Alin Serdean [Wed, 30 Sep 2015 21:00:43 +0000 (21:00 +0000)]
datapath-windows: Fix IP fragmentation
Currently in the case of IP fragmentation we send to the userspace that
the flag for the last fragment is 3 when it actually should be a value
between 0..2.
This patch fixes the problem and also uses the values used in the common
header of the datapath.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Gurucharan Shetty [Thu, 1 Oct 2015 18:01:48 +0000 (11:01 -0700)]
ovn-ctl: Remove non-existant function call.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Gurucharan Shetty [Thu, 1 Oct 2015 15:59:54 +0000 (08:59 -0700)]
ovn: Change the valid tag values.
A tag value of 0 is not used by containers running inside
VMs.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Alin Serdean [Wed, 30 Sep 2015 20:58:06 +0000 (20:58 +0000)]
datapath-windows: Update documentation
Commit ID:
7845b70384d75bd7d753648cb547be5c6c75ddca changed the hardcoded
names of 'internal' and 'external.1'.
This patch updates the documentation to accomodate the patches.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Mauricio Vásquez [Fri, 2 Oct 2015 11:23:31 +0000 (13:23 +0200)]
util: Fix definition of LIST_FOR_EACH_CONTINUE macro.
The definition of the INIT_CONTAINER macro initializes ITER to NULL,
it will cause a segmentation fault when it is deferenced on
(ITER)->MEMBER.next, then, I changed it to the ASSIGN_CONTAINER macro that
does not initialize ITER.
This does not fix any observable bug because LIST_FOR_EACH_CONTINUE is not
used anywhere.
Signed-off-by: Mauricio Vasquez B <mauricio.vasquezbernal@studenti.polito.it>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Bruce Davie [Thu, 1 Oct 2015 19:07:45 +0000 (12:07 -0700)]
vtep: add ACLs to VTEP schema
Two new tables are added to the VTEP schema, for ACL entries and
ACLs (which are groups of entries). The physical port table is modified
to allow ACLs to be associated with ports, and the logical router table
is modified to allow ACLs to be attached to logical router ports.
Signed-off-by: Bruce Davie <bdavie@vmware.com>
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Bruce Davie [Thu, 1 Oct 2015 19:07:44 +0000 (12:07 -0700)]
vtep: Document the meaning of VLAN zero for vlan_bindings
The meaning of a value of zero in the VLAN field when mapping <VLAN, port>
pairs to logical switches had not previously been specified in the VTEP
schema. It is now clarified that a value of zero refers to untagged
traffic.
Signed-off-by: Bruce Davie <bdavie@vmware.com>
Acked-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Bruce Davie [Thu, 1 Oct 2015 19:07:43 +0000 (12:07 -0700)]
vtep: fix typos
Correct a number of typos in vtep.xml
Signed-off-by: Bruce Davie <bdavie@vmware.com>
Acked-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Gurucharan Shetty [Thu, 1 Oct 2015 16:12:41 +0000 (09:12 -0700)]
ovn-ctl: Fix a function call.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Gurucharan Shetty [Thu, 1 Oct 2015 15:57:24 +0000 (08:57 -0700)]
daemon.h: Fix compilation errors on Windows.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Russell Bryant [Thu, 1 Oct 2015 15:13:06 +0000 (11:13 -0400)]
.gitignore: Add dist-docs.
Running "make dist-docs" to generate docs creates a "dist-docs"
directory that should be ignored by git.
Signed-off-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Russell Bryant [Thu, 1 Oct 2015 15:29:16 +0000 (11:29 -0400)]
Fix build when HAVE_LIBCAPNG is not defined.
The function daemon_become_new_user_linux was conditionally defined but
then used in code unconditionally. If HAVE_LIBCAPNG is not defined, the
function would never be called, but it still must exist.
Adjust the #if guard around the function to be around the body of the
function instead of outside of its definition to ensure the function is
always defined, even if empty.
This issue was introduced in
e91b927d8966bfcb9768225392324dde4fd7d7f6.
Signed-off-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Andy Zhou [Mon, 14 Sep 2015 18:06:59 +0000 (11:06 -0700)]
ovs-dev.py: add --monitor and option
Runs ovsdb-server and ovs-vswitch with --monitor option. This feature
is useful for testing daemon monitoring together with --user option.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>
Andy Zhou [Sat, 12 Sep 2015 02:10:19 +0000 (19:10 -0700)]
ovs-dev.py: add --user option
ovs-dev.py "run" command now accepts the "--user" option for running
all ovs daemons as "user". The argument can be specified in
"user[:group]" format.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>
Andy Zhou [Fri, 11 Sep 2015 23:06:50 +0000 (16:06 -0700)]
ovs-dev.py: run operational commands as root
Switch operational commands, run, kill, reset and modinst directly
or indirectly read and writes files within the RUNDIR. Currently
these commands run in the current user context, with some "sudo"
commands thrown in to ensure daemons such as ovs-vswichd will be
launched as root.
This approach works fine as long as ovs-dev.py is always
run as root, (but then the 'sudo' commands added are redundant).
When invoking ovs-dev.py as non-root, files in RUNDIR will be mixed
with root created file and non-root created files, making it confusing
to decide whether to run ovs-appctl as root or not. Multiple
invocations of ovs-dev.py as root or non-root causes permission issues
since the same file created by a different user may no longer be
accessible when user changes.
