Joe Stringer [Tue, 15 Sep 2015 21:29:16 +0000 (14:29 -0700)]
Add support for connection tracking helper/ALGs.
This patch adds support for specifying a "helper" or ALG to assist
connection tracking for protocols that consist of multiple streams.
Initially, only support for FTP is included.
Below is an example set of flows to allow FTP control connections from
port 1->2 to establish active data connections in the reverse direction:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,action=ct(alg=ftp,commit),2
table=0,in_port=2,tcp,ct_state=-trk,action=ct(table=1)
table=1,in_port=2,tcp,ct_state=+trk+est,action=1
table=1,in_port=2,tcp,ct_state=+trk+rel,action=ct(commit),1
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Joe Stringer [Tue, 13 Oct 2015 18:13:10 +0000 (11:13 -0700)]
Add connection tracking label support.
This patch adds a new 128-bit metadata field to the connection tracking
interface. When a label is specified as part of the ct action and the
connection is committed, the value is saved with the current connection.
Subsequent ct lookups with the table specified will expose this metadata
as the "ct_label" field in the flow.
For example, to allow new TCP connections from port 1->2 and only allow
established connections from port 2->1, and to associate a label with
those connections:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_label)),2
table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1)
table=1,in_port=2,ct_state=+trk,ct_label=1,tcp,action=1
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Joe Stringer [Fri, 18 Sep 2015 20:58:00 +0000 (13:58 -0700)]
Add connection tracking mark support.
This patch adds a new 32-bit metadata field to the connection tracking
interface. When a mark is specified as part of the ct action and the
connection is committed, the value is saved with the current connection.
Subsequent ct lookups with the table specified will expose this metadata
as the "ct_mark" field in the flow.
For example, to allow new TCP connections from port 1->2 and only allow
established connections from port 2->1, and to associate a mark with those
connections:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_mark)),2
table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1)
table=1,in_port=2,ct_state=+trk,ct_mark=1,tcp,action=1
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Joe Stringer [Tue, 11 Aug 2015 17:56:09 +0000 (10:56 -0700)]
Add support for connection tracking.
This patch adds a new action and fields to OVS that allow connection
tracking to be performed. This support works in conjunction with the
Linux kernel support merged into the Linux-4.3 development cycle.
Packets have two possible states with respect to connection tracking:
Untracked packets have not previously passed through the connection
tracker, while tracked packets have previously been through the
connection tracker. For OpenFlow pipeline processing, untracked packets
can become tracked, and they will remain tracked until the end of the
pipeline. Tracked packets cannot become untracked.
Connections can be unknown, uncommitted, or committed. Packets which are
untracked have unknown connection state. To know the connection state,
the packet must become tracked. Uncommitted connections have no
connection state stored about them, so it is only possible for the
connection tracker to identify whether they are a new connection or
whether they are invalid. Committed connections have connection state
stored beyond the lifetime of the packet, which allows later packets in
the same connection to be identified as part of the same established
connection, or related to an existing connection - for instance ICMP
error responses.
The new 'ct' action transitions the packet from "untracked" to
"tracked" by sending this flow through the connection tracker.
The following parameters are supported initally:
- "commit": When commit is executed, the connection moves from
uncommitted state to committed state. This signals that information
about the connection should be stored beyond the lifetime of the
packet within the pipeline. This allows future packets in the same
connection to be recognized as part of the same "established" (est)
connection, as well as identifying packets in the reply (rpl)
direction, or packets related to an existing connection (rel).
- "zone=[u16|NXM]": Perform connection tracking in the zone specified.
Each zone is an independent connection tracking context. When the
"commit" parameter is used, the connection will only be committed in
the specified zone, and not in other zones. This is 0 by default.
- "table=NUMBER": Fork pipeline processing in two. The original instance
of the packet will continue processing the current actions list as an
untracked packet. An additional instance of the packet will be sent to
the connection tracker, which will be re-injected into the OpenFlow
pipeline to resume processing in the specified table, with the
ct_state and other ct match fields set. If the table is not specified,
then the packet is submitted to the connection tracker, but the
pipeline does not fork and the ct match fields are not populated. It
is strongly recommended to specify a table later than the current
table to prevent loops.
When the "table" option is used, the packet that continues processing in
the specified table will have the ct_state populated. The ct_state may
have any of the following flags set:
- Tracked (trk): Connection tracking has occurred.
- Reply (rpl): The flow is in the reply direction.
- Invalid (inv): The connection tracker couldn't identify the connection.
- New (new): This is the beginning of a new connection.
- Established (est): This is part of an already existing connection.
- Related (rel): This connection is related to an existing connection.
For more information, consult the ovs-ofctl(8) man pages.
Below is a simple example flow table to allow outbound TCP traffic from
port 1 and drop traffic from port 2 that was not initiated by port 1:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2
table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1)
table=1,in_port=2,ct_state=+trk+est,tcp,action=1
table=1,in_port=2,ct_state=+trk+new,tcp,action=drop
Based on original design by Justin Pettit, contributions from Thomas
Graf and Daniele Di Proietto.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Joe Stringer [Mon, 21 Sep 2015 23:59:01 +0000 (16:59 -0700)]
ofp-actions: Pass ofp_version to decode functions.
A future patch will make use of this version parameter to pass nested
attributes. Prepare for that by adding the parameter as an unused
variable for the existing functions.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Joe Stringer [Wed, 23 Sep 2015 01:11:36 +0000 (18:11 -0700)]
meta-flow: Rename IPv6 type to be128.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Joe Stringer [Wed, 23 Sep 2015 06:24:11 +0000 (23:24 -0700)]
types: Add big-endian 128-bit types and helpers.
