cascardo/ovs.git
7 years agoovn-util: Remove 'store_ipv6' argument from extract_lsp_addresses().
Justin Pettit [Fri, 3 Jun 2016 05:37:31 +0000 (22:37 -0700)]
ovn-util: Remove 'store_ipv6' argument from extract_lsp_addresses().

With the addition of IPv6 routing, there won't be much need to
special-case not parsing IPv6 addresses.

Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
7 years agoovn-util: Add string representations to 'lport_addresses'.
Justin Pettit [Fri, 3 Jun 2016 04:44:38 +0000 (21:44 -0700)]
ovn-util: Add string representations to 'lport_addresses'.

A future commit will reduce the amount of conversions used by the
existing users of 'lport_addresses'.  This change will also make it
possible to use this structure for logical router port networks.

Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
7 years agoovn-northd: Use strings for IP addresses in router instances of "ovn_port".
Justin Pettit [Mon, 26 Oct 2015 03:35:58 +0000 (20:35 -0700)]
ovn-northd: Use strings for IP addresses in router instances of "ovn_port".

Reduce the amount of string conversions necessary.  This will be
convenient when we want to start using IPv6 addresses, too.

Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
7 years agoovn-northd: Use dynamic strings when building router and switch flows.
Justin Pettit [Fri, 8 Jul 2016 23:25:08 +0000 (16:25 -0700)]
ovn-northd: Use dynamic strings when building router and switch flows.

Reduce the number of memory allocations and risk of introducing shadow
variables.

Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
7 years agoovn: Remove 'default_gw' from logical router table.
Justin Pettit [Tue, 17 May 2016 13:02:53 +0000 (06:02 -0700)]
ovn: Remove 'default_gw' from logical router table.

With static routes, it's not necessary to have a separate default
gateway parameter.  This also makes configuring router ports clearer
when IPv6 and IPv4 addresses may be assigned to the same port.

Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
7 years agoovn: Add xxreg[01] symbols.
Justin Pettit [Tue, 12 Jul 2016 01:25:24 +0000 (18:25 -0700)]
ovn: Add xxreg[01] symbols.

Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
7 years agoovn: Renumber logical field registers to the newly extended registers.
Justin Pettit [Fri, 24 Jun 2016 03:39:18 +0000 (20:39 -0700)]
ovn: Renumber logical field registers to the newly extended registers.

IPv6 addresses use four standard OVS registers, so move the existing
named registers back to make room for using more logical registers.

Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
7 years agoIntroduce 128-bit xxregs.
Justin Pettit [Sat, 31 Oct 2015 11:45:28 +0000 (04:45 -0700)]
Introduce 128-bit xxregs.

These are needed to handle IPv6 addresses.

Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
7 years agoIncrease number of registers to 16.
Justin Pettit [Fri, 24 Jun 2016 00:54:26 +0000 (17:54 -0700)]
Increase number of registers to 16.

With eight 32-bit registers, we can only store two IPv6 addresses, which is
pretty tight.

Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
7 years agoovn-northd: Fix comments about the flows.
Justin Pettit [Tue, 12 Jul 2016 06:21:29 +0000 (23:21 -0700)]
ovn-northd: Fix comments about the flows.

References to the specifc tables should probably be dropped, since
they'll continue to drift towards wrong.  In the meantime, correct the
ones that are there.

Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
7 years agoovn-controller: Log OpenFlow errors at "info" level.
Justin Pettit [Tue, 21 Jun 2016 21:06:29 +0000 (14:06 -0700)]
ovn-controller: Log OpenFlow errors at "info" level.

Otherwise, errors are logged at "debug" level.  Errors when pushing
flows can then seemingly be silently lost.

Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
7 years agoofctrl: Fix non-sensical comment.
Justin Pettit [Sun, 3 Jul 2016 12:30:06 +0000 (05:30 -0700)]
ofctrl: Fix non-sensical comment.

Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
7 years agoovs-bugtool: Port to python3.
Joe Stringer [Fri, 24 Jun 2016 21:15:21 +0000 (14:15 -0700)]
ovs-bugtool: Port to python3.

Fix python2-specific code in ovs-bugtool:
* python2 long() is the same as python2 int() and python3 int(). Convert
  the long() to int().
* raw_input() was renamed to input(). Use python-six's input() on python2.
* Drop lambda tuple unpacking, we can go back to regular lambda syntax.
* file() can be replaced with open().

Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
7 years agosystem-traffic: Use NC_EOF_OPT in truncate tests.
Joe Stringer [Mon, 11 Jul 2016 17:29:18 +0000 (10:29 -0700)]
system-traffic: Use NC_EOF_OPT in truncate tests.

NC_EOF_OPT should always be passed to netcat in system-traffic tests
when invoking netcat to send a single packet that does not expect a
response. While on typical fedora/RH based distributions the default
behaviour is to send the packet then return, there are multiple other
implementations of netcat that do not do this (for example, those used
by Debian and Ubuntu by default). For these alternative implementations,
we provide $NC_EOF_OPT to ensure that netcat simply sends the packet
then returns immediately.

Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Andy Zhou <azhou@ovn.org>
7 years agodatapath: Fix ip tunnel compilation for newer kernel.
Pravin B Shelar [Mon, 11 Jul 2016 20:06:10 +0000 (13:06 -0700)]
datapath: Fix ip tunnel compilation for newer kernel.

compat iptunnel_xmit is used in backported tunnel code. but
it was only defined for kernel older than 3.18, This patch fixes
it by compiling it for all kernel which needs to use backported
tunnel implementation.

Reported-by: Justin Pettit <jpettit@ovn.org>
Reported-by: Joe Stringer <joe@ovn.org>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
7 years agodatapath-windows: remove unused 'ovsUserTimestampDelta'
Nithin Raju [Sat, 9 Jul 2016 00:45:40 +0000 (17:45 -0700)]
datapath-windows: remove unused 'ovsUserTimestampDelta'

Signed-off-by: Nithin Raju <nithin@vmware.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
7 years agoovn-controller: Change strategy for gateway conntrack zone allocation.
Gurucharan Shetty [Fri, 8 Jul 2016 07:15:49 +0000 (00:15 -0700)]
ovn-controller: Change strategy for gateway conntrack zone allocation.

Commit 263064aeaa31e7 (Convert binding_run to incremental processing.)
changed the way patched_datapaths were handled. Previously we would
destroy the datastructure in every run and re-create it fresh. The new
way causes problems with the way conntrack zones are allocated as now
we can have stale port_binding entries causing segmentation faults.

With this commit, we simply don't depend on port_binding records in
conntrack zone allocation and instead store the UUID as a string in
the patch_datapath datastructure.

(The test enhanced with this commit would fail without the changes
in the commit. i.e. ovn-controller would crash. )

Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>
7 years agoovn: Remove unreferenced patched datapaths.
Darrell Ball [Fri, 8 Jul 2016 02:26:06 +0000 (19:26 -0700)]
ovn: Remove unreferenced patched datapaths.

Patched datapaths that are no longer referenced should be removed from
the patched_datapaths map; otherwise incorrect state references for a
patched datapath may be used and also datapaths that are absent will be
interpreted as present.

Signed-off-by: Darrell Ball <dlu998@gmail.com>
Acked-by: Ryan Moats <rmoats@us.ibm.com>
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
7 years agodatapath: backport: iptunnel: make rx/tx bytes counters consistent
Pravin B Shelar [Fri, 8 Jul 2016 23:37:34 +0000 (16:37 -0700)]
datapath: backport: iptunnel: make rx/tx bytes counters consistent

Upstream commit:
commit bc22a0e2ea03b75b51a1f722f93821744b5b5ff1
Author: Nicolas Dichtel <nicolas.dichtel@6wind.com>

    iptunnel: make rx/tx bytes counters consistent

    This was already done a long time ago in
    commit 64194c31a0b6 ("inet: Make tunnel RX/TX byte counters more consistent")
    but tx path was broken (at least since 3.10).

