git.cascardo.eti.br Git - cascardo/ovs.git/log

vlog: Rename the currently used term 'facility' as 'destination'.

In OVS, we currently use the term 'facility' to mean the place
where we log (syslog, console or file). In Linux's syslog() and
rfc5424, the term 'facility' is used to specify what type of program
is logging the message (e.g: LOG_DAEMON). This causes confusion
while reading vlog's code. This commit changes the term 'facility'
to 'destination'.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

dpif-netdev: Fix rare flow add race condition.

Before this patch, dp_netdev_flow_add() inserted newly minted flows in
the "flow_table" cmap before inserting them into the per core "dpcls"
classifier. Since dpcls_insert() initializes 'flow->cr.mask', there's
a brief window where the flow is accessible from the cmap, but has a
bogus mask value.

In my testing, under rare instances (i.e. once every 20 minutes with a
very specific flow table and traffic pattern), revalidators core dump
when they call dpif_netdev_flow_dump_next(), which accesses this bogus
mask value from dp_netdev_flow_to_dpif_flow().

By inserting into the per core classifier before the cmap, all the
values are guaranteed to be initialized during flow dumps. With this
patch, I can no longer reproduce the crash.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

tests: Make test independent of the hash function.

Otherwise compiling with -msse4.2 (or -march=native on a SSE4.2
capable CPU) will produce a test failure due to the CRC32-based hash
function being different from mhash.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ovs-dpctl: Minor manpages fixes.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

odp-util: Reuse standard delimiters.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

SECURITY.md: LTS branches triggers version release

The release cycle is in order of months currently, so when a
security fix is applied to LTS (long-term support) branches,
it is recommended to release a new version.

The idea is to keep the latest LTS tarball less vulnerable.

Signed-off-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

SECURITY.md: disclosure date can be negotiated

Stakeholders might need extra time to provide the update,
so let's leave it open to negotiate case by case with the
final word on the Open vSwitch security team's hands. A
default policy is provided as a reference.

Signed-off-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

SECURITY.md: contributors must agree to confidentiality

There is no point in having the special process if a
contributor refuses or doesn't agree with the
confidentiality terms.

Signed-off-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

INSTALL.md: Split building steps to allow refs

There are other parts of the document that needs to
reference some building steps. Instead of copying
and explaining again, this patch splits the building
section in three sections that can be referenced.

Signed-off-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Thomas Graf <tgraf@noironetworks.com>

travis: Update build matrix to include latest stable kernels

Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

datapath: Account for new flags args of vxlan_sock_add()

The upstream commit 359a0ea
("vxlan: Add support for UDP checksums (v4 sending, v6 zero csums)")
has introduced a new flags argument to vxlan_sock_add().

OVS does not pass any flags at this point, thus specyfing 0 will be
compatible with both the old ipv6 bool and the new u32 flags argument.

Upstream: 359a0ea ("vxlan: Add support for UDP checksums (v4 sending, v6 zero csums)")
Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

datapath: replace remaining users of arch_fast_hash with jhash

This patch effectively reverts commit 500f80872645 ("net: ovs: use CRC32
accelerated flow hash if available"), and other remaining arch_fast_hash()
users such as from nfsd via commit 6282cd565553 ("NFSD: Don't hand out
delegations for 30 seconds after recalling them.") where it has been used
as a hash function for bloom filtering.

While we think that these users are actually not much of concern, it has
been requested to remove the arch_fast_hash() library bits that arose
from [1] entirely as per recent discussion [2]. The main argument is that
using it as a hash may introduce bias due to its linearity (see avalanche
criterion) and thus makes it less clear (though we tried to document that)
when this security/performance trade-off is actually acceptable for a
general purpose library function.

Lets therefore avoid any further confusion on this matter and remove it to
prevent any future accidental misuse of it. For the time being, this is
going to make hashing of flow keys a bit more expensive in the ovs case,
but future work could reevaluate a different hashing discipline.

