bond: Use correct type for slave's change_seq.

seq values are 64-bit, and storing them to a 32-bit variable causes
the stored value never to match actual seq value after the seq value
gets big enough.

This is a likely cause of OVS main thread using 100% CPU in a system
using bonds after some runtime.

VMware-BZ: #1564993
Reported-by: Hiram Bayless <hbayless@vmware.com>
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Joe Stringer <joe@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

ovs-ofctl: Fix manpage formatting typo.

Only the names of the fields were supposed to be bold here, but omitting
the "fR" from "\fR" made everything between the field names bold too,
which looked funny.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>

ovn: support ARP response for known IPs

For lswitch ports with known IPs, ARP is responded directly from
local ovn-controller to avoid flooding.

Signed-off-by: Han Zhou <zhouhan@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

tests: Add tunnel-push-pop-ipv6 tests

Based on IPv4 tests, test tunnels over IPv6. In order to do that, add
netdev-dummy/ip6addr command for dummy bridges, and get_in6 support for
netdev-dummy as well.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

Allow flow-based IPv6 tunnels to be configured with OpenFlow

With this patch, it is possible to set the IPv6 source and destination address
in flow-based tunnels.

$ ovs-ofctl add-flow br0 "in_port=LOCAL actions=set_field:2001:cafe::92->tun_ipv6_dst"

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Jiri Benc <jbenc@redhat.com>
Co-authored-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

tnl-neigh-cache: Remove tnl_arp_lookup().

tnl_arp_lookup is not used anymore. All users have been converted to
IPv4-mapped addresses. New users need to use IPv4-mapped addresses and use
tnl_neigh_lookup.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ofproto-dpif-xlate: Support IPv6 when sending to tunnel

When doing push/pop and building tunnel header, do IPv6 route lookups and send
Neighbor Solicitations if needed.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Cc: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>

netdev-vport: Add IPv6 support for build/push/pop tunnel header

This includes VXLAN, GRE and Geneve.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

packets: Introduce in6_addr_mapped_ipv4() and use where appropriate.

This allows code to be written more naturally in some cases.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>

ovs-router: fix compile error on FreeBSD

FreeBSD needs to include netinet/in.h to define struct in6_addr.

Signed-off-by: Kevin Lo <kevlo@FreeBSD.org>
Acked-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

Prepare for post-2.5.0 (2.5.90).

Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Joe Stringer <joe@ovn.org>

Prepare for 2.5.0.

Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Joe Stringer <joe@ovn.org>

ovn-northd: Only run idl loop if something changed.

Before refactoring the main loop to reuse ovsdb_idl_loop_* functions, we
would use a sequence to see if anything changed in NB database to
compute and notify the SB database, and vice versa. This logic got
dropped with the refactor, causing a testsuite failure in the ovn-sbctl
test. Reintroduce the IDL sequence number checking.

Fixes: 331e7aefe1c6 ("ovn-northd: Refactor main loop to use ovsdb_idl_loop_*
functions")
Suggested-by: Numan Siddique <nusiddiq@redhat.com>
Signed-off-by: Joe Stringer <joe@ovn.org>
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Tested-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Acked-by: Ben Pfaff <blp@ovn.org>

FAQ: Document kernel feature support.

Some recent features have more stringent requirements for kernel
versions than the FAQ describes. Add an entry to be more explicit on
which features work with which versions of the upstream kernel.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

datapath: Scrub skb between namespaces

If OVS receives a packet from another namespace, then the packet should
be scrubbed. However, people have already begun to rely on the behaviour
that skb->mark is preserved across namespaces, so retain this one field.

This is mainly to address information leakage between namespaces when
using OVS internal ports, but by placing it in ovs_vport_receive() it is
more generally applicable, meaning it should not be overlooked if other
port types are allowed to be moved into namespaces in future.

Upstream: 740dbc289155 ("openvswitch: Scrub skb between namespaces")
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

datapath: Backport conntrack fixes.

Backport the following fixes for conntrack from upstream.

