Ciara Loftus [Thu, 5 Nov 2015 11:14:25 +0000 (11:14 +0000)]
INSTALL.DPDK: Mention issue with QEMU v2.4.0 & dpdkvhostuser
Currently when using QEMU v2.4.0+, two (or more) dpdkvhostuser ports cannot
be unbound from the kernel driver in the guest without causing the
ovs-vswitchd process to crash. Document this limitation and potential
workarounds.
Signed-off-by: Ciara Loftus <ciara.loftus@intel.com> Acked-by: Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Jarno Rajahalme [Wed, 4 Nov 2015 23:47:36 +0000 (15:47 -0800)]
upcall: Check for recirc_id in ukey_create_from_dpif_flow()
Filter out not only flows with recirculation actions, but also flows
with non-zero recirculation id in flow key when creating ukeys from
datapath flows, as such flows also depend on the recirculation
context, which have been lost after a restart.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Joe Stringer <joestringer@nicira.com>
Jarno Rajahalme [Wed, 4 Nov 2015 23:47:35 +0000 (15:47 -0800)]
tests: Strip more variable output from conntrack output.
'conntrack' output format varies depending on the system
configuration, i.e., conntrack accounting or timestamping is enabled.
Modify the FORMAT_CT() macro to hide these differences.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Joe Stringer <joestringer@nicira.com>
Russell Bryant [Wed, 21 Oct 2015 20:13:43 +0000 (16:13 -0400)]
ovn-tutorial: Add a section on ACLs.
Add a section that gives a quick introduction to applying ACLs. It
discusses how the ACLs are translated into OVN logical flows. It doesn't
get down to the OpenFlow level because that's not supported in
ovs-sandbox yet. Instead, it provides a reference to an OpenStack
related blog post that talks about how OVN ACLs are used there and gives
examples of the resulting OpenFlow flows.
In theory, once we have a userspace conntrack implementation available,
we'll be able to provide better suppot for it in ovs-sandbox.
Signed-off-by: Russell Bryant <rbryant@redhat.com> Acked-by: Kyle Mestery <mestery@mestery.com>
Ben Pfaff [Thu, 15 Oct 2015 16:46:21 +0000 (09:46 -0700)]
ofp-parse: Fix parsing, formatting of multiple fields in NTR extension.
Until now, the only way to specify multiple fields in the "fields"
parameter for the Netronome groups extension, was to specify "fields"
more than once, e.g. fields=eth_dst,fields=ip_dst
However, this wasn't documented and the code in ofp-print didn't use it,
generating output that couldn't be parsed.
This commit fixes the situation by introducing a more straightforward
syntax, e.g. fields(eth_dst,ip_dst), documents it, and adjusts ofp-print
code to use it when there is more than one field (it retains the previous
format for backward compatibility when there is exactly one field)
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Simon Horman <simon.horman@netronome.com>
Ben Pfaff [Sat, 17 Oct 2015 21:24:01 +0000 (14:24 -0700)]
dpctl: Fix jump through wild pointer in "dpctl/help".
dpctl_unixctl_handler() didn't fully initialize the dpctl_params structure
it passed to the handler, which meant that dpctl_help() could see a nonnull
(indeterminate) 'usage' pointer and jump through it, causes a crash.
This commit fixes the crash by fully initializing the structure.
The dpctl/help command wasn't going to do anything useful anyway, so this
commit also stops registering it.
Reported-by: Murali R <muralirdev@gmail.com>
Reported-at: http://openvswitch.org/pipermail/discuss/2015-October/019135.html Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Ansis Atteka [Tue, 3 Nov 2015 23:29:32 +0000 (15:29 -0800)]
tests: add documentation for OVS_WAIT_UNTIL and OVS_WAIT_WHILE macros
It is very easy to misuse these macros, because when the COMMAND
returns exit code "0" it is actually considered as if condition
evaluated to "true" and not "false" as some might think.
This patch ensures that this is clearly reflected in documentation.
Acked-by: Ben Pfaff <blp@nicira.com> Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Russell Bryant [Sat, 24 Oct 2015 19:41:37 +0000 (15:41 -0400)]
ovn: Remove duplicate versions from schemas.