These types will be used by the following patches to ensure a consistent
wire format for 128-bit connection tracking labels. Common functions for
comparison, endian translation, etc. are provided.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Joe Stringer [Thu, 24 Sep 2015 23:13:13 +0000 (16:13 -0700)]
ofp-actions: Extend reg_load parsing to >64bits.
Previously, reg_load would only understand 64-bit values passed to it.
This patch extends the parsing to handle larger fields, if they are
specified in hexadecimal. Internally they are stored as a single action,
but they are converted into multiple 64-bit modifications when
re-serialised.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Joe Stringer [Wed, 30 Sep 2015 20:54:12 +0000 (13:54 -0700)]
ofp-actions: Refactor set_field tokenization.
Combine the codepaths for splitting "set_field" and "reg_load" string
arguments into the value, key, and delimiter component. The only
user-visible change is that reg_load will now provide a more meaningful
error message when parsing input such as "reg_load:1".
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Thadeu Lima de Souza Cascardo [Tue, 29 Sep 2015 22:10:58 +0000 (19:10 -0300)]
tnl-ports: add IPv6 support
Retrieve interfaces IPv6 addresses, and store IPv4 addresses as IPv4-mapped IPv6
addresses.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Thadeu Lima de Souza Cascardo [Tue, 29 Sep 2015 22:10:57 +0000 (19:10 -0300)]
tnl-arp-cache: add IPv6 Neighbor Discovery support
Uses IPv4-mapped IPv6 addresses to store IPv4 addresses, and add support for
Neighbor Discovery snooping.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Thadeu Lima de Souza Cascardo [Tue, 29 Sep 2015 22:10:56 +0000 (19:10 -0300)]
route: support IPv6 and use IPv4-mapped addresses
This adds support for IPv6 in ovs-router and route-table. IPv4 is stored in
ovs-router using IPv4-mapped addresses.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Ben Pfaff [Tue, 13 Oct 2015 16:44:18 +0000 (09:44 -0700)]
appveyor.yml: Remove from docs.
It's not documentation.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Russell Bryant [Tue, 13 Oct 2015 13:44:53 +0000 (09:44 -0400)]
ovn-tutorial: Add more links.
Add links to several man pages. Also fix a minor typo.
Note that openvswitch.org needs to be updated as it's missing the
ovn-northd man page.
Signed-off-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Tue, 13 Oct 2015 16:10:35 +0000 (09:10 -0700)]
FAQ: Describe why OVS can't prepopulate the kernel flow table.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Ben Pfaff [Mon, 12 Oct 2015 18:27:30 +0000 (11:27 -0700)]
bridge: Coding style fix.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>
Jarno Rajahalme [Tue, 29 Sep 2015 20:38:28 +0000 (13:38 -0700)]
rstp: Properly disable an RSTP port before deleting it.
RSTP may end up referencing stale memory if a port is removed without
disabling it first.
This patch, together with the previous patch by Daniele Venturino, was
tested to resolve a crach by Daniel Swahn.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Tested-by: Daniel Swahn <daniel.swahn@clavister.com>
Daniele Venturino [Wed, 30 Sep 2015 08:49:52 +0000 (10:49 +0200)]
ofproto-dpif: Add check in rstp_run.
Check if old_root_aux and new_root_aux are null before invoking
bundle_move() on them.
Signed-off-by: Daniele Venturino <daniele.venturino@m3s.it>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Jarno Rajahalme [Sat, 10 Oct 2015 00:33:04 +0000 (17:33 -0700)]
AUTHORS: Add John Reumann.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Jarno Rajahalme [Sat, 10 Oct 2015 00:24:00 +0000 (17:24 -0700)]
meta-flow: Remove circular dependency on enum ofputil_protocol.
enum ofputil_protocol is defined in lib/ofp-util.h, which also
includes lib/meta-flow.h. We have already replaced the sets of usable
protocols in struct mf_field with uint32_t for this reason. Do the
same for the return value of mf_set().
Suggested-by: John Reumann <nofutznetworks@gmail.com>
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Pravin B Shelar [Fri, 9 Oct 2015 20:21:30 +0000 (13:21 -0700)]
datapath: Fix compilation on kernel 2.6.32
Fixes following compilation error:
CC [M] /home/travis/build/openvswitch/ovs/datapath/linux/actions.o
In file included from
/home/travis/build/openvswitch/ovs/datapath/linux/actions.c:21:0:
/home/travis/build/openvswitch/ovs/datapath/linux/compat/include/linux/skbuff.h:
In function ‘rpl_skb_postpull_rcsum’:
/home/travis/build/openvswitch/ovs/datapath/linux/compat/include/linux/skbuff.h:384:4:
error: implicit declaration of function ‘skb_checksum_start_offset’
[-Werror=implicit-function-declaration]
cc1: some warnings being treated as errors
Reported-by: Joe Stringer <joestringer@nicira.com>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>
Ansis Atteka [Fri, 2 Oct 2015 23:46:40 +0000 (16:46 -0700)]
RHEL: create /etc/openvswitch directory
This directory needs to be created by the package manager
because ovs-ctl is being invoked from SElinux openvswitch
domain that does not have enough privileges to create
directories under /etc on its own.
Without this patch Open vSwitch is not able to start under
SElinux enforcing mode (which is default on CentOS by the way).
