Yi-Hung Wei [Mon, 15 May 2017 17:04:57 +0000 (10:04 -0700)]
ofproto: Add pipeline fields support for OF 1.5 packet-out
This patch decodes pipeline fields from a packet-out message, and populates
the pipeline fields into datapath. Error OFPERR_OFPBRC_PIPELINE_FIELDS_ONLY
is returned if the match field of a packet-out messages contains any
non pipeline fields. Currently, the supported pipeline fields
are as following.
Yi-Hung Wei [Mon, 15 May 2017 17:04:56 +0000 (10:04 -0700)]
ofp-util: Add OpenFlow 1.5 packet-out support
This patch implements the encoding and decoding of the new packet-out
format defined in OpenFlow 1.5. Test cases are provided to verify the
encoding and decoding.
Yi-Hung Wei [Mon, 15 May 2017 17:04:55 +0000 (10:04 -0700)]
ofp-util: Add flow metadata to ofputil_packet_out
This patch adds flow metadata to ofputil_packet_out. It does not make any
functional change. The flow metadata will be useful to support new packet-out
message format in OpenFlow 1.5.
Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Sat, 27 May 2017 06:03:20 +0000 (23:03 -0700)]
physical: Tolerate missing distributed-port key for chassisredirect ports.
Until now, the code here assumed that a "distributed-port" key existed,
and dereferenced a null pointer if it did not. This commit avoids that
problem.
Found by Coverity.
Reported-at: https://scan3.coverity.com/reports.htm#v16889/p10449/fileInstanceId=14763078&defectInstanceId=4305288&mergedDefectId=179857 Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Aaron Conole <aconole@redhat.com>
Ben Pfaff [Fri, 26 May 2017 18:22:36 +0000 (11:22 -0700)]
checkpatch: Implement -f option more usefully.
A lot of checkpatch warnings are only enabled for particular kinds of
files, e.g. C warnings only apply to C source and header files. The -f
option didn't pass the file name to the code that determines what kinds
of warnings to report, so only generic warnings were actually reported.
This fixes that problem.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Aaron Conole <aconole@redhat.com>
Mickey Spiegel [Wed, 17 May 2017 06:04:56 +0000 (23:04 -0700)]
ovn: Increase logical pipeline length from 16 to 24 stages.
The OVN ingress pipeline for a logical switch is maxed out at 16 stages.
This patch takes the simple approach of starting the ingress pipeline at
table 8 rather than table 16, and starting the egress pipeline at
table 40 rather than table 48.
Signed-off-by: Mickey Spiegel <mickeys.dev@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Fri, 26 May 2017 23:27:59 +0000 (16:27 -0700)]
ofp-actions: Fix memory leak on error path in parse_CT().
Found by Coverity.
Reported-at: https://scan3.coverity.com/reports.htm#v16889/p10449/fileInstanceId=14762959&defectInstanceId=4305310&mergedDefectId=180392 Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Joe Stringer <joe@ovn.org>
Daniel Alvarez [Fri, 26 May 2017 12:08:43 +0000 (12:08 +0000)]
ovn: Add support for new logical port type "localport".
This patch introduces a new type of OVN ports called "localport".
These ports will be present in every hypervisor and may have the
same IP/MAC addresses. They are not bound to any chassis and traffic
to these ports will never go through a tunnel.
Its main use case is the OpenStack metadata API support which relies
on a local agent running on every hypervisor and serving metadata to
VM's locally. This service is described in detail at [0].
An example to illustrate the purpose of this patch:
- One logical switch sw0 with 2 ports (p1, p2) and 1 localport (lp)
- Two hypervisors: HV1 and HV2
- p1 in HV1 (OVS port with external-id:iface-id="p1")
- p2 in HV2 (OVS port with external-id:iface-id="p2")
- lp in both hypevisors (OVS port with external-id:iface-id="lp")
- p1 should be able to reach p2 and viceversa
- lp on HV1 should be able to reach p1 but not p2
- lp on HV2 should be able to reach p2 but not p1
Explicit drop rules are inserted in table 32 with priority 150
in order to prevent traffic originated at a localport to go over
a tunnel.
Current versions of systemd in Debian Stretch use
SYSTEMCTL_SKIP_REDIRECT instead of _SYSTEMCTL_SKIP_REDIRECT.
Provide both variables in the .init files.
Signed-off-by: Raymond Burkholder <ray@oneunified.net> Suggested-by: Guru Shetty <guru@ovn.org> Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Ben Pfaff [Tue, 30 May 2017 15:22:03 +0000 (08:22 -0700)]
packets: Remove unnecessary "packed" annotations.
