Justin Pettit [Wed, 17 Jun 2015 23:00:50 +0000 (16:00 -0700)]
Set release date for 2.3.2.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Pravin B Shelar [Mon, 8 Jun 2015 22:50:35 +0000 (15:50 -0700)]
datapath: Fix build on RHEL 7.1
Some of code is backported from following commit.
commit
13dd4a9738e99684a56b10ce2f1a5ee2d2ec2f9f
Author: Joe Stringer <joestringer@nicira.com>
Date: Tue Mar 24 16:16:18 2015 -0700
compat: Fix RHEL7 build.
Tested against 3.10.0-229.el7.x86_64.
----------8<--------
Reported-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Flavio Leitner <fbl@redhat.com>
Alex Wang [Sun, 7 Jun 2015 18:38:52 +0000 (11:38 -0700)]
odp-util: Make sure vlan tci mask has exact match for VLAN_CFI.
OVS datapath has check which prevents the installation of flow
that matches VLAN TCI but does not have exact match for VLAN_CFI
bit. To follow this rule, ovs userspace must make sure the
flow key for datapath flow matching VLAN TCI has exact match for
VLAN_CFI bit.
Before this commit, this is not enforced, so OpenFlow flow like
"vlan_tci=0x000a/0x0fff,action=output:local" can generate datapath
flow like "vlan(vid=10/0xfff,pcp=0/0x0,cfi=1/0)".
With the OVS datapath check, the installation of such datapath
flow will be rejected with:
"|WARN|system@ovs-system: failed to put[create][modify] (Invalid argument)"
This commit makes ovs userspace always exact match the VLAN_CFI
bit if the flow matches VLAN TCI.
Reported-by: Ronald Lee <ronaldlee@vmware.com>
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Ben Pfaff [Tue, 3 Mar 2015 21:28:32 +0000 (13:28 -0800)]
ofp-errors: Add Nicira extension code for OFPBMC_BAD_FIELD.
There are a couple of cases where OpenFlow 1.0 controllers that use
Nicira extensions can get OFPBMC_BAD_FIELD, so we should have an error
code for it in that protocol.
Reported-by: Soner Sevinc <sevincs@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
YAMAMOTO Takashi [Mon, 1 Jun 2015 03:26:40 +0000 (12:26 +0900)]
Update my email address
Signed-off-by: YAMAMOTO Takashi <yamamoto@midokura.com>
Acked-by: Justin Pettit <jpettit@nicira.com>
Jarno Rajahalme [Fri, 29 May 2015 18:28:38 +0000 (11:28 -0700)]
ofproto: Eliminate use of unset error code.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Wed, 25 Feb 2015 16:46:02 +0000 (08:46 -0800)]
json: Fix error message for corner case in json_string_unescape().
The error message should not include bytes already copied from the input
string.
Found by inspection.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>
Flavio Leitner [Fri, 29 May 2015 00:10:41 +0000 (21:10 -0300)]
fedora-spec: add missing buildrequires
The BuildRequires tells upfront which packages should be
installed in order to build the openvswitch rpm packages.
Signed-off-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Flavio Leitner [Tue, 28 Apr 2015 02:00:14 +0000 (23:00 -0300)]
rhel: Add buildrequires for procps-ng.
The testsuite is enabled by default and uses some of
the tools provided by procps-ng.
Signed-off-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Joe Stringer [Wed, 20 May 2015 17:35:15 +0000 (10:35 -0700)]
tests: Fix in_port(name) test for ofproto/trace.
Commit
c2a77f33ade (tests/ofproto-dpif: Use vlog to test dpif
behaviour.) mistakenly changed the test which checked that ovs-dpctl
accepts named ports as input. Restore the name to the test.
Reported-by: Gurucharan Shetty <gshetty@nicira.com>
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Ansis Atteka [Tue, 26 May 2015 23:49:49 +0000 (16:49 -0700)]
debian: install openvswitch kernel module under "updates" directory
This patch fixes a bug where "modprobe openvswitch" command on Ubuntu
distribution would have sometimes tried to load OVS kernel module that
shipped together with Linux Kernel, even though one had also installed
OVS datapath debian package created with module-assistant. Because of
this issue force-reload-kmod command occasionally malfunctioned and
failed to load the right kernel module.
This bug happened *occasionally* because the default Ubuntu depmod
configuration in /etc/depmod.d/ubuntu.conf is set to look for kernel
modules first in "updates" directory, then in "ubuntu" directory and
then in other directories. If there were two openvswitch.ko modules
in "other directories", then modprobe would have loaded kernel
module that was nondeterministically listed first by file system.
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Alex Wang [Tue, 26 May 2015 23:18:50 +0000 (16:18 -0700)]
ovs-ctl: Remove vport_* modules when downgrade from branches > 2.3.
When downgrading from current master to branch-2.3, the 'force-reload-kmod'
can fail due to not removing 'vport_*' modules, this commit fixes this by
making sure 'vport_*' are removed correctly.
Reported-by: Mark Hamilton <mhamilton@vmware.com>
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Dan McGregor [Tue, 19 May 2015 19:24:26 +0000 (12:24 -0700)]
netdev-bsd: Include net/bpf.h.
The documentation says it is required to use bpf ioctls on both
NetBSD and FreeBSD. It causes a compile time failure on FreeBSD 10.
Signed-off-by: Dan McGregor <dan.mcgregor@usask.ca>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Edwin Chiu [Tue, 28 Apr 2015 22:15:54 +0000 (15:15 -0700)]
xenserver: Use kernel uname version for XenServer 6.5
In XenServer 6.5, multiple kernel packages with different
rpm versions can have the same uname. So, it is not
necessary for openvswitch kernel module to require the
exact rpm version. Instead, the kernel module package
should check the uname version.
This commit will add a new variable %{kernel_uname} to
specify whether to use kernel uname version or kernel
rpm version as requirement.
When %{kernel_name} is used, openvswitch-module will have
"Requires: kernel-uname-r = <uname version>" set instead of
"Requires: kernel = <version>".
Reported-by: Gosen Chien <astgosen@ccu.edu.tw>
Signed-off-by: Edwin Chiu <echiu@vmware.com>
Signed-off-by: Alex Wang <alexw@nicira.com>
Jesse Gross [Mon, 27 Apr 2015 19:28:55 +0000 (12:28 -0700)]
datapath: Stop using __DATE__ and __TIME__ in startup string.
An increasing number of distributions ship with GCC 4.9 (including
Fedora and Ubuntu) that has -Werror=date-time. This causes kernel
compilation to fail because the builds are not exactly reproducible.
This simply removes the use of those constants, which was already
done for the upstream Linux version of the module. It retains the
version string, however, which should provide the same information
in most cases.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Thu, 16 Apr 2015 21:19:37 +0000 (14:19 -0700)]
netdev-bsd: Fix netdev_bsd_get_mtu() return value.
When netdev_bsd_get_mtu() failed, it didn't report the error to the caller,
so the caller couldn't work around not knowing the MTU, and ended up using
an uninitialized 'mtu' value.
Found by LLVM scan-build.