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Ackedy-by: Kyle Mestery <mestery@mestery.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Gurucharan Shetty [Wed, 30 Sep 2015 21:18:47 +0000 (14:18 -0700)]
poll-loop: Fix a bug while finding a poll node.
When a poll_node is created, it gets either a 'fd' or
a 'wevent' (can't get both). When the poll_node is
searched for previous creations on that 'fd' or 'wevent',
the search criteria was wrong for Windows. In Windows,
when a 'fd' is received in poll_create_node, we create a
corresponding 'wevent'. So while searching for that 'fd',
we should not look for 'wevent' in the hmap_node.
Reported-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Wed, 7 Oct 2015 21:24:17 +0000 (14:24 -0700)]
ovn-controller: Add test for setting up and tearing down patch ports.
The initial plan for OVN logical routers will make more extensive use of
patch ports, so it seems like a good idea to add some tests to avoid
regressions before messing with them.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>
Ben Pfaff [Wed, 7 Oct 2015 21:29:45 +0000 (14:29 -0700)]
ovn-sbctl: Use environment var OVN_SB_DB to find the database by default.
This makes it possible to use ovn-sbctl without always typing the --db
option (outside of trivial single-machine OVN deployments).
Also modifies the testsuite to use this.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>
Ben Pfaff [Thu, 1 Oct 2015 22:08:52 +0000 (15:08 -0700)]
tests: Refactor macros so OVN databases can be initialized individually.
I want to write a test for ovn-controller without ovn-northd getting
involved.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>
Ben Pfaff [Wed, 7 Oct 2015 20:35:34 +0000 (13:35 -0700)]
ovn: Implement action to exchange two fields.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>
Ben Pfaff [Wed, 7 Oct 2015 20:42:30 +0000 (13:42 -0700)]
ovn: Implement action to copy one field into another.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>
Ben Pfaff [Fri, 2 Oct 2015 19:44:53 +0000 (12:44 -0700)]
physical: Preserve output port across multicast group output.
Otherwise actions like this would not output to the same set of ports
for each output action (the second output would only forward to the
last port from the first output action):
outport = "_MC_FLOOD"; output; output;
Obviously it's a corner case but it still seems worth implementing
correctly.
Found by inspection.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>
Ben Pfaff [Tue, 6 Oct 2015 22:52:54 +0000 (15:52 -0700)]
ovn-sb.xml: Reorganize Port_Binding documentation.
This takes advantage of column grouping and the ability to document a key
within a column.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Tue, 6 Oct 2015 19:35:09 +0000 (12:35 -0700)]
ovn-controller: Document database keys used by ovn-controller.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>
Ben Pfaff [Tue, 6 Oct 2015 20:12:36 +0000 (13:12 -0700)]
ovn-controller: Improve formatting of manpage.
First, the structure here was funny, with one <p> nested inside another,
plus a <ul> nested inside a <p>. I'm surprised that the formatter didn't
complain but at any rate it's better to avoid this structure.
Second, this <ul> seemed better off as a <dl>, so I changed it to use that
structure.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>
Russell Bryant [Tue, 6 Oct 2015 03:50:46 +0000 (04:50 +0100)]
ovn-nbctl: Split parent and tag in "show" output.
As of
779e72cc57a106251cc9e6696e8c9aabb56d30b5, localnet ports may have
the tag column set. This case does not make use of the parent column,
so output these fields independently of each other.
Signed-off-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Jiri Benc [Tue, 29 Sep 2015 22:10:55 +0000 (19:10 -0300)]
netlink: helper functions for ipv6 address in netlink attrs
[cascardo: add NL_A_IPV6, used in next patch]
Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Jiri Benc [Tue, 29 Sep 2015 22:10:54 +0000 (19:10 -0300)]
lib: Add ipv6 helper functions.
ipv6_addr_is_set is going to be used by next patches.
[cascardo: compare with in6addr_any in ipv6_addr_is_set]
[cascardo: keep only ipv6_addr_is_* functions]
Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Thadeu Lima de Souza Cascardo [Tue, 29 Sep 2015 22:09:16 +0000 (19:09 -0300)]
packets: Provide functions to work with IPv4-mapped IPv6 addresses.
Move in6_addr_set_mapped_ipv4 out of mcast-snooping code to packets.h and
provide an in6_addr_get_mapped_ipv4 function that gets the corresponding IPv4
address or the ANY address if it's not IPv4 mapped.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Gurucharan Shetty [Fri, 2 Oct 2015 15:56:36 +0000 (08:56 -0700)]
automake: Consolidate schema checksum check.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Gurucharan Shetty [Thu, 1 Oct 2015 22:09:56 +0000 (15:09 -0700)]
ovn-ctl: Ability to upgrade databases.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Gurucharan Shetty [Thu, 1 Oct 2015 22:09:55 +0000 (15:09 -0700)]
ovn-ctl, ovs-ctl: Move common code to ovs-lib.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Gurucharan Shetty [Thu, 1 Oct 2015 22:09:53 +0000 (15:09 -0700)]
ovn: Add schema versions and checksum to schema files.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Thu, 1 Oct 2015 19:41:54 +0000 (12:41 -0700)]
ovn-nbctl: Avoid minor code duplication.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>
Ben Pfaff [Thu, 1 Oct 2015 19:41:26 +0000 (12:41 -0700)]
ovn-nbctl: Minor fix for manpage.
There's no -d option, you have to use --db.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>
Russell Bryant [Thu, 1 Oct 2015 18:26:26 +0000 (14:26 -0400)]
ovn: Add an ovs-sandbox based OVN tutorial.