    Before the patch the gre header was included on tx.

    After the patch:
    $ ping -c1 192.168.0.121 ; ip -s l ls dev gre1
    PING 192.168.0.121 (192.168.0.121) 56(84) bytes of data.
    64 bytes from 192.168.0.121: icmp_req=1 ttl=64 time=2.95 ms

    --- 192.168.0.121 ping statistics ---
    1 packets transmitted, 1 received, 0% packet loss, time 0ms
    rtt min/avg/max/mdev = 2.955/2.955/2.955/0.000 ms
    7: gre1@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default
        link/gre 10.16.0.249 peer 10.16.0.121
        RX: bytes  packets  errors  dropped overrun mcast
        84         1        0       0       0       0
        TX: bytes  packets  errors  dropped carrier collsns
        84         1        0       0       0       0

Reported-by: Julien Meunier <julien.meunier@6wind.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
7 years agodatapath: backport: ovs/vxlan: fix rtnl notifications on iface deletion
Pravin B Shelar [Fri, 8 Jul 2016 23:37:30 +0000 (16:37 -0700)]
datapath: backport: ovs/vxlan: fix rtnl notifications on iface deletion

At this point OVS tunneling is insync with upstream net
branch (commit 9a0fee2b552b1).

upstream commit:
    commit cf5da330bbdd0c06b05c525a3d1d58ccd82c87a6
    Author: Nicolas Dichtel <nicolas.dichtel@6wind.com>

    ovs/vxlan: fix rtnl notifications on iface deletion

    The function vxlan_dev_create() (only used by ovs) never calls
    rtnl_configure_link(). The consequence is that dev->rtnl_link_stat is
    never set to RTNL_LINK_INITIALIZED.
    During the deletion phase, the function rollback_registered_many() sends
    a RTM_DELLINK only if dev->rtnl_link_state is set to RTNL_LINK_INITIALIZED.

    Note that the function vxlan_dev_create() is moved after the rtnl stuff so
    that vxlan_dellink() can be called in this function.

    Fixes: dcc38c033b32 ("openvswitch: Re-add CONFIG_OPENVSWITCH_VXLAN")
CC: Thomas Graf <tgraf@suug.ch>
CC: Pravin B Shelar <pshelar@ovn.org>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
7 years agodatapath: backport: ovs/geneve: fix rtnl notifications on iface deletion
Pravin B Shelar [Fri, 8 Jul 2016 23:37:27 +0000 (16:37 -0700)]
datapath: backport: ovs/geneve: fix rtnl notifications on iface deletion

Upstream Commit:
    commit 41009481b690493c169ce85f591b9d32c6fd9422
    Author: Nicolas Dichtel <nicolas.dichtel@6wind.com>

    ovs/geneve: fix rtnl notifications on iface deletion

    The function geneve_dev_create_fb() (only used by ovs) never calls
    rtnl_configure_link(). The consequence is that dev->rtnl_link_state is
    never set to RTNL_LINK_INITIALIZED.
    During the deletion phase, the function rollback_registered_many() sends
    a RTM_DELLINK only if dev->rtnl_link_state is set to RTNL_LINK_INITIALIZED.

    Fixes: e305ac6cf5a1 ("geneve: Add support to collect tunnel metadata.")
CC: Pravin B Shelar <pshelar@ovn.org>
CC: Jesse Gross <jesse@ovn.org>
CC: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
7 years agodatapath: backport: ovs/gre,geneve: fix error path when creating an iface
Pravin B Shelar [Fri, 8 Jul 2016 23:37:23 +0000 (16:37 -0700)]
datapath: backport: ovs/gre,geneve: fix error path when creating an iface

Upstream commit:
    commit 106da663ff495e0aea3ac15b8317aa410754fcac
    Author: Nicolas Dichtel <nicolas.dichtel@6wind.com>

    ovs/gre,geneve: fix error path when creating an iface

    After ipgre_newlink()/geneve_configure() call, the netdev is registered.

    Fixes: 7e059158d57b ("vxlan, gre, geneve: Set a large MTU on ovs-created tunnel devices")
CC: David Wragg <david@weave.works>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
7 years agodatapath: backport: geneve: fix tx_errors statistics
Pravin B Shelar [Fri, 8 Jul 2016 23:36:17 +0000 (16:36 -0700)]
datapath: backport: geneve: fix tx_errors statistics

Upstream commit:
    commit efeb2267bba8aa893afdadfc9bae4790777c600c
    Author: Haishuang Yan <yanhaishuang@cmss.chinamobile.com>

    geneve: fix tx_errors statistics

    Tx errors present summation of errors encountered while transmitting
    packets.

Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
7 years agodatapath: backport: udp: prevent skbs lingering in tunnel socket queues
Pravin B Shelar [Fri, 8 Jul 2016 23:36:14 +0000 (16:36 -0700)]
datapath: backport: udp: prevent skbs lingering in tunnel socket queues

Upstream commit:
    commit e5aed006be918af163eb397e45aa5ea6cefd5e01
    Author: Hannes Frederic Sowa <hannes@stressinduktion.org>

    udp: prevent skbs lingering in tunnel socket queues

    In case we find a socket with encapsulation enabled we should call
    the encap_recv function even if just a udp header without payload is
    available. The callbacks are responsible for correctly verifying and
    dropping the packets.

    Also, in case the header validation fails for geneve and vxlan we
    shouldn't put the skb back into the socket queue, no one will pick
    them up there.  Instead we can simply discard them in the respective
    encap_recv functions.

Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
7 years agodatapath: backport: udp_offload: Set encapsulation before inner completes.
Pravin B Shelar [Fri, 8 Jul 2016 23:36:11 +0000 (16:36 -0700)]
datapath: backport: udp_offload: Set encapsulation before inner completes.

Upstream commit:
    commit 229740c63169462a838a8b8e16391ed000934631
    Author: Jarno Rajahalme <jarno@ovn.org>

    udp_offload: Set encapsulation before inner completes.

    UDP tunnel segmentation code relies on the inner offsets being set for
    an UDP tunnel GSO packet, but the inner *_complete() functions will
    set the inner offsets only if 'encapsulation' is set before calling
    them.  Currently, udp_gro_complete() sets 'encapsulation' only after
    the inner *_complete() functions are done.  This causes the inner
    offsets having invalid values after udp_gro_complete() returns, which
    in turn will make it impossible to properly segment the packet in case
    it needs to be forwarded, which would be visible to the user either as
    invalid packets being sent or as packet loss.

    This patch fixes this by setting skb's 'encapsulation' in
    udp_gro_complete() before calling into the inner complete functions,
    and by making each possible UDP tunnel gro_complete() callback set the
    inner_mac_header to the beginning of the tunnel payload.

Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Reviewed-by: Alexander Duyck <aduyck@mirantis.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
7 years agodatapath: backport: geneve: add IPv6 bits to geneve_fill_metadata_dst
Pravin B Shelar [Fri, 8 Jul 2016 23:36:08 +0000 (16:36 -0700)]
datapath: backport: geneve: add IPv6 bits to geneve_fill_metadata_dst

Upstream commit:
    commit b8812fa88371ae567c907448d9a7ba62d09b90c9
    Author: John W. Linville <linville@tuxdriver.com>

    geneve: add IPv6 bits to geneve_fill_metadata_dst

Signed-off-by: John W. Linville <linville@tuxdriver.com>
Reviewed-by: Jesse Gross <jesse@ovn.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
7 years agodatapath: compat: get rid of OVS_CB inner header offsets.
Pravin B Shelar [Sat, 9 Jul 2016 01:25:55 +0000 (18:25 -0700)]
datapath: compat: get rid of OVS_CB inner header offsets.

OVS has GSO compat functionality which needs inner offset
of the packet to segment a packet. older kernel did not
include these offsets in skb, therefore these were stored
in OVS_GSO_CB. Now OVS has dropped support for these
old kernel, So none of the supported kernel needs this
comapt code. Following patch removes it.

Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
7 years agodatapath: backport: openvswitch: correct encoding of set tunnel action attributes
Pravin B Shelar [Fri, 8 Jul 2016 23:24:29 +0000 (16:24 -0700)]
datapath: backport: openvswitch: correct encoding of set tunnel action attributes

upstream commit:
    commit e905eabc90a5b787d8708df164543ee295bea5f2
    Author: Simon Horman <simon.horman@netronome.com>

    openvswitch: correct encoding of set tunnel action attributes

    In a set action tunnel attributes should be encoded in a
    nested action.

    I noticed this because ovs-dpctl was reporting an error
    when dumping flows due to the incorrect encoding of tunnel attributes
    in a set action.

    Fixes: fc4099f17240 ("openvswitch: Fix egress tunnel info.")
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
7 years agodatapath: compat: Use dst-cache for Geneve and VxLAN tunnels.
Pravin B Shelar [Fri, 8 Jul 2016 23:24:24 +0000 (16:24 -0700)]
datapath: compat: Use dst-cache for Geneve and VxLAN tunnels.

It partialy backport commit:
    commit d71785ffc7e7cae3fbdc4ea8a9d05b7a1c59f7b8
    Author: Paolo Abeni <pabeni@redhat.com>

    net: add dst_cache to ovs vxlan lwtunnel

    In case of UDP traffic with datagram length
    below MTU this give about 2% performance increase
    when tunneling over ipv4 and about 60% when tunneling
    over ipv6

Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Suggested-and-acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bug fix commit db3c6139e6e ("bpf, vxlan, geneve, gre: fix usage of
dst_cache on xmit"). is also included. Geneve changes
were added in 468dfffcd762cbb2777ec5a76bc21e3748ebf47e ("geneve: add
dst caching support")

Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
7 years agodatapath: Add support for IPv6 tunnels.
Pravin B Shelar [Fri, 8 Jul 2016 23:24:19 +0000 (16:24 -0700)]
datapath: Add support for IPv6 tunnels.

Mostly backports upstream commit along with other pieces
to make IPv6 tunneling work.

    commit 6b26ba3a7d952e611dcde1f3f77ce63bcc70540a
    Author: Jiri Benc <jbenc@redhat.com>

    openvswitch: netlink attributes for IPv6 tunneling

    Add netlink attributes for IPv6 tunnel addresses. This enables IPv6 support
    for tunnels.

Signed-off-by: Jiri Benc <jbenc@redhat.com>
Acked-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
7 years agodatapath: compat: Update Geneve and VxLAN modules.
Pravin B Shelar [Fri, 8 Jul 2016 23:24:02 +0000 (16:24 -0700)]
datapath: compat: Update Geneve and VxLAN modules.

This patch brings in various updates to upstream Geneve and VxLAN
modules. For geneve this patch adds IPv6 support, for vxlan it adds
VXLAN GPE is the major feature.
This should make OVS compat tunnel implementation in sync upto
current net branch.

Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
7 years agodatapath: compat: Add support for IPv6 UDP tunnel segmentation.
Pravin B Shelar [Sat, 9 Jul 2016 01:18:39 +0000 (18:18 -0700)]
datapath: compat: Add support for IPv6 UDP tunnel segmentation.

Next patch adds support for IPV6 Geneve and VXLAN, But support for UDP
segmentation is available on all supported kernel.
Following patch adds support for UDP tunnels over IPv6 for such kernels.

Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
7 years agodatapath: compat: Prepare tnl-segmentation for ipv6.
Pravin B Shelar [Fri, 8 Jul 2016 04:52:34 +0000 (21:52 -0700)]
datapath: compat: Prepare tnl-segmentation for ipv6.

Current tnl_skb_gso_segment() is written for ipv4 tunnels. Following
patch make it generic so that it can also handle ipv6 tunnels.

Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
7 years agodatapath: backport: ip_tunnel: Move stats update to iptunnel_xmit()
Pravin B Shelar [Fri, 8 Jul 2016 04:52:29 +0000 (21:52 -0700)]
datapath: backport: ip_tunnel: Move stats update to iptunnel_xmit()

Upstream commit:
    commit 039f50629b7f860f36644ed1f34b27da9aa62f43
    Author: Pravin B Shelar <pshelar@ovn.org>

    ip_tunnel: Move stats update to iptunnel_xmit()

    By moving stats update into iptunnel_xmit(), we can simplify
    iptunnel_xmit() usage. With this change there is no need to
    call another function (iptunnel_xmit_stats()) to update stats
    in tunnel xmit code path.

Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
7 years agodatapath: backport: udp: Add socket based GRO and config
Pravin B Shelar [Fri, 8 Jul 2016 04:52:24 +0000 (21:52 -0700)]
datapath: backport: udp: Add socket based GRO and config

Upstream commit:
    commit 38fd2af24fcfda93f9fea3e53f26e48775ae9e09
    Author: Tom Herbert <tom@herbertland.com>

    udp: Add socket based GRO and config

    Add gro_receive and  gro_complete to struct udp_tunnel_sock_cfg.

Signed-off-by: Tom Herbert <tom@herbertland.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
7 years agodatapath: compat: Update IPv6 in setup_udp_tunnel_sock()
Pravin B Shelar [Fri, 8 Jul 2016 04:52:20 +0000 (21:52 -0700)]
datapath: compat: Update IPv6 in setup_udp_tunnel_sock()

Update setup_udp_tunnel_sock() to handle ipv6 sockets.

Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
7 years agodatapath: compat: Update udp_sock_create
Pravin B Shelar [Fri, 8 Jul 2016 04:51:17 +0000 (21:51 -0700)]
datapath: compat: Update udp_sock_create

Update udp-socket-create to create ipv6 socket currectly.

Partially backports commit fd384412e199b ("udp_tunnel: Seperate ipv6
functions into its own file.")

Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
7 years agodatapath: compat: rename HAVE_METADATA_DST to USE_UPSTREAM_TUNNEL
Pravin B Shelar [Fri, 8 Jul 2016 04:49:20 +0000 (21:49 -0700)]
datapath: compat: rename HAVE_METADATA_DST to USE_UPSTREAM_TUNNEL

To better represent the meaning of symbol.

Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
7 years agodatapath: backport: ip_tunnel: add support for setting flow label via collect metadata
Pravin B Shelar [Fri, 8 Jul 2016 04:49:10 +0000 (21:49 -0700)]
datapath: backport: ip_tunnel: add support for setting flow label via collect metadata

Update udp_tunnel6_xmit_skb(). Specificaly changes are
related to setting ipv6 label.

Upstream commit:
    commit 134611446dc657e1bbc73ca0e4e6b599df687db0
    Author: Daniel Borkmann <daniel@iogearbox.net>

    ip_tunnel: add support for setting flow label via collect metadata

    This patch extends udp_tunnel6_xmit_skb() to pass in the IPv6 flow label
    from call sites. Currently, there's no such option and it's always set to
    zero when writing ip6_flow_hdr(). Add a label member to ip_tunnel_key, so
    that flow-based tunnels via collect metadata frontends can make use of it.
    vxlan and geneve will be converted to add flow label support separately.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
7 years agodatapath: compat: Remove unnecessary iptunnel_xmit() declaration.
Pravin B Shelar [Fri, 8 Jul 2016 04:49:07 +0000 (21:49 -0700)]
datapath: compat: Remove unnecessary iptunnel_xmit() declaration.

Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
7 years agodatapath: backport: tunnel: introduce ipv6_tun_rx_dst()
Pravin B Shelar [Fri, 8 Jul 2016 04:49:02 +0000 (21:49 -0700)]
datapath: backport: tunnel: introduce ipv6_tun_rx_dst()

Update ovs_udp_tun_rx_dst() to handle ipv6 tunnels.

