git.cascardo.eti.br Git - cascardo/ovs.git/log

datapath-windows: Suppress flow attribute probe.

This patch surpresses flow attribute probing in the windows datapath.

Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

tests: Avoid nonportable "sed -i".

"sed -i" isn't entirely portable, and we can avoid it by using the
argument to check_logs as intended.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>

datapath-windows: Enable failure after restarting extension

If the extension was previously enabled and running, after issuing a
restart, stop+start, the extension fails to be enabled. This happens
because the extension's DeviceObject is not yet initialized before the
FilterAttach routine is called.

This patch addresses this issue.

Signed-off-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-at: https://github.com/openvswitch/ovs-issues/issues/96
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath: check for el6 kernels for per_cpu

The OVS hook has been backported so it doesn't work to
decide per_cpu work arounds.

Signed-off-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

datapath: check for backported ip_is_fragment

Red Hat Enterprise Linux 6 has backported it from upstream,
so check for ip_is_fragment instead of kernel version.

Signed-off-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

datapath: check for backported proto_ports_offset

Red Hat Enterprise Linux 6 has backported it from upstream,
so check for proto_ports_offset instead of kernel version.

Signed-off-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

datapath: improve l4_rxhash regex

Red Hat Enterprise Linux 6 has a comment saying
that it doesn't support l4_rxhash which matches
the current grep regex.

Signed-off-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

AUTHORS: Add Sairam Venugopal

Signed-off-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

Update my email address.

Signed-off-by: Alex Wang <ee07b291@gmail.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

flow: Workaround for GCC false-positive compilation error.

Without an explicit bounds check GCC 4.9 issues an array out of bounds
error. This patch adds explicit checks which will however be
optimized away as the relevant parameters are compile-time constants.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

meta-flow: Initialize the whole exact_match_mask.

Initialize the whole 'exact_match_mask' in global scope and use it in
mf_mask_field_and_prereqs() and mf_mask_field().

Requested-by: Jesse Gross <jesse@nicira.com>
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ovs-ctl: Fix indentation when deleting bridges.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Acked-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

expr: Add and clarify a few comments and assertions.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

sset: New function sset_intersect().

This will acquire its first user in an upcoming commit.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>

datapath-windows: Fix iterator in NlAttrParse()

Signed-off-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

meta-flow: Minor refactoring.

Change mf_mask_field_and_prereqs() to take a struct flow_wildcards
pointer instead of a struct flow pointer so that we can use
WC_MASK_FIELD() and WC_MASK_FIELD_MASK() macros to wildcard fields.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

meta-flow: Avoid unnecessary large memset.

mf_mask_field_and_prereqs() used to memset a static variable again and
again. Now that mf_value is larger (due to tun_metadata field), this
is more expensive. Avoid this by using static initialization.

mf_mask_field_and_prereqs() is used only for set field and reg move,
which never deal with the tun_metadata field as a whole.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif-rid: Make lookups cheaper.

This patch removes a large-ish copy from the recirculation context
lookup, which is performed for each recirculated upcall and
revalidation of a recirculating flow.

Tunnel metadata has grown large since the addition of Geneve options,
and copying that metadata for performing a lookup is not necessary.
Change recirc_metadata to use a pointer to struct flow_tnl, and only
copy the tunnel metadata when needed, and only copy as little of it as
possible.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

classifier: Retire partitions.

Classifier partitions allowed skipping subtables when if was known
from the flow's metadata field that the subtable cannot possibly
match. This functionality was later implemented in a more general
fashion by staged lookup, where the first stage also covers the
metadata field, among the rest of the non-packet fields in the struct
flow. While in theory skipping a subtable on the basis of the
metadata field alone could produce more effective wildcards, on the
basis of our testsuite coverage it does not seem to be the case, as
removing the partitioning feature did not result in any test failures.

Removing the partitioning feature makes classifier lookups roughly 20%
faster when a wildcard mask is not needed, and roughly 10% faster when
a wildcard mask is needed, as tested with the test-classifier
benchmark with one lookup thread.

Found by profiling with 'perf'.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

flow: Add struct flowmap.

