.9_vs_ben_ofproto.png
Reported-by: Mark Michelson <mmichels@redhat.com> Acked-by: Mark Michelson <mmichels@redhat.com> Tested-by: aginwala <aginwala@asu.edu> Signed-off-by: Ben Pfaff <blp@ovn.org>
Aaron Conole [Mon, 19 Feb 2018 14:55:43 +0000 (09:55 -0500)]
selinux: allow dpdkvhostuserclient sockets with newer libvirt
Newer libvirt and openstack versions will now label the unix socket as
an `svirt_tmpfs_t` object. This means that in order to support
deploying with the recommended configuration (using a
dpdkvhostuserclient socket), additional permissions need to be
installed as part of the selinux policy.
Ilya Maximets [Wed, 21 Feb 2018 13:32:39 +0000 (16:32 +0300)]
ofp-parse: Include missing ofp-actions.h.
This fixes MacOS build:
lib/ofp-parse.c:167:16:
error: use of undeclared identifier 'IPPORT_FTP'
lib/ofp-parse.c:171:16:
error: use of undeclared identifier 'IPPORT_TFTP'
CC: Ben Pfaff <blp@ovn.org> Fixes: 0d71302e36c4 ("ofp-util, ofp-parse: Break up into many separate modules.") Signed-off-by: Ilya Maximets <i.maximets@samsung.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Wed, 14 Feb 2018 18:14:02 +0000 (10:14 -0800)]
ovn-northd: Reduce amount of flow hashing.
Jakub Sitnicki demonstrated that repeatedly calculating row hashes is
expensive, so this should improve ovn-northd performance.
Reported-by: Jakub Sitnicki <jkbs@redhat.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2018-February/344404.html Signed-off-by: Ben Pfaff <blp@ovn.org> Tested-by: Jakub Sitnicki <jkbs@redhat.com>
Ben Pfaff [Fri, 7 Oct 2016 16:47:43 +0000 (09:47 -0700)]
ovsdb-idlc: Implement synthetic columns.
A synthetic column is one that is not present in the actual database but
instead calculated by code in the client based on columns in the row. This
can be useful to avoid repeatedly calculating the same function of a row.
Ben Pfaff [Fri, 7 Oct 2016 20:35:29 +0000 (13:35 -0700)]
ovsdb-idlc: Add infrastructure for IDL schema extensions.
An IDL schema is an OVSDB schema with some extra stuff in it. So far, all
of the extras have been at the top level. This commit makes it possible
for IDL schemas to have extra information at the table and column levels as
long as it is in an "extensions" member.
Ben Pfaff [Wed, 7 Sep 2016 22:23:44 +0000 (15:23 -0700)]
ovsdb-idlc: Add "cDecls" and "hDecls" IDL schema extensions.
An IDL schema is an OVSDB schema with some extra stuff in it: an idlPrefix
and an idlHeader at the top level to indicate what ovsdb-idlc needs to
generate the interface definitions. This commit adds support for two more
optional IDL schema extensions that allow extra code to be written to the
.c and .h file that ovsdb-idlc generates.
openvswitch: Remove padding from packet before L3+ conntrack processing
IPv4 and IPv6 packets may arrive with lower-layer padding that is not
included in the L3 length. For example, a short IPv4 packet may have
up to 6 bytes of padding following the IP payload when received on an
Ethernet device with a minimum packet length of 64 bytes.
Higher-layer processing functions in netfilter (e.g. nf_ip_checksum(),
and help() in nf_conntrack_ftp) assume skb->len reflects the length of
the L3 header and payload, rather than referring back to
ip_hdr->tot_len or ipv6_hdr->payload_len, and get confused by
lower-layer padding.
In the normal IPv4 receive path, ip_rcv() trims the packet to
ip_hdr->tot_len before invoking netfilter hooks. In the IPv6 receive
path, ip6_rcv() does the same using ipv6_hdr->payload_len. Similarly
in the br_netfilter receive path, br_validate_ipv4() and
br_validate_ipv6() trim the packet to the L3 length before invoking
netfilter hooks.
Currently in the OVS conntrack receive path, ovs_ct_execute() pulls
the skb to the L3 header but does not trim it to the L3 length before
calling nf_conntrack_in(NF_INET_PRE_ROUTING). When
nf_conntrack_proto_tcp encounters a packet with lower-layer padding,
nf_ip_checksum() fails causing a "nf_ct_tcp: bad TCP checksum" log
message. While extra zero bytes don't affect the checksum, the length
in the IP pseudoheader does. That length is based on skb->len, and
without trimming, it doesn't match the length the sender used when
computing the checksum.
In ovs_ct_execute(), trim the skb to the L3 length before higher-layer
processing.
Signed-off-by: Ed Swierk <eswierk@skyportsystems.com> Acked-by: Pravin B Shelar <pshelar@ovn.org> Signed-off-by: David S. Miller <davem@davemloft.net> Cc: Ed Swierk <eswierk@skyportsystems.com> Signed-off-by: Greg Rose <gvrose8192@gmail.com> Acked-by: Pravin B Shelar <pshelar@ovn.org>
Trivial fix removes unneeded semicolons after if blocks.
This issue was detected by using the Coccinelle software.