I know of two reasons to mark a structure as "packed". The first is
because the structure must match some defined interface and therefore
compiler-inserted padding between or after members would cause its layout
to diverge from that interface. This is not a problem in a structure that
follows the general alignment rules that are seen in ABIs for all the
architectures that OVS cares about: basically, that a struct member needs
to be aligned on a boundary that is a multiple of the member's size.
The second reason is because instances of the struct tend to be at
misaligned addresses.
struct eth_header and struct vlan_eth_header are normally aligned on
16-bit boundaries (at least), and they contain only 16-bit members, so
there's no need to pack them. This commit removes the packed annotation.
This commit also removes the packed annotation from struct llc_header.
Since that struct only contains 8-bit members, I don't know of any benefit
to packing it, period.
This commit also removes a few more packed annotations that are much less
important.
When these packed annotations were removed, it caused a few warnings
related to casts from 'uint8_t *' to more strictly aligned pointer types,
related to struct ovs_action_push_tnl. That's because that struct had a
trailing member used to store packet headers, that was declared as
a uint8_t[]. Before, when this was cast to 'struct eth_header *', there
was no change in alignment since eth_header was packed; now that
eth_header is not packed, the compiler considers it suspicious. This
commit avoids that problem by changing the member from uint8_t[] to
uint32_t[], which assures the compiler that it is properly aligned.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Joe Stringer <joe@ovn.org>
Ben Pfaff [Sat, 27 May 2017 05:39:02 +0000 (22:39 -0700)]
ovn-northd: Avoid null deref for missing outport in build_static_route_flow().
Found by Coverity.
Reported-at: https://scan3.coverity.com/reports.htm#v16889/p10449/fileInstanceId=14763080&defectInstanceId=4305186&mergedDefectId=179788 Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Miguel Angel Ajo <majopela@redhat.com>
Ben Pfaff [Sat, 27 May 2017 04:23:11 +0000 (21:23 -0700)]
ovn: Fix encoding of large logical output ports for STT.
put_encapsulation() is meant to load the logical output port into bits
24 to 40 of the tunnel ID metadata field, but 'outport << 24' did not
have that effect because outport has type uint16_t. This fixes the
problem.
This would only affect ports numbered 256 and higher, and only with STT.
(However, multicast groups are always numbered higher than 256, so I guess
that flooding didn't work.)
Found by Coverity.
Reported-at: https://scan3.coverity.com/reports.htm#v16889/p10449/fileInstanceId=14763078&defectInstanceId=4304791&mergedDefectId=180391 Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Miguel Angel Ajo <majopela@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
These functions all set txn and do not un-set it within their main
command execution function, so it's gratuitous to check it along this path.
Found by Coverity.
Reported-at: https://scan3.coverity.com/reports.htm#v16889/p10449/fileInstanceId=14763082&defectInstanceId=4305338&mergedDefectId=180417 Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Miguel Angel Ajo <majopela@redhat.com>
Ben Pfaff [Fri, 26 May 2017 23:17:23 +0000 (16:17 -0700)]
ovn-controller: Fix memory leak in create_br_int().
Found by Coverity.
Reported-at: https://scan3.coverity.com/reports.htm#v16889/p10449/fileInstanceId=14763066&defectInstanceId=4305324&mergedDefectId=180404&fileStart=251&fileEnd=500 Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Miguel Angel Ajo <majopela@redhat.com>
Ben Pfaff [Fri, 26 May 2017 22:56:57 +0000 (15:56 -0700)]
ovn-northd: Fix uninitialized reference in build_static_route_flow().
It was apparently possible for lrp_addr_s to be uninitialized in a logical
router with no ports.
Found by Coverity.
Reported-at: https://scan3.coverity.com/reports.htm#v16889/p10449/fileInstanceId=14763080&defectInstanceId=4304818&mergedDefectId=180426 Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Miguel Angel Ajo <majopela@redhat.com>
Ben Pfaff [Tue, 30 May 2017 14:43:47 +0000 (07:43 -0700)]
ovs-lldp: Remove dead store to TTL configuration.
Apparently this has always used LLDP_CHASSIS_TTL as a fixed TTL, so we
might as well delete the statement just before that tries to dynamically
calculate it.
Found by Coverity.
Reported-at: https://scan3.coverity.com/reports.htm#v16889/p10449/fileInstanceId=14762612&defectInstanceId=4304824&mergedDefectId=180431 Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Dennis Flynn <drflynn@avaya.com>
Paul Blakey [Sun, 28 May 2017 11:59:45 +0000 (14:59 +0300)]
compat: Add tc compatibility headers for old kernels
Added compatibility headers for actions vlan and tunnel key.
Do not use compat code when compiling kernel datapath
there is no need for it as TC compatibility is not provided there.
In other words, the compat code is only used when compiling user-space
code against old kernel headers.
Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Acked-by: Flavio Leitner <fbl@sysclose.org> Signed-off-by: Simon Horman <simon.horman@netronome.com>
Sairam Venugopal [Thu, 25 May 2017 06:20:26 +0000 (23:20 -0700)]
ofproto-dpif: Include EthType in ct_orig_tuple feature probe
Set flow->dl_type to either ETH_TYPE_IP or ETH_TYPE_IPV6 when probing for
ct_orig_tuple feature support. This can be expanded later on to check for
both IPv4 and IPv6 support.
Fixes: daf4d3c18da4 ("odp: Support conntrack orig tuple key.") Signed-off-by: Sairam Venugopal <vsairam@vmware.com> Signed-off-by: Joe Stringer <joe@ovn.org>
Numan Siddique [Thu, 25 May 2017 08:55:51 +0000 (14:25 +0530)]
ovn-ctl: Add commands to manage OVN DB ovsdb-servers individually
This patch adds the following functions
- start_nb_ovsdb, stop_nb_ovsdb, restart_nb_ovsdb to start, stop and
restart the OVN NB DB ovsdb-server independently.
- start_sb_ovsdb, stop_sb_ovsdb, restart_sb_ovsdb to start, stop and
restart the OVN SB DB ovsdb-server independently.
These commands can be used to run ovsdb-server for each DB in a separate
container.
Signed-off-by: Numan Siddique <nusiddiq@redhat.com> Signed-off-by: Andy Zhou <azhou@ovn.org>
Alin Serdean [Mon, 22 May 2017 11:56:50 +0000 (11:56 +0000)]
build-windows: cccl fail compilation on Wimplicit-function-declaration
Gcc compiler argument -Wall contains -Wimplicit-function-declaration which
gives warnings when a function is used before declared.
Map VStudio compiler error C4013 to it.
More info on C4013:
https://msdn.microsoft.com/en-us/library/d3ct4kz9.aspx
At the moment we cannot switch to the equivalent -Werror because we need
to solve other warnings.
As a temporary solution issue an error when this warning is triggered.
This will help development on the Windows side.
Suggested-by: Ben Pfaff <blp@ovn.org> Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Alin Serdean [Mon, 22 May 2017 11:56:50 +0000 (11:56 +0000)]
windows: add definition of getpid and getcwd
getcwd - is used in lib/util.c. getcwd is deprecated on Windows but has
_getcwd which is defined in <direct.h>:
https://msdn.microsoft.com/en-us/library/sf98bd4y(v=vs.120).aspx
getpid - is used in several files (i.e. lib/vlog.c). getpid
is also and deprecated and _getpid should be used:
https://msdn.microsoft.com/en-us/library/t2y34y40(v=vs.120).aspx
The problem using _getpid is that the definition is in <process.h>.
A file called process.h also exists in the lib folder. This will mess up
includes.
An option would be to use a wrapper like we use for lib/string.h(.in) but
that would mean to also add it to the automake chain.
A simple solution would be to map it to GetCurrentProcessId
https://msdn.microsoft.com/en-us/library/windows/desktop/ms683180(v=vs.85).aspx
_getpid uses GetCurrentProcessId behind the scenes, casting the result
is not required.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com> Co-authored-by: Ben Pfaff <blp@ovn.org> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Sat, 20 May 2017 23:55:17 +0000 (16:55 -0700)]
pinctrl: Be more careful in parsing DHCPv6 and DNS.
pinctrl_handle_put_dhcpv6_opts() and pinctrl_handle_dns_lookup() were not
checking that a full UDP header was present before reading its udp_len
field. This patch fixes the problem.
I don't think that the system as a whole, as normally installed, was
exploitable. This is because pinctrl processes a packet sent to it from
ovs-vswitchd. ovs-vswitchd only sends it UDPv6 DHCPv6 packets. To
determine that the packets are DHCPv6, ovs-vswitchd has to see its UDP port
numbers are those for DHCPv6, and it's only going to see that if an entire
UDP header is present. Therefore, this part of pinctrl will only ever
process a packet for which udp_len is there.
I believe that pinctrl_handle_dns_lookup() is similar.
Reported-by: Bhargava Shastry <bshastry@sec.t-labs.tu-berlin.de> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Greg Rose <gvrose8192@gmail.com>
Ben Pfaff [Sat, 20 May 2017 23:38:24 +0000 (16:38 -0700)]
ofp-util: Fix buffer overread in ofputil_pull_queue_get_config_reply10().
msg->size isn't the relevant measurement here because we're only supposed
to read 'len' bytes. Reading more than that causes 'len' to underflow to a
large number at the end of the loop.
Reported-by: Bhargava Shastry <bshastry@sec.t-labs.tu-berlin.de> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Greg Rose <gvrose8192@gmail.com>
Joe Stringer [Wed, 24 May 2017 00:57:16 +0000 (17:57 -0700)]
checkpatch: Check for stdlib usage.