9723e6abc70a openswitch: fix typo CONFIG_NF_CONNTRACK_LABEL
0d5cdef8d5dd openvswitch: Fix conntrack compilation without mark.
982b52700482 openvswitch: Fix mask generation for nested attributes.
cc5706056baa openvswitch: Fix IPv6 exthdr handling with ct helpers.
33db4125ec74 openvswitch: Rename LABEL->LABELS
b8f2257069f1 openvswitch: Fix skb leak in ovs_fragment()
ec0d043d05e6 openvswitch: Ensure flow is valid before executing ct
6f225952461b openvswitch: Reject ct_state unsupported bits
fbccce5965a5 openvswitch: Extend ct_state match field to 32 bits
ab38a7b5a449 openvswitch: Change CT_ATTR_FLAGS to CT_ATTR_COMMIT
9e384715e9e7 openvswitch: Reject ct_state masks for unknown bits
4f0909ee3d8e openvswitch: Mark connections new when not confirmed.
e754ec69ab69 openvswitch: Serialize nested ct actions if provided
74c16618137f openvswitch: Fix double-free on ip_defrag() errors
6f5cadee44d8 openvswitch: Fix skb leak using IPv6 defrag

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

datapath: Allow attaching helpers to ct action

Add support for using conntrack helpers to assist protocol detection.
The new OVS_CT_ATTR_HELPER attribute of the CT action specifies a helper
to be used for this connection. If no helper is specified, then helpers
will be automatically applied as per the sysctl configuration of
net.netfilter.nf_conntrack_helper.

The helper may be specified as part of the conntrack action, eg:
ct(helper=ftp). Initial packets for related connections should be
committed to allow later packets for the flow to be considered
established.

Example ovs-ofctl flows allowing FTP connections from ports 1->2:
in_port=1,tcp,action=ct(helper=ftp,commit),2
in_port=2,tcp,ct_state=-trk,action=ct(recirc)
in_port=2,tcp,ct_state=+trk-new+est,action=1
in_port=2,tcp,ct_state=+trk+rel,action=1

Upstream: cae3a26 "openvswitch: Allow attaching helpers to ct action"
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

datapath: Allow matching on conntrack label

Allow matching and setting the ct_label field. As with ct_mark, this is
populated by executing the CT action. The label field may be modified by
specifying a label and mask nested under the CT action. It is stored as
metadata attached to the connection. Label modification occurs after
lookup, and will only persist when the conntrack entry is committed by
providing the COMMIT flag to the CT action. Labels are currently fixed
to 128 bits in size.

Upstream: c2ac667 "openvswitch: Allow matching on conntrack label"
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

datapath: Allow matching on conntrack mark

Allow matching and setting the ct_mark field. As with ct_state and
ct_zone, these fields are populated when the CT action is executed. To
write to this field, a value and mask can be specified as a nested
attribute under the CT action. This data is stored with the conntrack
entry, and is executed after the lookup occurs for the CT action. The
conntrack entry itself must be committed using the COMMIT flag in the CT
action flags for this change to persist.

Upstream: 182e304 "openvswitch: Allow matching on conntrack mark"
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

datapath: Add conntrack action

Expose the kernel connection tracker via OVS. Userspace components can
make use of the CT action to populate the connection state (ct_state)
field for a flow. This state can be subsequently matched.

Exposed connection states are OVS_CS_F_*:
- NEW (0x01) - Beginning of a new connection.
- ESTABLISHED (0x02) - Part of an existing connection.
- RELATED (0x04) - Related to an established connection.
- INVALID (0x20) - Could not track the connection for this packet.
- REPLY_DIR (0x40) - This packet is in the reply direction for the flow.
- TRACKED (0x80) - This packet has been sent through conntrack.

When the CT action is executed by itself, it will send the packet
through the connection tracker and populate the ct_state field with one
or more of the connection state flags above. The CT action will always
set the TRACKED bit.

When the COMMIT flag is passed to the conntrack action, this specifies
that information about the connection should be stored. This allows
subsequent packets for the same (or related) connections to be
correlated with this connection. Sending subsequent packets for the
connection through conntrack allows the connection tracker to consider
the packets as ESTABLISHED, RELATED, and/or REPLY_DIR.

The CT action may optionally take a zone to track the flow within. This
allows connections with the same 5-tuple to be kept logically separate
from connections in other zones. If the zone is specified, then the
"ct_zone" match field will be subsequently populated with the zone id.

IP fragments are handled by transparently assembling them as part of the
CT action. The maximum received unit (MRU) size is tracked so that
refragmentation can occur during output.

IP frag handling contributed by Andy Zhou.

Based on original design by Justin Pettit.

