Ben Pfaff [Thu, 25 Oct 2018 17:34:41 +0000 (10:34 -0700)]
connmgr: Modernize coding style.
This moves declarations closer to first use and merges them with
initialization when possible, moves "for" loop variable declarations into
the "for" statements where possible, and otherwise makes this code look
like it was written a little more recently than it was.
Reviewed-by: Yifeng Sun <pkusunyifeng@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
dpif: Restore a few lines with form feed characters
A few lines with form feed characters (ASCII: ^L) were accidentally
deleted by a recent commit to support rebalancing of offloaded flows.
This patch reverts those lines.
Ben Pfaff [Tue, 30 Oct 2018 22:03:17 +0000 (15:03 -0700)]
ovn-northd: Improve hashing for chassis queues.
The key for a "struct ovn_chassis_qdisc_queues" is a Chassis UUID and a
queue_id, but only the UUID was being hashed, so if there was more than one
per chassis then they'd all end up in the same hash bucket, which is
needlessly inefficient. (And if there's only one per chassis then why do
we bother allocating them at all?)
Found by inspection.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Numan Siddique <nusiddiq@redhat.com>
Yi-Hung Wei [Tue, 30 Oct 2018 20:47:25 +0000 (13:47 -0700)]
ovs-lib.in: Remove unnecessary conntrack flush
We introduced flush-conntrack in force-reload-kmod script by commit 8bea39b186ca ("datapath: Prevent panic") to prevent kernel panic.
It turns out that the kernel panic is actually triggered by the
IPv4 secret timer, and it is fixed by commit 121905984724 ("compat: Initialize IPv4 reassembly secret timer").
This commit removes the unnecessary conntrack flush in the script.
Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com> CC: Greg Rose <gvrose8192@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Reviewed-by: Greg Rose <gvrose8192@gmail.com>
Jianbo Liu [Mon, 29 Oct 2018 08:29:41 +0000 (08:29 +0000)]
dpif-netlink: Don't destroy and recreate port if it exists
In commit 7521e0cf9e ('ofproto-dpif: Let the dpif report when a port is
a duplicate'), the checking of port existence before adding was removed,
and it's up to the dpif to check if port exists and add only if needed.
But the port can't be added to datapath if already exists. Then it will
be destroyed and created again. This causes problem because configuration
may miss. For example, if creating two vxlan on the same port, its ingress
qdisc will be lost after recreated.
Fixes: 7521e0cf9e88 ("ofproto-dpif: Let the dpif report when a port is a duplicate.") Signed-off-by: Jianbo Liu <jianbol@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
lib/ofp-table.c:1454:42: error: \
format specifies type 'unsigned char' but the argument has type 'int'
ds_put_format(s, "\n table %"PRIu8, table);
~~ ^~~~~
CC: Ben Pfaff <blp@ovn.org> Fixes: b47e7e2bac7f ("ofp-table: Always format the table number in table features.") Signed-off-by: Ilya Maximets <i.maximets@samsung.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ilya Maximets [Mon, 29 Oct 2018 14:46:33 +0000 (17:46 +0300)]
manpages: Include ovs.tmac in most man roots.
This allows to not redefine common macroses in every single
file and allowes using things like .EX without warying about
compatibility.
manpages.mk updated automatically.
Files that are already complete pages (i.e. has no *.in sources)
wasn't touched, because this will require additional file
manipulations and changes in makefiles/specs without serious
profit.
Signed-off-by: Ilya Maximets <i.maximets@samsung.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Thu, 30 Aug 2018 18:03:12 +0000 (11:03 -0700)]
ofp-table: Always format the table number in table features.
Table features should indicate the table number as well as the table
name. Before this, the first line for each table looked like this:
table myname ("myname"):
but it's more useful if it's:
table 123 ("myname"):
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Justin Pettit <jpettit@ovn.org>
Ben Pfaff [Mon, 27 Aug 2018 22:40:35 +0000 (15:40 -0700)]
ofp-table: Ignore bits that have to change according to OpenFlow.
OpenFlow table feature replies contain a per-table bitmap that indicates
which tables a flow can point to in goto_table actions. OpenFlow requires
that a table only be able to go to higher-numbered tables. This means that
a switch that is general as possible will always have different features
for every table, since each one will have a different bitmap. This makes
the output of "ovs-ofctl dump-table-features" pretty long and ugly because
it has about 250 entries like this:
table %d:
metadata: match=0xffffffffffffffff write=0xffffffffffffffff
max_entries=%d
instructions (table miss and others):
next tables: %d-253
(same instructions)
(same actions)
(same matching)
This commit changes the logic that prints table features messages so that
it considers two sequentially numbered tables to be the same if only the
bit that necessarily must be tunred off changes. This reduces the hundreds
of entries above to just:
tables 1...253: ditto
which is so much more readable.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Justin Pettit <jpettit@ovn.org>
Zak Whittington [Fri, 26 Oct 2018 22:06:28 +0000 (15:06 -0700)]
ofp-msgs: Added ONF_ and NXT_REQUESTFORWARD for OF1.0-1.3
Backported OFPT14_REQUESTFORWARD to OF1.0-1.3.
OF 1.0-1.2 use an NXT Nicira extension while OF 1.3
uses an ONF extension (ONF version is specified in a
previously published ONF spec sheet).
Includes ofp-print tests for multiple inner message
types, and multiple OF versions including the NXT and ONF.
Also includes more end-to-end ofproto tests for both
NXT OF1.0 and also ONF OF1.3.
VMware-BZ: 2136594 Signed-off-by: Zak Whittington <zwhitt.vmware@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Yifeng Sun [Thu, 25 Oct 2018 21:41:50 +0000 (14:41 -0700)]
NSH: Fix NSH-related length macros that cause stack overflow
In the filed of ver_flags_ttl_len of struct nshhdr, there are only 6
bits that are used to indicate header's total length in 4-byte words.
Therefore, the max value for total is 252 (63x4), instead of 256 used
in present code base. This patch fixes it.
Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10855 Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Yifeng Sun [Thu, 25 Oct 2018 21:49:14 +0000 (14:49 -0700)]
odp-util: Properly handle the return values of scan_XXX functions
Functions like scan_u8, return 0 when they failed to scan the expected
values. Function scan_geneve failed to check this situation. This leads
to using of uninitialized value of opt_len_mask. This patch fixes it
and further inspects and fixes all the problematic places where
the return values of scan_XXX functions are not properly handled.
Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10800 Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Yifeng Sun [Thu, 25 Oct 2018 23:17:23 +0000 (16:17 -0700)]
ofctl_parse_target: Only parse complete ofputil_flow_mod data.
When parse_ofp_flow_mod_str returns error, `fm` is incomplete and pointers
in it may be null, e.g. fm.match.flow. In this case, passing it to
ofctl_parse_flows__ may cause pointer errors because ofctl_parse_flows__
expects a valid input of type struct ofputil_flow_mod.
Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11110 Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Zak Whittington [Thu, 25 Oct 2018 18:09:09 +0000 (11:09 -0700)]
bridge.c: prevent controller connects while flow-restore-wait
When force-reload-kmod is used, it shows an error when reinstalling
tlvs during "Restoring saved flows" step:
OFPT_ERROR (xid=0x4): NXTTMFC_ALREADY_MAPPED
This is caused by a race condition between the restore script,
which calls ofctl, and the connected controllers both adding back
the same TLVs.
The restore script already sets flow-restore-wait to true while
doing flow restoration, and sets it back to false after it is
done, and this patch utilizes that fact to prevent the TLV race.
It does this by preventing vswitchd from connecting to
controllers in the controller table while it is in a
flow-restore-wait state.
With this patch, when bridge_configure_remotes() calls
bridge_get_controllers(), it first checks if flow-restore-wait
has been set, and if so, it ignores any controllers in the
controller database and sets n_controllers to 0.
This solution does preserve the management service controller
which is added via bridge_ofproto_controller_for_mgmt() after
checking whether we should call bridge_get_controllers()
(and thus n_controllers is properly set to 1, etc)
VMware-BZ: 2195377 Signed-off-by: Zak Whittington <zwhitt.vmware@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Bhargava Shastry [Mon, 15 Oct 2018 09:23:33 +0000 (11:23 +0200)]
ossfuzz: Add ofctl parse target
This patch adds a new target called ofctl_parse_target to
ossfuzz. The main idea is to begin to fuzz APIs from the ofctl utility
program. At a later point, these may be added. For the moment, this patch
only fuzzes APIs that parse flow mod commands.
This target is demonstrably capable of finding memory corruption defects
in the parsing path. To aid the fuzzing process, a dictionary file
containing tokens specific to this parsing path have been added.
Signed-off-by: Bhargava Shastry <bshastry@sect.tu-berlin.de> Signed-off-by: Ben Pfaff <blp@ovn.org>
Numan Siddique [Thu, 18 Oct 2018 11:17:05 +0000 (16:47 +0530)]
connmgr: Fix vswitchd abort when a port is added and the controller is down
We see the below trace when a port is added to a bridge and the configured
controller is down
0x00007fb002f8b207 in raise () from /lib64/libc.so.6
0x00007fb002f8c8f8 in abort () from /lib64/libc.so.6
0x00007fb004953026 in ofputil_protocol_to_ofp_version () from /lib64/libopenvswitch-2.10.so.0
0x00007fb00494e38e in ofputil_encode_port_status () from /lib64/libopenvswitch-2.10.so.0
0x00007fb004ef1c5b in connmgr_send_port_status () from /lib64/libofproto-2.10.so.0
0x00007fb004efa9f4 in ofport_install () from /lib64/libofproto-2.10.so.0
0x00007fb004efbfb2 in update_port () from /lib64/libofproto-2.10.so.0
0x00007fb004efc7f9 in ofproto_port_add () from /lib64/libofproto-2.10.so.0
0x0000556d540a3f95 in bridge_add_ports__ ()
0x0000556d540a5a47 in bridge_reconfigure ()
0x0000556d540a9199 in bridge_run ()
0x0000556d540a02a5 in main ()
The abort is because of ofputil_protocol_to_ofp_version() is called with invalid
protocol - OFPUTIL_P_NONE. Please see [1] for more details. Similar aborts are
seen as reported in [2].
The commit [3] changed the behavior of the function rconn_get_version().
Before the commit [3], the function ofconn_receives_async_msg() would always
return false if the connection to the controller was down, since
rconn_get_version() used to return -1. This patch now checks the rconn
connection status in ofconn_receives_async_msg() and returns false if not
connected. This would avoid the aborts seen in the above stack trace.
The issue can be reproduced by running the test added in this patch
without the fix.
Yifeng Sun [Thu, 18 Oct 2018 21:10:48 +0000 (14:10 -0700)]
odp-util: Move ufid handling to odp_flow_from_string
When parse_odp_key_mask_attr runs into ufid, it returns length of ufid
without further parsing. This causes problem to set action in function
parse_odp_action where nested nlattrs are expected from ofpbuf after.
Since in all callers of parse_odp_key_mask_attr, only odp_flow_from_string
needs to understand ufid. This patch moves ufid parsing from
parse_odp_key_mask_attr out to odp_flow_from_string.
Reported-by: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10850 Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Yifeng Sun [Thu, 18 Oct 2018 21:10:49 +0000 (14:10 -0700)]
odp-util: Initialize nsh_hdr in odp_nsh_hdr_from_attr
For function odp_nsh_hdr_from_attr, paramemter `attr` may not contain
all necessary OVS_NSH_KEY_ATTR_ to fully initialize data of nsh_hdr.
On return, nsh_hdr can contain uninitialized values in its fields.
This patch zeroes out nsh_hdr in the beginning in order to prevent it.
Reported-by: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10863 Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Yifeng Sun [Thu, 18 Oct 2018 21:10:47 +0000 (14:10 -0700)]
ofp-port: Free memory on error in ofp_print_ofpst_port_reply
Counters in ops->custom_stats may already be valid at this error point.
This patch frees the leaked memory.
Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10322 Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
This test is intended to cover flow_put operation for datapath
flow modifications.
Original bug was reported here:
https://mail.openvswitch.org/pipermail/ovs-dev/2018-September/352579.html
And fixed by commit: 35fe9efb2f02 ("dpif-netdev: Add vlan to mask for flow_put operation.")
