Since DPDK commit 30e639989227("mempool: support non-EAL thread"),
non-EAL threads can use the mempool API safely. Plus, nonpmd threads
access to netdev is already serialized with 'non_pmd_mutex' in
dpif-netdev.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Acked-by: Ben Pfaff <blp@ovn.org> Acked-by: Aaron Conole <aconole@redhat.com> Tested-by: Aaron Conole <aconole@redhat.com>
netdev-dpdk: Do not abort if out of hugepage memory.
We can run out of hugepage memory coming from rte_*alloc() more easily
than heap coming from malloc().
Therefore:
* We should not use hugepage memory if we're going to access it only in
the slowpath.
* We shouldn't abort if we're out of hugepage memory.
* We should gracefully handle out of memory conditions.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Acked-by: Ben Pfaff <blp@ovn.org> Acked-by: Aaron Conole <aconole@redhat.com> Tested-by: Aaron Conole <aconole@redhat.com>
I think it's clearer to use RCU than to check for a pointer twice in the
fast path (before and after taking the spinlock). Now the spinlock is
integrated into 'qos_conf'.
'qos_conf' objects cannot be modified, so, instead of having
'qos_set()', we now have 'qos_is_equal()', which tells us if an object
must be destroyed and recreated.
With this patch we also avoid passing the netdev parameter to qos ops,
since it was unused most of the times.
Lastly, some duplication is removed.
CC: Ian Stokes <ian.stokes@intel.com> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Acked-by: Ben Pfaff <blp@ovn.org> Acked-by: Aaron Conole <aconole@redhat.com> Tested-by: Aaron Conole <aconole@redhat.com>
Looks like we forgot to add the copyright headers to netdev-dpdk.h.
Looking at the contribution history of the file, this commit adds the
header with Red Hat copyright.
Looks like we forgot to add the copyright headers to netdev-dpdk.h.
Looking at the contribution history of the file, this commit adds the
header with Nicira copyright.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Acked-by: Ben Pfaff <blp@ovn.org> Acked-by: Aaron Conole <aconole@redhat.com> Tested-by: Aaron Conole <aconole@redhat.com>
dp_netdev_get_pmd() is allowed to return NULL (even if we call it with
NON_PMD_CORE_ID) for different reasons:
* Since we use RCU to protect pmd threads, it is possible that
ovs_refcount_try_ref_rcu() has failed.
* During reconfiguration we destroy every thread.
This commit makes sure that we always handle the case when
dp_netdev_get_pmd() returns NULL without crashing (the change in
dpif_netdev_run() doesn't fix anything, because everything is happening
in the main thread, but it's better to honor the interface in case we
change our threading model).
This actually fixes a pretty serious crash that happens if
dpif_netdev_execute() is called from a non pmd thread while
reconfiguration is happening. It can be triggered by enabling bfd
(because it's handled by the monitor thread, which is a non pmd thread)
on an interface and changing something that requires datapath
reconfiguration (n_rxq, pmd-cpu-mask, mtu).
A testcase that reproduces the race condition is included.
