git.cascardo.eti.br Git - cascardo/ovs.git/log

treewide: Fix doubled "the".

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

ovs-ofctl: Refine documentation of Geneve option mapping.

The text didn't say how to actually match on them. I took the liberty of
massaging the text a little further, too.

Suggested-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>

ofproto-dpif: Use a regular ref instead of try_ref for rule translation.

Until now, flow translation has had to use try_ref to take a reference on
a rule, because a competing thread might have released the last reference
and done an RCU-postponed deletion. Since classifier versioning was
introduced, however, the release of the last reference is itself
RCU-postponed, which means that it is always safe to take the reference
directly.

Changing try_ref to ref means that taking a reference can't fail, which
allows the caller to take a reference in cases where the need to take a
reference was previously passed along a call chain, which simplifies some
code.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ovn: Change strategy for tunnel keys.

Until now, OVN has used "flat" tunnel keys, in which the STT tunnel key or
Geneve VNI contains a logical port number.  Logical port numbers are unique
within an OVN deployment.

Flat tunnel keys have the advantage of simplicity.  However, for packets
that are destined to logical ports on multiple hypervisors, they require
sending one packet per destination logical port rather than one packet per
hypervisor.  They also make it hard to integrate with VXLAN-based hardware
switches, which use VNIs to designate logical networks instead of logical
ports.

This commit switches OVN to a different scheme.  In this scheme, in Geneve
the VNI designates a logical network and a Geneve option specifies the
logical input and output ports, which are now scoped within the logical
network rather than globally unique.  In STT, all three identifiers are
encoded in the tunnel key.

To allow for the reduced amount of traffic for packets destined to logical
ports on multiple hypervisors, this commit also introduces the concept
of a logical multicast group.  The membership of these groups can be set
using a new Multicast_Group table in the southbound database (and
ovn-northd does use it starting in this commit).

With multicast groups alone, it would be difficult to implement ACLs,
because an ACL might disallow only some of the packets being sent to
a remote hypervisor.  Thus, this commit also splits the OVN logical
pipeline into two pipelines: the "ingress" pipeline, which makes the
decision about the logical destination of a packet as a set of logical
ports or multicast groups, and the "egress" pipeline, which runs on the
destination hypervisor with the multicast group destination exploded into
individual ports and makes a final decision on whether to deliver the
packet.  The "egress" pipeline can efficiently apply ACLs.

Until now, the OVN logical and physical pipeline implementation was not
adequately documented.  This commit adds extensive documentation to
the OVN manpages to cover these issues.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

ofctrl: Negotiate OVN Geneve option.

This won't really get used until the next commit.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

rule: Introduce MFF_LOG_DATAPATH macro for consistency.

The other logical fields have their own macros, so the logical datapath
field might as well have one.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

actions: Allow caller to specify output table.

When an upcoming commit divides the pipeline up into ingress and egress
pipeline, it will become necessary to resubmit to different tables from
each of those pipelines to implement output. This commit makes that
possible.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

ovn: Rename Pipeline table to Logical_Flow table.

The OVN pipeline is being split into two phases, which are most naturally
called "pipelines". I kept getting very confused trying to call them
anything else, and in the end it seems to make more sense to just rename
the Pipeline table.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

ovn: Rename Binding table to Port_Binding.

An upcoming patch will add a Datapath_Binding table, so clarifying the
name seems useful.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

nroff: Add support for 'diagram' XML element for protocol headers.

This will be used in documentation for an upcoming change, to document
how Geneve OVN options are encoded.

The code in this change is from a series (not yet submitted) that makes
much more extensive use of it for documenting protocol headers.

Signed-off-by: Ben Pfaff <blp@nicira.com>

smap: New function smap_get_uuid().

To be used in an upcoming commit.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

ovn-controller: Use controller_ctx just to pass around data.

Until now, controller_ctx has been a store of common state (although
the amount of data stored in it has declined to just database state).
I think it's clearer if we just use it as a way to pass data to
functions. This commit makes that change.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

ovn-controller: Slightly adjust pipeline init and destroy for consistency.