Upstream: 7f8a436 "openvswitch: Add conntrack action"
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

datapath: Serialize acts with original netlink len

Previously, we used the kernel-internal netlink actions length to
calculate the size of messages to serialize back to userspace.
However,the sw_flow_actions may not be formatted exactly the same as the
actions on the wire, so store the original actions length when
de-serializing and re-use the original length when serializing.

Upstream: 8e2fed1 "openvswitch: Serialize acts with original netlink len"
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

datapath: Move MASKED* macros to datapath.h

This will allow the ovs-conntrack code to reuse these macros.

Upstream: be26b9a "openvswitch: Move MASKED* macros to datapath.h"
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

compat: Backport IPv6 reassembly.

Backport IPv6 fragment reassembly from upstream commits in the Linux 4.3
development tree.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

compat: Backport IPv6 fragmentation.

IPv6 fragmentation functionality is not exported by most kernels, so
backport this code from the upstream 4.3 development tree.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

compat: Backport IPv4 reassembly.

Backport IPv4 reassembly from the upstream commit caaecdd3d3f8 ("inet:
frags: remove INET_FRAG_EVICTED and use list_evictor for the test").

This is necessary because kernels prior to upstream commit d6b915e29f4a
("ip_fragment: don't forward defragmented DF packet") would not always
track the maximum received unit size during ip_defrag(). Without the
MRU, refragmentation cannot occur so reassembled packets are dropped.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

compat: Wrap IPv4 fragmentation.

Most kernels provide some form of ip fragmentation. However, until
recently many of them would always send ICMP responses for over_MTU
packets, even when operating in bridge mode. Backport the check to
ensure this doesn't occur.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

compat: Backport ip_skb_dst_mtu().

>From upstream f87c10a8aa1e ("ipv4: introduce ip_dst_mtu_maybe_forward
and protect forwarding path against pmtu spoofing")

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

compat: Backport dev_recursion_level().

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

compat: Backport prandom_u32_max().

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

compat: Backport 'dst' functions.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

compat: Backport nf_connlabels_{get, put}().

This is a partial backport of Linux commit 86ca02e77408
"netfilter: connlabels: Export setting connlabel length".

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

compat: Backport nf_ct_tmpl_alloc().

Loosely based upon Linux commit 0838aa7fcfcd "netfilter: fix netns
dependencies with conntrack templates" and commit 5e8018fc6142
"netfilter: nf_conntrack: add efficient mark to zone mapping".

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

compat: Backport conntrack zones headers.

Loosely based upon Linux commit 308ac9143ee2 "netfilter: nf_conntrack:
push zone object into functions".

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

datapath: Add support for lwtunnel

Following patch adds support for lwtunnel to OVS datapath.
With this change OVS datapath detect lwtunnel support and
make use of new APIs if available. On older kernel where the
support is not there the backported tunnel modules are used.
These backported tunnel devices acts as lwtunnel devices.
I tried to keep backported module same as upstream for easier
bug-fix backport. Since STT and LISP are not upstream OVS
always needs to use respective modules from tunnel compat layer.
To make it work on kernel 4.3 I have converted STT and LISP
modules to lwtunnel API model.

lwtunnel make use of skb-dst to pass tunnel information to the
tunnel module. On older kernel this is not possible. So the in
case of old kernel metadata ref is stored in OVS_CB and direct
call to tunnel transmit function is made by respective tunnel
vport modules. Similarly on receive side tunnel recv directly
call netdev-vport-receive to pass the skb to OVS.

Major backported components include:
Geneve, GRE, VXLAN, ip_tunnel, udp-tunnels GRO.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Joe Stringer <joe@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>

ofproto-dpif: Validate ct action support.

Disallow installing rules that execute ct() if conntrack is unsupported
in the datapath.

Reported-by: Ravindra Kenchappa <ravindra.kenchappa@hpe.com>
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jarno@ovn.org>

ofp-actions: Refactor ofpact_get_mf_dst().

This function finds the mf destination field for any ofpact, returning
NULL if not applicable. It will be used by the next patch to properly
reject OpenFlow flows with conntrack actions when conntrack is
unsupported by the datapath.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ipfix: Skip BFD packets.

