git.cascardo.eti.br Git - cascardo/ovs.git/log

datapath: Rehash 16-bit skbuff hashes into 32 bits.

Currently, if the network stack provides skb->rxhash then we use it,
otherwise we compute our own. However, on at least some versions of
RHEL/CentOS, the stack provides a hash that is 16 bits rather than
32 bits. In cases where we use the uppermost bits of the hash this
is particularly bad because we detect that a hash is present and we
use it rather than computing our own but the result is always zero.

This is particularly noticible with tunnel ports that use the hash
to generate a source port, such as VXLAN. On these kernels the tunnel
source port is always the minimum value. To solve this problem while
still taking advantage of the precomputed hash, this rehashes the
hash so that the entropy is spread throughout 32 bits.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Thomas Graf <tgraf@noironetworks.com>

tests: Remove extraneous parenthesis from test name.

This could cause configuration failure on earlier versions of autoconf.

Reported-by: Lin Shaopeng <slin0209@gmail.com>
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

dpif: When executing actions needs help, use "set" action to set tunnel.

Open vSwitch userspace is able to implement some actions that the kernel
doesn't support, such as modifying ARP fields. When it does this for a
tunneled packet, it needs to supply the tunnel information with a "set"
action, because the Linux kernel datapath throws away tunnel information
supplied in the OVS_PACKET_CMD_EXECUTE metadata argument.

VMware-BZ: #1270110
Reported-by: Srinivas Neginhal <sneginha@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

datapath: Add basic MPLS support to kernel

Allow datapath to recognize and extract MPLS labels into flow keys
and execute actions which push, pop, and set labels on packets.

Based heavily on work by Leo Alterman, Ravi K, Isaku Yamahata and Joe Stringer.

Cc: Ravi K <rkerur@gmail.com>
Cc: Leo Alterman <lalterman@nicira.com>
Cc: Isaku Yamahata <yamahata@valinux.co.jp>
Cc: Joe Stringer <joe@wand.net.nz>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Jesse Gross <jesse@nicira.com>

netdev-vport: Fix use-after-free error in netdev_vport_route_changed().

We can't unlock the netdev's mutex after close the netdev, because closing
the netdev might destroy the mutex.

VMware-BZ: #1275187
Signed-off-by: Ben Pfaff <blp@nicira.com>

test-classifier: add ovs_assert to prevent warning

GCC 4.9.0 triggers a warning (array-bounds) while compiling test-classifier.c
This commit introduces an assertion that suppresses the warning.

Signed-off-by: Daniele Di Proietto <ddiproietto@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofp-parse: Correctly parse actions= in group bucket

Make the parser compatible with how we print group buckets and allow
actions= to be specified, e.g.:

group_id=1,type=all,bucket=actions=output:2,bucket=actions=output:3

Also, better document the supported syntax in the manual page and
cover both syntax formats in the unit test.

Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

netdev-dpdk: Coding style improvements.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Pritesh Kothari <pritesh.kothari@cisco.com>

utilities: skip loading kernel module if kernel has no module support

Signed-off-by: Pim van den Berg <pim@nethuis.nl>
Signed-off-by: Ben Pfaff <blp@nicira.com>

bridge: Enable multicast support on the bridge

Signed-off-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

dpif-xlate: Snoop multicast packets and send them properly

If the packet is multicast and the snooping feature is enabled,
update the multicast snooping database accordingly and send it
to the right ports.

If the packet is not multicast or the snooping feature is disabled,
let the MAC learning handle the packet as before.

Signed-off-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif: Add mcast snooping db show and flush cmds

This patch adds the command 'ovs-appctl mdb/show bridge'
to show learned groups on a bridge from the multicast
snooping database.

It also adds the command 'ovs-appctl mdb/flush [bridge]'
to flush learned groups on a bridge or on all bridges.

Acked-by: Thomas Graf <tgraf@redhat.com>
Acked-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto: Add functions to configure multicast snooping

Signed-off-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif: Introduce multicast snooping handler

It follows mac learning, but since the multicast snooping feature
can be disabled, the locking is handled in the library.

Signed-off-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

flow: extend it to carry IGMP protocol information

Add IGMP info to struct flow, flow compose and flow extract.

