git.cascardo.eti.br Git - cascardo/ovs.git/log

ofpbuf: Update msg when resizing ofpbuf.

Commit 6fd6ed7 (ofpbuf: Simplify ofpbuf API.) introduced the
'header' and 'msg' pointers to 'struct ofpbuf'.  However, we
forget to update the 'msg' pointer when resizing ofpbuf.

This bug could cause serious issue.  For example, in the function
ofputil_encode_nx_packet_in(), the 'msg' pointer is populated in
ofpraw_alloc_xid() when creating the ofpbuf .  Later, the ofpbuf
memory can be reallocated due to the writing to the ofpbuf.
However, since the 'msg' pointer is not updated, the later use of
the 'ofpbuf->msg' will end up writing to either free'ed memory or
memory allocated for other struct.

This commit fixes the bug by always updating the 'header' and
'msg' pointers when the ofpbuf is resized.  Also, a simple test
is added.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ofp-util: Allow out-of-range indexes in ofputil_decode_geneve_table_reply().

Otherwise, if some future version of OVS supports more Geneve options than
the current version, and any of these extras are in use, then one would be
unable to dump them with "ovs-ofctl dump-geneve-map", and any other
OVS-based software that wants to dump the Geneve map to work with the
existing options (i.e. ovn-controller) would fail entirely, instead of
being able to work with at least a subset.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

flow: Split miniflow's map.

Use two maps in miniflow to allow for expansion of struct flow past
512 bytes. We now have one map for tunnel related fields, and another
for the rest of the packet metadata and actual packet header fields.
This split has the benefit that for non-tunneled packets the overhead
should be minimal.

Some miniflow utilities now exist in two variants, new ones operating
over all the data, and the old ones operating only on a single 64-bit
map at a time. The old ones require doubling of code but should
execute faster, so those are used in the datapath and classifier's
lookup path.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

dpif-netdev: Skip also xregs when building a mask.

When no mask is passed in, dpif_netdev_mask_from_nlattrs() builds a
mask from all possible fields whose prerequisites are met. OpenFlow
metadata is not relevant for a datapath flow, so we skip registers and
metadata. Do this for XREGs as well.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

datapath: Include datapath actions with sampled-packet upcall to userspace.

If new optional attribute OVS_USERSPACE_ATTR_ACTIONS is added to an
OVS_ACTION_ATTR_USERSPACE action, then include the datapath actions
in the upcall.

This Directly associates the sampled packet with the path it takes
through the virtual switch. Path information currently includes mangling,
encapsulation and decapsulation actions for tunneling protocols GRE,
VXLAN, Geneve, MPLS and QinQ, but this extension requires no further
changes to accommodate datapath actions that may be added in the
future.

Adding path information enhances visibility into complex virtual
networks.

Signed-off-by: Neil McKee <neil.mckee@inmon.com>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>

type-props: Avoid a MSVC warning.

Currently, MSVC complains when you have a macro of the
form TYPE_MAXIMUM(uint64_t) because a part of macro becomes
~(uint64_t)0 << 64 with a warning:

C4293: '<<' : shift count negative or too big, undefined behavior.

This commit makes changes to the macro to prevent that warning.

Suggested-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

db-ctl-base: make use of user supplied exit function

The user is required to expose the_idl and the_idl_txn global variables,
so that memory can be cleaned up on fatal errors. This patch changes to
ask user to supply an exit function via ctl_init(). What user needs to
do on exit can now remain private.

Signed-off-by: Andy Zhou <azhou@nicira.com>

db-ctl-base: remove ctl_get_all_commands() function

all_commands currently is some times accessed directly, some times via
a function call. Change to always access it directly.

Signed-off-by: Andy Zhou <azhou@nicira.com>

db-ctl-base: remove db_ctl_show_command table

It is not clear why "show" command needs its own command table.
Remove it for simplicity.

Signed-off-by: Andy Zhou <azhou@nicira.com>

ovsdb: Add per transaction commit instruction counter

Measure user space only instruction counters for commit each
transaction. This measurement is mainly useful for
tuning OVSDB internal implementation, such as how OVSDB scales over
number of client connections.