Reported-by: Kevin Lo <kevlo@FreeBSD.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Kevin Lo <kevlo@FreeBSD.org>
Acked-by: YAMAMOTO Takashi <yamamoto@valinux.co.jp>
Ansis Atteka [Tue, 7 Apr 2015 02:01:59 +0000 (19:01 -0700)]
ofproto-dpif: Use fat_rwlock instead of ovs_rwlock.
This patch fixes a deadlock introduced by commit
6b59b543 (ovs-thread:
Use fair (but nonrecursive) rwlocks on glibc.)
If STP is enabled, then a handler thread could have already had
acquired "xlate_rwlock" in xlate_actions() and then might have
attempt to acquire it again in xlate_send_packet() leading to
a deadlock:
pthread_rwlock_rdlock () from /lib/x86_64-linux-gnu/libpthread.so.0
ovs_rwlock_rdlock_at (l_=0x769cc0, where=0x4f4568 "../ofproto/ofproto-dpif-xlate.c:3600") at ../lib/ovs-thread.c:71
xlate_send_packet (ofport=0x23b6400, packet=0x7f980400a8d0) at ../ofproto/ofproto-dpif-xlate.c:3600
ofproto_dpif_send_packet (ofport=<optimized out>, packet=0x7f980400a8d0) at ../ofproto/ofproto-dpif.c:3684
send_bpdu_cb (pkt=0x7f980400a8d0, port_num=0, ofproto_=0x229a410) at ../ofproto/ofproto-dpif.c:1927
stp_send_bpdu (p=0x2400c00, bpdu=0x7f980f7e3080, bpdu_size=35) at ../lib/stp.c:1558
stp_transmit_config (p=0x2400c00) at ../lib/stp.c:1052
stp_acknowledge_topology_change (p=<optimized out>) at ../lib/stp.c:1301
stp_received_tcn_bpdu (p=<optimized out>, stp=<optimized out>) at ../lib/stp.c:1353
stp_received_bpdu (p=0x2400c00, bpdu=0x7f980f7f81e9, bpdu_size=<optimized out>) at ../lib/stp.c:771
stp_process_packet (packet=0x7f980f7f80f8, xport=0x24594b0) at ../ofproto/ofproto-dpif-xlate.c:840
process_special (flow=<optimized out>, xport=0x24594b0, packet=0x7f980f7f80f8, ctx=<optimized out>) at ../ofproto/ofproto-dpif-xlate.c:1832
compose_output_action__ (ctx=0x7f980f7e3730, ofp_port=<optimized out>, check_stp=true) at ../ofproto/ofproto-dpif-xlate.c:1894
compose_output_action (ofp_port=<optimized out>, ctx=0x7f980f7e3730) at ../ofproto/ofproto-dpif-xlate.c:2031
output_normal (ctx=0x7f980f7e3730, out_xbundle=0x23d13a0, vlan=<optimized out>) at ../ofproto/ofproto-dpif-xlate.c:1316
xlate_normal (ctx=0x7f980f7e3730) at ../ofproto/ofproto-dpif-xlate.c:1625
xlate_output_action (ctx=0x7f980f7e3730, port=<optimized out>, max_len=<optimized out>, may_packet_in=<optimized out>) at ../ofproto/ofproto-dpif-xlate.c:2540
do_xlate_actions (ofpacts=<optimized out>, ofpacts_len=<optimized out>, ctx=0x7f980f7e3730) at ../ofproto/ofproto-dpif-xlate.c:2833
xlate_actions__ (xin=0x7f980f7fda40, xout=0x7f980f7e41f0) at ../ofproto/ofproto-dpif-xlate.c:3485
xlate_actions (xin=0x7f980f7fda40, xout=0x7f980f7e41f0) at ../ofproto/ofproto-dpif-xlate.c:3223
xlate_actions_for_side_effects (xin=<optimized out>) at ../ofproto/ofproto-dpif-xlate.c:3136
handle_upcalls (n_upcalls=50, upcalls=0x7f980f7f3080, misses=0x7f980f7fd890, handler=<optimized out>) at ../ofproto/ofproto-dpif-upcall.c:973
udpif_upcall_handler (arg=0x23e91e0) at ../ofproto/ofproto-dpif-upcall.c:541
ovsthread_wrapper (aux_=<optimized out>) at ../lib/ovs-thread.c:322
start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
clone () from /lib/x86_64-linux-gnu/libc.so.6
?? ()
The patch fixes this deadlock by using fat_rwlock that still allows
to acquire read lock in a recursive manner.
This bug is not present in master branch because commit
84f0f298 (ofproto-dpif-xlate: Implement RCU locking in
ofproto-dpif-xlate) removed xlate_rwlock.
VMware-BZ: #
1425671
Reported-by: Scott Hendricks <shendricks@nicira.com>
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>
Andy Zhou [Thu, 5 Jun 2014 23:01:17 +0000 (16:01 -0700)]
netdev-dummy: add appctl netdev-dummy/conn-state command
Using without any parameter, this command list the connection
state of all netdev-dummy devices that are configured to make
active connections.
Optionally, the name of the netdev-dummy device can be supplied
as a parameter.
The states will be displayed as:
"connected": The socket has been connected to the listener.
"disconnected": The socket is not connected.
"unknown": It is not an active dummy device.
CC: Jarno Rajahalme <jrajahalme@nicira.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Kevin Lo [Sat, 4 Apr 2015 16:59:26 +0000 (00:59 +0800)]
netdev-bsd: Fix sign extension bug in ifr_flags on FreeBSD.
FreeBSD fills the int return value with ifr_flagshigh in the high
16 bits and ifr_flags in the low 16 bits rather than blindly promoting
ifr_flags to an int, which will preserve the sign.
This commit makes sure the flags returned isn't negative and apply mask
0xffff to flags.
Signed-off-by: Kevin Lo <kevlo@FreeBSD.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Fri, 3 Apr 2015 22:10:57 +0000 (15:10 -0700)]
acinclude: Always assume buggy strtok_r() for glibc < 2.8.
Lately our internal build system has been seeing intermittent failures that
I can't explain. With old glibc versions, the "configure" time check will
pass, but the equivalent (almost identical) "make check" test will fail.
One possibility, I guess, is that occasionally address space randomization
will put valid data at the 0xc0ffee address that the test assumes will
segfault, and another is that some change in compiler optimization flags
is making a difference. At any rate, I think it's safe to just always
assume that this strtok_r() bug is present whenever glibc before 2.8 is
in use.
Specifically we've seen this happen intermittently when building against
the XenServer DDK 5.6.100 build 39265, which uses glibc 2.5.
Reported-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>
Joe Stringer [Fri, 4 Jul 2014 06:58:28 +0000 (06:58 +0000)]
tests: Fix race in 'balance-tcp bonding' test.
Running the test in a tight loop could cause this test to fail after
about 5 runs, with some of the ports reporting "may_enable: false" in
the "ovs-appctl bond/show" output. This commit fixes the race condition
by waiting for may_enable to be true for all bond ports.
I suspect that LACP negotiation finishes, but the main thread doesn't
have a chance to enable the ports before we send the test packets.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Andy Zhou [Fri, 6 Jun 2014 22:36:14 +0000 (15:36 -0700)]
test: Remove explicit sleeps from ofproto-dpif bond tests
Ofproto-dpif bond tests relies on netdev-dummy ports to set up
socket connection before actual tests. The time required
for socket connection varies depends on system load, making the test
prone to failure with simple sleep calls. On the other hand,
conservative sleep value for the slowest machine may be excessive on
a faster machine.