Struct miniflow is now sometimes used just as a map.  Define a new
struct flowmap for that purpose.  The flowmap is defined as an array of
maps, and it is automatically sized according to the size of struct
flow, so it will be easier to maintain in the future.

It would have been tempting to use the existing struct bitmap for this
purpose. The main reason this is not feasible at the moment is that
some flowmap algorithms are simpler when it can be assumed that no
struct flow member requires more bits than can fit to a single map
unit. The tunnel member already requires more than 32 bits, so the map
unit needs to be 64 bits wide.

Performance critical algorithms enumerate the flowmap array units
explicitly, as it is easier for the compiler to optimize, compared to
the normal iterator.  Without this optimization a classifier lookup
without wildcard masks would be about 25% slower.

With this more general (and maintainable) algorithm the classifier
lookups are about 5% slower, when the struct flow actually becomes big
enough to require a second map.  This negates the performance gained
in the "Pre-compute stage masks" patch earlier in the series.

Requested-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

classifier: Pre-compute stage masks.

This makes stage mask computation happen only when a subtable is
inserted and allows simplification of the main lookup function.

Classifier benchmark shows that this speeds up the classification
(with wildcards) about 5%.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

nroff: Allow comments in more contexts.

Reported-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

coverage: Add coverage_try_clear() for performance-critical threads.

For performance-critical threads like pmd threads, we currently make them
never call coverage_clear() to avoid contention over the global mutex
'coverage_mutex'.  So, even though pmd thread still keeps updating their
thread-local coverage count, the count is never attributed to the global
total.  But it is useful to have them available.

This commit makes this happen by implementing a non-contending version
of the clear function, coverage_try_clear().  The function will use
the ovs_mutex_trylock() and return immediately if the mutex cannot
be acquired.  Since threads like pmd thread are always busy-looping,
the lock will eventually be acquired.

Requested-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ilya Maximets <i.maximets@samsung.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com

ovs-pki: Handle Windows style path.

Reported-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ovn-controller: Minor tweaks to man page.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

ovn-northd: Add man page describing daemon.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

ovn-controller: Document supported ovs-appctl commands.

Currently only "exit" is supported, but more will be added shortly.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

ovn-controller: Update man page comment on mid-run changes.

It's no longer necessary to restart ovn-controller when the chassis name
or integration bridge changes.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

ofp-parse: Add "ipv4" and "ip4" shorthand notations.

This will allow ovs-ofctl to accept them on input and provides some
symmetry with the IPv6 versions. Documentation was not added, since
output will always be "ip".

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

ovs-ofctl: Document missing shorthand notations.

Some new shorthands were added to ovs-ofctl, but not documented in the
man page. This adds most of them. A couple were left out that would
print differently than they would be input. For example, we accept
"ip6" and "ipv6", but we would output it as "ipv6", so "ip6" is not
documented.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

ovn: Fix example in comment in expr.c.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

datapath: Make 100 percents packets sampled when sampling rate is 1.

When sampling rate is 1, the sampling probability is UINT32_MAX. The packet
should be sampled even the prandom32() generate the number of UINT32_MAX.
And none packet need be sampled when the probability is 0.

Signed-off-by: Wenyu Zhang <wenyuz@vmware.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream: e05176a3283 ("openvswitch: Make 100 percents packets
sampled when sampling rate is 1.")

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>

ofp-print: Fix redundant expression.

'features' is always a valid pointer to something on the stack, so
checking (!features || ...) is the same as checking (false || ...).
Simplify the expression.

Found by MIT STACK undefined behaviour checker.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

Set release dates for 2.4.0.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

docs: Fix typo in README-native-tunneling.md

Signed-off-by: Wei li <liw@dtdream.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovn-controller-vtep.at: Remove all 'Broken pipe' warning logs from
ovsdb-server.log.