This drops an unused parameter and groups the calls to these functions
with ofctrl_destroy() in each case.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

bridge: Reconfigure when system interfaces change.

Whenever system interfaces are removed, added or change state, reconfigure
bridge. This allows late interfaces to be added to the datapath when they are
added to the system after ovs-vswitchd is started.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

rtbsd: support RTM_IFANNOUNCE messages

When devices are created, they are announced using RTM_IFANNOUNCE messages using
PF_ROUTE.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath: Fix STT protocol field for sampling packet.

Fixes typo in STT sampling code.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

ovn: Get/set lport type and options in ovn-nbctl.

A recent patch added "type" and "options" columns to the Logical_Port
table in OVN_Northbound. This patch allows you to get and set those
columns with ovn-nbctl.

ovn-nbctl should eventually get converted to use the common db-ctl
code that was recently added. When that happens, these commands can
just be removed.

Signed-off-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovn: Add type and options to logical port.

We have started discussing the use of the logical port abstraction in
OVN to represent special types of connections into an OVN logical
switch.  This patch proposes some schema updates to reflect these
special types of logical ports.  A logical port can have a "type" and
a set of options specific to that type.

Some examples of logical port types would be "vtep" for connectivity
to a VTEP gateway or "localnet" for a connection to a locally
accessible network via an ovs bridge.  Actualy support for these (or
other) types will come in later patches.

Signed-off-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

smap: Add smap_equal().

Add a method to determine of two smaps are equal (have the exact same
set of key-value pairs).

Suggested-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif-xlate: Fix mirroring interaction with recirculation.

Before this commit, mirroring state was not preserved across recirculation,
which could result in a packet being mirrored to the same destination both
before and after recirculation. This commit fixes the problem and adds a
test to avoid regression.

Found by inspection.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ofproto-dpif-xlate: Add recirculation information to "ofproto/trace".

This makes it possible to understand what happens recirculation-wise in
translation.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ofp-actions: Add action "debug_recirc" for testing recirculation.

It isn't otherwise useful and in fact hurts performance so it's disabled
without --enable-dummy.

An upcoming commit will make use of this.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ofproto-dpif-rid: Factor recirculation state out as new structure.

This greatly reduces the number of arguments to many of the functions
involved in recirculation, which to my eye makes the code clearer. It
will also make it easier to add new recirculation state in an upcoming
commit.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ofproto-dpif-xlate: Rewrite mirroring to better fit flow translation.

Until now, mirroring has been implemented by accumulating, across the whole
translation process, a set of mirrors that should receive a mirrored
packet.  After translation was complete, mirroring restored the original
version of the packet and sent that version to the mirrors.

That implementation was ugly for multiple reasons.  First, it means that
we have to keep a copy of the original packet (or its headers, actually),
which is expensive.  Second, it doesn't really make sense to mirror a
version of a packet that is different from the one originally output.
Third, it interacted with recirculation; mirroring needed to happen only
after recirculation was complete, but this was never properly implemented,
so that (I think) mirroring never happened for packets that were
recirculated.

This commit changes how mirroring works.  Now, a packet is mirrored at the
point in translation when it becomes eligible for it: for mirrors based on
ingress port, this is at ingress; for mirrors based on egress port, this
is at egress.  (Duplicates are dropped.)  Mirroring happens on the version
of the packet as it exists when it becomes eligible.  Finally, since
mirroring happens immediately, it interacts better with recirculation
(it still isn't perfect, since duplicate mirroring will occur if a packet
is eligible for mirroring both before and after recirculation; this is
not difficult to fix and an upcoming commit later in this series will do so).

Finally, this commit removes more code from xlate_actions() than it adds,
which in my opinion makes it easier to understand.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ofproto-dpif-xlate: Drop packets received from mirror output ports earlier.