While working on OVN and OVN integration, I've collected a set of
scripts for quickly setting up simple test environments using
ovs-sandbox with OVN enabled. It seemed like they could be useful to
others for learning about OVN or doing quick testing.
This patch introduces an ovs-sandbox based tutorial for exploring OVN
features in a simulated environment.
Signed-off-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Russell Bryant [Thu, 1 Oct 2015 18:26:25 +0000 (14:26 -0400)]
ovn: Add VLAN support for localnet ports.
This patch makes it possible use a localnet port for connecting to a
specific VLAN on a locally accessible network. The only logical
modeling change is that it is now valid to set the "tag" field on
logical ports with a type of "localnet". Previously, the "tag" field
was only use for child ports.
We still use a single automatically created patch port between br-int
and the bridge configured to provide connectivity to a given network
(the ovn-controller bridge-mappings configuration). We use flows when
necessary to either match on VLAN ID or to add the VLAN ID before
sending the packet out.
Matching for a localnet port with a VLAN ID is done at priority 150 in
table 0, and is similar to how we match traffic from container child
ports. These cases are conceptually similar in that they're separate
logical ports on the same physical port.
Most of the code changes are due to a change in data structures. We
have to keep track of all of the localnet ports and then add flows for
them at the end. Previously this code tracked them as:
hash of localnet bindings, hased on network name
localnet bindings:
openflow port number
list of port bindings
Now we have:
hash of localnet bindings, hased on network name
localnet bindings:
openflow port number
hash of localnet vlans
localnet vlans:
VLAN ID (0 for untagged traffic)
list of port bindings
A detailed example of using localnet ports with a VLAN ID is provided in
a later patch as a part of a larger OVN tutorial.
Signed-off-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Flavio Leitner [Thu, 1 Oct 2015 22:31:09 +0000 (19:31 -0300)]
rhel: Add optional BuildRequires to libcap-ng
Commit
e91b927d8 (lib/daemon: support --user option for all OVS daemon)
added optional usage of the libcap-ng library. It's packaged in Fedora,
so go ahead and added it by default to the Fedora spec file.
Our default systemd unit files don't make use of the --user option that
requires this library, but conceivably someone may want to customize
them and use this option.
For those that don't want to use --user option, the Fedora package
offers an option (--without libcapng) to build the RPMs without it.
Signed-off-by: Flavio Leitner <fbl@redhat.com>
Acked-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Alin Serdean [Wed, 30 Sep 2015 21:16:55 +0000 (21:16 +0000)]
datapath-windows: Compute checksums for VXLAN inner packets.
Windows does not support VXLAN hardware offloading.
Currently we do not compute IP/TCP/UDP checksums for the inner packet. This
patch computes the checksums mentioned above in regards with the enabled
settings.
i.e. if IP checksum offloading is enabled for the inner packet we compute it.
The same applies for TCP and UDP packets.
This patch also revizes the computation of ones' complement over different
memory blocks, in the case the lengths are odd.
Also per documentation:
https://msdn.microsoft.com/en-us/library/windows/hardware/
ff568840%28v=vs.85%29.aspx
set the TCP flags FIN and PSH only for the last segment in the case LSO is
enabled.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Alin Serdean [Wed, 30 Sep 2015 21:04:35 +0000 (21:04 +0000)]
datapath-windows: Add file to solution.
This patch adds the file DpInternal.h to the ovsetx.sln.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Alin Serdean [Wed, 30 Sep 2015 21:00:43 +0000 (21:00 +0000)]
datapath-windows: Fix IP fragmentation
Currently in the case of IP fragmentation we send to the userspace that
the flag for the last fragment is 3 when it actually should be a value
between 0..2.
This patch fixes the problem and also uses the values used in the common
header of the datapath.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Gurucharan Shetty [Thu, 1 Oct 2015 18:01:48 +0000 (11:01 -0700)]
ovn-ctl: Remove non-existant function call.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Gurucharan Shetty [Thu, 1 Oct 2015 15:59:54 +0000 (08:59 -0700)]
ovn: Change the valid tag values.
A tag value of 0 is not used by containers running inside
VMs.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Alin Serdean [Wed, 30 Sep 2015 20:58:06 +0000 (20:58 +0000)]
datapath-windows: Update documentation
Commit ID:
7845b70384d75bd7d753648cb547be5c6c75ddca changed the hardcoded
names of 'internal' and 'external.1'.
This patch updates the documentation to accomodate the patches.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Mauricio Vásquez [Fri, 2 Oct 2015 11:23:31 +0000 (13:23 +0200)]
util: Fix definition of LIST_FOR_EACH_CONTINUE macro.
The definition of the INIT_CONTAINER macro initializes ITER to NULL,
it will cause a segmentation fault when it is deferenced on
(ITER)->MEMBER.next, then, I changed it to the ASSIGN_CONTAINER macro that
does not initialize ITER.
This does not fix any observable bug because LIST_FOR_EACH_CONTINUE is not
used anywhere.
Signed-off-by: Mauricio Vasquez B <mauricio.vasquezbernal@studenti.polito.it>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Bruce Davie [Thu, 1 Oct 2015 19:07:45 +0000 (12:07 -0700)]
vtep: add ACLs to VTEP schema
Two new tables are added to the VTEP schema, for ACL entries and
ACLs (which are groups of entries). The physical port table is modified
to allow ACLs to be associated with ports, and the logical router table
is modified to allow ACLs to be attached to logical router ports.