[1] https://patchwork.ozlabs.org/patch/299369/
[2] https://patchwork.ozlabs.org/patch/418756/

Upstream: 8754589 ("net: replace remaining users of arch_fast_hash with jhash")
Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

datapath: introduce rtnl ops stub

This stub now allows userspace to see IFLA_INFO_KIND for ovs master and
IFLA_INFO_SLAVE_KIND for slave.

Upstream: 5b9e7e16 ("openvswitch: introduce rtnl ops stub")
Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

datapath: move vlan pop/push functions into common code

So it can be used from out of openvswitch code.
Did couple of cosmetic changes on the way, namely variable naming and
adding support for 8021AD proto.

Note on backwards compatability:
Unlike the upstream version, the backport of skb_vlan_push() does not
support translating a hardware accelerated 8021AD tag to software.
This is not a problem though as it preserves existing behaviour.

Upstream: 93515d53 ("net: move vlan pop/push functions into common code")
Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

datapath: move make_writable helper into common code

note that skb_make_writable already exists in net/netfilter/core.c
but does something slightly different.

Upstream: e219512 ("net: move make_writable helper into common code")
Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

datapath: Add __vlan_insert_tag() compat helper if not available

Since older kernels do not have skb->vlan_proto, it is assumed that
kernels which don't provide their own __vlan_insert_tag() will also
not have skb->vlan_proto. The backwards compat function therefore
only supports ETH_P_8021Q as the protocol type.

Upstream: 15255a43 ("vlan: introduce __vlan_insert_tag helper which does not free skb")
Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

datapath: Account for rename to vlan_insert_tag_set_proto()

__vlan_put_tag() was renamed to vlan_insert_tag_set_proto() with
the argument list kept intact.

Upstream: 62749e ("vlan: rename __vlan_put_tag to vlan_insert_tag_set_proto")
Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

SECURITY: New document describing proposed security process for OVS.

Open vSwitch needs some kind of process for handling vulnerabilities. So
far, we've been pretty lucky that way, but it can't last forever, and I
think we'll be better off if we have at least the outline of an established
process whenever a significant vulnerability comes along. Here's my draft
of a process based on the documentation of the OpenStack process at
https://wiki.openstack.org/wiki/Vulnerability_Management.

I don't have a lot of experience with this kind of thing myself, so I'd
appreciate critical review from anyone who does.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Reviewed-by: Flavio Leitner <fbl@redhat.com>
Acked-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Thomas Graf <tgraf@noironetworks.com>

miniflow: Use 64-bit data.

So far the compressed flow data in struct miniflow has been in 32-bit
words with a 63-bit map, allowing for a maximum size of struct flow of
252 bytes.  With the forthcoming Geneve options this is not sufficient
any more.

This patch solves the problem by changing the miniflow data to 64-bit
words, doubling the flow max size to 504 bytes.  Since the word size
is doubled, there is some loss in compression efficiency.  To counter
this some of the flow fields have been reordered to keep related
fields together (e.g., the source and destination IP addresses share
the same 64-bit word).

This change should speed up flow data processing on 64-bit CPUs, which
may help counterbalance the impact of making the struct flow bigger in
the future.

Classifier lookup stage boundaries are also changed to 64-bit
alignment, as the current algorithm depends on each miniflow word to
not be split between ranges.  This has resulted in new padding (part
of the 'mpls_lse' field).

The 'dp_hash' field is also moved to packet metadata to eliminate
otherwise needed padding there.  This allows the L4 to fit into one
64-bit word, and also makes matches on 'dp_hash' more efficient as
misses can be found already on stage 1.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

hash: Add hash_add64().

Add support for adding 64-bit words to hashes. This will be used by
subsequent patches.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

hash: Make basis of hash_words64() 32 bits.

The basis of hash_words64() was 64 bits, even when the hash value is
32 bits, thus confusing the domain and the range of the function.
This patch fixes this by making the basis an uint32_t.