This patch removes the sleep calls. Replace them with
WAIT_FOR_DUMMY_PORTS() introduced in the last patch, thus removing
the timing dependency.
CC: Jarno Rajahalme <jrajahalme@nicira.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Andy Zhou [Fri, 6 Jun 2014 22:35:39 +0000 (15:35 -0700)]
test: add WAIT_FOR_DUMMY_PORTS helper macro for writing tests
Add a macro to waiting until all ports supplied are connected.
CC: Jarno Rajahalme <jrajahalme@nicira.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Alex Wang [Sat, 28 Mar 2015 06:19:22 +0000 (23:19 -0700)]
ofproto-dpif: Set need_revalidate when removing cfm from ofport.
When cfm is deleted from a port, all modules should release their
reference so that the cfm struct can be removed from the global hmap
and freed. Therein, the reference held by xlate module can only be
released when the need_revalidate flag is set (e.g set to
REV_RECONFIGURE). And this flag should be set while removing cfm
from ofport. Unfortunately, this has never been done before and the
bug was hidden by another bug fixed in recent commit
a190839
(netdev-vport: Do not update netdev when there is no config change.)
To fix this issue, this commit makes the code set need_revalidate
when removing cfm from ofport.
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Alex Wang [Fri, 27 Mar 2015 18:34:53 +0000 (11:34 -0700)]
netdev-linux: Make htb quantum always no less than mtu.
Currently, ovs uses hardcoded rate2quantum = 10 for each htb qdisc.
When qdisc class's rate is small, the resulting quantum (calculated
by min_rate / rate2quantum) will be smaller than MTU. This is not
recommended and tc will keep complaining the following in syslog.
localhost kernel: HTB: quantum of class 10003 is small. Consider r2q change.
localhost kernel: HTB: quantum of class 10004 is small. Consider r2q change.
localhost kernel: HTB: quantum of class 10005 is small. Consider r2q change.
localhost kernel: HTB: quantum of class 10006 is small. Consider r2q change.
To fix the issue, this commit makes ovs always use htb quantum no less
than the MTU.
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Alex Wang [Fri, 27 Mar 2015 00:35:32 +0000 (17:35 -0700)]
netdev-vport: Do not update netdev when there is no config change.
When there is any update from ovsdb, ovs will call netdev_set_config()
for every vport. Even though the change is not related to vport, the
current implementation will always increment the per-netdev sequence
number. Subsequently this could cause even more unwanted effects,
e.g. the recreation of 'struct tnl_port' in ofproto level.
This commit fixes the issue by only updating the netdev when there
is actual configuration change.
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Jarno Rajahalme [Thu, 19 Mar 2015 22:20:21 +0000 (15:20 -0700)]
ofproto-dpif-xlate: Roll back group bucket actions after every bucket.
We used to roll back group bucket changes only for 'all' and
'indirect' group types, but the expected semantics of all group types
is that any changes by the group bucket are not visible after the
group has been executed.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Fri, 13 Mar 2015 19:54:50 +0000 (12:54 -0700)]
ofproto: Prevent deleting flows from hidden tables.
Trying to delete a hidden flow should return an "EPERM" error, but the
code here allowed it instead.
Reported-by: Vijaya Mohan Guvva <vguvva@caviumnetworks.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Tested-by: Vijaya Mohan Guvva <vguvva@caviumnetworks.com>
Edwin Chiu [Tue, 10 Mar 2015 18:36:43 +0000 (11:36 -0700)]
xenserver: Fix build spec for XenServer 6.5.
The latest XenServer 6.5 uses a new way for kernel version naming.
Therein, the kernel flavor could not be found anymore. Also, the
directory name in 'lib/modules/' becomes a shortened version of
kernel version. e.g.:
[root@localhost ~]# ls /lib/modules/
3.10.0+2
As a workaround, this commit modifies the spec file to make
%{kernel_flavor} optional and %{xen_version} definable by users.
In the long run, I'd like to spend time refining the spec file.
Signed-off-by: Edwin Chiu <echiu@vmware.com>
Signed-off-by: Alex Wang <alexw@nicira.com>
Andy Zhou [Wed, 4 Mar 2015 11:26:06 +0000 (03:26 -0800)]
datapath: simplify sample action implementation
The current sample() function implementation is more complicated
than necessary in handling single user space action optimization
and skb reference counting. There is no functional changes.
Msg from Chris Dunlop:
The commit isn't actually designed to address the problem directly,
however in simplifying sample() it removes a call to skb_get(). The
skb_get() makes the skb shared, which later causes us to hit the BUG().
E.g. your v2.3.1 stack trace shows this call path:
netdev_frame_hook
+ netdev_port_receive
| skb is guaranteed not-shared, via:
| skb = skb_share_check(skb, GFP_ATOMIC);
+ ovs_vport_receive
+ ovs_dp_process_received_packet
+ ovs_dp_process_packet_with_key
+ ovs_execute_actions
+ do_execute_actions
| nla_type(a) == OVS_ACTION_ATTR_SAMPLE
+ sample
| skb is made shared here, via:
| sample_skb = skb;
| skb_get(skb);
+ do_execute_actions
| nla_type(a) == OVS_ACTION_ATTR_USERSPACE
+ output_userspace
+ ovs_dp_upcall
+ queue_userspace_packet
+ skb_checksum_help
+ pskb_expand_head
| if (skb_shared(skb))
| BUG(); BOOM!!!
Reported-by: Chris Dunlop <chris@onthe.net.au>
Reported-by: "Xu (Simon) Chen" <xchenum@gmail.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Alexey I. Froloff [Wed, 11 Feb 2015 12:28:52 +0000 (15:28 +0300)]
ovs-save: Preserve IPv6 link-local address on interface save.
If IPv6 link-local address is removed from interface, it is unable to
receive any IPv6 packets, including Route Advertisements.
In save_interface only skip IPv4 "scope link" addresses.
Signed-off-by: Alexey I. Froloff <raorn@raorn.name>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Pravin B Shelar [Fri, 20 Feb 2015 23:34:03 +0000 (15:34 -0800)]
datapath: Fix net exit.
Open vSwitch allows moving internal vport to different namespace
while still connected to the bridge. But when namespace deleted
OVS does not detach these vports, that results in dangling
pointer to netdevice which causes kernel panic as follows.
This issue is fixed by detaching all ovs ports from the deleted
namespace at net-exit.
