Ciara Loftus [Fri, 6 May 2016 10:20:34 +0000 (11:20 +0100)]
netdev-dpdk: Print default vhost-sock-dir value & update documentation
When no vhost-sock-dir value is provided, print the default location.
Update the documentation to reflect the fact that vhost-sock-dir values
are now subdirectory loctions rather than full paths.
Fixes:
d8a8f353c23e ("netdev-dpdk: Restrict vhost_sock_dir")
Signed-off-by: Ciara Loftus <ciara.loftus@intel.com>
Acked-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
mweglicx [Thu, 5 May 2016 08:46:01 +0000 (09:46 +0100)]
Add support for extended netdev statistics based on RFC 2819.
Implementation of new statistics extension for DPDK ports:
- Add new counters definition to netdev struct and open flow,
based on RFC2819.
- Initialize netdev statistics as "filtered out"
before passing it to particular netdev implementation
(because of that change, statistics which are not
collected are reported as filtered out, and some
unit tests were modified in this respect).
- New statistics are retrieved using experimenter code and
are printed as a result to ofctl dump-ports.
- New counters are available for OpenFlow 1.4+.
- Add new vendor id: INTEL_VENDOR_ID.
- New statistics are printed to output via ofctl only if those
are present in reply message.
- Add new file header: include/openflow/intel-ext.h which
contains new statistics definition.
- Extended statistics are implemented only for dpdk-physical
and dpdk-vhost port types.
- Dpdk-physical implementation uses xstats to collect statistics.
- Dpdk-vhost implements only part of statistics (RX packet sized
based counters).
Signed-off-by: Michal Weglicki <michalx.weglicki@intel.com>
[blp@ovn.org made software devices more consistent]
Signed-off-by: Ben Pfaff <blp@ovn.org>
RYAN D. MOATS [Fri, 22 Apr 2016 21:35:37 +0000 (16:35 -0500)]
Add change tracking documentation
Change tracking is a bit different from what someone with
"classic" database experience might expect, so let's add
the knowledged gained from the experience of making change
tracking work for incremental processing.
Signed-off-by: RYAN D. MOATS <rmoats@us.ibm.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Hui Kang [Tue, 19 Apr 2016 17:50:25 +0000 (13:50 -0400)]
ovn-sbctl: Display correct ovnsb sock location in help message.
Signed-off-by: Hui Kang <kangh@us.ibm.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Daniele Di Proietto [Tue, 3 May 2016 23:35:10 +0000 (16:35 -0700)]
dpif-netdev: Fix dp_netdev_pmd_remove_flow().
After removing a flow from the dpcls classifier there might still be
readers who have access to the flow, until the next grace period.
Setting flow->cr.mask to NULL can cause concurrent readers to crash,
so this commit avoids doing it.
The crash can be reproduced, for example, by invoking an operation
that cause datapath flows to be deleted (such as `ovs-appctl
upcall/enable-megaflows`) while traffic is running.
I think the assignment was intended just as a safety measure to catch
race conditions, and it should be safe to remove.
Here's a stack trace of a possible crash:
Program terminated with signal SIGSEGV, Segmentation fault.
rule=0x7f3ae8006190) at ../lib/dpif-netdev.c:4156
4156 if (OVS_UNLIKELY((value & *maskp++) != *keyp++)) {
(gdb) bt
rule=0x7f3ae8006190) at ../lib/dpif-netdev.c:4156
rules=0x7f3afa3f2e40, cnt=<optimized out>) at ../lib/dpif-netdev.c:4225
(pmd=pmd@entry=0x7f3afa3fc010, packets=packets@entry=0x7f3afa3fa420,
cnt=cnt@entry=32, keys=keys@entry=0x7f3afa3f6428,
batches=batches@entry=0x7f3afa3f4118,
n_batches=n_batches@entry=0x7f3afa3fa3b0)
at ../lib/dpif-netdev.c:3483
(pmd=pmd@entry=0x7f3afa3fc010, packets=packets@entry=0x7f3afa3fa420,
cnt=<optimized out>, md_is_valid=md_is_valid@entry=false,
port_no=<optimized out>) at ../lib/dpif-netdev.c:3625
cnt=<optimized out>, packets=0x7f3afa3fa420, pmd=0x7f3afa3fc010) at
../lib/dpif-netdev.c:3642
rxq=<optimized out>, port=<optimized out>, port=<optimized out>) at
../lib/dpif-netdev.c:2574
../lib/dpif-netdev.c:2693
../lib/ovs-thread.c:340
pthread_create.c:312
../sysdeps/unix/sysv/linux/x86_64/clone.S:111
Fixes:
361d808dd9e4("flow: Split miniflow's map.")
CC: Jarno Rajahalme <jarno@ovn.org>
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Steve Ruan [Tue, 3 May 2016 12:06:50 +0000 (07:06 -0500)]
ovn-northd: Add support for static_routes.
Logical patch ports are used to connect logical routers
together. Static routes are used to select between different logical router
ports when exiting a logical router.
Reported-by: Na Zhu <nazhu@cn.ibm.com>
Reported-by: Dustin Lundquist <dlundquist@linux.vnet.ibm.com>
Reported-at:
https://bugs.launchpad.net/networking-ovn/+bug/
1545140
https://bugs.launchpad.net/networking-ovn/+bug/
1539347
Signed-off-by: Steve Ruan <ruansx@cn.ibm.com>
[guru@ovn.org provided the unit test.]
Co-authored-by: Gurucharan Shetty <guru@ovn.org>
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Joe Stringer [Tue, 3 May 2016 22:44:15 +0000 (15:44 -0700)]
check-kmod: Remove all OVS modules in this target.
The make check-kmod target would previously attempt to only remove the
openvswitch module, which would fail if any vport modules were loaded.
Remove those modules too, to allow the target to proceed.
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Andy Zhou <azhou@ovn.org>
Jarno Rajahalme [Wed, 4 May 2016 20:00:06 +0000 (13:00 -0700)]
classifier: Remove rare optimization case.
This optimization applied when a staged lookup index would narrow down
to a single rule, which happens sometimes is simple test cases, but
presumably less often in more populated flow tables. The result of
this optimization allowed a bit more general megaflows, but the bit
patterns produced were sometimes cryptic. Finally, a later fix to a
more important performance problem does not allow for this
optimization any more, so remove it now.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>
Acked-by: Ben Pfaff <blp@ovn.org>
Jarno Rajahalme [Wed, 4 May 2016 20:00:05 +0000 (13:00 -0700)]
classifier: Remove logging.
The only vlog line was a left over from debugging.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>
Acked-by: Ben Pfaff <blp@ovn.org>
Jarno Rajahalme [Wed, 4 May 2016 20:00:05 +0000 (13:00 -0700)]
classifier: Remove redundant index.
The test for figuring out if the last index had the same fields as the
actual rules map as broken, resulting into keeping an unnecessary
index around.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>
Acked-by: Ben Pfaff <blp@ovn.org>
Joe Stringer [Tue, 3 May 2016 00:47:33 +0000 (17:47 -0700)]
compat: Remove skbuff header helper backports.
These have existed largely since v2.6.22, so it's well overdue.
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
Joe Stringer [Tue, 3 May 2016 00:47:32 +0000 (17:47 -0700)]
compat: Remove unused ipv[46] backports.
These pieces #if on kernel versions which are not supported since commit
f2ab1536ddbc ("compat: Backport conntrack strictly to v3.10+.")
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
Joe Stringer [Mon, 2 May 2016 18:19:18 +0000 (11:19 -0700)]
compat: Document nf_defrag_ipv[46] backport.
Document how the IP(6) defrag backport works, and do minor style cleanups.