Many standard library functions are wrapped in OVS, so check for usage
of the original versions and suggest that authors replace them with the
OVS versions.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Aaron Conole <aconole@redhat.com> Acked-by: Ben Pfaff <blp@ovn.org>
Alin Serdean [Tue, 23 May 2017 17:59:07 +0000 (17:59 +0000)]
datapath-windows: add two new build targets for code analysis
Add two new build targets: 'Win8Analyze' and 'Win8.1Analyze'.
The new build targets have the static code analyzer (built in Visual
Studio feature).
This patch also introduces a new make target ('datapath_windows_analyze')
this can be added to the CI jobs to get a list warnings/errors issued
by the code analyzer.
Alin Serdean [Tue, 23 May 2017 17:59:06 +0000 (17:59 +0000)]
datapath-windows: Remove Strsafe usage from datapath
The removal is mandatory to use the VStudio 2013 static code analyzer.
The only function that was used from the include is: 'StringCbLengthA'.
We were not checking the result of that function, nor will the
'vportGet->name' exceed the 'OVS_MAX_PORT_NAME_LENGTH' limitation.
Zhengwei Gao [Wed, 17 May 2017 06:08:44 +0000 (14:08 +0800)]
Supporting ovn-northd HA colocated with OVNDB-HA
As ovn-northd parse network element between ovnnb_db and ovnsb_db,
ovn-northd need connect to ovnnb_db and ovnsb_db. OVNDB-HA feather
was implemented depend on pacemaker, ovn-northd will failover following
OVNDB-HA.
If user wants to enable ovn-northd HA colocated with OVNDB-HA depend on
pacemaker, setting parameter MANAGE_NORTHD_DEFAULT="yes" in ovndb-servers.ocf
Joe Stringer [Fri, 19 May 2017 20:27:36 +0000 (13:27 -0700)]
dpif-netlink-rtnl: Use OVS_NOT_REACHED in verify.
The vport_type_to_kind() call at the top of dpif_netlink_rtnl_verify()
ensures that these cases can never be hit, so use OVS_NOT_REACHED()
instead of setting the err to EOPNOTSUPP.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Greg Rose <gvrose8192@gmail.com> Acked-by: Eric Garver <e@erig.me>
Numan Siddique [Mon, 15 May 2017 15:39:25 +0000 (21:09 +0530)]
python ovs: Fix SSL exceptions with pyOpenSSL v0.13
Centos provides pyOpenSSL version pyOpenSSL-0.13.1-3.el7.x86_64.
There are 2 issues using this version, which this patch fixes
- The test case "simple idl verify notify - SSL" is skipped.
This is because "python -m OpenSSL.SSL" is used to detect the
presence of pyOpenSSL package. pyOpenSSL v0.13 has C python
modules because of which the above command returns 1.
So this patch fixes this by using 'python -c "import OpenSSL.SSL"'.
- The SSL.Context class does not have the function "set_session_cache_mode"
defined. Our usage here was only relevant for server-side connections,
(pssl), which is not yet supported by python-ovs, so just remove the
usage of this function. The default cache mode (server) will just
be ignored.
I have not tested with older versions (< 0.13) of pyOpenSSL.
Signed-off-by: Numan Siddique <nusiddiq@redhat.com> Acked-by: Lance Richardson <lrichard@redhat.com> Tested-by: Marcin Mirecki <mmirecki@redhat.com> Signed-off-by: Russell Bryant <rbryant@redhat.com>
Numan Siddique [Mon, 22 May 2017 01:35:44 +0000 (07:05 +0530)]
ovn-ctl: Start ovn-northd even if ovsdb-servers are not running
When '--ovn-manage-ovsdb=no' is passed to "ovn-ctl start_northd", it
doesn't start ovsdb-servers, but it expects the ovsdb-servers to be
running. If the ovsdb-servers are not running, ovn-ctl exits without
starting ovn-northd. This could create problems when ovn-northd and
ovsdb-servers are managed separately, for example when pacemaker is
used to manage ocf:ovndb-servers and ovn-northd as separate resources.
In the cases where a slave is promoted as master, it is possible that
pacemaker might start ovn-northd service before starting
ovsdb-servers.
This patch addresses this issue by not checking the status of
ovsdb-server pids when ovn-manage-ovsdb is set to true when
'start_northd' is called. ovn-northd will eventually connect to the
ovsdb-servers when they are started. So there is no harm in removing
this check.
Signed-off-by: Numan Siddique <nusiddiq@redhat.com> Signed-off-by: Andy Zhou <azhou@ovn.org>
Numan Siddique [Mon, 22 May 2017 01:35:12 +0000 (07:05 +0530)]
ovn pacemaker: Fix return code errors in start/stop action
start action returns OCF_RUNNING_MASTER in certain scenarios.