This commit partially backports c29a70d2c ("tunnel: introduce udp_tun_rx_dst()")

Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
7 years agodatapath: backport: ip_tunnel_core: iptunnel_handle_offloads returns int and doesn...
Pravin B Shelar [Fri, 8 Jul 2016 04:48:57 +0000 (21:48 -0700)]
datapath: backport: ip_tunnel_core: iptunnel_handle_offloads returns int and doesn't free skb

There is return type change in upstream handle-offload functions.
Following patch brings these changes in.
This is backport of aed069df ("ip_tunnel_core:
iptunnel_handle_offloads returns int and doesn't free skb")
I have also removed duplicate definitions of tunnel_handle_offloads()
from ip-tunnel header.

Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
7 years agodatapath: backport: net: add dst_cache support
Pravin B Shelar [Fri, 8 Jul 2016 04:46:19 +0000 (21:46 -0700)]
datapath: backport: net: add dst_cache support

This backports dst-cache implementation from upstream implementation.

    commit 911362c70df5b766c243dc297fadeaced786ffd8
    Author: Paolo Abeni <pabeni@redhat.com>

    net: add dst_cache support
    This patch add a generic, lockless dst cache implementation.
    The need for lock is avoided updating the dst cache fields
    only in per cpu scope, and requiring that the cache manipulation
    functions are invoked with the local bh disabled.

    The refresh_ts and reset_ts fields are used to ensure the cache
    consistency in case of cuncurrent cache update (dst_cache_set*) and
    reset operation (dst_cache_reset).

    Consider the following scenario:

    CPU1:                                       CPU2:
      <cache lookup with emtpy cache: it fails>
      <get dst via uncached route lookup>
                                                <related configuration changes>
                                                dst_cache_reset()
      dst_cache_set()

    The dst entry set passed to dst_cache_set() should not be used
    for later dst cache lookup, because it's obtained using old
    configuration values.

    Since the refresh_ts is updated only on dst_cache lookup, the
    cached value in the above scenario will be discarded on the next
    lookup.

Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Suggested-and-acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
7 years agodatapath: backport: tunnels: Remove encapsulation offloads on decap.
Pravin B Shelar [Fri, 8 Jul 2016 04:46:11 +0000 (21:46 -0700)]
datapath: backport: tunnels: Remove encapsulation offloads on decap.

Following patch backports updated iptunnel pull function.
Also brings in following upstream fix:

    commit a09a4c8dd1ec7f830e1fb9e59eb72bddc965d168
    Author: Jesse Gross <jesse@kernel.org>

    tunnels: Remove encapsulation offloads on decap.

    If a packet is either locally encapsulated or processed through GRO
    it is marked with the offloads that it requires. However, when it is
    decapsulated these tunnel offload indications are not removed. This
    means that if we receive an encapsulated TCP packet, aggregate it with
    GRO, decapsulate, and retransmit the resulting frame on a NIC that does
    not support encapsulation, we won't be able to take advantage of hardware
    offloads even though it is just a simple TCP packet at this point.

    This fixes the problem by stripping off encapsulation offload indications
    when packets are decapsulated.

    The performance impacts of this bug are significant. In a test where a
    Geneve encapsulated TCP stream is sent to a hypervisor, GRO'ed, decapsulated,
    and bridged to a VM performance is improved by 60% (5Gbps->8Gbps) as a
    result of avoiding unnecessary segmentation at the VM tap interface.

Reported-by: Ramu Ramamurthy <sramamur@linux.vnet.ibm.com>
    Fixes: 68c33163 ("v4 GRE: Add TCP segmentation offload for GRE")
Signed-off-by: Jesse Gross <jesse@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
7 years agodatapath: backport: iptunnel: scrub packet in iptunnel_pull_header
Pravin B Shelar [Fri, 8 Jul 2016 04:46:01 +0000 (21:46 -0700)]
datapath: backport: iptunnel: scrub packet in iptunnel_pull_header

Upstream Commit:
    commit 7f290c94352e59b1d720055fce760a69a63bd0a1
    Author: Jiri Benc <jbenc@redhat.com>

    iptunnel: scrub packet in iptunnel_pull_header

    Part of skb_scrub_packet was open coded in iptunnel_pull_header. Let it call
    skb_scrub_packet directly instead.

Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
7 years agodatapath: compat: Refactor egress tunnel info
Pravin B Shelar [Fri, 8 Jul 2016 02:35:33 +0000 (19:35 -0700)]
datapath: compat: Refactor egress tunnel info

upstream tunnel egress info is retrieved using ndo_fill_metadata_dst.
Since we do not have it on older kernel we need to keep vport operation
to do same on these kernels.
Following patch try to merge these to operations into one to avoid code
duplication.
This commit backports fc4099f1 ("openvswitch:
Fix egress tunnel info.")

Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
7 years agodpif-netdev: Remove PMD latency on seq_mutex
Flavio Leitner [Tue, 5 Jul 2016 13:33:38 +0000 (10:33 -0300)]
dpif-netdev: Remove PMD latency on seq_mutex

The PMD thread needs to keep processing RX queues in order
to achieve maximum throughput. It also needs to sweep emc
cache and quiesce which use seq_mutex. That mutex can
eventually block the PMD thread causing latency spikes and
affecting the throughput.

Since there is no requirement for running those tasks at a
specific time, this patch extend seq API to allow tentative
locking instead.

Reported-by: Karl Rister <krister@redhat.com>
Co-authored-by: Karl Rister <krister@redhat.com>
Signed-off-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
7 years agonetdev-dummy: Add n_txq option.
Ilya Maximets [Fri, 8 Jul 2016 13:52:38 +0000 (16:52 +0300)]
netdev-dummy: Add n_txq option.

Will be used for testing with different numbers of TX queues.

Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
7 years agonetdev-dpdk: Obtain number of queues for vhost ports from attached virtio.
Ilya Maximets [Fri, 8 Jul 2016 13:52:37 +0000 (16:52 +0300)]
netdev-dpdk: Obtain number of queues for vhost ports from attached virtio.

Currently, there are few inconsistencies in ways to configure number of
queues for netdev device:

* dpif-netdev can't know about exact number of queues
  allocated inside netdev.
  This leads to constant mapping of queue-ids to 'real' ones.

* We are able to configure 'n_rxq' for vhost-user devices, but
  there is only one sane number of rx queues which must be used
  and configured manually (number of queues that allocated
  in QEMU).

This patch disables configuration of 'n_rxq' for DPDK vHost devices.
Configuration of rx and tx queues now automatically applied from
connected virtio device. Standard reconfiguration mechanism was used to
apply this changes.

Also, now 'n_txq' and 'n_rxq' are always the real numbers of queues
in the device.

Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
7 years agoovn: Support l2gateway-chassis option in "l2gateway" logical ports
Numan Siddique [Fri, 8 Jul 2016 11:37:37 +0000 (17:07 +0530)]
ovn: Support l2gateway-chassis option in "l2gateway" logical ports

ovn-controller will now bind the l2gateway logical ports.

Signed-Off-by: Numan Siddique <nusiddiq@redhat.com>
Signed-off-by: Russell Bryant <russell@ovn.org>
7 years agoovn test: Skip "send gratuitous arp on localnet" if no Python installed
Paul Boca [Mon, 4 Jul 2016 10:00:47 +0000 (10:00 +0000)]
ovn test: Skip "send gratuitous arp on localnet" if no Python installed

This test needs Python in order to run.

Signed-off-by: Paul-Daniel Boca <pboca@cloudbasesolutions.com>
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Russell Bryant <russell@ovn.org>
7 years agoINSTALL.Docker.md: Clarify OVS python library path.
Gurucharan Shetty [Thu, 7 Jul 2016 08:28:54 +0000 (01:28 -0700)]
INSTALL.Docker.md: Clarify OVS python library path.

Reported-by: Taekho Nam <thnam@smartx.kr>
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Russell Bryant <russell@ovn.org>
7 years agoovn-sbctl: Change lport-(un)bind to lsp-(un)bind.
Russell Bryant [Fri, 24 Jun 2016 20:36:36 +0000 (16:36 -0400)]
ovn-sbctl: Change lport-(un)bind to lsp-(un)bind.

