Ben Pfaff [Tue, 22 Dec 2009 01:02:17 +0000 (17:02 -0800)]
ofproto: Drop remote command execution feature.
At one point Nicira had deployment plans for which adding a remote command
execution feature to the OpenFlow stack made a lot of sense. We no longer
have those plans, as far as I know, and leaving the feature in seems like
a huge potential security hole. So this commit blows away the entire
feature.
Sometimes it is useful to limit the number of connection attempts, either
from policy or because it is not possible to reconnect at all (e.g. because
a connection was accepted from a listening socket instead of made with
connect()). This commit adds that feature.
Justin Pettit [Fri, 18 Dec 2009 22:40:12 +0000 (14:40 -0800)]
xenserver: Use ovs-appctl to reopen log files
During the changes to use the configuration database the "reload"
command was removed from the init script. In addition to reloading the
configuration file, binaries also reopened their log files, which is the
behavior the logrotate configuration expected. This change makes the
logrotate configuration no longer user the "reload" command.
Justin Pettit [Fri, 18 Dec 2009 22:34:05 +0000 (14:34 -0800)]
Remove cfg library
A few places in bridge.c still reference the old cfg library, but they
were commented out a while back. This removes the library, since we've
now switched over to a configuration database.
Ben Pfaff [Thu, 17 Dec 2009 18:56:01 +0000 (10:56 -0800)]
daemon: Allow daemon child process to report success or failure to parent.
There are conflicting pressures in startup of a daemon process:
* The parent process should exit with an error code if the daemon
cannot start up successfully.
* Some startup actions must be performed in the child process, not in
the parent. The most obvious of these are file locking, since
child processes do not inherit locks, and anything that requires
knowing the child process's PID (e.g. unixctl sockets).
Until now, this conflict has usually been handled by giving up part of the
first property, i.e. in some cases the parent process would exit
successfully and the child immediately afterward exit with a failure code.
This commit introduces a better approach, by allowing daemons to perform
startup work in the child and only then signal the parent that they have
successfully started. If the child instead exits without signaling
success, the parent passes this exit code along to its own parent.
This commit also modifies the daemons that can usefully take advantage of
this new feature to do so.
Ben Pfaff [Fri, 18 Dec 2009 20:33:34 +0000 (12:33 -0800)]
ovs-brcompatd: Simplify logic and make more robust.
The ovs-brcompatd code was trying hard to make sure that an Open_vSwitch
record would exist in the database before it would look for one. It is
easier to just check for a record and use it if it is there, and it is
also more robust against databases that have not been initialized.
Ben Pfaff [Thu, 17 Dec 2009 23:49:48 +0000 (15:49 -0800)]
testsuite: Look for .ovsschema files in source dir as well as build dir.
When a distribution is built with "make dist", the .ovsschema files are
included as part of it, so that the builder does not have to have Python
installed. However in that case the distributed .ovsschema files are in
the source dir instead of the build dir. The testsuite always expected
them in the latter directory. This commit makes it look for them in both
places.
Ben Pfaff [Thu, 17 Dec 2009 23:47:27 +0000 (15:47 -0800)]
test-json: Avoid use of /dev/stdin to fix builds in limited chroots.
The chroots in which we often build Open vSwitch don't have /proc and
thus cannot support /dev/stdin, because on Linux that is a symlink to
/proc/self/fd/0. So avoid using /dev/stdin in the testsuite.
Ben Pfaff [Thu, 17 Dec 2009 00:26:17 +0000 (16:26 -0800)]
Make ovs-vswitchd report when it is done configuring; make ovs-vsctl wait.
Until now the ovsdb-based vswitch has provided no way to know when it has
finished applying the configuration from the database. This commit
introduces a way:
* The client who wants to wait increments the "next_cfg" column of the
Open_vSwitch record.
* When ovs-vswitchd finishes reconfiguring, it sets the value of the
"cur_cfg" column to that of the "next_cfg" column.
* The client waits until the "cur_cfg" column is at least as great as
the value it set into "next_cfg".
This allows us to drop the 5-second sleep in interface-reconfigure.