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
Joe Stringer [Mon, 2 May 2016 18:19:17 +0000 (11:19 -0700)]
datapath: Fix template leak in error cases.
Upstream commit:
openvswitch: Fix template leak in error cases.
Commit
2f3ab9f9fc23 ("openvswitch: Fix helper reference leak") fixed a
reference leak on helper objects, but inadvertently introduced a leak on
the ct template.
Previously, ct_info.ct->general.use was initialized to 0 by
nf_ct_tmpl_alloc() and only incremented when ovs_ct_copy_action()
returned successful. If an error occurred while adding the helper or
adding the action to the actions buffer, the __ovs_ct_free_action()
cleanup would use nf_ct_put() to free the entry; However, this relies on
atomic_dec_and_test(ct_info.ct->general.use). This reference must be
incremented first, or nf_ct_put() will never free it.
Fix the issue by acquiring a reference to the template immediately after
allocation.
Fixes:
cae3a2627520 ("openvswitch: Allow attaching helpers to ct action")
Fixes:
2f3ab9f9fc23 ("openvswitch: Fix helper reference leak")
Signed-off-by: Joe Stringer <joe@ovn.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream:
90c7afc96cbb ("openvswitch: Fix template leak in error cases.")
Fixes:
11251c170d92 ("datapath: Allow attaching helpers to ct action")
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
Joe Stringer [Mon, 2 May 2016 18:19:16 +0000 (11:19 -0700)]
datapath: Orphan skbs before IPv6 defrag
Upstream commit:
openvswitch: Orphan skbs before IPv6 defrag
This is the IPv6 counterpart to commit
8282f27449bf ("inet: frag: Always
orphan skbs inside ip_defrag()").
Prior to commit
029f7f3b8701 ("netfilter: ipv6: nf_defrag: avoid/free
clone operations"), ipv6 fragments sent to nf_ct_frag6_gather() would be
cloned (implicitly orphaning) prior to queueing for reassembly. As such,
when the IPv6 message is eventually reassembled, the skb->sk for all
fragments would be NULL. After that commit was introduced, rather than
cloning, the original skbs were queued directly without orphaning. The
end result is that all frags except for the first and last may have a
socket attached.
This commit explicitly orphans such skbs during nf_ct_frag6_gather() to
prevent BUG_ON(skb->sk) during a later call to ip6_fragment().
kernel BUG at net/ipv6/ip6_output.c:631!
[...]
Call Trace:
<IRQ>
[<
ffffffff810be8f7>] ? __lock_acquire+0x927/0x20a0
[<
ffffffffa042c7c0>] ? do_output.isra.28+0x1b0/0x1b0 [openvswitch]
[<
ffffffff810bb8a2>] ? __lock_is_held+0x52/0x70
[<
ffffffffa042c587>] ovs_fragment+0x1f7/0x280 [openvswitch]
[<
ffffffff810bdab5>] ? mark_held_locks+0x75/0xa0
[<
ffffffff817be416>] ? _raw_spin_unlock_irqrestore+0x36/0x50
[<
ffffffff81697ea0>] ? dst_discard_out+0x20/0x20
[<
ffffffff81697e80>] ? dst_ifdown+0x80/0x80
[<
ffffffffa042c703>] do_output.isra.28+0xf3/0x1b0 [openvswitch]
[<
ffffffffa042d279>] do_execute_actions+0x709/0x12c0 [openvswitch]
[<
ffffffffa04340a4>] ? ovs_flow_stats_update+0x74/0x1e0 [openvswitch]
[<
ffffffffa04340d1>] ? ovs_flow_stats_update+0xa1/0x1e0 [openvswitch]
[<
ffffffff817be387>] ? _raw_spin_unlock+0x27/0x40
[<
ffffffffa042de75>] ovs_execute_actions+0x45/0x120 [openvswitch]
[<
ffffffffa0432d65>] ovs_dp_process_packet+0x85/0x150 [openvswitch]
[<
ffffffff817be387>] ? _raw_spin_unlock+0x27/0x40
[<
ffffffffa042def4>] ovs_execute_actions+0xc4/0x120 [openvswitch]
[<
ffffffffa0432d65>] ovs_dp_process_packet+0x85/0x150 [openvswitch]
[<
ffffffffa04337f2>] ? key_extract+0x442/0xc10 [openvswitch]
[<
ffffffffa043b26d>] ovs_vport_receive+0x5d/0xb0 [openvswitch]
[<
ffffffff810be8f7>] ? __lock_acquire+0x927/0x20a0
[<
ffffffff810be8f7>] ? __lock_acquire+0x927/0x20a0
[<
ffffffff810be8f7>] ? __lock_acquire+0x927/0x20a0
[<
ffffffff817be416>] ? _raw_spin_unlock_irqrestore+0x36/0x50
[<
ffffffffa043c11d>] internal_dev_xmit+0x6d/0x150 [openvswitch]
[<
ffffffffa043c0b5>] ? internal_dev_xmit+0x5/0x150 [openvswitch]
[<
ffffffff8168fb5f>] dev_hard_start_xmit+0x2df/0x660
[<
ffffffff8168f5ea>] ? validate_xmit_skb.isra.105.part.106+0x1a/0x2b0
[<
ffffffff81690925>] __dev_queue_xmit+0x8f5/0x950
[<
ffffffff81690080>] ? __dev_queue_xmit+0x50/0x950
[<
ffffffff810bdab5>] ? mark_held_locks+0x75/0xa0
[<
ffffffff81690990>] dev_queue_xmit+0x10/0x20
[<
ffffffff8169a418>] neigh_resolve_output+0x178/0x220
[<
ffffffff81752759>] ? ip6_finish_output2+0x219/0x7b0
[<
ffffffff81752759>] ip6_finish_output2+0x219/0x7b0
[<
ffffffff817525a5>] ? ip6_finish_output2+0x65/0x7b0
[<
ffffffff816cde2b>] ? ip_idents_reserve+0x6b/0x80
[<
ffffffff8175488f>] ? ip6_fragment+0x93f/0xc50
[<
ffffffff81754af1>] ip6_fragment+0xba1/0xc50
[<
ffffffff81752540>] ? ip6_flush_pending_frames+0x40/0x40
[<
ffffffff81754c6b>] ip6_finish_output+0xcb/0x1d0
[<
ffffffff81754dcf>] ip6_output+0x5f/0x1a0
[<
ffffffff81754ba0>] ? ip6_fragment+0xc50/0xc50
[<
ffffffff81797fbd>] ip6_local_out+0x3d/0x80
[<
ffffffff817554df>] ip6_send_skb+0x2f/0xc0
[<
ffffffff817555bd>] ip6_push_pending_frames+0x4d/0x50
[<
ffffffff817796cc>] icmpv6_push_pending_frames+0xac/0xe0
[<
ffffffff8177a4be>] icmpv6_echo_reply+0x42e/0x500
[<
ffffffff8177acbf>] icmpv6_rcv+0x4cf/0x580
[<
ffffffff81755ac7>] ip6_input_finish+0x1a7/0x690
[<
ffffffff81755925>] ? ip6_input_finish+0x5/0x690
[<
ffffffff817567a0>] ip6_input+0x30/0xa0
[<
ffffffff81755920>] ? ip6_rcv_finish+0x1a0/0x1a0
[<
ffffffff817557ce>] ip6_rcv_finish+0x4e/0x1a0
[<
ffffffff8175640f>] ipv6_rcv+0x45f/0x7c0
[<
ffffffff81755fe6>] ? ipv6_rcv+0x36/0x7c0
[<
ffffffff81755780>] ? ip6_make_skb+0x1c0/0x1c0
[<
ffffffff8168b649>] __netif_receive_skb_core+0x229/0xb80
[<
ffffffff810bdab5>] ? mark_held_locks+0x75/0xa0
[<
ffffffff8168c07f>] ? process_backlog+0x6f/0x230
[<
ffffffff8168bfb6>] __netif_receive_skb+0x16/0x70
[<
ffffffff8168c088>] process_backlog+0x78/0x230
[<
ffffffff8168c0ed>] ? process_backlog+0xdd/0x230
[<
ffffffff8168db43>] net_rx_action+0x203/0x480
[<
ffffffff810bdab5>] ? mark_held_locks+0x75/0xa0
[<
