git.cascardo.eti.br Git - cascardo/ovs.git/log

hmap: Add HMAP_FOR_EACH_POP.

Makes popping each member of the hmap a bit easier.

Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Ben Pfaff <blp@ovn.org>

system-tests: Add tcp simple test.

Useful to test the datapath ability to forward tcp packets without the
complexity of connection tracking.

Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Joe Stringer <joe@ovn.org>
Acked-by: Flavio Leitner <fbl@sysclose.org>

system-tests: Disable offloads in userspace tests.

The system userspace testsuite uses the userspace datapath with
netdev-linux devices, connected to veth pairs with the AF_PACKET socket:

             (veth pair)     (AF_PACKET)
TCP stack -> p0 ---> ovs-p0  -------------> netdev-linux (userspace OVS)

Unfortunately this configuration has some problems with offloads: a
packet generated by the TCP stack maybe sent to p0 without being
checksummed or segmented. The AF_PACKET socket, by default, ignores the
offloads and just transmits the data of the packets to userspace, but:

1. The packet may need GSO, so the data will be too big to be received
   by the userspace datapath
2. The packet might have incomplete checksums, so it will likely be
   discarded by the receiver.

Problem 1 causes TCP connections to see a congestion window smaller than
the MTU, which hurts performance but doesn't prevent communication.

Problem 2 was hidden in the testsuite by a Linux kernel bug, fixed by
commit ce8c839b74e3("veth: don’t modify ip_summed; doing so treats
packets with bad checksums as good").  In the kernels that include the
fix, the userspace datapath is able to process pings, but not tcp or udp
data.

Unfortunately I couldn't find a way to ask the AF_PACKET to perform
offloads in kernel.  A possible fix would be to use the PACKET_VNET_HDR
sockopt and perform the offloads in userspace.

Until a proper fix is worked out for netdev-linux, this commit disables
offloads on the non-OVS side of the veth pair, as a workaround.

Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Joe Stringer <joe@ovn.org>
Acked-by: Flavio Leitner <fbl@sysclose.org>

datapath-windows: Pause switch state on PnP event

A PnP(plug and play) event will be triggered before trying to disable
the extension. We could use this PnP event to prepare for detaching
the datapath.

This patch sets the switch into a paused state so no more net buffers
are queued.

Also clean some commentaries.

Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ovn-controller-vtep: Support BUM traffic for the VTEP Schema.

This patch implements BUM support in the VTEP schema.  This relates to
BUM traffic flowing from a gateway towards HVs.  This code would be
relevant to HW gateways and the ovs-vtep simulator. In order to do this,
the mcast macs remote table in the VTEP schema is populated based on the
OVN SB port binding.  For each logical switch, the SB port bindings are
queried to find all the physical locators to send BUM traffic to and the
VTEP DB is updated.

Some test packets were enabled in the HW gateway test case to exercise
the new code.

Signed-off-by: Darrell Ball <dlu998@gmail.com>
Signed-off-by: Justin Pettit <jpettit@ovn.org>

packets: use flow protocol when recalculating ipv6 checksums

When using masked actions the ipv6_proto field of an action
to set IPv6 fields may be zero rather than the prevailing protocol
which will result in skipping checksum recalculation.

This patch resolves the problem by relying on the protocol
in the packet rather than that in the set field action.

A similar fix for the kernel datapath has been accepted into David Miller's
'net' tree as b4f70527f052 ("openvswitch: use flow protocol when
recalculating ipv6 checksums").

Cc: Jarno Rajahalme <jrajahalme@nicira.com>
Fixes: 6d670e7f0d45 ("lib/odp: Masked set action execution and printing.")
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Acked-by: Ben Pfaff <blp@ovn.org>

util.h: Restore stdarg.h which is necessary for va_list

Fixes a regression in commit b44aaaaff8d826535025f4f8d12808c4ef36a7a8 .
("Misc cleanup with "util.h" header files")

Signed-off-by: YAMAMOTO Takashi <yamamoto@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

ofproto-dpif-xlate: Tidy up ct_mark xlate code.

Make the ct_mark netlink serialization more consistent with the way that
ct_label is serialized.

Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

ofproto-dpif-xlate: xlate ct_{mark, label} correctly.