Suggested-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>

ofproto-dpif: Do not allow recirc_id freed by non-owning ofproto.

This commit changes the VLOG_ERR (for warning unmatched ofproto)
in ofproto_dpif_free_recirc_id() to an assert statement, so that
recirc_id is never allowed to be freed by non-owning ofproto.

Suggested-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ofproto: Don't count hidden rules in table stats.

The hidden rules created by in-band control and fail-open should not be
included in the table stats reported via OpenFlow. I seem to recall that
this was done correctly in some previous version but it has broken since
then. This commit fixes the problem and adds a test that should make it
harder to break again in the future.

Reported-by: Ashok Chippa <a.n.chippa@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

datapath: Consistently include VLAN header in flow and port stats.

Until now, when VLAN acceleration was in use, the bytes of the VLAN header
were not included in port or flow byte counters. They were however
included when VLAN acceleration was not used. This commit corrects the
inconsistency, by always including the VLAN header in byte counters.

Previous discussion at
http://openvswitch.org/pipermail/dev/2014-December/049521.html

Already committed to upstream Linux netdev tree as
24cc59d1ebaac54d933dc0b30abcd8bd86193eef.

Reported-by: Motonori Shindo <mshindo@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Reviewed-by: Flavio Leitner <fbl@sysclose.org>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

datapath-windows: set the nlBuf tail properly

Move the the tail of the netlink buffer accordingly to the input data.
Currently _MapFlowStatsToNlStats overrides the netlink header information.

Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath-windows: Add a WFP system provider

This patch was enforced by the WHCK logo testing. In order to pass the
Windows Filtering Platform tests we need to add a persistent system
provider.

Signed-off-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-at: https://github.com/openvswitch/ovs-issues/issues/65
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovs-command-compgen: Avoid using GNU sed extensions.

This commit changes '\?' to '\{0,1\}' to avoid using GNU
sed extension.

Found by using the script in FreeBSD.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

vagrant: Provide basic Vagrantfile

This is a basic Vagrantfile which compiles and provisions the local OVS
source tree in a Fedora 20 VM. The Vagrantfile.in can be extended to
support additional distributions.

To use this Vagrantfile:
1. Install Vagrant plus a compatible hypervisor
2. Run configure to translate Vagrantfile.in to Vagrantfile
3. Run `vagrant up` to create & provision the VM
4. Run `vagrant ssh` to log into the VM

Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Acked-by: Kyle Mestery <mestery@mestery.com>

travis: support versioning of DPDK and options to specify git repo and tag

Use DPDK_VER to specify the version of DPDK, and DPDK_GIT to specify
the URL of the DPDK git repository.

Both flags require "DPDK=1" and "--with-dpdk" shall no longer be
specified as part of "OPTS" environment.

Example uses:

- skip both flags to use v1.7.1 tarball from dpdk.org as before:
    KERNEL=3.17.4 DPDK=1

- specify DPDK_VER only to use a version of tarball from dpdk.org:
    KERNEL=3.17.4 DPDK=1 DPDK_VER=1.7.1

- specify both DPDK_VER and DPDK_GIT to check out the tag "v$DPDK_VER"
  from the git repository "$DPDK_GIT":
    KERNEL=3.18 DPDK=1 DPDK_VER=1.7.1sp1 DPDK_GIT=https://github.com/shushen/dpdk

Signed-off-by: Shu Shen <shu.shen@radisys.com>
Signed-off-by: Thomas Graf <tgraf@noironetworks.com>

FreeBSD: Fix build failure.

This commit fixes an include dependency for header ip6.h, on
FreeBSD. Without this commit, the gmake of ovs master on
FreeBSD will result in the following error.

/usr/include/netinet/ip6.h:82: error: field 'ip6_src' has incomplete type
/usr/include/netinet/ip6.h:83: error: field 'ip6_dst' has incomplete type

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ofproto: Omit hidden tables from "next tables".

