git.cascardo.eti.br Git - cascardo/ovs.git/log

vlog: Avoid calling worker_request() reentrantly.

The following call stack was possible:

    vlog
        -> worker_request()
            -> poll_block()
                -> vlog
                     -> worker_request()

which caused problems because worker_request() is not reentrant.  In a
little more detail, the second worker_request() shoves its RPC protocol
data into the middle of the first.  This means that, first, you get
some binary crud in the log (the header for the second RPC).  And,
second, text from the first RPC log message gets treated by the worker
as the subsequent RPC's header.  That, in turn, typically causes the
worker to try to xmalloc() a huge number of bytes (0x20000000 or more,
since "space" has ASCII value 0x20), which causes the worker to die
with "virtual memory exhausted".  The main process then dies because
the worker's death closes the socket it uses to communicate with it
("connection reset").

Bug #14616.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif-governor: Fix small memory leak.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ofp-util: Fix uninitialized bytes in OF1.0 and OF1.1 table stats replies.

Also, use ovs_strlcpy() instead of strcpy() just to be a teensy bit safer.

Found by valgrind.

Bug #14357.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

meta-flow: Fix uninitialized data parsing tnl_flags in mf_parse().

Also, add an assertion that the field is the expected size.

This bug was introduced in commit 2fdf762a006f (vswitchd: Log all tunnel
parameters of given flow.)

Found by valgrind.

Bug #14357.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

rconn: Avoid memory leak in rconn_send_with_limit() on queue overflow.

Bug #14357.
Reported-by: Luca Giraudo <lgiraudo@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

Make OVS_TUNNEL_ATTR_DST_IPV4 optional to allow configuration of null_ports.

Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com>
[jesse: correct return type of get_u32_or_zero()]
Signed-off-by: Jesse Gross <jesse@nicira.com>
Conflicts:

datapath/tunnel.c
include/openvswitch/tunnel.h
lib/netdev-vport.c

datapath: Initialize tunnel_key pad member.

When a packet is received on a tunnel the pad member is currently
left uninitialized.  This didn't previously cause problems because
userspace didn't interprete the IPV4_TUNNEL attribute and blindly
copied back the uninitialized data.  However, now that userspace
knows how to serialize this attribute it was zeroing it out, which
prevented flows that had been previously installed from being
deleted.  In addition to zeroing out the padding on packet reception,
it also does the same thing on flow setup since we should be ignoring
the value.

Reported-by: Anand Krishnamurthy <krishnamurt4@wisc.edu>
Reported-by: Saul St. John <sstjohn@cs.wisc.edu>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Conflicts:

datapath/flow.c

brcompat: Mark ovs-brcompat as deprecated.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
bug #14341

ovs-ctl: Exit, instead of resuming, after handling fatal signals.

When I wrote the "trap" calls in ovs-ctl, I had the mistaken notion that
"trap $cmd $signal" would execute $cmd and then exit when $signal was
caught. This is incorrect. Instead, it executes $cmd and then resumes
executing the shell script.

On the other hand, "trap $cmd 0" does by itself what I wanted: it causes
the shell to execute $cmd and then exits due to the signal. So this commit
changes the offending traps to use this form.

Bug #14290.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Kyle Mestery <kmestery@cisco.com>

datapath: linux2.7 s/pid/portid/g

the following up of 15e473046cb6e5d18a4d0057e61d76315230382b
This patch replaces pid with portid under datapath/linux/compat

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Jesse Gross <jesse@nicira.com>

datapath: support Linux 3.7

datapath: backport 15e473046cb6e5d18a4d0057e61d76315230382b

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
[jesse: fix kernel version in error message]
Signed-off-by: Jesse Gross <jesse@nicira.com>

meta-flow: Correctly byteswap skb_priority/skb_mark for mf_value.

