git.cascardo.eti.br Git - cascardo/ovs.git/log

byte-order: use system ntohll() and htonll() for OS X

Avoid collision with system headers when building under OS X.

Signed-off-by: Lance Richardson <lrichard@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

osx: handle differences between OS X and other BSDs

Conditional compilation to account for:
  - OS X does not implement RTM_IFANNOUNCE.
  - OS X does not implement tap netdeivces.
  - OS X does not implement RT_ROUNDUP().

Signed-off-by: Lance Richardson <lrichard@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ovs-pki: OS X compatibility

Handle OS X like other BSDs (date -r is not supported, use sha1
instead of sha1sum).

Signed-off-by: Lance Richardson <lrichard@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

timeval: Add clock_gettime() for OS X

OS X does not implement clock_gettime(), implement replacement.

Signed-off-by: Lance Richardson <lrichard@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ofproto-dpif: rename wait() to avoid collision with system wait(2)

Rename ofproto-dpif wait() to avoid collision with wait(2) under OS X.

Signed-off-by: Lance Richardson <lrichard@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

netdev-dpdk: Fix crash when changing the vhost-user port.

According to netdev-provider API:
'The "destruct" function is not allowed to fail.'

netdev-dpdk breaks this restriction for vhost-user ports.
This leads to SIGABRT or SIGSEGV in dpdk_watchdog thread
because 'dealloc' will be called anyway indifferently
to result of 'destruct'.

For example, if we call
# ovs-vsctl set interface vhost1 ofport_request=5
while QEMU still attached, we'll get:
------------------[cut]------------------
|dpdk|ERR|Can not remove port, vhost device still attached
VHOST_CONFIG: socket created, fd:98
VHOST_CONFIG: fail to bind fd:98, remove file:/home/vhost1 and try again.
|dpdk|ERR|vhost-user socket device setup failure for socket /home/vhost1
|bridge|WARN|could not open network device vhost1 (Unknown error -1)
ovs-vswitchd(dpdk_watchdog1): lib/netdev-dpdk.c:532: ovs_mutex_lock_at()
passed uninitialized ovs_mutex

Program received signal SIGABRT, Aborted.
------------------[cut]------------------

Fix that by removing port anyway even when guest is still
attached. Guest becomes an orphan in that case but OVS
will not crash and will continue forwarding for other ports.
VM restart required to restore connectivity.

Fixes: 58397e6c1e6c ("netdev-dpdk: add dpdk vhost-cuse ports")
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Acked-by: Kevin Traynor <kevin.traynor@intel.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>

bond: don't re-zero recirc_id when creating bond

The bond structure is already zeroed as it is allocated
using xzalloc so there is no need to re-zero the recirc_id field.

Signed-off-by: Simon Horman <simon.horman@netronome.com>
Acked-by: Ben Pfaff <blp@ovn.org>

ovsdb-idl: Present tracked changes in increasing change number order.

Currently changes are added to the front of the track list, so
they are looped through in LIFO order. Incremental processing
is more efficient with a FIFO presentation, so
(1) add new changes to the back of the track list, and
(2) move updated changes to the back of the track list

Signed-off-by: RYAN D. MOATS <rmoats@us.ibm.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

Add useful information to ovn E2E tests

Modify E2E test to output the OF flows from all three
hypervisors to help debug when something goes wrong.

Signed-off-by: RYAN D. MOATS <rmoats@us.ibm.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

FAQ: Document that new fields need to be added to nx_put_raw() also.

Reported-by: Enas Ahmad <enas.ahmad@kaust.edu.sa>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>

bridge: Dump configurable QoS types.

This commit adds a new command 'qos/show-types' for use with appctl.
This allows a user to query the types of QoS which are configurable via
Open vSwitch on a given interface.

Signed-off-by: Ian Stokes <ian.stokes@intel.com>
[blp@ovn.org made style and message changes]
Signed-off-by: Ben Pfaff <blp@ovn.org>

bridge: Fix qos_unixctl_show bug.

netdev_get_qos returns a value to indicate if an error has occurred while
attempting to query the QoS configuration of an interface. If an error does
occur the pointer argument passed to it will be set to null before returning.
Currently the vswitch will segfault if this occurs as qos_unixctl_show will
attempt to access the pointer directly after it calls netdev_get_qos.

Avoid this by adding a check for the return value and flagging an appropriate
error message to appctl.

Signed-off-by: Ian Stokes <ian.stokes@intel.com>
[blp@ovn.org changed details of error report]
Signed-off-by: Ben Pfaff <blp@ovn.org>

db-ctl-base: Fix a typo.

Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>

ovn: Remove outdated debug messages.

ovn-northd used to only call ovnsb_db_run() and ovnnb_db_run() when
seqnos indicated that they had changed. It now always calls these
functions from the main loop. Remove these outdated log messages
that indicate that we called this function because contents changed.

Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>

ovn: Update the test case for localnet port.

Localnet port is now able to connect vif ports on different HVs.
Change the test case accordingly.

Signed-off-by: Han Zhou <zhouhan@gmail.com>
Signed-off-by: Russell Bryant <russell@ovn.org>

datapath: Check for sock argument to v6ops->fragment.