Since commit 5935835968c9d36ffe306863f0c8079d3b670e2a, the OVN nb and sb
schema definitions have included duplicate version entries. In the nb
case, the version has since been updated to 2.0.0, but only in one
place. Remove the duplicate version entries that were at the bottom of
the files.
Signed-off-by: Russell Bryant <rbryant@redhat.com> Acked-by: Ben Pfaff <blp@nicira.com>
Russell Bryant [Tue, 27 Oct 2015 09:01:28 +0000 (18:01 +0900)]
ovn: Fix check on existing encap row.
This code does some checking to validate the existing encaps for a
chassis to see if they need to be updated. This typo resulted in
ovn-controller re-creating its encap(s) every time this code ran, making
ovn-controller and ovsdb-server eat up a CPU in my testing.
Signed-off-by: Russell Bryant <rbryant@redhat.com> Acked-by: Ben Pfaff <blp@nicira.com>
datapath-windows: Updating an External Adapter causes flow lookup failure
This patch fixes an issue with updating the propeties of an external
adapter in Windows. The issue causes flow lookups to fail until the
kernel is reinstalled.
Saurabh Mohan [Tue, 6 Oct 2015 23:35:32 +0000 (16:35 -0700)]
debian: place kernel module to satisfy depmod search.
On Ubuntu depmod's search priority is configured in /etc/depmod to be
updates and then the kernel built-in directory.
$ cat /etc/depmod.d/ubuntu.conf
search updates ubuntu built-in
Thus change the placement of openvswitch.ko under updates/ not kernel/updates.
Andy Zhou [Thu, 29 Oct 2015 21:51:34 +0000 (14:51 -0700)]
test: Make test independent of the recirc_id
Commit 8ae8176fd0d8ed919e3301cc961dcf02b65ff49d (tests: Make test
independent of the hash function) improves the test "ofprot-dpif
- balance-tcp bonding, different recirc flow" to not dependent on
the values of dp-hash, but it still depends on the value of recirc_id,
which can be a different value based on runs, specifically, it depends
which one of the two bonds allocates recirc id first.
Since both dp_hash and recirc_id values are runtime dependent,
consolidate the masking scripts into ofctl_strip.
Sairam Venugopal [Mon, 26 Oct 2015 23:48:39 +0000 (16:48 -0700)]
datapath-windows: Move OvsAllocateNBLFromBuffer to BufferMgmt
Move the functionality around creating an NBL from Buffer to
Buffermanagement. This function will be used for converting the buffer
from user-space to NBL and also by STT - reassembly logic.
Andy Zhou [Thu, 22 Oct 2015 17:29:56 +0000 (10:29 -0700)]
bfd: always export remote_state and remote_diagnostic to OVSDB
RFC 5880 specified bfd.RemoteSessionState as one of the state
variables. In OVS implementation, this value is exported to OVSDB's
BFD status column of the interface table, as one of the map elements,
with the key of 'remote_state'.
It can be surprising when the 'remote_state' map element disappears
when BFD is in the 'DOWN' state, but otherwise always exported.
Change to always exporting it, to make it more predictable for
applications that monitors the BFD status column.
While at it, make the same change to 'remote_diagnostic', so that it
is also always exported to OVSDB for consistency.
Before this commit vtep-ctl hung forever if it didn't manage to reach
the database.
This caused the testcase "ovn -- 3 HVs, 1 VIFs/HV, 1 GW, 1 LS" to hang
occasionally, because ovsdb-server could be killed before ovs-vtep
called vtep-ctl.
This mimics the behaviour of ovs-vsctl, ovn-nbctl and ovn-sbctl.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Acked-by: Justin Pettit <jpettit@nicira.com>
Ciara Loftus [Wed, 21 Oct 2015 13:50:36 +0000 (14:50 +0100)]
netdev-dpdk: Clean-up after vHost User port delete
Unregister and delete the socket associated with a vhost-user
port when the port is deleted and/or the switch is brought down.
Do not delete the socket if the vhost-user device is still attached
to the guest.
Signed-off-by: Ciara Loftus <ciara.loftus@intel.com> Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Justin Pettit [Mon, 19 Oct 2015 22:41:34 +0000 (15:41 -0700)]
ovn: Reduce range of ACL priorities.