Fixes the following sparse warnings:

meta-flow.c:947:21: warning: incorrect type in assignment (different base types)
meta-flow.c:947:21:    expected restricted __be32 [usertype] be32
meta-flow.c:947:21:    got unsigned int const [unsigned] [usertype] skb_priority
meta-flow.c:951:21: warning: incorrect type in assignment (different base types)
meta-flow.c:951:21:    expected restricted __be32 [usertype] be32
meta-flow.c:951:21:    got unsigned int const [unsigned] [usertype] skb_mark

Signed-off-by: Ben Pfaff <blp@nicira.com>

vswitchd: log skb_mark and skb_priority

This patch adds logging support for skb_mark and skb_priority.

Acked-by: Jesse Gross <jesse@nicira.com>
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Conflicts:

lib/ofp-util.c
tests/ofproto-dpif.at

meta-flow: Fix and simplify mf_get_mask().

This function can be implemented as a trivial wrapper around
mf_get_value(), which I hadn't noticed before, so it's better to do it
that way. Also, examining the code that is removed, it had some bugs in
it (for example, all MFF_TUN_* fields were treated as if they were
MFF_TUN_ID) which mf_get_value() does not have, so this fixes bugs too.

Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath: Zero out key when looking up null ports.

When we are searching for a tunnel port to receive traffic on,
everything should be zeroed out by the time that we get to null
ports since they are wildcarded. However, if certain other ports
also exist (primarily multicast ports with keys) then this might
not be the case and the key can be set.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Kyle Mestery <kmestery@cisco.com>

meta-flow: Don't allow negative port numbers.

If a negative number is supplied, the parsing code used to convert it
into a signed one.  We ran into an incident where a third-party script
was attempting to get the OpenFlow port number for an interface, but got
-1 from the database, since the number had not yet been assigned.  This
was converted to 65535, which maps to OFPP_NONE and all flows with
ingress port OFPP_NONE were modified.  This commit disallows negative
port numbers to help prevent broken integration scripts from disturbing
the flow table.

Issue #14036

Signed-off-by: Justin Pettit <jpettit@nicira.com>

ofp-util: Fix typo in invalid port range error message.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

daemon: Start monitor process, not daemon process, in new session.

To keep control+C and other signals in the initiating session from killing
the monitor process, we need to put the monitor process into its own
session. However, until this point, we've only done that for the daemon
processes that the monitor started, which means that control+C would kill
the monitor but not the daemons that it launched.

I don't know of a benefit to putting the monitor and daemon processes in
different sessions, as opposed to one new session for both of them, so
this change does the latter.

daemonize_post_detach() is called from one additional context where we'd
want to be in a new session, the worker_start() function, but that function
is documented as to be called after daemonize_start(), in which case we
will (after this commit) already have called setsid(), so no additional
change is required there.

Bug #14280.
Reported-by: Gordon Good <ggood@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovs-ctl: Don't run "ovs-save save-flows" on fake bridges.

Previously, ovs-ctl would determine which bridges to run "ovs-save
save-flows" on by running "ovs-vsctl list-br".  In addition to real
bridges, that command also returns fake bridges.  An error is returned
when "ovs-save save-flows" is run on a fake bridge.  By using the newly
added "--real" flag to "ovs-vsctl list-br", we can get rid of that
unnecessary warning.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

ovs-vsctl: Add "--real" and "--fake" options to "list-br".

By default, "ovs-vsctl list-br" returns all bridges, real or fake. This
commit adds "--real" and "--fake" options that limit the output to only
bridges of that type. This will be useful in a future commit that needs
to perform actions only on bridges of a particular type.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

bond: Fix segfault sending learning packets with LACP disabled.

It is essentially an invalid configuration to disable LACP but request TCP
balancing: in this configuration, the bond drops all packets. But
may_send_learning_packets() would still indicate that learning packets
should be sent, so bond_compose_learning_packet() would try to choose an
output slave for those packets, which would be NULL (because all packets
are dropped), which would cause a segfault upon dereference.