Packets should never be received on mirror output ports.  We drop them
when we do receive them.  But by putting them through the processing that
we did until now, we made it possible for MAC learning, etc. to happen
based on these packets.  This commit drops them earlier to prevent that.

Found by inspection.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ofproto-dpif-xlate: Move initialization of 'in_port' closer to first use.

This seems to be a little clearer to me.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ofproto-dpif-xlate: Move 'nf_output_iface' from xlate_out to xlate_ctx.

This member is used internally during translation but none of the callers
used as an output of translation.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ofproto-dpif-xlate: Remove multiple members from struct xlate_out.

Nothing used them.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ofproto-dpif-xlate: Move 'mirrors' from xlate_out to xlate_ctx.

Nothing outside of ofproto-dpif-xlate.c referenced this member.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ofproto-dpif-xlate: Set up 'base_flow' when we initialize 'ctx'.

The initialization of 'base_flow' was previously split into a few pieces,
and I think it's easier to understand if it's all in one place.

This also moves and rewrites the comment describing 'base_flow'. I think
that the perspective of the new comment is a little more useful.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ofproto-dpif-xlate: Clean up sFlow and IPFIX sampling code.

This code was a twisty maze of tiny functions, but what it actually needed
to do was simple. This makes it look that simple.

Among more stylistic changes, this removes 'user_cookie_offset' from
xlate_ctx. This member was used to communicate between two sections of
code that are both in xlate_actions() and close together, so it's better to
simply use a local variable than to put it into a shared context structure.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ofproto-dpif-xlate: Factor wildcard processing out of xlate_actions().

I think that this makes xlate_actions() easier to read.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

tunnel: Break tnl_xlate_init() into two separate functions.

It seems to me that tnl_xlate_init() has two almost-separate tasks.  First,
it marks most of the 'wc' bits for tunnels.  Second, it checks and updates
ECN bits.  This commit breaks tnl_xlate_init() into two separate functions,
one for each of those tasks.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ofproto-dpif-xlate: Simplify 'sample_actions_len' calculation.

It's always the size of 'odp_actions' following adding the sample actions.

This is a stylistic change that should not change behavior.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ofproto-dpif-xlate: Move declaration of 'orig_flow' near its first use.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ofproto-dpif-xlate: Eliminate 'is_icmp' from xlate_actions().

This is only used in one place and action processing can't change the
result, so only calculate it where it's needed.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ofproto-dpif-xlate: Simplify invocation of process_special().

This takes advantage of common properties of the invocation of this
function in both callers (both supply the same 'flow' and 'packet',
although they write it differently) and avoids the need for a local
variable in each place.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ofproto-dpif-xlate: Eliminate 'rule' local variable.

This variable was only used as a temporary within a small scope, so it
worked just as well to just use ctx.rule there instead.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ofp-util: Fix group desc request encoding.

Signed-off-by: Minoru TAKAHASHI <takahashi.minoru7@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

openflow: Add OpenFlow1.5 group desc request.

Signed-off-by: Minoru TAKAHASHI <takahashi.minoru7@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofp-util: Fix port desc request encoding.

Signed-off-by: Minoru TAKAHASHI <takahashi.minoru7@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

openflow: Add OpenFlow1.5 port desc request.

Signed-off-by: Minoru TAKAHASHI <takahashi.minoru7@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif-xlate: Calculate 'ofpacts' in more restricted scope.

This moves the calculation of 'ofpacts' closer to its actual use, which
in my opinion makes the code easier to read.

This commit also expands the circumstances in which OVS omits sending
NetFlow records from those where there is exactly one OpenFlow action that
sends to controller, to those where any OpenFlow action sends to
controller. I doubt that this is a big deal.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ofproto-dpif-xlate: Make xlate_actions() caller supply action buffer.

Until now, struct xlate_out has embedded an ofpbuf for actions and a large
stub for it, which xlate_actions() filled in during the flow translation
process.  This commit removes the embedded ofpbuf and stub, instead putting a
pointer to an ofpbuf into struct xlate_in, for a caller to fill in with a
pointer to its own structure if desired.  (If none is supplied,
xlate_actions() uses an internal scratch buffer and destroys it before
returning.)