Signed-off-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

lib: Add IGMP snooping library bits

This patch adds generic IGMP snooping library code
that is used in follow-up patches.

Signed-off-by: Cong Wang <amwang@redhat.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Thomas Graf <tgraf@redhat.com>
Signed-off-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

debian: Re-run failed unit tests once.

There are always a few unit tests that have some race conditions
that cause them to occasionally fail. It is probably a good idea
to re-run the failed tests once while building deb packages.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Co-authored-by: Keith Amidon <kamidon@nicira.com>
Signed-off-by: Keith Amidon <kamidon@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

socket_util.py: Make set_dscp() python 2.4.3 compatible.

There is no 'errno' field in socket.error. Instead use the
get_exception_errno() function to get the error number.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

atlocal: Disable Python related tests on Windows.

Most of the Python code in Open vSwitch repo does not work
on Windows. Till that porting is done, simply skip all
Python tests.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

lockfile: Modify tests for Windows.

As of now, when a process tries to reacquire a lockfile, we
return EEXIST on Windows and print a different error message.
This means that the unit tests need to look for different error
messages too. Linux uses EDEADLK for the same. EDEADLK feels like
a good error description for Windows too and this also lets us
not change the tests too much. So use it.

Some of the tests in test-lockfile.c uses fork to test a
child's ability to acquire lock. We do not fork in Windows.
We also do not support symlinks on Windows. So, comment out
those tests.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

util: Don't compile couple of unused function for Windows.

basename() and dir_name() are not used for Windows and won't work well if
used. So put a '#ifndef _WIN32' around them to prevent future calls.

test-file_name.c tests the above 2 functions. It makes sense to merge
this single function file with test-util.c and then not compile it for
Windows.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

daemon-windows: unlink pidfile before stopping the service.

When a OVS daemon is configured to run as a Windows service,
when the service is stopped by calling service_stop(), the
windows services manager does not give enough time to do
everything in the atexit handler. So call the exit handler
directly from service_stop().

Also add a test case for Windows services which checks for
the termination of the service by looking at pidfile cleaned
by the exit handler.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com
Acked-by: Ben Pfaff <blp@nicira.com>

test-util: Changes for 'assert' test on Windows.

There is no 'kill -l' type functionality available on Windows.
So instead of looking for the string 'ABRT', check for the exit
code in both platforms. On msys (unit test environment), it is 9
and on Linux, it is 134 (SIGABRT + 128).

On Windows, stderr is fully buffered if connected to a pipe.
Make it _IONBF so that an abort does not miss log contents.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

util: Make WSAStartup available outside stream.c.

WSAStartup() needs to be called before using winsock2 related
functions. We need this for almost all the utilities. So call
it through OVS_CONSTRUCTOR.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ovs-ofctl.8: Move mod-table out of group tables section

Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovs-ofctl.8: Document group:group_id action

Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

dpif-netdev: Remove unused global variable 'key'.

Found by sparse.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Thomas Graf <tgraf@noironetworks.com>

ofproto: Break out monitor deletion code

Break out monitor deletion code into a new function
flow_monitor_delete which is paramatised over the id of
the monitor to delete.

This is in preparation for supporting OpenFlow1.4 flow monitor requests
with delete and modify commands.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>

Revert "revalidator: Use xcache when revalidation is required."

This reverts commit a48c85b2d672505b89e488d28066538705b94942. The commit
was causing intermittent testsuite failures and unexpected re-install of
stale mac-learning entries.

VMware-BZ: 1268574

Reported-by: Len Gao <leng@vmware.com>
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>

dpif-netdev: batch packet processing

This change in dpif-netdev allows faster packet processing for devices which
implement batching (netdev-dpdk currently).

Signed-off-by: Daniele Di Proietto <ddiproietto@vmware.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

netdev: netdev_send accepts multiple packets

The netdev_send function has been modified to accept multiple packets, to
allow netdev providers to amortize locking and queuing costs.
This is especially true for netdev-dpdk.

Later commits exploit the new API.

Signed-off-by: Daniele Di Proietto <ddiproietto@vmware.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

dpif-netdev: use dpif_packet structure for packets

This commit introduces a new data structure used for receiving packets from
netdevs and passing them to dpifs.
The purpose of this change is to allow storing some private data for each
packet. The subsequent commits make use of it.