Signed-off-by: Bruce Davie <bdavie@vmware.com>
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Bruce Davie [Thu, 1 Oct 2015 19:07:44 +0000 (12:07 -0700)]
vtep: Document the meaning of VLAN zero for vlan_bindings
The meaning of a value of zero in the VLAN field when mapping <VLAN, port>
pairs to logical switches had not previously been specified in the VTEP
schema. It is now clarified that a value of zero refers to untagged
traffic.
Signed-off-by: Bruce Davie <bdavie@vmware.com>
Acked-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Bruce Davie [Thu, 1 Oct 2015 19:07:43 +0000 (12:07 -0700)]
vtep: fix typos
Correct a number of typos in vtep.xml
Signed-off-by: Bruce Davie <bdavie@vmware.com>
Acked-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Gurucharan Shetty [Thu, 1 Oct 2015 16:12:41 +0000 (09:12 -0700)]
ovn-ctl: Fix a function call.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Gurucharan Shetty [Thu, 1 Oct 2015 15:57:24 +0000 (08:57 -0700)]
daemon.h: Fix compilation errors on Windows.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Russell Bryant [Thu, 1 Oct 2015 15:13:06 +0000 (11:13 -0400)]
.gitignore: Add dist-docs.
Running "make dist-docs" to generate docs creates a "dist-docs"
directory that should be ignored by git.
Signed-off-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Russell Bryant [Thu, 1 Oct 2015 15:29:16 +0000 (11:29 -0400)]
Fix build when HAVE_LIBCAPNG is not defined.
The function daemon_become_new_user_linux was conditionally defined but
then used in code unconditionally. If HAVE_LIBCAPNG is not defined, the
function would never be called, but it still must exist.
Adjust the #if guard around the function to be around the body of the
function instead of outside of its definition to ensure the function is
always defined, even if empty.
This issue was introduced in
e91b927d8966bfcb9768225392324dde4fd7d7f6.
Signed-off-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Andy Zhou [Mon, 14 Sep 2015 18:06:59 +0000 (11:06 -0700)]
ovs-dev.py: add --monitor and option
Runs ovsdb-server and ovs-vswitch with --monitor option. This feature
is useful for testing daemon monitoring together with --user option.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>
Andy Zhou [Sat, 12 Sep 2015 02:10:19 +0000 (19:10 -0700)]
ovs-dev.py: add --user option
ovs-dev.py "run" command now accepts the "--user" option for running
all ovs daemons as "user". The argument can be specified in
"user[:group]" format.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>
Andy Zhou [Fri, 11 Sep 2015 23:06:50 +0000 (16:06 -0700)]
ovs-dev.py: run operational commands as root
Switch operational commands, run, kill, reset and modinst directly
or indirectly read and writes files within the RUNDIR. Currently
these commands run in the current user context, with some "sudo"
commands thrown in to ensure daemons such as ovs-vswichd will be
launched as root.
This approach works fine as long as ovs-dev.py is always
run as root, (but then the 'sudo' commands added are redundant).
When invoking ovs-dev.py as non-root, files in RUNDIR will be mixed
with root created file and non-root created files, making it confusing
to decide whether to run ovs-appctl as root or not. Multiple
invocations of ovs-dev.py as root or non-root causes permission issues
since the same file created by a different user may no longer be
accessible when user changes.
This patch improves the situation by always run those four operational
commands as root. When they are invoked as non-root, "sudo" will be
used automatically by re-run the command with sudo. VARDIR will now
always be access as root. The next patch will add --user and -u option
to allow for downgrading to running all daemons as non-root.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>
Andy Zhou [Fri, 11 Sep 2015 21:21:01 +0000 (14:21 -0700)]
ovs-dev.py: rename ROOT to RUNDIR
RUNDIR seems to be a better name.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>
Andy Zhou [Fri, 11 Sep 2015 20:34:24 +0000 (13:34 -0700)]
ovs-dev.py: allow current directory to be used as the working directory
Rather than forcing a single ovs source tree under ~/ovs, this
change supports invoking the script from the root of any
ovs source tree as the working source tree. If the script is invoked
from a directory not recognized as OVS source tree, ~/ovs will
then be used.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>
Andy Zhou [Mon, 21 Sep 2015 22:06:00 +0000 (15:06 -0700)]
dpdk: reject --user option
dpdk datapath needs to run as root. Block the --user
option for now. It is likely we will revisit this issue for possibly
supporting --user option for dpdk datapath process as well.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Andy Zhou [Fri, 11 Sep 2015 18:26:39 +0000 (11:26 -0700)]
lib/daemon: support --user option for all OVS daemon
OVS daemons can now support --user option to run as a non-root
user with less privileges.
See the manpage patch for more descriptions.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Andy Zhou [Fri, 11 Sep 2015 01:44:27 +0000 (18:44 -0700)]
configure: add configuration options for libcap-ng
Add configuration option for enabling or disabling linking with
libcap-ng. Since capabilities are a security feature, the libcapng
option is handled as follows:
- no option: use libcapng if it's present
--disable-libcapng: do not use libcapng
--enable-libcapng: do use libcapng and fail configuration if
it's missing
On Linux, not linking with libcapng makes all OVS daemons fail when
--user option is specified.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Simon Horman [Wed, 30 Sep 2015 06:44:53 +0000 (15:44 +0900)]
openflow-common: Correct Netronome vendor ID.
Due to an error on my part the Netronome vendor Id is incorrect:
the last digit should be 'd' rather than '0' as per the
Netronome IEEE OUI.