BUG: unable to handle kernel NULL pointer dereference at
0000000000000028
IP: [<
ffffffffa0aadaa5>] ovs_vport_locate+0x35/0x80 [openvswitch]
Oops: 0000 [#1] SMP
Call Trace:
[<
ffffffffa0aa6391>] lookup_vport+0x21/0xd0 [openvswitch]
[<
ffffffffa0aa65f9>] ovs_vport_cmd_get+0x59/0xf0 [openvswitch]
[<
ffffffff8167e07c>] genl_family_rcv_msg+0x1bc/0x3e0
[<
ffffffff8167e319>] genl_rcv_msg+0x79/0xc0
[<
ffffffff8167d919>] netlink_rcv_skb+0xb9/0xe0
[<
ffffffff8167deac>] genl_rcv+0x2c/0x40
[<
ffffffff8167cffd>] netlink_unicast+0x12d/0x1c0
[<
ffffffff8167d3da>] netlink_sendmsg+0x34a/0x6b0
[<
ffffffff8162e140>] sock_sendmsg+0xa0/0xe0
[<
ffffffff8162e5e8>] ___sys_sendmsg+0x408/0x420
[<
ffffffff8162f541>] __sys_sendmsg+0x51/0x90
[<
ffffffff8162f592>] SyS_sendmsg+0x12/0x20
[<
ffffffff81764ee9>] system_call_fastpath+0x12/0x17
Reported-by: Assaf Muller <amuller@redhat.com>
Fixes:
46df7b81454("openvswitch: Add support for network namespaces.")
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Reviewed-by: Thomas Graf <tgraf@noironetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream:
7b4577a9da ("openvswitch: Fix net exit").
Acked-by: Andy Zhou <azhou@nicira.com>
Ben Pfaff [Fri, 20 Feb 2015 19:30:50 +0000 (11:30 -0800)]
socket-util: Use correct address family in set_dscp(), instead of guessing.
The set_dscp() function, until now, tried to set the DSCP as IPv4 and as
IPv6. This worked OK on Linux, where an ENOPROTOOPT error made it really
clear which one was wrong, but FreeBSD uses EINVAL instead, which has
multiple meanings and which it therefore seems somewhat risky to ignore.
Instead, this commit just tries to set the correct address family's DSCP
option.
Tested by Alex Wang on FreeBSD 9.3.
Reported-by: Atanu Ghosh <atanu@acm.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Co-authored-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Alex Wang <alexw@nicira.com>
Tested-by: Alex Wang <alexw@nicira.com>
Ben Pfaff [Fri, 20 Feb 2015 16:44:48 +0000 (08:44 -0800)]
stream: Eliminate pstream_set_dscp().
This function is really of marginal utility. This commit drops it and
makes the existing callers instead open a new pstream with the desired
dscp.
The ulterior motive here is that the set_dscp() function that actually sets
the DSCP on a socket really wants to know the address family (AF_INET vs.
AF_INET6). We could plumb that down through the stream code, and that's
one reasonable option, but I thought that simply eliminating some calls
to set_dscp() where we don't already have the address family handy was
another reasonable way to go.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>
Andy Zhou [Thu, 12 Feb 2015 23:10:28 +0000 (15:10 -0800)]
ofproto/bond: Fix a race condition in updating post recirculation rules
When updating post recirc rules, rule management requires calls to
hmap APIs, which requires proper locking to ensure mutual exclsion in
accessing the hmap internal data structure. The locking currently is
missing from the output_normal() xlate path, thus causing
a race condition.
The race condition leads to segfault crash of ovs-vswitchd, with the
following stack trace:
The crash was found by adding and deleting bond interfaces repeatedly
with on-going traffic hitting the bond interfaces. The same test was
ran over multiple days with this patch to ensure the same crash was
not seen.
The patch added the necessary lock annotation that would have caught
the bug.
Tested-by: Salvatore Cambria <salvatore.cambria@citrix.com>
Reported-by: Salvatore Cambria <salvatore.cambria@citrix.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Fri, 13 Feb 2015 22:31:21 +0000 (14:31 -0800)]
ofp-parse: Correctly update bucket lists if they are empty.
Previously, list_moved() only worked with non-empty lists, but this was a
caveat that was really easy to miss. parse_ofp_group_mod_file() had a bug
because it didn't honor that restriction. This commit fixes the problem,
by modifying the list_moved() interface to be harder to use incorrectly
and then updating the callers.
Reported-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Thomas Graf <tgraf@noironetworks.com>
Ben Pfaff [Thu, 12 Feb 2015 07:34:50 +0000 (23:34 -0800)]
mac-learning: Implement per-port MAC learning fairness.
In "MAC flooding", an attacker transmits an overwhelming number of frames
with unique Ethernet source address on a switch port. The goal is to
force the switch to evict all useful MAC learning table entries, so that
its behavior degenerates to that of a hub, flooding all traffic. In turn,
that allows an attacker to eavesdrop on the traffic of other hosts attached
to the switch, with all the risks that that entails.
Before this commit, the Open vSwitch "normal" action that implements its
standalone switch behavior (and that can be used by OpenFlow controllers
as well) was vulnerable to MAC flooding attacks. This commit fixes the
problem by implementing per-port fairness for MAC table entries: when
the MAC table is at its maximum size, MAC table eviction always deletes an
entry from the port with the most entries. Thus, MAC entries will never
be evicted from ports with only a few entries if a port with a huge number
of entries exists.
Controllers could introduce their own MAC flooding vulnerabilities into
OVS. For a controller that adds destination MAC based flows to an OpenFlow
flow table as a reaction to "packet-in" events, such a bug, if it exists,
would be in the controller code itself and would need to be fixed in the
controller. For a controller that relies on the Open vSwitch "learn"
action to add destination MAC based flows, Open vSwitch has existing
support for eviction policy similar to that implemented in this commit
through the "groups" column in the Flow_Table table documented in
ovs-vswitchd.conf.db(5); we recommend that users of "learn" not already
familiar with eviction groups to read that documentation.
In addition to implementation of per-port MAC learning fairness,
this commit includes some closely related changes:
- Access to client-provided "port" data in struct mac_entry
is now abstracted through helper functions, which makes it
easier to ensure that the per-port data structures are maintained
consistently.
- The mac_learning_changed() function, which had become trivial,
vestigial, and confusing, was removed. Its functionality was folded
into the new function mac_entry_set_port().
- Many comments were added and improved; there had been a lot of
comment rot in previous versions.
CERT: VU#784996
Reported-by: "Ronny L. Bull - bullrl" <bullrl@clarkson.edu>
Reported-at: http://www.irongeek.com/i.php?page=videos/derbycon4/t314-exploring-layer-2-network-security-in-virtualized-environments-ronny-l-bull-dr-jeanna-n-matthews
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
Ben Pfaff [Wed, 11 Feb 2015 02:00:22 +0000 (18:00 -0800)]
timeval: Correctly report usage statistics in log_poll_interval().
Most of the information that timeval was reporting for long poll intervals
was comparing per-thread with per-process statistics, which yielded
nonsense a lot of the time.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>
Jason Kölker [Sat, 7 Feb 2015 06:47:51 +0000 (06:47 +0000)]
XenServer: Don't reset on xe-toolstack-restart
With XenServer only 1 manager is configured in the pool, which may not
be the first manager returned from `get-manager` as it returns in
lexicographical order.
Signed-off-by: Jason Kölker <jason@koelker.net>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Jason Kölker [Wed, 4 Feb 2015 23:12:30 +0000 (23:12 +0000)]
XenServer: PEP8 Cleanup for openvswitch-cfg-update
Signed-off-by: Jason Kölker <jason@koelker.net>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Andy Zhou [Tue, 3 Feb 2015 21:57:55 +0000 (13:57 -0800)]
datapath: update exact match lookup hash value to avoid hash collision
Currently, the exact match cache lookup uses 'skb->hash' as an index.