This patch improves the situation by always run those four operational
commands as root. When they are invoked as non-root, "sudo" will be
used automatically by re-run the command with sudo. VARDIR will now
always be access as root. The next patch will add --user and -u option
to allow for downgrading to running all daemons as non-root.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>
Andy Zhou [Fri, 11 Sep 2015 21:21:01 +0000 (14:21 -0700)]
ovs-dev.py: rename ROOT to RUNDIR
RUNDIR seems to be a better name.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>
Andy Zhou [Fri, 11 Sep 2015 20:34:24 +0000 (13:34 -0700)]
ovs-dev.py: allow current directory to be used as the working directory
Rather than forcing a single ovs source tree under ~/ovs, this
change supports invoking the script from the root of any
ovs source tree as the working source tree. If the script is invoked
from a directory not recognized as OVS source tree, ~/ovs will
then be used.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>
Andy Zhou [Mon, 21 Sep 2015 22:06:00 +0000 (15:06 -0700)]
dpdk: reject --user option
dpdk datapath needs to run as root. Block the --user
option for now. It is likely we will revisit this issue for possibly
supporting --user option for dpdk datapath process as well.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Andy Zhou [Fri, 11 Sep 2015 18:26:39 +0000 (11:26 -0700)]
lib/daemon: support --user option for all OVS daemon
OVS daemons can now support --user option to run as a non-root
user with less privileges.
See the manpage patch for more descriptions.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Andy Zhou [Fri, 11 Sep 2015 01:44:27 +0000 (18:44 -0700)]
configure: add configuration options for libcap-ng
Add configuration option for enabling or disabling linking with
libcap-ng. Since capabilities are a security feature, the libcapng
option is handled as follows:
- no option: use libcapng if it's present
--disable-libcapng: do not use libcapng
--enable-libcapng: do use libcapng and fail configuration if
it's missing
On Linux, not linking with libcapng makes all OVS daemons fail when
--user option is specified.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Simon Horman [Wed, 30 Sep 2015 06:44:53 +0000 (15:44 +0900)]
openflow-common: Correct Netronome vendor ID.
Due to an error on my part the Netronome vendor Id is incorrect:
the last digit should be 'd' rather than '0' as per the
Netronome IEEE OUI.
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Gurucharan Shetty [Wed, 30 Sep 2015 15:40:30 +0000 (08:40 -0700)]
Revert "poll-loop: Fix assertion in poll_create_node()."
This reverts commit
ae09fae8a6b43299a628ae0989fe2fedb924d560.
Commit
ae09fae8a6b432 caused segfaults while running unit tests
on Windows as pollfd.fd on Windows does not take negative values.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Ben Pfaff [Fri, 18 Sep 2015 22:26:28 +0000 (15:26 -0700)]
util: Generalize rightmost_1bit_idx(), leftmost_1bit_idx().
These functions could only work with 32-bit integers because of their
special cases for an argument of value 0. However, none of the existing
users depended on this special case, and some of the users did try to use
these functions with 64-bit integer arguments. Thus, this commit changes
them to support 64-bit integer arguments and drops the special cases for
zero.
This fixes a latent bug that applied rightmost_1bit_idx() to an ofpact
bitmap, which only becomes visible when an OFPACT_* with value greater than
32 is included in the bitmap.
Reported-by: Kyle Upton <kupton@baymicrosystems.com>
Reported-at: http://openvswitch.org/pipermail/dev/2015-September/060128.html
Signed-off-by: Ben Pfaff <blp@nicira.com>
Nithin Raju [Wed, 23 Sep 2015 16:15:33 +0000 (09:15 -0700)]
netlink-socket.c: event polling for packets on windows
Currently, we do busy-polling for packets on Windows. In this patch
we nuke that code and schedule an event.
The code has been tested for packet reads, and CPU utilization of
ovs-vswitchd went down drastically.
I'll send out the changes to get vport events to work in a seperate
patch.
Signed-off-by: Nithin Raju <nithin@vmware.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Nithin Raju [Wed, 23 Sep 2015 16:15:31 +0000 (09:15 -0700)]
datapath-windows: reset the IRP pointer after use in OvsQueuePackets
Signed-off-by: Nithin Raju <nithin@vmware.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Nithin Raju [Wed, 23 Sep 2015 16:15:32 +0000 (09:15 -0700)]
datapath-windows: return netlink error for read operation
The kernel datapath returns a NL error message upon any errors
during read operations, and returns STATUS_SUCCESS as the return
code. We reply on the input NL request to get the family ID, and the
PID. However, when the request is of type OVS_CTRL_CMD_EVENT_NOTIFY
and OVS_CTRL_CMD_READ_NOTIFY, there's no input buffer associated
with the request. So, we use a temporary input buffer to be able to
call the Netlink APIs for constructing the output NL error message.
Signed-off-by: Nithin Raju <nithin@vmware.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ansis Atteka [Sat, 19 Sep 2015 20:10:55 +0000 (13:10 -0700)]
doc: document feature deprecation and removal process
It seems that we haven't defined clear process on how features should
be removed from OVS. This patch attempts to document this process.
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Ansis Atteka [Wed, 16 Sep 2015 02:40:47 +0000 (19:40 -0700)]
vlog: deprecate --syslog-target argument
Commit
fe089c0d1e18 ("vlog: abstract out interface to syslog daemon")
introduced --syslog-method flag that supersedes --syslog-target flag by:
1. making logging format configurable
2. letting daemon to also talk over UNIX domain socket (this is handy
when local rsyslog daemon is running in different network namespace
on the same host)
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Thu, 17 Sep 2015 17:10:56 +0000 (10:10 -0700)]
nroff: Add support for <b>...</b> and <i>...</i> inline markup.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>
Ben Pfaff [Tue, 29 Sep 2015 23:53:44 +0000 (16:53 -0700)]
nroff: Support inline XML inside <pre> blocks.
