git.cascardo.eti.br Git - cascardo/ovs.git/log

tunnel: Geneve TLV handling support for OpenFlow.

The current support for Geneve in OVS is exactly equivalent to VXLAN:
it is possible to set and match on the VNI but not on any options
contained in the header. This patch enables the use of options.

The goal for Geneve support is not to add support for any particular option
but to allow end users or controllers to specify what they would like to
match. That is, the full range of Geneve's capabilities should be exposed
without modifying the code (the one exception being options that require
per-packet computation in the fast path).

The main issue with supporting Geneve options is how to integrate the
fields into the existing OpenFlow pipeline. All existing operations
are referred to by their NXM/OXM field name - matches, action generation,
arithmetic operations (i.e. tranfer to a register). However, the Geneve
option space is exactly the same as the OXM space, so a direct mapping
is not feasible. Instead, we create a pool of 64 NXMs that are then
dynamically mapped on Geneve option TLVs using OpenFlow. Once mapped,
these fields become first-class citizens in the OpenFlow pipeline.

An example of how to use Geneve options:
ovs-ofctl add-geneve-map br0 {class=0xffff,type=0,len=4}->tun_metadata0
ovs-ofctl add-flow br0 in_port=LOCAL,actions=set_field:0xffffffff->tun_metadata0,1

This will add a 4 bytes option (filled will all 1's) to all packets
coming from the LOCAL port and then send then out to port 1.

A limitation of this patch is that although the option table is specified
for a particular switch over OpenFlow, it is currently global to all
switches. This will be addressed in a future patch.

Based on work originally done by Madhu Challa. Ben Pfaff also significantly
improved the comments.

Signed-off-by: Madhu Challa <challa@noironetworks.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

odp-util: Pass down flow netlink attributes when translating masks.

Sometimes we need to look at flow fields to understand how to parse
an attribute. However, masks don't have this information - just the
mask on the field. We already use the translated flow structure for
this purpose but this isn't always enough since sometimes we actually
need the raw netlink information. Fortunately, that is also readily
available so this passes it down from the appropriate callers.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

metaflow: Extend size of mf_value to 128 bytes.

Tunnel metadata can be substantially larger than our existing fields
(up to 124 bytes in a single Geneve option) so this extends the size
of the data that we can handle with metaflow fields. This also
breaks a few tests that assume that their max size is also the
maximum that can be handled in a field.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

openflow: Table maintenance commands for Geneve options.

In order to work with Geneve options, we need to maintain a mapping
table between an option (defined by <class, type, length>) and
an NXM field that can be operated on for the purposes of matches,
actions, etc. This mapping must be explicitly specified by the
user.

Conceptually, this table could be communicated using either OpenFlow
or OVSDB. Using OVSDB requires less code and definition of extensions
than OpenFlow but introduces the possibility that mapping table
updates and flow modifications are desynchronized from each other.
This is dangerous because the mapping table signifcantly impacts the
way that flows using Geneve options are installed and processed by
OVS. Therefore, the mapping table is maintained using OpenFlow commands
instead, which opens the possibility of using synchronization between
table changes and flow modifications through barriers, bundles, etc.

There are two primary groups of OpenFlow messages that are introduced
as Nicira extensions: modification commands (add, delete, clear mappings)
and table status request/reply to dump the current table along with switch
information.

Note that mappings should not be changed while they are in active use by
a flow. The result of doing so is undefined.

This only adds the OpenFlow infrastructure but doesn't actually
do anything with the information yet after the messages have been
decoded.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

nx-match: Enable parsing string representations of variable fields.

When reading in hex strings that form NXM fields, we don't need to
enforce size constraints if the fields are variable length.
Instead, we can set the header size based on the string length.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

nx-match: Trim variable length fields when encoding as actions.

It is technically correct to send the entire maximum length of
a field when it is variable length. However, it is awkward to
do so and not what one would naively expect. Since receivers will
internally zero-extend fields, we can do the opposite and trim
off leading zeros. This results in encodings that are generally
sensible without specific knowledge of what is being transmitted.
(Of course, other implementations, such as controllers, may know
exactly the expected length of the field and are free to encode
it that way even if it has leading zeros.)