This commit fixes the problem by making may_send_learning_packets() no
longer indicate that learning packets should be sent.

I tested this issue by modifying bond_should_send_learning_packets() to
always return true if may_send_learning_packets() returns true, and then
introducing the invalid configuration described above. Without this comit,
ovs-vswitchd segfaults quickly; with this commit, it does not.

Bug #14090.
Reported-by: Kiran Shanbhog <kiran@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath: Use RCU callback when detaching netdevices.

Currently, each time a device is detached from an OVS datapath
we call synchronize RCU before freeing associated data structures.
However, if a bridge is deleted (which detaches all ports) when
many devices are connected then there can be a long delay. This
switches to use call_rcu() to group the cost together.

Reported-by: Justin Pettit <jpettit@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

flow: use rule priority in match_format() function

The flow_format() function was incorrectly passing skb_priority
to the match_format() function. match_format() function instead
expects rule priority.

This issue was introduced with aa6c9932f2937fa9a2140ec1737668eb9105b0b5
(Change logging format for flows to that accepted by ofproto/trace).

Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Conflicts:

tests/ofp-print.at
tests/ofproto-dpif.at
tests/ofproto.at

python/ovs/stream: Fix Stream.connect() retval for incomplete connection.

If the loop condition in Stream.connect() was false, which is especially
likely for TCP connections, then Stream.connect() would return None,
which violates its documented behavior. This commit fixes the problem.

Reported-by: Isaku Yamahata <yamahata@valinux.co.jp>
Tested-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>

vswitchd: Log all tunnel parameters of given flow.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>

datapath: add skb mark matching and set action

This patch adds support for skb mark matching and set action.

Acked-by: Jesse Gross <jesse@nicira.com>
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Conflicts:

datapath/flow.c
lib/dpif-netdev.c
lib/flow.h
lib/odp-util.c
ofproto/ofproto-dpif.c

ovs-appctl: fix help message for ofproto/trace command

The usage message for this command was wrong, because it did not
specify priority as one of its arguments.

Signed-off-by: Ansis Atteka <aatteka@nicira.com>

ovs-ctl.in: increase the limit of fd

We can't create more than 248 bridges with the current limit 5000,
so increase it to 6000 so that at least 256+ bridges could be created.

Cc: Ben Pfaff <blp@nicira.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

odp-utils: Print human readable ipv4-tunnel-key flags.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>

odp-utils: Refactor slow_path_reason parse and format functions.

These functions are used in next patch.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>

vswitchd: Fix function prototype of packet_set_ipv6()

Follwoing patch fixes sparse error:
lib/packets.c:643:1: error: symbol 'packet_set_ipv6' redeclared
with different type (originally declared at lib/packets.h:493)
- incompatible argument 6 (different base types)

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>

datapath: add ipv6 'set' action

This patch adds ipv6 set action functionality. It allows to change
traffic class, flow label, hop-limit, ipv6 source and destination
address fields.

Acked-by: Jesse Gross <jesse@nicira.com>
Signed-off-by: Ansis Atteka <aatteka@nicira.com>

sparse: Add ip6_rthdr struct to the ip6.h

Acked-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Ansis Atteka <aatteka@nicira.com>

ofp-msgs: Accept all versions of OpenFlow "hello" messages.

Since the ofp-msgs code was introduced, only "hello" messages for versions
of OpenFlow actually understood (to some extent) by Open vSwitch could be
decoded correctly. This commit corrects that, by making every version of
OpenFlow immutable messages acceptable.

Signed-off-by: Ben Pfaff <blp@nicira.com>

tunnel: Zero keys if marked as not present.

If a key used to find a port then we mark it as being not present
(previously this was accomplished by setting it to zero). However,
we also still pass the key to userspace which could lead to an
inconsistent state. This also zeros out the key as before in order
to make our reported results consistent.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Kyle Mestery <kmestery@cisco.com>

datapath: Allow GRE64 to use flow based tunneling.