This is useful so that one can write, e.g.
<p>The following shows how to add 1 to variable <var>x</var>:</p>
<pre>
<var>x</var> = <var>x</var> + 1;
</pre>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>
Minoru TAKAHASHI [Fri, 18 Sep 2015 06:38:10 +0000 (15:38 +0900)]
ofp-msgs: fix enum of OFPMP_TABLE_DESC.
Signed-off-by: Minoru TAKAHASHI <takahashi.minoru7@gmail.com>
Acked-by: Joe Stringer <joestringer@nicira.com>
Ben Pfaff [Tue, 29 Sep 2015 22:40:22 +0000 (15:40 -0700)]
ovn: Implement basic end-to-end full mesh test.
This is a really basic test of the OVN features. It verifies that basic
L2 connectivity works as expected over a 3-hypervisor setup with 3 VMs
per hypervisor and all 9 VMs on a single logical switch, with a few ACLs.
The infrastructure added by this patch, which is based on similar code
from ovs-sim, should be useful as a basis for later and more advanced
OVN end-to-end tests.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>
Ben Pfaff [Tue, 29 Sep 2015 17:19:37 +0000 (10:19 -0700)]
tests: Ignore more error messages for hidden rules test.
This test intentionally configures an unreachable controller. It ignored
some error messages in the log, specifically
br0: cannot find route for controller (240.0.0.1): ...
but a bug report says that other forms of messages can also appear, e.g.
br0<->tcp:240.0.0.1:6653: connection dropped (No route to host)
This commit therefore expands the logged error messages that will be
ignored to any message that includes the IP address 240.0.0.1.
Reported-by: "Kurek, Tytus" <Tytus.Kurek@pega.com>
Reported-at: http://openvswitch.org/pipermail/discuss/2015-September/018910.html
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>
Thadeu Lima de Souza Cascardo [Tue, 29 Sep 2015 22:09:15 +0000 (19:09 -0300)]
tnl-ports: Include tnl-ports.h as first header.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Jarno Rajahalme [Tue, 29 Sep 2015 21:21:33 +0000 (14:21 -0700)]
ofproto-dpif-upcall: Use flow_wildcards_has_extra().
Update the comment in ukey_revalidate() to reflect the fact that the
mask in ukey is not the datapath mask, but the originally translated
flow wildcards.
Use flow_wildcards_has_extra() instead of open coding equivalent (but
different) functionality. The old form and the code in
flow_wildcards_has_extra() ((dp | wc != dp) and (dp & wc != wc),
respecively) give the same result:
dp wc (dp | wc != dp) (dp & wc != wc)
-------------------------------------------------------
0 0 (0 | 0 != 0) (false) (0 & 0 != 0) (false)
0 1 (0 | 1 != 0) (true) (0 & 1 != 1) (true)
1 0 (1 | 0 != 1) (false) (1 & 0 != 0) (false)
1 1 (1 | 1 != 1) (false) (1 & 1 != 1) (false)
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Nithin Raju [Wed, 23 Sep 2015 16:15:30 +0000 (09:15 -0700)]
datapath-windows: move packet read code to User.c
Simple code motion.
Signed-off-by: Nithin Raju <nithin@vmware.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Sorin Vinturis [Wed, 23 Sep 2015 12:40:18 +0000 (12:40 +0000)]
datapath-windows: Avoid unnecessary vport array search
Signed-off-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Gurucharan Shetty [Tue, 29 Sep 2015 17:12:08 +0000 (10:12 -0700)]
ovn-controller: Fix container flows in table 33.
The broadcast flows added in table 33 was faulty for
containers. Fix it.
Suggested-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>
Gurucharan Shetty [Mon, 28 Sep 2015 19:41:46 +0000 (12:41 -0700)]
ovn-controller: Fix a case wherein tag can be zero.
If the ovn-nb DB's logical_port table is populated such
that tag is zero, we should not consider that record.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>
Gurucharan Shetty [Mon, 28 Sep 2015 19:28:24 +0000 (12:28 -0700)]
ovn-controller: Change the name of a variable.
The name 'lport_to_ofport' gives the impression that the
simap contains all the logical port to ofport mapping. In
reality, it only contains a local vif to ofport mapping.
The name 'localvif_to_ofport' feels to be a better fit.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>
Alin Serdean [Wed, 23 Sep 2015 17:30:32 +0000 (17:30 +0000)]
Add build system for compiling under MSVC x64
This patch adds the modifications needed to compile under x64 under
Windows:
- created a new macro for testing if we are compiling under x64.
this will define the linker flag: "/MACHINE:X64" as per documentation
(https://msdn.microsoft.com/en-us/library/9yb4317s.aspx).
- added x64 pthread libraries under the pthread defines
- add documentation on how to build under x64
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Daniele Di Proietto [Tue, 29 Sep 2015 15:01:12 +0000 (16:01 +0100)]
travis: Install `bc` utility for kernel compilation
Newer kernels appear to require `bc` to build all the headers
Also, alphabetize the package list
Tested-at: https://travis-ci.org/ddiproietto/ovs/builds/
82757574
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Daniele Di Proietto [Wed, 23 Sep 2015 11:59:26 +0000 (12:59 +0100)]
travis: Use container infrastructure.
Recently some testcases have been failing in travis because of a warning
related to the use of an L3 device (OpenVZ specific) inside the workers.
To get travis tests working again we can move to the newer container
infrastructure: this commit does that.
The disadvantage is that there's no sudo access anymore, but we can
install packages with the apt plugin, and we shouldn't use root for
anything else
Also, since we're building DPDK with vhost-user (not vhost-cuse),
libfuse-dev is not needed anymore.