Ubuntu 3.13.0-83-generic has backported a patch that adds an intermediate
version of the v6ops->fragment function that doesn't seem to ever been
part of a released upstream kernel. This version is missing the sock
argument to the fragment function.

Since we already have a backported version of the function from a newer
kernel, this simply ignores the version that Ubuntu is now making available
and continues to use the OVS version, similar to what it was doing before.

Reported-by: Zoltán Balogh <zoltan.balogh@ericsson.com>
Reported-by: Aaron Rosen <aaronorosen@gmail.com>
Reported-by: Russell Bryant <russell@ovn.org>
Signed-off-by: Jesse Gross <jesse@kernel.org>
Acked-by: Russell Bryant <russell@ovn.org>

list.h: Define OVS_LIST_POISON statically

The previous definitions of these variables using designated
initializers caused a variety of issues when attempting to
compile with MSVC, particularly if including these headers from C++
code. By defining them like this, we can appease MSVC and keep the
definitions the same on all platforms.

Suggested-by: Yin Lin <linyi@vmware.com>
Signed-off-by: Nithin Raju <nithin@vmware.com>
[blp@ovn.org changed large literal to avoid sparse warning]
Signed-off-by: Ben Pfaff <blp@ovn.org>

Move lib/dynamic-string.h to include/openvswitch directory

Signed-off-by: Ben Warren <ben@skyportsystems.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

Move lib/ofp-errors.h to include/openvswitch directory

Signed-off-by: Ben Warren <ben@skyportsystems.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

Move lib/geneve.h to include/openvswitch directory

Signed-off-by: Ben Warren <ben@skyportsystems.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

tests: enable basic lcov code coverage reporting support

Add "check-lcov" target to generate an HTML code coverage report
for testsuite execution using lcov and genhtml.

Signed-off-by: Lance Richardson <lrichard@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

tests: consistently use OVS_APP_EXIT_AND_WAIT() for daemon termination

Tools such as gcov rely on normal termination (via exit()), ensure
consistent graceful termination of daemons in tests by using
the OVS_APP_EXIT_AND_WAIT() macro.

Signed-off-by: Lance Richardson <lrichard@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

tests: make as() function as documented

As documented, the as() function should only create a subshell
to execute the provided command when a command is present. Correct
the implementation to check for the presence of the command parameter
instead of the sandbox name (which is always present in current
usage).

Signed-off-by: Lance Richardson <lrichard@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

tests: Make OVS_APP_EXIT_AND_WAIT() wait for process termination

Currently OVS_APP_EXIT_AND_WAIT() only waits for the pid file
to be removed. When using gcov (and likely other utilities),
we need to ensure that the application has actually exited.

Also adding AT_CHECK() around the exit request to allow simplification
of tests using open-coded versions of this macro.

Signed-off-by: Lance Richardson <lrichard@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ovn: Add l3 port security for IPv4 and IPv6

This patch extends the port security to support L3.
The ingress stage 'ls_in_port_sec' is renamed to 'ls_in_port_sec_l2'
and 2 new stages 'ls_in_port_sec_ip' (table 1) and 'ls_in_port_sec_nd'
(table 2) are added. 'ls_in_port_sec_ip' adds flows to restrict
the IPv4 and IPv6 traffic to valid IPv4 and IPv6 addresses of the port.
'ls_in_port_sec_nd' adds flows to restricts the ARP and IPv6 ND
packets.

For egress pipeline, 'ls_out_port_sec' is renamed to 'ls_out_port_sec_l2'
and a new stage 'ls_out_port_sec_ip' is added before 'ls_out_port_sec_l2'
to restrict the IPv4 and IPv6 traffic for valid IPs.

Signed-off-by: Numan Siddique <nusiddiq@redhat.com>
Co-authored-by: Ben Pfaff <blp@ovn.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>

NEWS: Update (--color option for ovs-ofctl).

Signed-off-by: Quentin Monnet <quentin.monnet@6wind.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ovs-ofctl: Update manpage for --color option.

Document the `--color` option for ovs-ofctl in its manpage. The option
documentation has been added into a new file (included into the
manpage) so that it can easily be added to other manpages as well when
support for colorized output is extended to other utilities.

The use of the environment variable OVS_COLORS (used for user-defined
colors) has been documented as well.

Signed-off-by: Quentin Monnet <quentin.monnet@6wind.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ofp-actions: Color output of flow actions for ovs-ofctl dump-flows.

Add color output for flow actions for ovs-ofctl dump-flows command
utility, by inserting color markers in the functions responsible for
printing those actions.

Signed-off-by: Quentin Monnet <quentin.monnet@6wind.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

match: Color output of match conditions for ovs-ofctl dump-flows.

Add color output for flow match conditions for ovs-ofctl dump-flows
command utility, by inserting color markers in the functions responsible
for printing those match condictions.

Signed-off-by: Quentin Monnet <quentin.monnet@6wind.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ovs-ofctl: Add output colors for flow attributes.

This commit adds colors to the “left part” of printed flows (to flow
properties that are always present: `cookie`, `table`, timeouts, etc.).

Signed-off-by: Quentin Monnet <quentin.monnet@6wind.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ovs-ofctl: Declare / set up colors for command output.

OVS_COLORS environment variable is parsed to extract user-defined
preferences regarding colors (this is used to set up a color theme, not
to replace the `--color` option for activating color output).