When translating multiple ct actions in a row which include modification
of ct_mark or ct_labels, these fields could be incorrectly translated
into datapath actions, resulting in modification of these fields for
entries when the OpenFlow rules didn't actually specify the change.

For instance, the following OpenFlow actions:
ct(zone=1,commit,exec(set_field(1->ct_mark))),ct(zone=2,table=1),...

Would translate into the datapath actions:
ct(zone=1,commit,mark=1),ct(zone=2,mark=1),recirc(...),...

This commit fixes the issue by zeroing the wildcards for these fields
prior to performing nested actions translation (and restoring
afterwards). As such, these fields do not hold both the match and the
field modification values at the same time. As a result, the ct_mark and
ct_labels don't leak from one ct action to the next.

Fixes: 8e53fe8cf7a1 ("Add connection tracking mark support.")
Fixes: 9daf23484fb1 ("Add connection tracking label support.")
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

system-traffic: Add basic geneve tunnel sanity test.

Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>

system-traffic: Add basic gre tunnel sanity test.

Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>

system-traffic: Fix IPv6 frag vxlan check.

This was missed before somehow, which would cause the test to fail
(rather than being skipped) if iproute2 didn't support setting the
vxlan dstport on the kernel tunnel device.

Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>

debian: Fix treatment of upstream version that contains hyphens.

The Debian Policy Manual
(https://www.debian.org/doc/debian-policy/ch-controlfields.html#s-f-Version)
says that the upstream_version may contain only alphanumerics and the
characters . + - : ~ (full stop, plus, hyphen, colon, tilde) and should
start with a digit.

Currently, the upstream_version is defined in the debian/rules file:

DEB_UPSTREAM_VERSION=$(shell dpkg-parsechangelog | sed -rne 's,^Version: ([0-9]:)*([^-]+).*,\2,p')

The version number is taken from the dpkg-parsechangelog printout then the
first part of the version number which does not contain hyphen is filtered
out with sed. However the Debian Policy Manual says that hyphen is allowed
in the upstream_version.

This is not a problem with current vanilla OVS debian version. But, if a
postfix string including a hyphen is added to the upstream_version then
installation of datapath-dkms package will fail.

Reported-by: Zoltán Balogh <zoltan.balogh@ericsson.com>
Tested-by: Zoltán Balogh <zoltan.balogh@ericsson.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

AUTHORS: Add Antonio Fischetti.

Signed-off-by: Ben Pfaff <blp@ovn.org>

odp-util: Fix build warning on flags_mask.

Fix build warning: 'flags_mask' may be used uninitialized.

Signed-off-by: Antonio Fischetti <antonio.fischetti@intel.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

AUTHORS: Add JunoZhu <zhunatuzi@gmail.com>.

Signed-off-by: Ben Pfaff <blp@ovn.org>

ovn: Add column enabled to table Logical_Router

This patch add column "enabled" to table Logical_Router for
setting router administrative state.

The type of "enabled" is bool.

If the administrative state is false, delete all the flows
relevant to the logical router from table Logical_Flow.

Signed-off-by: Na Zhu <nazhu@cn.ibm.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

datapath-windows: Fixed buffer overflow in OvsInitVportWithNicParam

nicParam->PermanentMacAddress is 32 bytes and vport->permMacAddress is 6 bytes

Signed-off-by: Paul-Daniel Boca <pboca@cloudbasesolutions.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

cksum: Refine schema cksum validation

Calculates the cksum removing the cksum line using a more
strict regex than the used previously.
It fixes a problem when calculating the cksum of a schema that
has fields with the substring cksum (e.g.: a checksum column),
lines that the previous cksum calculation incorrectly removes
before running cksum.
Also, the tool calculate-schema-cksum is introduced. This tool
calculates the cksum of a schema file. It could be used in other
programs, instead of calculating the cksum in an eventually
different way than the expected by cksum-schema-check and other
tools.

Signed-off-by: Esteban Rodriguez Betancourt <estebarb@hpe.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

datapath-windows: Add braces to fix error C2275.

Add braces around the if statement to prevent Visual Studio from giving
the "error C2275: illegal use of this type as an expresion". This happens
when a variable is declared after a block. This error occurs on certain
versions of compilers.

Signed-off-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

lib: Fix error reporting in parse_sockaddr_components() for bad port.

Bad port number error is ignored in parse_sockaddr_components(),
if port number is invalid, it ouputs a error log and set port
to 0.