In most cases, this value will be the same for pre and post
recirculation lookup, threshing the exact match cache. This patch
avoid this hash collision by using the rehashed value, by mixing in
in the 'recirc_id', as the lookup index.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Ben Pfaff [Fri, 30 Jan 2015 21:36:34 +0000 (13:36 -0800)]
ofproto-dpif: Revalidate when sFlow probability changes.
Until now, when the sFlow selection probability changed, OVS failed to
immediately revalidate the flow table, delaying the new probability taking
effect. This commit fixes the problem.
Reported-by: K 華 <k940545@hotmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Alex Wang [Fri, 30 Jan 2015 18:41:18 +0000 (10:41 -0800)]
ovs-vsctl.at: Fix intermittent failure.
This commit fixes the intermittent test failure caused by the
race between the test thread and logging thread.
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Gurucharan Shetty [Mon, 26 Jan 2015 16:36:23 +0000 (08:36 -0800)]
vlog: Logging option '--syslog-target' needs one argument.
Without this commit, starting a daemon with just '--syslog-target'
causes a segmentation fault.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Gao feng [Thu, 22 Jan 2015 11:31:31 +0000 (12:31 +0100)]
setup n_upcall_pids for vport_request when destroy all channels
Setup the n_upcall_pids to 1, otherwise the
OVS_VPORT_ATTR_UPCALL_PID nlattr will be incorrect.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Ben Pfaff [Thu, 22 Jan 2015 05:08:12 +0000 (21:08 -0800)]
ofproto-dpif: Fix memory leak of mirrors in bundle_destroy().
The mirrors are added in bundle_set() with 'bundle' as aux so they must
be removed with the same aux, but the call used 'bundle->aux' instead.
Reported-by: Sabyasachi Sengupta <Sabyasachi.Sengupta@alcatel-lucent.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Sat, 17 Jan 2015 17:21:04 +0000 (09:21 -0800)]
pktbuf: Always initialize '*bufferp' even when 'pb == NULL'.
Otherwise if a service connection (which does not have buffers) attempts
to use buffers, '*bufferp' will be uninitialized, which can cause a
segfault in the caller.
Found using OFtest configured to use service (active rather than passive)
connections.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Thomas Graf <tgraf@noironetworks.com>
Ben Pfaff [Sun, 11 Jan 2015 21:45:36 +0000 (13:45 -0800)]
dpif-linux: Drop oversized packets instead of assert-failing.
A packet sent to a Netlink datapath has to fit within a Netlink attribute.
Until now, this was only checked in an assertion inside the Netlink code,
which meant that trying to send a too-large packet (approximate 64 kB or
larger) would assert-fail. It's better to just drop those packets, which
this commit does.
Reported-by: Shuping Cui <scui@redhat.com>
Reported-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Ben Pfaff [Wed, 7 Jan 2015 21:19:41 +0000 (13:19 -0800)]
netlink: Refine calculation of maximum-length attributes.
Until now the Netlink code has considered an attribute to exceed the
maximum length if the *padded* size of the attribute exceeds 65535 bytes.
For example, an attribute with a 65529-byte payload, together with 4-byte
header and 3 bytes of padding, takes up 65536 bytes and therefore the
existing code rejected it.
However, the restriction on Netlink attribute sizes is to ensure that the
length fits in the 16-bit nla_len field. This field includes the 4-byte
header but not the padding, so a 65529-byte payload is acceptable because,
with the header but not the padding, it comes to only 65533 bytes.
Thus, this commit relaxes the restriction on Netlink attribute sizes by
omitting padding from size checks. It also changes one piece of code that
inlined a size check to use the central function nl_attr_oversized().
This change should fix an assertion failure when OVS userspace passes a
maximum-size (65529+ byte) packet back to the kernel.
Reported-by: Shuping Cui <scui@redhat.com>
Reported-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Alex Wang [Mon, 29 Dec 2014 23:56:23 +0000 (15:56 -0800)]
ofproto-dpif-upcall: Make handler always call poll_block.
This commit makes handler threads always call poll_block() at
the end of each handling cycle. If there are upcalls received
in the current cycle, the handler will register to wake up
immediately. Otherwise, it will wait on both the netlink
socket and the exit latch.
Calling poll_block() at every handling cycle makes sure that
coverage counter stats are always timely attributed, and that
the execution of ovsrcu-postponed events is not held by any
busy handler thread.
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Jan Vansteenkiste [Mon, 8 Dec 2014 13:52:07 +0000 (14:52 +0100)]
debian: Use ifquery for finding the interfaces in init script.
When using interfaces.d/<foobar>, interfaces are not picked up.
Let ifquery figure out the format of the interfaces files for us.
Signed-off-by: Jan Vansteenkiste <jan@vstone.eu>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Alex Wang [Tue, 23 Dec 2014 22:15:44 +0000 (14:15 -0800)]
Warn the free of 'recirc_id' by wrong 'ofproto'.
Issues a ERR log when the 'recirc_id' is not freed by the
owning 'ofproto'.
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>
Alex Wang [Wed, 17 Dec 2014 02:47:27 +0000 (18:47 -0800)]
recirculation: Map recirc_id to ofproto_dpif.
After commit
0c7812e5e (recirculation: Do not drop packet when
there is no match from internal table.), if flow keys are modified
before the recirculation action (e.g. set vlan ID), the miss
handling of recirc'ed packets may not reach the intended
'ofproto_dpif' which has rules looking up the 'recirc_id's,
causing drops.
This commit adds an unittest that captures this bug. Moreover,
to solve this bug, this commit checks mapping between 'recirc_id'
and the corresponding 'ofproto_dpif', and makes sure that the
miss handling of recirc'ed packets are done with the correct
'ofproto_dpif'.
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
Alex Wang [Fri, 5 Dec 2014 22:02:53 +0000 (14:02 -0800)]
tunnel: Recreate tunnel port only when the netdev status change.
On current master, the 'struct tnl_port' in tunnel module will be
recreated whenever the global connectivity sequence number changes
(e.g. when adding unrelated flow). This is unnecessary and could
cause drop of tunnel packet if a lookup happens between the removal
and recreate.
This commit fixes the above issue by only checking the netdev's own
sequence number.
Found by code inspection.
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>
Alex Wang [Sat, 13 Dec 2014 04:51:58 +0000 (20:51 -0800)]
recirculation: Do not drop packet when there is no match from
internal table.
In current recirculation implementation, the flow misses (with
'recirc_id' set) are always looked up on the receiving bridge's
internal flow table. However, the bond port may actually reside
on another bridge which gets connected to the receiving bridge
via patch port. Since the recirculation rules are pushed to the
other bridge's internal table, the flow lookup on the receiving
bridge will match nothing but the drop rule, causing unexpected
packet drops.
This commit fixes the above bug via keeping lookup the misses
(with 'recirc_id' set) in default table (table 0) and processing
it until reaching the bridge that owns the bond port. Then,
the misses can hit the post recirculation flows as expected.
VMware-BZ:
1362178
Reported-by: Ansis Atteka <aatteka@nicira.com>
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>
Joe Stringer [Fri, 5 Dec 2014 00:05:33 +0000 (16:05 -0800)]
util: Fix include for htonl().