There's no reason why GRE64 can't be configured using flow based
tunneling. Since that's the direction we are moving, everything
should support that. Once this special casing is removed, it's
possible to unify the tunnel parameter parsing code since both
GRE and CAPWAP are the same.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Kyle Mestery <kmestery@cisco.com>

datapath: Shorten flow tunneling flags.

The names for the flags used by flow based tunneling are pretty long.
This shortens them a little by removing the word FLOW, which is a
distinction that won't be meaningful in the near future.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Kyle Mestery <kmestery@cisco.com>

datapath: Don't allow flows installed with only TUN_ID.

Tunnel ports now always include full outer IP information, even if
userspace can't understand it. Since our flows our exact match this
information must also be provided when setting up flows. Since flows
with only OVS_KEY_ATTR_TUN_ID keys don't contain all of this information
they can never be hit and we should just reject them at setup time.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Kyle Mestery <kmestery@cisco.com>

datapath: Don't write into IPV4_TUNNEL data when using TUN_ID.

When the IPV4_TUNNEL action is executed, a pointer in the skb is
directly assigned the address of the action, which is protected by
RCU. If a TUN_ID action is later executed it will write into the
action, which is not allowed by RCU. This avoids the problem by
making a copy of the data and writing into the copy.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Kyle Mestery <kmestery@cisco.com>

datapath: Include OVS_KEY_ATTR_IPV4_TUNNEL in upstream range.

During development it was preferable to keep OVS_KEY_ATTR_IPV4_TUNNEL
in the non-upstream range of identifiers to avoid conflicts or
compatibility issues as it evolved. However, since the intention is
to get it upstream, it makes sense to move it down now to avoid issues
with compatibility when upgrading.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Kyle Mestery <kmestery@cisco.com>

socket-util: Report fd of -1 on error in inet_open_active().

inet_open_active() is documented to report a fd of -1 when an error occurs.
All three of its callers rely on this, by checking only the fd to determine
whether there was an error. This means that if the call to
set_nonblocking() or set_dscp() or connect() failed, then the callers would
try to use a fd that had already been closed, wreaking havoc.

This fixes a bug introduced in commit a4efa3fc5d (socket-util: Close socket
on failed dscp modification.)

Bug #13750.
Reported-by: Scott Hendricks <shendricks@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

netdev-vport: Fix warning due to new GRE type.

This patch fixes the following warning caused by a switch case
which was not handled.

lib/netdev-vport.c:144:5: error: enumeration value
‘OVS_VPORT_TYPE_FT_GRE’ not handled in switch

Signed-off-by: Ethan Jackson <ethan@nicira.com>

datapath: Add missing bug.h file

Commit 51f4701be1 (datapath: Fix sparse warning for symbol
'BUILD_BUG_ON_NOT_POWER_OF_2') missed file bug.h. Commiting it now.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>

datapath: improve ipv6_find_hdr() function for IPv6 'set' action

This patch prepares ipv6_find_hdr() function so that it could be
able to skip routing headers, where segements_left is 0. This is
required for us to handle multiple routing header case correctly.

Signed-off-by: Ansis Atteka <aatteka@nicira.com>

datapath: Add ipv6_find_hdr() compatibility function.

Implementation of the IPv6 'set' action depends on ipv6_find_exthdr()
function to find routing header. By looking at the routing headers,
it is possible to tell, whether L4 checksums will need to be
recalculated, whenever the destination address is changed in
the main IPv6 header.

This function will need to be customized so that it would skip all
routing headers, where segements_left is equal to 0.

Signed-off-by: Ansis Atteka <aatteka@nicira.com>

datapath: Remove flow refcount functionality.

Header caching previously required the ability to maintain the lifetime
of flows across RCU boundaries. However, now that header caching is
gone we can simplfy the code and make it match the upstream version.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

datapath: Add support for 3.6 kernel.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

datapath: Remove tunnel header caching.