A simple usage example:

ovs-appctl -t ovsdb-server ovsdb-server/perf-counters-clear
ovs-vsctl add-port br0 p3
ovs-appctl -t ovsdb-server ovsdb-server/perf-counters-show
ovsdb_txn_commit 2 906922 453461.0

The commands above show that the 'add-port br p3' command caused ovsdb
to execute 2 transactions. Each transaction takes 453461 instructions,
total 906922 instructions. The number will vary based on number of
ovsdb clients connected.

Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

perf-counter: simplify the performance macro

Replace the original PERF_FUNCTION_BEGIN and PERF_FUNCTION_END
pair with a single PERF macro. This design is also more flexible,
removing the restriction of have only one measurement per function.

The next patch will make use of this macro.

Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

perf-counter: initialize perf counter shash before use

Private variable perf_counters needs to be initialized before
use. Otherwise, perf_counter_init() call will cause crashes.

Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ovn: Fix extra token detection.

This code attempts to first check whether another error was detected for
the string it is parsing, then if it's not at the end of the tokens,
report an error. However, 'errorp' is always a valid pointer to a
'char *', so the first check in this statement always evaluates false.

Furthermore, this undefined behaviour may be optimised out by modern
compilers due to the prior dereference in expr_parse(). Fix this to
check the actual value of *errorp. Also add a test to check this case.

Found by MIT STACK undefined behaviour checker.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ovs-vsctl: Remove redundant checks.

In several places, "br" is dereferenced just before a check such as
"if (br ...)". These checks may be optimised out, and they provide no
additional safety, so this patch removes them.

Found by MIT STACK undefined behaviour checker.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

vtep-ctl: Remove extraneous NULL pointer check.

OVS will exit if the allocations in this function fail, so this check is
pointless.

Found by MIT STACK undefined behaviour checker.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ofp-parse: Fix typo in consistency check.

This check in parse_ofp_str__() attempted to detect inconsistencies
between matches and actions, or inconsistencies within the actions. In
this case, ofpacts_check() would effectively zero the "usable_protocols"
and return 0 (ie, OK). However, when checking the return parameter, it
checks the pointer rather than the value.

In practice, this seems to only come up for fields which are used
internally in OVS and not exposed for matching from the controller, like
tunnel flags or skb_priority.

Found by MIT STACK undefined behaviour checker.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

flow: Make compile with MSVC.

MSVC does not like zero sized arrays in structs. Hence, remove the
'values' member from struct miniflow and add back the getters
miniflow_values() and miniflow_get_values().

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ovn: Convert tabs to spaces in ovn-sb.xml.

This file used mixed indentation. Fix it up to be consistent.

Signed-off-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

acinclude: Require libfuse only for DPDK with vhost-cuse.

DPDK with vhost-user doesn't require libfuse, so we shouldn't link OVS
with libfuse unless DPDK is built with vhost-cuse support.

CC: Rapelly, Varun <vrapelly@sonusnet.com>
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

ovs-appctl: register unixctl commands in the beginning

Some commands of ovs-appctl were lazily registered when first
bridg or bfd was added. Before that, calling these commands raised a
error("xxx is not a valid command"). The problem commangs included
"bfd/...", "upcall/...","dpif/...","fdb/..." and so on.

Fix this by moving the register into the "bridge_init" and
"bridge_init_ofproto". All commands are registered at the moment
ovs-vswitchd starts.

Signed-off-by: Huanle Han <hanxueluo@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath-windows: Fixed spelling errors in OVS

Solved some spelling errors observed in the datapath code.

Signed-off-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovn-nb: Add per-port IP addresses to routers.

A router needs one IP address per port, not just one for the whole router.

Reported-by: Gal Sagie <gal.sagie@gmail.com>
Reported-at: http://openvswitch.org/pipermail/dev/2015-July/057242.html
Signed-off-by: Ben Pfaff <blp@nicira.com>

netdev-linux: do not warn when getting stats for netdev with no vport

When there is no vport for a given netdev, dpif_netlink_vport_get might return
ENODEV. Do not warn a failure to get port stats when that's the case.

This happens when the userspace switch is used.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

tunneling: Allow matching and setting tunnel 'OAM' flag.

Several encapsulation formats have the concept of an 'OAM' bit
which typically is used with networking tracing tools to
distinguish test packets from real traffic. OVS already internally
has support for this, however, it doesn't do anything with it
and it also isn't exposed for controllers to use. This enables
support through OpenFlow.