This is a possible backtrace of the segfault:
#0 0x000000000060c7f1 in dp_execute_cb (aux_=0x7f1dd2d2a320,
packets_=0x7f1dd2d2a370, a=0x7f1dd2d2a658, may_steal=false) at
../lib/dpif-netdev.c:4357
#1 0x00000000006448b2 in odp_execute_actions (dp=0x7f1dd2d2a320,
batch=0x7f1dd2d2a370, steal=false, actions=0x7f1dd2d2a658,
actions_len=8,
dp_execute_action=0x60c7a5 <dp_execute_cb>) at
../lib/odp-execute.c:538
#2 0x000000000060d00c in dp_netdev_execute_actions (pmd=0x0,
packets=0x7f1dd2d2a370, may_steal=false, flow=0x7f1dd2d2ae70,
actions=0x7f1dd2d2a658, actions_len=8,
now=44965873) at ../lib/dpif-netdev.c:4577
#3 0x000000000060834a in dpif_netdev_execute (dpif=0x2b67b70,
execute=0x7f1dd2d2a578) at ../lib/dpif-netdev.c:2624
#4 0x0000000000608441 in dpif_netdev_operate (dpif=0x2b67b70,
ops=0x7f1dd2d2a5c8, n_ops=1) at ../lib/dpif-netdev.c:2654
#5 0x0000000000610a30 in dpif_operate (dpif=0x2b67b70,
ops=0x7f1dd2d2a5c8, n_ops=1) at ../lib/dpif.c:1268
#6 0x000000000061098c in dpif_execute (dpif=0x2b67b70,
execute=0x7f1dd2d2aa50) at ../lib/dpif.c:1233
#7 0x00000000005b9008 in ofproto_dpif_execute_actions__
(ofproto=0x2b69360, version=18446744073709551614, flow=0x7f1dd2d2ae70,
rule=0x0, ofpacts=0x7f1dd2d2b100,
ofpacts_len=16, indentation=0, depth=0, resubmits=0,
packet=0x7f1dd2d2b5c0) at ../ofproto/ofproto-dpif.c:3806
#8 0x00000000005b907a in ofproto_dpif_execute_actions
(ofproto=0x2b69360, version=18446744073709551614, flow=0x7f1dd2d2ae70,
rule=0x0, ofpacts=0x7f1dd2d2b100,
ofpacts_len=16, packet=0x7f1dd2d2b5c0) at
../ofproto/ofproto-dpif.c:3823
#9 0x00000000005dea9b in xlate_send_packet (ofport=0x2b98380,
oam=false, packet=0x7f1dd2d2b5c0) at
../ofproto/ofproto-dpif-xlate.c:5792
#10 0x00000000005bab12 in ofproto_dpif_send_packet (ofport=0x2b98380,
oam=false, packet=0x7f1dd2d2b5c0) at ../ofproto/ofproto-dpif.c:4628
#11 0x00000000005c3fc8 in monitor_mport_run (mport=0x2b8cd00,
packet=0x7f1dd2d2b5c0) at ../ofproto/ofproto-dpif-monitor.c:287
#12 0x00000000005c3d9b in monitor_run () at
../ofproto/ofproto-dpif-monitor.c:227
#13 0x00000000005c3cab in monitor_main (args=0x0) at
../ofproto/ofproto-dpif-monitor.c:189
#14 0x00000000006a183a in ovsthread_wrapper (aux_=0x2b8afd0) at
../lib/ovs-thread.c:342
#15 0x00007f1dd75eb444 in start_thread (arg=0x7f1dd2d2c700) at
pthread_create.c:333
#16 0x00007f1dd6e1d20d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:109
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Acked-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Thu, 6 Oct 2016 03:07:56 +0000 (20:07 -0700)]
tests: Get rid of overly specific --pidfile and --unixctl options.
At an early point in OVS development, OVS was built with fixed default
directories for pidfiles and sockets. This meant that it was necessary to
use lots of --pidfile and --unixctl options in the testsuite, to point the
daemons to where they should put these files (since the testsuite cannot
and generally should not touch the real system /var/run). Later on,
the environment variables OVS_RUNDIR, OVS_LOGDIR, etc. were introduced
to override these defaults, and even later the testsuite was changed to
always set these variables correctly in every test. Thus, these days it
isn't usually necessary to specify a filename on --pidfile or to specify
--unixctl at all. However, many of the tests are built by cut-and-paste,
so they tended to keep appearing anyhow. This commit drops most of them,
making the testsuite easier to read and understand.
This commit also sweeps away some other historical detritus. In
particular, in early days of the testsuite there was no way to
automatically kill daemons when a test failed (or otherwise ended). This
meant that some tests were littered with calls to "kill `cat pidfile`" on
almost every line (or m4 macros that expanded to the same thing) so that if
a test failed partway through the testsuite would not hang waiting for a
daemon to die that was never going to die without manual intervention.
However, a long time ago we introduced the "on_exit" mechanism that
obsoletes this. This commit eliminates a lot of the old litter of kill
invocations, which also makes those tests easier to read.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Andy Zhou <azhou@ovn.org>
Ben Pfaff [Wed, 12 Oct 2016 17:40:53 +0000 (10:40 -0700)]
tests: Fix double-rebuild of testsuite for "check-valgrind" and similar.
When I ran "make check-valgrind -j10" and the testsuite needed to be
rebuilt, two copies of it were rebuilt in parallel and sometimes they
raced with each other. I don't have the full story on exactly why this
happened, but this commit, which eliminates redundant dependencies from
check-* targets, fixes the problem for me. The dependencies are redundant
because these targets depend on "all", which also depends on them.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Andy Zhou <azhou@ovn.org>
Ben Pfaff [Thu, 6 Oct 2016 22:31:07 +0000 (15:31 -0700)]
expr: Better simplify some special cases of expressions.