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

nx-match: Enable senders of NXM fields to specify length.

Currently when an NXM field is encoded, the caller must specify
the length of the data being provided. However, this data is
always placed into a field of standard length. In order to
support variable length options, the length field must also
alter the size in the header. The previous implementation
already required callers to pass in the exact (fixed) size of
the field or it would not work properly, so there is no danger
that this will change the behavior for non-variable length
fields.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

nx-match: Handle receiving variable length fields.

This adds support for receiving variable length fields encoded in
NXM/OXM and mapping them into OVS internal structures. In order
for this to make sense, we need to define some semantics:

There are three lengths that matter in this process: the maximum
size of the field (represented as the existing mf->n_bytes), the
size of the field in the incoming NXM (given by the length in the
NXM header), and the currently configured length of the field
(defined by the consumer of the field and outside the scope of
this patch).

Fields are modeled as being their maximum length and have the
characteristics expected by exsiting code (i.e. exact match fields
have masks that are all 1's for the whole field, etc.). Incoming
NXMs are stored in the field in the least significant bits. If
the NXM length is larger than the field, is is truncated, if it
is smaller it is zero-extended. When the field is consumed, the
component that needs data picks the configured length out of the
generated field.

In most cases, the configured and NXM lengths will be equal and
these edge cases do not matter. However, since we cannot easily
enforce that the lengths match (and might not even know what the
right length is, such as in the case of a string parsed by
ovs-ofctl), these semantics should provide deterministic results
that are easy to understand and not require most existing code
to be aware of variable length fields.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

nx-match: Support variable length header lookup.

Currently we treat the entire NXM/OXM header, including length,
as an ID to define a field. However, this does not allow for
multiple lengths of a particular field.

If a field has been marked as variable, we should ignore the length
when looking up the field and only use the class and field. We
continue to use the length for non-variable fields to ensure that
we don't accept something that can never match.

Signed-off-by: Jesse Gross <jesse@nicira.com>

metaflow: Allow fields to be marked as variable length.

Until now, all fields that OVS can match against have been fixed
size (variable length headers can be skipped during parsing but
the match is fixed). However, Geneve options can vary in size
so we must not require the size of these fields to be known
at compile time.

This allows data types to be annotated with not only their size
but whether the field can be smaller than that. The following
patches will change OpenFlow parsing based on that.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

bitmap: Convert single bitmap functions to 64-bit.

Currently the functions to set, clear, and iterate over bitmaps
only operate over 32 bit values. If we convert them to handle
64 bit bitmaps, they can be used in more places.

Suggested-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

tests: Use taskkill if tskill is not available, on Windows.

This is not the minimal change; it "improves" the rest of the code as well.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>

python: Fix issue with probes for JSONRPC connections

When opening a JSONRPC connection, the health probes
are incorrectly getting turned off for connections
that need probes.

In other words, when stream_or_pstream_needs_probes()
return non-zero, the probes are gettting disabled as
the probe interval is getting set to zero. This leads
to incorrect behavior such that probes are:

- not getting turned off for unix: connections
- getting turned off for tcp:/ssl: connections

The changes in this commit fix this issue.

Signed-off-by: Sumit Garg <sumit@extremenetworks.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

python: Fix writing to non-"alert" column for newly inserted row.

When 'alert' was turned off on a column, the code was erroring out when
value for that column was being set in a newly inserted row. This is
because the row._data was None at this time.

It seems that new rows are not initialized to defaults and that's why the
NULL error happens. IMO a newly inserted row should automatically get
intialized to default values. This new behavior can be implemented as a
separate improvement sometime in the future.

For now, I don't see an issue with adding the additional check. This new
check can continue as-is even after the new behavior is implemented.

Signed-off-by: Sumit Garg <sumit@extremenetworks.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

python: Fix attempt to use a bool as a function.

A bool (has_lock) was being accessed as a function call leading to a
runtime exception.

Signed-off-by: Sumit Garg <sumit@extremenetworks.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

tests: Reduce user burden for running "make check".

With this commit, users do not have to manually add the pthread-win32
DLL directory to their PATH.

Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Co-authored-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif: Fix coding style.

Identation was one extra level at ofproto_unixctl_mcast_snooping_show.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovn: Add get/set-enabled to ovn-nbctl.

This patch adds support for getting and setting the 'enabled' column
for logical ports using ovn-nbctl.

Signed-off-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovn: Add logical port 'enabled' state.

This patch adds a new column to the Logical_Port table of the
OVN_Northbound database called 'enabled'. The purpose is to allow a
port to be administratively enabled or disabled. It is sometimes
useful to keep a port and its related configuration, but temporarily
disable it, which means no traffic is allowed in or out of the port.

The implementation is fairly non-invasive as it only required minor
changes to the logical pipeline.

Signed-off-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

Makefiles: Move xml2nroff rule from ovn directory to top level.

Originally only the OVN documentation used the XML format, but now it's
used outside the ovn directory (initially for ovs-sim.1) so it's more
logical to have the xml->nroff rule at the top level.

Reported-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>

nx-match: Fix typo in comment.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

nx-match: Fix distribution of hash function for NXM/OXM headers.

NXM/OXM headers as represented in this file are 64-bit long and the low
bits are essentially constant (almost always 0) so using hash_int(),
which takes an uint32_t, is going to be a useless hash function. This
commit fixes the problem.

Found by inspection.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

datapath-windows: Wrong cleanup of newly created multiple NBLs

Bug found in OvsPartialCopyToMultipleNBLs function in the cleanup part of
the code. Before completing the current NBL (newNbl) the NEXT link for the
following NBL (firstNbl) was broken, instead of the current one (newNbl).

Signed-off-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-at: https://github.com/openvswitch/ovs-issues/issues/87
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovsdb: Flush JSON cache only when necessary

Currently, JSON cache is always flushed whenever the monitor receives
a transaction. This patch improves the JSON cache efficiency by only
flush the JSON cache when a transaction causes client visible
changes, avoiding unnecessary flushes.

Suggested-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ovsdb: Only update monitor when necessary

Some DB modification transactions won't affect the columns of a monitor.
Skip those updates.

Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ovsdb: add ovsdb_monitor_row_update_type()

The logic of determining row update type will be useful in the following
patch. Make it into a function.

Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

datapath-windows: Return success for already existing WFP objects

There are cases when the WFP callout or sublayer, being persistent
objects, already exists when we try to register the OVS callout. In
this cases, when trying to add again these WFP objects the return code
is STATUS_FWP_ALREADY_EXISTS, which we are interpreting as an error.
This is incorrect and this patch changes that.

Signed-off-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-at: https://github.com/openvswitch/ovs-issues/issues/84
Signed-off-by: Ben Pfaff <blp@nicira.com>

Makefiles: Stop distributing files because building them requires Python.

A long time ago, the Open vSwitch build did not depend on Python (whereas
the runtime did), so the "make dist" based distribution included the
results of Python build tools. Later, the build began using Python,
but the distribution still included some of those results, because no one
had gone to the trouble of changing them. This commit changes the
Makefiles not to distribute Python-generated files but instead to just
generate them at build time.

Signed-off-by: Ben Pfaff <blp@nicira.com>

Increase prerequisite from Python 2.4 to Python 2.7.

This means that users of XenServer 6.5 and earlier will need to install
Python 2.7.

Signed-off-by: Ben Pfaff <blp@nicira.com>

nroff: Fix the escape of '.'.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>

db-ctl-base: Improve show command.

This commit adds improvement to 'show' command logic and allows it
to print key->table_ref maps. The direct effect can be observed
from the tests/vtep-ctl.at change. The improvement will also be
used in the ovn-sbctl implementation.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

vtep-ctl: Use db-ctl-base.

This commit makes vtep-ctl use db-ctl-base to avoid duplicate code.
As an addition, a 'show' command is added to vtep-ctl.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

db-ctl-base: Librarize database command manual.

This commit extracts the database command manual and puts it into
db-ctl-base.man.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

db-ctl-base: Librarize show command.