The patch is to skip BFD packets in ipfix.
Bidirectional Forwarding Detection (BFD) packets are for monitoring
the tunnel link status and consumed by ovs itself, no need to sample
them.
Refer to IETF RFC 5881, BFD control packets are the UDP packets with
destination port 3784 and BFD echo packets are the UDP packets with dst
destination port 3785.
Ipfix will skip both BFD control packets and BFD echo packets.

Signed-off-by: Wenyu Zhang <wenyuz@vmware.com>
[blp@ovn.org added check for IP]
Signed-off-by: Ben Pfaff <blp@ovn.org>

debian: Skip systemctl redirect.

After some experimentation on Ubuntu15.04, I see the
following behavior.

1. If you install openvswitch-switch with 'apt-get install',
then you automatically get a upstart and systemd config files
for openvswitch. The integration with 'interfaces' fails
because both the upstart and systemd jobs do not have logic
to handle it.

The above behavior will likely get fixed soon in upstream
Ubuntu.

2. If you install openvswitch-switch via the packages
created from the openvswitch repo, there is no systemd or
upstart conf files installed. But systemd notices this
and creates a runtime openvswitch conf file which does
nothing but call back the sysv startup script.

In the above case when you call
"/etc/init.d/openvswitch-switch start", it inturn calls
"/bin/systemctl start openvswitch-switch.service" and
that inturn again calls "/etc/init.d/openvswitch-switch start".
But the above for some reason simply hangs. It looks like a call
to ifup when invoked in this manner does not return.
I am not sure why this is happening.

We can avoid the above behavior completely by skipping the
systemctl redirect as done in this commit. This should fix
both 1. and 2. above.

Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

NEWS: Add OVN.

Add OVN to NEWS as a post-2.4.0 feature.

Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

ovn.at: Fix races

These tests are racy as nothing prevents packet re-ordering.
Fix them by sorting outputs before comparing.

Signed-off-by: YAMAMOTO Takashi <yamamoto@midokura.com>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Acked-by: Ben Pfaff <blp@ovn.org>

ovn.at: Use {} to make this less ambiguous

While (surprisingly to me) bash interprets $10 as ${1}0,
many other shells, including NetBSD's /bin/sh, interpret it as ${10}.

Also use already assigned named variables rather than positional
parameters to make things a little more readable.

Signed-off-by: YAMAMOTO Takashi <yamamoto@midokura.com>
Acked-by: Ben Pfaff <blp@ovn.org>

ovn: Dedicated connection handler for packet-ins

This patch opens and maintains a new connection that is dedicated
to monitor the packet-ins for br-int.

Signed-off-by: Babu Shanmugam <bschanmu@redhat.com>
[blp@nicira.com removed support for OpenFlow 1.0]
Signed-off-by: Ben Pfaff <blp@ovn.org>

ofproto-dpif: Shortcut common case in rule_check().

Typically the datapath will support all available features, so check
that first before attempting to retrieve various values out of a
minimask as the latter doesn't need to be checked if all fields are
supported.

ct_state is an exception, because support for the bits in this field is
not binary; only some bits are defined so far, so they must still be
checked against the current known supported bits.

Suggested-by: Jarno Rajahalme <jrajahalme@nicira.com>
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jarno@ovn.org>

ofproto-dpif: Validate ct_* field masks.

When inserting rules that match on connection tracking fields, datapath
support must be checked before allowing or denying the rule insertion.
Previously we only disallowed flows that had non-zero values for the
ct_* field, but allowed non-zero masks. This meant that, eg:

ct_state=-trk,...

Would be allowed, while

ct_state=+trk,...

Would be disallowed, due to lack of datapath support.

Fix this by performing the check on masks instead of the flows.

Reported-by: Ravindra Kenchappa <ravindra.kenchappa@hpe.com>
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jarno@ovn.org>

ofproto-dpif: Reject partial ct_labels if unsupported.

If only half of a ct_label is present in a miniflow/minimask (eg, only
matching on one specific bit), then rule_check() would allow the flow
even if ct_label was unsupported, because it required both 64-bit fields
that comprise the ct_label to be present in the miniflow before
performing the check.

Fix this by populating the stack copy of the label directly from the
miniflow fields if available (or zero each 64-bit word if unavailable).

Suggested-by: Jarno Rajahalme <jrajahalme@nicira.com>
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jarno@ovn.org>

dp-packet: use dp_packet_reset_offsets during initialisation

Use dp_packet_reset_offsets() in dp_packet_init__() to make it
clearer that initialisation includes a reset of packets
packets the same way as callers to dp_packet_reset_offsets() reset packets.