The string should be of a format similar to LS_COLORS or GREP_COLORS,
with available colors being as follows:

* ac: action field
* dr: drop keyword
* le: learn keyword
* pm: parameters receiving attributes
* pr: keyword having parenthesis
* sp: some special keywords
* vl: lone values with no parameter name

For color whose idendifier does not appear in the string, the default
hardcoded value is used instead.

As an example, setting OVS_COLORS to the following string is equivalent
to using the default values:

OVS_COLORS="ac:01;31:dr=34:le=31:pm=36:pr=35:sp=33:vl=32"

Signed-off-by: Quentin Monnet <quentin.monnet@6wind.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ovs-ofctl: Add option for color output to dump-flows command.

Add an option to ovs-ofctl utility so as to obtain colorized output in
tty, for easier reading. Currently, only the dump-flows command supports
colors.

A new `--color` option has been added to ovs-ofctl so as to indicate
whether color markers should be used or not. It can be set to `always`
(force colors), `never` (no colors) or `auto` (use colors only if output
is a tty). If provided without any value, it is the same as `auto`. If
the option is not provided at all, colors are disabled by default.

Examples:
This first call will output colorized flows:

    ovs-ofctl dump-flows br0 --color=always

These two calls will produce colorized output on a tty, but they will
not use color markers if the output is redirected to a file or piped
into another command:

    ovs-ofctl dump-flows br0 --color=auto
    ovs-ofctl dump-flows br0 --color

These two calls will not use color markers:

    ovs-ofctl dump-flows br0 --color=never
    ovs-ofctl dump-flows br0

The result of this option is stored into a variable which is to be
forwarded (in next commits) as a function argument until it reaches the
functions that print the elements of the flows.

Signed-off-by: Quentin Monnet <quentin.monnet@6wind.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

vtep: Introduce other_config column in some vtep schema tables.

Having an other_config column is a simple way to pass more information than the
schema allows.

Signed-off-by: Saurabh Shrivastava <saurabh.shrivastava@nuagenetworks.net>
Signed-off-by: Ben Pfaff <blp@ovn.org>

rhel: Don't package ovs-testcontroller with ovn.

This was a mistake. ovs-testcontroller was duplicated in the ovn
package. It's already in the main openvswitch package, where it
belongs.

Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

ovs-vtep: Delete flows with untagged vlan carefully.

A (physical port + vlan) or (physical port + no tag) can be bound to a
logical switch. When one unbinds (physical port + no tag) from a logical
switch, the emulator inadvertantly deletes flows for (physical port + vlan)
too. This commit fixes it.

VMware-BZ: #1609938
Reported-by: Mike Qing <mqing@vmware.com>
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>

ovs-ctl: Remove code for upgrading from Open vSwitch 1.6 and earlier.

OVS 1.7 was released in July 2012, so by the time current OVS is released,
it will be almost four years old. I think that this is long enough to
remove special upgrade code.

It's almost impossible to do this upgrade in any case since there is
no overlap in the base kernel versions supported by the out of tree
modules in the two versions (the only possibility is running the new
version of OVS on the upstream module from Linux 3.3).

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>

ovs-ctl: Remove code for upgrading from Open vSwitch 1.9 and earlier.

OVS 1.10 was released in May 2013, so by the time current OVS is released,
it will be about three years old. I think that this is long enough to
remove special upgrade code from the startup scripts.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>

INSTALL.md: Suggest jemalloc memory allocator.

Change installing documentation to suggest to use
jemalloc memory allocator.

This memory allocator showed great performance gains
when used at ovsdb-server and other components.

Signed-off-by: Esteban Rodriguez Betancourt <estebarb@hpe.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

netdev: New field 'is_pmd' in netdev_class.

Made to simplify creation of derived classes.

Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>

NEWS: Add 2.5.0 release date.

OVS 2.5.0 was released. The date was updated in branch-2.5, but not
master.

Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

datapath-windows: Support for IPv6 in TCP segmentation

When a packet which needs segmentation is received, the header for
each segment is being calculated, i.e. IP length, checksum, TCP seq,
TCP checksum.

The problem with the current code is that it wrongly assumes that
the Ethernet frame payload is always an IPv4 packet.

This patch checks the EtherType field of the Ethernet frame to see
which protocol is encapsulated in its payload, IPv4 or IPv6, and
calculates the segment's header accordingly.

Signed-off-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Co-authored-by: Sairam Venugopal <vsairam@vmware.com>
Reported-by: Sairam Venugopal <vsairam@vmware.com>
Reported-at: https://github.com/openvswitch/ovs-issues/issues/105
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

datapath: Fix build failure related to missing vlan.h

---8<---
make[1]: Entering directory `/home/travis/build/openvswitch/ovs/datapath'
make[1]: *** No rule to make target `vlan.h', needed by `distdir'. Stop.
make[1]: Leaving directory `/home/travis/build/openvswitch/ovs/datapath'
make: *** [distdir] Error 1
cat: */_build/tests/testsuite.log: No such file or directory

Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>

Build Windows include runtime

This patch adds the Visual Studio runtime to the binaries by adding
the code generation compile flags: MT (release version) and MTd (debug
version).