Signed-off-by: Daniele Di Proietto <ddiproietto@vmware.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

vswitchd: skip right number of arguments in dpdk_init()

rte_eal_init() returns the number of parsed dpdk arguments to skip.
dpdk_init() should add 1 to that number, because it has already skipped
the "--dpdk" argument itself.

This patch also makes sure the program name is ovs-vswitchd in
rte_eal_init() and proctitle_init().

Signed-off-by: Daniele Di Proietto <ddiproietto@vmware.com>
Signed-off-by: Ryan Wilson <wryan@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

ofproto: Honour out_port of flow monitors

Previously the out_port of a flow monitor was
checked in ofmonitor_report() using ofoperation_has_out_port().

When ofoperation_has_out_port() was removed so was the call to
it in ofmonitor_report() thus flow monitor updates are longer
filtered on the out_port.

This restores filtering on the out_port by using
ofproto_rule_has_out_port to check the actions of the rule.
If the actions have been changed by a modify actions then
ofpacts_output_to_port() is also used to check the old actions.

This patch also adds a test to exercise out_ports for flow monitors.

This resolves what appears to be a regression introduced by
b20f4073eecd4761 ("ofproto: Do straightforward removal of asynchronous flow
operations.")

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath/linux: add vport-geneve.c to .gitignore

Signed-off-by: Lorand Jakab <lojakab@cisco.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

Makefile.am: fix printf-check in out-of-tree build

The introduction of a %zu in datapath/flow_netlink.c with commit c1fc1411
revealed a problem with out-of-tree builds.

printf-check and thread-safety-check skip some directories with a 'grep -v'.
In the case of an out-of-tree build, the grep -v pattern doesn't work, because
it assumes the pathnames to be relative to the OVS root directory.

This commit fixes the problem by changing the directory before executing any
commands, like we do elsewhere in Makefile.am

Signed-off-by: Daniele Di Proietto <ddiproietto@vmware.com>
Signed-off-by: Joe Stringer <joestringer@nicira.com>

datapath: Check tunnel info before dereferencing on send.

It's possible that the tunnel information may not have been set by
userspace before a packet is output to a tunnel port. Therefore, we
should ensure that we validate that the information is there before
attempting to use it.

Signed-off-by: Jesse Gross <jesse@nicira.com>

doc: Additional documentation updates for Geneve.

Signed-off-by: Jesse Gross <jesse@nicira.com>

datapath: Add support for Geneve tunneling.

This adds support for Geneve - Generic Network Virtualization
Encapsulation. The protocol is documented at
http://tools.ietf.org/html/draft-gross-geneve-00

The kernel implementation is completely agnostic to the options
that are in use and can handle newly defined options without
further work. It does this by simply matching on a byte array
of options and allowing userspace to setup flows on this array.

Userspace currently implements only support for basic version of
Geneve. It can work with the base header (including the VNI) and
is capable of parsing options but does not currently support any
particular option definitions. Over time, the intention is to
allow options to be matched through OpenFlow without requiring
explicit support in OVS userspace.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

datapath: Factor out allocation and verification of actions.

As the size of the flow key grows, it can put some pressure on the
stack. This is particularly true in ovs_flow_cmd_set(), which needs several
copies of the key on the stack. One of those uses is logically separate,
so this factors it out to reduce stack pressure and improve readibility.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

tunnel: Add support for matching on OAM packets.

Some tunnel formats have mechanisms for indicating that packets are
OAM frames that should be handled specially (either as high priority or
not forwarded beyond an endpoint). This provides support for allowing
those types of packets to be matched.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

datapath: Wrap struct ovs_key_ipv4_tunnel in a new structure.

Currently, the flow information that is matched for tunnels and
the tunnel data passed around with packets is the same. However,
as additional information is added this is not necessarily desirable,
as in the case of pointers.

This adds a new structure for tunnel metadata which currently contains
only the existing struct. This change is purely internal to the kernel
since the current OVS_KEY_ATTR_IPV4_TUNNEL is simply a compressed version
of OVS_KEY_ATTR_TUNNEL that is translated at flow setup.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

datapath: Eliminate memset() from flow_extract.

As new protocols are added, the size of the flow key tends to
increase although few protocols care about all of the fields. In
order to optimize this for hashing and matching, OVS uses a variable
length portion of the key. However, when fields are extracted from
the packet we must still zero out the entire key.