Signed-off-by: Simon Horman <simon.horman@netronome.com>
Acked-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

odp-util: Limit scope of vlan in format_odp_action().

Limit the scope of the local vlan variable in format_odp_action()
to where it is used. This is consistent with the treatment of mpls
in the same function.

Signed-off-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

types: Correct typo in comment above eth_addr.

Correct spelling of struct in comment above eth_addr.

Signed-off-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ovsdb-client: Add optional table and columns to dump command

Adding a table to the dump command's arguments retrieves only that table.
One or more columns after the table retrieve only those columns.

Default behavior is unchanged.

Signed-off-by: Bert Vermeulen <bert@biot.com>
[blp@ovn.org updated documentation and usage]
Signed-off-by: Ben Pfaff <blp@ovn.org>

csum: Inline csum_add16(), csum_add32().

These two functions are really simple, to the point that inlining them
yields less code than calling them: with GCC 4.9 on i386, this change
reduces the code generated for packet_csum_pseudoheader() from 112 bytes
to 100 bytes.

I didn't measure whether there is a performance improvement.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>

docs: Document that --detach disables logging to the console.

Reported-by: "P.R.Dinesh" <pr.dinesh@gmail.com>
Reported-at: http://openvswitch.org/pipermail/discuss/2015-December/019567.html
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Gurucharan Shetty <guru@ovn.org>

ovs-ofctl: Support multiple tables in replace-flows and diff-flows.

Currently ovs-ofctl replace-flows and diff-flows commands only support
flows in table 0.  Extend this to cover all possible tables.

Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

AUTHORS: Update email address.

Update AUTHORS to use the email address I'm now using as the primary
address for ovs work.

Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>

ofproto: Implement OF1.4 error code for set-async-config

This patch adds support for Openflow1.4 error codes for set-async-config.
In this patch, a new error type, OFPET_ASYNC_CONFIG_FAILED is introduced
that enables the switch to properly inform the controller when controller
tries to set invalid mask or unsupported configuration.

Signed-off-by: Ambika Arora <ambika.arora@tcs.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ovsdb-idl: Improve ovsdb_idl_add_table() comment.

The new comment reflects with more clarity what ovsdb_idl_add_table() does.
Previous comment could be misunderstood, leading to believe that this function
replicates all columns on IDL. Hopefully this fix clarifies that columns are
not replicated, just minimal data for reference integrity is replicated.
A comment in ovsdb_idl_table_class is also modified to better reflect this
behaviour.

Signed-off-by: Edward Aymerich <edward.aymerich@hpe.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ofproto-dpif-xlate: use IPv6 for tnl_neigh_cache

Use IPv4-mapped address and replace tnl_arp_lookup with tnl_neigh_lookup.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

tunneling: extend flow_tnl with ipv6 addresses

Note that because there's been no prerequisite on the outer protocol,
we cannot add it now. Instead, treat the ipv4 and ipv6 dst fields in the way
that either both are null, or at most one of them is non-null.

[cascardo: abstract testing either dst with flow_tnl_dst_is_set]
cascardo: using IPv4-mapped address is an exercise for the future, since this
would require special handling of MFF_TUN_SRC and MFF_TUN_DST and OpenFlow
messages.

Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Co-authored-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

tnl-arp-cache: Rename module and functions to tnl-neigh-cache.

Since we don't distinguish between IPv4 and IPv6 lookups, consolidate ARP
and ND cache into neighbor cache. Other references to ARP related to the
ARP cache but that are not really about ARP have been renamed as well.
tnl_arp_lookup is kept for lookups using IPv4 instead of IPv4-mapped
addresses, but that is going to be removed in a later patch.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

lib: add format_in6_addr and scan_in6_addr

Add in6_addr counterparts to the existing format and scan functions.
Otherwise we'd need to recast all the time.

Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ofproto-dpif-xlate: use IPv6 for orig_tunnel_ip_dst

orig_tunnel_ip_dst is replaced by orig_tunnel_ipv6_dst and represents IPv4
addresses as IPv4-mapped IPv6 addresses. Since this is only used in
ofproto-dpif-xlate, this change is well contained.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

tunneling: add IPv6 support to netdev_tunnel_config

Allow configuration of IPv6 tunnel endpoints.