This commit eliminates the last large data structure from
struct xlate_out, making the initialization of an entire xlate_out at
the beginning of xlate_actions() now reasonable.  More members will be
eliminated in upcoming commits, but this is no longer essential.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ofproto-dpif-xlate: Make xlate_actions() caller supply flow_wildcards.

Until now, struct xlate_out has embedded a struct flow_wildcards, which
xlate_actions() filled in during the flow translation process (unless this
was disabled with xin->skip_wildcards, which in classifier microbenchmarks
saves significant time).  This commit removes the embedded flow_wildcards
and 'skip_wildcards', instead putting a pointer to a flow_wildcards into
struct xlate_in, for a caller to fill in with a pointer to its own
structure if desired.

One reason for this change is performance.  Until now, the userspace slow
path has done a full copy of a struct flow_wildcards for each upcall in
upcall_cb().  This commit eliminates that copy.  I don't know whether this
has a measurable performance impact; it may, because struct flow copies
had a noticeable cost in slow-path stress tests even when struct flow was
half its current size.

This commit also eliminates a large data structure from struct xlate_out,
reducing the cost of the initialization of that structure at the beginning
of xlate_actions().  However, there is more size reduction to come in
later commits.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ofproto-dpif: Fix inaccurate wildcard output in ofproto/trace.

Until now, the ofproto/trace command has tried to accumulate wildcards
independently of flow translation. This was unnecessary, and in a few
cases where flow translation drops wildcards, it meant that ofproto/trace
printed inaccurate wildcards (because it keep the wildcards that flow
translation dropped).

This updates a test case whose output is now more accurate.

Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif-xlate: Initialize 'ctx' all in one place.

As I see it, this has two benefits. First, by using an initializer
rather than a series of assignment statements, the reader can be
assured that everything in the structure is actually initialized.
Second, previously the initialization of 'ctx' was scattered in
a few places in this function, which made it a little harder to be
sure that any given member was not just initialized but actually
initialized before the statement that one was looking at.

It's also nice to get rid of the stub members in xlate_ctx, since
nothing outside of xlate_actions() itself needs direct access to
them. (This is pretty much necessary if we're going to use an
initializer for struct xlate_ctx, because otherwise the compiler
would initialize the whole stub, which is too expensive.)

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ofpbuf: New macro OFPBUF_STUB_INITIALIZER.

To be used in an upcoming commit.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

list: New macro OVS_LIST_POISON for initializing a poisoned list.

To be used in an upcoming commit.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ofproto-dpif-xlate: Initialize '*xout' all together at beginning.

To my mind, this is a good way to ensure that '*xout' gets initialized
properly in every execution. By using an initializer rather than a
series of assignment statements, we can be assured that every member
gets initialized.

This commit makes xlate_actions() more expensive because struct
xlate_out is large and this assignment will initialize all of it due to
C rules. Later commits will fix this up by removing all of the large
members, reducing xlate_out to only a few bytes total.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

type-props: Suppress warnings in newer Clang and GCC.

Until now, Clang 3.7+ and sufficiently new versions of GCC complained about
TYPE_MAXIMUM(int), etc., because it shifts a negative value. This commit
fixes the problem.

This commit also gives these macros sensible definitions for _Bool, and
documents all of them.

Reported-by: Joe Stringer <joestringer@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>

AUTHORS: Add Alexander Duyck.

Signed-off-by: Joe Stringer <joestringer@nicira.com>

datapath: Use eth_proto_is_802_3.

Replace "ntohs(proto) >= ETH_P_802_3_MIN" w/ eth_proto_is_802_3(proto).

Backport of upstream commit 6713fc9b8fa33444aa000f0f31076f6a859ccb34:
"openvswitch: Use eth_proto_is_802_3"

Signed-off-by: Alexander Duyck <alexander.h.duyck@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

datapath: Backport eth_proto_is_802_3().