More on the subject can be found under:
https://msdn.microsoft.com/en-us/library/2kzt1wy3%28v=vs.120%29.aspx

This helps shipping binaries and guaranteeing the runtime uses the specific
version

Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ovsdb-idl: improve error handling when schema is not available

A common error scenario with OVN is to attempt to use ovn-nbctl when
the OVN databases have not been created in ovsdb-server:
   1. ovn-nbctl sends a "get_schema" request for the OVN db to ovsdb-server.
   2. ovsdb-server fails to find requested db, sends error response
      to ovn-nbctl.
   3. ovn-nbctl receives the error response in ovsdb_idl_run(), but
      takes no specific action.
   4. ovn-nbctl hangs forever in IDL_S_SCHEMA_REQUESTED state (assuming
      a timeout wasn't requested on the command line).

This commit adds a new IDL state, IDL_S_NO_SCHEMA, which is entered
when a negative response to a schema request is received. When in
this state, ovsdb_idl_is_alive() now returns 'false', allowing clients
(currently ovn-nbctl, ovn-sbctl, vtep-ctl, and ovs-vsctl) to detect this
condition and exit with an appropriate error message.

Signed-off-by: Lance Richardson <lrichard@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

datapath: Remove OVS_FRAGMENT_BACKPORT

This macro is not required as we drop support for unsupported
kernel versions.

Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>

datapath: Drop support for kernel older than 3.10

Currently OVS out of tree datapath supports a large number of kernel
versions. From 2.6.32 to 4.3 and various distribution-specific
kernels. But at this point major features are only available on more
recent kernels. For example, stateful services are only available
starting in kernel 3.10 and STT is available on starting with 3.5.

Since these features are becoming essential to many OVS deployments,
and the effort of maintaining the backports is high. We have decided
to drop support for older kernel. Following patch drops supports
for kernel older than 3.10.

Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>

ovn: Implement basic ARP support for L3 logical routers.

This is sufficient support that an L3 logical router can now transmit
packets to VMs (and other destinations) without having to know the
IP-to-MAC binding in advance. The details are carefully documented in all
of the appropriate places.

There are several important caveats that need to be fixed before this can
be taken seriously in production. These are documented in ovn/TODO. The
most important of these are renewal, expiration, and limiting the size of
the ARP table.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>

ovn-controller: Add data structure for indexing lports, multicast groups.

This was more or less implemented inside lflow.c until now, but some
upcoming code that shouldn't be in that file needs to use it too.

This also adds a second index on lports, so that lports can be looked up
based on the logical datapath tunnel key and the logical port tunnel key.
An upcoming commit will add a user for this new index.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>

ovn: Use callback function instead of simap for logical port number map.

An simap is convenient but it isn't very flexible. If the client wants to
keep extra data with each node then it has to build a second parallel data
structure. A callback function is kind of a pain for the clients from the
point of view of having to write it and deal with auxiliary data, etc., but
it allows the storage to be more flexible.

An upcoming commit will make further use of this capability.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>

actions: Implement OVN "arp" action.

An upcoming commit will use this as a building block in adding ARP support
to the OVN L3 logical router implementation.

Signed-off-by: Ben Pfaff <blp@ovn.org>

Document how to match any packet with a VLAN header.

This one is actually useful, I don't know how I omitted it whenever I wrote
this documentation.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>

lib/ovs-thread: make use of the pthread_attr object

The pthread_attr object needs to be passed to the pthread_create()
call in order to make use of it.

Fixes: 8147cec9ee (lib/ovs-thread: Ensure that thread stacks are
always at least 512 kB.)
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Acked-by: Andy Zhou <azhou@ovn.org>

ovsdb-server: Add Json cache count to memory/show

Add the size of json cache to the data reported by ovsdb-server appctl
"memory/show" command.

Signed-off-by: Andy Zhou <azhou@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

netdev-linux: Fix netdev ipv6 notification

Listen to RTNLGRP_IPV6_IFINFO to get IPv6 address change
notification.

Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

smap: bsd: Fix compilation error.

I saw following error while testing this series.
---8<---
In file included from lib/smap.c:16:
./lib/smap.h:75:56: warning: declaration of 'struct in6_addr' will not be visible outside of this function [-Wvisibility]
void smap_add_ipv6(struct smap *, const char *, struct in6_addr *);
^
lib/smap.c:102:1: error: conflicting types for 'smap_add_ipv6'
smap_add_ipv6(struct smap *smap, const char *key, struct in6_addr *addr)
^
./lib/smap.h:75:6: note: previous declaration is here
void smap_add_ipv6(struct smap *, const char *, struct in6_addr *);

Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

Set reason before sending continuation packet-in to the controller

Signed-Off-by: Numan Siddique <nusiddiq@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

INSTALL.DPDK: remove issue with QEMU v2.4.0 and dpdkvhostuser

The patch mentioned in the commit e73b7508fb58 ("INSTALL.DPDK: Mention
issue with QEMU v2.4.0 & dpdkvhostuser") is present in DPDK v2.2.0,
then this issue is not valid anymore.