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Gurucharan Shetty [Wed, 30 Sep 2015 15:40:30 +0000 (08:40 -0700)]
Revert "poll-loop: Fix assertion in poll_create_node()."
This reverts commit
ae09fae8a6b43299a628ae0989fe2fedb924d560.
Commit
ae09fae8a6b432 caused segfaults while running unit tests
on Windows as pollfd.fd on Windows does not take negative values.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Ben Pfaff [Fri, 18 Sep 2015 22:26:28 +0000 (15:26 -0700)]
util: Generalize rightmost_1bit_idx(), leftmost_1bit_idx().
These functions could only work with 32-bit integers because of their
special cases for an argument of value 0. However, none of the existing
users depended on this special case, and some of the users did try to use
these functions with 64-bit integer arguments. Thus, this commit changes
them to support 64-bit integer arguments and drops the special cases for
zero.
This fixes a latent bug that applied rightmost_1bit_idx() to an ofpact
bitmap, which only becomes visible when an OFPACT_* with value greater than
32 is included in the bitmap.
Reported-by: Kyle Upton <kupton@baymicrosystems.com>
Reported-at: http://openvswitch.org/pipermail/dev/2015-September/060128.html
Signed-off-by: Ben Pfaff <blp@nicira.com>
Nithin Raju [Wed, 23 Sep 2015 16:15:33 +0000 (09:15 -0700)]
netlink-socket.c: event polling for packets on windows
Currently, we do busy-polling for packets on Windows. In this patch
we nuke that code and schedule an event.
The code has been tested for packet reads, and CPU utilization of
ovs-vswitchd went down drastically.
I'll send out the changes to get vport events to work in a seperate
patch.
Signed-off-by: Nithin Raju <nithin@vmware.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Nithin Raju [Wed, 23 Sep 2015 16:15:31 +0000 (09:15 -0700)]
datapath-windows: reset the IRP pointer after use in OvsQueuePackets
Signed-off-by: Nithin Raju <nithin@vmware.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Nithin Raju [Wed, 23 Sep 2015 16:15:32 +0000 (09:15 -0700)]
datapath-windows: return netlink error for read operation
The kernel datapath returns a NL error message upon any errors
during read operations, and returns STATUS_SUCCESS as the return
code. We reply on the input NL request to get the family ID, and the
PID. However, when the request is of type OVS_CTRL_CMD_EVENT_NOTIFY
and OVS_CTRL_CMD_READ_NOTIFY, there's no input buffer associated
with the request. So, we use a temporary input buffer to be able to
call the Netlink APIs for constructing the output NL error message.
Signed-off-by: Nithin Raju <nithin@vmware.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ansis Atteka [Sat, 19 Sep 2015 20:10:55 +0000 (13:10 -0700)]
doc: document feature deprecation and removal process
It seems that we haven't defined clear process on how features should
be removed from OVS. This patch attempts to document this process.
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Ansis Atteka [Wed, 16 Sep 2015 02:40:47 +0000 (19:40 -0700)]
vlog: deprecate --syslog-target argument
Commit
fe089c0d1e18 ("vlog: abstract out interface to syslog daemon")
introduced --syslog-method flag that supersedes --syslog-target flag by:
1. making logging format configurable
2. letting daemon to also talk over UNIX domain socket (this is handy
when local rsyslog daemon is running in different network namespace
on the same host)
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Thu, 17 Sep 2015 17:10:56 +0000 (10:10 -0700)]
nroff: Add support for <b>...</b> and <i>...</i> inline markup.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>
Ben Pfaff [Tue, 29 Sep 2015 23:53:44 +0000 (16:53 -0700)]
nroff: Support inline XML inside <pre> blocks.
This is useful so that one can write, e.g.
<p>The following shows how to add 1 to variable <var>x</var>:</p>
<pre>
<var>x</var> = <var>x</var> + 1;
</pre>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>
Minoru TAKAHASHI [Fri, 18 Sep 2015 06:38:10 +0000 (15:38 +0900)]
ofp-msgs: fix enum of OFPMP_TABLE_DESC.
Signed-off-by: Minoru TAKAHASHI <takahashi.minoru7@gmail.com>
Acked-by: Joe Stringer <joestringer@nicira.com>
Ben Pfaff [Tue, 29 Sep 2015 22:40:22 +0000 (15:40 -0700)]
ovn: Implement basic end-to-end full mesh test.
This is a really basic test of the OVN features. It verifies that basic
L2 connectivity works as expected over a 3-hypervisor setup with 3 VMs
per hypervisor and all 9 VMs on a single logical switch, with a few ACLs.
The infrastructure added by this patch, which is based on similar code
from ovs-sim, should be useful as a basis for later and more advanced
OVN end-to-end tests.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>
Ben Pfaff [Tue, 29 Sep 2015 17:19:37 +0000 (10:19 -0700)]
tests: Ignore more error messages for hidden rules test.
This test intentionally configures an unreachable controller. It ignored
some error messages in the log, specifically
br0: cannot find route for controller (240.0.0.1): ...
but a bug report says that other forms of messages can also appear, e.g.
br0<->tcp:240.0.0.1:6653: connection dropped (No route to host)
This commit therefore expands the logged error messages that will be
ignored to any message that includes the IP address 240.0.0.1.