There are several other tunnel flags which are consumed internally
by OVS. It's not clear that it makes sense to use them externally
so this does not expose those flags - although it should be easy
to do so if necessary in the future.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

flow: Factor out flag parsing and formatting routines.

There are several implementations of functions that parse/format
flags and their binary representation. This factors them out into
common routines. In addition to reducing code, it also makes things
more consistent across different parts of OVS.

Signed-off-by: Jesse Gross <jesse@nicira.com>

ofproto-macros.at: Make check_logs() check all *.log files.

As we have more daemons with OVN that can be tested using ovs autotest
framework, it is convenient to extend check_logs() to check all *.log
files, except testsuite.log.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

flow: Eliminate miniflow_clone() and minimask_clone().

miniflow_clone() and minimask_clone() are no longer used, remove them
from the API.

Now that miniflow data is always inlined, it makes sense to rename
miniflow_clone_inline() miniflow_clone().

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

match: Single malloc minimatch.

Allocate the miniflow and minimask in struct minimatch at once, so
that they are consecutive in memory. This halves the number of
allocations, and allows smaller minimatches to share the same cache
line.

After this a minimatch has one heap allocation for all it's data.
Previously it had either none (when data was small enough to fit in
struct miniflow's inline buffer), or two (when the inline buffer was
insufficient). Hopefully always having one performs almost the same
as none or two, in average.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

flow: Always inline miniflows.

Now that performance critical code already inlines miniflows and
minimasks, we can simplify struct miniflow by always dynamically
allocating miniflows and minimasks to the correct size. This changes
the struct minimatch to always contain pointers to its miniflow and
minimask.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

meta-flow: Add a missing break statement.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

datapath-windows: Fix broken break by distributing resource.h.

Commit e19a0c6 (datapath-windows: update extension information) added
resource.h but did not distribute it.

Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath-windows: update extension information

This patch sets additional information about the driver used by various
applications.

Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Eitan Eliahu <eliahue@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath-windows: Update VXLAN header information

Use tunnel key information on the IP header preceding the VXLAN header.

Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Eitan Eliahu <eliahue@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath-windows: Solved BSOD when cleaning up the VXLAN tunnel

When removing vport also remove the vxlan tunnel port.

Signed-off-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-at: https://github.com/openvswitch/ovs-issues/issues/94
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovn: Minor cleanups in "physical" component comments.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Gal Sagie <gal.sagie@gmail.com>

ovs-ofctl.8: Specify correct variable in "snoop" description.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

lib/automake.mk: Fix dependency typos.

Fix dependency issues with lib/ofp-errors.lo and lib/ofp-msgs.lo that
caused problems when building debian packages.

Signed-off-by: Kyle Upton <kupton@baymicrosystems.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovn-nb: Add 'name' field to Logical Router

Adding a name identifier will increase convinence
for Openstack (or Other CMS) that want to identify
the logical router (or store the CMS id in the router name)

Signed-off-by: Gal Sagie <gal.sagie@gmail.com>
Acked-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

Revert "ofctrl: Don't use designated initializers."

This reverts commit 0b090f2263807e25be14f90a287c4bfdee2d82ec. When that
commit was applied, we did not know of a fix for the MSVC bug that it
avoided, but now we know that sufficiently new MSVC 2013 supports this
feature.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Gurucharan Shetty <gshetty@nicira.com>

tests: Skip IPv6 tests if the system does not support IPv6.

This is only for the tests that actually create IPv6 sockets. The tests
that merely use IPv6 addresses in flow entries, etc., do not depend on
kernel support.

Reported-by: 俊赵 <zhaojun12@outlook.com>
Reported-at: http://openvswitch.org/pipermail/discuss/2015-July/018173.html
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>

debian: Rationalize packaging using new debhelper.

Newer debhelper versions support overrides, making rules files simpler and
easier to extend.

Requires some changes in how files are installed (_debian build folder
dropped).

Signed-off-by: James Page <james.page@ubuntu.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

dpif-netlink: Fix compiler warning.

warning C4098: 'dpif_netlink_init_flow_del' : 'void' function returning a value

Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

db-ctl-base: group static functions together

This file follows a convention that all static functions are grouped
towards the beginning, ahead of public functions. Re-arrange the code
to confirm to this convention. No functional changes.

Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>

db-ctl-base: do not require client to expose the "tables" variable

Instead, client now pass it via the modified ctl_init() API.

Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>

db-ctl-base: do not expose get_table() API

Both get_table() and set_cloum() APIs are mostly used within db-ctl-base
library. This patch makes both private to the library.

Add a new ctl_set_colum() API for library client.

The changes are cleanups. No functional changes.

Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>

hmap: Fix bad advice in comment (plus a typo).

This dates to 2010!

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

xml2nroff: Allow comments in block XML.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

nicira-ext: Fix typo in comment.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

Undefined symbol make_unix_socket

syslog_direct_create defined in (lib/syslog-direct.c) uses make_unix_socket
which is currently undefined on the windows build.

We either can remove the new file from the chain but this patch proposes
to define a wrapper to make_unix_socket in which we return EINVAL.

This will avoid this kind of problems in the future.

Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Eitan Eliahu <eliahue@vmware.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

db-ctl-base: fix a few typos

Minor typo and style fixes.

Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>

hash: Add symmetric L3/L4 hash functions for multipath, bundle hashing.

Signed-off-by: Jeroen van Bemmel <jvb127@gmail.com>
[blp@nicira.com made code style fixes, expanded documentation]
Signed-off-by: Ben Pfaff <blp@nicira.com>

debian: wrap-and-sort

Wrap long lines and sort items in the Debian packaging files.

Signed-off-by: James Page <james.page@ubuntu.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

FAQ: Fix headline.

There must be no line break within the headline.

Signed-off-by: Steffen Gebert <steffen.gebert@informatik.uni-wuerzburg.de>
Signed-off-by: Ben Pfaff <blp@nicira.com>

FAQ.md: Remove text saying that OpenFlow 1.5 is not final.

OF1.5 was released months ago.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

nroff: Fix style of names.

The recommended Google Python style is multi_word_names, not
multiWordNames.

There are lots of other places where the style could be improved.
I started here because I was working in this code anyway and because
this code is only used at build time and not installed, so that it
can't break any third-party code.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

ofp-util: Log the type of an invalid message being added to a bundle.

This makes troubleshooting easier.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ofp-util: Require inner and outer message in bundle add to be same version.

It doesn't make sense for the messages added to a bundle to have a
different OpenFlow version from the outer OpenFlow version.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ofp-msgs: Add function ofptype_get_name().

An upcoming commit will make use of this.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

classifier: Make versioning more explicit.

Now that struct cls_match has 'add_version' the 'version' in cls_match
was largely redundant. Remove 'version' from struct cls_rule, and add
it to function prototypes that need it. This makes versioning more
explicit (or less indirect) in the API.

Suggested-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ofproto: Add struct ofproto_flow_mod.

It is cleaner to not use ofp_bundle_entry for non-bundle flow mods.
To address this, the new struct ofproto_flow_mod combines an
ofputil_flow_mod and the necessary execution context for executing the
start, revert, and finish phases of the flow mod, which all were
previously members of struct ofp_bundle_entry.

This also simplifies many of the function prototypes introduced with
the OF 1.4 bundles code.  However, in case of learn action execution
this approach requires a new copy of the ofputil_flow_mod.  This could
be avoided by making struct ofproto_flow_mod more complex, but it
seems not worth the complication.

As part of carving out the execution context from ofp_bundle_entry to
ofproto_flow_mod, the 'version' member is now also in
ofproto_flow_mod, as it makes sense for flow mods, but not for port
mods.  Now that the functions operate on the version also get the full
execution context, they use 'version' instead of
'ofproto->tables_version'. This allows ofproto->tables_version to be
changed only when a new version is committed.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

odp-util: Share fields between odp and dpif_backer.

Datapath support for some flow key fields is used inside ofproto-dpif as
well as odp-util. Share these fields using the same structure.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>

datapath-windows: Solved BSOD when adding OVS ports

This BSOD occurred in the context of a packet (NBL) with multiple
NET_BUFFER(s) (NBs). The reason for the BSOD is due to the marking
of NBLs created by OVS as being external and wrongly completing them.

Signed-off-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-at: https://github.com/openvswitch/ovs-issues/issues/82
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovs-bugtool: Remove argument of "ovs-appctl dpif/show".