It's pretty unlikely that a human would write expressions like these, but
they can come up in machine-generated expressions and it seems best to
simplify them in an efficient way.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Andy Zhou <azhou@ovn.org>
Ben Pfaff [Fri, 7 Oct 2016 01:08:30 +0000 (18:08 -0700)]
expr: Fix abort when simplifying "x != 0/0".
The test added by this commit is very specific to the particular problem,
whereas a more general test would be better. A later commit adds the
general test.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Andy Zhou <azhou@ovn.org>
Ben Pfaff [Fri, 7 Oct 2016 00:54:19 +0000 (17:54 -0700)]
expr: Simplify "x == 0/0" into 1.
An expression like "x == 0/0" does not test any actual bits in field x,
so it resolves to true, but expr_simplify() was not smart enough to see
this.
This goes beyond an optimization, to become a bug fix, because
expr_normalize() will assert-fail for expressions that become trivial
when this simplification is omitted. For example:
The test added by this commit is very specific to the particular problem,
whereas a more general test would be better. A later commit adds the
general test.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Andy Zhou <azhou@ovn.org>
Ben Pfaff [Wed, 21 Sep 2016 03:33:50 +0000 (20:33 -0700)]
ovn: Remove weird or unneeded keywords from tests.
AT_KEYWORDS are mostly there to make it easier to find the tests you're
looking for. One might, for example, mark tests as "positive" or
"negative" so you can select the tests you want to run on that basis.
They're also useful for cases where Autotest just isn't good at splitting
words: for example, Autotest includes punctuation so that a test name
that has a word followed by a comma or colon won't be selected using a
keyword that lacks the comma or the colon.
But a lot of OVN tests had keywords that just didn't seem helpful in one
of these ways. For example, it's hard to guess why running together
words into a longer word would help someone select a test, and it's not
helpful at all to repeat one of the words in the test name, since those
words are keywords by default anyway.
Therefore, this commit removes the keywords that don't seem helpful.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Gurucharan Shetty <guru@ovn.org>
Ben Pfaff [Sat, 1 Oct 2016 00:56:54 +0000 (17:56 -0700)]
ovn: Fix some races in ovn-controller-vtep tests.
This fixes a few races for port bindings appearing and being bound to
a chassis. The ones changed to use "ovn-sbctl wait-until" were previously
only waiting until a Port_Binding record appeared (created by ovn-northd),
but not until the Port_Binding record's 'chassis' column was set (by
ovn-controller).
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Gurucharan Shetty <guru@ovn.org>
ovn-northd: support IPAM with externally specified MAC
The current IPAM implementation allocates both a MAC address and
an IPv4 address when dynamic address allocation is requested. This
patch adds the ability to specify a fixed MAC address for use with
dynamic IPv4 address allocation.
Ryan Moats [Thu, 6 Oct 2016 01:55:03 +0000 (20:55 -0500)]
ovn-controller: honor ovs_idl_txn when calculating and installing flows.
ovs_idl_txn is checked before various routines (like patch_run) execute.
However, flow calculation and installation does not also check this
variable, which can lead to oscillations as described in [1].
The command "ovn-nbctl lrp-add" should not set the MAC address
which length is invalid to logical router port. This patch
updates the eth_addr_from_string() to check trailing characters.
We should use the ovs_scan() to check the "addresses" owned by
the logical port, instead of eth_addr_from_string(). This patch
also updates the ovn-nbctl tests.
Signed-off-by: nickcooper-zhangtonghao <nickcooper-zhangtonghao@opencloud.tech> Signed-off-by: Ben Pfaff <blp@ovn.org>
Numan Siddique [Wed, 5 Oct 2016 12:20:24 +0000 (17:50 +0530)]
python: Add SSL support to the python ovs client library
SSL support is added to the ovs/stream.py. pyOpenSSL library is used
to support SSL. If this library is not present, then the SSL stream
is not registered with the Stream class.
Signed-off-by: Numan Siddique <nusiddiq@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Jarno Rajahalme [Wed, 5 Oct 2016 01:03:59 +0000 (18:03 -0700)]
ofproto: Always delete rules before deleting a meter.