Signed-off-by: Huang Lei <lhuang8@ebay.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

FAQ: Add entry for OVS/DPDK version dependencies.

For a given release this is listed in the INSTALL.DPDK.md
but it gets asked quite a bit on the mailing list, so create
a table in the FAQ.

Signed-off-by: Kevin Traynor <kevin.traynor@intel.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>

ovn: Fix link in tutorial

Correct the link to the ovn-northd man page in the OVN tutorial.

Signed-off-by: Jamie Lennox <jamielennox@gmail.com>
[russell@ovn.org updated AUTHORS file]
Signed-off-by: Russell Bryant <russell@ovn.org>

datapath-windows: remove OvsAllocateForwardingContextForNBL

Dead code.

Signed-off-by: Nithin Raju <nithin@vmware.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

datapath-windows: Add ICMP types in NetProto.h

Update NetProto.h to include ICMP and ICMPv6 types. Update ICMP header to
keep it consistent with KVM. Add UDP and ICMP min length definitions.

Signed-off-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

datapath-windows: Refactor Conntrack Module in Hyper-V

Minor refactors around naming and reusability in lieu of adding support for other
protocols for tracking connections.

Signed-off-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ovn: Add more details to test output.

Adding more detail that helps find what went wrong.

Signed-off-by: RYAN D. MOATS <rmoats@us.ibm.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

netdev-linux: Fix ingress policing burst rate configuration via tc

The tc_police structure was filled with a value calculated in bits
instead of bytes while bytes were expected. This led the setting
of an x8 higher burst value.

Documentation and defaults have been corrected accordingly to minimize
nuisances on users sticking to the defaults.

The suggested burst value is now 80% of policing rate to make sure
TCP works correctly.

Signed-off-by: Miguel Angel Ajo <majopela@redhat.com>
Tested-by: Miguel Angel Ajo <majopela@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

datapath-windows: Removed always true condition in VXLAN

Instance ID flag must be set to 1 in case of valid VXLAN id

Signed-off-by: Paul-Daniel Boca <pboca@cloudbasesolutions.com>
Acked-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

datapath-windows: Removed double initialization on local variables

Signed-off-by: Paul-Daniel Boca <pboca@cloudbasesolutions.com>
Acked-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

datapath-windows: Avoid using uninitialized gOvsExtDriverHandle

Ensure gOvsExtDriverHandle is not used if initialization fails
Added PAGED_CODE() where needed

Signed-off-by: Paul-Daniel Boca <pboca@cloudbasesolutions.com>
Acked-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

tunneling: Fix for concomitant IPv4 and IPv6 tunnels

When using an IPv6 tunnel on the same bridge as an IPv4 tunnel, the flow
received from the IPv6 tunnel would have an IPv4 address added to it, causing
problems when trying to put or execute the action on Linux datapath.

Clearing the IPv6 address when we have a valid IPv4 address fixes this problem.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

checkpatch: Accept form feeds.

CodingStyle.md says:

"Use form feeds (control+L) to divide long source files into logical
pieces.  A form feed should appear as the only character on a line."

checkpatch.py currently complains about form feed. For example, on
commit 2c06d9a927c5("ovstest: Add test-netlink-conntrack command."),
checkpatch.py returns:

    W(140): Line has non-spaces leading whitespace
    W(140): Line has trailing whitespace
    +

    W(177): Line has non-spaces leading whitespace
    W(177): Line has trailing whitespace
    +

    W(199): Line has non-spaces leading whitespace
    W(199): Line has trailing whitespace
    +

This commit suppresses the two warnings for lines with form feeds as the
only character.

Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Ben Pfaff <blp@ovn.org>

ofp-errors: Introduce OF1.6 (proposed) error code for OFPBFC_BAD_VERSION.

ONF-JIRA: EXT-550
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>

Add skeleton for OF1.6 support.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>

vswitch.xml: OpenFlow 1.5 has been released.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>

classifier: Reorganize classifier.h

Group functions clearly to ones accessible by exclusive writers only
and ones accessible to RCU readers as well.

Signed-off-by: Jarno Rajahalme <jarno@ovn.org>

classifier: Fix race condition leading to NULL dereference.