"ovs-appctl dpif/show" no longer takes any argument after commit dc54ef36
(ofproto: Track subfacet stats in the backer).

Signed-off-by: Huanle Han <hanxueluo@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

stream-ssl: Set SSL session cache mode to disables.

To enable SSL clients to reconnect with the ovs-testcontoller without being
rejected, one must either set the SSL Session ID flag or disable the
SSL caching. This patch disables the SSL caching/reuse.

In the absence of this fix, the error message from ovs-testcontroller is as
below:

SSL protocol error: SSL_accept (error:140D9115:SSL
routines:SSL_GET_PREV_SESSION:session id context uninitialized)

See <https://www.openssl.org/docs/ssl/SSL_CTX_set_session_id_context.html>.

Validation: Tested with ovs-testcontroller, by performing SSL reconnection
with OpenSSL based SSL client.

Signed-off-by: Guru Chaitanya Perakam <gperakam@brocade.com>
Reported-by: Guru Chaitanya Perakam <gperakam@brocade.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovn: Add ovn/lib/libovn.sym to .gitignore.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

Implement OpenFlow 1.4+ OFPMP_TABLE_DESC message.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Co-authored-by: Saloni Jain <saloni.jain@tcs.com>
Signed-off-by: Saloni Jain <saloni.jain@tcs.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

Implement OpenFlow 1.4+ OFPTC_EVICTION.

OpenFlow 1.4 introduces the ability to turn on flow table eviction with an
OFPT_TABLE_MOD message specifying OFPTC_EVICTION.  It also adds related
machinery to other messages that mention OFPTC_* fields.  This commit adds
support for the new feature, implementing it as a second, parallel way to
enable flow table eviction.  It takes more work than it seems like it
should because there is so much weirdness with the treatment of OFPTC_*
flags over the evolution of OpenFlow; please refer to the explanation in
DESIGN.md for more information.

This commit also adds related support to ovs-ofctl, plus tests.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Co-authored-by: Saloni Jain <saloni.jain@tcs.com>
Signed-off-by: Saloni Jain <saloni.jain@tcs.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ofproto: Use OF1.4+ "importance" as part of eviction criteria.

The "importance" field is considered before flow timeout because I figure
that if you set the importance, you think it's important.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Co-authored-by: Saloni Jain <saloni.jain@tcs.com>
Signed-off-by: Saloni Jain <saloni.jain@tcs.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ofp-util: Fix typo in comment.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ofproto: Make 'importance' immutable.

OpenFlow provides no means to change the importance of a flow after it is
added, so make it immutable so that it is reasonable to read it without
locking.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ovn: Take advantage of OVSDB garbage collection in OVN_Northbound schema.

Until now, the OVN_Northbound schema has been designed to sidestep a
weakness in the OVSDB protocol when a column has a great deal of data in
it.  In the current OVSDB protocol, whenever a column changes, the entire
new value of the column is sent to all of the clients that are monitoring
that column.  That means that adding or removing a small amount of data,
say 1 element in a set, requires sending all of the data, which is
expensive if the column has a lot of data.

One example of a column with potential to have a lot of data is the set of
ports within a logical switch, if a logical switch has a large number of
ports.  Thus, the existing OVN_Northbound schema has each Logical_Port
point to its containing Logical_Switch instead of the other way around.
This sidesteps the problem because it does not use any large columns.

The tradeoff that this forces, however, is that the schema cannot take
advantage of OVSDB's garbage collection feature, where it automatically
deletes rows that are unreferenced.  That's a problem for Neutron because
of Neutron-internal races between deletion of a Logical_Switch and
creation of new Logical_Ports on the switch being deleted.  When such a
race happens, OVSDB refuses to delete the Logical_Switch because of
references to it from the newly created Logical_Port (although Neutron
does delete the pre-existing logical ports).

To solve the problem, this commit changes the OVN_Northbound schema to
use a set of ports within Logical_Switch.  That will lead to large columns
for large logical switches; I plan to address that (though I don't have
code written) by enhancing the OVSDB protocol.  With this commit applied,
the database will automatically cascade deleting a logical switch row to
delete all of its ports, ACLs, and its router port (if any).