Hidden tables are intended to be concealed from OpenFlow, but their
presence leaked through the "next tables" and "instructions" in the OF1.3+
table features reply. This fixes the problem.

Reported-by: "Ronaldo A. Ferreira" <ronaldof@CS.Princeton.EDU>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Thomas Graf <tgraf@noironetworks.com>

gitignore: Ignore coverage data files.

Add coverage specific data files to gitignore.

Signed-off-by: Mijo Safradin <mijo@linux.vnet.ibm.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

sflow: Export OVS datapath performance counters via sFlow.

The OVS cache hit/miss counters and memory/CPU usage statistics have been
identified as important metrics when managing large deployments. This patch
allows them to be pushed periodically as part of the sFlow feed, and
represents a more efficient and scalable alternative to polling via
ovs-dpctl(1).

Signed-off-by: Neil McKee <neil.mckee@inmon.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

vtep: Document rationale for the 'switches' column in the Global table.

At first glance it wasn't obvious why there was the possibility for more
than one switch.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Gurucharan Shetty <gshetty@nicira.com>

datapath-windows: Release WFP allocated objects

Filter and sublayer WFP objects are created when the filter attach routine
is called and the tunnel filter is initialized, and they are released
in the uninitialize part. But the release part is done indirectly, through
the FwpmEngineClose function call which releases the latter objects when
the tunnel is uninitialized at filter detach.

We need to properly release the created objects and not rely that
FwpmEngineClose function does this for us, because if we decide to keep
the engine opened passed the filter detach those objects will continue to
exist.

Even though the FwpmEngineClose function releases the latter objects, we
still need this and the reason will became obvious in the next patch.

Signed-off-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath-windows: Cleanup OVS

Removed duplicate include of "Switch.h" header.
Removed useless usage of UNREFERENCED_PARAMETER macro for a
referenced parameter.
Added debug logs for dropped packets.

Signed-off-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

dpif-netdev: Add per-pmd flow-table/classifier.

This commit changes the per dpif-netdev datapath flow-table/
classifier to per pmd-thread. As direct benefit, datapath
and flow statistics no longer need to be protected by mutex
or be declared as per-thread variable, since they are only
written by the owning pmd thread.

As side effects, the flow-dump output of userspace datapath
can contain overlapping flows. To reduce confusion, the dump
from different pmd thread will be separated by a title line.
In addition, the flow operations via 'ovs-appctl dpctl/*'
are modified so that if the given flow in_port corresponds
to a dpdk interface, the operation will be conducted to all
pmd threads recv from that interface (expect for flow-get
which will always be applied to non-pmd threads).

Signed-off-by: Alex Wang <alexw@nicira.com>
Tested-by: Mark D. Gray <mark.d.gray@intel.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

ovs-numa: Refine the module.

This commit refines the ovs-numa module by eliminating
duplicated codes and exposing API for dumping the cores
on numa node.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

dpif-netdev: Add function to get pmd using core id.

This commit adds the function dp_netdev_get_pmd() which allows
users to get 'struct dp_netdev_pmd_thread' based on the core id.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

ofproto-dpif.at: Avoid using GNU sed extensions

Introduced by commit f9038ef61e0bf89bcd753b7cfd187adb112601ec.
("recirculation: Map recirc_id to ofproto_dpif.")

Signed-off-by: YAMAMOTO Takashi <yamamoto@valinux.co.jp>
Acked-by: Alex Wang <alexw@nicira.com>

Warn the free of 'recirc_id' by wrong 'ofproto'.

Issues a ERR log when the 'recirc_id' is not freed by the
owning 'ofproto'.

Signed-off-by: Alex Wang <alexw@nicira.com>

datapath: Simplify vport_send() error handling.

Today vport-send has complex error handling because it involves
freeing skb and updating stats depending on return value from
vport send implementation.
This can be simplified by delegating responsibility of freeing
skb to the vport implementation for all cases. So that
vport-send needs just update stats.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

datapath: compat: introduce ovs_iptunnel_handle_offloads()

handle offload code is replicated for different tunneling protocols
define compat function to simplify the code.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

test: Fix intermittent failure.