Reported-by: "Kurek, Tytus" <Tytus.Kurek@pega.com>
Reported-at: http://openvswitch.org/pipermail/discuss/2015-September/018910.html
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>
Thadeu Lima de Souza Cascardo [Tue, 29 Sep 2015 22:09:15 +0000 (19:09 -0300)]
tnl-ports: Include tnl-ports.h as first header.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Jarno Rajahalme [Tue, 29 Sep 2015 21:21:33 +0000 (14:21 -0700)]
ofproto-dpif-upcall: Use flow_wildcards_has_extra().
Update the comment in ukey_revalidate() to reflect the fact that the
mask in ukey is not the datapath mask, but the originally translated
flow wildcards.
Use flow_wildcards_has_extra() instead of open coding equivalent (but
different) functionality. The old form and the code in
flow_wildcards_has_extra() ((dp | wc != dp) and (dp & wc != wc),
respecively) give the same result:
dp wc (dp | wc != dp) (dp & wc != wc)
-------------------------------------------------------
0 0 (0 | 0 != 0) (false) (0 & 0 != 0) (false)
0 1 (0 | 1 != 0) (true) (0 & 1 != 1) (true)
1 0 (1 | 0 != 1) (false) (1 & 0 != 0) (false)
1 1 (1 | 1 != 1) (false) (1 & 1 != 1) (false)
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Nithin Raju [Wed, 23 Sep 2015 16:15:30 +0000 (09:15 -0700)]
datapath-windows: move packet read code to User.c
Simple code motion.
Signed-off-by: Nithin Raju <nithin@vmware.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Sorin Vinturis [Wed, 23 Sep 2015 12:40:18 +0000 (12:40 +0000)]
datapath-windows: Avoid unnecessary vport array search
Signed-off-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Gurucharan Shetty [Tue, 29 Sep 2015 17:12:08 +0000 (10:12 -0700)]
ovn-controller: Fix container flows in table 33.
The broadcast flows added in table 33 was faulty for
containers. Fix it.
Suggested-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>
Gurucharan Shetty [Mon, 28 Sep 2015 19:41:46 +0000 (12:41 -0700)]
ovn-controller: Fix a case wherein tag can be zero.
If the ovn-nb DB's logical_port table is populated such
that tag is zero, we should not consider that record.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>
Gurucharan Shetty [Mon, 28 Sep 2015 19:28:24 +0000 (12:28 -0700)]
ovn-controller: Change the name of a variable.
The name 'lport_to_ofport' gives the impression that the
simap contains all the logical port to ofport mapping. In
reality, it only contains a local vif to ofport mapping.
The name 'localvif_to_ofport' feels to be a better fit.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>
Alin Serdean [Wed, 23 Sep 2015 17:30:32 +0000 (17:30 +0000)]
Add build system for compiling under MSVC x64
This patch adds the modifications needed to compile under x64 under
Windows:
- created a new macro for testing if we are compiling under x64.
this will define the linker flag: "/MACHINE:X64" as per documentation
(https://msdn.microsoft.com/en-us/library/9yb4317s.aspx).
- added x64 pthread libraries under the pthread defines
- add documentation on how to build under x64
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Daniele Di Proietto [Tue, 29 Sep 2015 15:01:12 +0000 (16:01 +0100)]
travis: Install `bc` utility for kernel compilation
Newer kernels appear to require `bc` to build all the headers
Also, alphabetize the package list
Tested-at: https://travis-ci.org/ddiproietto/ovs/builds/
82757574
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Daniele Di Proietto [Wed, 23 Sep 2015 11:59:26 +0000 (12:59 +0100)]
travis: Use container infrastructure.
Recently some testcases have been failing in travis because of a warning
related to the use of an L3 device (OpenVZ specific) inside the workers.
To get travis tests working again we can move to the newer container
infrastructure: this commit does that.
The disadvantage is that there's no sudo access anymore, but we can
install packages with the apt plugin, and we shouldn't use root for
anything else
Also, since we're building DPDK with vhost-user (not vhost-cuse),
libfuse-dev is not needed anymore.
Tested-at: https://travis-ci.org/ddiproietto/ovs/builds/
81764972
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
CC: Joe Stringer <joestringer@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Tue, 29 Sep 2015 04:30:05 +0000 (21:30 -0700)]
tun-metadata: Avoid MSVC compile error on 64-bit builds for 0-length array.
MSVC does not support zero-size arrays except as the last member of a
defined structure.
The error is hit only on MSVC 64 bit because the size of uint64_t is equal
with sizeof(struct tun_table *).
Reported-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Alin Serdean [Wed, 23 Sep 2015 17:45:09 +0000 (17:45 +0000)]
nl_sock_fd is not used under MSVC
Ifdef out nl_sock_fd to make users aware it is not used.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Pravin B Shelar [Fri, 25 Sep 2015 23:25:10 +0000 (16:25 -0700)]
datapath: Backport "skbuff: Fix skb checksum flag on skb pull"
Upstream commit:
VXLAN device can receive skb with checksum partial. But the checksum
offset could be in outer header which is pulled on receive. This results
in negative checksum offset for the skb. Such skb can cause the assert
failure in skb_checksum_help(). Following patch fixes the bug by setting
checksum-none while pulling outer header.
Following is the kernel panic msg from old kernel hitting the bug.
------------[ cut here ]------------
kernel BUG at net/core/dev.c:1906!