Backport of upstream commit 2c7a88c252bf3381958cf716f31b6b2e0f2f3fa7:
"etherdev: Fix sparse error, make test usable by other functions"

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

datapath: Use skb_postpull_rcsum().

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

datapath: Constify netlink structs.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

datapath: Whitespace fixes.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

rhel: Add buildrequires for libtool and automake.

Those two packages are needed to build but they might not
be present in the system.

Signed-off-by: Flavio Leitner <fbl@redhat.com>
Acked-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovn-controller: Honor external-ids:ovn-bridge changing.

Until now, if external-ids:ovn-bridge changed, ovn-controller ignored
the change. With this commit, ovn-controller uses the new bridge.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

ovn-controller: Rename init functions that just register IDL columns.

The generic *_init() names for these functions made it sounds like they
do something more than just register IDL columns, even though that's all
they do. Also, the controller_ctx that was passed into each of them was
only used to get the IDL handle. This commit renames them and changes
their parameter type to simplify and make all of this clearer.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

ovn-controller: Tolerate missing 'chassis_id'.

Until now, if the chassis id was missing, ovn-controller exited. This
commit makes ovn-controller wait for it to return.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

ovn-controller: Tolerate missing integration bridge.

Until now, if the integration bridge was missing, ovn-controller exited.
This commit makes it wait until the integration bridge is created.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

ovn-controller: Pass 'chassis_id' explicitly to functions that need it.

I found it otherwise difficult to see what code depended on this. When
later commits make it possible for ovn-controller to handle changes in
chassis ID, this will become important (the code should determine the
current chassis ID before trying to use it).

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

ovn-controller: Factor encapsulation code out of chassis code.

These two pieces of code have different requirements and hardly anything in
common, and I found it easier to understand and reasonably modify the
overall structure of the program when they were separated.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

Fix treatment of OpenFlow 1.1+ bucket weights.

Until now, OVS has parsed all OF1.1+ group buckets that lack a weight
as having weight 1.  Unfortunately, OpenFlow says that only "select"
groups may have a nonzero weight, and requires reporting an error for
other kinds of groups that have a nonzero weight.  This commit fixes
the problem by parsing only select groups with a default weight of 1
and other groups with a default weight of 0.  It also adds the
OpenFlow-required check for nonzero weights for other kinds of groups.

This complies with OpenFlow 1.1 and later.  OF1.1 says in section 5.8:

    If a specified group type is invalid (ie: includes fields such as
    weight that are undefined for the specified group type) then the
    switch must refuse to add the group entry and must send an
    ofp_error_msg with OFPET_GROUP_MOD_FAILED type and
    OFPGMFC_INVALID_GROUP code.

Found by OFTest.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>

ofp-actions: OFPP_ANY (aka OFPP_NONE) is not a valid output port.

This is implied by the list of ports that are valid for output in the
various versions of the OpenFlow specification.

Found by OFTest.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>

ofproto: Ignore generation ID for role change to "equal".

The OpenFlow specification says that only role changes to slave or master
check the generation ID, so this is a bug fix.

OpenFlow 1.2 section A.3.9 phrases the requirement this way:

    Additionally, if the role value in the message is OFPCR_ROLE_MASTER
    or OFPCR_ROLE_SLAVE, the switch must validate generation_id to check
    for stale messages.

Found by OFTest.

Signed-off-by: Ben Pfaff <blp@nicira.com>

ovn: Fix broken build.

Fixes the following error:

The following files are in git but not the distribution:
ovn/OVN-GW-HA.md

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ovn-controller: Avoid overlooking changes that occur during commit.

A commit to the database takes multiple trips through the main loop.  In
that time, the database could change, but ovn-controller can't properly
react to the changes until the commit has succeeded or failed.  Since
commit f1fd765733 (ovn-controller: Avoid blocking to commit OVSDB
transactions), Open vSwitch has failed to properly re-check the contents
of the database following a successful commit.  That meant that it was
possible for ovn-controller to fail to react to a database change until
much later, if nothing else happened for some time.