ffffffff817c156e>] __do_softirq+0xde/0x49f
[<
ffffffff81752768>] ? ip6_finish_output2+0x228/0x7b0
[<
ffffffff817c070c>] do_softirq_own_stack+0x1c/0x30
<EOI>
[<
ffffffff8106f88b>] do_softirq.part.18+0x3b/0x40
[<
ffffffff8106f946>] __local_bh_enable_ip+0xb6/0xc0
[<
ffffffff81752791>] ip6_finish_output2+0x251/0x7b0
[<
ffffffff81754af1>] ? ip6_fragment+0xba1/0xc50
[<
ffffffff816cde2b>] ? ip_idents_reserve+0x6b/0x80
[<
ffffffff8175488f>] ? ip6_fragment+0x93f/0xc50
[<
ffffffff81754af1>] ip6_fragment+0xba1/0xc50
[<
ffffffff81752540>] ? ip6_flush_pending_frames+0x40/0x40
[<
ffffffff81754c6b>] ip6_finish_output+0xcb/0x1d0
[<
ffffffff81754dcf>] ip6_output+0x5f/0x1a0
[<
ffffffff81754ba0>] ? ip6_fragment+0xc50/0xc50
[<
ffffffff81797fbd>] ip6_local_out+0x3d/0x80
[<
ffffffff817554df>] ip6_send_skb+0x2f/0xc0
[<
ffffffff817555bd>] ip6_push_pending_frames+0x4d/0x50
[<
ffffffff81778558>] rawv6_sendmsg+0xa28/0xe30
[<
ffffffff81719097>] ? inet_sendmsg+0xc7/0x1d0
[<
ffffffff817190d6>] inet_sendmsg+0x106/0x1d0
[<
ffffffff81718fd5>] ? inet_sendmsg+0x5/0x1d0
[<
ffffffff8166d078>] sock_sendmsg+0x38/0x50
[<
ffffffff8166d4d6>] SYSC_sendto+0xf6/0x170
[<
ffffffff8100201b>] ? trace_hardirqs_on_thunk+0x1b/0x1d
[<
ffffffff8166e38e>] SyS_sendto+0xe/0x10
[<
ffffffff817bebe5>] entry_SYSCALL_64_fastpath+0x18/0xa8
Code: 06 48 83 3f 00 75 26 48 8b 87 d8 00 00 00 2b 87 d0 00 00 00 48 39 d0 72 14 8b 87 e4 00 00 00 83 f8 01 75 09 48 83 7f 18 00 74 9a <0f> 0b 41 8b 86 cc 00 00 00 49 8#
RIP [<
ffffffff8175468a>] ip6_fragment+0x73a/0xc50
RSP <
ffff880072803120>
Fixes:
029f7f3b8701 ("netfilter: ipv6: nf_defrag: avoid/free clone
operations")
Reported-by: Daniele Di Proietto <diproiettod@vmware.com>
Signed-off-by: Joe Stringer <joe@ovn.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream:
49e261a8a21e ("openvswitch: Orphan skbs before IPv6 defrag")
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
Joe Stringer [Mon, 2 May 2016 18:19:15 +0000 (11:19 -0700)]
compat: nf_defrag_ipv6: fix NULL deref panic.
Upstream commit:
netfilter: ipv6: nf_defrag: fix NULL deref panic
Valdis reports NULL deref in nf_ct_frag6_gather.
Problem is bogus use of skb_queue_walk() -- we miss first skb in the list
since we start with head->next instead of head.
In case the element we're looking for was head->next we won't find
a result and then trip over NULL iter.
(defrag uses plain NULL-terminated list rather than one terminated by
head-of-list-pointer, which is what skb_queue_walk expects).
Fixes:
029f7f3b8701cc7a ("netfilter: ipv6: nf_defrag: avoid/free clone operations")
Reported-by: Valdis Kletnieks <Valdis.Kletnieks@vt.edu>
Tested-by: Valdis Kletnieks <Valdis.Kletnieks@vt.edu>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Upstream:
e97ac12859db ("netfilter: ipv6: nf_defrag: fix NULL deref panic")
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
Joe Stringer [Mon, 2 May 2016 18:19:14 +0000 (11:19 -0700)]
compat: nf_defrag_ipv6: avoid nf_iterate recursion.
Upstream commit:
netfilter: ipv6: avoid nf_iterate recursion
The previous patch changed nf_ct_frag6_gather() to morph reassembled skb
with the previous one.
This means that the return value is always NULL or the skb argument.
So change it to an err value.
Instead of invoking NF_HOOK recursively with threshold to skip already-called hooks
we can now just return NF_ACCEPT to move on to the next hook except for
-EINPROGRESS (which means skb has been queued for reassembly), in which case we
return NF_STOLEN.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Upstream:
daaa7d647f81 ("netfilter: ipv6: avoid nf_iterate recursion")
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
Joe Stringer [Mon, 2 May 2016 18:19:13 +0000 (11:19 -0700)]
compat: nf_defrag_ipv6: avoid/free clone operations.
Upstream commit:
netfilter: ipv6: nf_defrag: avoid/free clone operations
commit
6aafeef03b9d9ecf
("netfilter: push reasm skb through instead of original frag skbs")
changed ipv6 defrag to not use the original skbs anymore.
So rather than keeping the original skbs around just to discard them
afterwards just use the original skbs directly for the fraglist of
the newly assembled skb and remove the extra clone/free operations.
The skb that completes the fragment queue is morphed into a the
reassembled one instead, just like ipv4 defrag.
openvswitch doesn't need any additional skb_morph magic anymore to deal
with this situation so just remove that.
A followup patch can then also remove the NF_HOOK (re)invocation in
the ipv6 netfilter defrag hook.
Cc: Joe Stringer <joestringer@nicira.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Upstream:
029f7f3b8701 ("netfilter: ipv6: nf_defrag: avoid/free clone operations")
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
Joe Stringer [Mon, 2 May 2016 18:19:12 +0000 (11:19 -0700)]
compat: ipv6: Pass struct net into nf_ct_frag6_gather.
Upstream commit:
ipv6: Pass struct net into nf_ct_frag6_gather
The function nf_ct_frag6_gather is called on both the input and the
output paths of the networking stack. In particular ipv6_defrag which
calls nf_ct_frag6_gather is called from both the the PRE_ROUTING chain
on input and the LOCAL_OUT chain on output.
The addition of a net parameter makes it explicit which network
namespace the packets are being reassembled in, and removes the need
for nf_ct_frag6_gather to guess.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream:
b72775977c39 ("ipv6: Pass struct net into nf_ct_frag6_gather")
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
Joe Stringer [Mon, 2 May 2016 18:19:11 +0000 (11:19 -0700)]
compat: ipv4: Pass struct net into ip_defrag.
Upstream commit:
ipv4: Pass struct net into ip_defrag and ip_check_defrag
The function ip_defrag is called on both the input and the output
paths of the networking stack. In particular conntrack when it is
tracking outbound packets from the local machine calls ip_defrag.