This commit extracts the 'show' command code and puts it into the
db-ctl-base module.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

db-ctl-base: Librarize code in parse_options().

This commit extracts general code from parse_options() and puts it into
db-ctl-base module.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

db-ctl-base: Make common database command code into library.

This commit extracts common database command (e.g. ovs-vsctl, vtep-ctl)
code into a new library module, db-ctl-base. Specifically, the module
unifies the command syntax and common database-operating commands like
(get, list, find, set ...), and provides apis which allow user to create
more specific commands.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ovs-vsctl: Simplify code.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

Add a few OVN files as part of DISTCLEANFILES.

Reported-by: Ian Stokes <ian.stokes@intel.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Tested-by: Ian Stokes <ian.stokes@intel.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

tests: Remove the windows service in case it failed to start

In case the ovsdb-server failed to start, the defined service was not
properly cleaned.

Add a run-if-false command in case the service failed to start.

Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

bfd: Add OVS_VSWITCHD_STOP to bfd unit tests

On Windows the following tests hang unless we also call
the OVS_VSWITCHD_STOP macro to stop the executable.

Tested on Windows and Linux

Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

ofproto-dpif-xlate: Add support for OpenFlow group chaining.

Requested-by: Vinllen Chen <cvinllen@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>

tests: Adjust output of vconn for windows.

Recent tests added for openflow atomic bundle support
looks for Linux specific output in logs. Adjust them
so that tests pass in Windows too.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>

ofproto.at: Don't specify the specific error.

On Windows, we don't do a good job of translating errors to Linux
type errors. So in the tests, don't look for a specific type of
error.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>

rpms: Exclude OVN files from openvswitch packages.

Currently rhel rpm does not build because of OVN files. This
patch only fixes the build failures. We eventually may have
to add OVN packages for RHEL, Xenserver and Debian.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

utilities: Ignore generated files.

Add
utilities/ovs-sim
utilities/ovs-sim.1

Found by issuing make.

Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath-windows: Initialize reference count when enabling extension

When the extension is initialized the global reference count, used for
preventing early deallocation of the switch extension, is set to 1.
Enabling and then disabling the extension leaves the latter reference
count to zero. Because of this the switch context fails to be acquired,
i.e OvsAcquireSwitchContext returns zero, and that affects driver's
communication to the userspace.

The solution is to initialize the reference count each time the extension
is enabled.

Signed-off-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-by: Nithin Raju <nithin@vmware.com>
Reported-at: https://github.com/openvswitch/ovs-issues/issues/86
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

datapath-windows: use correct dst port during Vxlan Tx

A previous commit used the wrong DST port in the UDP header during Vxlan
Tx which caused Vxlan tunneling to break. Fixing it here..

Also included is a cosmetic fix in OvsDetectTunnelRxPkt() where we were
using htons() instead of ntohs(). Doesn't make a difference in practice
though.

One more change is, OvsIpHlprCbVxlan() has been nuked since it is not
used. Not sure if it is worth being resurrected.

Testing done: Ping across Vxlan tunnel and Stt tunnel.

Signed-off-by: Nithin Raju <nithin@vmware.com>
Reported-by: Eitan Eliahu <eliahue@vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

Merge remote-tracking branch 'origin/master' into ovn4

odp-util: Convert flow serialization parameters to a struct.

Serializing between userspace flows and netlink attributes currently
requires several additional parameters besides the flows themselves.
This will continue to grow in the future as well. This converts
the function arguments to a parameters struct, which makes the code
easier to read and allowing irrelevant arguments to be omitted.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>

Prepare for post-2.4.0 (2.4.90).

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

Prepare for 2.4.0.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

datapath-windows: Return pending for IRPs completed later

Return STATUS_PENDING for IRPs that are completed later in another
thread.

Signed-off-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-at: https://github.com/openvswitch/ovs-issues/issues/83
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

AUTHORS: Add Thadeu Lima de Souza Cascardo.

Signed-off-by: Ben Pfaff <blp@nicira.com>

Add IGMPv3 support.

Support IGMPv3 messages with multiple records. Make sure all IGMPv3
messages go through slow path, since they may carry multiple multicast
addresses, unlike IGMPv2.