To implement stateful ACLs, we've needed to reserve multiple logical
flow priorities in the ACL table. Rather than continue to have a
strange range of ACL priorities, we'll make ACL priority range 0 to
32767 and then offset them by 1000 when inserting them into the logical
flow table.
Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Jarno Rajahalme [Mon, 19 Oct 2015 22:00:39 +0000 (15:00 -0700)]
ovs-ofctl: Fix OpenFlow versions with '--bundle'
While the presence of the '--bundle' option implicitly added the
OpenFlow 1.4 to the allowed protocols, it failed to remove OpenFlow
1.0 from the allowed protocols. This is changed so that '--bundle'
option now also implicitly removes versions lesser than 1.4 from the
allowed protocols. This has no behavioral difference when ovs-ofctl
is paired with OVS that supports OpenFlow 1.4, as the greatest common
version is negotiated, but prevents negotiation of OpenFlow 1.0 when
OVS does not support OpenFlow 1.4.
Jarno Rajahalme [Mon, 19 Oct 2015 22:00:39 +0000 (15:00 -0700)]
ovs-ofctl: Fix replace-flows.
The replace-flows test cases tested for incorrect
behavior due to the missing initialization of the out_group member of
struct ofputil_flow_stats_request. This patch fixes this by properly
initializing out_group to OFPG_ANY.
Note that replace-flows still does not support multiple tables, but
that will be fixed in a later patch in the series.
Ben Pfaff [Sat, 17 Oct 2015 06:36:38 +0000 (23:36 -0700)]
physical: Fix implementation of logical patch ports.
Logical patch ports do not have a physical location and effectively reside
on every hypervisor. This is fine for unicast output to logical patch
ports. However, when a logical patch port is part of a logical multicast
group, lumping them together with the other "local" ports in a multicast
group yields packet duplication, because every hypervisor to which the
packet is tunneled re-outputs it to the logical patch port.
This commit fixes the problem, by treating logical patch ports as remote
rather than local when they are part of a logical multicast group. This
yields exactly-once semantics.
Found while testing implementation of ARP in OVN logical router. The
following commit adds a test that fails without this fix.
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Justin Pettit <jpettit@nicira.com>
Ben Pfaff [Sun, 18 Oct 2015 19:42:33 +0000 (12:42 -0700)]
logical-fields: New header for logical field assignments.
The original concept for "expr" and "actions" was that they should not need
to know anything about the mapping between physical and logical fields,
that instead everything should be provided via the symbol table. In
practice this has proven difficult because a couple of actions need to know
about logical fields. For now, it seems reasonable to put the logical
field mapping into a header of its own. Later, maybe we'll figure out
whether there's value in a less leaky abstraction.
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Justin Pettit <jpettit@nicira.com>
Ben Pfaff [Sat, 17 Oct 2015 21:03:53 +0000 (14:03 -0700)]
packets: Make ip_parse_masked() pickier about formatting.
It's happened a couple of times now that I've entered a typoed IP address,
e.g. "192.168.0.0$x", and ip_parse_masked() or its predecessor has accepted
it anyway, and it's been hard to track down the real problem. This change
makes the parser pickier, by disallowing trailing garbage.
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Justin Pettit <jpettit@nicira.com>
Ben Pfaff [Wed, 7 Oct 2015 20:12:34 +0000 (13:12 -0700)]
ovn-northd: Add stages for logical routers.
Until now, ovn-northd has only set up flows for logical switches. With the
arrival of logical routers, it needs to set up flows for them too. The
stages within logical routers are completely different from those for
logical switches, so this prepares for that by adding logic for identifying
those stages.
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Justin Pettit <jpettit@nicira.com>
Ben Pfaff [Thu, 8 Oct 2015 20:18:51 +0000 (13:18 -0700)]
ovn-nb: Add "enabled" column to Logical_Router_Port.
This is just for symmetry with Logical_Port, since it seems that if users
want to be able to disable switch ports they might want to disable router
ports as well.
There is no "up" column because a logical router port doesn't have the same
concept.
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Justin Pettit <jpettit@nicira.com>
Ben Pfaff [Wed, 7 Oct 2015 23:01:37 +0000 (16:01 -0700)]
ovn-nb: Change how router ports work.
This is for two reasons. First, a router port is not really much of a
special case from a logical switch's point of view. For switching
purposes, it works exactly the same as any other port. Having a special
column for it just adds artificial special cases.