So add a struct net parameter and stop making ip_defrag guess which
network namespace it needs to defragment packets in.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream:
19bcf9f203c8 ("ipv4: Pass struct net into ip_defrag and ip_check_defrag")
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
Joe Stringer [Mon, 2 May 2016 18:19:10 +0000 (11:19 -0700)]
compat: Add a struct net parameter to l4_pkt_to_tuple.
Upstream commit:
netfilter: nf_conntrack: Add a struct net parameter to l4_pkt_to_tuple
As gre does not have the srckey in the packet gre_pkt_to_tuple
needs to perform a lookup in it's per network namespace tables.
Pass in the proper network namespace to all pkt_to_tuple
implementations to ensure gre (and any similar protocols) can get this
right.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Upstream:
a31f1adc0948 ("netfilter: nf_conntrack: Add a struct net
parameter to l4_pkt_to_tuple")
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
Daniele Di Proietto [Tue, 26 Apr 2016 02:01:47 +0000 (19:01 -0700)]
flow: Fix flow_wc_map() for ICMPv6/IGMP type and code.
flow_wc_map() should include 'tp_src' and 'tp_dst' for ICMPv6 and IGMP
packets, since they're used for type and code.
This caused installed flows in the userspace datapath to always have
ICMPv6 code and type wildcarded (there are no other users of this
function).
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Joe Stringer [Fri, 29 Apr 2016 01:09:04 +0000 (18:09 -0700)]
compat: skbuff: Remove references to old kernels.
Since commit
f2ab1536ddbc ("compat: Backport conntrack strictly to
v3.10+."), we haven't supported these kernel versions. Remove the old
code.
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Simon Horman <simon.horman@netronome.com>
Joe Stringer [Thu, 28 Apr 2016 21:39:09 +0000 (14:39 -0700)]
FAQ: Update feature table.
Linux kernel support for features in out-of-tree module no longer depend
on particular versions, as we only support kernels 3.10-4.3; Connection
tracking status has changed recently; and NAT is a brand new feature
with only support in the latest unreleased Linux kernel version.
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>
Joe Stringer [Thu, 28 Apr 2016 21:39:08 +0000 (14:39 -0700)]
FAQ: Shift IPFIX into the feature support table.
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>
Aaron Conole [Fri, 29 Apr 2016 17:44:05 +0000 (13:44 -0400)]
netdev-dpdk: Check dpdk-extra when reading db
A previous patch introduced the ability to pass arbitrary EAL command
line options via the dpdk_extras database entry. This commit enhances
that by warning the user when such a configuration is detected and
prefering the value in the database.
Suggested-by: Sean K Mooney <sean.k.mooney@intel.com>
Signed-off-by: Aaron Conole <aconole@redhat.com>
Tested-by: Sean K Mooney <sean.k.mooney@intel.com>
Tested-by: Kevin Traynor <kevin.traynor@intel.com>
Acked-by: Panu Matilainen <pmatilai@redhat.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Aaron Conole [Fri, 29 Apr 2016 17:44:04 +0000 (13:44 -0400)]
netdev-dpdk: Allow arbitrary eal arguments
A previous change moved some commonly used arguments from commandline to
the database, and with it the ability to pass arbitrary arguments to
EAL. This change allows arbitrary eal arguments to be provided
via a new db entry 'other_config:dpdk-extra' which will tokenize the
string and add it to the argument list. The only argument which will not
be supported with this change is '--no-huge', which appears to break the
system in other ways.
Signed-off-by: Aaron Conole <aconole@redhat.com>
Tested-by: Sean K Mooney <sean.k.mooney@intel.com>
Tested-by: RobertX Wojciechowicz <robertx.wojciechowicz@intel.com>
Tested-by: Kevin Traynor <kevin.traynor@intel.com>
Acked-by: Panu Matilainen <pmatilai@redhat.com>
Acked-by: Kevin Traynor <kevin.traynor@intel.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Aaron Conole [Fri, 29 Apr 2016 17:44:03 +0000 (13:44 -0400)]
netdev-dpdk: Autofill lcore coremask if absent
The user has control over the DPDK internal lcore coremask, but this
parameter can be autofilled with a bit more intelligence. If the user
does not fill this parameter in, we use the lowest set bit in the
current task CPU affinity. Otherwise, we will reassign the current
thread to the specified lcore mask, in addition to the dpdk lcore
threads.
Signed-off-by: Aaron Conole <aconole@redhat.com>
Tested-by: Sean K Mooney <sean.k.mooney@intel.com>
Tested-by: RobertX Wojciechowicz <robertx.wojciechowicz@intel.com>
Tested-by: Kevin Traynor <kevin.traynor@intel.com>
Acked-by: Panu Matilainen <pmatilai@redhat.com>
Acked-by: Kevin Traynor <kevin.traynor@intel.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Aaron Conole [Fri, 29 Apr 2016 17:44:02 +0000 (13:44 -0400)]
netdev-dpdk: Restrict vhost_sock_dir
Since the vhost-user sockets directory now comes from the database, it is
possible for any user with database access to program an arbitrary filesystem
location for the sockets directory. This could result in unprivileged users
creating or deleting arbitrary filesystem files by using specially crafted
names. To prevent this, 'vhost-sock-dir' is now relative to ovs_rundir()
and must not contain "..".
Signed-off-by: Aaron Conole <aconole@redhat.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Aaron Conole [Fri, 29 Apr 2016 17:44:01 +0000 (13:44 -0400)]
netdev-dpdk: Convert initialization from cmdline to db
Existing DPDK integration is provided by use of command line options which
must be split out and passed to librte in a special manner. However, this
forces any configuration to be passed by way of a special DPDK flag, and
interferes with ovs+dpdk packaging solutions.
This commit delays dpdk initialization until after the OVS database
connection is established, at which point ovs initializes librte. It
pulls all of the config data from the OVS database, and assembles a
new argv/argc pair to be passed along.
Signed-off-by: Aaron Conole <aconole@redhat.com>
Acked-by: Kevin Traynor <kevin.traynor@intel.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Aaron Conole [Fri, 29 Apr 2016 17:44:00 +0000 (13:44 -0400)]
netdev-dpdk: Restore thread affinity after DPDK init
When the DPDK init function is called, it changes the executing thread's
CPU affinity to a single core specified in -c. This will result in the
userspace bridge configuration thread being rebound, even if that is not
the intent.
This change fixes that behavior by rebinding to the original thread
affinity after calling dpdk_init().
Co-authored-by: Kevin Traynor <kevin.traynor@intel.com>
Signed-off-by: Kevin Traynor <kevin.traynor@intel.com>
Signed-off-by: Aaron Conole <aconole@redhat.com>
Tested-by: RobertX Wojciechowicz <robertx.wojciechowicz@intel.com>
Tested-by: Sean K Mooney <sean.k.mooney@intel.com>
Acked-by: Panu Matilainen <pmatilai@redhat.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Joe Stringer [Thu, 28 Apr 2016 21:13:38 +0000 (14:13 -0700)]
ofp-actions: Fix use-after-free in decode_NOTE.
When decoding the 'note' action, variable-length data could be pushed to
a buffer immediately prior to calling ofpact_finish_NOTE(). The
ofpbuf_put() could cause reallocation, in which case the finish call
could access freed memory. Fix the issue by updating the local pointer
before passing it to ofpact_finish_NOTE().