This commit fixes the intermittent failure of test (ofproto-dpif,
balance-tcp bonding, different recirc flow), by waiting for all
bond interfaces to be enabled.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>

recirculation: RCU postpone the free of dpif_backer_recirc_node.

This commit RCU postpones the free of 'struct dpif_backer_recirc_node',
after it is removed from the cmap. This is in that other threads may
be accessing the struct at the same time.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

recirculation: Map recirc_id to ofproto_dpif.

After commit 0c7812e5e (recirculation: Do not drop packet when
there is no match from internal table.), if flow keys are modified
before the recirculation action (e.g. set vlan ID), the miss
handling of recirc'ed packets may not reach the intended
'ofproto_dpif' which has rules looking up the 'recirc_id's,
causing drops.

This commit adds an unittest that captures this bug. Moreover,
to solve this bug, this commit checks mapping between 'recirc_id'
and the corresponding 'ofproto_dpif', and makes sure that the
miss handling of recirc'ed packets are done with the correct
'ofproto_dpif'.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

bundles: Clean up bundle commit.

This fixes ofp_bundle_commit() in two ways:

- Always remove the bundle regardless of the error condition.
- A commit of an empty bundle must be successful.

The actual commit is still not supported.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ofproto: Reject slave controllers for bundle messages.

Slave controllers are rejected for flow and port mod messages, so they
should also be rejected for bundles (that require support at least for
flow and port mod messages).

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

bundles: Reject unbundlable messages.

Reject bundle add messages containing messages that should not be
bundled.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

bundles: Reject bundle add with bad flags.

OpenFlow 1.4 states that the switch must reject a bundle add message
whose flags are different from the ones in the bundle. Do it.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

OF1.4 bundles: Verify xids.

A switch may optionally verify that the 'xid' of an added message is
the same as the 'xid' of the bundle add message itself. Do it.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

rconn: Make OF 1.4 bundle messages 'admitted'.

Use of OF 1.4 bundle messages by a controller should indicate that the
controller has decided to use the switch, hence make is_admitted_msg()
return 'true' for them.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

connmgr: Dealloc 'bundles' in ofconn_destroy().

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

datapath:compat: Fix build failure on old kernels.

Reported by Travis.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>

dpctl: Add 'get-flow' command.

This allows users to fetch a flow by giving a particular UFID.

Usage: 'ovs-dpctl get-flow ufid:<ufid>'
Usage: 'ovs-appctl dpctl/get-flow ufid:<ufid>'

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>

dpif: Shift ufid support checking up to dpif_backer.

Previously, the dpif layer was responsible for determining datapath
support for UFIDs, which resulted in all ovs-dpctl utilities
inserting/deleting flows from the datapath each time they are run.
Shift this responsibility up to the dpif_backer.

There are two users of this functionality: Revalidators check for UFID
support to request a terser dump using UFIDs, and dpif-netlink uses this
to request flow_del operations to only return the UFID/stats. The latter
case was previously hidden from revalidators, but this change makes them
aware of it, and reuses the same "udpif->enable_ufid" flag for reducing
overhead of both flow dump and flow delete.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>

odp-util: Fix UFID string parsing.

Commit 534a19b (dpctl: Add support for using UFID to add/del flows.)
introduced string parsing functions for UFIDs, but provided a broken
implementation where the upper 64 bits would be ignored, then the lower
64 bits would be read into both the lower and upper UFID positions. Fix
the implementation to read the upper bits properly.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>

odp-util: Format UFID hi/lo in correct order.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>

ofproto-dpif: Fix build failure.

Remove xlate_actions_mpls_overflow coverage counter.

Reported-by: Joe Stringer <joestringer@nicira.com>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>

datapath: Fix MPLS action validation.