But as per the OCF guidelines, status code OCF_RUNNING_MASTER shoud
be returned only in monitor action [1].
Whenever the start action returns OCF_RUNNING_MASTER, it is observed
in the testing that, pacemaker stops the ovsdb-server ocf resource
in that node. This patch fixes this issue by returning OCF_SUCESS in
such cases.
stop action returns OCF_RUNNING_MASTER if the ovsdb-servers are
running as master. But as per the OCF guidelines [2], stop action
should only return OCF_SUCCESS. If any other code is returned,
pacemaker cluster would block that resource in that node.
This patch fixes this issue by stopping the ovsdb-servers when they
are running as masters (which is the expected case) and returns
OCF_SUCCESS.
Eric Garver [Thu, 18 May 2017 20:10:33 +0000 (16:10 -0400)]
dpif-netlink: Probe for out-of-tree tunnels, decides used interface
On dpif init, probe for whether tunnels are created using in-tree
(upstream linux) or out-of-tree (OVS). This is done by probing for the
existence of "ovs_geneve" via rtnetlink. This is used to determine how
to create the tunnel devices.
For out-of-tree tunnels, only try genetlink/compat.
For in-tree kernel tunnels, try rtnetlink then fallback to genetlink.
Signed-off-by: Eric Garver <e@erig.me> Signed-off-by: Joe Stringer <joe@ovn.org>
Eric Garver [Thu, 18 May 2017 20:10:32 +0000 (16:10 -0400)]
dpif-netlink-rtnl: Support GENEVE creation
Creates GENEVE devices using rtnetlink and tunnel metadata.
Co-Authored-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> Signed-off-by: Eric Garver <e@erig.me> Signed-off-by: Joe Stringer <joe@ovn.org>
Eric Garver [Thu, 18 May 2017 20:10:31 +0000 (16:10 -0400)]
dpif-netlink-rtnl: Support GRE creation
Creates GRE devices using rtnetlink and tunnel metadata.
Co-Authored-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> Signed-off-by: Eric Garver <e@erig.me> Signed-off-by: Joe Stringer <joe@ovn.org>
Eric Garver [Thu, 18 May 2017 20:10:30 +0000 (16:10 -0400)]
dpif-netlink-rtnl: Support VXLAN creation
Creates VXLAN devices using rtnetlink and tunnel metadata.
Co-Authored-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> Signed-off-by: Eric Garver <e@erig.me> Signed-off-by: Joe Stringer <joe@ovn.org>
Eric Garver [Thu, 18 May 2017 20:10:29 +0000 (16:10 -0400)]
dpif-netlink: Support rtnetlink port creation.
In order to be able to add those tunnels, we need to add code to create
the tunnels and add them as NETDEV vports. And when there is no support
to create them, we need to fallback to compatibility code and add them
as tunnel vports.
When removing those tunnels, we need to remove the interfaces as well,
and detecting the right type might be important, at least to distinguish
the tunnel vports that we should remove and the interfaces that we
shouldn't.
Co-authored-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> Signed-off-by: Eric Garver <e@erig.me> Signed-off-by: Joe Stringer <joe@ovn.org>
Eric Garver [Thu, 18 May 2017 20:10:28 +0000 (16:10 -0400)]
dpif-netlink: Refactor code to create compat ports
This breaks up creating compat ports so we can reuse some of the code to
create ports with rtnetlink.
Co-authored-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> Signed-off-by: Eric Garver <e@erig.me> Signed-off-by: Joe Stringer <joe@ovn.org>
netdev: get device type from vport prefix if it uses one
If the device name uses a vport prefix, then use that vport type.
Since these names are reserved, we can assume this is the right type.
This is important when we are querying the datapath right after vswitch has
started and using the right type will be even more important when we add support
to creating tunnel ports with rtnetlink.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> Signed-off-by: Joe Stringer <joe@ovn.org>
The very long function compose_output_action__() has been re-factored to make
the different cases for output to patch-port, native tunnel port, kernel tunnel
port, recirculation, or termination of a native tunnel at output to LOCAL port
clearer. Larger, self-contained blocks have been split out into separate
functions.
Signed-off-by: Jan Scheurich <jan.scheurich@ericsson.com> Co-authored-by: Zoltan Balogh <zoltan.balogh@ericsson.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Gábor Szűcs [Thu, 18 May 2017 22:57:44 +0000 (15:57 -0700)]
bfd: Fix signs in ovs-appctl bfd/show Detect Time, Next Tx Time, Last TX Time
ovs-appctl bfd/show command printout
shows negative time lag from now for upcoming events:
Detect Time: now -2632ms
Next TX Time: now -800ms
and positive time lag from now for past event:
Last TX Time: now +150ms
The fix negates the signs.