Tested-at: https://travis-ci.org/ddiproietto/ovs/builds/
81764972
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
CC: Joe Stringer <joestringer@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Tue, 29 Sep 2015 04:30:05 +0000 (21:30 -0700)]
tun-metadata: Avoid MSVC compile error on 64-bit builds for 0-length array.
MSVC does not support zero-size arrays except as the last member of a
defined structure.
The error is hit only on MSVC 64 bit because the size of uint64_t is equal
with sizeof(struct tun_table *).
Reported-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Alin Serdean [Wed, 23 Sep 2015 17:45:09 +0000 (17:45 +0000)]
nl_sock_fd is not used under MSVC
Ifdef out nl_sock_fd to make users aware it is not used.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Pravin B Shelar [Fri, 25 Sep 2015 23:25:10 +0000 (16:25 -0700)]
datapath: Backport "skbuff: Fix skb checksum flag on skb pull"
Upstream commit:
VXLAN device can receive skb with checksum partial. But the checksum
offset could be in outer header which is pulled on receive. This results
in negative checksum offset for the skb. Such skb can cause the assert
failure in skb_checksum_help(). Following patch fixes the bug by setting
checksum-none while pulling outer header.
Following is the kernel panic msg from old kernel hitting the bug.
------------[ cut here ]------------
kernel BUG at net/core/dev.c:1906!
RIP: 0010:[<
ffffffff81518034>] skb_checksum_help+0x144/0x150
Call Trace:
<IRQ>
[<
ffffffffa0164c28>] queue_userspace_packet+0x408/0x470 [openvswitch]
[<
ffffffffa016614d>] ovs_dp_upcall+0x5d/0x60 [openvswitch]
[<
ffffffffa0166236>] ovs_dp_process_packet_with_key+0xe6/0x100 [openvswitch]
[<
ffffffffa016629b>] ovs_dp_process_received_packet+0x4b/0x80 [openvswitch]
[<
ffffffffa016c51a>] ovs_vport_receive+0x2a/0x30 [openvswitch]
[<
ffffffffa0171383>] vxlan_rcv+0x53/0x60 [openvswitch]
[<
ffffffffa01734cb>] vxlan_udp_encap_recv+0x8b/0xf0 [openvswitch]
[<
ffffffff8157addc>] udp_queue_rcv_skb+0x2dc/0x3b0
[<
ffffffff8157b56f>] __udp4_lib_rcv+0x1cf/0x6c0
[<
ffffffff8157ba7a>] udp_rcv+0x1a/0x20
[<
ffffffff8154fdbd>] ip_local_deliver_finish+0xdd/0x280
[<
ffffffff81550128>] ip_local_deliver+0x88/0x90
[<
ffffffff8154fa7d>] ip_rcv_finish+0x10d/0x370
[<
ffffffff81550365>] ip_rcv+0x235/0x300
[<
ffffffff8151ba1d>] __netif_receive_skb+0x55d/0x620
[<
ffffffff8151c360>] netif_receive_skb+0x80/0x90
[<
ffffffff81459935>] virtnet_poll+0x555/0x6f0
[<
ffffffff8151cd04>] net_rx_action+0x134/0x290
[<
ffffffff810683d8>] __do_softirq+0xa8/0x210
[<
ffffffff8162fe6c>] call_softirq+0x1c/0x30
[<
ffffffff810161a5>] do_softirq+0x65/0xa0
[<
ffffffff810687be>] irq_exit+0x8e/0xb0
[<
ffffffff81630733>] do_IRQ+0x63/0xe0
[<
ffffffff81625f2e>] common_interrupt+0x6e/0x6e
Reported-by: Anupam Chanda <achanda@vmware.com>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Tom Herbert <tom@herbertland.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream:
6ae459bdaae ("skbuff: Fix skb checksum flag on skb pull")
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Zoltan Kiss [Fri, 25 Sep 2015 18:42:40 +0000 (11:42 -0700)]
ofproto-dpif: Do not block on uninitialized pause barriers.
e4e74c3a "dpif-netdev: Purge all ukeys when reconfigure pmd." introduced a new
dp_purge_cb function, which calls udpif_pause_revalidators() and that tries to
block on pause_barrier.
But if OVS was started with flow-restore-wait="true" (e.g. through ovs-ctl),
type_run() will have backer->recv_set_enable == false, and udpif_set_threads
won't initialize the barrier, which leads to a segfault like this:
This patch introduces ofproto_dpif_backer_enabled(), which checks
recv_set_enable before touching the latch and blocking on pause_barrier.
Signed-off-by: Zoltan Kiss <zoltan.kiss@linaro.org>
Acked-by: Joe Stringer <joestringer@nicira.com>
Andy Zhou [Mon, 21 Sep 2015 23:01:23 +0000 (16:01 -0700)]
dpdk: fix compiler warnings on 32bit build
Those changes fix compiler warnings.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Jesse Gross [Wed, 23 Sep 2015 01:13:00 +0000 (18:13 -0700)]
datapath: Backport "openvswitch: Zero flows on allocation."
Upstream commit:
openvswitch: Zero flows on allocation.
When support for megaflows was introduced, OVS needed to start
installing flows with a mask applied to them. Since masking is an
expensive operation, OVS also had an optimization that would only
take the parts of the flow keys that were covered by a non-zero
mask. The values stored in the remaining pieces should not matter
because they are masked out.
While this works fine for the purposes of matching (which must always
look at the mask), serialization to netlink can be problematic. Since
the flow and the mask are serialized separately, the uninitialized
portions of the flow can be encoded with whatever values happen to be
present.