Signed-off-by: Jiri Benc <jbenc@redhat.com>
Co-authored-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

smap: smap_add_ipv6 adds IPv4-mapped addresses as IPv4

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

packets: Add ipv6_string_mapped.

ipv6_string_mapped stores an IPv6 or IPv4 representation of an IPv6 address
into a string. If the address is IPv4-mapped, it's represented in IPv4
dotted-decimal format.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

tnl-ports: remove unused tnl-arp-cache.h and include other necessary headers

tnl-ports.c did not use anything from tnl-arp-cache.h besides some other headers
that the latter included, like system string.h and OVS netdev.h.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

AUTHORS: Add Hiteshi Kalra, Saloni Jain, Shashwat Srivastava, Sandeep Kumar.

Signed-off-by: Ben Pfaff <blp@ovn.org>

Vagrantfile: Update to Fedora 22 base box

Fedora 20 base box is no longer available at chef/fedora20.

Signed-off-by: Mark D. Gray <mark.d.gray@intel.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

Implement Vacancy Events for OFPMP_TABLE_DESC.

This patch adds support for vacancy events in table-desc.

ovs-ofctl -O OpenFlow14 dump-tables-desc <switch>
-This command is enhanced to display the Vacancy Event configuration
 of the tables on a <switch>, which is set using the mod-table command.

Signed-off-by: Saloni Jain <saloni.jain@tcs.com>
Co-authored-by: Hiteshi Kalra <hiteshi.kalra@tcs.com>
Signed-off-by: Hiteshi Kalra <hiteshi.kalra@tcs.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

Implement Openflow 1.4 Vacancy Events for OFPT_TABLE_MOD.

OpenFlow 1.4 introduces the ability to turn on vacancy events with an
OFPT_TABLE_MOD message specifying OFPTC_VACANCY_EVENTS. This commit adds
support for the new feature in ovs-ofctl mod-table.
As per the openflow specification-1.4, vacancy event adds a mechanism
enabling the controller to get an early warning based on capacity
threshold chosen by the controller.

With this commit, vacancy events can be configured as:
ovs-ofctl -O OpenFlow14 mod-table <bridge> <table> vacancy:<low,high>
<low,high> specify vacancy threshold values in percentage for vacancy_down
and vacancy_up respectively.

To disable vacancy events, following command should be given:
ovs-ofctl -O OpenFlow14 mod-table <bridge> <table> novacancy

Signed-off-by: Saloni Jain <saloni.jain@tcs.com>
Co-authored-by: Shashwat Srivastava <shashwat.srivastava@tcs.com>
Signed-off-by: Shashwat Srivastava <shashwat.srivastava@tcs.com>
Co-authored-by: Sandeep Kumar <sandeep.kumar16@tcs.com>
Signed-off-by: Sandeep Kumar <sandeep.kumar16@tcs.com>
[blp@ovn.org fixed a few typos]
Signed-off-by: Ben Pfaff <blp@ovn.org>

ovn-northd: Refactor main loop to use ovsdb_idl_loop_* functions

This patch also addresses the issue reported at
http://openvswitch.org/pipermail/discuss/2015-November/019445.html

Suggested-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Numan Siddique <nusiddiq@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

AUTHORS: Add Han Zhou.

Signed-off-by: Ben Pfaff <blp@ovn.org>

ovn: use name instead of uuid as key of logical router ports

Before this patch, logical switch ports were using name as key but
logical router ports using uuid, which confuses user when trouble-
shooting, and names of patch ports unreadable. This patch unifies
it by using "name" field also for logical router ports.

Signed-off-by: Han Zhou <zhouhan@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

vtep/vtep.xml: Improve XML source formatting.

This patch contains only cosmetic changes.

Signed-off-by: Ariel Tubaltsev <tubaltzev@gmail.com>
Acked-by: Bruce Davie <bdavie@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

netdev-linux: Handle flags for 10G and 40G speeds

Handle advertised and supported flags for the following speeds:

* 1G base KX
* 10G base KX4, KR, R
* 40G base KR4, CR4, SR4, LR4

Signed-off-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

netdev-linux: correctly detect port speed bits beyond 16bit

This includes bits for:
* Backplane
* 1000 baseKX (full duplex)
* All speeds of 10Gbit and above other than 10000 baseT (full duplex).