This commit makes the OVN_CONTROLLER_VTEP_STOP remove all 'Broken pipe'
warning logs from ovsdb-server.log before running 'check_log'.  This is in
that *ctl command (e.g. ovn-nbctl) exits right after committing the change
to database;  however, in reaction, some daemon (e.g. ovn-controller-vtep)
may immediately update the database;  this later update may cause database
sending update back to *ctl command if *ctl has not proceeded to exit yet;
and if *ctl command exits before database calling send, the send will fail
with 'Broken pipe' error.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

ofp-util: For OF1.0, don't wildcard PCP field when 802.1Q header absent.

OpenFlow 1.0.1 says:

    The dl_vlan_pcp field must be ignored when the OFPFW_DL_VLAN wildcard
    bit is set or when the dl_vlan value is set to OFP_VLAN_NONE.  Fields
    that are ignored don’t need to be wildcarded and should be set to 0.

Previously, OVS wildcarded the PCP field when dl_vlan was OFP_VLAN_NONE,
but this commit changes the behavior to that suggested above: the PCP
field should not be wildcarded (and should be set to 0, but the code
already did that).

This commit only changes the translation from OVS's internal flow format
to the OpenFlow 1.0 wire format.  Translation in the other direction and
to other formats is unaffected.

Found by OFTest.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ovn: Add bootstrap options for OVN controllers.

This lets the central controller to push
its certificate to the OVN controllers.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ovsdb-server: Add the ability to push peer-cert.

In OVN, ovsdb-server is the daemon that manages the databases
and can be called as the central controller. So it would be
nice for ovsdb-server to be able to push its self-signed
certificate to all the other nodes where ovn-controller runs.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ovs-sandbox: Add support for ovn-controller-vtep.

When ovs-sandbox is run with ovn enabled, create the vtep database and
run ovn-controller-vtep.  This lets you do some basic testing with
ovn-controller-vtep.  For example:

    $ make sandbox SANDBOXFLAGS="--ovn"
    $ vtep-ctl add-ps ps0

After those commands, you can see that ovn-controller-vtep added a
Chassis row to OVN_Southbound for the physical switch.

Signed-off-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovs-vsctl: Add the missing ssl bootstrapping option parsing.

'man ovs-vsctl' mentions that ovs-vsctl can bootstrap itself
by getting the certificate from the server. But the option
was never parsed in the code.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

tun-metadata: Always set option present when copying data.

Whenever we write into a tunnel option field, we also need to mark
it as significant. If we don't, then the data will later be ignored.

We currently do this in every case except for flow metadata. This causes
us to not correctly serialize the tunnel metadata for Packet Ins to the
controller.

Rather than separately writing the data and marking the options as present,
it is better to combine the two steps to ensure that one can never be
done without the other.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

hmap: Ensure iterator is NULL after iteration.

The HMAP_FOR_EACH_()* macros had a usability issue where the iterator
was only NULL at the completion of iteration if the hmap_node was the
first struct member. This change ensures that the iterator is set to
NULL when iteration ends normally without a 'break'.

Signed-off-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

test-classifier: Add benchmark.

Add a benchmark command for classifier lookup performance testing.

Running the test-classifier without arguments of with "--help" will
print the following usage:

usage: ovstest test-classifier benchmark <n_rules> <n_priorities> <n_subtables> <n_threads> <n_lookups>

where:

<n_rules>      - The number of rules to install for lookups.  More rules
                 makes misses less likely.
<n_priorities> - How many different priorities to use.  Using only 1
                 priority will force lookups to continue through all
                 subtables.
<n_subtables>  - Number of subtables to use.  Normally a classifier has
                 rules with different kinds of masks, resulting in
                 multiple subtables (one per mask).  However, in some
                 special cases a table may consist of only one kind of
                 rules, so there will be only one subtable.
<n_threads>    - How many lookup threads to use.  Using one thread should
                 give less variance accross runs, but classifier
                 scaling can be tested with multiple threads.
<n_lookups>    - How many lookups each thread should perform.

For testing the classifier is filled with <n_rules> rules using
<n_subtables> different mask patterns and <n_priorities> different
priorities.  A random set of lookup flows are created, and <n_threads>
lookup threads are spawned to perform <n_lookups> lookups each.  The
count of hits and misses, as well as the overall execution time is
reported.