A previous commit changed the command names in ovn-nbctl from lport-* to
lsp-*.  Change lport-bind and lport-unbind in ovn-sbctl to match.

Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-by: Amitabha Biswas <abiswas@us.ibm.com>
Acked-by: Ben Pfaff <blp@ovn.org>
7 years agoovn: improve OVN tutorial.
nickcooper-zhangtonghao [Mon, 4 Jul 2016 15:03:49 +0000 (08:03 -0700)]
ovn: improve OVN tutorial.

Improve the tutorial of the basic OVN features. The addresses and port_security
columns of the logical port is described in more detail.

Signed-off-by: nickcooper-zhangtonghao <nickcooper-zhangtonghao@opencloud.tech>
Signed-off-by: Russell Bryant <russell@ovn.org>
7 years agoovn-controller: Remove old address set after change.
Ryan Moats [Thu, 7 Jul 2016 18:37:04 +0000 (13:37 -0500)]
ovn-controller: Remove old address set after change.

Currently, when address set value changes, ovn controller
doesn't remove the old entry from the tracking hash, it
just adds the new one, leading to multiple entries for the
same symbol.

Fix this behavior and add a smoke test to avoid a regression
in the future.

Signed-off-by: Ryan Moats <rmoats@us.ibm.com>
Acked-by: Flavio Fernandes <flavio@flaviof.com>
Signed-off-by: Russell Bryant <russell@ovn.org>
7 years agoMakefile.am: Add INSTALL.DPDK-ADVANCED.md to EXTRA_DIST.
Daniele Di Proietto [Wed, 6 Jul 2016 23:07:56 +0000 (16:07 -0700)]
Makefile.am: Add INSTALL.DPDK-ADVANCED.md to EXTRA_DIST.

Fixes: c9b9d6dfc06c("INSTALL.DPDK: Refactor DPDK install guide, add
ADVANCED doc")

Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
7 years agonetdev-linux: Do not log a warning if the device is down.
Daniele Di Proietto [Thu, 7 Jul 2016 01:09:12 +0000 (18:09 -0700)]
netdev-linux: Do not log a warning if the device is down.

In the userspace datapath we use tap devices as internal netdev.  The
datapath doesn't consider whether a device is up or down before sending
to it, and so far this hasn't been a problem.

Since Linux upstream commit 1bd4978a88ac("tun: honor IFF_UP in
tun_get_user()"), included in 4.4, writing to a tap device that is not
up sets errno to EIO.  This commit avoids printing a warning in this
case.

This fixes a failures in the system-userspace-testsuites.

Reported-by: Joe Stringer <joe@ovn.org>
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Ben Pfaff <blp@ovn.org>
7 years agovlog.py: Remove redundant setLevel() if "/dev/log" doesn't exist.
Daniele Di Proietto [Wed, 6 Jul 2016 23:39:15 +0000 (16:39 -0700)]
vlog.py: Remove redundant setLevel() if "/dev/log" doesn't exist.

Also update a comment.

Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Gurucharan Shetty <guru@ovn.org>
7 years agonetdev-dpdk: Use instant sending instead of queueing of packets.
Ilya Maximets [Mon, 27 Jun 2016 13:28:16 +0000 (16:28 +0300)]
netdev-dpdk: Use instant sending instead of queueing of packets.

Current implementarion of TX packet's queueing is broken in several ways:

* TX queue flushing implemented on receive assumes that all
  core_id-s are sequential and starts from zero. This may lead
  to situation when packets will stuck in queue forever and,
  also, this influences on latency.

* For a long time flushing logic depends on uninitialized
  'txq_needs_locking', because it usually calculated after
  'netdev_dpdk_alloc_txq' but used inside of this function
  for initialization of 'flush_tx'.

Testing shows no performance difference with and without queueing.
Lets remove queueing at all because it doesn't work properly now and
also does not increase performance.

Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
7 years agoINSTALL.DPDK: Refactor DPDK install guide, add ADVANCED doc
Bhanuprakash Bodireddy [Wed, 6 Jul 2016 13:06:39 +0000 (14:06 +0100)]
INSTALL.DPDK: Refactor DPDK install guide, add ADVANCED doc

Add INSTALL.DPDK-ADVANCED document that is forked off from original
INSTALL.DPDK guide. This document is targeted at users looking for
optimum performance on OVS using dpdk datapath.

Signed-off-by: Bhanuprakash Bodireddy <bhanuprakash.bodireddy@intel.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
7 years agoINSTALL.DPDK: Refactor DPDK install documentation
Bhanuprakash Bodireddy [Wed, 6 Jul 2016 13:06:38 +0000 (14:06 +0100)]
INSTALL.DPDK: Refactor DPDK install documentation

Refactor the INSTALL.DPDK in to two documents named INSTALL.DPDK and
INSTALL.DPDK-ADVANCED. While INSTALL.DPDK document shall facilitate the
novice user in setting up the OVS DPDK and running it out of box, the
ADVANCED document is targeted at expert users looking for the optimum
performance running dpdk datapath.

This commit updates INSTALL.DPDK.md document.

Signed-off-by: Bhanuprakash Bodireddy <bhanuprakash.bodireddy@intel.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
7 years agovlog test: Disable default syslog logger
Paul Boca [Wed, 6 Jul 2016 12:38:32 +0000 (12:38 +0000)]
vlog test: Disable default syslog logger

Disable the syslog logger in case on Windows, '/dev/log' doesn't exist.
Seems like on Python34 a default handler is added to the logger and it prints
even if no handler is set by us.

Signed-off-by: Paul-Daniel Boca <pboca@cloudbasesolutions.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
7 years agobridge: open_type should be used for netdev_open
Thadeu Lima de Souza Cascardo [Mon, 4 Jul 2016 18:19:56 +0000 (15:19 -0300)]
bridge: open_type should be used for netdev_open

ofproto_port_open_type should be used for netdev_open, but not for other tests.
For example, STP/RSTP check for interfaces of internal type, but that check will
fail when the netdev datapath is used.

The same thing goes for setting MAC address of internal Interfaces. That fails
for the netdev datapath because the interface type is set to "tap", but they are
still interfaces of type "internal", just their netdev implementation is
different.

Use a netdev_type for the type that needs to be used for netdev_open and
ofproto_port, while we still keep the type as the normalized configured type in
the database.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Jesse Gross <jesse@kernel.org>
7 years agoovs-ofctl: Clarify CT action documentation.
Jarno Rajahalme [Wed, 6 Jul 2016 07:47:20 +0000 (00:47 -0700)]
ovs-ofctl: Clarify CT action documentation.

Since the 'commit' flag is required to set the mark and/or labels, the
set values are always available for following lookups.

Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
7 years agoovn.at: Use = instead of == for test
YAMAMOTO Takashi [Tue, 5 Jul 2016 08:04:47 +0000 (08:04 +0000)]
ovn.at: Use = instead of == for test

== is a GNU extension which might not be available.

Signed-off-by: YAMAMOTO Takashi <yamamoto@ovn.org>
Acked-By: Ryan Moats <rmoats@us.ibm.com>
Acked-by: Ben Pfaff <blp@ovn.org>
7 years agolib: Remove extra API dependency for ovs_thread_create()
Andy Zhou [Fri, 17 Jun 2016 22:41:26 +0000 (15:41 -0700)]
lib: Remove extra API dependency for ovs_thread_create()

When calling ovs_thread_create() without calling fatal_signal_init()
first, ovs_thread_create() some times asserts. This dependency is
subtle and not very obvious.

The root cause seems to be that, within ovs_thread_create(), the
multi-threaded state is declared before all initializations are done.