Signed-off-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ofp-util: Add "check_overlap" and "reset_counts" to stateful flags.

The OpenFlow specification implies that every flag is part of the flow
state, even though that isn't really meaningful for OFPFF_CHECK_OVERLAP
or OFPFF_RESET_COUNTS.  This commit adds them to the flow state (reported
in flow stats replies).

Found by OFTest.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Co-authored-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Simon Horman <simon.horman@netronome.com>

INSTALL.SSL.md: Fix arguments to "ovs-pki req" command.

Reported-by: Aaron Rosen <aaronorosen@gmail.com>
Reported-at: http://openvswitch.org/pipermail/dev/2015-November/061778.html
Signed-off-by: Ben Pfaff <blp@ovn.org>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>

ofproto: Fix inserting buckets at the end of an empty group.

This caused a segfault.

Reported-by: Ray Li <rayli1107@gmail.com>
Reported-at: http://openvswitch.org/pipermail/discuss/2015-September/018746.html
Signed-off-by: Ben Pfaff <blp@ovn.org>
Reviewed-by: Simon Horman <simon.horman@netronome.com>

ofp-util: Reject bad group type and command with error instead of abort.

Reported-by: Manpreet Singh <er.manpreet25@gmail.com>
Reported-at: http://openvswitch.org/pipermail/discuss/2015-October/019048.html
Signed-off-by: Ben Pfaff <blp@ovn.org>
Reviewed-by: Simon Horman <simon.horman@netronome.com>

tests: Add tests for out_port and out_group.

Open vSwitch has supported these features on flow_mod for a long time, but
it has never included a test.  This commit adds tests for both.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Reviewed-by: Simon Horman <simon.horman@netronome.com>

ovs-ofctl: Add "out_group" keyword for OF1.1+ matching on output group.

It seems that OVS has never supported this OpenFlow feature in ovs-ofctl,
which makes it hard to test.  This commit adds support.

(Open vSwitch has supported this in OpenFlow for a long time; it's only
ovs-ofctl that didn't.)

Signed-off-by: Ben Pfaff <blp@ovn.org>
Reviewed-by: Simon Horman <simon.horman@netronome.com>

ofp-actions: Look inside write_actions for output ports and groups.

The out_port and out_group matches only looked at apply_actions
instructions, but my interpretation of the OpenFlow spec is that they
should also look inside write_actions.

This affected the output of (and in one case the correctness of) some
tests, so this updates them.

Reported-by: Gavin Remaley <gavin_remaley@selinc.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Reviewed-by: Simon Horman <simon.horman@netronome.com>

tests: Make parse_listening_port entirely reliable.

In test runs, I've occasionally seen mysterious failures in which
parse_listening_port failed to find the listening port even though an
examination of the log file showed that it was there.  I spent some time
trying to figure out what was going wrong.  It seemed like everything was
lined up properly to ensure that a command like "ovs-vsctl set-controller
br0 tcp:127.0.0.1:0" would only return to the command prompt after the
new listener was ready and the proper log message was written.  It was
obviously a very small race because I could only reproduce it with a large
test parallelism (e.g. -j10 on my quad-core laptop).

The problem turned out to be asynchronous logging in ovs-vswitchd.  If I
turned that off, by commenting out the call to vlog_enable_async() in
bridge.c, parse_listening_port became reliable.

This commit works around the problem by making parse_listening_port retry
for a while if necessary.  It also transforms the shell function into an
m4 macro (so that it can use OVS_WAIT_UNTIL) and renames it to
all-uppercase to follow the convention for macros.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>

tests: Make OVS_WAIT_WHILE, OVS_WAIT_UNTIL run even faster in some cases.

Sometimes OVS_WAIT_WHILE and OVS_WAIT_UNTIL are used for conditions that
tend to be true immediately but sometimes take a moment or two.  This
change makes such cases 0.1 seconds faster (which could add up over
hundreds of tests).

Signed-off-by: Ben Pfaff <blp@ovn.org>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>

tests: Run OVS_WAIT_WHILE, OVS_WAIT_UNTIL in main shell environment.