In terms of functionality, this has little effect since these fields
will be masked out by definition. However, it leaks kernel memory to
userspace, which is a potential security vulnerability. It is also
possible that other code paths could look at the masked key and get
uninitialized data, although this does not currently appear to be an
issue in practice.
This removes the mask optimization for flows that are being installed.
This was always intended to be the case as the mask optimizations were
really targetting per-packet flow operations.
Fixes:
03f0d916 ("openvswitch: Mega flow implementation")
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream:
ae5f2fb1 ("openvswitch: Zero flows on allocation.")
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Pravin B Shelar [Fri, 18 Sep 2015 22:23:32 +0000 (15:23 -0700)]
datapath: Add support for 4.2 kernel.
Alin Serdean [Tue, 22 Sep 2015 19:53:31 +0000 (19:53 +0000)]
Include headers where ovs_rundir is used.
This patch includes dirs.h because ovs_rundir is used.
Found while compiling with MSVC x64.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Alin Serdean [Tue, 22 Sep 2015 19:53:31 +0000 (19:53 +0000)]
Include headers when using ovs_rundir
This patch adds an additional include file while compiling under MSVC.
Found by compiling under MSVC x64 and hitting the following problem:
http://stackoverflow.com/questions/
23144151/64-bit-function-returns-32-bit-pointer
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Alin Serdean [Tue, 22 Sep 2015 19:53:30 +0000 (19:53 +0000)]
Add x64 bit configuration to windows installer
This patch defines the x64 in the configuration of the visual studio
solution: ovs-windows-installer.sln
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Andy Zhou [Tue, 15 Sep 2015 20:51:17 +0000 (13:51 -0700)]
ofproto/bond: simplify rebalancing logic
The current bond relancing logic is more complicated than necessary.
When considering a bucket for rebalancing, we just need to make sure
post rebalancing traffic will be closer to the ideal traffic split
than before. This patch implements the simplification.
There is a bug is current algorithm that causes a heavyly loaded bucket
to ping-pong for each reblancing interval. The simplied loigc also fixes
this bug.
Though not the main motivation for the change, computations are now
done with integer math rather than floating math.
Reported-by: Gregory Smith <gasmith@nutanix.com>
tested-by: Gregory Smith <gasmith@nutanix.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Pravin B Shelar [Fri, 18 Sep 2015 22:23:21 +0000 (15:23 -0700)]
datapath: Fix compilation on kernel 3.18
Fixes following compilation error:
In file included from ovs/datapath/linux/actions.c:30: ovs/datapath/linux/compat/include/linux/if_vlan.h:65:
error: redefinition of ‘__vlan_hwaccel_push_inside’ include/linux/if_vlan.h:353: note: previous definition of
‘__vlan_hwaccel_push_inside’ was here ovs/datapath/linux/compat/include/linux/if_vlan.h:83:
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Ilya Maximets [Tue, 22 Sep 2015 09:27:15 +0000 (12:27 +0300)]
poll-loop: Fix assertion in poll_create_node().
Zero is a valid value for a file descriptor.
Reported-by: Nikita Kalyazin <n.kalyazin@samsung.com>
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Sairam Venugopal [Mon, 21 Sep 2015 20:32:14 +0000 (13:32 -0700)]
datapath-windows: Enable checksum offloads in STT
Enable support for Checksum offloads in STT if it's enabled in the Windows
VM. Set the Checksum Partial and Checksum Verified flags as mentioned in
the STT Draft - https://tools.ietf.org/html/draft-davie-stt-06
Signed-off-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Sorin Vinturis [Tue, 22 Sep 2015 15:31:08 +0000 (15:31 +0000)]
datapath-windows: Removed hardcoded names for internal/external vports
The internal/external vports will have the actual OS-based names, which
represent the NIC interface alias that is displayed by running
'Get-NetAdapter' Hyper-V PS command.
Signed-off-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Acked-by: Nithin Raju <nithin@vmare.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Sat, 19 Sep 2015 16:48:26 +0000 (09:48 -0700)]
tests: Shorten line in table-features test.
By inserting "dnl" a few places in this 1000+ character line, we bring
the physical line length down (making "git format-patch" willing to put
it into a patch) but m4 will still paste it together into a single line.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>
Jarno Rajahalme [Sat, 19 Sep 2015 00:47:37 +0000 (17:47 -0700)]
dpif-netdev: Exact match non-presence of vlans.
The Netlink encoding of datapath flow keys cannot express wildcarding
the presence of a VLAN tag. Instead, a missing VLAN tag is interpreted
as exact match on the fact that there is no VLAN. This makes reading
datapath flow dumps confusing, since for everything else, a missing
key value means that the corresponding key was wildcarded.
Unless we refactor a lot of code that translates between Netlink and
struct flow representations, we have to do the same in the userspace
datapath. This makes at least the flow install logs show that the
vlan_tci field is matched to zero. However, the datapath flow dumps
remain as they were before, as they are performed using the netlink
format.
Add a test to verify that packet with a vlan will not match a rule
that may seem wildcarding the presence of the vlan tag. Applying this
test without the userspace datapath modification showed that the
userspace datapath failed to create a new datapath flow for the VLAN
packet before this patch.