Signed-off-by: Andy Zhou <azhou@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
7 years agonetlink-notifier: Avoid valgrind possible leak warning.
Ben Pfaff [Tue, 5 Jul 2016 15:33:05 +0000 (08:33 -0700)]
netlink-notifier: Avoid valgrind possible leak warning.

This ensures that pointers to nln_notifiers are to the beginning of the
structs instead of to the middle, meaning that valgrind does not consider
them "possible" leaks.

Reported-by: William Tu <u9012063@gmail.com>
Tested-by: William Tu <u9012063@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
7 years agobridge: Add assertion to document an invariant in find_local_hw_addr().
Ben Pfaff [Sun, 3 Jul 2016 04:16:55 +0000 (21:16 -0700)]
bridge: Add assertion to document an invariant in find_local_hw_addr().

Avoids a possible null pointer dereference report from Clang.

Reported-at: http://openvswitch.org/pipermail/dev/2016-June/073967.html
Signed-off-by: Ben Pfaff <blp@ovn.org>
Tested-by: William Tu <u9012063@gmail.com>
7 years agoovn: Add support for Load balancers.
Gurucharan Shetty [Wed, 15 Jun 2016 13:24:30 +0000 (06:24 -0700)]
ovn: Add support for Load balancers.

This commit adds schema changes to the OVN_Northbound database to support
Load balancers.

In ovn-northd, it adds two logical tables to program logical flows.
It adds a 'pre_lb' table that sits before 'pre_stateful' table.
For packets that need to be load balanced, this table sets reg0[0]
to act as a hint for the pre-stateful table to send the packet to
the conntrack table for defragmentation.

It also adds a 'lb' table that sits before 'stateful' table.
For packets from established connections, this table sets reg0[2] to
indicate to the 'stateful' table that the packet needs to be sent to
connection tracking table to just do NAT.

In stateful table, packet for a new connection that needs to be load balanced
is given a ct_lb($IP_LIST) action.

Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
7 years agoovn-controller: Add support for load balancing.
Gurucharan Shetty [Sun, 3 Jul 2016 12:31:37 +0000 (05:31 -0700)]
ovn-controller: Add support for load balancing.

ovn-controller now supports 2 new logical actions.

1. ct_lb;
Sends the packet through the conntrack zone to NAT
packets. Packets that are part of established connection
will automatically get NATed based on the NAT arguments
supplied to conntrack when the first packet was committed.

2. ct_lb(192.168.1.2, 192.168.1.3);
   ct_lb(192.168.1.2:80, 192.168.1.3:80);
Creates an OpenFlow group with multiple buckets and equal weights
that changes the destination IP address (and port number) of the packet
statefully to one of the options provided inside the parenthesis.

Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
7 years agoovn: Add colon token to lexer, to support parsing "1.2.3.4:5".
Ben Pfaff [Sun, 3 Jul 2016 10:34:53 +0000 (03:34 -0700)]
ovn: Add colon token to lexer, to support parsing "1.2.3.4:5".

Signed-off-by: Ben Pfaff <blp@ovn.org>
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
7 years agoovn: Reduce duplicated process termination code in test scripts.
Lance Richardson [Sun, 3 Jul 2016 20:54:33 +0000 (16:54 -0400)]
ovn: Reduce duplicated process termination code in test scripts.

This change set introduces new macros to simplify and consolidate
process termination handling for OVN test cases.

Signed-off-by: Lance Richardson <lrichard@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
7 years agolflow: Refactor neighbor flows.
Ryan Moats [Sun, 3 Jul 2016 15:35:32 +0000 (10:35 -0500)]
lflow: Refactor neighbor flows.

Extract block within SBREC_MAC_BINDING_FOR_EACH loop within
add_neighbor_flows to helper method so it can be reused when
doing incremental processing.

Signed-off-by: Ryan Moats <rmoats@us.ibm.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
7 years agophysical: Refactor multicast group processing.
Ryan Moats [Sun, 3 Jul 2016 15:35:31 +0000 (10:35 -0500)]
physical: Refactor multicast group processing.

Extract block from SBREC_MULTICAST_GROUP_FOR_EACH block
in physical_run to helper method so that it can be reused when
doing incremental processing.

Signed-off-by: Ryan Moats <rmoats@us.ibm.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
7 years agophysical: Refactor port binding processing.
Ryan Moats [Sun, 3 Jul 2016 15:35:30 +0000 (10:35 -0500)]
physical: Refactor port binding processing.

Extract block from SBREC_PORT_BINDING_FOR_EACH block in
physical_run to helper method so that it can be reused when
doing incremental processing.

Side effects:
  - localvif_to_oport and tunnels are now static file scoped.
  - the is_new parameter is added for use in a later patch set.

Signed-off-by: Ryan Moats <rmoats@us.ibm.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
7 years agolflow: Refactor lflow handling into new function consider_logical_flow().
Ryan Moats [Sun, 3 Jul 2016 15:35:29 +0000 (10:35 -0500)]
lflow: Refactor lflow handling into new function consider_logical_flow().

Refactor code block inside of SBREC_LOGICAL_FLOW_FOR_EACH
loop in add_logical_flow so that this can be reused when
incremental processing is added.

Signed-off-by: Ryan Moats <rmoats@us.ibm.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
7 years agoChange tracking structures to use struct uuids
Ryan Moats [Sun, 3 Jul 2016 15:35:28 +0000 (10:35 -0500)]
Change tracking structures to use struct uuids

In encaps.c, binding.c, and lport.c incremental processing
is aided by tracking entries by their ovsdb row uuids.
The original patch sets used pointers, which might lead
to errors if the ovsdb row uuid memory is released.  So,
use actual structures to hold the values instead.

Signed-off-by: Ryan Moats <rmoats@us.ibm.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
7 years agoovn-northd: Introduce stateful table.
Gurucharan Shetty [Wed, 25 May 2016 08:47:57 +0000 (01:47 -0700)]
ovn-northd: Introduce stateful table.

Currently, the only use of stateful services in conntrack is
OVN ACLs. In table ACL, we commit the packet to conntrack
via ct_commit action.

As we introduce more stateful services, the ACL feature will
have to share the conntrack module with others. As
preparation for more stateful features like load balancing,
this commit introduces a new stateful table
that is responsible to commit packets to conntrack via
ct_commit action. If ACL table needs to commit a packet,
it sets 'reg0[1]' as 1. Stateful table in-turn will commit
the packet if 'reg0[1]' is 1.

Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
7 years agoovn-northd: Introduce pre-stateful table.
Gurucharan Shetty [Wed, 25 May 2016 08:05:46 +0000 (01:05 -0700)]
ovn-northd: Introduce pre-stateful table.

Currently, the only use of stateful services in conntrack is
OVN ACLs. In table pre-ACL, we send the packet to conntrack
to track it (to get its status) and to defrag via the ct_next
action.

As we introduce more stateful services, the ACL feature will
have to share the conntrack module with others. As
preparation for more stateful features like loadbalancing,
this commit introduces a new pre-stateful table that is
responsible to send packets through conntrack via
ct_next action. If pre-ACL table needs to send a packet
through conntrack, it just sets the 'reg0[0]' as 1.
Pre-stateful table in-turn will send the packet to conntrack
if 'reg0[0]' is 1.

Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
7 years agobuild: Skip check-export-symbol on Windows
Alin Serdean [Sun, 3 Jul 2016 17:14:54 +0000 (17:14 +0000)]
build: Skip check-export-symbol on Windows

This patch makes automake skip the function 'check-export-symbol' under
Windows.

The main reason is that msys does not have an implementation of rev
used by:
https://github.com/openvswitch/ovs/blob/master/datapath/Makefile.am#L34

and can be seen on:
https://ci.appveyor.com/project/blp/ovs/build/1.0.1851#L322

Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Co-authored-by: Ben Pfaff <blp@ovn.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
7 years agoovn: Add address set support for ACLs.
Russell Bryant [Sun, 3 Jul 2016 15:35:26 +0000 (10:35 -0500)]
ovn: Add address set support for ACLs.