Example run:

$ tests/ovstest test-classifier benchmark 1000 1 30 1 3800000

Benchmarking with:
1000 rules with 1 priorities in 30 tables, 1 threads doing 3800000 lookups each

Without wildcards:

hits: 461520, misses: 3338480
classifier lookups:    386 ms, 9844559 lookups/sec

With wildcards:

hits: 461520, misses: 3338480
classifier lookups:    866 ms, 4387990 lookups/sec

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

rhel: Define rundir for older distros.

Some older distros might not define _rundir yet so in this case the RPM
build breaks. This patch defines it to Fedora's default.

Signed-off-by: Flavio Leitner <fbl@redhat.com>
Acked-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovs-ctl: do not attempt to restore flows when called with --delete-bridges

When called with --delete-bridges saved flows cannot be restored as the
bridges to which they belong no longer exist. This results in the following
error messages on restart.

ovs-ofctl: br0 is not a bridge or a socket
Restoring saved flows ... failed!

Although there is no effect of this error other than the message
it seems worth avoiding. This patch does so by skipping saving of flows
when --delete-bridges is in effect.

As flows are no longer saved when --delete-bridges is in effect
a side-effect of this change is that restart may be faster when
there are many flows.

Signed-off-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

meta-flow: Fix ip_frag handling in mf_set_wild().

The wildcard bits were set when they should have been cleared.

Found by inspection.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

odp-util: Fix put_nd_key().

Actually copy the 'nd_target' from the key.

Found by inspection.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

tunneling: Remove gre64 tunnel support.

GRE64 was introduced to extend gre key from 32-bit to 64-bit using
gre-key and sequence number field. But GRE64 is not standard
protocol. There are not many users of this protocol. Therefore we
have decided to remove it.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

ovn-controller-vtep.at: Check the successful exit of ovn-controller-vtep.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ofp-util: Use correct error for indirect group with more than one bucket.

OpenFlow 1.5 says:

    If the group-mod request specifies more than one bucket for a group of
    type Indirect, the switch must refuse to add the group entry and must
    send an ofp_error_msg with OFPET_GROUP_MOD_FAILED type and
    OFPGMFC_INVALID_GROUP code.

Older versions don't specify a particular error for this case, so we might
as well use it for older OpenFlow also.

Found by OFTest.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ovn: Add comments to encourage syncing MFF_LOG_* with documentation.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

ovn-sbctl: Avoid cast in lflow_cmp().

Using casts, IMO, makes it harder to spot what's actually going on.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

system-traffic: Add basic vxlan tunnel sanity test.

This test is skipped if the 'ip' command cannot interpret the vxlan 'dstport'
option; this is used as a proxy for detecting native kernel support for this
tunnel type.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>

system-macros: Don't explicitly remove bridge.

Depending on the kernel in use, manually removing a bridge during
OVS_VSWITCHD_STOP can cause the kernel to send a route update that
refers to the bridge device which is being deleted. OVS can't make sense
of these messages, resulting in logs like the following:

route_table|DBG|Could not find interface name[702]: No such device or
address
netlink_notifier|WARN|received bad netlink message

One such example kernel is the Ubuntu 3.16.0-33-generic linux package.

The bridge doesn't need to be explicitly removed, as the OVSDB
configuration for each test will be cleared before executing the next.
Drop this extra step.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>

system-macros: Create ADD_BR variant.

This patch splits ADD_BR into two commands, so they can be used from
different contexts:

ADD_BR(...) is a standalone command to add a bridge to OVS, and allows
additional ovs-vsctl arguments to be passed. It uses _ADD_BR().
_ADD_BR(...) is the implementation-specific ovs-vsctl arguments to
set up the correct datapath type for userspace or kmod tests.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>

system-traffic: Check ping-by-ping output.

Rather than saving all of the ping output to a file then checking at the
end, check each ping and fail as soon as there is a connectivity
failure.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>

system-common-macros: Allow quotes in NS_EXEC().

This allows arbitrary commands to be passed into the NS_EXEC macro to be
executed within a namespace, including commands that have quotes and
commands chained together.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>

ovn: Free default db befor exit.