Reported-by: Tony van der Peet <tony.vanderpeet@gmail.com>
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Chris J Arges [Fri, 18 Sep 2015 20:34:22 +0000 (13:34 -0700)]
datapath: Backport "openvswitch: allocate nr_node_ids flow_stats instead of num_possible_nodes"
Upstream commit:
openvswitch: allocate nr_node_ids flow_stats instead of num_possible_nodes
Some architectures like POWER can have a NUMA node_possible_map that
contains sparse entries. This causes memory corruption with openvswitch
since it allocates flow_cache with a multiple of num_possible_nodes() and
assumes the node variable returned by for_each_node will index into
flow->stats[node].
Use nr_node_ids to allocate a maximal sparse array instead of
num_possible_nodes().
The crash was noticed after
3af229f2 was applied as it changed the
node_possible_map to match node_online_map on boot.
Fixes:
3af229f2071f5b5cb31664be6109561fbe19c861
Signed-off-by: Chris J Arges <chris.j.arges@canonical.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Nishanth Aravamudan <nacc@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream:
bac541e4631(""openvswitch: allocate nr_node_ids flow_stats
instead of num_possible_nodes")
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Joe Stringer [Wed, 9 Sep 2015 21:34:48 +0000 (14:34 -0700)]
datapath: Add support for 4.1 kernel.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Gurucharan Shetty [Wed, 2 Sep 2015 18:38:32 +0000 (11:38 -0700)]
stream-ssl: Get peer-ca-cert functionality to work.
When --certificate option is provided, we currently use
SSL_CTX_use_certificate_chain_file() function to add
that certificate. If our single certificate file had multiple
certificates (as a chain), all of them would get added and sent
to the remote peer. But once you call
SSL_CTX_use_certificate_chain_file(), any future calls to
SSL_CTX_add_extra_chain_cert() (called when --peer-ca-cert option
is used) had no effect.
Since our man pages and INSTALL.SSL.md say that --certificate
is used to specify one certificate and additional certificates
are sent via --peer-ca-cert, this commit changes
SSL_CTX_use_certificate_chain_file() use to
SSL_CTX_use_certificate_file(). With this, additional certificates
can now be added via --peer-ca-cert option.
The test case added with this commit would fail without the
above changes.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Gurucharan Shetty [Fri, 28 Aug 2015 21:25:47 +0000 (14:25 -0700)]
ovs-vsctl.at: Correct title of SSL test.
The test claimed to test peer-ca-cert functionality. But the
certificate provided via --peer-ca-cert was not actually sent
to the peer for bootstrapping. The bootstrapping was successful
because cert provided via --certificate was self-signed. Since the test
was not really testing the --peer-ca-cert functionality, change
the name of the test. We do not have any tests for bootstrapping,
so this test is still useful.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Alin Serdean [Thu, 17 Sep 2015 15:01:48 +0000 (15:01 +0000)]
datapath-windows: Append flow attribute key
Currently when running the vswitch daemon we get a lot of messages of the
form:
2015-09-10T23:04:21Z|07255|dpif(revalidator11)|WARN|system@ovs-system: failed
to flow_del (Invalid argument).
The userspace expects after sending a delete flow command, to receive the flow
key of the deleted flow.
Currently we only send back the statiscs. This patch appends back the flow key
attribute for to the response buffer for the flow commands new, modify and
delete.
This patch also responds to the userspace with ENOENT in the case the flow
was not modified, deleted, created or retrieved.
Also incorporate some refactors.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Alin Serdean [Thu, 17 Sep 2015 14:54:07 +0000 (14:54 +0000)]
datapath-windows: Output to multiple VXLAN ports
If we have a flow rule of the following form:
actions=strip_vlan,set_tunnel:0x3e9,15,16,17 (Where port 15, 16 and 17 are
VXLAN OF ports with different tunnelling information)
Current implementation is that if a packet will hit that specific flow,
only one packet will be sent out with the first tunnelling information.
This patch saves the initial packet source port for further use of the
currently implemented pipeline and ignores the latter if it
is the last tunnelling port.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Thu, 10 Sep 2015 17:00:41 +0000 (10:00 -0700)]
ofp-util: Fix struct ofputil_requestforward union membership.
'bands' should be paired with 'meter_mod' because 'bands' may hold the
storage for the meter's bands. ('bands' has nothing to do with
'group_mod'.)
Reported-by: niti Rohilla <niti1489@gmail.com>
Reported-at: http://openvswitch.org/pipermail/dev/2015-September/059847.html
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>
Gurucharan Shetty [Wed, 16 Sep 2015 16:27:37 +0000 (09:27 -0700)]
rpms: Remove ovs-sim man page from spec.
Reported-by: 张强 <zhangqiang@meizu.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Gurucharan Shetty [Wed, 16 Sep 2015 16:25:39 +0000 (09:25 -0700)]
rhel: Make python 2.7 a requirement of build.
Reported-by: 张强 <zhangqiang@meizu.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Jesse Gross [Wed, 16 Sep 2015 04:32:15 +0000 (21:32 -0700)]
datapath: Backport "openvswitch: Fix mask generation for nested attributes."
Upstream commit:
openvswitch: Fix mask generation for nested attributes.
Masks were added to OVS flows in a way that was backwards compatible
with userspace programs that did not generate masks. As a result, it is
possible that we may receive flows that do not have a mask and we need
to synthesize one.
Generating a mask requires iterating over attributes and descending into
nested attributes. For each level we need to know the size to generate the
correct mask. We do this with a linked table of attribute types.
Although the logic to handle these nested attributes was there in concept,
there are a number of bugs in practice. Examples include incomplete links
between tables, variable length attributes being treated as nested and
missing sanity checks.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream:
982b5270 ("openvswitch: Fix mask generation for nested attributes.")
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Jesse Gross [Wed, 16 Sep 2015 02:37:06 +0000 (19:37 -0700)]
tunneling: Track recursion levels across ARP generation.