Linux stack do not allow GSO for packet with multiple
encapsulations. Therefore there was check in MPLS action
validation to detect such case, But it is better to add
such check at run time to detect such cases.
Removing this check also fixes bug in action copy to no skip
multiple set actions.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Reported-by: Srinivas Neginhal <sneginha@vmware.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Bug #1367702

ofproto-dpif: Fix MPLS multiple Push pop action.

vSwitchd does not generate correct MPLS actions for multiple
MPLS push or pop action.
Datapath can handle multiple push action for in single action list.
But for after first MPLS pop it needs to recirculate packet to
refill packet key. Following patch fixes it accordingly.

Reported-by: Stefano Salsano <stefano.salsano@uniroma2.it>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Tested-by: Pier Luigi Ventre <pl.ventre@gmail.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

route-table-bsd: Update vlog.h inclusion

This fixes a build failure introduced by the recent vlog change
commit e6211adce42c28453e0004c7a3e342a3d52bb97d.
("lib: Move vlog.h to <openvswitch/vlog.h>")

Signed-off-by: YAMAMOTO Takashi <yamamoto@valinux.co.jp>
Acked-by: Thomas Graf <tgraf@noironetworks.com>

ovs-docker : Handle pre-existing fake bridges.

Signed-off-by: Paul-Emmanuel Raoul <skyper@skyplabs.net>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

revalidator: Don't delete non-existent flow.

If ukey_acquire() returns ENOENT, then it is unable to locate the ukey
corresponding to the flow and the flow has disappeared since it was
dumped. Don't bother deleting the flow in this case, as it will fail.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Thomas Graf <tgraf@noironetworks.com>

daemon-windows: Add a missing header.

Without it, the build on Windows fails.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>

dpctl: Add support for using UFID to add/del flows.

Parse "ufid:<foo>" at the beginning of a flow specification and use it
for flow manipulation if present.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ovs-docker: Add the ability to set VLANs.

For containers containing multiple ports and spawned by
orchestrators without openflow flows configured, it can be quite
useful to distinguish their traffic with vlans. This can be useful
when containers are spawned inside VMs instead of hypervisors.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Thomas Graf <tgraf@noironetworks.com>

ovs-docker: Ability to set the default gateway.

ovs-docker currently lets one add the ability to set the
IP address on an OVS interface. Ability to set the default
gateway too can be an useful addition. (orchestrators
who plan to use OVS interfaces can do this from a single
utility instead of multiple utilities)

Requested-by: Marvin Pascual <marvin@pascual.com.ph>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Thomas Graf <tgraf@noironetworks.com>

ovs-docker: Enhance documentation to handle pre-programmed interfaces.

Currently, Controllers and CMSes that integrate with Open vSwitch
after following the IntegrationGuide.md, expect to start VMs after
the underlying network infrastructure is ready. I have been asked
a few times on how to handle the same with containers. This commit
provides documentation on one way to achieve it.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Thomas Graf <tgraf@noironetworks.com>

lib: Add test for library usage

This test covers inclusion of public header files and basic usage
of the API such as vlog.

Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Acked-by: Ben Pfaff <blp@nicira.com>

lib: Move vconn.h to <openvswitch/vconn.h>

Also moves definitions for struct vconn and pvconn to the public
header. The provider interface is kept private.

Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Acked-by: Ben Pfaff <blp@nicira.com>

lib: Move vlog.h to <openvswitch/vlog.h>

A new function vlog_insert_module() is introduced to avoid using
list_insert() from the vlog.h header.

Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Acked-by: Ben Pfaff <blp@nicira.com>

lib: Expose struct ovs_list definition in <openvswitch/list.h>

Expose the struct ovs_list definition in <openvswitch/list.h>. Keep the
list access API private for now.

Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Acked-by: Ben Pfaff <blp@nicira.com>

list: Rename struct list to struct ovs_list

struct list is a common name and can't be used in public headers.

Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Acked-by: Ben Pfaff <blp@nicira.com>

lib: Expose SAT_MUT as OVS_SAT_MUL in <openvswitch/util.h>

Insted of exposing the full sat-math.h API, only the macros
used in headers is exposed through <openvswitch/util.h>

Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Acked-by: Ben Pfaff <blp@nicira.com>

lib: Move token-bucket.h to <openvswitch/token-bucket.h>

Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Acked-by: Ben Pfaff <blp@nicira.com>

lib: Expose ovs_mutex and ovsthread_once in <openvswitch/thread.h>

This picks the ovs_mutex and ovsthread_once API from lib/ovs-thread.h
and exposes it in <openvswitch/thread.h>.

Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Acked-by: Ben Pfaff <blp@nicira.com>

lib: Expose SOURCE_LOCATOR as OVS_SOURCE_LOACATOR

Required to expose headers which depend on SOURCE_LOCATOR

Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Acked-by: Ben Pfaff <blp@nicira.com>

lib: Move compiler.h to <openvswitch/compiler.h>

The following macros are renamed to avoid conflicts with other headers:
* WARN_UNUSED_RESULT to OVS_WARN_UNUSED_RESULT
* PRINTF_FORMAT to OVS_PRINTF_FORMAT
* NO_RETURN to OVS_NO_RETURN

Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ovs-command-completion: Fix unwanted whitespace.

This commit fixes unwanted whitespace in the ovs
bash completion script output.

Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>

recirculation: Do not drop packet when there is no match from
internal table.

In current recirculation implementation, the flow misses (with
'recirc_id' set) are always looked up on the receiving bridge's
internal flow table.  However, the bond port may actually reside
on another bridge which gets connected to the receiving bridge
via patch port.  Since the recirculation rules are pushed to the
other bridge's internal table, the flow lookup on the receiving
bridge will match nothing but the drop rule, causing unexpected
packet drops.

This commit fixes the above bug via keeping lookup the misses
(with 'recirc_id' set) in default table (table 0) and processing
it until reaching the bridge that owns the bond port.  Then,
the misses can hit the post recirculation flows as expected.

VMware-BZ: 1362178

Reported-by: Ansis Atteka <aatteka@nicira.com>
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>

ovs-router: Add "ovs/route/lookup" command

This command is useful at least for testing.

Example output:
    % ovs-appctl ovs/route/lookup '10.0.0.1'
    gateway 172.17.0.254
    dev wm0
    %

Signed-off-by: YAMAMOTO Takashi <yamamoto@valinux.co.jp>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

debian: Use ifquery for finding the interfaces in init script.

When using interfaces.d/<foobar>, interfaces are not picked up.
Let ifquery figure out the format of the interfaces files for us.

Signed-off-by: Jan Vansteenkiste <jan@vstone.eu>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto: add support of OFPR_GROUP as packet-in reason for OF1.4+

When the Packet-In message is triggered by a group action, OFPR_GROUP is
passed internally as the reason. The wire_reason() function converts the
reason to OFPR_ACTION if the wire protocol is earlier than OF1.4.

The wire_reason() function also converts other unsupported reasons
(i.e., OFPR_ACTION_SET and OFPR_PACKET_OUT) to OFPR_ACTION if it detects
a wire protocol earlier than OF1.4.

By default reason code OFPR_GROUP for Packet-In will be enabled for
async messages as in ofconn_flush(). Upon a connection being established
with a controller, the protocol version is checked and OFPR_GROUP will
be disabled in async config if the protocol is lower than OF1.4. Any
controller running OF1.4+ is still be able to enable OFPR_GROUP at its
will without being affected by this check.

The patch also includes tests cases for both OF1.3 and OF1.4 to ensure
proper reason code is given for packet-in message triggered by group
action.

Signed-off-by: Shu Shen <shu.shen@radisys.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

vtep: Add codeblocks for example commands in README.ovs-vtep.md.