Commit
526a7c85d11dc "util: Add be32_prefix_mask()." added an include for
byte-order.h into util.h, which could cause link failures if users of
libopenvswitch defined their own version of htonll(). Change the
include, as only htonl() is needed and arpa/inet.h provides this.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Justin Pettit [Thu, 4 Dec 2014 05:29:04 +0000 (21:29 -0800)]
Prepare for 2.3.2.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Justin Pettit [Thu, 4 Dec 2014 05:26:32 +0000 (21:26 -0800)]
Set release dates for 2.3.1.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Niels van Adrichem [Tue, 7 Oct 2014 15:04:13 +0000 (15:04 +0000)]
BFD: Decreasing minimal transmit and receive interval
I found the BFD transmit interval was lowerbounded by the default value
without warning, although documentation does not consider a lowerbound.
Testing has been performed with transmit and receive intervals as low as 1
ms, and although CPU overhead was effected (especially with multiple BFD
sessions such as 6 and higher), it worked well.
Signed-off-by: Niels van Adrichem <n.l.m.vanadrichem@tudelft.nl>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Pravin B Shelar [Wed, 19 Nov 2014 15:47:04 +0000 (07:47 -0800)]
datapath: compat: Fix build on RHEL 6.6
Reported-by: Wang Sheng-Hui <shhuiw@gmail.com>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Jarno Rajahalme [Tue, 11 Nov 2014 23:50:51 +0000 (15:50 -0800)]
util: Add be32_prefix_mask().
Shifting a 32-bit entity by 32 bits is undefined behavior. As we have 2
cases where we may hit this, it is a time to introduce a helper for
this.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Ben Pfaff [Tue, 11 Nov 2014 20:44:39 +0000 (12:44 -0800)]
tests: Fix expected output for group features test.
Commit
f6d23392d19db (ofproto: Fix supported group types.) fixed a bug in
the group features code but added the wrong expected output to a test case.
This fixes the expected output for the test case.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Tue, 11 Nov 2014 20:40:52 +0000 (12:40 -0800)]
ofproto-dpif-rid: Fix memory leak.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Shu Shen [Tue, 11 Nov 2014 00:35:08 +0000 (16:35 -0800)]
ofproto: Fix supported group types.
Previously the types field is uninited and leds to no supported type
being reported in OFPMP_GROUP_FEATURES message.
Signed-off-by: Shu Shen <shu.shen@radisys.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Flavio Leitner [Thu, 6 Nov 2014 18:50:06 +0000 (16:50 -0200)]
rhel: Fix tunnel port ifup/ifdown failure.
The tunnel port is invisible to the OS, so there is
no reason to call OTHERSCRIPT in the ifup/ifdown scripts.
Signed-off-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Pravin B Shelar [Mon, 3 Nov 2014 16:55:12 +0000 (08:55 -0800)]
datapath: Fix compat checks for ipv6_skip_exthdr()
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Pravin B Shelar [Wed, 29 Oct 2014 09:45:48 +0000 (02:45 -0700)]
datapath: Convert dp rcu read operation to locked operations
dp read operations depends on ovs_dp_cmd_fill_info(). This API
needs to looup vport to find dp name, but vport lookup can
fail. Therefore to keep vport reference alive we need to
take ovs lock.
Found by code inspection.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>
Motonori Shindo [Tue, 4 Nov 2014 16:12:18 +0000 (01:12 +0900)]
netflow: Fix interpretation of flow_seq.
'flow_seq" field in NetFlow v5 header should represent a number of NetFlow
flow records exported while it is representing the number of NetFlow
packets exported in the current code. This patch fixes this problem.
Signed-off-by: Motonori Shindo <motonori@shin.do>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Joe Stringer [Fri, 31 Oct 2014 21:05:46 +0000 (14:05 -0700)]
odp-util: Fix segfault in MPLS attribute parsing.
Just because the ethertype is MPLS, this doesn't mean that the datapath
understands and provides OVS_KEY_ATTR_MPLS attributes for the flow.
Previously we would check the size of the OVS_KEY_ATTR_MPLS attribute
before checking whether the attribute is present. This would cause a
segfault in nl_attr_get_size(), usually triggered from a handler thread.
This patch brings the MPLS parsing code more in line with the rest of
the parse_l2_5_onward() function, by only processing MPLS if the
attribute is present.
Reported-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Joe Stringer [Thu, 30 Oct 2014 20:33:02 +0000 (13:33 -0700)]
ofproto: Take locks before calling classifier_count().
Commit
635e5bf55b (ofproto: Warn about excessive rule counts in OpenFlow
tables.) introduced an access of classifier_count() without taking the
corresponding locks first.
Found by clang.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Simon Horman [Fri, 31 Oct 2014 08:14:47 +0000 (17:14 +0900)]
ofp-print-ofctl: Free group buckets.
Found by inspection using make check-valgrind.
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Pravin B Shelar [Mon, 20 Oct 2014 23:13:04 +0000 (16:13 -0700)]
datapath: Use upstream ipv6_find_hdr().
ipv6_find_hdr() already fixed in newer upstram kernel by Ansis, we
can start using this API safely.
This patch also backports fix (ipv6: ipv6_find_hdr restore prev
functionality) to compat ipv6_find_hdr().
CC: Ansis Atteka <aatteka@nicira.com>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>
Pravin B Shelar [Tue, 21 Oct 2014 21:20:42 +0000 (14:20 -0700)]
datapath: net: make skb_gso_segment error handling more robust
skb_gso_segment has three possible return values:
1. a pointer to the first segmented skb
2. an errno value (IS_ERR())
3. NULL. This can happen when GSO is used for header verification.
However, several callers currently test IS_ERR instead of IS_ERR_OR_NULL
and would oops when NULL is returned.
Note that these call sites should never actually see such a NULL return
value; all callers mask out the GSO bits in the feature argument.
However, there have been issues with some protocol handlers erronously not
respecting the specified feature mask in some cases.
It is preferable to get 'have to turn off hw offloading, else slow' reports
rather than 'kernel crashes'.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Pravin B Shelar [Fri, 17 Oct 2014 22:02:27 +0000 (15:02 -0700)]
datapath: fix a use after free
pskb_may_pull() called by arphdr_ok can change skb->data, so put the arp
setting after arphdr_ok to avoid the use the freed memory
Fixes:
0714812134d7d ("openvswitch: Eliminate memset() from flow_extract.")
Cc: Jesse Gross <jesse@nicira.com>
Cc: Eric Dumazet <edumazet@google.com>
Signed-off-by: Li RongQing <roy.qing.li@gmail.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
arphdr_ok() was not done on branch-2.3, so backported whole fix
as part of this patch.
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Pravin B Shelar [Mon, 13 Oct 2014 09:02:44 +0000 (02:02 -0700)]
datapath: compat: Fix compilation 3.11
Kernel 3.11 is only kernel where GRE APIs are available but
not vxlan. Add check for vxlan xmit to detect this case.
Reported-by: Dave Benson <dbenson@verdantnetworks.com>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>
Andy Zhou [Fri, 10 Oct 2014 21:20:36 +0000 (14:20 -0700)]
ovsdb: bond_active_salve column's value should be durable when database restarts
According to RFC 7047, 'ephemeral' annotation does not guarantee
the values to be durable. This fix Removes this annotation.