When deleting a bridge it is currently possible to delete a mater
without deleting the rules using the meter first. Fix this by moving
the meter's rule deletion to meter_delete().
Reported-by: Petr Machata <pertm@mellanox.com> Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
After profiling OVSDB insert performance it was found
that some significant portion of its time OVSDB is
calling the function json_clone.
Also, the current usages of json_clone never modify the json,
just keeps it to prevent it to be freed.
With that in mind the struct json, json_create, json_clone
and json_destroy were modified to keep a count of how many
references of the json struct are left. Only when that count
reaches zero the json struct is freed.
The old "json_clone" function was renamed as "json_deep_clone".
Some examples of the performance difference:
In these tests a test table with 4 columns (string, string,
bool, integer) was used. All the tests used "commit block".
*** 50 process each inserting 1000 rows ***
Master OVS
Test Duration 131 seconds
Average Inserts Per second 746.2687 inserts/s
Average Insert Duration 134.1382 ms
Minimal Insert Duration 0.166202 ms
Maximum Insert Duration 489.8593 ms
JSON GC Patch
Test Duration 86 seconds
Average Inserts Per second 1176 inserts/s
Average Insert Duration 82.26761 ms
Minimal Insert Duration 0.165448 ms
Maximum Insert Duration 751.2111 ms
*** 5 process each inserting 10000 rows ***
Master OVS
Test Duration 8 seconds
Average Inserts Per second 7142.857 inserts/s
Average Insert Duration 0.656431 ms
Minimal Insert Duration 0.125197 ms
Maximum Insert Duration 11.93203 ms
JSON GC Patch
Test Duration 7 seconds
Average Inserts Per second 8333.333 inserts/s
Average Insert Duration 0.55688 ms
Minimal Insert Duration 0.143233 ms
Maximum Insert Duration 26.26319 ms
Signed-off-by: Esteban Rodriguez Betancourt <estebarb@hpe.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Aaron Conole [Tue, 4 Oct 2016 20:18:10 +0000 (16:18 -0400)]
ovstest: Initialize command mode to RO
When the read-only infrastucture support was added, the test-suite
registration was missed. This causes tools like valgrind to complain
about uninitialized variable usage.
Fixes: 1f4a7252d9e7 ("Add read-only option to ovs-dpctl and...") Cc: Ryan Moats <rmoats@us.ibm.com> Signed-off-by: Aaron Conole <aconole@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Make sure we take the return values into consideration so we can
break early in case of failures. This makes the ovs-ctl helper more
accurate in reporting the real status of its managing processes.
Check and allocate free qdisc queue id for ports with qos parameters
ovn-northd processes the list of Port_Bindings and hashes the list of
queues per chassis. When it finds a port with qos_parameters and without
a queue_id, it allocates a free queue for the chassis that this port belongs.
The queue_id information is stored in the options field of Port_binding table.
Adds an action set_queue to the ingress table 0 of the logical flows
which will be translated to openflow set_queue by ovn-controller
ovn-controller opens the netdev corresponding to the tunnel interface's
status:tunnel_egress_iface value and configures a HTB qdisc on it. Then for
each SB port_binding that has queue_id set, it allocates a queue with the
qos_parameters of that port. It also frees up unused queues.
This patch replaces the older approach of policing
Signed-off-by: Babu Shanmugam <bschanmu@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Eric Garver [Tue, 4 Oct 2016 14:14:46 +0000 (10:14 -0400)]
netdev-linux: double tagged packets should use 0x88a8
We need to check if a packet is double tagged. If so make sure to push
0x88a8 instead of 0x8100. Without this a simple port redirect of 802.1ad
frames means the outer tag gets translated from 0x88a8 to 0x8100 by the
userspace datapath.
This only affected kernels that don't use TP_STATUS_VLAN_TPID_VALID,
which is kernels < 3.14.
Signed-off-by: Eric Garver <e@erig.me> Signed-off-by: Ben Pfaff <blp@ovn.org>
This patch provides the command line to create a load balancer.
You can create a load balancer independently and add it to multiple
switches or routers. A single load balancer can have multiple vips.
Add a name column for the load balancer. With --add-duplicate,
the command really creates a new load balancer with a duplicate name.
This name has no special meaning or purpose other than to provide
convenience for human interaction with the ovn-nb database.