Reported-by; Alex Wang <alexw@nicira.com>
Reported-at: http://openvswitch.org/pipermail/dev/2015-July/058176.html
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>

doc: Document proposed OVN Gateway HA design.

High availability for gateways in network virtualization deployments
is fairly difficult to get right.  There are a ton of options, most of
which are too complicated or perform badly.  To help solve this
problem, this patch proposes an HA design based on some of the lessons
learned building similar systems.  The hope is that it can be used as
a starting point for design discussions and an eventual
implementation.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

openflow: Add additional reserved space in struct nx_geneve_table_reply.

It's possible to imagine that a switch might want to report additional
capabilities related to Geneve beyond just the number of options and
how much space they can consume. Some examples include additional
restrictions on parsing (if this command is used for non-OVS implementations
or OVS changes how it works) and per-packet actions that can't be done
generically (such as checksums or encryption). It's not yet clear if
these will be necessary or if OpenFlow is the right place to expose
them. However, it's easy to do now and there is very little cost so
it seems like a good idea to leave some additional reserved space.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ovn-controller: Fix flow generation for container traffic.

In table 64, when a vlan tag is set on a packet
destined to a container running inside a VM, we currently
don't revert it. This has an unintended consequence for
broadcast traffic when one endpoint of the braodcast
traffic is a plain VM (without containers running inside) where
the previously set tag would remain in the packets sent to the VM.

This commit fixes the above problem by popping the VLAN
and resetting the input port after outputting the packet
with a vlan tag to a container logical port.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ofp-print: Abbreviate duplicated table features.

I spent some time recently looking at the results of "ovs-ofctl
dump-table-features".  It was really distressing because of the volume of
information.  Every table yielded well over 100 lines of output and for 253
(visible) tables that meant over 25,300 lines of output total, which is
basically unusable.

This commit cuts the volume of output greatly by eliminating most of the
duplication from one table to the next.  The command now prints the full
output only for table 0, and for each subsequent table prints only the
parts that differ.  That reduces the output volume for tables after the
first to only 9 lines each (one of which is blank), for a total of more
like 2,400 lines, which is still not short but reasonably manageable.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>

dpdk: Fix detection of vhost_cuse in dpdk rte_config.h

Dpdk allows users to create a config that includes other config files and
then override values.

Eg.
defconfig_x86_64-native_vhost_cuse-linuxapp-gcc:

CONFIG_RTE_BUILD_COMBINE_LIBS=y
CONFIG_RTE_BUILD_SHARED_LIB=n
CONFIG_RTE_LIBRTE_VHOST=y
CONFIG_RTE_LIBRTE_VHOST_USER=n

This allows you to have both a vhostuser and vhostcuse config in the same
source tree without the need to replicate everything in those config files
just to change a couple of settings. The resultant .config file has all of
the settings from the included files with the updated settings at the end.
The resultant rte_config.h contains multiple undefs and defines for the
overridden settings.

Eg.
  > grep RTE_LIBRTE_VHOST_USER x86_64-native_vhost_cuse-linuxapp-gcc/include/rte_config.h
  #undef RTE_LIBRTE_VHOST_USER
  #define RTE_LIBRTE_VHOST_USER 1
  #undef RTE_LIBRTE_VHOST_USER

The current mechanism to detect the RTE_LIBRTE_VHOST_USER setting merely
greps the rte_config.h file for the string "define RTE_LIBRTE_VHOST_USER 1"
rather than the final setting of RTE_LIBRTE_VHOST_USER. The following patch
changes this test to detect the final setting of RTE_LIBRTE_VHOST_USER.

Signed-off-by: Gary Mussar <gmussar@ciena.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com

ofctrl: Fix use of uninitialized hash value in ofctrl_add_flow().

When ofctrl_add_flow() called ovn_flow_lookup(), the latter used the hash
from the flow's hmap_node, but the former hadn't initialized it at that
point. This commit fixes the problem.