If the memory was reused, it may trigger an assert in ofpact_finish():
assertion ofpact == ofpacts->header failed in ofpact_finish()
With the included test, make check-valgrind reports:
Invalid read of size 1
at 0x500A9F: ofpact_finish_NOTE (ofp-actions.h:988)
by 0x4FE5C1: decode_NXAST_RAW_NOTE (ofp-actions.c:4557)
by 0x4FBC05: ofpact_decode (ofp-actions.inc2:3831)
by 0x4F7E87: ofpacts_decode (ofp-actions.c:5780)
by 0x4F709F: ofpacts_pull_openflow_actions__ (ofp-actions.c:5817)
by 0x4F7856: ofpacts_pull_openflow_instructions (ofp-actions.c:6397)
by 0x52CFF5: ofputil_decode_flow_mod (ofp-util.c:1727)
by 0x5227A9: ofp_print_flow_mod (ofp-print.c:789)
by 0x520823: ofp_to_string__ (ofp-print.c:3235)
by 0x5204F6: ofp_to_string (ofp-print.c:3468)
by 0x5925C8: do_recv (vconn.c:644)
by 0x592372: vconn_recv (vconn.c:598)
by 0x565CEA: rconn_recv (rconn.c:703)
by 0x46CB62: ofconn_run (connmgr.c:1367)
by 0x46C7AD: connmgr_run (connmgr.c:320)
by 0x4224A9: ofproto_run (ofproto.c:1763)
by 0x407C0D: bridge_run__ (bridge.c:2888)
by 0x40767A: bridge_run (bridge.c:2943)
by 0x4161B7: main (ovs-vswitchd.c:120)
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Ansis Atteka <ansisatteka@gmail.com>
Pravin B Shelar [Wed, 27 Apr 2016 21:57:33 +0000 (14:57 -0700)]
stt: linearize for CONFIG_SLUB case
STT implementation I saw performance improvements with linearizing
skb for SLUB case. So following patch skips zero copy operation
for such a case.
First change is to reassembly code where in-order packet is merged
to head, if there is no room to merge it then combined packet is
linearized.
Second case is of reassembly of out-of-order packets. In this case
the list of packets is linearized before sending it up to datapath.
Performance number for large packet TCP test using netperf.
OVS branch TCP Host0 Host1
version Gbps CPU% CPU%
-----------------------------------------
2.5 9.4 272 315
master + 9.4 230 285
patch
Tested-By: Vasmi Abidi <vabidi@vmware.com>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
Pravin B Shelar [Mon, 25 Apr 2016 18:27:58 +0000 (11:27 -0700)]
Remove "VLAN splinters" feature.
The "VLAN splinters" feature works around buggy device drivers in
old Linux versions. But support for the old kernel is dropped, So
now all supported kernel vlan drivers should be working fine with
OVS kernel datapath.
Following patch removes this deprecated feature.
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Sairam Venugopal [Tue, 26 Apr 2016 23:53:30 +0000 (16:53 -0700)]
datapath-windows: Fix recirculation when it is not the last attribute
When the recirc action is in middle, the current code creates a clone of
the NBL. However, it overwrites the pointer to point to the cloned NBL
without completing it. This causes a memory leak that crashes the kernel.
Signed-off-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Daniele Di Proietto [Sat, 16 Apr 2016 00:04:53 +0000 (17:04 -0700)]
datapath-windows: Fix bug in OvsTcpGetWscale().
The userspace conntrack had a bug in tcp_wscale_get(), where the length
of an option would be read from the third octet of the option TLV
instead of the second. This could cause an incorrect wscale value to
be returned, and it would at least impact performance.
Also use 'int' instead of 'unsigned' for 'len', since the value can be
negative.
CC: Sairam Venugopal <vsairam@vmware.com>
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Daniele Di Proietto [Thu, 7 Apr 2016 01:53:59 +0000 (18:53 -0700)]
hmap: Add HMAP_FOR_EACH_POP.
Makes popping each member of the hmap a bit easier.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Ben Pfaff <blp@ovn.org>
Daniele Di Proietto [Mon, 11 Apr 2016 21:02:10 +0000 (14:02 -0700)]
system-tests: Add tcp simple test.
Useful to test the datapath ability to forward tcp packets without the
complexity of connection tracking.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Joe Stringer <joe@ovn.org>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Daniele Di Proietto [Fri, 15 Apr 2016 20:17:50 +0000 (13:17 -0700)]
system-tests: Disable offloads in userspace tests.
The system userspace testsuite uses the userspace datapath with
netdev-linux devices, connected to veth pairs with the AF_PACKET socket:
(veth pair) (AF_PACKET)
TCP stack -> p0 ---> ovs-p0 -------------> netdev-linux (userspace OVS)
Unfortunately this configuration has some problems with offloads: a
packet generated by the TCP stack maybe sent to p0 without being
checksummed or segmented. The AF_PACKET socket, by default, ignores the
offloads and just transmits the data of the packets to userspace, but:
1. The packet may need GSO, so the data will be too big to be received
by the userspace datapath
2. The packet might have incomplete checksums, so it will likely be
discarded by the receiver.
Problem 1 causes TCP connections to see a congestion window smaller than
the MTU, which hurts performance but doesn't prevent communication.
Problem 2 was hidden in the testsuite by a Linux kernel bug, fixed by
commit
ce8c839b74e3("veth: don’t modify ip_summed; doing so treats
packets with bad checksums as good"). In the kernels that include the
fix, the userspace datapath is able to process pings, but not tcp or udp
data.
Unfortunately I couldn't find a way to ask the AF_PACKET to perform
offloads in kernel. A possible fix would be to use the PACKET_VNET_HDR
sockopt and perform the offloads in userspace.
Until a proper fix is worked out for netdev-linux, this commit disables
offloads on the non-OVS side of the veth pair, as a workaround.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Joe Stringer <joe@ovn.org>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Alin Serdean [Thu, 10 Mar 2016 13:33:42 +0000 (13:33 +0000)]
datapath-windows: Pause switch state on PnP event
A PnP(plug and play) event will be triggered before trying to disable
the extension. We could use this PnP event to prepare for detaching
the datapath.
This patch sets the switch into a paused state so no more net buffers
are queued.
Also clean some commentaries.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Darrell Ball [Tue, 5 Apr 2016 20:13:40 +0000 (13:13 -0700)]
ovn-controller-vtep: Support BUM traffic for the VTEP Schema.
This patch implements BUM support in the VTEP schema. This relates to
BUM traffic flowing from a gateway towards HVs. This code would be
relevant to HW gateways and the ovs-vtep simulator. In order to do this,
the mcast macs remote table in the VTEP schema is populated based on the
OVN SB port binding. For each logical switch, the SB port bindings are
queried to find all the physical locators to send BUM traffic to and the
VTEP DB is updated.
Some test packets were enabled in the HW gateway test case to exercise
the new code.
Signed-off-by: Darrell Ball <dlu998@gmail.com>
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Simon Horman [Fri, 22 Apr 2016 12:22:56 +0000 (22:22 +1000)]
packets: use flow protocol when recalculating ipv6 checksums
When using masked actions the ipv6_proto field of an action
to set IPv6 fields may be zero rather than the prevailing protocol
which will result in skipping checksum recalculation.
This patch resolves the problem by relying on the protocol
in the packet rather than that in the set field action.
A similar fix for the kernel datapath has been accepted into David Miller's
'net' tree as
b4f70527f052 ("openvswitch: use flow protocol when
recalculating ipv6 checksums").
Cc: Jarno Rajahalme <jrajahalme@nicira.com>
Fixes:
6d670e7f0d45 ("lib/odp: Masked set action execution and printing.")
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Acked-by: Ben Pfaff <blp@ovn.org>
YAMAMOTO Takashi [Fri, 22 Apr 2016 05:19:23 +0000 (05:19 +0000)]
util.h: Restore stdarg.h which is necessary for va_list
Fixes a regression in commit
b44aaaaff8d826535025f4f8d12808c4ef36a7a8 .