This patch also provides the unit tests and the documentation.
tests/bundle: test bundle action with ports up and down
Also, add the keyword bundle_action to all the tests in bundle.at,
distinguishing it from OF bundles.
It came to my attention recently that bundle_load will load 0xFFFF in case all
the slaves are down, as bundle_execute will return OFPP_NONE.
As I noticed this was not explicitly tested, not even for the bundle action, I
thought it would be nice to do it as a way of documenting this behavior.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Gabe Beged-Dov [Thu, 29 Sep 2016 22:40:02 +0000 (15:40 -0700)]
ovn: update docs for l2gateway port vlan tag
update description of l2gateway logical switch ports to include optional
vlan tag. Also restore comment in ovn/controller/physical.c from original commit
by Russell Bryant (184bc3c ovn: Add software l2 gateway) on 7/1/2016.
Signed-off-by: Gabe Beged-Dov <gabe@begeddov.com> Co-authored-by: Russell Bryant <russell@ovn.org> Signed-off-by: Russell Bryant <russell@ovn.org>
netdev-dpdk: Allow configurable queue sizes for 'dpdk' ports
The 'options:n_rxq_desc' and 'n_txq_desc' fields allow the number of rx
and tx descriptors for dpdk ports to be modified. By default the values
are set to 2048, but can be modified to an integer between 1 and 4096
that is a power of two. The values can be modified at runtime, however
require the NIC to restart when changed.
Ben Pfaff [Thu, 29 Sep 2016 21:41:51 +0000 (14:41 -0700)]
ovs-ofctl: Tolerate differences in IPv6 formatting.
glibc formats single zeros as 0: fec0:0:1234:f045:8fff:1111:fe4e:571
Musl formats single zeros as ::: fec0::1234:f045:8fff:1111:fe4e:571
This patch makes the OVS testsuite tolerate either one.
Reported-by: Stuart Cardall <developer@it-offshore.co.uk>
Reported-at: http://openvswitch.org/pipermail/discuss/2016-September/022803.html Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Thu, 29 Sep 2016 21:41:50 +0000 (14:41 -0700)]
tests: Use Linux-specific way to get parent PID, to avoid noncompliant "ps".
POSIX defines "ps" -o and -p options, but the "ps" implementation in
busybox (used in Alpine Linux) doesn't support -p, which makes some tests
fail for no good reason. Therefore, this commit makes the testsuite
instead check for support for the Linux-specific /proc-based way to find
the parent of a process and prefer that over "ps" when available.
Reported-by: Stuart Cardall <developer@it-offshore.co.uk>
Reported-at: http://openvswitch.org/pipermail/discuss/2016-September/022803.html Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Fri, 30 Sep 2016 15:23:21 +0000 (08:23 -0700)]
ovn: Do not reply to ARP or ND NS for a VM's own IP address.
When a VM sends an ARP or an ND NS for its own IP address, it is trying to
check for a duplicate address in the network. OVN needs to suppress the
reply in such a case, otherwise the VM thinks that its address is a
duplicate.
Mark Kavanagh [Thu, 29 Sep 2016 10:27:03 +0000 (11:27 +0100)]
netdev-dpdk: Fix coding style
Coding style violations of the following conventions are present in netdev-dpdk.c:
- limit lines to 79 characters
- put a space after (but not before) the "sizeof" keyword
- put a space between the () used in a cast and the
expression whose type is cast: (void *) 0.
Resolve occurrences of each, and any other minor style infractions.
Signed-off-by: Mark Kavanagh <mark.b.kavanagh@intel.com> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Mark Kavanagh [Thu, 29 Sep 2016 10:27:02 +0000 (11:27 +0100)]
netdev-dpdk: consistent naming for mbuf variables
Pointers to struct rte_mbuf are typically denoted within functions as
'pkt'; similarly, arrays of, and pointer-to-pointer to, struct rte_mbuf
are denoted by 'pkts'.
Update discrepancies to the above convention for consistency.
Signed-off-by: Mark Kavanagh <mark.b.kavanagh@intel.com> Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
'dpdk_mutex' protects two independent things: list of dpdk devices
and list of memory pools. Let's spit it in two to avoid global blocking
inside 'netdev_dpdk.*_reconfigure()' as possible.