Signed-off-by: Christopher Díaz Riveros <chrisadr@gentoo.org> Signed-off-by: David S. Miller <davem@davemloft.net> Cc: Christopher Díaz Riveros <chrisadr@gentoo.org> Signed-off-by: Greg Rose <gvrose8192@gmail.com> Acked-by: Pravin B Shelar <pshelar@ovn.org>
Preempt counter APIs have been split out, currently, hardirq.h just
includes irq_enter/exit APIs which are not used by openvswitch at all.
So, remove the unused hardirq.h.
Signed-off-by: Yang Shi <yang.s@alibaba-inc.com> Acked-by: Pravin B Shelar <pshelar@ovn.org> Cc: "David S. Miller" <davem@davemloft.net> Cc: dev@openvswitch.org Signed-off-by: David S. Miller <davem@davemloft.net> Cc: Yang Shi <yang.s@alibaba-inc.com> Signed-off-by: Greg Rose <gvrose8192@gmail.com> Acked-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Yang Shi <yang.shi@linux.alibaba.com>
OVS_NLERR prints a newline at the end of the message string, so the
message string does not need to include a newline explicitly. Done
using Coccinelle.
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr> Signed-off-by: David S. Miller <davem@davemloft.net> Cc: Julia Lawall <Julia.Lawall@lip6.fr> Signed-off-by: Greg Rose <gvrose8192@gmail.com> Acked-by: Pravin B Shelar <pshelar@ovn.org>
openvswitch: Fix pop_vlan action for double tagged frames
skb_vlan_pop() expects skb->protocol to be a valid TPID for double
tagged frames. So set skb->protocol to the TPID and let skb_vlan_pop()
shift the true ethertype into position for us.
Fixes: 5108bbaddc37 ("openvswitch: add processing of L3 packets") Signed-off-by: Eric Garver <e@erig.me> Reviewed-by: Jiri Benc <jbenc@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> Cc: Eric Garver <e@erig.me> Fixes: a27c454ee0 ("datapath: add processing of L3 packets") Signed-off-by: Greg Rose <gvrose8192@gmail.com> Acked-by: Pravin B Shelar <pshelar@ovn.org>
openvswitch: do not propagate headroom updates to internal port
After commit 3a927bc7cf9d ("ovs: propagate per dp max headroom to
all vports") the need_headroom for the internal vport is updated
accordingly to the max needed headroom in its datapath.
That avoids the pskb_expand_head() costs when sending/forwarding
packets towards tunnel devices, at least for some scenarios.
We still require such copy when using the ovs-preferred configuration
for vxlan tunnels:
br_int
/ \
tap vxlan
(remote_ip:X)
br_phy
\
NIC
where the route towards the IP 'X' is via 'br_phy'.
When forwarding traffic from the tap towards the vxlan device, we
will call pskb_expand_head() in vxlan_build_skb() because
br-phy->needed_headroom is equal to tun->needed_headroom.
With this change we avoid updating the internal vport needed_headroom,
so that in the above scenario no head copy is needed, giving 5%
performance improvement in UDP throughput test.
As a trade-off, packets sent from the internal port towards a tunnel
device will now experience the head copy overhead. The rationale is
that the latter use-case is less relevant performance-wise.
Signed-off-by: paolo abeni <pabeni@redhat.com> Acked-by: Pravin B Shelar <pshelar@ovn.org> Signed-off-by: David S. Miller <davem@davemloft.net> Cc: paolo abeni <pabeni@redhat.com> Signed-off-by: Greg Rose <gvrose8192@gmail.com> Acked-by: Pravin B Shelar <pshelar@ovn.org>
Guoshuai Li [Thu, 15 Feb 2018 10:52:29 +0000 (18:52 +0800)]
ovn-controller: Fix crash when sending GARP when openflow disconnection.
This is call stack:
Program received signal SIGABRT, Aborted.
1 0x00007ffff6a4f8e8 in __GI_abort () at abort.c:90
2 0x00000000004765d6 in ofputil_protocol_to_ofp_version (protocol=<optimized out>) at lib/ofp-util.c:769
3 0x000000000047c19e in ofputil_encode_packet_out (po=po@entry=0x7fffffffa0e0, protocol=<optimized out>) at lib/ofp-util.c:7060
4 0x0000000000410870 in send_garp (garp=0x83cfe0, current_time=current_time@entry=1200375400) at ovn/controller/pinctrl.c:1738
5 0x000000000041430f in send_garp_run (active_tunnels=<optimized out>, local_datapaths=0x7fffffffc0a0, chassis_index=<optimized out>, chassis=0x8194d0, br_int=<optimized out>, ctx=0x7fffffffc080) at ovn/controller/pinctrl.c:2069
Signed-off-by: Guoshuai Li <ligs@dtdream.com> Acked-by: Mark Michelson <mmichels@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Benli Ye [Thu, 15 Feb 2018 01:52:07 +0000 (17:52 -0800)]
ofproto-dpif-ipfix: Fix an issue in flow key part
As struct ipfix_data_record_flow_key_iface didn't calculate
its length in flow key part, it may cause problem when flow
key part length is not enough. Use MAX_IF_LEN and MAX_IF_DESCR
to pre-allocate memory for ipfix_data_record_flow_key_iface.
Signed-off-by: Daniel Benli Ye <daniely@vmware.com> Signed-off-by: Ben Pfaff <blp@ovn.org>