Ben Pfaff [Wed, 16 Dec 2009 21:40:55 +0000 (13:40 -0800)]
debian: Don't unload kernel modules in init script on "stop" or "restart".
Unloading kernel modules will destroy all of the datapaths, which is a
drastic action. So we are probably better off doing that only if the
user requests it explicitly.
Ben Pfaff [Wed, 16 Dec 2009 21:30:53 +0000 (13:30 -0800)]
ovsdb: Add "comment" feature to transactions and make ovs-vsctl use them.
The idea here is that transaction comments get copied to the ovsdb-server's
transaction log, which can then make it clear later why a particular change
was made to the database, to ease debugging.
Ben Pfaff [Wed, 16 Dec 2009 18:55:46 +0000 (10:55 -0800)]
json: Accurately parse very large real numbers.
The test for whether a real number was outside the valid range was
imprecise and failed at the edge of the real range. This commit changes
the code to use the C library's strtod(), which presumably does better.
Ben Pfaff [Tue, 15 Dec 2009 21:11:24 +0000 (13:11 -0800)]
debian: Change openvswitch-switch deb to use ovsdb-server and ovs-vswitchd.
This appears to work in that it creates the database on installation,
starts and stops the programs and loads and unloads the kernel modules at
the right times, but it has not been tested beyond that.
Ben Pfaff [Tue, 15 Dec 2009 18:59:49 +0000 (10:59 -0800)]
debian: Make all binary packages depend on ${misc:Depends}.
According to lintian:
> The source package uses debhelper but it does not use ${misc:Depends} in
> the given binary package's debian/control entry. This is required so the
> dependencies are set correctly in case the result of a call to any of
> the dh_ commands cause the package to depend on another package.
Fixed by adding ${misc:Depends} as a dependency to all binary packages that
didn't already have it.
Ben Pfaff [Tue, 15 Dec 2009 18:56:59 +0000 (10:56 -0800)]
debian: Make binary NMUs possible.
According to lintian:
> The package is not safely binNMUable because an arch:any package depends
> on another arch:any package with a (= ${source:Version}) relationship.
> Please use (= ${binary:Version}) instead.
Ben Pfaff [Tue, 15 Dec 2009 18:19:03 +0000 (10:19 -0800)]
debian: Break rules for datapath module out of debian/rules.
debian/rules included makefiles from /usr/share/modass/include.
Unfortunately these makefiles set some environment variables to values that
we do not want in the general Debian build, e.g. on this machine they set
CC to gcc-4.1. It appears that it is generally good practice to break
out the kernel module rules from the general-purpose rules anyhow, so this
commit does so.
Ben Pfaff [Tue, 15 Dec 2009 06:59:55 +0000 (22:59 -0800)]
netdev-linux: Fix aliasing error.
The latest version of GCC flags a common socket convention as breaking
strict-aliasing rules. This commit removes the aliasing and gets rid of
the scary warning.
Justin Pettit [Tue, 15 Dec 2009 01:44:17 +0000 (17:44 -0800)]
xenserver: Actually destroy VIFs by using ovs-vsctl
When VIFs were destroyed, they were not actually being deleted in the
config database. This commit makes the appropriate ovs-vsctl commands
in the 'vif' script to accomplish that.
Justin Pettit [Mon, 14 Dec 2009 21:59:58 +0000 (13:59 -0800)]
ovs-vsctl: Set timeout to a default value of five seconds
In general, we don't want ovs-vsctl to wait forever to connect to the
database, as ovs-vsctl is used extensively in init scripts and the
system will not boot. Use a default value of five seconds as a
stop-gap. Eventually, we'll switch to a model of connection attempts,
since using time-based approach is kind of a hack.
Justin Pettit [Mon, 14 Dec 2009 21:43:25 +0000 (13:43 -0800)]
xenserver: Cleanup xs-network-uuids and xs-network-names usage
Switch xs-network-uuids delimiter to a semicolon to match the one used
by xs-network-uuids. Also, fix pluralization of xs-network-uuids in
vswitch IDL description of the "Bridge" table.
Add description of xs-network-names to vswitch IDL description.