This commit makes some pretty pervasive changes to ovn-northd, but they
are mostly beneficial to the code readability because now it becomes
possible to trivially iterate through the ports that belong to a switch,
which was difficult before the schema change.

This commit will break the Neutron integration until that is changed to
handle the new database schema.

CC: Aaron Rosen <arosen@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

datapath/README: Fix some typos.

Signed-off-by: Luis E. P <lpena@vmware.com>
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ofproto: Hold ofproto_mutex when enabling or disabling eviction.

ofproto_enable_eviction() and ofproto_disable_eviction() require
ofproto_mutex (and they were even annotated that way, though not on their
prototypes but only at definition), but it wasn't being held. This fixes
the problem.

Found by inspection.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

datapath-windows: Solved memory leak in OVS datapath

When closing opened instances, make sure the user dump state is cleared.

Signed-off-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-at: https://github.com/openvswitch/ovs-issues/issues/90
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

Solved datapath-windows: BSOD when initializing switch context

Add check in case of NdisAllocateRWLock fails to allocate the resources.

Check datapath->lock before trying to free it.

Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Reported-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-at: https://github.com/openvswitch/ovs-issues/issues/92
Acked-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

mcast-snooping: Add Multicast Listener Discovery support

Add support for MLDv1 and MLDv2. The behavior is not that different from
IGMP. Packets to all-hosts address and queries are always flooded,
reports go to routers, routers are added when a query is observed, and
all MLD packets go through slow path.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Cc: Flavio Leitner <fbl@redhat.com>
Cc: Ben Pfaff <blp@nicira.com>
[blp@nicira.com moved an assignment out of an 'if' statement]
Signed-off-by: Ben Pfaff <blp@nicira.com>

mcast-snooping: Use IPv6 address for MDB

Use IPv6 internally for storing multicast addresses. IPv4 addresses are
translated to their IPv4-mapped equivalent.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Cc: Flavio Leitner <fbl@redhat.com>
Cc: Ben Pfaff <blp@nicira.com>
[blp@nicira.com added a "sparse" implementation of IN6_IS_ADDR_V4MAPPED.]
Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath-windows: Solved BSOD when handling flows

OvsPrepareFlow() returns an error only when the new flow allocation
fails. In this case HandleFlowPut() should return error without trying
to free the flow, thus avoiding the BSOD.

Signed-off-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-at: https://github.com/openvswitch/ovs-issues/issues/91
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

tunnels: Don't initialize unnecessary packet metadata.

The addition of Geneve options to packet metadata significantly
expanded its size. It was reported that this can decrease performance
for DPDK ports by up to 25% since we need to initialize the whole
structure on each packet receive.

It is not really necessary to zero out the entire structure because
miniflow_extract() only copies the tunnel metadata when particular
fields indicate that it is valid. Therefore, as long as we zero out
these fields when the metadata is initialized and ensure that the
rest of the structure is correctly set in the presence of a tunnel,
we can avoid touching the tunnel fields on packet reception.

Reported-by: Ciara Loftus <ciara.loftus@intel.com>
Tested-by: Ciara Loftus <ciara.loftus@intel.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

datapath-windows: Rename 'vport->isPresentOnHv' to 'isAbsentOnHv'

Looking at the code, the flag 'vport->isPresentOnHv' is actually
indicating if the vport is present on the Hyper-V switch or not, but the
logic seems to be inverse. 'isPresentOnHv == TRUE' indicates that the
vport is not present on the Hyper-V switch. Eg. VXLAN port, would have
isPresentOnHv == TRUE.

In this patch, we rename the variable to reflect its meaning.

vport->isAbsentOnHv is TRUE iff:
- vport is bridge internal port
- vport is tunnel port
- vport was added from Hyper-V and also from OVS, but got deleted from
Hyper-V

Signed-off-by: Nithin Raju <nithin@vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath-windows: Code refactoring and fixes in Vport.c

In this patch, there a couple of fixes and some code refactoring:
1. During deletion of "internal" and "external" in
   OvsRemoveAndDeleteVport(), we need to check if 'hvDelete' is TRUE before
   updating the data structures. Added code comments explaining the
   same.

2. Added a OvsRemoveTunnelPort() that gets called from
   OvsRemoveAndDeletePort() for the special processing for tunnel ports.