Signed-off-by: Mauricio Vasquez B <mauricio.vasquezbernal@studenti.polito.it>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>

netdev-dpdk: fix mbuf leaks

mbufs could be chained (by the "next" field of rte_mbuf struct), when
an mbuf is not big enough to hold a big packet, say when TSO is enabled.

rte_pktmbuf_free_seg() frees the head mbuf only, leading mbuf leaks.
This patch fix it by invoking the right API rte_pktmbuf_free(), to
free all mbufs in the chain.

Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>

ovsdb-server: Fix a reference count leak bug

When destroying an ovsdb_jsonrpc_monitor, the jsonrpc monitor still
holds a reference count to the monitors 'changes' indexed with
'unflushed' transaction id. The bug is that the reference count was
not decremented as it should in the code path.

The bug caused 'changes' that have been flushed to all jsonrpc
clients to linger around unnecessarily, occupying increasingly
large amount of memory. See "Reported-at" URL for more details.

This bug is tricky to find since the memory is not leaked; they will
eventually be freed when monitors are destroyed.

Reported-by: Lei Huang <huang.f.lei@gmail.com>
Reported-at: http://openvswitch.org/pipermail/dev/2016-March/067274.html
Signed-off-by: Andy Zhou <azhou@ovn.org>
Tested-by: Han Zhou <zhouhan@gmail.com>
Acked-by: Han Zhou <zhouhan@gmail.com>
Acked-by: Liran Schour <lirans@il.ibm.com>

rhel: Use ovn-ctl to ovn-controller service

Trying to revert the changes caused by 8520deefbf208b24518c2bf67baad6d230f39dc0
to travis build failures

Signed-off-by: Babu Shanmugam <bschanmu@redhat.com>
Signed-off-by: Russell Bryant <russell@ovn.org>

openflow: Support matching and modifying MPLS TTL field.

Occasionally we get asked about this and I don't see a reason not to
support it.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>

netdev: Improve comments on netdev_rxq_recv().

The comment was incomplete in some ways and simply wrong in others.

Also ensure that *cnt is set to 0 if an error is encountered. It's nice
when callers can rely on this.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>

dpif-netdev: Fix typo in comment.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>

ovs-ofctl: Fix command names in documentation.

The actual command names do not capitalize "tlv".

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>

ofp-actions: Assert variable actions have len>0.

Variable-length actions must have a nonzero length; if they don't,
something went wrong and we should bail out.

Suggested-by: Ben Pfaff <blp@ovn.org>
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

tests: Expand 'bundle with many ports' test.

Explain what this test is doing, and check that the decoded action can
be re-encoded and dumped back out of OVS.

Suggested-by: Ben Pfaff <blp@ovn.org>
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

Revert "ovn-controller: race between binding-run and patch-run for localnet ports"

This reverts commit 3a83007a76bbf05144cee1fda7ad81c1c717dca7. It's really
nonobvious from the code why the condition added by that commit makes sense.
The new condition should not be necessary now that binding_run() always keeps
track of the local datapaths, since commit 7c040135cf351 (binding: Track local
datapaths even when no transaction is possible).

CC: Ramu Ramamurthy <ramu.ramamurthy@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Russell Bryant <russell@ovn.org>

unixctl: Log commands received and their replies (at debug level).

These commands are also visible through the "jsonrpc" module, but turning
up the log level there also exposes a lot of OVSDB traffic that usually
isn't interesting.

Also, enable this logging for the tests.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>

binding: Track local datapaths even when no transaction is possible.

Plenty of other code depends on the set of local datapaths. Most notably,
the lflow code will drop logical flows when their logical datapaths aren't
present locally.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Russell Bryant <russell@ovn.org>

ovs-sandbox: Add note about OVN to initial output.

When you run ovs-sandbox, it finishes with a note describing the dummy
environment it has set up. Add some additional text that indicates that
OVN is also enabled when that is the case.

Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>

ofp-util: Fix use-after-free in group append.

It is possible for ofpbuf_put() to realloc a newly allocated address,
casuing the previously referenced pointer, ogds, points to old/free'd
address. The issue is generated by forcing ofpbuf_put() to use newly
allocated buffer and valgrind reports invalid write. The similiar syndrome
is reported at: https://patchwork.ozlabs.org/patch/591330/

Invalid write of size 2
    ofputil_append_ofp15_group_desc_reply (ofp-util.c:8367)
    ofputil_append_group_desc_reply (ofp-util.c:8392)
    append_group_desc (ofproto.c:6262)
    handle_group_request (ofproto.c:6230)
    handle_group_desc_stats_request (ofproto.c:6269)
    handle_openflow__ (ofproto.c:7337)
    handle_openflow (ofproto.c:7403)
    ofconn_run (connmgr.c:1379)
    connmgr_run (connmgr.c:323)
    ofproto_run (ofproto.c:1762)
    bridge_run__ (bridge.c:2885)
    bridge_run (bridge.c:2940)
    main (ovs-vswitchd.c:120)

Address 0x7cb1020 is 144 bytes inside a block of size 1,144 free'd
    free (vg_replace_malloc.c:530)
    ofpbuf_resize__ (ofpbuf.c:246)
    ofpbuf_put (ofpbuf.c:386)
    nx_put_header__ (nx-match.c:1241)
    nxm_put__ (nx-match.c:697)
    oxm_put_field_array (nx-match.c:1226)
    ofputil_put_group_prop_ntr_selection_method (ofp-util.c:8305)
    ofputil_append_ofp15_group_desc_reply (ofp-util.c:8364)
    ofputil_append_group_desc_reply (ofp-util.c:8392)
    append_group_desc (ofproto.c:6262)

Signed-off-by: William Tu <u9012063@gmail.com>
Signed-off-by: Joe Stringer <joe@ovn.org>

ofpbuf: Fix use-after-free in bundle parse.