This is no longer necessary now that OVS implements masking. Any
fields (or holes in the structure) which are not part of a given
protocol will be by definition not part of the mask and zeroed out
during lookup. Furthermore, since masking already uses variable
length keys this zeroing operation automatically benefits as well.

In principle, the only thing that needs to be done at this point
is remove the memset() at the beginning of flow. However, some
fields assume that they are initialized to zero, which now must be
done explicitly. In addition, in the event of an error we must also
zero out corresponding fields to signal that there is no valid data
present. These increase the total amount of code but very little of
it is executed in non-error situations.

Removing the memset() reduces the profile of ovs_flow_extract()
from 0.64% to 0.56% when tested with large packets on a 10G link.

Suggested-by: Pravin Shelar <pshelar@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

datapath: keep mask array compact when deleting mask

When deleting a mask from the mask array, we always move the last entry
into its current location. Another approach can be NULL in its
current place, and periodically compact it.

The approach taken by this patch is more efficient during run
time. During look up, fast path packet don't have to skip over NULL
pointers.

A more important advantage of this approach is that it tries to
keep the mask array index stable by avoiding periodic index
reshuffle.

This patch implements an optimization to further promote index
stability. By leaving the last entry value intact when moving it
to a new location, the old cache index can 'fix' themselves, by noticing
the index in the cache is outside the valid mask array region. The
new index can be found by scanning the mask pointer within the valid
rtegion.

Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

datapath: simplify ovs_flow_tbl_lookup_stats()

Simplify flow mask cache replacement without using expensive atomic
memory access to the mask pointers.

Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

ovs-vsctl: Fix OF protocol name capitalization in manual page

Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Signed-off-by: Justin Pettit <jpettit@nicira.com>

AUTHORS: Update entry for Thomas Graf

Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Signed-off-by: Justin Pettit <jpettit@nicira.com>

bridge: Make ovs-vswitchd run again if status_txn commit fails.

This commit adds logic that checks the return value of status_txn
transaction and runs the update again if the transaction fails
(transaction status is not 'TXN_SUCCESS', 'TXN_UNCHANGED', or
'TXN_INCOMPLETE').

To keep the code simple, the re-run of update on transaction failure
will extracts the status from all interfaces, rather than just those
that have status change. Since the transaction failure is considered
to be very rare, such overhead is deemed to be affordable.

VMware-BZ: 1256577

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ofproto: Add separate functions for checking bfd/cfm status change.

Currently, ofproto_port_get_bfd/cfm_status() is used to check the
bfd/cfm status change and query the status change. Users decide
what to do with the filled status struct based on the return value
of the funciton. Such design is confusing and makes the caller
code hard to read.

This commit breaks the function into a status change check function
and a status query function, so that they become easier to read and
use.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

cfm: Extracts the cfm status in one function.

This commit adds a new function, cfm_get_status(), for extracting
all cfm status at once. This helps avoid the sequence of lock
acquire/release in current implementation of status query.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ovs-thread: Implement OVS specific barrier.

Non-leader revalidator thread uses pthread_barrier_* functions in their
main loop to synchronize with leader thread. However, since those threads
only call poll_block() intermittently, the poll interval check in
poll_block() can wrongly take the time since last call as poll interval
and issue the following warnings:

"Unreasonably long XXXXms poll interval".

To prevent it, this commit implements the barrier struct and operations
for OVS which allow thread to block on barrier via poll_block().

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

netdev-vport: Use dpif_port as base for tunnel backing port.

In most cases, tunnel ports specify a dpif name to act as the backing
port in the datapath. However, in the case of UDP tunnels the type is
used with the port number appended. This is potentially a problem for
IPsec tunnels because they have different types but should have the
same backing port. The hasn't been a problem in practice though because
no UDP tunnels are currently used with IPsec.

This switches to use the dpif_port in all cases plus a port number if
necessary. It does this by making the names short enough to accomodate
ports, which also makes the naming more consistent.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

stream-ssl: Enable TLSv1.1 and TLSv1.2.

The Open vSwitch SSL code was inadvertently enabling only TLSv1, not
later versions. This commit should fix it.