3. Folded in OvsCleanupVportCommon() back into OvsRemoveAndDeletePort(),
   since we only need a part of the functionality of
   OvsCleanupVportCommon() to be called from
   OvsTunnelVportPendingUninit(), and not the entire function.

4. Renamed OvsTunnelVportPendingUninit() to
   OvsTunnelVportPendingRemove() since it is basically a "pending" version
   of OvsVportTunnelRemove().

Validation:
- Add external port from Hyper-V, add external port from OVS, remove
external port from OVS, remove external port from Hyper-V. No ASSERT
hit.
- Add external port from Hyper-V, add external port from OVS, remove
external port from Hyper-V, remove external port from OVS. No ASSERT
hit.
- Vxlan tunnel port creation/deletion
- Stt tunnel port creation/deletion
- Ping on Vxlan/Stt tunnels
- Ovs Extension load/unload. There's an unrelated issue I found that is
reported in: https://github.com/openvswitch/ovs-issues/issues/86

Signed-off-by: Nithin Raju <nithin@vmware.com>V
Reported-at: https://github.com/openvswitch/ovs-issues/issues/79
Reported-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Reported-by: Nithin Raju <nithin@vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

windows: Avoid OVS_UNUSED in Windows stubs for syslog.h.

Currently OVS_UNUSED is defined in compiler.h since syslog.h is a
standalone wrapper remove it from the parameters.

Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Eitan Eliahu <eliahue@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

INSTALL.DPDK.md: Fix wrong command for creating dpdkvhostuser.

Signed-off-by: Wei li <liw@dtdream.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath-windows: Failed initialization for datapath tunnel ports

Tunnel ports are not initialized with the corresponding default port.
The newly allocated vport is not yet initialized and the ovsType
member does not reflect the correct tunnel port type, thus the
transport port destination won't be correctly initialized.

Signed-off-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-at: https://github.com/openvswitch/ovs-issues/issues/88
Acked-by: Eitan Eliahu <eliahue@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath-windows: Avoid double incrementation of tx VXLAN packet statistics

VXLAN tunnel tx packet stats are incorrectly incremented.

Signed-off-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-at: https://github.com/openvswitch/ovs-issues/issues/89
Acked-by: Eitan Eliahu <eliahue@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath-windows: Duplicate tag for STT pools

All pool allocations should have unique tags.
OVS_STT_POOL_TAG matches the OVS_MEMORY_TAG.

Changed the OVS_STT_POOL_TAG to make it unique.

Signed-off-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Acked-by: Eitan Eliahu <eliahue@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovs-lib: Ability to move ip address and routes.

The ability to move IP address and routes between two interfaces
is useful when we want to make a physical interface (say eth0)
as a port of OVS bridge (say breth0) with all its IP address and route
information transferred to OVS bridge. An upcoming commit
uses the new ability.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ovs-save: Refactor and move some code to ovs-lib.

An upcoming commit becomes the second user of the
new functions.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

rhel: Add dkms support for ovs datapath build.

This commit adds a rpmbuild spec file for building ovs datapath
in dkms similar to the one for debian.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>

vlog: add "vlog/list-pattern" command

This patch allows to query logging format at the runtime for each destination
with "vlog/list-pattern" command.

Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

vlog: abstract out interface to syslog daemon

This patch helps to address two issues that are present on Ubuntu
15.04 (and most likely other Linux distributions) where rsyslog daemon
is configured to relay log messages from OVS to a remote log collector
and syslog format being used is something other than the one defined in
RFC 3164.  These two issues are:

1. libc syslog() function always adds RFC 3164 prefix to syslog
   messages before sending them over /dev/log Unix domain socket.
   This does not allow us to use libc syslog() function to log in
   RFC 5424 format;  and

2. rsyslogd daemon that comes with Ubuntu 15.04 is too old and
   uses hardcoded syslog message parser when it received messages
   over /dev/log UNIX domain socket.

Solution to those two issues would be to use the newly introduced
--syslog-method=udp:127.0.0.1:514 command line argument when starting
OVS.

Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

tunneling: Userspace datapath support for Geneve options.

Currently the userspace datapath only supports Geneve in a
basic mode - without options - since the rest of userspace
previously didn't support options either. This enables the
userspace datapath to send and receive options as well.