Addition of table versioning exposed struct cls_rule member
'cls_match' to RCU readers and made it possible for 'cls_match' become
NULL while being accessed by an RCU reader, but we failed to check for
this condition. This may have resulted in NULL pointer dereference
and ovs-vswitchd crash.

Fix this by making the 'cls_match' member an RCU pointer and checking
the value whenever it potentially read by an RCU reader. In these
instances we use ovsrcu_get(), whereas functions accessible only by
the exclusive writers use ovsrcu_get_protected() and do not need to
check the result.

VMware-BZ: 1643642
Fixes: 2b7b1427 ("classifier: Support table versioning")
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>

ovn: Fix the port secuirty test failure by adding a sleep of 2 sec.

Added a sleep of 2 seconds before generating a test packet in ovn.at
so that ovn-northd reads the northbound db changes and updates the
southbound db.

Fixes: 7d9d86a ("ovn-northd: Handle IPv4 addresses with prefixes in lport port security")
Signed-off-by: Numan Siddique <nusiddiq@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

Update relevant artifacts to add support for DPDK 16.04.

Following changes are applied:
- INSTALL.DPDK.md: CONFIG_RTE_BUILD_COMBINE_LIBS step has been
   removed because it is no longer present in DPDK configuration
   (combined library is created by default),
- INSTALL.DPDK.md: VHost Cuse configuration is updated,
- netdev-dpdk.c: Link speed definition is changed in DPDK and
   netdev_dpdk_get_features is updated accordingly,
- netdev-dpdk.c: TSO and checksum offload has been disabled for
   vhostuser device.
- .travis/linux-build.sh: DPDK version is updated and legacy
   flags have been removed in configuration.

Signed-off-by: Michal Weglicki <michalx.weglicki@intel.com>
Signed-off-by: Panu Matilainen <pmatilai@redhat.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>

acinclude: Autodetect DPDK location when configuring OVS

When using DPDK datapath, the OVS configure script requires the DPDK
build directory passed on --with-dpdk. This can be avoided if DPDK
library, headers are in standard compiler search paths.

This patch fixes the problem by searching for DPDK libraries in standard
locations and configure OVS sources for dpdk datapath.

If the install location is manually specified in "--with-dpdk"
autodiscovery shall be skipped.

Signed-off-by: Bhanuprakash Bodireddy <bhanuprakash.bodireddy@intel.com>
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>

AUTHORS: Add Flavio Fernandes.

Flavio authored commit b3ecab7e5b18756524852eeaea547e040242b7f6.

Signed-off-by: Russell Bryant <russell@ovn.org>

ovn-tutorial: Update expected output from show commands

Highlighted requirement on how a fresh sandbox is expected
before doing each of the tutorial sections.

Also added some mentioning of the gdb flags available for
debugging ovn programs.

Signed-off-by: Flavio Fernandes <flavio@flaviof.com>
Signed-off-by: Russell Bryant <russell@ovn.org>

python: Update Python version checks.

Instead of checking the raw version, use the six.PY2 and six.PY3 helpers
to determine if Python 2 or Python 3 are in use.

In one case, the check was to determine if the Python version was >=
2.6. We now only support >= 2.7, so this check would always be true.

Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Acked-by: Miguel Angel Ajo <majopela@redhat.com>

manpages: Update documentation for ct_* masks.

These have been supported all along, but the documentation neglected to
mention the fact.

Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

ofproto-dpif-xlate: Generate bitmasks in set_field.

Previously, whenever a set_field() action was executed, the entire field
would become masked and the entire field replaced, regardless of the
mask specified in the set_field() action.

In most cases this is fine, although it may lead to more specific
wildcards than strictly necessary. However, in a particular case with
connection tracking actions it could lead to the wrong behaviour.

Unlike most OpenFlow fields, the ct_{mark,labels} fields are typically
unknown until the ct(...,recirc_table=N,...) action is executed however
the packet may actually belong to a connection which has a nonzero value
for one of these fields. This can lead to the wrong behaviour with flows
such as the following:

in_port=1,ip,actions=ct(commit,exec(set_field(0x1/0x1->ct_mark))),2
in_port=2,ip,actions=ct(commit,exec(set_field(0x2/0x2->ct_mark))),1

Connections flowing through these actions will always update the ct_mark
field stored within the conntrack table. However, rather than modifying
only the specified bits (0x1 in one direction, 0x2 in the other), the
entire ct_mark field will be replaced. Such connections will constantly
toggle the value of ct_mark between 0x1 and 0x2, rather than becoming
0x3 and keeping that value.