Second, the previous form of router ports specified that all of them use
the logical port name "ROUTER". This seemed to make sense at the time but
now it is just adding more special cases. Instead just giving them names
like any other port makes life easier.
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Justin Pettit <jpettit@nicira.com>
Ben Pfaff [Wed, 7 Oct 2015 22:34:54 +0000 (15:34 -0700)]
ovn-nb.xml: Reorganize documentation for Logical_Port table.
This uses the column grouping feature and the ability to document an
individual key within a column to better, in my opinion, organize the
documentation for the Logical_Port table.
This will make it easier to document a new port type that a future commit
will add.
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Justin Pettit <jpettit@nicira.com>
Ben Pfaff [Fri, 16 Oct 2015 20:32:03 +0000 (13:32 -0700)]
ovn: Implement logical patch ports.
This implementation is suboptimal for several reasons. First, it
creates an OVS port for every OVN logical patch port, not just for the
ones that are actually useful on this hypervisor. Second, it's
wasteful to create an OVS patch port per OVN logical patch port, when
really there's no benefit to them beyond a way to identify how a
packet ingressed into a logical datapath.
There are two obvious ways to improve the situation here, by modifying
OVS:
1. Add a way to configure in OVS which fields are preserved on a
hop across an OVS patch port. If MFF_LOG_DATAPATH and
MFF_LOG_INPORT were preserved, then only a single pair of OVS
patch ports would be required regardless of the number of OVN
logical patch ports.
2. Add a new OpenFlow extension action modeled on "resubmit" that
also saves and restores the packet data and metadata (the
inability to do this is the only reason that "resubmit" can't
be used already). Or add OpenFlow extension actions to
otherwise save and restore packet data and metadata.
We should probably choose one of those in the medium to long term, but
I don't know which one.
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Justin Pettit <jpettit@nicira.com>
Ben Pfaff [Fri, 16 Oct 2015 20:36:46 +0000 (13:36 -0700)]
patch: Allow client to determine port names.
Calculating the patch port names from the bridge names makes sense when
there's only one pair of patch ports between a pair of bridges, but that
won't be the case for an upcoming use of patch ports.
This changes makes it easy to check for existing patch ports in
create_patch_port(), instead of in its caller, and since that seems like a
more sensible place this change also moves it there.
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Justin Pettit <jpettit@nicira.com>
Ben Pfaff [Fri, 16 Oct 2015 20:08:21 +0000 (13:08 -0700)]
patch: Refactor to better support new kinds of patches.
Until now, the code here lumped together what was necessary to create and
destroy patch ports, with what was necessary to identify the patch ports
that were needed. An upcoming patch will add new reasons to create patch
ports, so this commit more cleanly separates those two functions.
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Justin Pettit <jpettit@nicira.com>
Ben Pfaff [Thu, 1 Oct 2015 16:37:53 +0000 (09:37 -0700)]
ovn-controller: Factor patch port management into new "patch" module.
Upcoming patches will introduce new extensive use of patch ports and it
seems reasonable to put it into its own file.
This is mostly code motion. Code changes are limited to those necessary
to make the separated code compile, except for renaming
init_bridge_mappings() to patch_run().
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Justin Pettit <jpettit@nicira.com>
Ben Pfaff [Sat, 17 Oct 2015 03:07:49 +0000 (20:07 -0700)]
ovn: Update TODO, ovn-northd flow table design, ovn-architecture for L3.
This is a proposed plan for logical L3 in OVN. It is not entirely
complete but it includes many important details and I believe that it moves
planning forward.
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Justin Pettit <jpettit@nicira.com>
Windows has INET6_ADDRSTRLEN defined as 65 whereas
POSIX has it as 46. This difference causes a unit test
failure as the test 'tunnel_push_pop' was looking at o/p
format based on the length of INET6_ADDRSTRLEN.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com> Acked-by: Joe Stringer <joestringer@nicira.com>
Simon Horman [Fri, 16 Oct 2015 10:50:47 +0000 (19:50 +0900)]
ofproto: Correct encoding and decoding of group desc properties.