The receive path for extracting the tunnel options isn't entirely
optimal because it does a lookup on the options on a per-packet
basis, rather than per-flow like the kernel does. This is not
as straightforward to do in the userspace datapath since there
is no translation step between packet formats used in packet vs.
flow lookup. This can be optimized in the future and in the
meantime option support is still useful for testing and simulation.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ofproto: Fix use-after-free in bridge destruction with groups.

Groups were not destroyed until after lots of other important bridge
data had been destroyed, including the connection manager. There was an
indirect dependency on the connection manager for bridge destruction
because destroying a group also destroys all of the flows that reference
the group, which in turn causes the ofmonitor to be invoked to report that
the flows had been destroyed. This commit fixes the problem by destroying
groups earlier.

The problem can be observed by reverting the code changes in this commit
then running "make check-valgrind" with the test that this commit
introduces.

Reported-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Reviewed-by: Simon Horman <simon.horman@netronome.com>

ofp-actions: Support mixing "conjunction" and "note" actions.

It doesn't make sense to mix "conjunction" actions with most other kinds
of actions.  That's because flows with "conjunction" actions aren't ever
actually executed, so any actions mixed up with them would never do
anything useful.  "note" actions are a little different because they never
do anything useful anyway: they are just there to allow a controller to
annotate flows.  It makes as much sense to annotate a flow with
"conjunction" actions as it does to annotate any other flow, so this
commit makes this possible.

Requested-by: Soner Sevinc <sevincs@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>

expr: Fix typo in comment.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>

tunneling: Don't match on source IP address for native tunnels.

When doing native tunneling, we look at packets destined to the
local port to see if they match tunnel protocols that we should
intercept. The criteria are IP protocol, destination UDP port, etc.

However, we also look at the source IP address of the packets. This
should be a function of the port-based tunnel layer and not the
tunnel receive code itself. For comparison, the kernel tunnel code
has no idea about the IP addresses of its link partners. If port
based tunnel is desired, it can be handled using the normal port
tunnel layer, regardless of whether the packets originally came
from userspace or the kernel.

For port based tunneling, this bug has no effect - the check is
simply redundant. However, it breaks flow-based native tunnels
because the remote IP address is not known at port creation time.

CC: Pravin Shelar <pshelar@nicira.com>
Reported-by: David Griswold <David.Griswold@overturenetworks.com>
Tested-by: David Griswold <David.Griswold@overturenetworks.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

netdev-dpdk: Fix sparse and clang warnings

Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

dpif-netdev: log port/core affinity

When using multiple PMDs and numerous ports, a performance gain
may be achieved in some use cases by pinning a PMD/port to a
particular (set of) core(s).

This patch provides a summary of the switch's port/core affinities
each time that the status of the switch's ports is modified.
Based on this information, a user may determine what affinity
modifications are required to optimise performance for their
particular use case.

Signed-off-by: Mark Kavanagh <mark.b.kavanagh@intel.com>
Signed-off-by: Wojciech Andralojc <wojciechx.andralojc@intel.com>
Acked-by: Flavio Leitner <fbl@redhat.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

netdev-dpdk: Do not flush tx queue which is shared among CPUs since it is always flushed

When tx queue is shared among CPUS,the pkts always be flush
in 'netdev_dpdk_eth_send'. So it is unnecessarily for flushing
in netdev_dpdk_rxq_recv Otherwise tx will be accessed without
locking.

Signed-off-by: Wei li <liw@dtdream.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

pkt-metadata: Avoid introducing overhead for userspace tunnels.

The addition of Geneve metadata requires a large amount of additional
space to handle the maximum set of options. In most cases, this is
not a big deal since it is only temporary storage on the stack or
can be automatically stripped out for miniflows. However, userspace
tunnels need to deal with this on a per-packet basis, so we should
avoid introducing additional overhead if possible. Two small changes
are aimed at this:

* Move struct flow_tnl to the end of the packet metadata. Since
   the Geneve metadata is already at the end of flow_tnl and pkt_metadata
   is at the end of struct dp_packet, this avoids putting a large
   amount metadata (which might be empty) in hot cache lines.

* Only push the new metadata into a miniflow if any options are present
   during miniflow_extract(). This does not necessarily provide the
   most fine-grained flow generation but it is a quick check and
   the userspace implementation of Geneve does not currently support
   options anyways.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>