("Misc cleanup with "util.h" header files")
Signed-off-by: YAMAMOTO Takashi <yamamoto@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Joe Stringer [Fri, 15 Apr 2016 18:36:05 +0000 (11:36 -0700)]
ofproto-dpif-xlate: Tidy up ct_mark xlate code.
Make the ct_mark netlink serialization more consistent with the way that
ct_label is serialized.
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Joe Stringer [Fri, 15 Apr 2016 18:36:04 +0000 (11:36 -0700)]
ofproto-dpif-xlate: xlate ct_{mark, label} correctly.
When translating multiple ct actions in a row which include modification
of ct_mark or ct_labels, these fields could be incorrectly translated
into datapath actions, resulting in modification of these fields for
entries when the OpenFlow rules didn't actually specify the change.
For instance, the following OpenFlow actions:
ct(zone=1,commit,exec(set_field(1->ct_mark))),ct(zone=2,table=1),...
Would translate into the datapath actions:
ct(zone=1,commit,mark=1),ct(zone=2,mark=1),recirc(...),...
This commit fixes the issue by zeroing the wildcards for these fields
prior to performing nested actions translation (and restoring
afterwards). As such, these fields do not hold both the match and the
field modification values at the same time. As a result, the ct_mark and
ct_labels don't leak from one ct action to the next.
Fixes:
8e53fe8cf7a1 ("Add connection tracking mark support.")
Fixes:
9daf23484fb1 ("Add connection tracking label support.")
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Joe Stringer [Wed, 20 Apr 2016 23:07:52 +0000 (16:07 -0700)]
system-traffic: Add basic geneve tunnel sanity test.
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Joe Stringer [Wed, 20 Apr 2016 23:07:51 +0000 (16:07 -0700)]
system-traffic: Add basic gre tunnel sanity test.
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Joe Stringer [Thu, 21 Apr 2016 21:10:11 +0000 (14:10 -0700)]
system-traffic: Fix IPv6 frag vxlan check.
This was missed before somehow, which would cause the test to fail
(rather than being skipped) if iproute2 didn't support setting the
vxlan dstport on the kernel tunnel device.
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Simon Horman [Fri, 22 Apr 2016 10:42:43 +0000 (10:42 +0000)]
debian: Fix treatment of upstream version that contains hyphens.
The Debian Policy Manual
(https://www.debian.org/doc/debian-policy/ch-controlfields.html#s-f-Version)
says that the upstream_version may contain only alphanumerics and the
characters . + - : ~ (full stop, plus, hyphen, colon, tilde) and should
start with a digit.
Currently, the upstream_version is defined in the debian/rules file:
DEB_UPSTREAM_VERSION=$(shell dpkg-parsechangelog | sed -rne 's,^Version: ([0-9]:)*([^-]+).*,\2,p')
The version number is taken from the dpkg-parsechangelog printout then the
first part of the version number which does not contain hyphen is filtered
out with sed. However the Debian Policy Manual says that hyphen is allowed
in the upstream_version.
This is not a problem with current vanilla OVS debian version. But, if a
postfix string including a hyphen is added to the upstream_version then
installation of datapath-dkms package will fail.
Reported-by: Zoltán Balogh <zoltan.balogh@ericsson.com>
Tested-by: Zoltán Balogh <zoltan.balogh@ericsson.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Fri, 22 Apr 2016 16:58:07 +0000 (09:58 -0700)]
AUTHORS: Add Antonio Fischetti.
Signed-off-by: Ben Pfaff <blp@ovn.org>
antonio.fischetti@intel.com [Tue, 19 Apr 2016 11:06:44 +0000 (12:06 +0100)]
odp-util: Fix build warning on flags_mask.
Fix build warning: 'flags_mask' may be used uninitialized.
Signed-off-by: Antonio Fischetti <antonio.fischetti@intel.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Fri, 22 Apr 2016 16:22:00 +0000 (09:22 -0700)]
AUTHORS: Add JunoZhu <zhunatuzi@gmail.com>.
Signed-off-by: Ben Pfaff <blp@ovn.org>
JunoZhu [Mon, 18 Apr 2016 08:38:33 +0000 (04:38 -0400)]
ovn: Add column enabled to table Logical_Router
This patch add column "enabled" to table Logical_Router for
setting router administrative state.
The type of "enabled" is bool.
If the administrative state is false, delete all the flows
relevant to the logical router from table Logical_Flow.
Signed-off-by: Na Zhu <nazhu@cn.ibm.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Paul Boca [Fri, 22 Apr 2016 07:21:02 +0000 (07:21 +0000)]
datapath-windows: Fixed buffer overflow in OvsInitVportWithNicParam
nicParam->PermanentMacAddress is 32 bytes and vport->permMacAddress is 6 bytes
Signed-off-by: Paul-Daniel Boca <pboca@cloudbasesolutions.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Rodriguez Betancourt, Esteban [Fri, 15 Apr 2016 23:08:47 +0000 (23:08 +0000)]
cksum: Refine schema cksum validation
Calculates the cksum removing the cksum line using a more
strict regex than the used previously.
It fixes a problem when calculating the cksum of a schema that
has fields with the substring cksum (e.g.: a checksum column),
lines that the previous cksum calculation incorrectly removes
before running cksum.
Also, the tool calculate-schema-cksum is introduced. This tool
calculates the cksum of a schema file. It could be used in other
programs, instead of calculating the cksum in an eventually
different way than the expected by cksum-schema-check and other
tools.
Signed-off-by: Esteban Rodriguez Betancourt <estebarb@hpe.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Sairam Venugopal [Fri, 22 Apr 2016 05:44:26 +0000 (22:44 -0700)]
datapath-windows: Add braces to fix error C2275.
Add braces around the if statement to prevent Visual Studio from giving
the "error C2275: illegal use of this type as an expresion". This happens
when a variable is declared after a block. This error occurs on certain
versions of compilers.
Signed-off-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Huang Lei [Fri, 22 Apr 2016 08:14:24 +0000 (16:14 +0800)]
lib: Fix error reporting in parse_sockaddr_components() for bad port.
Bad port number error is ignored in parse_sockaddr_components(),
if port number is invalid, it ouputs a error log and set port
to 0.
Signed-off-by: Huang Lei <lhuang8@ebay.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Kevin Traynor [Tue, 19 Apr 2016 10:35:15 +0000 (11:35 +0100)]
FAQ: Add entry for OVS/DPDK version dependencies.
For a given release this is listed in the INSTALL.DPDK.md
but it gets asked quite a bit on the mailing list, so create
a table in the FAQ.
Signed-off-by: Kevin Traynor <kevin.traynor@intel.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Jamie Lennox [Mon, 18 Apr 2016 05:25:56 +0000 (15:25 +1000)]
ovn: Fix link in tutorial
Correct the link to the ovn-northd man page in the OVN tutorial.
Signed-off-by: Jamie Lennox <jamielennox@gmail.com>
[russell@ovn.org updated AUTHORS file]
Signed-off-by: Russell Bryant <russell@ovn.org>
Nithin Raju [Fri, 15 Apr 2016 14:05:07 +0000 (07:05 -0700)]
datapath-windows: remove OvsAllocateForwardingContextForNBL
Dead code.
Signed-off-by: Nithin Raju <nithin@vmware.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Sairam Venugopal [Thu, 14 Apr 2016 20:22:40 +0000 (13:22 -0700)]
datapath-windows: Add ICMP types in NetProto.h
Update NetProto.h to include ICMP and ICMPv6 types. Update ICMP header to
keep it consistent with KVM. Add UDP and ICMP min length definitions.
Signed-off-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Sairam Venugopal [Thu, 14 Apr 2016 19:07:11 +0000 (12:07 -0700)]
datapath-windows: Refactor Conntrack Module in Hyper-V
Minor refactors around naming and reusability in lieu of adding support for other
protocols for tracking connections.