Address pointed by bundle could be obsolete/free'd when
realloc, called from ofpbuf_put_zero(), returns new address.
Reported by Valgrind 367: ovs-ofctl parse-flows (NXM)

Invalid write of size 4
    bundle_parse__ (bundle.c:200)
    bundle_parse_load (bundle.c:272)
    parse_bundle_load (ofp-actions.c:1324)
    ofpacts_parse__ (ofp-actions.c:7484)
    ofpacts_parse (ofp-actions.c:7540)
    ofpacts_parse_copy (ofp-actions.c:7558)
    parse_ofp_str__ (ofp-parse.c:491)
    parse_ofp_str (ofp-parse.c:544)
    parse_ofp_flow_mod_str (ofp-parse.c:870)

Address 0x7a4e96c is 12 bytes inside a block of size 64 free'd
    free (vg_replace_malloc.c:530)
    ofpbuf_resize__ (ofpbuf.c:246) (purposely add to force using new buf)
    ofpbuf_put_zeros (ofpbuf.c:375)
    bundle_parse__ (bundle.c:181)
    bundle_parse_load (bundle.c:272)
    parse_bundle_load (ofp-actions.c:1324)
    ofpacts_parse__ (ofp-actions.c:7484)
    ofpacts_parse (ofp-actions.c:7540)
    ofpacts_parse_copy (ofp-actions.c:7558)

Signed-off-by: William Tu <u9012063@gmail.com>
Signed-off-by: Joe Stringer <joe@ovn.org>

ofpbuf: Fix setting of 'msg' in ofpbuf_clone_with_headroom()

Commit 38876d31 fixed setting 'msg' when resizing an ofpbuf, but
failed to fix the same issue in ofpbuf_clone_with_headroom(). Without
this fix the newly cloned ofpbuf's 'msg', if non-NULL, will point to
the buffer of the original ofpbuf.

Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Joe Stringer <joe@ovn.org>

ofpbuf: Rename 'data_delta' to 'xxx_offset'

Using more accurate and descriptive variable names improves code
readability.

Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Joe Stringer <joe@ovn.org>

ofpbuf: Make offset calculation more consistent.

Use the same method of offset calculation in
ofpbuf_clone_with_headroom() as in ofpbuf_resize__().

Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Joe Stringer <joe@ovn.org>

AUTHORS: Add Ramu Ramamurthy.

Ramu is the author of 3a83007a76bbf05144cee1fda7ad81c1c717dca7.

Signed-off-by: Russell Bryant <russell@ovn.org>

ovn-controller: race between binding-run and patch-run for localnet ports

when ctx->ovnsb_idl_txn is null, binding_run exits early
and does not add any local_datapaths, but patch_run
doesnt check this, and ends up deleting localnet ports,
because there are no local datapaths for them,
They get readded in a subsequent run causing unnecessary
deletion and readdition.

Signed-off-by: Ramu Ramamurthy <ramu.ramamurthy@us.ibm.com>
Signed-off-by: Russell Bryant <russell@ovn.org>

Use 'RUNDIR' from make for rhel/ovn-controller.service

Perviously it was using the platform's runtime directory which can be
different from the runtime directory of ovsdb-server started by the
openvswitch service

Signed-off-by: Babu Shanmugam <bschanmu@redhat.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Russell Bryant <russell@ovn.org>

netdev-dpdk: Fix memory leak in netdev_dpdk_vhost_destruct().

Fixes: 4573fbd38fa1 ("netdev-dpdk: Add vhost-user multiqueue support")
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>

datapath: STT: Fix checksum handling.

On packet receive STT verifies the checksum if not done in
hardware. But IP and TCP were pulled before the verification
step. The verification expect to see packet with TCP header.
This causes STT to drop packet in certain cases.

Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Joe Stringer <joe@ovn.org>

ofpbuf: Use ptrdiff_t for pointer delta.

Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Jarno Rajahalme <jarno@ovn.org>

ofp-actions: Prevent integer overflow in decode.

When decoding a variable-length action, if the length of the action
exceeds the length storable in a uint16_t then something has gone
terribly wrong. Assert that this is not the case.

Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Jarno Rajahalme <jarno@ovn.org>

ofp-actions: Fix use-after-free in bundle action.

If the actions list in an incoming flow mod is long enough, and there is
a bundle() action with 3 or more slaves, then it is possible for a
reallocation to occur after placing the ofpact_bundle into the ofpacts
buffer, while slave ports into the buffer. If the memory freed by this
reallocation is then passed to another thread, then that thread may
modify the value that bundle->n_slaves points to. If this occurs quickly
enough before the main thread finishes copying all of the slaves, then
the iteration may continue beyond the originally intended number of
slaves, copying (and swapping) an undetermined number of 2-byte chunks
from the openflow message. Finally, the length of the ofpact will be
updated based on how much data was written to the buffer, which may be
significantly longer than intended.