See https://www.openssl.org/docs/ssl/SSL_CTX_new.html
and http://www.postgresql.org/message-id/20131203213049.GA8259@gmail.com
for more information.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Reported-by: Abhinav Singhal <Abhinav.Singhal@spirent.com>
Acked-by: Gurucharan Shetty <gshetty@nicira.com>

odp-util: Make it harder to forget to update ODPUTIL_FLOW_KEY_BYTES.

We've forgotten more than once. Most updates coincide with adding
new flow members, so a build assertion on FLOW_WC_SEQ seems appropriate.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>

ofproto: Honour NXFMF_OWN flag of flow monitors

If NXFMF_OWN is set then full updates should be sent.
Prior to this change an abbreviated update is always sent
to the controller to which a monitor belongs, that is,
the NXFMF_OWN flag is ignored.

Also:
* Update existing flow tests for this chagne
* Add a test to exercise NX flow monitor with !own

I noticed this while working on support for OpenFlow1.4 flow monitors.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto: Break out perl code for sorting multiline messages

The flow monitoring tests includes a perl script to sort multiline
messages. This commit breaks it out of an individual test so that it can
be used elsewhere.

Signed-off-by: Simon Horman <horms@verge.net.au>
[blp@nicira.com changed approach from a separate file to a shell function]
Signed-off-by: Ben Pfaff <blp@nicira.com>

Move setsockopt TCP_NODELAY to when TCP is connected.

On windows platform, TCP_NODELAY can only be set when TCP
is established. If the conection is not immediately returning
success, call it when state is changed from TCP_CONNECTING
to SSL_CONNECTING.

Signed-off-by: Linda Sun <lsun@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

util: Move definition of HANDLE here.

A few Open vSwitch source files use a type named HANDLE on Windows systems,
in a way that makes it easier to avoid #ifdefs if we have a dummy
definition on other platforms. <linux/types.h> was a really weird place
for this dummy definition. This commit moves it to util.h.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Gurucharan Shetty <gshetty@nicira.com>

lib/classifier: Fix use of uninitialized memory.

When reaching the end of a prefix trie, we checked one bit off the end
to the intended data. However, since the trie node in that case has
NULLs for both edge links, this did not result in incorrect
functionality.

Found via check-valgrind.

Reported-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

lib/classifier: Clarify trie_lookup_value().

trie_lookup_value() is easier to read with the local variable 'plen'
renamed as 'ofs'.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

lisp: Use IP addresses rather than flow on hash failure.

When calculating the source port for the UDP header, LISP primarily
uses skb_get_hash() but needs a backup in case this fails. The
current backup is a hash of the entire flow key but this includes
many fields that probably would not be considered to be part of a
flow in many situations. It assumes that all fields, including those
not used, are zeroed out which will soon not be the case.

This switches to using a hash of the IP addresses instead, which
solves both problems. These should always be present since LISP
encapsulates L3 packets.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Thomas Graf <tgraf@suug.ch>

odp-util: update comments on ODPUTIL_FLOW_KEY_BYTES estimation

Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

timeval: Provide a variation for time/warp command.

The new command is of the form 'time/warp LARGE_MSECS MSECS'.
It advances the current monotonic time by LARGE_MSECS. This is done MSECS
at a time in each run of the main thread. This gives other threads
time to run after the clock has been advanced by MSECS.

The old command would continue to work.

Rationale: On Windows, process creation is slower. When we have tests
that run 'ovs-appctl time/warp MSECS' hundreds of times in a for loop,
the time it takes to complete the test increases. This is specially
true for bfd tests. For e.g, the 11 bfd tests would take 3.5 minutes
to complete before this change and now takes a little less than 2 minutes.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

extract-ofp-msg: Add ONF extension support

This is analogous to Nicira extension support.

This is in preparation for supporting EXT-187: flow entry notification
extension (ONF flow monitor).

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofp-msgs: Add OFPRAW_OFPST14_FLOW_MONITOR_*

Add OFPRAW_OFPST14_FLOW_MONITOR_REQUEST and
OFPRAW_OFPST14_FLOW_MONITOR_REPLY.

This is a step towards supporting OpenFlow1.4 flow monitors.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofp-errors: Add OFPET_FLOW_MONITOR_FAILED

Add OFPET_FLOW_MONITOR_FAILED which is added in OpenFLow1.4.
Map the OFPERR_NXBRC_FM_* errors to the corresponding new OpenFlow errors.