Signed-off-by: Ilya Maximets <i.maximets@samsung.com> Co-authored-by: Ben Pfaff <blp@ovn.org> Signed-off-by: Ben Pfaff <blp@ovn.org> Signed-off-by: Ian Stokes <ian.stokes@intel.com>
revalidator: Rebalance offloaded flows based on the pps rate
This is the third patch in the patch-set to support dynamic rebalancing
of offloaded flows.
The dynamic rebalancing functionality is implemented in this patch. The
ukeys that are not scheduled for deletion are obtained and passed as input
to the rebalancing routine. The rebalancing is done in the context of
revalidation leader thread, after all other revalidator threads are
done with gathering rebalancing data for flows.
For each netdev that is in OOR state, a list of flows - both offloaded
and non-offloaded (pending) - is obtained using the ukeys. For each netdev
that is in OOR state, the flows are grouped and sorted into offloaded and
pending flows. The offloaded flows are sorted in descending order of
pps-rate, while pending flows are sorted in ascending order of pps-rate.
The rebalancing is done in two phases. In the first phase, we try to
offload all pending flows and if that succeeds, the OOR state on the device
is cleared. If some (or none) of the pending flows could not be offloaded,
then we start replacing an offloaded flow that has a lower pps-rate than
a pending flow, until there are no more pending flows with a higher rate
than an offloaded flow. The flows that are replaced from the device are
added into kernel datapath.
A new OVS configuration parameter "offload-rebalance", is added to ovsdb.
The default value of this is "false". To enable this feature, set the
value of this parameter to "true", which provides packets-per-second
rate based policy to dynamically offload and un-offload flows.
Note: This option can be enabled only when 'hw-offload' policy is enabled.
It also requires 'tc-policy' to be set to 'skip_sw'; otherwise, flow
offload errors (specifically ENOSPC error this feature depends on) reported
by an offloaded device are supressed by TC-Flower kernel module.
revalidator: Gather packets-per-second rate of flows
This is the second patch in the patch-set to support dynamic rebalancing
of offloaded flows.
The packets-per-second (pps) rate for each flow is computed in the context
of revalidator threads when the flow stats are retrieved. The pps-rate is
computed only after a flow is revalidated and is not scheduled for
deletion. The parameters used to compute pps and the pps itself are saved
in udpif_key since they need to be persisted across iterations of
rebalancing.
dpif-netlink: Detect Out-Of-Resource condition on a netdev
This is the first patch in the patch-set to support dynamic rebalancing
of offloaded flows.
The patch detects OOR condition on a netdev port when ENOSPC error is
returned by TC-Flower while adding a flow rule. A new structure is added
to the netdev called "netdev_hw_info", to store OOR related information
required to perform dynamic offload-rebalancing.
Lorenzo Bianconi [Thu, 18 Oct 2018 14:05:56 +0000 (16:05 +0200)]
OVN: add buffering support for ip packets
Add buffering support for IPv4/IPv6 packets that will be processed
by arp{}/nd_ns{} action when L2 address is not discovered yet since
otherwise the packet will be substituted with an ARP/Neighbor
Solicitation frame and this will result in the lost of the first
packet of the connection.
Moreover fix following automatic tests broken by ip-buffering support
since now original ip packets are transmitted by OVN logical
router:
- ovn -- 3 HVs, 3 LS, 3 lports/LS, 1 LR
- ovn -- /32 router IP address
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Wed, 22 Aug 2018 22:12:39 +0000 (15:12 -0700)]
netdev-dummy: Initialize new dummy ports as "up".
Dummy ports started out down and hardly any of the tests ever brought them
up. This led to some odd test results and caused problems for testing with
controllers that didn't bother with ports that were down, like recent
versions of Faucet. There doesn't seem to be a big reason for them to be
down by default, so this commit changes them to be up by default. It also
updates the tests to match the new behavior.
Ben Pfaff [Thu, 23 Aug 2018 20:41:03 +0000 (13:41 -0700)]
ofproto: Move may_enable from ofport_dpif to ofport.
This concept of whether a port is suitable to be "live" in the sense of the
OpenFlow OFPPS_LIVE bit is a generic one that can be handled at the ofproto
layer instead of needing to be part of ofproto-dpif.
An upcoming commit will make more use of this at the ofproto layer.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Numan Siddique <nusididq@redhat.com>
Ben Pfaff [Thu, 23 Aug 2018 20:21:59 +0000 (13:21 -0700)]
ofproto: Refactor update_port().
update_port() worked a little too hard to avoid copying and comparing some
bits in the ofputil_phy_port. This seems like a simpler approach all
around. It should behave the same way.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Numan Siddique <nusididq@redhat.com>
Ben Pfaff [Wed, 22 Aug 2018 21:59:24 +0000 (14:59 -0700)]
connmgr: Suppress duplicate port status notifications.
When the status of a port changes, ofproto calls into connmgr to notify
controllers. Sometimes, particular changes are only visible to controllers
running specific versions of OpenFlow. Until now, OVS would send those
controllers duplicate port status notifications. This is unnecessary and
somewhat confusing. This commit eliminates it.
This commit updates one of the tests not to expect duplicate notifications.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Numan Siddique <nusididq@redhat.com>
Ben Pfaff [Wed, 10 Oct 2018 20:35:00 +0000 (13:35 -0700)]
bond: Honor updelay and downdelay when LACP is in use.
Since OVS added LACP support back in 2011, bonds have ignored the updelay
and downdelay values for bonds with configured LACP. The reason is not
clear, but at least one user needs support in this case, so this commit
enables it.
Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2018-October/047490.html Reported-by: Daniel Leaberry <dleaberry@purestorage.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Justin Pettit <jpettit@ovn.org>
Ilya Maximets [Tue, 16 Oct 2018 16:47:16 +0000 (19:47 +0300)]
netdev-bsd: Fix build failure because of undefined NO_OFFLOAD_API.
NO_OFFLOAD_API was removed while netdev classes initialization
refactoring, but netdev-bsd still uses it. Instead of
redefining it, I just refactored the BSD classes to be same
as other netdevs.