Signed-off-by: Gábor Szűcs <gabor.sz.cs@ericsson.com> Co-authored-by: Csaba Ihllye <csaba.ihllye@ericsson.com> Signed-off-by: Csaba Ihllye <csaba.ihllye@ericsson.com> Signed-off-by: Andy Zhou <azhou@ovn.org>
Joe Stringer [Thu, 18 May 2017 22:44:51 +0000 (15:44 -0700)]
rhel: Fix openvswitch.spec install.
This is the equivalent change of 2f4f43bfddfd ("rhel: fix the fedora
spec") for the regular openvswitch.spec. From that patch:
When commit d0c961a99f57 ("lib/automake.mk: don't install runtime
directories") landed, it broke RPM based builds since the requisite
directories were no longer available. This commit adds those
directories back when making RPMs so that the packagemanager can see
them.
Fixes: d0c961a99f57 ("lib/automake.mk: don't install runtime directories") Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Greg Rose <gvrose8192@gmail.com>
Eelco Chaudron [Tue, 9 May 2017 07:08:54 +0000 (09:08 +0200)]
dpif-netdev: The pmd-*-show commands will show info in core order
The "ovs-appctl dpif-netdev/pmd-rxq-show" and "ovs-appctl
dpif-netdev/pmd-stats-show" commands show their output per core_id,
sorted on the hash location. My OCD was kicking in when using these
commands, hence this change to display them in natural core_id order.
In addition I had to change a test case that would fail if the cores
where not in order in the hash list. This is due to OVS assigning
queues to cores based on the order in the hash list. The test case now
checks if any core has the set of queues in the given order.
Manually tested this on my setup, and ran clang-analyze.
Signed-off-by: Eelco Chaudron <echaudro@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Mon, 8 May 2017 14:43:17 +0000 (10:43 -0400)]
docs: Improve formatting for daemon options in a few manpages.
daemon.man is meant to have a heading above it, but in a few manpages its
text was running directly into the previous documentation because this had
been overlooked.
By adding .PP to daemon.man, we make this problem less severe if the
heading is similarly omitted in future manpages, since at least it will
then have its own paragraph instead of running into the previous one.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Andy Zhou <azhou@ovn.org>
Ben Pfaff [Fri, 5 May 2017 22:18:45 +0000 (18:18 -0400)]
sparse: Avoid warnings compiling stream-ssl.c.
This change avoids the following "sparse" warnings:
/usr/include/inttypes.h:105:10: warning: preprocessor token PRIu64 redefined
/usr/include/openssl/e_os2.h:275:12: this was the original definition
With this change, the build is again "sparse" clean.
I did not look into the details of this particular issue. However, the
upshot is that including <inttypes.h> before any OpenSSL header avoids the
warning and the opposite order provokes it.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Darrell Ball <dlu998@gmail.com>
netdev-dpdk: add support for rx_multicast_packets counter
This patch enables already implemented ifInMulticastPkts counter in sFlow for
DPDK interfaces. Metric is retrieved from DPDK by using extended statistic API
and stored in 'multicast' member of netdev_stats structure, which represents
number of incoming packets that were addressed to a multicast address.
Signed-off-by: Przemyslaw Szczerbik <przemyslawx.szczerbik@intel.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
dpif-netdev: Fix comments for dp_netdev_pmd_thread struct.
The sorted subtable ranking patch introduced a classifier instance per
ingress port with its subtables ranked on the frequency of hits. The PMD
thread can have more classifier instances now and solely depends on the
number of ingress ports currently handled by the pmd thread.
Fixes: 3453b4d62a98 ("dpif-netdev: dpcls per in_port with sorted subtables") Signed-off-by: Bhanuprakash Bodireddy <bhanuprakash.bodireddy@intel.com> Acked-by: Kevin Traynor <ktraynor@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Update the documentation with the information on the megaflow hits
observed with the default 'emc-insert-inv-prob' value. Also add the
recommended setting for achieving higher forwarding performance.
Signed-off-by: Bhanuprakash Bodireddy <bhanuprakash.bodireddy@intel.com> CC: Ciara Loftus <ciara.loftus@intel.com> CC: Georg Schmuecking <georg.schmuecking@ericsson.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Kevin Traynor <ktraynor@redhat.com>
dpif-netdev: Skip EMC lookup when EMC is disabled.
Conditional EMC insert patch gives the flexibility to configure the
probability of flow insertion in to EMC. This also allows an option to
entirely disable EMC by setting 'emc-insert-inv-prob=0' which can be
useful at large number of parallel flows.
This patch skips EMC lookup when EMC is disabled. This is useful to
avoid wasting CPU cycles and also improve performance considerably.