VMware-BZ:
1332235
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>
Alex Wang [Thu, 9 Oct 2014 08:23:37 +0000 (08:23 +0000)]
ovs-vswitchd: Fix high cpu utilization when acquire idl lock fails.
When ovs-vswitchd fails to acquire the ovsdb idl lock (either due to
contention or due to invalid database path), ovs-vswitchd will spin
on the global connectivity sequence number and consume 100% cpu.
This is in that the local copy is different to the global sequence
number and never updated when ovsdb idl is not locked.
To fix this issue, this commit makes ovs-vswitchd not checking the
global connectivity sequence number in that situation.
Reported-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Gurucharan Shetty [Mon, 6 Oct 2014 17:04:26 +0000 (10:04 -0700)]
ovs-vswitchd.at: Port tests to run successfully on Windows.
It is a little tricky to implement "$!" with unit tests on Windows.
This commit changes the tests so that it works both on Windows
and Linux.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>
Alex Wang [Thu, 2 Oct 2014 02:44:47 +0000 (02:44 +0000)]
ovs-vswitchd.at: Add test for switch over to another ovs-vswitchd.
Test the switch over to inactive ovs-vswitchd process when user
kill the currently active ovs-vswitchd.
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>
YAMAMOTO Takashi [Wed, 1 Oct 2014 05:00:36 +0000 (14:00 +0900)]
ovs-vswitchd.at: Fix "start additional ovs-vswitchd process" test
NetBSD implementation of wc command outputs extra whitespaces
like the following. Tweak the test to success on such environments.
% echo hoge|wc -l|hexdump -C
00000000 20 20 20 20 20 20 20 31 0a | 1.|
00000009
%
The failing test was introduced by
commit
6bef3c7ca859f208239ca61ec3b25c09a3571553
("bridge: Fix high cpu utilization.")
Signed-off-by: YAMAMOTO Takashi <yamamoto@valinux.co.jp>
Acked-by: Joe Stringer <joestringer@nicira.com>
Alex Wang [Tue, 30 Sep 2014 20:46:22 +0000 (13:46 -0700)]
bridge: Fix high cpu utilization.
When there are more than one ovs-vswitchd processes started,
only one process is enabled. The disabled processes should
just sleep. However, a bug in ovs makes the disabled processes
keep waking up on global connectivity sequence number which is
never sync'ed. Consequently, those processes use 100% cpu.
This commit fixes the bug by always sync up the connectivity
sequence number for disabled processes.
Reported-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>
Alex Wang [Thu, 9 Oct 2014 07:02:07 +0000 (00:02 -0700)]
rhel7: Fix rpm install failure.
When trying to install the kernel module rpm built for RHEL7,
the install failed with following conflicts:
# rpm -i kmod-openvswitch-2.3.1-1.el7.x86_64.rpm
file /lib/modules/3.10.0-123.8.1.el7.x86_64/modules.devname
from install of kmod-openvswitch-2.3.1-1.el7.x86_64 conflicts
with file from package kernel-3.10.0-123.8.1.el7.x86_64
file /lib/modules/3.10.0-123.8.1.el7.x86_64/modules.softdep
from install of kmod-openvswitch-2.3.1-1.el7.x86_64 conflicts
with file from package kernel-3.10.0-123.8.1.el7.x86_64
Similar issue has already been reported and solved here:
https://bugzilla.redhat.com/show_bug.cgi?id=
1003267
This commit applies the solution in the link to ovs.
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Gurucharan Shetty <gshetty@nicira.com>
Pravin B Shelar [Tue, 7 Oct 2014 14:33:52 +0000 (07:33 -0700)]
datapath: Add backport for iptunnel_xmit.
Missed during backport of "datapath: Add support for RHEL-7 /
CentOS-7 kernel."
Reported-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Jarno Rajahalme [Mon, 6 Oct 2014 21:12:57 +0000 (14:12 -0700)]
lib/meta-flow: Index correct MPLS lse in mf_is_all_wild().
Should index the first lse for all parts of the lse (label, TC, BOS).
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Andy Zhou [Sun, 5 Oct 2014 06:35:30 +0000 (23:35 -0700)]
bridge: Keep bond active slave selection across OVS restart
Whenever OVS restarts, it pseudo-randomly picks an interface
of a bond port to be the active slave. This can cause traffic
disruption in case the upstream switch does not support LACP, or
in case of multi-chassis switches that do not support mLACP.
This patch helps the situation by always record the last active
slave into ovsdb. When OVS restarts, the stored last active slave
has the highest priority to be selected again. In case this interface
is available, due to configuration changes or being offline, OVS then
consider other interfaces with the bond as it does today.
In a nutshell, this patch makes the active slave selection stickier
across OVS restart.
VMware-BZ:
1332235
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>
Pravin B Shelar [Fri, 3 Oct 2014 12:26:42 +0000 (05:26 -0700)]
datapath: Add support for RHEL-7 / CentOS-7 kernel.
This patch mostly is related to tunnel API where RHEL 7
kernel API are not in-sync with newer linux kernel API. So
extra checks are required to check for parameters of API.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jiri Benc <jbenc@redhat.com>
Pravin B Shelar [Mon, 29 Sep 2014 11:36:48 +0000 (04:36 -0700)]
datapath: Enable tunnel GSO features.
Following patch enables all available tunnel GSO features for OVS
bridge device so that ovs can use hardware offloads available to
underling device.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>
Alex Wang [Mon, 29 Sep 2014 00:54:17 +0000 (17:54 -0700)]
bridge: Skip statistics update if cannot get ovsdb config.
Commit
62c5c3e (bridge: Rate limit the statistics update.) makes
ovs try committing the statistics even if ovs failed to get ovsdb
configuration. This causes the ovs committing the NULL transaction
pointer.
To fix this issue, this commit makes ovs skip statistics update
if it cannot get ovsdb config.
VMware-BZ: #
1331308
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Simon Horman [Wed, 24 Sep 2014 12:41:02 +0000 (12:41 +0000)]
ofproto-dpif-rid: correct logic error in rid_pool_alloc_id()
When searching through the valid ids an id should
be used if is not found rather than if it is found.
It appears to me that without this change duplicate recirculation
ids may used in cases where the last recirculation id has
been allocated; selection loops back to the beginning of the pool and;
reaches a recirculation id that is still in use.
As the number of recirculation ids is currently RECIRC_ID_N_IDS = 1024 this
does not seem beyond the bounds of possibility.
I have not verified that such a scenario can actually occur. But it seems
that a likely consequence would be that some packets may be forwarded
incorrectly.
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>
Selvamuthukumar [Wed, 24 Sep 2014 16:53:13 +0000 (09:53 -0700)]
ofp-actions: Fix error code for invalid table id.
Send OFPET_BAD_INSTRUCTION/OFPBIC_BAD_TABLE_ID if table is invalid
in goto table instruction.
Signed-off-by: Selvamuthukumar <smkumar@merunetworks.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Alex Wang [Thu, 18 Sep 2014 17:49:47 +0000 (10:49 -0700)]
jsonrpc: Notify excessive sending backlog.
This commit adds a log message to notify the excessive backlog
for jsonrpc. Expectedly, this message should never be printed.
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Alex Wang [Thu, 18 Sep 2014 21:10:24 +0000 (14:10 -0700)]
bridge: Rate limit the statistics update.