Signed-off-by: Robert Åkerblom-Andersson <Robert.nr1@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath-windows: return bool from NlFillOvs[Msg/Hdr]

Per review comment, in this patch, we update the return values of
NlFillOvsMsg() and NlFillOvsHdr() from NTSTATUS to BOOLEAN to make them
consistent with the Nl* functions.

Signed-off-by: Nithin Raju <nithin@vmware.com>
Acked-by: Eitan Eliahu <eliahue@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath-windows: refactor BuildReplyMsgFromMsgIn & BuildErrorMsg

In this patch, we consolidate code in Netlink.c.

Signed-off-by: Nithin Raju <nithin@vmware.com>
Acked-by: Eitan Eliahu <eliahue@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

dpif: Use DPIF_FP_MODIFY for feature probes.

If ovs-vswitchd is killed at the right time, then a probe flow may be
left in the datapath. This commit adds the DPIF_FP_MODIFY flag to
feature probes so that re-creating the same probe flow will not cause an
error.

These flow_put flags were previously changed in commit a7d1bbdcfe49e8
("ofproto-dpif: Use DPIF_FP_CREATE but not DPIF_FP_MODIFY."), despite
the commit message addressing a different case.

Suggested-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

dpif: Refactor datapath feature detection.

Various functions in ofproto-dpif and dpif-netlink detect support for
features in very similar ways. Refactor their common code to a single
function.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

dpif: Don't initialize output UFID in dpif_flow_get().

The UFID parameter to dpif_flow_get() is optional, but the current
implementation dereferences it to initialize part of the output flow.
This field is filled in by the dpif implementation, so don't initialize
it here.

This does not fix any existing bug because every caller currently passes
in a UFID. The next patch will introduce the first call to
dpif_flow_get() that doesn't provide a UFID, which would break without
this change.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

route-table-bsd: Add some DBG logs

Signed-off-by: YAMAMOTO Takashi <yamamoto@valinux.co.jp>
Acked-by: Ben Pfaff <blp@nicira.com>

route-table-bsd: Provide gateway info

For userspace tunneling.

Signed-off-by: YAMAMOTO Takashi <yamamoto@valinux.co.jp>
Acked-by: Ben Pfaff <blp@nicira.com>

ovs-router: non-Linux support

Refactor ovs-router so that it can work with non-Linux platforms
at least in some extent, using the existing route-table code as
a fallback. Known restriction: for such platforms, "ovs/router/show"
command does not show "Cached" kernel routes.

Signed-off-by: YAMAMOTO Takashi <yamamoto@valinux.co.jp>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

route-table-bsd: Stop caching pid

The cache here doesn't work anymore as the recent
commit b772066ffd066d59d9ebce092f6665150723d2ad
("route-table: Remove Unregister.")
made this function called before daemonizing,
thus with a different pid.

Signed-off-by: YAMAMOTO Takashi <yamamoto@valinux.co.jp>
Acked-by: Ben Pfaff <blp@nicira.com>

datapath: Account for already defined NETIF_F_GSO_ENCAP_ALL

Relates-to: f6eec614 ("openvswitch: Enable tunnel GSO for OVS bridge.")
Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

datapath: Mark compatible with kernels up to 3.18.x

Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

datapath: Check if nla_is_last() is available in <net/netlink.h>

nla_is_last() is not available in 3.18, it's only in net-next.
Convert to grep based to check to account for distribution backports.

Fixes: 684b5f ("datapath: Rename last_action() as nla_is_last() and move to netlink.h")
Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

ovs-tcpundump: Fix typo in version message.

Signed-off-by: Eohyung Lee <liquidnuker@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

include/openvswitch/util: Add extern "C" { ... }.

Requested-by: Alan Shieh <ashieh@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Thomas Graf <tgraf@noironetworks.com>

revalidator: Fix access of uninitialized memory.

Commit 64bb477 "dpif: Minimize memory copy for revalidation." introduced
a bug where the corner case of ukey creation (in revalidator threads)
could result in access to uninitialized memory when deleting flows from
the datapath. This could result in OVS aborting or deadlock. Fix it.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>