Signed-off-by: Bhanuprakash Bodireddy <bhanuprakash.bodireddy@intel.com> CC: Ciara Loftus <ciara.loftus@intel.com> CC: Georg Schmuecking <georg.schmuecking@ericsson.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Kevin Traynor <ktraynor@redhat.com> Acked-by: Darrell Ball dlu998@gmail.com
netdev-dpdk: fix ifindex assignment for DPDK ports
In current implementation port_id is used as an ifindex for all netdev-dpdk
interfaces.
For physical DPDK interfaces using port_id as ifindex causes that '0' is set as
ifindex for 'dpdk0' interface, '1' for 'dpdk1' and so on. For the DPDK vHost
interfaces ifindexes are not even assigned (0 is used by default) due to the
fact that vHost ports don't use port_id field from the DPDK library.
This causes multiple negative side-effects. First of all 0 is an invalid
ifindex value. The other issue is possible overlapping of 'dpdkX' interfaces
ifindex values with the ifindexes of kernel space interfaces which may cause
problems in any external tools that use those values. Neither 'dpdk0', nor any
DPDK vHost interfaces are visible in sFlow collector tools, as all interfaces
with ifindexes smaller than 1 are ignored.
Proposed solution to these issues is to calculate a hash of interface's name
and use calculated value as an ifindex. This way interfaces keep their
ifindexes during OVS-DPDK restarts, ports re-initialization events, etc., show
up in sFlow collectors and meet RFC 2863 specification regarding re-using
ifindex values by the same virtual interfaces and maximum ifindex value.
Joe Stringer [Fri, 21 Apr 2017 20:33:55 +0000 (13:33 -0700)]
configure: Reset libtool CURRENT version.
Since commit f12e09b7b2e5 ("libopenvswitch: Rename to libfoo-X.Y."), the
CURRENT libtool number is no longer derived from the OVS MINOR (from
vMAJOR.MINOR.MICRO) version, so it can be reset to 0.
Developers should attempt to avoid introducing ABI-breaking changes
within a particular OVS-X.Y release series. Occasionally due to the
nature of a particular bug, this is not possible. In such a case,
developers must update the libtool CURRENT version to indicate this
breakage to library users.
In most OVS library releases, this is expected to remain 0.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Joe Stringer [Wed, 26 Apr 2017 20:47:49 +0000 (13:47 -0700)]
libopenvswitch: Rename to libfoo-X.Y.
The current intent for Open vSwitch is to maintain libopenvswitch ABI
stability for minor versions, for example each release within the 2.7.z
series. According to the following documentation, no changes to exported
headers should be made.
However, it is occasionally necessary to make changes to
{include/openvswitch,lib}/*.h headers to fix issues within a given
release series. The current libtool tagging mechanism in the build
system does not allow for this without creating a conflict between the
libtool 'current' version and the next minor release of OVS.
This patch modifies libopenvswitch build to include the MAJOR.MINOR
release version in the libX name, and include the libtool CURRENT and
OVS MICRO release in the libtool versioning tags to indicate library
stability. The resulting format is "libfoo-X.Y.so.CURRENT.0.Z" for OVS
release "X.Y.Z".
Developers should still attempt to avoid introducing ABI-breaking changes
within a particular OVS-X.Y release series, but if this is not possible
this patch introduced a mechanism to allow an ABI-breaking fix to be
introduced. In such a case, developers may update the libtool CURRENT
version to indicate this breakage to library users.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
William Tu [Wed, 10 May 2017 21:45:09 +0000 (14:45 -0700)]
tests: Test native tunneling underlay match.
Add a test that checks that native tunneling flow
matching is working. The test verifies that outer L2 and L3
flow fields populated in the overlay bridge can be
matched in the underlay bridge.
Co-Authored-by: Joe Stringer <joe@ovn.org> Co-Authored-by: Darrell Ball <dlu998@gmail.com> Signed-off-by: William Tu <u9012063@gmail.com> Signed-off-by: Darrell Ball <dlu998@gmail.com> Signed-off-by: Joe Stringer <joe@ovn.org>
Without the fix, this test currently consistently fail when running
on Travis CI. Connecting to the controller can take more time than
running locally. Because the exact connecting time is variable, the
exact output should not be used for correctness checking.
Fixes: 85c55772a453(bridge: Fix controller status update) Signed-off-by: Andy Zhou <azhou@ovn.org> Acked-by: Joe Stringer <joe@ovn.org>
Shashank Ram [Wed, 17 May 2017 16:30:49 +0000 (09:30 -0700)]
datapath-windows: Set Version correctly for OVSExt
- Previously, the 'Version' property passed to MSBuild
was not being passed to the RcComplile section. To
use the value of 'Version' property in the rc file,
it needs to be passed.
- Adds a macro to convert the Version to a string literal.