The static result of default_db() was malloc'd but not freed before
exit. Make the static result global and free it before exit.

Signed-off-by: Russell Bryant <rbryant@redhat.com>
Acked-by: Alex Wang <alexw@nicira.com>

ovn-controller-vtep: Make 'ovnsb_remote' and 'vtep_remote' free-able.

Found by inspection.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

ovn-controller-vtep: Call binding_cleanup() before gateway_cleanup().

Otherwise, binding_cleanup() will be a no-op since all related chassis
entries are deleted in gateway_cleanup().

Found by inspection.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

ovn-controller-vtep: Fix dereference of NULL pointer.

Found by inspection.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

ovn-northd: Ability to detach on Windows.

A unit test for ovn-northd was hanging because ovn-northd
running on Windows failed to detach. The detach function
for Windows is implemented inside "service_start()".

Also handle Windows services.

Reported-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>

datapath: Fix L4 checksum handling when dealing with IP fragments

openvswitch modifies the L4 checksum of a packet when modifying
the ip address. When an IP packet is fragmented only the first
fragment contains an L4 header and checksum. Prior to this change
openvswitch would modify all fragments, modifying application data
in non-first fragments, causing checksum failures in the
reassembled packet.

Signed-off-by: Glenn Griffin <ggriffin.kernel@gmail.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream: 3576fd794b3 ("openvswitch: Fix L4 checksum handling when
dealing with IP fragments").

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>

datapath: allocate nr_node_ids flow_stats instead of num_possible_nodes

Some architectures like POWER can have a NUMA node_possible_map that
contains sparse entries. This causes memory corruption with openvswitch
since it allocates flow_cache with a multiple of num_possible_nodes() and
assumes the node variable returned by for_each_node will index into
flow->stats[node].

Use nr_node_ids to allocate a maximal sparse array instead of
num_possible_nodes().

The crash was noticed after 3af229f2 was applied as it changed the
node_possible_map to match node_online_map on boot.
Fixes: 3af229f2071f5b5cb31664be6109561fbe19c861

Signed-off-by: Chris J Arges <chris.j.arges@canonical.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Nishanth Aravamudan <nacc@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream: bac541e4631 ("openvswitch: allocate nr_node_ids flow_stats
instead of num_possible_nodes")

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>

datapath: disable LRO

Currently, openvswitch tries to disable LRO from the user space. This does
not work correctly when the device added is a vlan interface, though.
Instead of dealing with possibly complex stacked cross name space relations
in the user space, do the same as bridging does and call dev_disable_lro in
the kernel.

Signed-off-by: Jiri Benc <jbenc@redhat.com>
Acked-by: Flavio Leitner <fbl@redhat.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream: 640b2b107c ("openvswitch: disable LRO").

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>

ovn-controller-vtep.at: Skip test when using Windows setup.

The 'ovs-vtep' simulator is not ported to Windows. So, for now,
just skip all tests in ovn-controller-vtep.at when running in
Windows.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Gurucharan Shetty <gshetty@nicira.com>

ovn-controller-vtep: Add binding module.

This commit adds the binding module to ovn-controller-vtep. The
module will scan through the Port_Binding table in ovnsb. If there is
a port binding entry for a logical switch on the vtep gateway chassis's
"vtep_logical_switches", sets the port binding's chassis column to the
vtep gateway chassis.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

ovn-controller-vtep.at: Fix intermittent test failure.

When testing the recreation of 'chassis' table entry by 'ovn-controller-
vtep'.  The removal of 'chassis' table entry by the 'ovn-sbctl' could
cause 'Broken pipe' warning in ovsdb-server.log.  This is due to the
race between 'ovn-sbctl' exiting and 'ovn-controller-vtep' adding
the chassis back.  So, if the 'ovn-sbctl' exits right when the
ovsdb-server tries to send update of readd of the deleted 'chassis',
the sending will fail with 'Broken pipe' error.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

ovn-sbctl: Make 'chassis-del' delete all encaps.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

ovn-controller-vtep.at: Fix intermittent test failure.