Tunnel caching was added to reduce CPU utilization on TX path
by caching packet header, So performance gain is directly proportional
to number of skbs transferred.  But with help of offloads skb are getting
larger. So there are less number of skbs.  Therefore header caching does
not shows similar gains we seen in past.  And now kernel 3.6 has removed
dst caching from networking which makes header caching even more tricky.
So this commit removes header caching from OVS tunnelling.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

datapath: Fix sparse warning for symbol 'BUILD_BUG_ON_NOT_POWER_OF_2'

BUILD_BUG_ON_NOT_POWER_OF_2 symbol is moved from kernel.h to
bug.h in 3.4. Therefore sparse is giving warning:

include/linux/bug.h:15:9: warning: preprocessor token
BUILD_BUG_ON_NOT_POWER_OF_2 redefined
ovs/datapath/linux/compat/include/linux/kernel.h:44:9:
this was the original definition

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

netdev: Deprecate CAPWAP support.

The CAPWAP implementation is just the encapsulation format and
therefore really not the full protocol.  While there were some
uses of it (primarily hardware support and UDP transport).  But
these are most likely better provided by VXLAN.  As a result,
CAPWAP will be removed no earlier than February 2013.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>

datapath: enable encap for capwap.

kernel 3.5 added a switch to turn on UDP encap, capwap needs
to enable it.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

datapath: Add Upstream id for GRE type.

Once GRE is upstream it will have new type to have continuous sequence
of ids for vport type. Following patch adds this ID to have
compatibility with it.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

Process RARP packets with ethertype 0x8035 similar to ARP packets.

With this commit, OVS will match the data in the RARP packets having
ethertype 0x8035, in the same way as the data in the ARP packets.

Signed-off-by: Mehak Mahajan <mmahajan@nicira.com>

odp: Enable parsing ipv4_tunnel key.

We can format ipv4_tunnel keys from the kernel but can't currently
parse them. Userspace doesn't know how to do anything with this
information but this support enables utilities like ovs-dpctl and
ovs-appctl ofproto/trace to show useful information.

Bug #13785

Signed-off-by: Jesse Gross <jesse@nicira.com>

Makefile: Allow "make modules_install" to work from top-level directory.

INSTALL recommends running "make modules_install" but it didn't mention
that this has to be done from datapath/linux. This commit makes this work
from the top-level build directory.

(Another solution would be to update INSTALL, but this approach seems a
little easier for the user.)

Signed-off-by: Ben Pfaff <blp@nicira.com>

netdev-vport: Warn users that pmtud is deprecated

This is a complementary patch to the other one I sent out previously.
The purpose of it is to make it more obvious that tunnel pmtud is
deprecated and will be removed soon.

Requested-by: Jesse Gross <jesse@nicira.com>
Signed-off-by: Ansis Atteka <aatteka@nicira.com>

netdev-vport: Disable Path MTU Discovery by default

In near future we will switch to the flow-based tunneling and drop path
MTU discovery support. This patch prepares for that by changing the default
PMTUD value from 'enabled' to 'disabled'.

Signed-off-by: Ansis Atteka <aatteka@nicira.com>

Prepare for 1.9.0.

Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath: Fix zero key tunnels.

Datapath tunneling check for flag OVS_FLOW_TNL_F_KEY is failing,
causing it to drop packet. This only happens on tunnels with
zero key as vswitchd does not generate set-tunnel action. Set
tunnel action sets this flags for given action. To fix this issue
the check is dropped.

Bug #13666

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Kyle Mestery <kmestery@cisco.com>
Acked-by: Jesse Gross <jesse@nicira.com>

Allow processing of RARP packets.

With this commit, the datapath will process the ARP header for
RARP packets. It also fixes a bug whereby if the ARP opcode is
something other than ARP request or reply, the key_len is not
adjusted to include ARP info.