In many cases, the freed memory may not be allocated to another thread
and be left untouched. In some milder bug cases, this will lead to
'bundle' actions using more memory than required. In more serious cases,
this length may then exceed the maximum length of an OpenFlow action,
which is then stored (truncated) into the 16-bit length field in the
ofpact header. Later execution of ofpacts_verify() would then use this
length to iterate through the ofpacts, and may dereference memory in
unintended ways, causing crashes or infinite loops by attempting to
parse/validate arbitrary data as ofpact objects.

Fix the issue by updating 'bundle' within the iteration, immediately
after (potentially) expanding the bundle.

Thanks to Jarno Rajahalme for his keen pair of eyes on finding this
issue.

VMWare-BZ: #1614715
Fixes: f25d0cf3c366 ("Introduce ofpacts, an abstraction of OpenFlow actions.")
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Jarno Rajahalme <jarno@ovn.org>

tests: Add bundle action test with buffer realloc.

Add a test which causes internal reallocation of the ofpacts buffer,
followed by a large bundle action which should cause a subsequent
reallocation while decoding slave ports. Running this test under
valgrind reveals the issue below, which is fixed in the following
commit.

Invalid read of size 4
   at 0x4CED87: decode_bundle (ofp-actions.c:1253)
   by 0x4CEDFC: decode_NXAST_RAW_BUNDLE (ofp-actions.c:1272)
   by 0x4DBDE6: ofpact_decode (ofp-actions.inc2:3765)
   by 0x4D6914: ofpacts_decode (ofp-actions.c:5735)
   by 0x4D6A3D: ofpacts_pull_openflow_actions__ (ofp-actions.c:5772)
   by 0x4D74F3: ofpacts_pull_openflow_instructions (ofp-actions.c:6352)
   by 0x4F59FA: ofputil_decode_flow_mod (ofp-util.c:1704)
   by 0x4EAD18: ofp_print_flow_mod (ofp-print.c:786)
   by 0x4F0711: ofp_to_string__ (ofp-print.c:3220)
   by 0x4F0D98: ofp_to_string (ofp-print.c:3453)
   by 0x5486B3: do_recv (vconn.c:644)
   by 0x548498: vconn_recv (vconn.c:598)
   by 0x524582: rconn_recv (rconn.c:703)
   by 0x45DA61: ofconn_run (connmgr.c:1370)
   by 0x45B3B4: connmgr_run (connmgr.c:323)
   by 0x41D1E8: ofproto_run (ofproto.c:1762)
   by 0x40CEE0: bridge_run__ (bridge.c:2885)
   by 0x40D093: bridge_run (bridge.c:2940)
   by 0x412F7E: main (ovs-vswitchd.c:120)
Address 0x66aa460 is 1,152 bytes inside a block of size 1,184 free'd
   at 0x4C2AF2E: realloc (vg_replace_malloc.c:692)
   by 0x543D27: xrealloc (util.c:123)
   by 0x5089EF: ofpbuf_resize__ (ofpbuf.c:243)
   by 0x508B81: ofpbuf_prealloc_tailroom (ofpbuf.c:290)
   by 0x508D5C: ofpbuf_put_uninit (ofpbuf.c:364)
   by 0x508DEF: ofpbuf_put (ofpbuf.c:387)
   by 0x4CED7D: decode_bundle (ofp-actions.c:1255)
   by 0x4CEDFC: decode_NXAST_RAW_BUNDLE (ofp-actions.c:1272)
   by 0x4DBDE6: ofpact_decode (ofp-actions.inc2:3765)
   by 0x4D6914: ofpacts_decode (ofp-actions.c:5735)
   by 0x4D6A3D: ofpacts_pull_openflow_actions__ (ofp-actions.c:5772)
   by 0x4D74F3: ofpacts_pull_openflow_instructions (ofp-actions.c:6352)
   by 0x4F59FA: ofputil_decode_flow_mod (ofp-util.c:1704)
   by 0x4EAD18: ofp_print_flow_mod (ofp-print.c:786)
   by 0x4F0711: ofp_to_string__ (ofp-print.c:3220)
   by 0x4F0D98: ofp_to_string (ofp-print.c:3453)
   by 0x5486B3: do_recv (vconn.c:644)
   by 0x548498: vconn_recv (vconn.c:598)
   by 0x524582: rconn_recv (rconn.c:703)
   by 0x45DA61: ofconn_run (connmgr.c:1370)

Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Jarno Rajahalme <jarno@ovn.org>

ovs-ofctl.8: commit is required with alg in ct().

The "alg=" argument to the ct() action only makes sense when used in
combination with "commit". Add this to the documentation to help make
it clear.

Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>

INSTALL.DPDK.md: Installation steps correction for DPDK 2.2.

Missing step added to INSTALL.DPDK.md which prevents
installation error message.

Signed-off-by: Michal Weglicki <michalx.weglicki@intel.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>

netdev_dpdk.c: Add QoS functionality.

This patch provides the modifications required in netdev-dpdk.c and
vswitch.xml to allow for a DPDK user space QoS algorithm.

This patch adds a QoS configuration structure for netdev-dpdk and
expected QoS operations 'dpdk_qos_ops'. Various helper functions
are also supplied.