Signed-off-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
RYAN D. MOATS [Thu, 14 Apr 2016 13:27:05 +0000 (08:27 -0500)]
ovn: Add more details to test output.
Adding more detail that helps find what went wrong.
Signed-off-by: RYAN D. MOATS <rmoats@us.ibm.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Miguel Angel Ajo [Thu, 14 Apr 2016 09:51:44 +0000 (11:51 +0200)]
netdev-linux: Fix ingress policing burst rate configuration via tc
The tc_police structure was filled with a value calculated in bits
instead of bytes while bytes were expected. This led the setting
of an x8 higher burst value.
Documentation and defaults have been corrected accordingly to minimize
nuisances on users sticking to the defaults.
The suggested burst value is now 80% of policing rate to make sure
TCP works correctly.
Signed-off-by: Miguel Angel Ajo <majopela@redhat.com>
Tested-by: Miguel Angel Ajo <majopela@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Paul Boca [Mon, 18 Apr 2016 08:34:43 +0000 (08:34 +0000)]
datapath-windows: Removed always true condition in VXLAN
Instance ID flag must be set to 1 in case of valid VXLAN id
Signed-off-by: Paul-Daniel Boca <pboca@cloudbasesolutions.com>
Acked-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Paul Boca [Mon, 18 Apr 2016 09:46:07 +0000 (09:46 +0000)]
datapath-windows: Removed double initialization on local variables
Signed-off-by: Paul-Daniel Boca <pboca@cloudbasesolutions.com>
Acked-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Paul Boca [Mon, 18 Apr 2016 08:33:56 +0000 (08:33 +0000)]
datapath-windows: Avoid using uninitialized gOvsExtDriverHandle
Ensure gOvsExtDriverHandle is not used if initialization fails
Added PAGED_CODE() where needed
Signed-off-by: Paul-Daniel Boca <pboca@cloudbasesolutions.com>
Acked-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Thadeu Lima de Souza Cascardo [Fri, 1 Apr 2016 13:06:05 +0000 (10:06 -0300)]
tunneling: Fix for concomitant IPv4 and IPv6 tunnels
When using an IPv6 tunnel on the same bridge as an IPv4 tunnel, the flow
received from the IPv6 tunnel would have an IPv4 address added to it, causing
problems when trying to put or execute the action on Linux datapath.
Clearing the IPv6 address when we have a valid IPv4 address fixes this problem.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Daniele Di Proietto [Mon, 18 Apr 2016 20:14:29 +0000 (13:14 -0700)]
checkpatch: Accept form feeds.
CodingStyle.md says:
"Use form feeds (control+L) to divide long source files into logical
pieces. A form feed should appear as the only character on a line."
checkpatch.py currently complains about form feed. For example, on
commit
2c06d9a927c5("ovstest: Add test-netlink-conntrack command."),
checkpatch.py returns:
W(140): Line has non-spaces leading whitespace
W(140): Line has trailing whitespace
+
W(177): Line has non-spaces leading whitespace
W(177): Line has trailing whitespace
+
W(199): Line has non-spaces leading whitespace
W(199): Line has trailing whitespace
+
This commit suppresses the two warnings for lines with form feeds as the
only character.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Thu, 20 Aug 2015 23:44:43 +0000 (16:44 -0700)]
ofp-errors: Introduce OF1.6 (proposed) error code for OFPBFC_BAD_VERSION.
ONF-JIRA: EXT-550
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>
Ben Pfaff [Sun, 10 Apr 2016 21:39:12 +0000 (14:39 -0700)]
Add skeleton for OF1.6 support.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>
Ben Pfaff [Thu, 20 Aug 2015 23:44:41 +0000 (16:44 -0700)]
vswitch.xml: OpenFlow 1.5 has been released.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>
Jarno Rajahalme [Sun, 17 Apr 2016 15:52:59 +0000 (08:52 -0700)]
classifier: Reorganize classifier.h
Group functions clearly to ones accessible by exclusive writers only
and ones accessible to RCU readers as well.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Jarno Rajahalme [Sun, 17 Apr 2016 15:51:21 +0000 (08:51 -0700)]
classifier: Fix race condition leading to NULL dereference.
Addition of table versioning exposed struct cls_rule member
'cls_match' to RCU readers and made it possible for 'cls_match' become
NULL while being accessed by an RCU reader, but we failed to check for
this condition. This may have resulted in NULL pointer dereference
and ovs-vswitchd crash.
Fix this by making the 'cls_match' member an RCU pointer and checking
the value whenever it potentially read by an RCU reader. In these
instances we use ovsrcu_get(), whereas functions accessible only by
the exclusive writers use ovsrcu_get_protected() and do not need to
check the result.
VMware-BZ:
1643642
Fixes:
2b7b1427 ("classifier: Support table versioning")
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Numan Siddique [Sat, 16 Apr 2016 11:12:18 +0000 (16:42 +0530)]
ovn: Fix the port secuirty test failure by adding a sleep of 2 sec.
Added a sleep of 2 seconds before generating a test packet in ovn.at
so that ovn-northd reads the northbound db changes and updates the
southbound db.
Fixes:
7d9d86a ("ovn-northd: Handle IPv4 addresses with prefixes in lport port security")
Signed-off-by: Numan Siddique <nusiddiq@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
mweglicx [Thu, 14 Apr 2016 16:40:06 +0000 (17:40 +0100)]
Update relevant artifacts to add support for DPDK 16.04.
Following changes are applied:
- INSTALL.DPDK.md: CONFIG_RTE_BUILD_COMBINE_LIBS step has been
removed because it is no longer present in DPDK configuration
(combined library is created by default),
- INSTALL.DPDK.md: VHost Cuse configuration is updated,
- netdev-dpdk.c: Link speed definition is changed in DPDK and
netdev_dpdk_get_features is updated accordingly,
- netdev-dpdk.c: TSO and checksum offload has been disabled for
vhostuser device.
- .travis/linux-build.sh: DPDK version is updated and legacy
flags have been removed in configuration.
Signed-off-by: Michal Weglicki <michalx.weglicki@intel.com>
Signed-off-by: Panu Matilainen <pmatilai@redhat.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Bhanuprakash Bodireddy [Tue, 12 Apr 2016 10:44:15 +0000 (11:44 +0100)]
acinclude: Autodetect DPDK location when configuring OVS
When using DPDK datapath, the OVS configure script requires the DPDK
build directory passed on --with-dpdk. This can be avoided if DPDK
library, headers are in standard compiler search paths.
This patch fixes the problem by searching for DPDK libraries in standard
locations and configure OVS sources for dpdk datapath.
If the install location is manually specified in "--with-dpdk"
autodiscovery shall be skipped.
Signed-off-by: Bhanuprakash Bodireddy <bhanuprakash.bodireddy@intel.com>
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Russell Bryant [Fri, 15 Apr 2016 20:58:51 +0000 (16:58 -0400)]
AUTHORS: Add Flavio Fernandes.
Flavio authored commit
b3ecab7e5b18756524852eeaea547e040242b7f6.
Signed-off-by: Russell Bryant <russell@ovn.org>
Flavio Fernandes [Fri, 15 Apr 2016 00:01:03 +0000 (20:01 -0400)]
ovn-tutorial: Update expected output from show commands
Highlighted requirement on how a fresh sandbox is expected
before doing each of the tutorial sections.
Also added some mentioning of the gdb flags available for
debugging ovn programs.
Signed-off-by: Flavio Fernandes <flavio@flaviof.com>
Signed-off-by: Russell Bryant <russell@ovn.org>
Russell Bryant [Thu, 14 Apr 2016 13:23:27 +0000 (09:23 -0400)]
python: Update Python version checks.