Signed-off-by: Mehak Mahajan <mmahajan@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

ovs-ctl.in: Ability to save flows and kernel datapath config.

Add a new command - "restart" to ovs-ctl. Calling this command
will save and restore the Openflow flows on each bridge while
stopping and starting the userspace daemons respectively.

Also, during a force-reload-kmod, save the flows and kernel datapath
configuration. Use the saved datapath configuration while readding
the kernel module and the flows while starting the userspace daemons.

Feature #13555.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

Update INSTALL.Fedora to mention Fedora 17 instead of Fedora 15

Reflect the fact Fedora RPM support was recently implemented
on Fedora 17 instead of Fedora 15.

Signed-off-by: Kyle Mestery <kmestery@cisco.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

lib: Accomodate FreeBSD return value for ssl connection.

On FreeBSD I see ECONNRESET being returned from check_connection_completion
in ssl_connect. This happens before entering the SSL states, which return
EPROTO on failure.

Signed-off-by: Ed Maste <emaste@adaranet.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ARP packets must have print arp_tpa/arp_spa instead of nw_dst/nw_src.

With a previous commit 953cc1888321346e6c4175fbc0a3f66d34913ea3, the
ovs logs were re-formatted such that they can be input into the
ofproto/trace. For ARP packets, ofproto/trace expects arp_tpa/arp_spa
instead of nw_dst/nw_src.

Signed-off-by: Mehak Mahajan <mmahajan@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

Do not print ICMP fields for non IP packets.

The packet's nw_proto field overlaps with the ARP opcode field.  The
nw_proto for ICMP packets is 1.  Hence when the packet is an ARP
request (opcode 1), we erroneously print the ICMP code and ICMP type
for ARP frames as well.  With this commit, the ICMP code and ICMP
type will be printed only if the packet is an IP packet and the
nw_proto is ICMP.

Signed-off-by: Mehak Mahajan <mmahajan@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

Change logging format for flows to that accepted by ofproto/trace.

flow_format() logs packets contents.  However, the format used is not
the format accepted by ofproto/trace.  Hence it becomes difficult to
trace the packets using the debugs printed.  With this commit, the
logging of the packet contents is done in a format that is accepted
by ofproto/trace.  This will make debugging easier.

Signed-off-by: Mehak Mahajan <mmahajan@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ovs-pki: Unique subject DNs for certificate requests.

Some applications expect subject DNs to be unique.

Bug #13609.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

timeval: Simplify poll interval logging.

log_poll_interval() is a little bit too aggressive, and is
therefore less useful than it could be. This patch removes the
mean interval calculation, and simply logs if the poll loop took
longer than 1 second instead.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

ovs-vsctl: Do not accept any arguments to "del-manager" command.

It doesn't use them and never has.

Found when I accidentally typed this command with some arguments and it
worked, surprising me.

Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath: Tunnel port without destination IP.

Following patch allow port create without any parameters. This is
required for compatibility with future flow based tunneling
where each type would have single vport with all parameter
wild carded. So that all packet for all ports are received on
the port and same port is used for sending all traffic for
that tunnel type.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Kyle Mestery <kmestery@cisco.com>
Acked-by: Ben Pfaff <blp@nicira.com>

datapath: Optimize flow key match for non tunnel flows.

Following patch adds start offset for sw_flow-key, so that we can
skip tunneling information in key for non-tunnel flows.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Kyle Mestery <kmestery@cisco.com>
Acked-by: Ben Pfaff <blp@nicira.com>

datapath: Add support for tun_key to Open vSwitch datapath

This is a first pass at providing a tun_key which can be
used as the basis for flow-based tunnelling. The
tun_key includes and replaces the tun_id in both struct
ovs_skb_cb and struct sw_tun_key.