Reported-by: Russell Bryant <rbryant@redhat.com>
Reported-at: http://openvswitch.org/pipermail/dev/2015-July/057851.html
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

ovn: Make column comparisons more generic.

The logic in ovn-northd's parents_equal() and tags_equal() is useful
for other columns, so convert them into more generic functions that
can be reused.

Signed-off-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovn-controller: Pass 'br_int' explicitly to functions that need it.

I found it hard otherwise to see what code depended on this.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

ovn-controller: Explicitly pass the flow table from function to function.

As I was working in ovn-controller, I found it hard to tell what code
produced and what code consumed the OpenFlow flow table, because it was
all implicit. This commit makes the data structure an explicit variable
in the main loop, which makes it easier to see.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

ovn-controller: Avoid blocking to commit OVSDB transactions.

Until now, ovn-controller has been full of loops that commit a transaction
to the OVS or OVN Southbound database.  These blocking loops delay other
work within ovn-controller.  They also make it unsafe to keep pointers to
database records within a single ovn-controller main loop, since calls
to ovsdb_idl_run() can cause IDL records to be destroyed.  This commit
drops all of the blocking calls, instead doing a single commit to the
databases at the end of each main loop.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

ovn-controller: Drop unnecessary checks for ovsdb_idl_is_alive().

The IDLs as created by ovn-controller always retry failed connections,
which means that ovsdb_idl_is_alive() will always report that they are
alive.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

ovn-controller: Fix potential use-after-free in get_core_config().

It's unsafe to hold a pointer to a row in the IDL across calls to
ovsdb_idl_run() for that IDL.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

netdev-linux: Cache the result of previous reading of in4 address.

This commit makes netdev_linux_set_in4() cache the result of previous
reading of in4 address (successful or not).

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

netdev-linux: Make netdev_linux_get_in6() conform to API definition.

The get_in6() API defined in netdev-provider.h requires the return
of error values when the 'netdev' has no assigned IPv6 address or
the 'netdev' does not support IPv6. However, the netdev_linux_get_in6()
implementation does not follow this (always return 0). And this
causes the a bug in deleting vlan interfaces created for vlan
splinter.

This commit makes netdev_linux_get_in6() conform to the API definition
and returns the specified error value when failing to get IPv6 address.

VMware-BZ: #1485521
Reported-by: Ronald Lee <ronaldlee@vmware.com>
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

netdev-linux: Make netdev_linux_notify_sock join RTNLGRP_IPV4_IFADDR
and RTNLGRP_IPV6_IFADDR.

Currently the netdev_linux_notify_sock only joins multicast group
RTNLGRP_LINK for link status change notification. Some ovs features
also require the detection of ip addresses changes and update of the
netdev-linux's cache. To achieve this, we need to make
netdev_linux_notify_sock join the multicast group RTNLGRP_IPV4_IFADDR
and RTNLGRP_IPV6_IFADDR.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

rtnetlink: Extend rtnetlink to support RTNLGRP_IPV4_IFADDR and
RTNLGRP_IPV6_IFADDR.

This commit renames the rtnetlink-link.{c,h} to rtnetlink.{c,h}
and extends the module to support RTNLGRP_IPV4_IFADDR and
RTNLGRP_IPV4_IFADDR multicast groups. A later patch will start
using this module to react to interface address changes.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

datapath-windows: Avoid BSOD when cleaning up a tunnel vport

If an error appears when creating a tunnel vport the cleanup is performed
twice, which causes the tunnel vport to be released also twice and
generate a BSOD.

This patch modifies the tunnel filter cleanup logic to avoid this issue.

Signed-off-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-at: https://github.com/openvswitch/ovs-issues/issues/97
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif.at: Skip a sflow test.

sflow is not supported on Windows. So skip the
test.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

rtbsd: Include necessary headers on rtbsd.h.

rtbsd.h requires net/if.h for IF_NAMESIZE. This was not caught because rtbsd.c
did not include rtbsd.h as its first header.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

collectors: Use closesocket() to close sockets.