Signed-off-by: Ilya Maximets <i.maximets@samsung.com> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Joe Stringer [Tue, 20 Sep 2016 21:58:00 +0000 (14:58 -0700)]
revalidator: Simplify full-revalidation code.
Simplify the remaining bits of the original revalidation codepath to
only handle the "full-revalidation" case. Make the 'ukey' parameter
purely const by pushing the only piece that gets changed into a separate
argument.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Joe Stringer [Tue, 20 Sep 2016 21:08:21 +0000 (14:08 -0700)]
revalidator: Defer stats push to end of validation.
To make more of the core revalidate() functions do just one thing and
not modify state on the way, refactor them to prepare the xcache then
defer the ukey modification and stats/side effects execution to the end
of successful revalidation.
If revalidation causes deletion, then the xcache will be prepared and
attached to the ukey, but the actual execution will be skipped since it
will be executed on flow_delete very soon anyway with final stats.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Joe Stringer [Wed, 28 Sep 2016 21:42:39 +0000 (14:42 -0700)]
revalidator: Prepare xcache before xlate_lookup.
Functionally this has little change, but it allows the following patch
to refactor the translation code with less changes.
Strictly speaking the odp_flow_key_to_flow() and xlate_lookup() error
cases should free the ukey->xcache, since it's empty and was never
initialised via the later call to xlate_actions(). However, if one of
these error conditions is hit during a flow dump, then there's no way
that it will ever succeed on a subsequent revalidate/delete. Rather, the
later revalidate/delete would do no stats translation - the same result
as keeping the empty xcache here.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
The second macro represents tests 1 and 2, while the third macro
represents two variations on test 3: with and without TCP sequence
adjustment.
By using these macros to declare the tests, much of the code may be
reused and shared rather than copying/pasting. As a result, the
differences between tests are easier to identify.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Jarno Rajahalme <jarno@ovn.org>
ofp-actions: Always consider inconsistent CT actions as an error.
We can't downgrade to OF1.0 and expect inconsistent CT actions
be silently discarded. Instead, datapath flow install fails, so
it is better to flag inconsistent CT actions as hard errors.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Joe Stringer <joe@ovn.org>
upcall: Don't start new revalidation round too soon after the last one.
The execution time of 'ovs-ofctl add-flows' with a large number of
flows can be more than halved if revalidators are not running after
each flow mod separately. This was first suspected when it was found
that 'ovs-ofctl --bundle add-flows' is about 10 times faster than the
same command without the '--bundle' option in a scenario where there
is a large set of flows being added and no datapath flows at all. One
of the differences caused by the '--bundle' option is that the
revalidators are woken up only once, at the end of the whole set of
flow table changes, rather than after each flow table change
individually.
This patch limits the revalidation to run at most 200 times a second
by enforcing a minimum of 5ms time gap between the start times of
revalidation rounds. If nothing happens in, say 6 milliseconds, and
then a new flow table change is signaled, the revalidator threads wake
up immediately without any further delay. Values smaller than 5 were
found to increase the 'ovs-ofctl add-flows' execution time noticeably.
Since the revalidators are not running after each flow mod, the
overall OVS CPU utilization during the 'ovs-ofctl add-flows' run time
is reduced roughly by one core on a four core machine.
In testing the 'ovs-ofctl add-flows' execution time is not
significantly improved from this even if the revalidators are not
notified about the flow table changes at all.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
David Hill [Tue, 30 Aug 2016 19:13:31 +0000 (15:13 -0400)]
netdev-linux: Use ethtool when miimon fails.
Some network drivers might return true to SIOCGMIIPHY and an error on
SIOCGMIIREG when using MII to query phy state. Fall back to ethtool if this
happens to allow failover to work when using such nics.
Reported-at: http://openvswitch.org/pipermail/dev/2016-August/078800.html Signed-off-by: David Hill <dhill@redhat.com> Signed-off-by: Joe Stringer <joe@ovn.org>
OVS GRE IPsec tunnel support has multiple issues, Therefore
it was deprecated in OVS 2.6.
Following patch removes support for GRE IPsec and allows external
IPsec tunnel management for any type of tunnel not just GRE.
e.g. user can encrypt Geneve or VxLan traffic.
It can be done by using openflow pipeline to set skb-mark
and using IPsec keying daemons to implement IPsec tunnels.
This packet can be matched for the skb-mark to encrypt
selective tunnel traffic.