This patch allows all existing tun_id behaviour to still work. Existing
users of tun_id are redirected to tun_key->tun_id to retain compatibility.
However, when the userspace code is updated to make use of the new
tun_key, the old behaviour will be deprecated and removed.

NOTE: With these changes, the tunneling code no longer assumes input and
output keys are symmetric. If they are not, PMTUD needs to be disabled
for tunneling to work.

Signed-off-by: Kyle Mestery <kmestery@cisco.com>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Reviewed-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ovs-ctl: Fix implementation of --extra-dbs.

Commit b4e8d1705 (ovsdb-server: Add support for multiple databases.)
added the --extra-dbs option to ovs-ctl but failed to add a specific
database name to the SSL options passed to ovsdb-server. This meant
that ovsdb-server would fail to start if --extra-dbs were actually
used, because it didn't know which database to look in for the SSL
settings.

Signed-off-by: Henry Mai <hmai@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofp-actions: Implement writing to metadata field

In OpenFlow 1.1, we add support for OFPIT_WRITE_METADATA. This allows us to
write to the metadata field. Internally it is represented using ofpact_metadata.

We introduce NXAST_WRITE_METADATA to handle writing to the metadata field in
OpenFlow 1.0+. This structure reflects OFPIT_WRITE_METADATA.

When writing out the structure to OpenFlow 1.1, it uses the OFPIT_WRITE_METADATA
instruction only, and not the new NXAST action (which would be redundant).

Signed-off-by: Joe Stringer <joe@wand.net.nz>
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofp-actions: Prefer OFPAT11_DEC_TTL to NXAST_DEC_TTL for OpenFlow 1.1+.

When "dec_ttl" is specified as the name of an action, in OpenFlow 1.1 and
later we should prefer to use the standardized action, rather than the
Nicira extension.

Reported-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Reviewed-by: Isaku Yamahata <yamahata@valinux.co.jp>

ofp-parse: Remove unreachable code.

OFPUTIL_OFPAT11_DEC_NW_TTL does not have a name in the table of actions'
names, so this code in parse_named_action() can never be reached.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Reviewed-by: Isaku Yamahata <yamahata@valinux.co.jp>

nicira-ext: Clarify behavior of overlapping src and dst for NXAST_REG_MOVE.

Reported-by: Pankaj Thakkar <thakkar@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofpaction: support OF11 pop_vlan

This patch adds support of OF11+ pop_vlan.

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
[blp@nicira.com added a test]
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofp-util: Again allow OpenFlow port 0 in commands and actions.

Commit c6100d92142b (ovs-ofctl: Accept port keywords, OF1.1 port numbers,
reject port number 0.) intentionally prohibited using port 0, which is not
a valid OpenFlow port number, in OpenFlow commands and actions.  However,
since then we have discovered that the NVP controller uses port 0 in
"resubmit" actions and hence in flow matches as well.  This seems like a
valid enough use case; after all, the port number in a resubmit action is
really just an arbitrary number that need not (and preferably does not)
refer to an actual OpenFlow port.  Therefore, this commit restores the
ability to use port 0.

(Only functions that parse OpenFlow commands and actions from strings, not
those that interpret binary OpenFlow coming in on OpenFlow connections,
were affected by this prohibition, so this only comes up in corner cases
anyhow.)

Reported-by: Gurucharan Shetty <gshetty@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofp-util: Separate output, error reporting in ofputil_port_from_string().

When I wrote this function I didn't think that port 0 was important (it's
not a valid OpenFlow port number) so I used a return value of 0 to indicate
an error. However, my assumption turns out to be wrong, so this commit
changes the interface to use the return value only for error reporting
and store the parsed port number into a pointer passed in as a parameter.

This commit doesn't change the behavior of ofputil_port_from_string().

Signed-off-by: Ben Pfaff <blp@nicira.com>

lib: support OF11 dec_nw_ttl

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
[blp@nicira.com changed code to use "dec_ttl" instead of "dec_nw_ttl"]
Signed-off-by: Ben Pfaff <blp@nicira.com>

utilities: New helper ovs-parse-backtrace.