Also included are the modifications required for vswitch.xml to allow a
new QoS implementation for netdev-dpdk devices. This includes a new QoS type
`egress-policer` as well as its expected QoS table entries.

The QoS functionality implemented for DPDK devices is `egress-policer`.
This can be used to drop egress packets at a configurable rate.

The INSTALL.DPDK.md guide has also been modified to provide an example
configuration of `egress-policer` QoS.

Signed-off-by: Ian Stokes <ian.stokes@intel.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>

ofpbuf: Fix trivial spelling typo.

s/bofy/body/. I noticed this spelling typo while reading this header
file.

Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

ofp: Add support for bundles extension in OpenFlow 1.3.

ONF Extension 230 adds support for OpenFlow 1.4 bundles to OpenFlow
1.3. Supporting this allows OpenFlow 1.3 controllers to start using
bundles. Also the ovs-ofctl '--bundle' option can now be used with
OpenFlow 1.3.

Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

odp-util: Use FLOW_MAX_MPLS_LABELS when parsing MPLS ODP keys.

Even though the number of supported MPLS labels may vary between a
datapath and the OVS userspace, it is better to use the
FLOW_MAX_MPLS_LABELS than a hard-coded '3' as the maximum number of
labels to scan.

Requested-by: Ben Pfaff <blp@ovn.org>
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

rhel: Add 'rpm-fedora' and 'rpm-fedora-kmod' targets

Add make targets for Fedora and RHEL7 RPMs, update INSTALL.Fedora.md
to document their use

Added distribution tarball and rpm build directory to .gitignore.

Signed-off-by: Lance Richardson <lrichard@redhat.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ovn: Suppport ct_mark/ct_label in lflow matches.

Add support for matching on ct_mark and ct_label in OVN logical flows.

Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

ovsdb-server: Refactoring and clean up remote status reporting.

When reporting remote status, A listening remote will randomly
pick a session and report its session status. This does not seem
to make much sense. It is probably better to leave those fields
untouched.

Update ovs-vswitchd.conf.db(5) to match the change in implementation.

Signed-off-by: Andy Zhou <azhou@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

ovsdb: fix a typo in ovs-vswitchd.conf.db(5).

Signed-off-by: Andy Zhou <azhou@ovn.org>
Acked-by: Joe Stringer <joe@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

netdev-dpdk: clean up mbuf initialization

Current mbuf initialization relies on magic numbers and does not
accomodate mbufs of different sizes.

Resolve this issue by ensuring that mbufs are always aligned to a 1k
boundary (a typical DPDK NIC Rx buffer alignment).

Signed-off-by: Mark Kavanagh <mark.b.kavanagh@intel.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>

testsuite: Add timeout to add_of_br() command.

Fixes hang of testsuite on ovs-vswitchd failure.

Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

Clean code in netlink-socket

Found by inspection.

Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ovn: Connect to remote lports through localnet port.

Before this patch, inter-chassis communication between VIFs of same
lswitch will always go through tunnel, which end up of modeling a
single physical network with many lswitches and pairs of lports, and
complexity in CMS like OpenStack neutron to manage the lswitches and
lports.

With this patch, inter-chassis communication can go through physical
networks via localnet port with a 1:1 mapping between lswitches and
physical networks. The pipeline becomes:

Ingress -> Egress (local) -> Ingress (remote) -> Egress

The original tunneling mechanism will still be used if there is no
localnet port configured on the lswitch.

Signed-off-by: Han Zhou <zhouhan@gmail.com>
Acked-by: Russell Bryant <russell@ovn.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ovn: Avoid ARP responder for packets from localnet port

This is required by next commit that allows lswitch with localnet
port to be attached to multiple chassises. Without this patch, if
an ARP request comes from localnet port, on each chassis there will
be an ARP response, which is not desired.

An new stage ls_in_arp_rsp is introduced for ARP responder before
ls_in_l2_lkup.

Suggested-by: Russell Bryant <russell@ovn.org>
Signed-off-by: Han Zhou <zhouhan@gmail.com>
Acked-by: Russell Bryant <russell@ovn.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>

fedora: include ovs-save file in the rpm package

Otherwise, "ovs-ctl force-reload-kmod ..." command fails with:

Detected internal interfaces: br-int p1                    [  OK  ]
Saving flows /usr/share/openvswitch/scripts/ovs-ctl:
line 267: /usr/share/openvswitch/scripts/ovs-save: No such file or directory
                                                           [FAILED]
Exiting ovsdb-server (3228)                                [  OK  ]
Starting ovsdb-server                                      [  OK  ]
Configuring Open vSwitch system IDs                        [  OK  ]
Exiting ovs-vswitchd (3243)                                [  OK  ]
Saving interface configuration /usr/share/openvswitch/scripts/ovs-ctl:
line 294: /usr/share/openvswitch/scripts/ovs-save: No such file or directory
                                                           [FAILED]
Failed to save configuration, not replacing kernel module ... (warning).
Starting ovs-vswitchd                                      [  OK  ]
Enabling remote OVSDB managers                             [  OK  ]

Signed-off-by: Ansis Atteka <ansisatteka@gmail.com>
Reported-by: Sanal Pillai <sanalp@vmware.com>
Acked-by: Ben Pfaff <blp@ovn.org>