Previously, the Version was simply being converted
to a literal text 'Version' instead of the the version
number passed using the 'Version' property to MSBuild.
Andy Zhou [Wed, 10 May 2017 22:10:59 +0000 (15:10 -0700)]
bridge: Fix controller status update
When multiple bridges connects to the same controller, the controller
status should be maintained separately for each bridge. Current
logic pushes status updates only based on the connection string,
which is the same across multiple bridges when connecting to the
same controller.
Report-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2017-May/044412.html Reported-by: Tulio Ribeiro <tribeiro@lasige.di.fc.ul.pt> Signed-off-by: Andy Zhou <azhou@ovn.org> Reviewed-by: Greg Rose <gvrose@8192@gmail.com>
Joe Stringer [Mon, 8 May 2017 18:15:39 +0000 (11:15 -0700)]
Revert "tunneling: Avoid recirculation on datapath."
This reverts commit f1dac5128ce6db2e493f0d1c7a8b53fb9f34476f. When this
commit was introduced, it broke the 'make check-system-userspace'
testsuite. It appears that the new translation fails to modify the flow
in a way that would represent the flow as an encapsulated flow when the
traffic is patched through to the second bridge. As such, rather than
matching on, for example, "ip,proto=47" for gre, it would use the inner
packet's flow headers. It also results in problems reporting statistics,
as the tunnel's header is not reflected in subsequent statistics and
truncation is not properly applied during translation.
While a refreshed approach to solving the above problem is formed,
revert this patch.
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/331972.html Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Greg Rose <gvrose8192@gmail.com>
The code in checkpatch inconsistently stripped "a/" or "b/" from the
beginning of a file name, and the check for "datapath" only worked when
the prefix was not stripped. This fixes the problem.
Acked-by: Aaron Conole <aconole@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Jan Scheurich [Sat, 6 May 2017 15:49:43 +0000 (15:49 +0000)]
userspace: Support for push_eth and pop_eth actions
Add support for actions push_eth and pop_eth to the netdev datapath and
the supporting libraries. This patch relies on the support for these actions
in the kernel datapath to be present.
Signed-off-by: Lorand Jakab <lojakab@cisco.com> Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: Jiri Benc <jbenc@redhat.com> Signed-off-by: Yi Yang <yi.y.yang@intel.com> Signed-off-by: Jean Tourrilhes <jt@labs.hpe.com> Signed-off-by: Jan Scheurich <jan.scheurich@ericsson.com> Co-authored-by: Zoltan Balogh <zoltan.balogh@ericsson.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Anand Kumar [Thu, 4 May 2017 22:12:54 +0000 (15:12 -0700)]
datapath-windows: Fragment NBL based on MRU size
This patch adds support for Fragmenting NBL based on the MRU value.
MRU value is updated only for Ipv4 fragments, if it is non zero, then
fragment the NBL and send out the new NBL to the vnic.
Signed-off-by: Anand Kumar <kumaranand@vmware.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Anand Kumar [Thu, 4 May 2017 22:12:52 +0000 (15:12 -0700)]
datapath-windows: Retain MRU value in the _OVS_BUFFER_CONTEXT.
This patch introduces a new field MRU(Maximum Recieved Unit) in the
_OVS_BUFFER_CONTEXT and it is used only for Ip Fragments to retain MRU for
the reassembled IP datagram when the packet is forwarded to userspace.
Signed-off-by: Anand Kumar <kumaranand@vmware.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Anand Kumar [Thu, 4 May 2017 22:12:51 +0000 (15:12 -0700)]
datapath-windows: Added Ipv4 fragments support in Conntrack
This patch adds support for tracking Ipv4 fragments in conntrack module.
Individual fragments are not tracked and are consumed by the
fragmentation/reassembly. Only the reassembled Ipv4 datagram is tracked and
treated as a single ct entry.
Signed-off-by: Anand Kumar <kumaranand@vmware.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Anand Kumar [Thu, 4 May 2017 22:12:50 +0000 (15:12 -0700)]
datapath-windows: Added a new file to support Ipv4 fragments.
This patch adds functionalities to support IPv4 fragments, which will be
used by Conntrack module.
Added a new structure to hold the Ipv4 fragments and a hash table to
hold Ipv4 datagram entries. Also added a clean up thread that runs
every minute to delete the expired IPv4 datagram entries.
The individual fragments are ignored by the conntrack. Once all the
fragments are recieved, a new NBL is created out of the reassembled
fragments and conntrack executes actions on the new NBL.
Created new APIs OvsProcessIpv4Fragment() to process individual fragments,
OvsIpv4Reassemble() to reassemble Ipv4 fragments.
Signed-off-by: Anand Kumar <kumaranand@vmware.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
projects / mirror_ovs.git / log