CC: Ben Pfaff <blp@ovn.org> Fixes: 89c09c1cd1f0 ("netdev: Clean up class initialization.") Signed-off-by: Ilya Maximets <i.maximets@samsung.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Eli Britstein [Thu, 11 Oct 2018 07:06:43 +0000 (10:06 +0300)]
netdev-tc-offloads: TC csum option is not matched with tunnel configuration
Tunnels (gre, geneve, vxlan) support 'csum' option (true/false), default is false.
Generated encap TC rule will now be configured as the tunnel configuration.
Signed-off-by: Eli Britstein <elibr@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Signed-off-by: Simon Horman <simon.horman@netronome.com>
Ben Pfaff [Mon, 15 Oct 2018 18:33:28 +0000 (11:33 -0700)]
Revert "OVN: add buffering support for ip packets"
This reverts commit 2e5cdb4b13924e275ca0776ca0f4147bf5ff7885. With the
commit applied, testing with only a single CPU core, e.g. by running "make
check" under "taskset -c 2", test '2649: ovn -- 3 HVs, 3 LS, 3 lports/LS, 1
LR' fails, apparently reliably.
The commit should be re-applied once the issue with the test is worked out.
Reported-by: Ilya Maximets <i.maximets@samsung.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Yi-Hung Wei [Wed, 10 Oct 2018 23:21:57 +0000 (16:21 -0700)]
datapath: compat: Fix compilation issue with grsecurity patch
Grsecurity patch enables GCC's constify plugin so that it will
automatically constify a class of type that contains only function
pointers. However, if the type is also specified by __read_mostly, it
will put the constify object into the read_mostly section that results
in compilation error. This patch works around the compilation issue by
disabling __ready_mostly when grsecurity patch is applied.
Tested with 4.14.33 kernel with grsecurity patch.
Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Tested-by: Greg Rose <gvrose8192@gmail.com> Reviewed-by: Greg Rose <gvrose8192@gmail.com>
2. Fully broken Travis-CI testsuite build:
building 'ovs._json' extension
creating build/temp.linux-x86_64-2.7
error: could not create 'build/temp.linux-x86_64-2.7': \
Permission denied
https://travis-ci.org/openvswitch/ovs/jobs/440693765
3. Broken local testsuite build on Ubuntu 18.04:
running build_ext
building 'ovs._json' extension
creating build/temp.linux-x86_64-3.6
creating build/temp.linux-x86_64-3.6/ovs
<...>
/usr/bin/ld: .libs/libopenvswitch.a(util.o): \
relocation R_X86_64_TPOFF32 against `var.7749' can not be \
used when making a shared object; recompile with -fPIC
<...>
collect2: error: ld returned 1 exit status
4. Fedora build failure because of 'setuptools' ('distutils')
hard dependency on 'redhat-rpm-config' package:
building 'ovs._json' extension
<...>
gcc: error: <...>/redhat-hardened-cc1: No such file or directory
5. Looks like 'setuptools' also could download and install
unwanted python modules during package build.
Signed-off-by: Ilya Maximets <i.maximets@samsung.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Tue, 21 Aug 2018 03:25:51 +0000 (20:25 -0700)]
ofproto-dpif-xlate: Avoid deadlock on multicast snooping recursion.
Until now, OVS did multicast snooping outputs holding the read-lock on
the mcast_snooping object. This could recurse via a patch port to try to
take the write-lock on the same object, which deadlocked. This patch fixes
the problem, by releasing the read-lock before doing any outputs.
It would probably be better to use RCU for mcast_snooping. That would be
a bigger patch and less suitable for backporting.
Reported-by: Sameh Elsharkawy
Reported-at: https://github.com/openvswitch/ovs-issues/issues/153 Signed-off-by: Ben Pfaff <blp@ovn.org>
system-dpdk: Connect network namespaces via dpdkvhostuser ports
This adds a few unit tests to the 'check-dpdk' subsystem that will
exercise allocations of two network namespaces, PMDs, and the
vhost-user and vhost-user-client code path(separate tests).
As part of the tests, userspace bridge is added and attached to OVS.
Also, the tap devices created are added to the network namespaces.
The ultimatum is to connect the two network namespaces by pinging them.
system-dpdk: Use a different character marker for sed commands
The default marker for sed commands according to the manual is /, but this
is inconvenient when working with paths. The solution is either to escape
all instances of / or use sed's \cREGEXc feature.
Signed-off-by: Aaron Conole <aconole@redhat.com> Signed-off-by: Ian Stokes <ian.stokes@intel.com>
system-dpdk: Allow running the dpdk tests from a VM
Some VM configurations result in CPU flags that cause warnings to be issued by
the DPDK libraries. When these warnings are issued, the tests will fail.
This commit adds the unreliable tsc warning to the list of ignored warnings.
Signed-off-by: Aaron Conole <aconole@redhat.com> Signed-off-by: Ian Stokes <ian.stokes@intel.com>
system-dpdk: Skip all tests if there are no hugepages
A failure is quite harsh in this scenario. It's better to
simply skip all the tests and let the user look at the logs
to understand the missing hugepages.
system-dpdk: Update test suite for non-phy testing
This allows a system that doesn't have a dedicated DPDK nic to
execute some DPDK tests. In this fashion, tests that operate on
virtual ports (such as dpdkvhostuserclient) can be executed in
a wider set of environments.
Ilya Maximets [Thu, 11 Oct 2018 12:06:44 +0000 (15:06 +0300)]
dpif-netdev-perf: Clarify frequency number.
'dpif-netdev/pmd-perf-show' command prints the frequency number
calculated from the total number of cycles spent for iterations
for the measured period. This number could be confusing, because
users may think that it should be equal to CPU frequency, especially
on non-x86 systems where TSC frequency likely does not match with
CPU one.
Moreover, counted TSC cycles could differ from the HW TSC cycles
in case of a large number of PMD reloads, because cycles spent
outside of the main polling loop are not taken into account anywhere.
In this case the frequency will not match even TSC frequency.
Let's clarify the meaning in order to avoid this misunderstanding.
'Cycles' replaced with 'Used TSC cycles', which describes how many TSC
cycles consumed by the main polling loop. % of the total TSC cycles
now printed instead of GHz frequency, because GHz is unclear for
understanding, especially without knowing the exact TSC frequency.