Andy Zhou [Tue, 20 Sep 2016 19:44:32 +0000 (12:44 -0700)]
ovsdb: Fix segfalut during replication.
The newly added replication logic makes it possible for a monitor to
receive delete and insertion of the same row back to back, which
was not possible before. Add logic (and comment) to handle this
case to avoid follow crash reported by Valgrind:
#0 0x0000000000453edd in ovsdb_datum_compare_3way
(a=0x5efbe60, b=0x0, type=0x5e6a848) at lib/ovsdb-data.c:1626
#1 0x0000000000453ea4 in ovsdb_datum_equals
(a=0x5efbe60, b=0x0, type=0x5e6a848) at lib/ovsdb-data.c:1616
#2 0x000000000041b651 in update_monitor_row_data
(mt=0x5eda4a0, row=0x5efbe00, data=0x0) at ovsdb/monitor.c:310
#3 0x000000000041ed14 in ovsdb_monitor_changes_update
(old=0x0, new=0x5efbe00, mt=0x5eda4a0, changes=0x5ef7180)
at ovsdb/monitor.c:1255
#4 0x000000000041f12e in ovsdb_monitor_change_cb
(old=0x0, new=0x5efbe00, changed=0x5efc218, aux_=0xffefff040)
at ovsdb/monitor.c:1339
#5 0x000000000042ded9 in ovsdb_txn_for_each_change
(txn=0x5efbd90, cb=0x41ef50 <ovsdb_monitor_change_cb>,
aux=0xffefff040) at ovsdb/transaction.c:906
#6 0x0000000000420155 in ovsdb_monitor_commit
(replica=0x5eda2c0, txn=0x5efbd90, durable=false)
at ovsdb/monitor.c:1553
#7 0x000000000042dc04 in ovsdb_txn_commit_
(txn=0x5efbd90, durable=false) at ovsdb/transaction.c:868
#8 0x000000000042ddd4 in ovsdb_txn_commit (txn=0x5efbd90, durable=false)
at ovsdb/transaction.c:893
#9 0x0000000000422e0c in process_notification
(table_updates=0x5efad10, db=0x5e6bd40) at ovsdb/replication.c:575
#10 0x0000000000420ff3 in replication_run () at ovsdb/replication.c:184
#11 0x0000000000405cc8 in main_loop
(jsonrpc=0x5e67770, all_dbs=0xffefff3a0, unixctl=0x5ebd980,
remotes=0xffefff360, run_process=0x0, exiting=0xffefff3c0,
is_backup=0xffefff2de) at ovsdb/ovsdb-server.c:198
#12 0x0000000000406edb in main (argc=1, argv=0xffefff550)
at ovsdb/ovsdb-server.c:429
Reported-by: Joe Stringer <joe@ovn.org>
Reported-at: http://openvswitch.org/pipermail/dev/2016-September/079315.html Reported-by: Alin Serdean <aserdean@cloudbasesolutions.com>
Reported-at: http://openvswitch.org/pipermail/dev/2016-September/079586.html Co-authored-by: Joe Stringer <joe@ovn.org> Signed-off-by: Andy Zhou <azhou@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Fixes test failure seen due to the IPsec tunnel deprecation
messages in test logs.
Fixes: 9e9d0384910e ("openvswitch: deprecates support for IPsec tunnel port."). Reported-by: Joe Stringer <joe@ovn.org> Signed-off-by: Pravin B Shelar <pshelar@ovn.org> Acked-by: Joe Stringer <joe@ovn.org>
openvswitch: deprecates support for IPsec tunnel port.
OVS IPsec tunnel support has issues:
1. It only works for GRE.
2. only works on Debian.
3. It does not allow user to match on packet-mark
on packet received on tunnel ports.
This patch deprecates support for IPsec tunnel port.
Signed-off-by: Pravin B Shelar <pshelar@ovn.org> Acked-by: Ansis Atteka <aatteka@ovn.org>
ovn-controller: Store conntrack zone mappings to OVS database.
If ovn-controller is restarted, it may choose different conntrack zones
than had been previously used, which could cause the wrong conntrack
entries to be associated with a logical port. This commit stores in the
integration bridge's OVS "Bridge" table the mapping to the conntrack zone.
Signed-off-by: Justin Pettit <jpettit@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
projects / ovs.git / log