The new ovs-parse-backtrace utility makes the output of ovs-appctl
backtrace more human readable by removing duplicate traces and
converting addresses to function names.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

timeval: Optionally enable cached timing at configure time.

Often when developing, it would be convenient to force OVS to
either enable or disable cached timing so that a feature can be
tested under both strategies.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

m4: Remove trailing whitespace.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

stream.py: un-decorator Stream.register_method

c38f8724aeb994fd840fa4283a07e38c3c114d68 made stream.py not use class
decorator. So Stream.register need not to be decorator any more.
So simplify it.

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>

stream.py: Don't use class decorators.

Commit 8cc820 (python/ovs/stream: teach stream.py tcp socket) made a
change that used class decorators.  Unfortunately, they were not
introduced until Python 2.6.  XenServer uses Python 2.4, so the change
caused some Python-based daemons not to start.  This commit uses an
alternate syntax suggested by Reid Price.

Bug #13580

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Signed-off-by: Reid Price <reid@nicira.com>

ofp-actions: Remove unused variable.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

timeval: Block SIGALRM when sleeping.

Commit 00a16895 (timeval: Don't require signals for time_alarm().)
Incorrectly disabled signals when when CACHE_TIME was disabled.  In
fact, the reverse was correct.  As a result of this bug, OVS would
wake once every 100ms unnecessarily.  It shouldn't have affected
correctness otherwise.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

instruction/clear-actions: string parser/formater, of packet decoder/encoder

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>

instruction: support goto-table action

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>

python/ovs/socket_util: don't use Exception, but ValueError

67656b9ff297f305b3bfcca2868e8e870e108283
used Exception, but it should be more specific error.
Use ValueError instread of Exception.

Suggested-by: Reid Price <reid@nicira.com>
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovs-pki: Increase the validity days for self-signed certificates.

For self-signed certificates, increase validity from the default
30 days to 6 years.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

python/ovs/stream: teach stream.py tcp socket

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>

python/ovs/socket_util: add tcp related helper functions which will be used by tcp

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>

timeval: Add new "backtrace" appctl command.

Often, it can be quite difficult to debug performance issues in
Open vSwitch.  Typically one needs to run something like gprof, but
that requires rebuilding and installing on the affected system
which is often problematic.  This patch adds a light weight
profiling solution which can be used in these situations.  The
ovs-appctl backtrace command prints out backtraces taken at 100
millisecond intervals over a 5 second period of time.  It is
currently only supported on systems which have the execinfo library
and enable time caching.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

cfm: Scope CFM packets to key zero.

Before this patch, when a tunnel is configured with key=flow, CFM
didn't verify that incoming packets had the appropriate key of
zero. This could cause the CFM module to consume packets which
weren't actually intended for it.

Bug #13542.
Signed-off-by: Ethan Jackson <ethan@nicira.com>

ofp-errors: Merge OF1.0 "all tables full" with OF1.1+ "table full".

These codes represent essentially the same condition and only one of them
exists in any given version of OpenFlow, so merge them together into a
single OFPERR_* code.

Reported-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto: Fix typo in macro name.

I like the sound of "evicton" but it isn't a real word.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ofproto: Do not add flow on flow mod if new_cookie is UINT64_MAX

Internally a new_cookie value UINT64_MAX is used for
an OpenFlow 1.2 flow mod whose command is not Add.
Open Flow 1.2 does not permit adding flows for such commands.
Also, UINT64_MAX is a prohibited cookie value, and the
existing code created a flow with that value as for the cookie.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofp-print: Do not display flow mod cookie if it is UINT64_MAX

Internally UINT64_MAX is used to denote that the cookie
should not be changed, so it seems appropriate
to omit this value when pretty printing flow mods.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>