When ovs is running with large topology (e.g. large number of
interfaces), the stats update to ovsdb becomes huge and normally
requires multiple run of ovsdb jsonrpc message processing loop to
consume.
To prevent the periodic stats update from backlogging in the
jsonrpc sending queue, this commit adds rate limiting logic
which only allows new update if the previous one is done.
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Acked-by: Flavio Leitner <fbl@redhat.com>
Pravin B Shelar [Tue, 23 Sep 2014 22:15:37 +0000 (15:15 -0700)]
datapath: Restore OVS_CB after skb_segment.
OVS needs to segments large skb before sending it for miss
packet handling to userspace. but skb_gso_segment uses
skb->cb. This corrupted OVS_CB which result in following panic.
[ 735.419921] BUG: unable to handle kernel paging request at
00000014000001b2
[ 735.423168] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
[ 735.445097] RIP: 0010:[<
ffffffffa05df0d7>] [<
ffffffffa05df0d7>] ovs_nla_put_flow+0x37/0x7c0 [openvswitch]
[ 735.468858] Call Trace:
[ 735.470384] [<
ffffffffa05d7ec2>] queue_userspace_packet+0x332/0x4d0 [openvswitch]
[ 735.471741] [<
ffffffffa05d8155>] queue_gso_packets+0xf5/0x180 [openvswitch]
[ 735.481862] [<
ffffffffa05da9f5>] ovs_dp_upcall+0x65/0x70 [openvswitch]
[ 735.483031] [<
ffffffffa05dab81>] ovs_dp_process_packet+0x181/0x1b0 [openvswitch]
[ 735.484391] [<
ffffffffa05e2f55>] ovs_vport_receive+0x65/0x90 [openvswitch]
[ 735.492638] [<
ffffffffa05e5738>] internal_dev_xmit+0x68/0x110 [openvswitch]
[ 735.495334] [<
ffffffff81588eb6>] dev_hard_start_xmit+0x2e6/0x8b0
[ 735.496503] [<
ffffffff81589847>] __dev_queue_xmit+0x3c7/0x920
[ 735.499827] [<
ffffffff81589db0>] dev_queue_xmit+0x10/0x20
[ 735.500798] [<
ffffffff815d3b60>] ip_finish_output+0x6a0/0x950
[ 735.502818] [<
ffffffff815d55f8>] ip_output+0x68/0x110
[ 735.503835] [<
ffffffff815d4979>] ip_local_out+0x29/0x90
[ 735.504801] [<
ffffffff815d4e46>] ip_queue_xmit+0x1d6/0x640
[ 735.507015] [<
ffffffff815ee0d7>] tcp_transmit_skb+0x477/0xac0
[ 735.508260] [<
ffffffff815ee856>] tcp_write_xmit+0x136/0xba0
[ 735.510829] [<
ffffffff815ef56e>] __tcp_push_pending_frames+0x2e/0xc0
[ 735.512296] [<
ffffffff815e0593>] tcp_sendmsg+0xa63/0xd50
[ 735.513526] [<
ffffffff81612c2c>] inet_sendmsg+0x10c/0x220
[ 735.516025] [<
ffffffff81566b8c>] sock_sendmsg+0x9c/0xe0
[ 735.518066] [<
ffffffff81566d41>] SYSC_sendto+0x121/0x1c0
[ 735.521398] [<
ffffffff8156801e>] SyS_sendto+0xe/0x10
[ 735.522473] [<
ffffffff816df5e9>] system_call_fastpath+0x16/0x1b
Reported-by: Andy Zhou <azhou@nicira.com>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>
Alex Wang [Mon, 22 Sep 2014 22:34:12 +0000 (15:34 -0700)]
ovs-pki: Use SHA-1 instead of SHA-512 as message digest.
Commit
9ff33ca7 (ovs-pki: Use SHA-512 instead of MD5 as message
digest.) changes the message digest algorithm to SHA-512. This
seems to break the unit tests on some xenserver 5.6/6.0 builds
causing the error: "SSL_connect: error:
0D0C50A1:asn1 encoding
routines:ASN1_item_verify:unknown message digest algorithm".
As a solution, this commit changes the message digest algorithm
to SHA-1 which works for both the above xenserver builds and
centos 7.
VMware-BZ: #
1304530
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Ethan Jackson [Wed, 17 Sep 2014 20:22:14 +0000 (13:22 -0700)]
ofproto: Warn about excessive rule counts in OpenFlow tables.
Frequently we've run into controller bugs which result in hundreds of
thousands, or even millions of rules being installed in an OpenFlow
table. This isn't something trouble-shooters naturally think of to
check for, so it's nice to have a low rate warning message to hint at
the potential problem.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Gurucharan Shetty [Thu, 11 Sep 2014 16:35:10 +0000 (09:35 -0700)]
debian: Don't depened on $RUNLEVEL at startup to create bridges.
Commit
b2a0daa5bd (debian: Don't recreate bridges during manual restart.)
added a check on $RUNLEVEL to only create bridges and ports when the
system starts up. This fix does not work with systemd.
This commit uses a different approach to solve the same problem.
Reported-at: https://bugs.debian.org/686518
Reported-by: Philipp S. Schmidt <phils@in-panik.de>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Tested-by: Philipp S. Schmidt <phils@in-panik.de>
Gurucharan Shetty [Fri, 11 Jul 2014 21:50:50 +0000 (14:50 -0700)]
debian: Automatically start openvswitch before first invocation of ovs-vsctl.
In the 'interfaces' file, if an admin adds the openvswitch interface
in 'auto', ifupdown will try to create OVS interfaces even before
openvswitch has started. In a case like that, assume that the admin
knows what he is doing and try to start openvswitch.
The negatives I see are
1. /usr is NFS mounted, in which case expect the admin
to mount it through initramfs.
2. syslog through network may not be accessible.
This is similar to what rhel does with commit
602453000e28ec10
(rhel: Automatically start openvswitch service before bringing an ovs
interface up or down)
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Joe Stringer [Thu, 11 Sep 2014 14:04:52 +0000 (11:04 -0300)]
tests: Remove extraneous parenthesis from test name.
This could cause configuration failure on earlier versions of autoconf.
Reported-by: Lin Shaopeng <slin0209@gmail.com>
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Thomas Graf [Thu, 11 Sep 2014 14:04:51 +0000 (11:04 -0300)]
build: Allow building with autoconf 2.63
Reduces the dependency on autoconf from 2.64 to 2.63 to ease building
on older platforms. There is only a few macros missing and they can
be provided easily.
A handful of tests needed modification. The difference in quoting
behaviour between 2.63 and later require the m4_define() to be
manually unfolded.
The Debian control file is left untouched on purpose. The decision
whether to adjust the dependency is left to the respective maintainers.
Tested with autoconf 2.63 and 2.69.
Cc: Scott Mann <smann@noironetworks.com>
Cc: Don Kehn <dkehn@noironetworks.com>
Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Pravin B Shelar [Wed, 25 Sep 2013 01:42:43 +0000 (18:42 -0700)]
datapath: Backport __ip_select_ident() function
definition of __ip_select_ident() changed in newer kernel and
it is backported to stable kernel, Therefore adding configure
check to detect the new function.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>
projects / cascardo / ovs.git / log