This is a step towards supporting OpenFlow1.4 flow monitors.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto: Add ofp14_flow_monitor_{request, command, flags}

This is in preparation for supporting OpenFlow1.4
flow monitor requests.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto: Initialise return value of modify_flows__

dd51dae29bccca3 ("ofproto: Move logic for collecting read-only rules into
rule_criteria.") modifies modify_flows__ such that the variable error,
the return value, may be uninitialised if either of the following is true:

1. ofproto->ofproto_class->rule_premodify_actions is NULL
2. rules->n is zero

It appears for the "bfd - Verify tunnel down detection" test
in the testsuite the first condition is true and the test fails.

This commit fixes the problem.

Signed-off-by: Simon Horman <horms@verge.net.au>
[blp@nicira.com changed the style of the fix]
Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath: avoid memory corruption in queue_userspace_packet()

In queue_userspace_packet(), the ovs_nla_put_flow return value is
not checked. This is fine as long as key_attr_size() returns the
correct value. In case it does not, the current code may corrupt buffer
memory. Add a run time assertion catch this case to avoid silent
failure.

Reported-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

datapath: fix key size computation in key_attr_size()

The key_attr_size() was not updated when RECIRC_ID and DP_HASH
key fields are added to support recircualtion. This patch fixes it.

Reported-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
VMware-BZ: 1266214

dpif-netdev: enumerate dpif belonging to the right class

Since dpif_netdev_enumerate() is used for "netdev" and "dummy" class, it
incorrectly lists dpif-netdevs as "dummy" and vice versa.
This patches address the issue by changing the dpif-provider interface: a
dpif_class parameter is passed to the 'enumerate' call to match the right class.

Signed-off-by: Daniele Di Proietto <ddiproietto@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

tests: Use set_field instead of load_reg in OF1.2 test for metadata.

ONF-JIRA: EXT-46
Signed-off-by: Jean Tourrilhes <jt@hpl.hp.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

Implement learned flow deletion.

When a flow with a "learn" action is deleted, one often wants the flows
that it created (the "learned flows") to be deleted as well.  This commit
makes that possible.

I am aware of a race condition that could lead to a learned flow not being
properly deleted.  Suppose thread A deletes a flow with a "learn" action.
Meanwhile, thread B obtains the actions for this flow and translates and
executes them.  Thread B could obtain the actions for the flow before it is
deleted, but execute them after the "learn" flow and its learned flows are
deleted.  The result is that the flow created by thread B persists despite
its "learn" flow having been deleted.  This race can and should be fixed,
but I think that this commit is worth reviewing without it.

VMware-BZ: #1254021
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Ethan Jackson <ethan@nicira.com>

ofproto: Reduce duplication in deletion logic.

The delete_flow__() function had two callers, each of which had to
correctly call ofmonitor_flush() when completely done. An upcoming commit
will add another function that the callers need to call. This is easier
if delete_flow__() only has one caller, so this commit refactors so that
it does, and inlines delete_flow__() into that caller for further
simplification.

Also remove a parameter from delete_flows__() that wasn't really needed
and change its return type to void since it can't ever fail.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Ethan Jackson <ethan@nicira.com>

ofproto: Shrink struct rule_actions slightly.

Nothing actually used 'provider_meter_id', but some code did want to know
whether there was a meter, so we can save a little space by using a bool
instead. An upcoming commit will add a second bool member. This change
allows that bool to be added without using extra space.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ofproto: Additional simplifications.

This commit finishes the removal of asynchronous flow table operations
begun in the previous commit, by removing ofoperation and ofopgroup
entirely and all of the code that depended on them. Following this commit,
all the internal documentation and comments should again be consistent and
correct.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ofproto: Do straightforward removal of asynchronous flow operations.

Open vSwitch has supported datapaths that cannot update their flow tables
synchronously for many versions.  In that time, I have talked to many
hardware implementers.  None of them has ever mentioned the asynchronous
interface.  Furthermore, the only public hardware implementation of an Open
vSwitch datapath (from Centec), does not use the asynchronous interface.

At the same time, the asynchronous interface makes ofproto hard to read and
hard to understand.  It also makes it hard to maintain and extend.  An
extension in an upcoming commit would be very difficult to implement
asynchronously.