The test waits until grep no vlan '200' from the VTEP 'vlan_binding'
column. However, string '200' could also appear in other 'vlan_binding'
entry's uuid value. Instead, we should grep for '200='.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

rhel: add installed but not packaged OVN tools

This patch adds the following to OVN %files:
   /usr/bin/ovn-controller-vtep
   /usr/bin/ovn-sbctl
   /usr/share/man/man8/ovn-controller-vtep.8.gz
   /usr/share/man/man8/ovn-sbctl.8.gz

Signed-off-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

flow: Ignore invalid ICMPv6 fields when parsing packets

There is a miss-match between the handling of invalid ICMPv6 fields in the
implementations of parse_icmpv6() in user-space and in the kernel datapath.

This patch addresses that by modifying the user-space implementation to
match that of the kernel datapath; processing is terminated without
rather than with an error and partial information is cleared.

With these changes the user-space implementation of parse_icmpv6()
never returns an error. Accordingly the return type and caller have been
updated.

The original motivation for this is to allow matching the ICMPv6 type and
code of packets with invalid neighbour discovery options although only the
change around the '(!opt_len || opt_len > *sizep)' conditional is necessary
to achieve that goal.

Signed-off-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

ofproto: Allow in-place modifications of datapath flows.

There are certain use cases (such as bond rebalancing) where a
datapath flow's actions may change, while it's wildcard pattern
remains the same.  Before this patch, revalidators would note the
change, delete the flow, and wait for the handlers to install an
updated version.  This is inefficient, as many packets could get
punted to userspace before the new flow is finally installed.

To improve the situation, this patch implements in place modification
of datapath flows.  If the revalidators detect the only change to a
given ukey is its actions, instead of deleting it, it does a put with
the MODIFY flag set.

Signed-off-by: Ethan J. Jackson <ethan@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ofproto-dpif-upcall: Make ukey actions modifiable with RCU.

Future patches will need to modify ukey actions in some instances.
This patch makes this possible by protecting them with RCU. It also
adds thread safety checks to enforce the new protection mechanism.

Signed-off-by: Ethan J. Jackson <ethan@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

db-ctl-base: Allow print rows that weak reference to table in
'cmd_show_table'.

Sometimes, it is desirable to print the table with weak reference to
the table specified in 'struct cmd_show_table'. For example the
Port_Binding table rows in OVN_Southbound database that refer to the
same Chassis table row can be printed under the same chassis entry
in 'ovn-sbctl show' output.

To achieve it, this commit adds a new struct in 'struct cmd_show_table'
that allows users to print a table with weak reference to 'table'
specified in 'struct cmd_show_table'. The 'ovn-sbctl' which now prints
the Port_Binding entries with Chassis table, is the first user of this
new feature.

Requested-by: Justin Pettit <jpettit@nicira.com>
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

ovn-sbctl: Print stage name in addition to table number.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>

ovn-northd: Store name of the logical flow stage in external-ids.

This will be useful in a future commit.

It also introduces #define's for logical stages instead of in-place
constants.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>

classifier: Do not use mf_value.

mf_value has grown bigger than needed for storing the biggest
supported prefix (IPv6 address length). Define a new type to be used
instead of mf_value.

This makes classifier lookups a bit faster.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>

ovn: Add lflow-list to ovn-sbctl.

I frequently view the contents of the Logical_Flow table while working
on OVN. Add a command that can output the contents of this table in a
sorted way that makes it easier to read through. It's sorted by
logical datapath, pipeline, table id, priority, and match.

Signed-off-by: Russell Bryant <rbryant@redhat.com>
Acked-by: Alex Wang <alexw@nicira.com>

classifier: Simplify minimask_hash().

minimask_hash() can be simplified as each value is known to be non-zero.

Move miniflow_hash() into test-classifier.c as miniflow_hash__() as it
is no longer needed elsewhere.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>

classifier: Remove unused hash functions.

Remove unused cls_rule_hash() and minimatch_hash() functions.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>

flow: Avoid compile errors.

GCC (4.7) sees too wide shifts when there are none, refactor to
circumvent the false error.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>

classifier: Fix comment.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>

system-kmod-macros: Fix VSWITCHD_STOP.