Ben Pfaff [Mon, 14 Dec 2009 21:09:47 +0000 (13:09 -0800)]
vswitchd: Do not choose generated MAC address for local port.
ovs-vswitchd needs to choose a sensible MAC address for the local port of
a bridge. Until now, the algorithm has ignored certain interfaces, in
particular internal interfaces and those with the MAC addresses that
indicate that they are probably Xen VIFs. The goal is to choose a physical
interface's MAC address because this is more stable and more likely to
be meaningful to the outside world. Stability, in turn, is important
because the MAC address of the local port is used as the default datapath
ID for OpenFlow connections.
This existing algorithm was too specialized to work well with the new
kinds of ports that we have been introducing in OVS. In particular,
GRE ports could be chosen as the MAC address. This commit changes the
algorithm for choosing the local port MAC address. Now it ignores any
interface that has the "local" bit set in its MAC address, which
catches GRE ports. The new rule also catches the VIF and internal
port cases, so this commit also deletes those special cases.
This commit deleted the only user of eth_addr_is_vif(), so it deletes
that function also.
Ben Pfaff [Sat, 12 Dec 2009 00:59:44 +0000 (16:59 -0800)]
socket-util: Clarify EAGAIN error code for make_unix_socket().
make_unix_socket() can return EAGAIN in rare circumstances, e.g. when the
server's socket listen queue is full. A lot of OVS callers interpret
EAGAIN as a "try again" error code, but in this case it means that the
attempt to create the socket failed. So munge EAGAIN into another error
code to prevent that misinterpretation.
Ben Pfaff [Fri, 11 Dec 2009 18:46:59 +0000 (10:46 -0800)]
ovsdb-idl: Fix row insertion and deletion behavior.
When the IDL was used to insert a row, but all of the new row's columns
were left at the default values, then the IDL would not insert the row at
all.
When the IDL was used to delete one or more rows, and the transaction did
not include any update or insertion operations, the transaction was dropped
entirely.
This commit fixes these two bugs. It needs a regression test, but this
commit does not add one.
Justin Pettit [Thu, 10 Dec 2009 23:21:56 +0000 (15:21 -0800)]
xenserver: Remove references to "reload" in init script
With ovs-vswitchd using the config DB, it is no longer necessary to tell
it to reload its configuration file. This removes references to the
need for reloading.
It also cleans up some messages placed on the console during boot up.
Ben Pfaff [Fri, 11 Dec 2009 00:43:10 +0000 (16:43 -0800)]
xensource: Add kluge to make interface-reconfigure work better.
This change makes xsconsole able to reconfigure the management interface
on some XenServer hosts. It's not clear why it is needed--apparently
xapi is creating the bridge behind our back.
Ben Pfaff [Thu, 10 Dec 2009 23:53:03 +0000 (15:53 -0800)]
xenserver: Make basic VM networking work.
Tested by starting and stopping a VM that has a single VIF and verifying
that the VM could get an IP address via DHCP and access the network and
that the VIF's external-ids were set to plausible values.
Justin Pettit [Thu, 10 Dec 2009 08:08:39 +0000 (00:08 -0800)]
ovs-brcompatd: First cut at integration with new config db
This is an extremely lightly tested attempt at switching ovs-brcompatd
from using the config file to the new config db. There are a lot of
shortcomings in this cut, but we need to make progress on the XenServer
integration, so it's going in now. Expect changes in the near future.
Ben Pfaff [Tue, 8 Dec 2009 17:48:37 +0000 (09:48 -0800)]
ovsdb-idl: Update IDL data when "set" functions are called.
Until now, the "set" functions generated by the IDL updated the data in the
database (during commit) but not the data exposed by the IDL in its data
structures. This was just an oversight, so this commit causes the data
exposed by IDL to be updated also.
Ben Pfaff [Tue, 8 Dec 2009 01:09:52 +0000 (17:09 -0800)]
bitmap: New function bitmap_scan() and macro BITMAP_FOR_EACH_1.
bitmap_scan() can be optimized significantly for the case of a sparse
bitmap but it doesn't seem worth the additional overhead of writing a test
unless and until we show that it's a useful optimization in practice.