RIP: 0010:[<
ffffffff81518034>] skb_checksum_help+0x144/0x150
Call Trace:
<IRQ>
[<
ffffffffa0164c28>] queue_userspace_packet+0x408/0x470 [openvswitch]
[<
ffffffffa016614d>] ovs_dp_upcall+0x5d/0x60 [openvswitch]
[<
ffffffffa0166236>] ovs_dp_process_packet_with_key+0xe6/0x100 [openvswitch]
[<
ffffffffa016629b>] ovs_dp_process_received_packet+0x4b/0x80 [openvswitch]
[<
ffffffffa016c51a>] ovs_vport_receive+0x2a/0x30 [openvswitch]
[<
ffffffffa0171383>] vxlan_rcv+0x53/0x60 [openvswitch]
[<
ffffffffa01734cb>] vxlan_udp_encap_recv+0x8b/0xf0 [openvswitch]
[<
ffffffff8157addc>] udp_queue_rcv_skb+0x2dc/0x3b0
[<
ffffffff8157b56f>] __udp4_lib_rcv+0x1cf/0x6c0
[<
ffffffff8157ba7a>] udp_rcv+0x1a/0x20
[<
ffffffff8154fdbd>] ip_local_deliver_finish+0xdd/0x280
[<
ffffffff81550128>] ip_local_deliver+0x88/0x90
[<
ffffffff8154fa7d>] ip_rcv_finish+0x10d/0x370
[<
ffffffff81550365>] ip_rcv+0x235/0x300
[<
ffffffff8151ba1d>] __netif_receive_skb+0x55d/0x620
[<
ffffffff8151c360>] netif_receive_skb+0x80/0x90
[<
ffffffff81459935>] virtnet_poll+0x555/0x6f0
[<
ffffffff8151cd04>] net_rx_action+0x134/0x290
[<
ffffffff810683d8>] __do_softirq+0xa8/0x210
[<
ffffffff8162fe6c>] call_softirq+0x1c/0x30
[<
ffffffff810161a5>] do_softirq+0x65/0xa0
[<
ffffffff810687be>] irq_exit+0x8e/0xb0
[<
ffffffff81630733>] do_IRQ+0x63/0xe0
[<
ffffffff81625f2e>] common_interrupt+0x6e/0x6e
Reported-by: Anupam Chanda <achanda@vmware.com>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Tom Herbert <tom@herbertland.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream:
6ae459bdaae ("skbuff: Fix skb checksum flag on skb pull")
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Zoltan Kiss [Fri, 25 Sep 2015 18:42:40 +0000 (11:42 -0700)]
ofproto-dpif: Do not block on uninitialized pause barriers.
e4e74c3a "dpif-netdev: Purge all ukeys when reconfigure pmd." introduced a new
dp_purge_cb function, which calls udpif_pause_revalidators() and that tries to
block on pause_barrier.
But if OVS was started with flow-restore-wait="true" (e.g. through ovs-ctl),
type_run() will have backer->recv_set_enable == false, and udpif_set_threads
won't initialize the barrier, which leads to a segfault like this:
This patch introduces ofproto_dpif_backer_enabled(), which checks
recv_set_enable before touching the latch and blocking on pause_barrier.
Signed-off-by: Zoltan Kiss <zoltan.kiss@linaro.org>
Acked-by: Joe Stringer <joestringer@nicira.com>
Andy Zhou [Mon, 21 Sep 2015 23:01:23 +0000 (16:01 -0700)]
dpdk: fix compiler warnings on 32bit build
Those changes fix compiler warnings.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Jesse Gross [Wed, 23 Sep 2015 01:13:00 +0000 (18:13 -0700)]
datapath: Backport "openvswitch: Zero flows on allocation."
Upstream commit:
openvswitch: Zero flows on allocation.
When support for megaflows was introduced, OVS needed to start
installing flows with a mask applied to them. Since masking is an
expensive operation, OVS also had an optimization that would only
take the parts of the flow keys that were covered by a non-zero
mask. The values stored in the remaining pieces should not matter
because they are masked out.
While this works fine for the purposes of matching (which must always
look at the mask), serialization to netlink can be problematic. Since
the flow and the mask are serialized separately, the uninitialized
portions of the flow can be encoded with whatever values happen to be
present.
In terms of functionality, this has little effect since these fields
will be masked out by definition. However, it leaks kernel memory to
userspace, which is a potential security vulnerability. It is also
possible that other code paths could look at the masked key and get
uninitialized data, although this does not currently appear to be an
issue in practice.
This removes the mask optimization for flows that are being installed.
This was always intended to be the case as the mask optimizations were
really targetting per-packet flow operations.
Fixes:
03f0d916 ("openvswitch: Mega flow implementation")
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream:
ae5f2fb1 ("openvswitch: Zero flows on allocation.")
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Pravin B Shelar [Fri, 18 Sep 2015 22:23:32 +0000 (15:23 -0700)]
datapath: Add support for 4.2 kernel.
Alin Serdean [Tue, 22 Sep 2015 19:53:31 +0000 (19:53 +0000)]
Include headers where ovs_rundir is used.
This patch includes dirs.h because ovs_rundir is used.
Found while compiling with MSVC x64.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Alin Serdean [Tue, 22 Sep 2015 19:53:31 +0000 (19:53 +0000)]
Include headers when using ovs_rundir
This patch adds an additional include file while compiling under MSVC.
Found by compiling under MSVC x64 and hitting the following problem:
http://stackoverflow.com/questions/
23144151/64-bit-function-returns-32-bit-pointer
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Alin Serdean [Tue, 22 Sep 2015 19:53:30 +0000 (19:53 +0000)]
Add x64 bit configuration to windows installer
This patch defines the x64 in the configuration of the visual studio
solution: ovs-windows-installer.sln
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
projects / cascardo / ovs.git / log