This was renamed. Surprisingly, the tests still pass without this,
however the extra checks that this command performs were not executed.
Fix the macro definition.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>

ofproto-dpif-upcall: Add VLOG_WARN_RL logs for upcall_cb() error.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

ovn-controller-vtep: Add gateway module.

This commit adds the gateway module to ovn-controller-vtep. The
module will register the physical switches to ovnsb as chassis and
constantly update the "vtep_logical_switches" column in Chassis table.

Limitation (Recorded in TODO file):

- Do not support reading multiple tunnel ips of physical switch.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

ovsdb-idl: Move get_initial_snapshot() to ovsdb-idl.

The same function is defined in both ovn-controller.c and
ovn-controller-vtep.c, so worth librarizing.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

ovn: Add controller for VTEP gateway.

This commit lays down the foundation for a new controller in OVN, the
ovn-controller-vtep, for controlling the vtep enabled gateways.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

ovn-architecture: Document the registers used for logical ports.

When reviewing the OpenFlow flows generated by ovn-controller, it's nice
to have this information.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

idl-loop: Move idl-loop into ovsdb-idl library.

idl-loop is needed in implementing other controller (i.e., vtep controller).
So, this commit moves the logic into ovsdb-idl library module.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

ovn-northd: Pass logical port type and options to ovn-sb database.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

ovn-sbctl: Add ovn-sbctl.

This commit adds ovn-sbctl to ovn family by using the db-ctl-base
library.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

ovn-nbctl: Move ovn-nbctl to utilities directory.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

ovn-sb: Remove the "Gateway" table from the ovn-sb schema.

In a gateway like the VTEP L2 gateway, physical vlans belonging to
the same logical network form a "logical switch".  Each logical switch
has a dedicated tunnel key and will keep records of all MACs learned
from the owned vlans.  So user can just send packet to a "logical
switch" and the gateway will figure out the output port and vlan tag
automatically.

Therefore, it is really not necessary to keep record of the vlan map
for each gateway physical port in the OVN_Southbound database using
"gateway_ports" and to map each vlan to a unique ovn logical port.
Instead, we should simply map each logical switch to a ovn logical
port.

Thusly, this commit removes the "Gateway" table from the OVN_Southbound
database.  In the "Chassis" table, the "gateway_ports" column is replaced
by "vtep_logical_switches" column which stores all vtep logical switch
names.  The use of this column will be documented in later commit.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

ovn-controller: Fix flows between two local ports.

A flow was missing from the remote output table that causes local
packets to be resubmitted to the local ouptut table.

Reported-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

Vagrantfile: Add test_ovs_system_userspace provision.

Add 'test_ovs_system_userspace' provision. Command:
# vagrant provision --provision-with=test_ovs_system_userspace

will run "make check-system-userspace" in the vagrant launched VM.

It may be more convenient to run this tests inside a vm rather than in
the host, because they interact with system networking.

Suggested-by: Joe Stringer <joestringer@nicira.com>
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Joe Stringer <joestringer@nicira.com>

tests: Add system-userspace-testsuite.

The new system-userspace-testsuite, which can be launched via
`make check-system-userspace`, reuses the kmod tests on the userspace
datapath.

The userspace datapath is already tested by the main testsuite (and
that's not going to change), but having also the
system-userspace-testsuite has the following advantages:

* More complicated tests are possible: real client and server
  applications can be used.
* The same tests run on both kernel and userspace datapath: this gives
  us an easy way to make sure that the behaviour is consistent (e.g.
  with the upcoming connection tracker integration)

The userspace datapath is able to use system network interfaces via an
AF_PACKET socket.

Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Joe Stringer <joestringer@nicira.com>

tests: Introduce NS_EXEC and NS_CHECK_EXEC for system tests.

Instead of repeating every time "ip netns exec ..." it is better to
introduce some macros.

Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Joe Stringer <joestringer@nicira.com>

tests: Rename kmod-testsuite to system-kmod-testsuite.

The name makes more sense, especially with the addition of a userspace
system testsuite. No functional change in this commit.

Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Joe Stringer <joestringer@nicira.com>