Tests done:

* multiple addresses in IGMPv3 report are inserted in mdb;
* address is removed from IGMPv3 if record is INCLUDE_MODE;
* reports sent on a burst with same flow all go to userspace;
* IGMPv3 reports go to mrouters, i.e., ports that have issued a query.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif-xlate: Make IGMP packets always take slow path.

IGMP packets need to take the slow path. Otherwise, packets that match
the same flow will not be processed by OVS. That might prevent OVS from
updating the expire time for entries already in the mdb, but also to
lose packets with different addresses in the payload.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovn: Remove completed items from TODO.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>

lacp: Remove packed attribute from struct lacp_pdu.

The packed annotation doesn't do anything here because all of the members
in the structure are naturally aligned.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Acked-by: Ethan Jackson <ethan@nicira.com>

auto-attach: Cleanup i-sid/vlan mappings associated with lldp-enabled port.

This commit fixes a bug where the i-sid/vlan mapping structures associated with
an lldp-enabled port were not being freed during general port cleanup.

Signed-off-by: Dennis Flynn <drflynn@avaya.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

docs: Fix alignment for diagram in native-tunneling.md.

Markdown was not formatted correctly and, as a result,
was displaying incorrectly on github.

Signed-off-by: Mark D. Gray <mark.d.gray@intel.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofctrl: Don't use designated initializers.

MSVC 2013 does not like designated initializers when
structs are initialized inside structs.
Apparently it has been fixed in MSVC 2015.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ovs-sim: New utility for multi-node OVS and OVN simulation.

Please see the examples in ovs-sim(1) for some examples of how this
can be useful.

Signed-off-by: Ben Pfaff <blp@nicira.com>

ovs-vtep: Support userspace datapaths.

With this commit, the VTEP emulator detects the datapath_type of the
bridge used as a "physical" switch, and creates subsequent bridges
with the same type. This allows ovs-vtep to work with the userspace
datapath.

Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Gurucharan Shetty <gshetty@nicira.com>

ovn-nbctl: Take default database target from OVN_NB_DB in environment.

This makes life easier for testing at the point you start to separate your
environment into multiple machines.

Also work on the manpage a little.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>

xml2nroff: Add support for variable substitutions.

This allows XML-generated manpages in the source tree to include correct
directory names for the local configuration, instead of just the plain
nroff ones.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>

dummy: Introduce new --enable-dummy=system option.

Until now there have been two variants for --enable-dummy:

    * --enable-dummy: This adds support for "dummy" dpif and netdev.

    * --enable-dummy=override: In addition, this replaces *every* existing
      dpif and netdev by the dummy type.

The latter is useful for testing but it defeats the possibility of using
the userspace native tunneling implementation (because all the tunnel
netdevs get replaced by dummy netdevs).  Thus, this commit adds a third
variant:

    * --enable-dummy=system: This replaces the "system" dpif and netdev
      by dummies but leaves the others untouched.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>

netdev: Initialize at the beginning of netdev_unregister_provider().

Otherwise, if netdev_unregister_provider() is called before any other
netdev function, netdev_class_mutex is not initialized and the attempt to
lock it aborts.

This doesn't fix an existing bug but with the following commit
--enable-dummy=system will make netdev_unregister_provider() the first
netdev function to be called.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>

dpif: Generalize test for dummy dpifs beyond the name.

When --enable-dummy=system or --enable-dummy=override is in use, dpifs
other than "dummy" are actually dummy dpifs, so use a more reliable test.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>

ofproto-dpif-xlate: Add native tunnel information to ofproto/trace.

I found this invaluable for debugging native tunnels over dummy devices.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>

ofproto-dpif: Allow translation reports to include formatted data.

This allow the reports to have additional useful information. An upcoming
commit will take advantage of this.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>

netdev-dummy: Implement ARP responder.

This is the only missing piece to make native tunneling work with dummy
devices for testing purposes.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>

packets: Generalize compose_arp().

Until now, compose_arp() has only been able to compose ARP requests. This
extends it to composing general ARP packets, in particular replies.
An upcoming commit will make use of this capability.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>

netdev-dummy: Report EADDRNOTAVAIL when no IPv4 address is configured.