* encode: if properties are present include their length in
value of the length field of the group desc
* decode: use the value of the length field to calculate the length of
properties rather than assuming that the rest of the message
is properties. This assumption is not correct as a message
may contain multiple group descs.
Fixes: 18ac06d3546e ("ofp-util: Encoding and decoding of (draft) OpenFlow 1.5 group messages.") Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Justin Pettit [Thu, 15 Oct 2015 05:28:35 +0000 (22:28 -0700)]
ovn.at: Add test for gateway.
This test exposed a problem that ovn-controller-vtep doesn't properly
set up the "Mcast_Macs_Remote" table, which prevents broadcasts from
being sourced from the physical side of the VTEP. That issue needs to
be resolved, and then the full set of gateway traffic patterns can run.
Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Justin Pettit [Fri, 16 Oct 2015 04:14:40 +0000 (21:14 -0700)]
ovn: Add stateful ACL support.
Add support for the "allow-related" ACL action. This is dependent on
the OVS conntrack functionality, which is not available on all platforms
or kernel versions.
Here is a sample policy that will allow all tenants in logical switch
"ls0" to SSH to each other. Anyone can make an HTTP request to "lp0".
All other IP traffic is dropped:
Ben Pfaff [Sat, 10 Oct 2015 03:33:26 +0000 (20:33 -0700)]
nx-match: Serialize match on IP TTL even when outputting OXM.
The 'oxm' parameter to nxm_put_ip() indicates whether NXM or OXM code
points should be used in cases where both exist. It shouldn't cause
matches to be dropped entirely, since that changes the meaning, but that's
what was done here for matches on the IP (v4 or v6) TTL. This commit
fixes the problem.
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Justin Pettit <jpettit@nicira.com>
Ben Pfaff [Wed, 7 Oct 2015 04:43:45 +0000 (21:43 -0700)]
ovn: Change h1 titles to title case in documentation.
Manpage section titles are traditionally all-uppercase, but OVS's
XML-to-nroff translator takes care of that and there's no need to actually
provide them in all-caps (and it looks ugly).
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Justin Pettit <jpettit@nicira.com>
Ben Pfaff [Fri, 16 Oct 2015 03:25:26 +0000 (20:25 -0700)]
ovn: Extend logical "next" action to jump to arbitrary flow tables.
This makes it easier to route a "destination unreachable" message
generated because of an IP routing failure, because the destination
unreachable message must itself be routed the same way.
Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Justin Pettit <jpettit@nicira.com>
Joe Stringer [Wed, 14 Oct 2015 20:17:44 +0000 (13:17 -0700)]
vswitch.xml: Update docs for max-idle.
When this configuration parameter was initially introduced into the
database, the documentation was not updated to describe where it
resides. Add the documentation, with the caveat that in most situations,
there is no need to tweak this option and it is primarily present for
the benefit of developers working on flow caching.
Fixes: 72310b041cfa ("upcall: Configure datapath max-idle through ovs-vsctl.") Reported-by: Hadar Hen Zion <hadarh@dev.mellanox.co.il> Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
Shad Ansari [Wed, 7 Oct 2015 20:52:11 +0000 (13:52 -0700)]
ovsdb-idl: Test script for Python register_columns function
Add test scripts to exercise the register_columns() function of the
Python IDL. Add ability to specify columns in the "idl" command of
test-ovsdb.py. All columns of all tables are monitored by default.
The new "?" option can be used to monitor specific Table:Column(s).
The table and their columns are listed as a string of the form starting
with "?":
?<table-name>:<column-name>,<column-name>,...
e.g.:
?simple:b - Monitor column "b" in table "simple"
Entries for multiple tables are seperated by "?":
?<table-name>:<column-name>,...?<table-name>:<column-name>,...
e.g.:
?simple:b?link1:i,k - Monitor column "b" in table "simple",
and column "i", "k" in table "link1"
Signed-off-by: Shad Ansari <shad.ansari@hp.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
Joe Stringer [Wed, 23 Sep 2015 01:04:25 +0000 (18:04 -0700)]
system-traffic: Add ct tests using local stack.
When interacting with the local stack, the kernel may provide packets
with existing ct state as they ingress OVS. These tests check that we
are able to connection-track such packets successfully in non-zero
zones, using slightly more realistic pipelines.
Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Daniele Di Proietto <diproiettod@vmware.com>