If a packet is output to a tunnel port when userspace tunneling is
enabled, it will cause an ARP packet to be generated if the destination
is unknown. This ARP packet is injected into the physical bridge as
a new packet, where it is flooded.
If there is a loop (such as if the tunnel destination is the same bridge),
the result will be infinite recursion. Even though we currently track
recursion limits, they are not effective here since each ARP packet is
considered to be a new translation. This changes the behavior so that
each ARP flow translation is initialized with the recursion counter of
the previous flow. Note that the problem only applies to ARP - data
packets in a loop will hit an existing recursion counter in the datapath.
An additional side effect of this change is that ARP packets are no
longer unconditionally flooded in the new bridge. They will now follow any
flow rules in the new bridge that might apply to them, the same as with
the kernel datapath.
Reported-by: David Evans <davidjoshuaevans@gmail.com>
Tested-by: David Evans <davidjoshuaevans@gmail.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Thadeu Lima de Souza Cascardo [Fri, 4 Sep 2015 17:40:08 +0000 (14:40 -0300)]
ovs-router: Include ovs-router.h as first header.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Thadeu Lima de Souza Cascardo [Fri, 4 Sep 2015 17:40:07 +0000 (14:40 -0300)]
ovs-router: Add missing ds_destroy after ds was put.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Russell Bryant [Thu, 17 Sep 2015 18:27:07 +0000 (14:27 -0400)]
ovn: Update TODO with some notes on security.
The impact of the compromise of a chassis running ovn-controller came
up in a discussion with the developers of a system that could
potentially use OVN. Capture some notes on this issue as a todo item.
Signed-off-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ciara Loftus [Wed, 16 Sep 2015 16:16:13 +0000 (17:16 +0100)]
AUTHORS: Move Ciara Loftus to list of code contributors.
Signed-off-by: Ciara Loftus <ciara.loftus@intel.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ciara Loftus [Wed, 16 Sep 2015 16:16:12 +0000 (17:16 +0100)]
configure: Fix DPDK linking when using a relative path
When linking with DPDK, if a relative path is used with the
'--with-dpdk' flag, then OVS will always be compiled with vHost Cuse
support, even if it is not enabled in the DPDK build.
This patch fixes this problem, and enables the correct version of
vHost despite whether or not a relative or absolute path is used.
Signed-off-by: Ciara Loftus <ciara.loftus@intel.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Wed, 16 Sep 2015 15:35:22 +0000 (08:35 -0700)]
ofproto-dpif-sflow: Use xzalloc() instead of calloc() to allocate memory.
Memory allocation shouldn't be allowed to fail.
CC: Neil McKee <neil.mckee@inmon.com>
Reported-by: neeraj mehta <mehtaneeraj07@gmail.com>
Reported-at: http://openvswitch.org/pipermail/discuss/2015-September/018776.html
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>
Kevin Traynor [Wed, 9 Sep 2015 17:00:38 +0000 (18:00 +0100)]
docs: Expand performance tuning section in INSTALL.DPDK.md.
Split performance tuning into dedicated section and add more detail.
Signed-off-by: Kevin Traynor <kevin.traynor@intel.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Ben Pfaff [Thu, 10 Sep 2015 20:09:37 +0000 (13:09 -0700)]
ofproto: Reduce log level from WARN to INFO.
It seems to me that a controller bug doesn't rise to the level of a WARN
that causes a testsuite failure (by default).
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Ben Pfaff [Sat, 12 Sep 2015 03:14:59 +0000 (20:14 -0700)]
ovn-nbctl: Enable database commands using db-ctl-base infrastructure.
This makes ovn-nbctl into a pretty slavish imitation of ovn-sbctl, using
almost the same code. It has two immediate benefits. First, multiple
commands can now be chained together into a single ovn-nbctl invocation.
Second, the database commands such as "create", "set", and so on allow
queries and modifications that don't have specific commands already.
In the following commit, this allows testing the OVN ACL feature.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Alex Wang [Fri, 7 Aug 2015 07:21:42 +0000 (00:21 -0700)]
ovn-controller-vtep: Update related documentation.
This commit conducts the following documentation changes:
* add a description in ovn-architecture manual for
the life cycle about VTEP gateway.
* add TODOs related to ovn-controller-vtep.
* refine the ovn-sb, ovn-nb schema manual to require
logical 'port' type and 'options' configuration.
Signed-off-by: Alex Wang <ee07b291@gmail.com>
Acked-by: Russell Bryant <rbryant@redhat.com>
Acked-by: Justin Pettit <jpettit@nicira.com>
Alex Wang [Thu, 6 Aug 2015 22:40:57 +0000 (15:40 -0700)]
ovn-controller-vtep: Extend vtep module to install Ucast_Macs_Remote.
This commit extends the vtep module to support creating the
'Ucast_Macs_Remote' table entries in the vtep database for
MAC addresses on the ovn logical ports.
Signed-off-by: Alex Wang <ee07b291@gmail.com>
Acked-by: Russell Bryant <rbryant@redhat.com>
Acked-by: Justin Pettit <jpettit@nicira.com>
Alex Wang [Sat, 4 Jul 2015 06:13:24 +0000 (23:13 -0700)]
ovn-controller-vtep: Add vtep module.
This commit adds the vtep module to ovn-controller-vtep. The
module will scan through the Port_Binding table in OVN-SB database,
and update the vtep logcial switches tunnel keys.