Instead of checking the raw version, use the six.PY2 and six.PY3 helpers
to determine if Python 2 or Python 3 are in use.
In one case, the check was to determine if the Python version was >=
2.6. We now only support >= 2.7, so this check would always be true.
Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Acked-by: Miguel Angel Ajo <majopela@redhat.com>
Joe Stringer [Mon, 4 Apr 2016 21:56:04 +0000 (14:56 -0700)]
manpages: Update documentation for ct_* masks.
These have been supported all along, but the documentation neglected to
mention the fact.
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Joe Stringer [Mon, 4 Apr 2016 21:56:03 +0000 (14:56 -0700)]
ofproto-dpif-xlate: Generate bitmasks in set_field.
Previously, whenever a set_field() action was executed, the entire field
would become masked and the entire field replaced, regardless of the
mask specified in the set_field() action.
In most cases this is fine, although it may lead to more specific
wildcards than strictly necessary. However, in a particular case with
connection tracking actions it could lead to the wrong behaviour.
Unlike most OpenFlow fields, the ct_{mark,labels} fields are typically
unknown until the ct(...,recirc_table=N,...) action is executed however
the packet may actually belong to a connection which has a nonzero value
for one of these fields. This can lead to the wrong behaviour with flows
such as the following:
in_port=1,ip,actions=ct(commit,exec(set_field(0x1/0x1->ct_mark))),2
in_port=2,ip,actions=ct(commit,exec(set_field(0x2/0x2->ct_mark))),1
Connections flowing through these actions will always update the ct_mark
field stored within the conntrack table. However, rather than modifying
only the specified bits (0x1 in one direction, 0x2 in the other), the
entire ct_mark field will be replaced. Such connections will constantly
toggle the value of ct_mark between 0x1 and 0x2, rather than becoming
0x3 and keeping that value.
This commit fixes the issue by ensuring that set_field actions only
modify the modified bits in the wildcards, rather than masking the
entire field.
Fixes:
8e53fe8cf7a1 ("Add connection tracking mark support.")
Fixes:
9daf23484fb1 ("Add connection tracking label support.")
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Ben Warren [Thu, 14 Apr 2016 22:20:21 +0000 (15:20 -0700)]
Move lib/ofp-print.h to include/openvswitch directory
Signed-off-by: Ben Warren <ben@skyportsystems.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Warren [Thu, 14 Apr 2016 22:20:20 +0000 (15:20 -0700)]
Move lib/ofp-prop.h to include/openvswitch directory
Signed-off-by: Ben Warren <ben@skyportsystems.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Warren [Thu, 14 Apr 2016 22:20:19 +0000 (15:20 -0700)]
Move lib/ofp-actions.h to include/openvswitch directory
Signed-off-by: Ben Warren <ben@skyportsystems.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
RYAN D. MOATS [Tue, 12 Apr 2016 13:43:59 +0000 (08:43 -0500)]
ovn-controller: Dynamically reconnect if ovn-remote value changes.
Allows for auto detection and reconnect if the ovn-remote needs
to change. Ovn-controller test case updated to include testing
this code.
Signed-off-by: RYAN D. MOATS <rmoats@us.ibm.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Numan Siddique [Fri, 8 Apr 2016 17:51:16 +0000 (23:21 +0530)]
ovn-northd: Handle IPv4 addresses with prefixes in lport port security
Initial implementation of port security, missed out this feature.
Reported-by: Na Zhu <nazhu@cn.ibm.com>
Reported-at: https://bugs.launchpad.net/networking-ovn/+bug/
1564414
Signed-off-by: Numan Siddique <nusiddiq@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Russell Bryant [Thu, 7 Apr 2016 15:26:21 +0000 (11:26 -0400)]
ovn-controller: Warn if system-id is missing.
If 'system-id' is missing from the Open_vSwitch database, ovn-controller
will not work. Log a warning if that happens to make it clear that
configuration is incomplete.
Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>
Acked-by: Ben Pfaff <blp@ovn.org>
Nithin Raju [Wed, 13 Apr 2016 22:33:11 +0000 (15:33 -0700)]
datapath-windows: post event during vport delete
Got left out during the previous round of refactoring.
Signed-off-by: Nithin Raju <nithin@vmware.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Warren [Tue, 5 Apr 2016 01:32:10 +0000 (21:32 -0400)]
Move lib/ofp-msgs.h to include/openvswitch directory
Signed-off-by: Ben Warren <ben@skyportsystems.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Warren [Tue, 5 Apr 2016 01:32:09 +0000 (21:32 -0400)]
Move lib/ofp-util.h to include/openvswitch directory
This commit also adds several #include directives in source files in
order to make the 'ofp-util.h' move possible
Signed-off-by: Ben Warren <ben@skyportsystems.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Warren [Tue, 5 Apr 2016 01:32:08 +0000 (21:32 -0400)]
Move lib/type-props.h to include/openvswitch directory
Signed-off-by: Ben Warren <ben@skyportsystems.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Warren [Tue, 5 Apr 2016 01:32:07 +0000 (21:32 -0400)]
Move lib/meta-flow.h to include/openvswitch directory
This commit also moves some bitmap macros into public header files and
adds some #include directives in soure files in order to make the
'meta-flow.h' move possible.
Signed-off-by: Ben Warren <ben@skyportsystems.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Warren [Tue, 5 Apr 2016 01:32:06 +0000 (21:32 -0400)]
Move lib/match.h to include/openvswitch directory
Signed-off-by: Ben Warren <ben@skyportsystems.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Warren [Tue, 5 Apr 2016 01:32:05 +0000 (21:32 -0400)]
Break netdev.h into private and public parts
Public (struct definitions and some prototypes) go in
include/openvswitch
Signed-off-by: Ben Warren <ben@skyportsystems.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Warren [Tue, 5 Apr 2016 01:32:04 +0000 (21:32 -0400)]
Break uuid.h into private and public parts
Public (struct definitions and some prototypes) go in
include/openvswitch
Signed-off-by: Ben Warren <ben@skyportsystems.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Warren [Tue, 5 Apr 2016 01:32:03 +0000 (21:32 -0400)]
Break flow.h into private and public parts
Public (struct definitions and some prototypes) go in
include/openvswitch
Signed-off-by: Ben Warren <ben@skyportsystems.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Warren [Tue, 5 Apr 2016 01:32:02 +0000 (21:32 -0400)]
Break packets.h into private and public parts
Public (struct definitions and some prototypes) go in
include/openvswitch
Signed-off-by: Ben Warren <ben@skyportsystems.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Warren [Tue, 5 Apr 2016 01:32:01 +0000 (21:32 -0400)]
Misc cleanup with "util.h" header files
Removed redundant #includes and moved some macros to different file
scope
Signed-off-by: Ben Warren <ben@skyportsystems.com>
Acked-by: Ryan Moats <rmoats@us.ibm.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Sairam Venugopal [Wed, 13 Apr 2016 18:54:03 +0000 (11:54 -0700)]
datapath-windows: Add Connection Tracking Support
Enable support for Stateful Firewall in Hyper-V by adding a Connection
Tracking module. The module has been ported over from the userspace
implementation patch of a similar name.
The current version of the module supports ct - zone, mark and label for
TCP packets. Support for other packet formats will be added in subsequent
patches.
The conntrack-tcp module is adapted from FreeBSD's pf subsystem and hence
the BSD license. It has been ported over to match OVS Hyper-V coding
style.
Signed-off-by: Sairam Venugopal <vsairam@vmware.com>
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Co-Authored-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
projects / cascardo / ovs.git / log