Therefore, this commit begins to remove the asynchronous interface.  This
initial commit does only the most straightforward parts of the removal, the
ones that do not significantly change the structure of the code.  For
example, this commit does not remove the ofoperation or ofopgroup data
structures at the core of the asynchronous interface, but instead reduces
them to a vestigial form: where previously an ofoperation might span
multiple trips through the main loop (if the operation were truly
asynchronous), now it always completes immediately.

The following commit will do more structural changes.  It will also update
all the comments, which are mostly left alone here.

The hope is that this structuring of the asynchronous removal into two
stages will make it easier to understand and review.  If not, the commits
could be squashed.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ofproto: Combine "struct ofconn *" and "const struct ofp_header *" args.

It's nicer to pass around a single argument than a pair of them. This
will also make it easier to change the 'const struct ofp_header *request'
parameters to 'ovs_be32 xid' ones in an upcoming commit.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Thomas Graf <tgraf@suug.ch>

ofproto: Move logic for collecting read-only rules into rule_criteria.

ofproto supports OpenFlow tables that the controller can view but not
modify. Until now, the logic for this was separately implemented in each
flow table operation, which meant that it was somewhat error-prone and in
fact seems missing entirely for "delete" operations. This commit
implements the "modify" and "delete" side of that logic in the common code
for collecting a group of rules to work on, thereby slightly simplifying
the somewhat tricky modify_flows__() function and fixing the bug in
deletion.

There isn't a good way to reuse this logic for "add" operations.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Thomas Graf <tgraf@suug.ch>

ofproto: Make ofproto_rule_is_hidden() public, and rename.

I'd like to use this from connmgr.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Thomas Graf <tgraf@suug.ch>

ofproto: Only initiate flow table modifications if they will succeed.

In OpenFlow, a single "flow_mod" operation can change the actions (and
some other properties) of an arbitrary number of flows.  Until now,
Open vSwitch has assumed that any subset of these operations could
fail.  However, it has come out in discussion in the OpenFlow extensibility
working group that "partial failure" of a flow table operation is
undesirable, and furthermore that it should be possible to avoid it on
hardware implementations.  (The latter is the reason that Open vSwitch
permitted it to be with.)

This commit changes Open vSwitch to check whether all of a set of flow
table modifications will succeed before it initiates any of them.
This will not change visible behavior of the Open vSwitch software
switch, which never failed flow table modifications anyway.  It might
change behavior of some hardware implementation, but I don't actually know
of any.

ONF-JIRA: EXT-362.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Thomas Graf <tgraf@suug.ch>

ofproto: Add missing lock annotations on prototypes.

Clang only does lock annotation checks based on annotations that are
already visible, so for best results they need to be on prototypes as
well as definitions.

Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto: Merge do_add_flow() and oftable_insert_rule() into add_flow().

Each of these functions had only a single caller, and breaking them out as
separate functions didn't seem to many the code clearer.

I added a new function meter_insert_rule(): oftable_insert_rule() had used
members of struct meter directly, which worked because it was after the
definition of struct meter. So there was a choice to either move the
definition of struct meter earlier or add a helper function; I chose the
latter.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Thomas Graf <traf@suug.ch>

OPENFLOW-1.1+: EXT-187/OF1.4 Flow Monitors Are Under Development

I am unsure if it is appropriate to annotate OPENFLOW-1.1+ in this way
but I wish to throw my hat into the ring for work on EXT-187/OF1.4
flow monitors.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>

test-jsonrpc: Add the ability to detach on Windows.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

connmgr: Do not use OFPRR_METER_DELETE before OF1.4

OFPRR_METER_DELETE was introduced in OF1.4 however meters were introduced
in OF1.3.

Regardless of the OF version when flows are deleted cause flows to be
deleted handle_delete_meter() calls delete_flows__() with
OFPRR_METER_DELETE as the reason.

In order to avoid sending OFPRR_METER_DELETE to controllers connected
using OF1.3 map OFPRR_METER_DELETE to OFPRR_DELETE which exists in that
version.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif: Add idle_timeout parameter to ofproto_dpif_add_internal_flow()

This is in preparation for using the same helper as part of support
for using recirculation in conjunction series of actions including
with MPLS actions that are currently not able to be translated.