Signed-off-by: Ilya Maximets <i.maximets@samsung.com> Signed-off-by: Ian Stokes <ian.stokes@intel.com>
Terry Wilson [Tue, 9 Oct 2018 16:31:33 +0000 (11:31 -0500)]
Work around Python/C JSON unicode differences
The OVS C-based JSON parser operates on bytes, so the parser_feed
function returns the number of bytes that are processed. The pure
Python JSON parser currently operates on unicode, so it expects
that Parser.feed() returns a number of characters. This difference
leads to parsing errors when unicode characters are passed to the
C JSON parser from Python.
Signed-off-by: Terry Wilson <twilson@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
Terry Wilson [Tue, 9 Oct 2018 16:31:32 +0000 (11:31 -0500)]
Test the Python C JSON extension
The C JSON parser was added quite a while ago, but unless you
configure with --enable-shared and have the Python 2/3 development
libraries installed, and the resulting python-ovs module installed,
'make check' won't actually test it.
This patch changes Python-based tests to run from the
$builddir/python directory and makes the tests configurable to use
both JSON backends. There are some unicode failures in the C JSON
extension that I left unfixed in this patch to make it easy to
show run the new tests on broken code. The next patch in this set
works around the issue.
Signed-off-by: Terry Wilson <twilson@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
Mark Michelson [Tue, 9 Oct 2018 12:27:05 +0000 (08:27 -0400)]
ovn-nbctl: Add basic port group commands.
This adds the following commands:
pg-add: Add a new port group, optionally adding switch ports at
creation.
pg-set-ports: Sets the logical switch ports on a port group
pg-del: Remove a port group.
The main motivation for these commands is that it allows for adding
logical switch ports by name rather than UUID.
Signed-off-by: Mark Michelson <mmichels@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Numan Siddique [Tue, 9 Oct 2018 07:17:11 +0000 (12:47 +0530)]
ovn-ctl: Fix the wrong pidfile argument passed to ovsdb-servers
When OVN db servers are started usinb ovn-ctl, if the pid files
(/var/run/openvswitch/ovnnb_db.pid for example) are already
present, then ovn-ctl passes "--pidfile=123" if the pid file has
'123' stored in it. Later on when OVN pacemaker RA script calls
status_ovnnb/status_ovnsb() functions, these returns "not running".
The shell function 'pidfile_is_running()' stores the contents of
the pid file as "pid=`cat "$pidfile"`". If the caller also
uses the same variable "pid" to store the file name, it gets
overriden.
This patch fixes this issue by renaming the local variable "pid"
in the "start_ovsdb__()" shell function to "db_file_name".
Signed-off-by: Numan Siddique <nusiddiq@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Numan Siddique [Tue, 9 Oct 2018 13:11:57 +0000 (18:41 +0530)]
ovn-trace: Fix tracing when ip.dst has to go via a gateway router
ovn-trace does not trace past an l3gateway port type. This patch
fixes it.
Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1626080 Suggested-by: Dan Williams <dcbw@redhat.com> Signed-off-by: Numan Siddique <nusiddiq@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Mark Michelson <mmichels@redhat.com>
Numan Siddique [Wed, 10 Oct 2018 06:08:55 +0000 (11:38 +0530)]
ovn: Support configuring the BFD params for the tunnel interfaces
With this commit the users can override the default values of
the BFD params - min_rx, min_tx, decay_min_rx and mult if desired.
This can be useful to debug any issues related to BFD (like
frequent BFD state changes).
A new column 'options' is added in NB_Global and SB_Global tables
of OVN_Northbound and OVN_Southbound schemas respectively. CMS
can define the options 'bfd-min-rx', 'bfd-min-tx',
'bfd-decay-min-rx' and 'bfd-mult' in the options column of
NB_Global table row. ovn-northd copies these options from
NB_Global to SB_Global. ovn-controller configures these
options to the tunnel interfaces when enabling BFD.
When BFD is disabled, this patch now clears the 'bfd' column
of the interface row, instead of setting 'enable=false'.
Signed-off-by: Numan Siddique <nusiddiq@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
aginwala [Tue, 9 Oct 2018 11:00:45 +0000 (04:00 -0700)]
ovn-ctl: Allow passing ssl certs when starting OVN DBs in ssl mode.
For OVN DBs to work with SSL in HA, we need to have capability to pass ssl
certs when starting OVN DBs. Say when starting OVN DBs in active passive mode,
in order for the standby DBs to sync from master node, it cannot sync
because the required ssl certs are not passed when standby DBs are initialized.
Hence, we need to have this option.
e.g. start nb db with ssl certs as below:
/usr/share/openvswitch/scripts/ovn-ctl --ovn-nb-db-ssl-key=/etc/openvswitch/ovnnb-privkey.pem \
--ovn-nb-db-ssl-cert=/etc/openvswitch/ovnnb-cert.pem \
--ovn-nb-db-ssl-ca-cert=/etc/openvswitch/cacert.pem \
--db-nb-create-insecure-remote=no start_nb_ovsdb
When certs are passed in the command line, it will read certs from the path
mentioned instead of default db configs.
Certs can be generated based on ovs ssl docs:
http://docs.openvswitch.org/en/latest/howto/ssl/
Signed-off-by: aginwala <aginwala@ebay.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Han Zhou <hzhou8@ebay.com>
Ben Pfaff [Thu, 11 Oct 2018 19:44:33 +0000 (12:44 -0700)]
expr: Disallow < <= >= > comparisons against empty value set.
OVN expression syntax does not allow a literal empty value set, like {}.
Rather, any literal value set has to have at least one value. However,
value sets that originate from address sets or from port groups can be
empty. In such a case, == and != comparisons are allowed but < <= >= >
should be errors. The actual implementation failed to properly disallow
the latter and instead tried to access the first element of the value set,
a bad read. This fixes the problem.
Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10731
Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10767 Signed-off-by: Ben Pfaff <blp@ovn.org> Reviewed-by: Yifeng Sun <pkusunyifeng@gmail.com>
Numan Siddique [Wed, 10 Oct 2018 17:18:59 +0000 (22:48 +0530)]
ovn-controller: Support processing DHCPv6 information request message type
When 'dhcpv6_stateless' is configured on the logical router ports,
the client will send DHCPv6 information request message type (using
dhclient -6 -S) to get additional options like dns-server. This
patch supports this option. Ideally we should have supported this
option when the DHCPv6 support was added.
Signed-off-by: Numan Siddique <nusiddiq@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Yifeng Sun [Wed, 10 Oct 2018 22:15:52 +0000 (15:15 -0700)]
expr: Set a limit on the depth of nested parentheses
This patch checks the depth of nested parentheses to prevent
stack overflow. Since is_chassis_resident doesn't allow
nested parentheses, its following parentheses are not taken
into acount in the parentheses-depth context.
Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10714 Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com> Suggested-by: Ben Pfaff <blp@ovn.org> Signed-off-by: Ben Pfaff <blp@ovn.org>
When a container port sends a ethernet broadcast packet, OVN delivers the same
packet back to the child port (and hence the DAD check fails).
This is because
- 'MLF_ALLOW_LOOPBACK_BIT' is set in REG10 in table 0 for the packets received
from any child port.
- for ethernet broadcast packets, Table 33 (OFTABLE_LOCAL_OUTPUT) clones the
packet for every local port 'P' which belongs to the same datapath i.e
'P'->REG15, resubmit(,34)
- If REG14 and REG15 are same, Table 34 (OFTABLE_CHECK_LOOPBACK) drops the packet
if 'MLF_ALLOW_LOOPBACK_BIT' is not set.
- But in the case of container ports, this bit will be set and hence doesn't gets
dropped and eventually gets delivered to the source container port.
- The VM's kernel thinks its a DAD packet. The latest kernels (4.19) implements
the RFC -7527 (enhanced DAD), but it is still a problem for older kernels.
This patch fixes the issue by using a new register bit (MLF_NESTED_CONTAINER_BIT)
instead of 'MLF_ALLOW_LOOPBACK_BIT' and sets it in REG10 for the packets received
from child ports so that Table 34 drops the packet for the source port.
ossfuzz: Break flow test target into two targets to speed up fuzzing.
The biggest motivation is a massive (7-10x) increase in fuzzing
speed. Prior to the refactoring, we were doing roughly 900 executions
per second on flow_extract_target. Now, we are doing roughly 6000
executions per second on the flow_extract_target and roughly 9000
executions per second on the new miniflow_target.
Moving forward, creating micro fuzz targets that are really fast is a
better strategy. Since all these micro targets can be scheduled in
parallel by oss-fuzz, the test throughput increases by a non-trivial
amount.
Signed-off-by: Bhargava Shastry <bshastry@sect.tu-berlin.de> Signed-off-by: Ben Pfaff <blp@ovn.org>
Bhargava Shastry [Wed, 10 Oct 2018 09:12:15 +0000 (11:12 +0200)]
ossfuzz: Bug fix in odp and expr parse targets
This patch fixes a bug in the following test harnesses
- odp_target.c
- expr_parse_target.c
The bug is as follows:
We expect the fuzzed input to be a C string that does not contain a new
line character. This is because, the test code in OvS is built on
expecting string to not have a newline character (see for instance,
calls to ds_get_line() in test-odp.c etc.).
The way we ensure fuzzed data is such a C string is as follows:
- Check size > 1 AND
- Check data[size - 1] is '\0' (NUL termination) AND
- Check that there is no '\n' in the C string that starts at data
The third check is implemented using strchr. Our earlier logic was that,
were the C string to contain '\n', strchr would have a non-zero return
that can then be used to bail out early.
The problem with this logic is that it does not consider the corner case
when data actually points to two or more C strings, like so:
\x01\x00\x0a\0x00
For this data sequence, strchr correctly returns "there is no newline
character" (in the first C string that is part of the sequence).
But the data that is eventually passed to the fuzzed API
is the entire sequence of strings that may contain a new line in
between.
This patch fixes the bug by adding an additional check:
- Check length of C string pointed to by data is actually equal to one
less than (due to NUL termination) size.
This ensures that we are passing one and only one C string not
containing new line character to the fuzzed APIs.
Signed-off-by: Bhargava Shastry <bshastry@sect.tu-berlin.de> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ilya Maximets [Tue, 9 Oct 2018 16:15:13 +0000 (19:15 +0300)]
dpif-netdev: Add vlan to mask for flow_put operation.
Datapath flows in dpif-netdev classifier always has exact match
mask set for vlan. We have to enable it for flow_put operation
too in order to avoid flow modification failure due to
classifier lookup with wrong hash.
Found by OFtest.
CC: Jan Scheurich <jan.scheurich@ericsson.com> Fixes: beb75a40fdc2 ("userspace: Switching of L3 packets in L2 pipeline") Reported-by: Ben Pfaff <blp@ovn.org>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2018-September/352579.html Signed-off-by: Ilya Maximets <i.maximets@samsung.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Mark Michelson [Mon, 8 Oct 2018 18:49:08 +0000 (14:49 -0400)]
ovn-nbctl: Don't parse table-formatting options in nbctl_client
When ovn-nbctl is running in daemon mode, nbctl_client attempts to parse
table formatting options. The problem is that this then removes the table
formatting options from the array of options passed to the server loop. The
server loop resets the table formatting options to the defaults and then
attempts again to parse table formatting options. Unfortunately, they aren't
present any longer. The result is that tables are always formatted with
the default style.
This patch solves the issue by not parsing the table formatting options
in nbctl_client. Instead, the table formatting options are passed to the
server loop and parsed there instead.
Signed-off-by: Mark Michelson <mmichels@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Mark Michelson [Mon, 8 Oct 2018 18:49:07 +0000 (14:49 -0400)]
table: Create method for resetting table formatting.
Table formatting has a local static integer that is intended to insert
line breaks between tables. This works exactly as intended, as long as
each call to table_format() is done as a single unit within the run of a
process.
When ovn-nbctl is run in daemon mode, it is a long-running process that
makes multiple calls to table_format() throughout its lifetime. After
the first call, this results in an unexpected newline prepended to table
output on each subsequent ovn-nbctl invocation.