This conforms with the interface described in netdev-provider.h.

Found when experimenting with native tunneling and dummy devices.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>

datapath-windows: BSOD when disabling the extension

When the filter detach routine is called while there are packets
still in processing, the OvsUninitSwitchContext function call will
decrement the switch context reference count without releasing the
switch context structure. This behaviour is correct and expected,
but the BSOD is caused in this case because the gOvsSwitchContext
variable is set to NULL, which is wrong.

The gOvsSwitchContext global variable must be set to NULL only when
the switch context structure is actually released.

Signed-off-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-at: https://github.com/openvswitch/ovs-issues/issues/80
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovn-sb: Remove redundant "attached_port" column from Gateway table.

The keys in the Chassis table's "gateway_ports" column report the same
information as the Gateway table's "attached_port" column, so this commit
removes the latter.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>

dpif-netdev: Prefetch next packet before miniflow_extract().

It appears that miniflow_extract() in emc_processing() spends a lot of
cycles waiting for the packet's data to be read.

Prefetching the next packet's data while parsing removes this delay.
For a single flow pipeline the throughput improves by ~10%. With a
more realistic pipeline the change has a much smaller effect (~0.5%
improvement)

Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ovs-ctl: let openvswitch startup to NOT hold up system boot upon error

Abort openvswitch startup script if ovsdb startup fails for
some reason. This helps in getting the system startup to NOT hang
indefinitely, as was seen in a recent report when ovsdb failed with
"I/O error: /etc/openvswitch/conf.db: failed to lock lockfile
(Resource temporarily unavailable)" and system remained in hung state
forever, unless manually rebooted from console.

Signed-off-by: Sabyasachi Sengupta <sabyasachi.sengupta@alcatel-lucent.com>
[blp@nicira.com changed an 'if' statement to '||']
Signed-off-by: Ben Pfaff <blp@nicira.com>

flow: Make assertions about offsets within struct flow easier to follow.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

Update location for Neutron plugin.

The git repository for the neutron plugin has been renamed to reflect
that it is now officially part of the OpenStack Neutron project. The
repo now lives in the "openstack" namespace.

Also remove the link to the todo file as those are now just tracked in
the networking-ovn bug tracker (launchpad bugs).

Signed-off-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

fedora.spec: Create openvswitch-ovn package.

This patch creates a new subpackage for OVN, openvswitch-ovn.  It also
installs systemd unit files for ovn-controller and ovn-northd.

If you want to run ovn-controller:

    # systemctl start ovn-controller

If you want to run ovn-northd:

    # systemctl start ovn-northd

Both systemd units are currently set to depend on openvswitch.  If
further ovsdb initialization is required for the OVN databases before
ovn-northd can start, that will be handled automatically by ovn-ctl
when you start the ovn-northd service.

This currently assumes that ovn-northd runs on the same host as
ovsdb-server that is hosting the OVN databases.  That seems like a
reasonable assumption in the current architecture and can be evolved
later when needed.

Signed-off-by: Russell Bryant <rbryant@redhat.com>
CC: Flavio Leitner <fbl@redhat.com>
CC: Ben Pfaff <blp@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovn: Add ovn-ctl to assist with OVN daemon lifecycle.

This patch introduces ovn-ctl, which is similar to ovs-ctl.  I opted
for a new script as everything in OVN so far is nicely isolated, so a
new script seemed to make the most sense.

If you'd like to run ovn-controller on a host already running ovs:

    # ovn-ctl start_controller

If you'd like to run ovn-northd:

    # ovn-ctl start_northd

Note that ovn-ctl assumes that ovn-northd is running on the same
server as ovsdb-server hosting the OVN databases.  Based on the
current architecture this seems like a completely reasonable
assumption.  This can be improved later when needed.