This commit fixes the issue by ensuring that set_field actions only
modify the modified bits in the wildcards, rather than masking the
entire field.

Fixes: 8e53fe8cf7a1 ("Add connection tracking mark support.")
Fixes: 9daf23484fb1 ("Add connection tracking label support.")
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

Move lib/ofp-print.h to include/openvswitch directory

Signed-off-by: Ben Warren <ben@skyportsystems.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

Move lib/ofp-prop.h to include/openvswitch directory

Signed-off-by: Ben Warren <ben@skyportsystems.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

Move lib/ofp-actions.h to include/openvswitch directory

Signed-off-by: Ben Warren <ben@skyportsystems.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ovn-controller: Dynamically reconnect if ovn-remote value changes.

Allows for auto detection and reconnect if the ovn-remote needs
to change. Ovn-controller test case updated to include testing
this code.

Signed-off-by: RYAN D. MOATS <rmoats@us.ibm.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ovn-northd: Handle IPv4 addresses with prefixes in lport port security

Initial implementation of port security, missed out this feature.

Reported-by: Na Zhu <nazhu@cn.ibm.com>
Reported-at: https://bugs.launchpad.net/networking-ovn/+bug/1564414
Signed-off-by: Numan Siddique <nusiddiq@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ovn-controller: Warn if system-id is missing.

If 'system-id' is missing from the Open_vSwitch database, ovn-controller
will not work. Log a warning if that happens to make it clear that
configuration is incomplete.

Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>
Acked-by: Ben Pfaff <blp@ovn.org>

datapath-windows: post event during vport delete

Got left out during the previous round of refactoring.

Signed-off-by: Nithin Raju <nithin@vmware.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

Move lib/ofp-msgs.h to include/openvswitch directory

Signed-off-by: Ben Warren <ben@skyportsystems.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

Move lib/ofp-util.h to include/openvswitch directory

This commit also adds several #include directives in source files in
order to make the 'ofp-util.h' move possible

Signed-off-by: Ben Warren <ben@skyportsystems.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

Move lib/type-props.h to include/openvswitch directory

Signed-off-by: Ben Warren <ben@skyportsystems.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

Move lib/meta-flow.h to include/openvswitch directory

This commit also moves some bitmap macros into public header files and
adds some #include directives in soure files in order to make the
'meta-flow.h' move possible.

Signed-off-by: Ben Warren <ben@skyportsystems.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

Move lib/match.h to include/openvswitch directory

Signed-off-by: Ben Warren <ben@skyportsystems.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

Break netdev.h into private and public parts

Public (struct definitions and some prototypes) go in
include/openvswitch

Signed-off-by: Ben Warren <ben@skyportsystems.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

Break uuid.h into private and public parts

Public (struct definitions and some prototypes) go in
include/openvswitch

Signed-off-by: Ben Warren <ben@skyportsystems.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

Break flow.h into private and public parts

Public (struct definitions and some prototypes) go in
include/openvswitch

Signed-off-by: Ben Warren <ben@skyportsystems.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

Break packets.h into private and public parts

Public (struct definitions and some prototypes) go in
include/openvswitch

Signed-off-by: Ben Warren <ben@skyportsystems.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

Misc cleanup with "util.h" header files

Removed redundant #includes and moved some macros to different file
scope

Signed-off-by: Ben Warren <ben@skyportsystems.com>
Acked-by: Ryan Moats <rmoats@us.ibm.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

datapath-windows: Add Connection Tracking Support

Enable support for Stateful Firewall in Hyper-V by adding a Connection
Tracking module. The module has been ported over from the userspace
implementation patch of a similar name.

The current version of the module supports ct - zone, mark and label for
TCP packets. Support for other packet formats will be added in subsequent
patches.

The conntrack-tcp module is adapted from FreeBSD's pf subsystem and hence
the BSD license. It has been ported over to match OVS Hyper-V coding
style.

Signed-off-by: Sairam Venugopal <vsairam@vmware.com>
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Co-Authored-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ofp-actions: Make ofpact_finish() harder to misuse.