The solution is to introduce a function to reset table formatting. This
way, the first time after resetting table formatting, no newline is
prepended.
Signed-off-by: Mark Michelson <mmichels@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Yifeng Sun [Thu, 4 Oct 2018 21:23:39 +0000 (14:23 -0700)]
flow: Clear ovs_nsh_key's context data when nsh's type can't be handled
In the default case when nsh's md_type is not recognized by nsh parser,
uninitialized data in key->context can sneak into miniflow. This
patch fixes it.
Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10519 Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Han Zhou [Thu, 4 Oct 2018 20:01:09 +0000 (13:01 -0700)]
ovs-ctl: Add new option to use short hostname.
Current ovs-ctl forces to set full hostname in external-ids. In
some situation users may want to set short hostname. For example,
in OpenStack - OVN integration, Neutron uses the host-id provided
by Nova, which is usually short hostname, to set "requested-chassis"
in OVN. The mismatch in hypervisor's external-ids:hostname setting
causes OVN port binding failure. It can be overridden to short name
but a openvswitch restart using ovs-ctl would again set it to full
hostname. This patch ensures in such use cases --no-full-hostname
can be specified to ovs-ctl to set short hostname instead.
Signed-off-by: Han Zhou <hzhou8@ebay.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Yifeng Sun [Fri, 5 Oct 2018 22:16:50 +0000 (15:16 -0700)]
extend-table: Fix a bug that iterates wrong table
This seems to be a copy and paste bug that iterates and frees
the wrong table. This commit fixes that.
Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10730 Co-authored-by: Ben Pfaff <blp@ovn.org> Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Yi-Hung Wei [Fri, 5 Oct 2018 16:19:54 +0000 (09:19 -0700)]
ofp-packet: Fix NXT_RESUME with geneve tunnel metadata
The patch address vswitchd crash when it receives NXT_RESUME with geneve
tunnel metadata. The crash is due to segmentation fault with the
following stack trace, and it is observed only in kernel datapath.
A test is added to prevent regression.
Thread 1 "ovs-vswitchd" received signal SIGSEGV, Segmentation fault.
0 0x00007fcffd0c5412 in tun_metadata_to_geneve__ (flow=flow@entry=0x7ffcb7106680, b=b@entry=0x7ffcb70eb5a8, crit_opt=crit_opt@entry=0x7ffcb70eb287)
at lib/tun-metadata.c:676
1 0x00007fcffd0c6858 in tun_metadata_to_geneve_nlattr_flow (b=0x7ffcb70eb5a8, flow=0x7ffcb7106638) at lib/tun-metadata.c:706
2 tun_metadata_to_geneve_nlattr (tun=tun@entry=0x7ffcb7106638, flow=flow@entry=0x7ffcb7106638, key=key@entry=0x0, b=b@entry=0x7ffcb70eb5a8)
at lib/tun-metadata.c:810
3 0x00007fcffd048464 in tun_key_to_attr (a=a@entry=0x7ffcb70eb5a8, tun_key=tun_key@entry=0x7ffcb7106638, tun_flow_key=tun_flow_key@entry=0x7ffcb7106638,
key_buf=key_buf@entry=0x0, tnl_type=<optimized out>, tnl_type@entry=0x0) at lib/odp-util.c:2886
4 0x00007fcffd0551cf in odp_key_from_dp_packet (buf=buf@entry=0x7ffcb70eb5a8, packet=0x7ffcb7106590) at lib/odp-util.c:5909
5 0x00007fcffd0d7870 in dpif_netlink_encode_execute (buf=0x7ffcb70eb5a8, d_exec=0x7ffcb7106428, dp_ifindex=<optimized out>) at lib/dpif-netlink.c:1873
6 dpif_netlink_operate__ (dpif=dpif@entry=0xe65e00, ops=ops@entry=0x7ffcb7106418, n_ops=n_ops@entry=1) at lib/dpif-netlink.c:1959
7 0x00007fcffd0d842e in dpif_netlink_operate_chunks (n_ops=1, ops=0x7ffcb7106418, dpif=<optimized out>) at lib/dpif-netlink.c:2258
8 dpif_netlink_operate (dpif_=0xe65e00, ops=<optimized out>, n_ops=<optimized out>) at lib/dpif-netlink.c:2294
9 0x00007fcffd014680 in dpif_operate (dpif=<optimized out>, ops=<optimized out>, ops@entry=0x7ffcb7106418, n_ops=n_ops@entry=1) at lib/dpif.c:1359
10 0x00007fcffd014c58 in dpif_execute (dpif=<optimized out>, execute=execute@entry=0x7ffcb71064e0) at lib/dpif.c:1324
11 0x00007fcffd40d3e6 in nxt_resume (ofproto_=0xe6af50, pin=0x7ffcb7107150) at ofproto/ofproto-dpif.c:4885
12 0x00007fcffd3f88c3 in handle_nxt_resume (ofconn=ofconn@entry=0xf8c8f0, oh=oh@entry=0xf7ebd0) at ofproto/ofproto.c:3612
13 0x00007fcffd404a3b in handle_openflow__ (msg=0xeac460, ofconn=0xf8c8f0) at ofproto/ofproto.c:8137
14 handle_openflow (ofconn=0xf8c8f0, ofp_msg=0xeac460) at ofproto/ofproto.c:8258
15 0x00007fcffd3f4653 in ofconn_run (handle_openflow=0x7fcffd4046f0 <handle_openflow>, ofconn=0xf8c8f0) at ofproto/connmgr.c:1432
16 connmgr_run (mgr=0xe422f0, handle_openflow=handle_openflow@entry=0x7fcffd4046f0 <handle_openflow>) at ofproto/connmgr.c:363
17 0x00007fcffd3fdc76 in ofproto_run (p=0xe6af50) at ofproto/ofproto.c:1821
18 0x000000000040ca94 in bridge_run__ () at vswitchd/bridge.c:2939
19 0x0000000000411d44 in bridge_run () at vswitchd/bridge.c:2997
20 0x00000000004094fd in main (argc=12, argv=0x7ffcb71085b8) at vswitchd/ovs-vswitchd.c:119
VMWare-BZ: #2210216 Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Add buffering support for IPv4/IPv6 packets that will be processed
by arp{}/nd_ns{} action when L2 address is not discovered yet since
otherwise the packet will be substituted with an ARP/Neighbor
Solicitation frame and this will result in the lost of the first
packet of the connection.