We should use closesocket() while closing sockets so that
closing sockets work fine on both POSIX and Windows.
(In POSIX, we #define closesocket close)

Without this change, sflow unit tests would cause ovs-vswitchd
to crash in Windows.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif-mirror: Fix insane waste of memory and time in checking VLANs.

When a mirror was restricted to particular VLANs, this code was allocating,
copying, and freeing a 512-byte block of memory just to check the value of
a single bit in the block. This fixes the problem.

Found by inspection.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>

ofproto: Implement OF1.4 Set/Get asynchronous configuration messages.

This patch adds support for Openflow1.4 set/get asynchronous configuration
messages. OpenVSwitch already supports set/get asynchronous configuration
messages for Openflow1.3. In this patch OFPT_SET_ASYNC_CONFIG message
allows the controllers to set the configuration for OFPT_ROLE_STATUS,
OFPT_TABLE_STATUS and OFPT_REQUESTFORWARD in addition to the Openflow1.3
messages. In a OFPT_SET_ASYNC, only the properties that shall be changed
need to be included, properties that are omitted from the message are
unchanged.

The OFPT_GET_ASYNC_CONFIG is used to query the asynchronous configuration
of switch. In a OFPT_GET_ASYNC_REPLY message, all properties must be
included.

According to Openflow1.4 the initial configuration shall be:

   - In the “master” or “equal” role, enable all OFPT_PACKET_IN messages,
     except those with reason OFPR_INVALID_TTL, enable all OFPT_PORT_STATUS
     and OFPT_FLOW_REMOVED messages, and disable all OFPT_ROLE_STATUS,
     OFPT_TABLE_STATUS and OFPT_REQUESTFORWARD messages.

   - In the “slave” role, enable all OFPT_PORT_STATUS messages and disable
     all OFPT_PACKET_IN, OFPT_FLOW_REMOVED, OFPT_ROLE_STATUS,
     OFPT_TABLE_STATUS and OFPT_REQUESTFORWARD messages.

Signed-off-by: Niti Rohilla <niti.rohilla@tcs.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

tunnel: Drop 'base_flow' parameter from tnl_xlate_init().

At the point when tnl_xlate_init() is called, all of the members that
tnl_xlate_init() examines in 'base_flow' have the same values in 'flow',
so there's no point in passing both.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ofproto-dpif-xlate: Fix handling of write_actions(group(5),output(10)).

This keeps actset_output as OFPP_UNSET in the special case where a single
write_actions() contains a group action followed by an output action. The
presumably more common case where instructions in separate action lists
contained output and group actions was already properly handled.

Without the fix added by this commit, the test case as updated by this
commit fails.

Found by inspection.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ofproto-dpif-upcall: Fix typo in comment.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>

ofproto-dpif-upcall: Indentation fix.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>

ofproto-dpif-xlate: Remove unused function xlate_out_copy().

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>

perf-counter: Fix segfaults on non-Linux platforms.

Commit 0eee08dbddea520536197657da7a0b (perf-counter: simplify the
performance macro) introduces the PERF macro, which is empty for non-linux
platforms.

Added to commit bc487aeff2d6823c088d6e4499e0f53e6651523b (ovsdb: Add per
transaction commit instruction counter), that uses such macro, it causes
segfaults, since it makes ovsdb_txn_commit return an uninitialized pointer as
error.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
[blp@nicira.com added {} around the macro expansion]
Signed-off-by: Ben Pfaff <blp@nicira.com>

netflow: Mark some function parameters 'const'.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

db-ctl-base: make cmd_show_table private

Instead of requiring user to declare a global variable, pass the value
via ctl_init().

Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

db-ctl-base: remove the recurse member from struct cmd_show_table

The 'recurse' is used during run time to suppress duplicated prints.
It is not essential to describe how show command should work.

This patch remove the 'recurse' member. Duplicated prints is now
suppressed by maintaining an 'sset' of tables that have been printed
at run time.

Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>