It's pretty easy to forget to update the pointer to an ofpact when
finishing it. This commit forces the caller to pass a pointer-to-pointer
instead, and uses that to automatically update the pointer. There still
could be cases that retain other pointers into the ofpbuf, but I imagine
that this is harder to misuse.

Suggested-by: Joe Stringer <joe@ovn.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Joe Stringer <joe@ovn.org>

system-traffic: Use better names for OVS vxlan ports.

Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

datapath-windows: Apply minor fixes in GetNICAlias().

Signed-off-by: Nithin Raju <nithin@vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

datapath-windows: cleanup after NdisRegisterDeviceEx()

The error handling code seems to be wrong.

Signed-off-by: Nithin Raju <nithin@vmware.com>
Acked-by: Paul-Daniel Boca <pboca@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

build-windows: Update for msys

Building under msys2(https://msys2.github.io/) revealed a small bug while
defining the path separator.

Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ovn-controller: Introduce helpers for looking up datapaths.

The new helpers get_local_datapath() and get_patched_datapath() make code
a little shorter and easier to read. They also avoid a pitfall that was
present in at least a few of the instances: CONTAINER_OF is not safe on a
null pointer, because it does a raw pointer subtraction and will change
NULL to something else. This wasn't actually a problem in these particular
cases because the value it was subtracting was zero (although arguably it
is still undefined behavior because the compiler is allowed to assume that
a pointer on which arithmetic is performed is nonnull).

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Russell Bryant <russell@ovn.org>

physical: Add local vars to make physical_run() easier to understand.

'binding->datapath->tunnel_key' and 'binding->tunnel_key' were used
repeatedly and in my opinion having local variables for each of these
makes the code a little easier to understand.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Russell Bryant <russell@ovn.org>

ovsdb: Force columns that contain weak references to be immutable.

An immutable weak reference is a hole in the constraint system: if
referenced rows are deleted, then the weak reference needs to change.
Therefore, force columsn that contain weak references to be mutable.

Reported-by: "Elluru, Krishna Mohan" <elluru.kri.mohan@hpe.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>

ovn-controller: Add missing shash_destroy().

expr_symtab_destroy() destroys the contents of the symtab shash, but not
the shash itself. Add a missing shash_destroy() call in
lflow_destroy().

Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

ovs-save: Handle MTU changes correctly.

The following command on ubuntu 12.04, 14.04 and CentOS 7.x
returns null:
expr "mtu 1500" : '.*mtu $[0-9]+$'

But the following works correctly:
expr "mtu 1500" : '.*mtu $[0-9]\+$'

I am not sure about the portability implications as there
seems to be very sparse documentation about this but
this fixes a bug in 2 of the most popular distributions.

VMware-BZ: #1638654
Signed-off-by: Gurucharan Shetty <guru@ovn.org>

SECURITY.md: Increase embargo period from 3-5 to 10-15 business days.

When we recently ran a genuine vulnerability through this process, we
discovered that 3-5 days was far too short. The business processes behind
releasing fixed versions of software at companies that use Open vSwitch
cannot cope with such rapid turnaround, due e.g. to QA and other processes.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>
Acked-by: Flavio Leitner <fbl@redhat.com>

datapath-windows: Hot add CPU support.

Hot add CPU is the ability to dynamically add CPUs to a running
system. Adding CPUs can occur physically by adding new hardware,
logically by online hardware partitioning, or virtually through
a virtualization layer.

This patch add support to reallocate any per-cpu resources, in
case a new processor is added.

Signed-off-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-at: https://github.com/openvswitch/ovs-issues/issues/112
Acked-by: Paul-Daniel Boca <pboca@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

checkpatch: Don't enforce char limit on tests.

Although tests ideally also stick to shorter line lengths, it is very
common for fixed text blocks like flows or large packets to be specified
within tests. Checkpatch shouldn't complain about cases like these.

Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Russell Bryant <russell@ovn.org>
Tested-by: Aaron Conole <aconole@redhat.com>

dpif-netdev: Do not keep refcount for ports.

Only the main thread will delete ports after pausing every other
thread. There's no need to keep count.

Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Tested-by: Ilya Maximets <i.maximets@samsung.com>
Acked-by: Ilya Maximets <i.maximets@samsung.com>
Acked-by: Mark Kavanagh <mark.b.kavanagh@intel.com>

dpif-netdev: Remove useless dpif-dummy/delete-port appctl.