In that scenario the idle timeout will be used to expire internal
rules that are added to handle recirculation.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif: Add recirc_id field to struct rule_dpif

This is to allow a recirculation id to be associated with a rule
in the case that its actions cause recirculation.

In such a case if the recirc_id field is non-zero then that value should be
used, otherwise a value should be obtained using
ofproto_dpif_alloc_recirc_id and saved in recirc_id field.

When destructing the rule if the recirc_id field is non-zero then
the associated internal flow should be deleted.

This is in preparation for using the same helper as part of support
for using recirculation in conjunction series of actions including
with MPLS actions that are currently not able to be translated.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif: Move RECIRC_RULE_PRIORITY to common header

This is in preparation for using this value
in ofproto-dpif-xlate.c when composing recirculation
actions added as a result of processing (MPLS) actions.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>

socket-util: Disable dscp setting on Windows.

According to msdn documentation, one is discouraged from using
IP_TOS for ipv4 sockets (it apparently does not actually set
anything). Also, IPV6_TCLASS does not work in
Windows (it always returns an error and also is undocumented).
Looks like Microsoft recommends QoS2 APIs to achieve
the same. Till we add those API calls, simply return on Windows.

(Noticed while running unit tests for ipv6. set_dscp would fail.)

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

lib/cmap: Simplify iteration with C99 loop declaration.

This further eases porting existing hmap code to use cmap instead.

The iterator variants taking an explicit cursor are retained (renamed)
as they are needed when iteration is to be continued from the last
iterated node.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>

lib/classifier: Clean up includes.

Remove unnecessary includes from lib/classifier.h and add them to
lib/classifier.c as needed.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>

lib/classifier: Fix incorrect pointer type.

This bug did not manifest due to 'hmap_node' being in the same offset
in both struct cls_partition and struct cls_subtable.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>

OPENFLOW-1.1+: OFPRR_METER_DELETE is used

My reading of handle_delete_meter() is that OFPRR_METER_DELETE is used.
Accordingly delete the entry relating to it from OPENFLOW-1.1+.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto: Use OFPRR_GROUP_DELETE

Use OFPRR_GROUP_DELETE as the reason for deleting flows due
to the removal of a group that they use.

This implementation adds an delete_reason member to struct ofputil_flow_mod
as a convenient way to set the reason used by delete_flows__() when it is
called indirectly from delete_group__().

Signed-off-by: Simon Horman <horms@verge.net.au>
[blp@nicira.com initialized the new member in a few more places]
Signed-off-by: Ben Pfaff <blp@nicira.com>

Fix log message weird suffixes.

I think these were leftovers from the removal of %z for MSVC that happened
some time ago.

VMware-BZ: 1265762
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Pritesh Kothari <pritesh.kothari@cisco.com>

test: Remove explicit sleeps from ofproto-dpif bond tests

Ofproto-dpif bond tests relies on netdev-dummy ports to set up
socket connection before actual tests. The time required
for socket connection varies depends on system load, making the test
prone to failure with simple sleep calls. On the other hand,
conservative sleep value for the slowest machine may be excessive on
a faster machine.

This patch removes the sleep calls. Replace them with
WAIT_FOR_DUMMY_PORTS() introduced in the last patch, thus removing
the timing dependency.

CC: Jarno Rajahalme <jrajahalme@nicira.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

test: add WAIT_FOR_DUMMY_PORTS helper macro for writing tests

Add a macro to waiting until all ports supplied are connected.

CC: Jarno Rajahalme <jrajahalme@nicira.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

netdev-dummy: add appctl netdev-dummy/conn-state command

Using without any parameter, this command list the connection
state of all netdev-dummy devices that are configured to make
active connections.

Optionally, the name of the netdev-dummy device can be supplied
as a parameter.

The states will be displayed as:

"connected": The socket has been connected to the listener.
"disconnected": The socket is not connected.
"unknown": It is not an active dummy device.

CC: Jarno Rajahalme <jrajahalme@nicira.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

INSTALL.DPDK: User space dpdk setup documentation addition.

Added details of dpdk poll mode setup to make it easier
for someone, not familiar, to get it operating.

Signed-off-by: Mike A. Polehn <mike.a.polehn@intel.com>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>