Moreover fix following automatic tests broken by ip-buffering support
since now original ip packets are transmitted by OVN logical
router:
- ovn -- 3 HVs, 3 LS, 3 lports/LS, 1 LR
- ovn -- /32 router IP address
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Matteo Croce [Sat, 6 Oct 2018 16:19:55 +0000 (18:19 +0200)]
dpif-netlink: Fix null pointer.
In dpif_netlink_port_add__(), socksp could be NULL, because
vport_socksp_to_pids() would allocate a new array and return a single
zero element.
Following vport_socksp_to_pids() removal, a NULL pointer can happen when
dpif_netlink_port_add__() is called and dpif->handlers is 0.
Restore the old behaviour of using a zero pid when dpif->handlers is 0.
Fixes: 69c51582f ("dpif-netlink: don't allocate per thread netlink sockets") Reported-by: Flavio Leitner <fbl@redhat.com> Reported-by: Guru Shetty <guru@ovn.org> Signed-off-by: Matteo Croce <mcroce@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
PCAP header magic numbers are different for microsecond and nanosecond
resolution timestamps. This patch adds support for understanding the
difference and reporting the time correctly with ovs_pcap_read().
When writing pcap files, OVS will always use microsecond resolution, so
no new calculations were added to those functions.
Signed-off-by: Mark Michelson <mmichels@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Calling getattr() on a Row object after invoking delkey() with a value
that does not exist in the object will cause getattr() to fail with a
KeyError error. For example:
Oct 05 14:59:28 neutron-server[28435]: File
"/usr/local/lib/python2.7/dist-packages/ovsdbapp/backend/ovs_idl/connection.py",
line 122, in run
Oct 05 14:59:28 neutron-server[28435]:
txn.results.put(txn.do_commit())
Oct 05 14:59:28 neutron-server[28435]: File
"/usr/local/lib/python2.7/dist-packages/ovsdbapp/backend/ovs_idl/transaction.py",
line 86, in do_commit
Oct 05 14:59:28 neutron-server[28435]: command.run_idl(txn)
Oct 05 14:59:28 neutron-server[28435]: File
"/usr/local/lib/python2.7/dist-packages/ovsdbapp/backend/ovs_idl/command.py",
line 299, in run_idl
Oct 05 14:59:28 neutron-server[28435]: if
isinstance(getattr(record, self.column), dict):
Oct 05 14:59:28 neutron-server[28435]: File
"/usr/local/lib/python2.7/dist-packages/ovs/db/idl.py", line 843, in
__getattr__
Oct 05 14:59:28 neutron-server[28435]: del dmap[key]
Oct 05 14:59:28 neutron-server[28435]: KeyError: 'bogusvalue'
This patch is replacing the "del dmap[key]" instruction with a
"dmap.pop(key, None)" instruction instead because a pop() (with a
default value) will not raise an exception in case the key does not
exist in the object in the first place, it will just ignore it.
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Yifeng Sun [Thu, 4 Oct 2018 19:42:21 +0000 (12:42 -0700)]
ovsdb-types: Refactor structs so as to comply with C++ standard
C++ standard only accepts anonymous struct inside
anonymous union. This patch re-organized the structs so
that this header file can be used in C++ source files.
Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Mon, 18 Jun 2018 18:36:50 +0000 (11:36 -0700)]
ovn-controller: Honor updates to SSL configuration while waiting for SB DB.
At startup time, ovn-controller connects to the OVS database and retrieves
a pointer to the southbound database, then connects to the southbound
database and retrieves a snapshot. Until now, however, it didn't pay
attention to changes in the OVS database while trying to retrieve the
southbound database, which meant that if the SSL settings changed,
ovn-controller would continue to use the old ones, which probably wouldn't
work.
Also honor changes to the remote for the southbound database while waiting
to connect to it.
Most of the changes in this commit are whitespace only indentation changes,
so passing -w to "git show" (etc.) make it easier to understand.
Reported-by: Dan Williams <dcbw@redhat.com>
Reported-at: https://github.com/openvswitch/ovs-issues/issues/144 Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Mon, 18 Jun 2018 18:36:49 +0000 (11:36 -0700)]
ovsdb-idl: New function ovsdb_idl_create_unconnected().
This new function makes it possible to create an instance of the IDL
without connecting it to a remote OVSDB server. The caller can then
connect and disconnect using ovsdb_idl_set_remote(); the ability to
disconnect is a new feature.
With this patch, the ovsdb_idl 'session' member can be null whereas
previously it was always nonnull. The scattered changes throughout
ovsdb-idl are to cope with this new possibility.
An upcoming patch will introduce the first user of this new feature.
Ben Pfaff [Fri, 7 Sep 2018 02:30:11 +0000 (19:30 -0700)]
condition: Reject <, <=, >=, > with optional scalar against empty set.
When relational comparisons against optional scalars were introduced, it
was meant to work only when the right-hand side of the comparison was a
scalar, not the empty set. The implementation wasn't that picky. This
commit fixes the problem.
CC: Terry Wilson <twilson@redhat.com> Fixes: 09e256031a62 ("ovsdb: Allow comparison on optional scalar types") Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Justin Pettit <jpettit@ovn.org>
Ben Pfaff [Fri, 7 Sep 2018 02:30:10 +0000 (19:30 -0700)]
condition: Fix ==, !=, includes, excludes on optional scalars.
Open vSwitch 2.4 introduced an OVSDB extension in which a column with
type optional integer or real could be compared with the operators <,
<=, >, and >=. At the same time, it broke the implementation of the
operators ==, !=, includes, and excludes on columns with the same types.
This fixes the problem.
Reported-by: Hans Ole Rafaelsen <hrafaelsen@gmail.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2018-September/047356.html CC: Terry Wilson <twilson@redhat.com> Fixes: 09e256031a62 ("ovsdb: Allow comparison on optional scalar types") Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Justin Pettit <jpettit@ovn.org>