It is only used in the testsuite and it can be replaced by a dpctl
command.

Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Tested-by: Ilya Maximets <i.maximets@samsung.com>
Acked-by: Ilya Maximets <i.maximets@samsung.com>
Acked-by: Mark Kavanagh <mark.b.kavanagh@intel.com>

dpif-netdev: Keep count of elements in port->rxq[].

This will ease deleting a port with no open rxqs.

Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Tested-by: Ilya Maximets <i.maximets@samsung.com>
Acked-by: Ilya Maximets <i.maximets@samsung.com>
Acked-by: Mark Kavanagh <mark.b.kavanagh@intel.com>

dpif-netdev: Proper error handling in do_add_port().

This fixes multiple error path mistakes in do_add_port, none of which
has been a problem in practice so far. This change will make it easier
for a following commit to return in case of error.

Also, this removes an unneeded special case for tunnel ports.

Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Tested-by: Ilya Maximets <i.maximets@samsung.com>
Acked-by: Ilya Maximets <i.maximets@samsung.com>
Acked-by: Mark Kavanagh <mark.b.kavanagh@intel.com>

netdev-dpdk: Consistent variable naming.

In different functions we use different variable names ('netdev_', 'netdev',
'dev', 'vhost_dev', ...) for the same objects.

This commit changes the code to comply with the following convention:

'struct netdev':'netdev'
'struct netdev_dpdk':'dev'
'struct virtio_net':'virtio_dev'
'struct netdev_rxq':'rxq'
'struct netdev_rxq_dpdk':'rx'

Also, 'dev->up.' is replaced by 'netdev->', where 'netdev' was already
defined.

Suggested-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Tested-by: Ilya Maximets <i.maximets@samsung.com>
Acked-by: Ilya Maximets <i.maximets@samsung.com>
Acked-by: Mark Kavanagh <mark.b.kavanagh@intel.com>

system-traffic: Fix packet-in format for tests.

Since continuations were introduced, the system-traffic tests which use
OpenFlow monitors to check the results of datapath execution have been
failing, because the new PACKET_IN2 format is used rather than
PACKET_IN. Switch the expected output over to PACKET_IN2.

Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>

ovn-docker: Update overlay mode for new tcp ports.

There were changes made recently wherein 2 ovsdb-server is
started for northbound and southbound databases with tcp ports
6641 and 6642. This breaks Docker integration. This commit
fixes it.

Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Russell Bryant <russell@ovn.org>

dp-packet: Fix use of uninitialised value at emc_lookup.

Valgrind reports "Conditional jump or move depends on uninitialised value"
and "Use of uninitialised value" at case 2016 ovn -- 3 HVs, 1 LS, 3
lports/HV.  It is caused by 1) assigning an uninitialized value to 'key->hash'
at emc_processing(). Due to uninit rss_hash_valid, dp_packet_rss_valid() might
return true and undefined hash value is returned, and 2) at emc_lookup, the
'current_entry->key.hash' could be uninitialized due to dp_packet_clone().
The patch fixes the two and as a result, a couple of calls to
dp_packet_rss_invalidate() become redundant and thus are removed.

Call stacks:
- Connditional jump or move depends on uninitialised value(s)
    dpif_netdev_packet_get_rss_hash (dpif-netdev.c:3334)
    emc_processing (dpif-netdev.c:3455)
    dp_netdev_input__ (dpif-netdev.c:3639)
and,
- Use of uninitialised value of size 8
    emc_lookup (dpif-netdev.c:1785)
    emc_processing (dpif-netdev.c:3457)
    dp_netdev_input__ (dpif-netdev.c:3639)

Signed-off-by: William Tu <u9012063@gmail.com>
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>

ovs-dpctl: Document conntrack "zone" arguments in help output.

Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Russell Bryant <russell@ovn.org>

dpctl.man: Fix bolding for flush-conntrack command.

Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Russell Bryant <russell@ovn.org>

ovn-northd: Limit line length to under 80 columns.

Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Russell Bryant <russell@ovn.org>

dpif-netdev: report numa node number on pmd thread create failure

Since PMD threads are placed on the NUMA node of the port regardless
of a possible pmd-cpu-mask setting, this can lead to a somewhat
confusing "out of unpinned cores" message - there might be plenty
of available cores in the mask but they cannot be used if the port
is on different NUMA node than the cores. Report the NUMA node
number to help diagnosing the issue.

Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1295952
Signed-off-by: Panu Matilainen <pmatilai@redhat.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>

valgrind: Fix memory leak at expr_error.

Reported by test case 2015: ovn -- action parsing.
    xvasprintf (util.c:164)
    expr_error (expr.c:489)
    expr_parse_field (expr.c:2910)
    action_parse_field (actions.c:287)

Signed-off-by: William Tu <u9012063@gmail.com>
Signed-off-by: Justin Pettit <jpettit@ovn.org>

ovn: Update ACL flow docs.

Apply some minor updates to the description of flows related to ACLs.

Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-by: Han Zhou <zhouhan@gmail.com>
Acked-by: Ben Pfaff <blp@ovn.org>

ovn-northd: Fix peering of routers.

1. Currently, the ovn-nb man page says that the 'peer'
in a logical_router_port table should point to the name
of the peer's logical router port. But the schema had declared
this column as a uuid. This looks not to be the intention as peers
for logical switches connected to routers is a name (and not a uuid).
So this patch changes the schema to be name.

2. In the southbound database, in the port_binding table, for a
logical_router_port, the peer was pointing back to itself. This
was causing ovn-controller to create patch ports where the peer
was wrongly pointing back to the source itself. This clearly looks
to be an error. So this patch fixes the peer in southbound database
to correclty point to the real peer.

3. ovn-northd.c currently skips generating logical flows to transfer
packets between two peers with comment about needing 'ARP for
neighboring routers'. It looked to me that since the router peer
is a logical object that has to be created in OVN-NB database, we
always need to statically assign the mac address. So this patch
picks the mac address from the database.

Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>

ovn: Fix bug in ovn-ctl argument order

Commit 31491a53116a6c2fcd19f888f5f7ce71e0ccdd51 got the port and
address order backwards. Restore it to keep ovsdb-server happy.

Fixes: 31491a53116a ("ovn-ctl: Rationalize arguments.")
Signed-off-by: RYAN D. MOATS <rmoats@us.ibm.com>
Signed-off-by: Russell Bryant <russell@ovn.org>

ovsdb: Use previous snapshot size as an additional factor for compaction.

Until now, the minimum database size before automatically compacting has
been 10 MB, regardless of the inherent size of the data in the database.
A couple of people have pointed out that this won't scale well to larger
databases. This commit changes this criterion to 4 times the previously
compacted size of the database, with 10 MB as a minimum.

The 4x factor is suggested by Diego Ongaro's thesis, "Consensus: Bridging
Theory and Practice", section 5.1.2 "When to snapshot".

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>

util: Remove va_copy() implementation.

This was here to help out older compilers that do not include va_copy(),
which was new in C99. All the compilers we care about these days (GCC,
Clang, MSVC) do support va_copy(), so remove it.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Russell Bryant <russell@ovn.org>

datapath-windows: Update flow lookup to support RecircId and DpHash

Update the OvsLookupFlow to include RecircId and DpHash in its flow
comparison. Revert the keyLen related changes until they are aligned
appropriately.

Signed-off-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

datapath-windows: Update Recirculation to use portId instead of portNo

Fix OvsDoRecirc to use the right PortId when there is a flow miss. This is
used to determine if a packet is received or transmitted by comparing
against the virtualExternalPortId.

Signed-off-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ovs-router: Fix memory leak at ovs_router_insert__.

Reported by Valgrind, testcase: ovn-controller-vtep - test vtep-lswitch.
    ovs_router_insert__ (ovs-router.c:185)
    route_table_handle_msg (route-table.c:299)
    route_table_reset (route-table.c:186)
    route_table_init (route-table.c:113)

Signed-off-by: William Tu <u9012063@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

checkpatch: Fix Python style violation.

I introduced this when updating the script before commit. My fault, sorry.

Fixes: c599d5ccf31 (checkpatch.py: A simple script for finding patch issues)
Signed-off-by: Ben Pfaff <blp@ovn.org>

ovs-vswitchd: Call flow_extract() for resumed packet in nxt_resume().

When the packet-in is resumed by vswitchd, it is not setting the
'dp_packet' offsets, because of which it is crashing while executing
the actions.

Signed-off-by: Numan Siddique <nusiddiq@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>