Signed-off-by: Alex Wang <ee07b291@gmail.com>
Acked-by: Russell Bryant <rbryant@redhat.com>
Acked-by: Justin Pettit <jpettit@nicira.com>
Justin Pettit [Mon, 14 Sep 2015 22:16:56 +0000 (15:16 -0700)]
FAQ: Add entry about ingress policing.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Jiri Benc [Thu, 10 Sep 2015 13:15:32 +0000 (06:15 -0700)]
datapath: Use netlink ipv4 API to handle the ipv4 addr attributes.
upstream: ("netlink: implement nla_put_in_addr and nla_put_in6_addr")
upstream: ("netlink: implement nla_get_in_addr and nla_get_in6_addr")
IP addresses are often stored in netlink attributes. Add generic functions
to do that.
Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Pravin B Shelar [Sat, 12 Sep 2015 17:40:56 +0000 (10:40 -0700)]
tnl-port: Fix list iteration.
Fixes Segmentation fault in
tnl_port_map_run () at lib/tnl-ports.c:403
Reported-by: Jesse Gross <jesse@nicira.com>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Ben Pfaff [Sat, 12 Sep 2015 03:09:21 +0000 (20:09 -0700)]
ovn-nbctl: Give handler functions more specific names.
I find that it's nice to give functions for commands names specific to the
utility, even though they're static, because occasionally it makes it
easier to find them using "tags", "grep", etc.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <ee07b291@gmail.com>
Ben Pfaff [Sat, 12 Sep 2015 03:18:54 +0000 (20:18 -0700)]
ovn-nbctl: Fix typo and add minor clarification in documentation.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <ee07b291@gmail.com>
Ben Pfaff [Wed, 2 Sep 2015 22:37:38 +0000 (15:37 -0700)]
db-ctl-base: Make 'cmd_show_tables' argument to ctl_init() optional.
This allows the client to omit the "show" command if it doesn't want it.
This will be used in an upcoming commit.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <ee07b291@gmail.com>
Ben Pfaff [Wed, 2 Sep 2015 22:36:21 +0000 (15:36 -0700)]
ovn-sbctl: Improve usage message.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <ee07b291@gmail.com>
Ben Pfaff [Wed, 2 Sep 2015 23:38:19 +0000 (16:38 -0700)]
ovn-sbctl: Support SSL for connecting to southbound database.
Eventually we'll want this and it's easy to add, so go ahead and add it
now.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <ee07b291@gmail.com>
Ben Pfaff [Wed, 2 Sep 2015 22:36:00 +0000 (15:36 -0700)]
ovn-sbctl: Indentation fixes.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <ee07b291@gmail.com>
Ben Pfaff [Wed, 2 Sep 2015 21:20:32 +0000 (14:20 -0700)]
Fix typos in comments.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <ee07b291@gmail.com>
Jesse Gross [Fri, 11 Sep 2015 16:01:05 +0000 (09:01 -0700)]
tunnel: Validate IP header for userspace tunneling.
Currently, when doing userspace tunneling we don't perform much in
the way of integrity checks on the incoming IP header. The case of
tunneling is different from the usual case of switching since we are
acting as the endpoint here and should not allow invalid packets to
pass.
This adds checks for IP checksum, version, total length, and options and
drops packets that don't pass.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Ben Pfaff [Thu, 27 Aug 2015 05:40:11 +0000 (22:40 -0700)]
expr: Properly handle several cases involving string variables.
The expr test cases covered string variables poorly and thus a number of
bugs and omissions slipped through. This fixes them and generalizes the
test cases to better cover string variables.
Reported-by: Justin Pettit <jpettit@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>
Justin Pettit [Fri, 11 Sep 2015 22:30:47 +0000 (15:30 -0700)]
expr: Fix crossproduct example.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Fri, 11 Sep 2015 22:10:30 +0000 (15:10 -0700)]
ovn-northd: Document logical flow table structure.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>
Joe Stringer [Fri, 11 Sep 2015 01:00:21 +0000 (18:00 -0700)]
ipfix: Fix SIGFPE in bridge exporter sampling.
A divide-by-zero exception like the below could occur when IPFIX
configuration is cleared while handling sampled packets from the
datapath. While it's not valid to configure the sampling probability of
IPFIX to zero via explicitly setting it in OVSDB, it is possible to
clear the configuration, which results in a probability of zero. In this
case, there is a window during which it is possible for upcalls to find
the cleared IPFIX object and attempt to perform sampling using it. Fix
the issue by ensuring that the probability is nonzero before using it.
"Program terminated with signal SIGFPE, Arithmetic exception."
dpif_ipfix_bridge_sample (...) at ../ofproto/ofproto-dpif-ipfix.c:1701
process_upcall (...) at ../ofproto/ofproto-dpif-upcall.c:1145
recv_upcalls (...) at ../ofproto/ofproto-dpif-upcall.c:705
udpif_upcall_handler (...) at ../ofproto/ofproto-dpif-upcall.c:631
ovsthread_wrapper (...) at ../lib/ovs-thread.c:340
start_thread (...) at pthread_create.c:312
clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Romain Lenglet <romain.lenglet@oracle.com>
Joe Stringer [Fri, 11 Sep 2015 00:58:35 +0000 (17:58 -0700)]
ipfix: Add bridge_exporter_enabled().
Rather than describing this intention after the fact, encode this
meaning in the name of a function.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Romain Lenglet <romain.lenglet@oracle.com>
Joe Stringer [Fri, 11 Sep 2015 00:47:40 +0000 (17:47 -0700)]
tests: Add basic IPFIX test.
Previously, we had no IPFIX tests in the testsuite. Now we have one.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Romain Lenglet <romain.lenglet@oracle.com>
projects / cascardo / ovs.git / log