AT_CHECK runs its commands in a subshell.  That means that (among other
effects), any variable assignments within its commands will disappear after
the commands' completion.  That doesn't matter for any of the existing
users, which don't do the sorts of things that affect an outer shell
environment anyhow, but an upcoming user wants to make a shell assignment
that persists.  This commit makes that possible, by using AT_CHECK
(actually AT_FAIL_IF but it's moot) only upon failure instead of bracketing
the entire test.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>

ofproto-dpif-xlate: Fix byte-order error in comparison.

Found by sparse.

CC: Jarno Rajahalme <jarno@ovn.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Flavio Leitner <fbl@sysclose.org>

classifier-private.h: Whitespace in a comment

Signed-off-by: YAMAMOTO Takashi <yamamoto@midokura.com>
Acked-by: Ben Pfaff <blp@ovn.org>

ovs-ofctl.at: Fix a comment typo

Signed-off-by: YAMAMOTO Takashi <yamamoto@midokura.com>
Acked-by: Ben Pfaff <blp@ovn.org>

ofproto.at: Workaround a race

While a barrier serializes requests from the same connection,
it doesn't wait for requests from other connections to the switch.
Replace the barrier with infamous "sleep 1" to workaround the problem.

Signed-off-by: YAMAMOTO Takashi <yamamoto@midokura.com>
Acked-by: Ben Pfaff <blp@ovn.org>

ofproto.at: Portability improvement

== is a bash dialect.  Use = instead.

Signed-off-by: YAMAMOTO Takashi <yamamoto@midokura.com>
Acked-by: Ben Pfaff <blp@ovn.org>

ofproto-dpif: Remove a debug log

The message seems stale and it happens on port-mod.

Signed-off-by: YAMAMOTO Takashi <yamamoto@midokura.com>
Acked-by: Ben Pfaff <blp@ovn.org>

ofproto-dpif.at: Fix a race

Signed-off-by: YAMAMOTO Takashi <yamamoto@midokura.com>
Acked-by: Ben Pfaff <blp@ovn.org>

vtep-ctl.at: Fix a regex

} is an ordinary character in "basic" regex.

Signed-off-by: YAMAMOTO Takashi <yamamoto@midokura.com>
Acked-by: Ben Pfaff <blp@ovn.org>

dpif_dummy_override: Allow overriding a non-existing provider

This allows --enable-dummy=system with a userland-only build.
It's useful for testsuite.

Signed-off-by: YAMAMOTO Takashi <yamamoto@midokura.com>
Acked-by: Ben Pfaff <blp@ovn.org>

ovn-controller-vtep.at: Fix a race

Signed-off-by: YAMAMOTO Takashi <yamamoto@midokura.com>
Acked-by: Ben Pfaff <blp@ovn.org>

use "/usr/bin/env python" for shebangs for python scripts

On NetBSD, a typical path of python interpreter is /usr/pkg/bin/python.

Signed-off-by: YAMAMOTO Takashi <yamamoto@midokura.com>
Acked-by: Ben Pfaff <blp@ovn.org>

ofproto-macros.at: Rename vconn_windows_sub to vconn_sub

This is a preparation to add non-windows stuff.

Signed-off-by: YAMAMOTO Takashi <yamamoto@midokura.com>
Acked-by: Ben Pfaff <blp@ovn.org>

test-atomic: Bump test duration for multi-thread tests

This makes tests pass on on my single-cpu NetBSD-7 VM.

How frequently preemption happens depends on the cpu scheduler.

Signed-off-by: YAMAMOTO Takashi <yamamoto@midokura.com>
Acked-by: Ben Pfaff <blp@ovn.org>

completion.at: Improve portability

NetBSD's /bin/sh complains on the syntax of bash array.

While the use of eval might seem overkill, it's tricky to avoid
the error because the generated code will be a part of the surrounding
subshell and the syntax check is done a bit earlier than the execution
of these conditionals.

Signed-off-by: YAMAMOTO Takashi <yamamoto@midokura.com>
Acked-by: Ben Pfaff <blp@ovn.org>

daemon_switch_user: Improve portablility

NetBSD doesn't have [gs]etres[ug]id.

Signed-off-by: YAMAMOTO Takashi <yamamoto@midokura.com>
Acked-by: Andy Zhou <azhou@nicira.com>

openvswitch.m4: Portability improvement

${parameter/pattern/string} substituion is not portable.
Replace them with $SED equivalent.

Signed-off-by: YAMAMOTO Takashi <yamamoto@midokura.com>
Acked-by: Ben Pfaff <blp@ovn.org>