This feature was originally proposed here:

  http://openvswitch.org/pipermail/dev/2016-March/067440.html

A common use case for OVN ACLs involves needing to match a set of IP
addresses.

   outport == "lp1" && ip4.src == {10.0.0.5, 10.0.0.25, 10.0.0.50}

This example match only has 3 addresses, but it could easily have
hundreds of addresses.  In some cases, the same large set of addresses
needs to be used in several ACLs.

This patch adds a new Address_Set table to OVN_Northbound so that a set
of addresses can be specified once and then referred to by name in ACLs.
To recreate the above example, you would first create an address set:

  $ ovn-nbctl create Address_Set name=set1 addresses="10.0.0.5","10.0.0.25","10.0.0.50"

Then you can refer to this address set by name in an ACL match:

  outport == "lp1" && ip4.src == $set1

Signed-off-by: Russell Bryant <russell@ovn.org>
Signed-off-by: Babu Shanmugam <bschanmu@redhat.com>
Co-authored-by: Flavio Fernandes <flavio@flaviof.com>
Signed-off-by: Flavio Fernandes <flavio@flaviof.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
7 years agoovn-controller: process lport bindings only when transaction is possible
Lance Richardson [Sat, 2 Jul 2016 17:56:21 +0000 (13:56 -0400)]
ovn-controller: process lport bindings only when transaction is possible

As currently implemented, binding_run() normally updates the set of
locally owned logical ports on each call.  When changes to the
membership of this set are detected (i.e. when locally bound
logical ports are added or deleted), additional processing to
update the sb database with lport binding is performed.

However, the sb database can only be updated when a transaction to
the sb database is possible (that is, when ctx->ovnsb_idl_txn is
non-NULL).  If a new logical port is detected  while ctx->ovnsb_idl_txn
happens to be NULL, its binding information will not be updated in
the the sb database until another change to the set of locally-owned
logical ports changes. If no such change ever occurs, the sb database
is never updated with the appropriate binding information.

Eliminate this issue by only updating the set of locally owned logical
ports when an sb database transaction is possible. This addresses
a cause of occasional failures in the "3 HVs, 3 LS, 3 lports/LS, 1 LR"
test case.

The failing scenario goes like this:
   1) Test case logical network setup is complete.
   2) The last physical network port is added via
      as hv3 ovs-vsctl --add-port ... --set Interface vif333 external-ids:iface-id=lp333
   3) hv3 ovn-controller receives update from hv3 ovsdb-server with above mapping,
      binding_run() is called, and ctx->ovnsb_idl_txn happens to be NULL.
   4) binding_run() calls get_local_iface_ids(), which recognizes the new
      local port as matching a logical port, so the lp333 is added to the
      global ssets "lports" and "all_lports".  This means lp333 will not be treated
      as a new logical port on subsequent calls. Because getLocal_iface_ids()
      has discovered a new lport, it returns changed = true.
   5) Because get_local_iface_ids() returned true, binding_run() sets process_full_binding
      to true.
   6) Because process_full_binding is true, binding_run() calls consider_local_datapath()
      for each logical port in shash_lports (which now includes lp333).
   7) consider_local_datapath() processing returns without calling
      sbrec_port_binding_set_chassis() because ctx->ovnsb_idl_txn is NULL.
   8) There are subsequent calls to binding_run() with non-NULL ctx->ovnsb_idl,
      but because lp333 is already in the "lports" sset, get_local_iface_ids()
      returns changed=false, so process_full_binding is false, which means
      consider_local_datapath() is not called for lp333.
   9) Because consider_local_datapath() is not called for lp333, the sb database
      is not updated with the lport/chassis binding.

Hopefully the above is intelligible. Another way of looking at it would be
to say the condition for calling consider_local_datapath() is an "edge trigger",
this change suppresses the trigger until the necessary actions can be performed.

Signed-off-by: Lance Richardson <lrichard@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
7 years agoovn-nbctl: Improve manpage.
nickcooper-zhangtonghao [Sat, 2 Jul 2016 05:36:31 +0000 (13:36 +0800)]
ovn-nbctl: Improve manpage.

If there are multiple logical switches or routers with a duplicate name,
the configuration is slightly different. You should configure the logical
switches or routers using the UUID instead of the name.

Signed-off-by: nickcooper-zhangtonghao <nickcooper-zhangtonghao@opencloud.tech>
Signed-off-by: Ben Pfaff <blp@ovn.org>
7 years agoovn-northd.8: Update documentation.
Gurucharan Shetty [Wed, 25 May 2016 06:28:45 +0000 (23:28 -0700)]
ovn-northd.8: Update documentation.

When new tables are introduced, it gets a little harder to
track all the different table numbers used in the documentation.
This commit changes some table numbers to names to make it a little
easier to update documentation when new tables are introduced in the
upcoming commits.

Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
7 years agoutilities: ovs-ctl: Drop duplicate line
Markos Chandras [Fri, 1 Jul 2016 09:31:25 +0000 (10:31 +0100)]
utilities: ovs-ctl: Drop duplicate line

The --ovs-vswitchd-wrapper=WRAPPER line is referenced twice so drop it.

Signed-off-by: Markos Chandras <mchandras@suse.de>
Signed-off-by: Ben Pfaff <blp@ovn.org>
7 years agoovn-northd: Split ACL and pre-ACL processing.
Gurucharan Shetty [Thu, 18 Feb 2016 07:54:21 +0000 (23:54 -0800)]
ovn-northd: Split ACL and pre-ACL processing.

Future patches introduce more tables between
pre-ACL and ACL processing. As such, it looks
easier to separate these out into separate
functions to enhance code readability.

Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
7 years agoofproto-dpif-mirror: Add mirror snaplen support.
William Tu [Wed, 29 Jun 2016 21:38:02 +0000 (14:38 -0700)]
ofproto-dpif-mirror: Add mirror snaplen support.

This patch adds a 'snaplen' config for mirroring table.  A mirrored packet
with size larger than snaplen bytes will be truncated in datapath before
sending to the mirror output port.

Tested-at: https://travis-ci.org/williamtu/ovs-travis/builds/141186839
Signed-off-by: William Tu <u9012063@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
7 years agovagrant: Add FreeBSD 10.2 box support.
William Tu [Wed, 29 Jun 2016 17:35:00 +0000 (10:35 -0700)]
vagrant: Add FreeBSD 10.2 box support.

Add FreeBSD 10.2 vagrant file "Vagrantfile-FreeBSD".  Users can run
'VAGRANT_VAGRANTFILE=Vagrantfile-FreeBSD vagrant up' to test basic
OVS configure, build, and check.

Signed-off-by: William Tu <u9012063@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
7 years agoovsdb: Fix dead assignment reported by clang.
William Tu [Wed, 29 Jun 2016 05:02:28 +0000 (22:02 -0700)]
ovsdb: Fix dead assignment reported by clang.

Clang reports variable 'error' never been used.  Fix by
returning error when table_update->type != JSON_OBJECT.

Signed-off-by: William Tu <u9012063@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
7 years agoovn-nbctl: Fix double free in nbctl_lr_route_list().
William Tu [Wed, 29 Jun 2016 05:02:26 +0000 (22:02 -0700)]
ovn-nbctl: Fix double free in nbctl_lr_route_list().

The intent here was to free the error reported by ipv6_parse_cidr(),
but in fact the error reported by that function was discarded and
the previous error from ip_parse_cidr() was freed again.

Signed-off-by: William Tu <u9012063@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
7 years agoovn-controller-vtep: Remove dead increment.
William Tu [Wed, 29 Jun 2016 05:02:25 +0000 (22:02 -0700)]
ovn-controller-vtep: Remove dead increment.

Found by Clang.

Signed-off-by: William Tu <u9012063@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
7 years agonetlink: Avoid passing NULL pointer to memcpy(), even with zero length.
William Tu [Wed, 29 Jun 2016 05:02:24 +0000 (22:02 -0700)]
netlink: Avoid passing NULL pointer to memcpy(), even with zero length.