There's some additional stuff happening in start_northd to make the
experience nicer and not require additional steps by the
administrator.  It creates the OVN dbs if they don't exist.  If
ovsdb-server hasn't loaded them, it tells it to load them, as well.

ovn-ctl also supports running everything on the same host.  This would
be common in a test environment with a single host or small set of
hosts.  That would simply be:

    # ovs-ctl start --system-id=random
    # ovn-ctl start_northd
    # ovn-ctl start_controller

Signed-off-by: Russell Bryant <rbryant@redhat.com>
CC: Flavio Leitner <fbl@redhat.com>
CC: Ben Pfaff <blp@nicira.com>
[blp@nicira.com added configure.ac code to create ovn/utilities builddir]
Signed-off-by: Ben Pfaff <blp@nicira.com>

netdev-dpdk: add dpdk vhost-user ports

This patch adds support for a new port type to the userspace
datapath called dpdkvhostuser.

A new dpdkvhostuser port will create a unix domain socket which
when provided to QEMU is used to facilitate communication between
the virtio-net device on the VM and the OVS port on the host.

vhost-cuse ('dpdkvhost') ports are still available as 'dpdkvhostcuse'
ports and will be enabled if vhost-cuse support is detected in the
DPDK build specified during compilation of the switch. Otherwise,
vhost-user ports are enabled.

Signed-off-by: Ciara Loftus <ciara.loftus@intel.com>
Acked-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>

ovn-controller: Verify bridge ports before changing.

OVSDB is transactional but it does not have built-in protection from dirty
reads. To avoid those, it's necessary to manually add verification to
transactions to ensure that any data reads whose values were essential to
later writes have not changed. ovn-controller didn't do that for
the "ports" column in the Bridge table, which means that if the set of
ports changed when it didn't expect it, it could revert changes made by
other database clients.

In particular this showed up in a scale test, where ovn-controller would
delete "vif" ports added via ovs-vsctl.

(It's easy to see exactly what happened by looking in the database log
with "ovsdb-tool -mm show-log".)

Reported-by: Russell Bryant <rbryant@redhat.com>
Reported-at: http://openvswitch.org/pipermail/dev/2015-June/056326.html
Signed-off-by: Ben Pfaff <blp@nicira.com>

Merge "master" into "ovn".

This allows OVN to take advantage of the client scalability changes
that have been committed to ovsdb-server on master recently.

Conflicts:
Makefile.am
lib/learn.c

ofproto: Support port mods in bundles.

Add support for port mods in an OpenFlow 1.4 bundle, as required for
the minimum support level by the OpenFlow 1.4 specification. If the
bundle includes port mods, it may not specify the OFPBF_ATOMIC flag.
Port mods and flow mods in a bundle are always applied in order and
the consecutive flow mods between port mods are made available to
lookups atomically.

Note that ovs-ofctl does not support creating bundles with port mods.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ofproto: Postpone sending flow removed messages.

The final flow stats are available only after there are no references
to the rule. Postpone sending the flow removed message until the
final stats are available.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

classifier: Simplify versioning.

After all, there are some cases in which both the insertion version
and removal version of a rule need to be considered. This makes the
cls_match a bit bigger, but makes classifier versioning much simpler
to understand.

Also, avoid using type larger than int in an enum, as it is not
portable C.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ovs-rcu: Comment fixes.

A comment referred to a "Usage" section but the section was named "Use".
This fixes the problem (also a grammar error).

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>

rculist: Remove postponed poisoning.

Postponed 'next' member poisoning was based on the faulty assumption
that postponed functions would be called in the order they were
postponed. This assumption holds only for the functions postponed by
any single thread. When functions are postponed by different
threads, there are no guarantees of the order in which the functions
may be called, or timing between those calls after the next grace
period has passed.

Given this, the postponed poisoning could have executed after
postponed destruction of the object containing the rculist element.

This bug was revealed after the memory leaks on rule deletion were
recently fixed.

This patch removes the postponed 'next' member poisoning and adds
documentation describing the ordering limitations in OVS RCU.

Alex Wang dug out the root cause of the resulting crashes, thanks!

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>

vtep-ctl: Fix a bug.

add_port_to_cache() uses 'cache_name' as the shash node name for
shash_add(). So, the del_cached_port() must also pass 'cache_name'
as argument for shash_find_and_delete().

This bug does not cause any issue currently but should be fixed.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

ofproto: Revertible eviction.