In nl_msg_push_flag(), the 3rd NULL parameter causing 'memcpy()'
with NULL source pointer in nl_msg_push_unspec().

Found by Clang.

Signed-off-by: William Tu <u9012063@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
7 years agoFix dead assignments.
William Tu [Wed, 29 Jun 2016 05:02:23 +0000 (22:02 -0700)]
Fix dead assignments.

Found by Clang.

Signed-off-by: William Tu <u9012063@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
7 years agoofproto: Add relaxed group_mod command ADD_OR_MOD
Jan Scheurich [Tue, 28 Jun 2016 22:29:25 +0000 (00:29 +0200)]
ofproto: Add relaxed group_mod command ADD_OR_MOD

This patch adds support for a new Group Mod command OFPGC_ADD_OR_MOD to
OVS for all OpenFlow versions that support groups (OF11 and higher).
The new ADD_OR_MOD creates a group that does not yet exist (like ADD)
and modifies an existing group (like MODIFY).

Rational: In OpenFlow 1.x the Group Mod commands OFPGC_ADD and
OFPGC_MODIFY have strict semantics: ADD fails if the group exists,
while MODIFY fails if the group does not exist. This requires a
controller to exactly know the state of the switch when programming a
group in order not run the risk of getting an OFP Error message in
response. This is hard to achieve and maintain at all times in view of
possible switch and controller restarts or other connection losses
between switch and controller.

Due to the un-acknowledged nature of the Group Mod message programming
groups safely and efficiently at the same time is virtually impossible
as the controller has to either query the existence of the group prior
to each Group Mod message or to insert a Barrier Request/Reply after
every group to be sure that no Error can be received at a later stage
and require a complicated roll-back of any dependent actions taken
between the failed Group Mod and the Error.

In the ovs-ofctl command line the ADD_OR_MOD command is made available
through the new option --may-create in the mod-group command:

$ ovs-ofctl -Oopenflow13 del-groups br-int group_id=100

$ ovs-ofctl -Oopenflow13 mod-group br-int
group_id=100,type=indirect,bucket=actions=2 OFPT_ERROR (OF1.3)
(xid=0x2): OFPGMFC_UNKNOWN_GROUP OFPT_GROUP_MOD (OF1.3) (xid=0x2):
 MOD group_id=100,type=indirect,bucket=actions=output:2

$ ovs-ofctl -Oopenflow13 --may-create mod-group br-int
group_id=100,type=indirect,bucket=actions=2

$ ovs-ofctl -Oopenflow13 dump-groups br-int
OFPST_GROUP_DESC reply (OF1.3) (xid=0x2):
 group_id=100,type=indirect,bucket=actions=output:2

$ ovs-ofctl -Oopenflow13 --may-create mod-group br-int
group_id=100,type=indirect,bucket=actions=3

$ ovs-ofctl -Oopenflow13 dump-groups br-int
OFPST_GROUP_DESC reply (OF1.3) (xid=0x2):
 group_id=100,type=indirect,bucket=actions=output:3

Signed-off-by: Jan Scheurich <jan.scheurich at web.de>
Signed-off-by: Ben Pfaff <blp@ovn.org>
7 years agoovn: Add address set support.
Russell Bryant [Tue, 28 Jun 2016 08:50:40 +0000 (14:20 +0530)]
ovn: Add address set support.

Update the OVN expression parser to support address sets.  Previously,
you could have a set of IP or MAC addresses in this form:

    {addr1, addr2, ..., addrN}

This patch adds support for a bit of indirection where we can define a
set of addresses and refer to them by name.

    $name

This '$name' can be used in the expresssions like

    {addr1, addr2, $name, ... }
    {$name}
    $name

A future patch will expose the ability to define address sets for use.

Signed-off-by: Russell Bryant <russell@ovn.org>
Co-authored-by: Babu Shanmugam <bschanmu@redhat.com>
Signed-off-by: Babu Shanmugam <bschanmu@redhat.com>
[blp@ovn.org made numerous small changes]
Signed-off-by: Ben Pfaff <blp@ovn.org>
7 years agoovn: gracefully exit daemons in "3 HVs, 3 LS, 3 lports/LS, 1 LR" test
Lance Richardson [Sat, 2 Jul 2016 18:14:18 +0000 (14:14 -0400)]
ovn: gracefully exit daemons in "3 HVs, 3 LS, 3 lports/LS, 1 LR" test

Gracefully exit all daemons in this test case.

Signed-off-by: Lance Richardson <lrichard@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
7 years agoovn: Add 'na' action and lflow for ND
Zong Kai LI [Mon, 27 Jun 2016 06:54:52 +0000 (14:54 +0800)]
ovn: Add 'na' action and lflow for ND

This patch tries to support ND versus ARP for OVN.

It adds a new OVN action 'na' in ovn-controller side, and modify lflows
for 'na' action and relevant packets in ovn-northd.

First, for ovn-northd, it will generate lflows per each lport with its
IPv6 addresses and mac addresss, with 'na' action, such as:
  match=(icmp6 && icmp6.type == 135 &&
         (nd.target == fd81:ce49:a948:0:f816:3eff:fe46:8a42 ||
          nd.target == fd81:ce49:b123:0:f816:3eff:fe46:8a42)),
  action=(na { eth.src = fa:16:3e:46:8a:42; nd.tll = fa:16:3e:46:8a:42;
               outport = inport;
               inport = ""; /* Allow sending out inport. */ output; };)

and new lflows will be set in tabel ls_in_arp_nd_rsp, which is renamed
from previous ls_in_arp_rsp.

Later, for ovn-controller, when it received a ND packet, it frames a
template NA packet for reply. The NA packet will be initialized based on
ND packet, such as NA packet will use:
 - ND packet eth.src as eth.dst,
 - ND packet eth.dst as eth.src,
 - ND packet ip6.src as ip6.dst,
 - ND packet nd.target as ip6.src,
 - ND packet eth.dst as nd.tll.

Finally, nested actions in 'na' action will update necessary fileds
for NA packet, such as:
 - eth.src, nd.tll
 - inport, outport

Since patch port for IPv6 router interface is not ready yet, this
patch will only try to deal with ND from VM. This patch will set
RSO flags to 011 for NA packets.

This patch also modified current ACL lflows for ND, not to do conntrack
on ND and NA packets in following tables:
 - S_SWITCH_IN_PRE_ACL
 - S_SWITCH_OUT_PRE_ACL
 - S_SWITCH_IN_ACL
 - S_SWITCH_OUT_ACL

Signed-off-by: Zong Kai LI <zealokii@gmail.com>
[blp@ovn.org made several minor simplifications and improvements]
Signed-off-by: Ben Pfaff <blp@ovn.org>
7 years agoflow: New function is_nd().
Ben Pfaff [Sat, 2 Jul 2016 18:35:29 +0000 (11:35 -0700)]
flow: New function is_nd().

This simplifies a few pieces of code and will acquire another user in an
upcoming commit.

Signed-off-by: Ben Pfaff <blp@ovn.org>
7 years agogitignore: Update for Debian build artifacts.
Aaron Rosen [Wed, 22 Jun 2016 20:04:23 +0000 (13:04 -0700)]
gitignore: Update for Debian build artifacts.

After running: `fakeroot debian/rules binary`.

These files are left uncommitted to the source tree and should be ignored.

Signed-off-by: Aaron Rosen <aaronorosen@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
7 years agoTravis: Added python plugins flake8 and hacking.
William Townsend [Wed, 22 Jun 2016 19:48:15 +0000 (15:48 -0400)]
Travis: Added python plugins flake8 and hacking.

Travis builds will now automatically run flake8 and hacking checks against
Python code and generate warnings.

Signed-off-by: William Townsend <wtownsen@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Flavio Fernandes <flavio@flaviof.com>