Handling evictions was broken in the previous patches. Eviction took
place early in the commit, and actually inappropriately bumped the
version number too early. Now eviction is treated much like a flow
modification, where a new rule replaces the old one, but just without
any 'inheritance' from the evicted rule to the new rule. This makes
evictions to be executed only when commit is successful, as evictions
are reverted like any other changes when the commit fails.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ofproto: Accurate flow counts.

Classifier's rule count now contains temporary duplicates and rules
whose deletion has been deferred. Maintain a new 'n_flows' count in
struct oftable to as the count of rules in the latest version.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

Use classifier versioning.

Each rule is now added or deleted in a specific tables version.  Flow
tables are versioned with a monotonically increasing 64-bit integer,
where positive values are valid version numbers.

Rule modifications are implemented as an insertion of a new rule and a
deletion of the old rule, both taking place in the same tables
version.  Since concurrent lookups may use different versions, both
the old and new rule must be available for lookups at the same time.

The ofproto provider interface is changed to accomodate the above.  As
rule's actions need not be modified any more, we no longer need
'rule_premodify_actions', nor 'rule_modify_actions'.  'rule_insert'
now takes a pointer to the old rule and adds a flag that tells whether
the old stats should be forwarded to the new rule or not (this
replaces the 'reset_counters' flag of the now removed
'rule_modify_actions').

Versioning all flow table changes has the side effect of making
learned flows visible for future lookups only.  I.e., the upcall that
executes the learn action, will not see the newly learned action in
it's classifier lookups.  Only upcalls that start executing after the
new flow was added will match on it.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ofproto: Infra for table versioning.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

test-classifier: Test versioning features.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

classifier: Make traversing identical rules robust.

The traversal of the list of identical rules from the lookup threads
is fragile if the list head is removed during the list traversal.

This patch simplifies the implementation of that list by making the
list NULL terminated, singly linked RCU-protected list. By having the
NULL at the end there is no longer a possiblity of missing the point
when the list wraps around. This is significant when there can be
multiple elements with the same priority in the list.

This change also decreases the size of the struct cls_match back
pre-'visibility' attribute size.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

odp-util: Remove last use of odp_tun_key_from_attr for formatting.

We formerly converted tunnel attributes to their flow representation
before formatting but now perform all operations directly on the
netlink attributes.

There is one remaining use of odp_tun_key_from_attr() that is not
used for the purposes of generating a flow. This is to check the
mask but this no longer makes sense given the way that we format
the flow itself. In fact, the code is not actually invoked any
more, so we can simply remove it.

This retains the special case for tunnels as a safety measure but it
should not matter in practice.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ovsdb-idl: Document that the IDL always presents a consistent view.

We've had this question a couple of times so we might as well document it.

Requested-by: Saurabh Shrivastava (सौरभ श्रीवास्तव) <saurabh@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath-windows: Stateless TCP Tunnelling protocol - Initial implementation

This change include an initial implementable of STT.

The following should be added:
[1] Checksum offload (SW and HW)
[2] LSO (SW and HW)
[3] IP layer WFP callout for IP segments

Added support for multiple (per TCP port) STT ports

Testing: link layer connection through ping works. File transfer.

Signed-off-by: Eitan Eliahu <eliahue@vmware.com>
Co-authored-by: Saurabh Shah <ssaurabh@vmware.com>
Signed-off-by: Saurabh Shah <ssaurabh@vmware.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath-windows: Correctly complete the original NBL with multiple NBs

OvsCreateNewNBLsFromMultipleNBs function failed to correctly complete the
original NBL with multiple NBs after creating multiple NBLs with single
NB.

Signed-off-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Acked-by: Eitan Eliahu <eliahue@vmware.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

netdev-vport: Mark netdev_vport_get_dpif_port() as OVS_WARN_UNUSED_RESULT.

Ignoring the result of this function means that the caller is quite likely
blindly using the character array passed in, instead of the return value,
which leads to latent bugs.

This would have prevented one of the bugs fixed by commit "tunneling: Fix a
tunnel name display bug".

CC: Andy Zhou <azhou@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>