git.cascardo.eti.br Git - cascardo/ovs.git/log

ipfix: Support tunnel information for Flow IPFIX.

Add support to export tunnel information for flow-based IPFIX.
The original steps to configure flow level IPFIX:
    1) Create a new record in Flow_Sample_Collector_Set table:
       'ovs-vsctl -- create Flow_Sample_Collector_Set id=1 bridge="Bridge UUID"'
    2) Add IPFIX configuration which is referred by corresponding
       row in Flow_Sample_Collector_Set table:
       'ovs-vsctl -- set Flow_Sample_Collector_Set
       "Flow_Sample_Collector_Set UUID" ipfix=@i -- --id=@i create IPFIX
       targets=\"IP:4739\" obs_domain_id=123 obs_point_id=456
       cache_active_timeout=60 cache_max_flows=13'
    3) Add sample action to the flows:
       'ovs-ofctl add-flow mybridge in_port=1,
       actions=sample'('probability=65535,collector_set_id=1,
       obs_domain_id=123,obs_point_id=456')',output:3'
NXAST_SAMPLE action was used in step 3. In order to support exporting tunnel
information, the NXAST_SAMPLE2 action was added and with NXAST_SAMPLE2 action
in this patch, the step 3 should be configured like below:
       'ovs-ofctl add-flow mybridge in_port=1,
       actions=sample'('probability=65535,collector_set_id=1,obs_domain_id=123,
       obs_point_id=456,sampling_port=3')',output:3'
'sampling_port' can be equal to ingress port or one of egress ports. If sampling
port is equal to output port and the output port is a tunnel port,
OVS_USERSPACE_ATTR_EGRESS_TUN_PORT will be set in the datapath flow sample action.
When flow sample action upcall happens, tunnel information will be retrieved from
the datapath and then IPFIX can export egress tunnel port information. If
samping_port=65535 (OFPP_NONE), flow-based IPFIX will keep the same behavior
as before.

This patch mainly do three tasks:
    1) Add a new flow sample action NXAST_SAMPLE2 to support exporting
       tunnel information. NXAST_SAMPLE2 action has a new added field
       'sampling_port'.
    2) Use 'other_configure: enable-tunnel-sampling' to enable or disable
       exporting tunnel information.
    3) If 'sampling_port' is equal to output port and output port is a tunnel
       port, the translation of OpenFlow "sample" action should first emit
       set(tunnel(...)), then the sample action itself. It makes sure the
       egress tunnel information can be sampled.
    4) Add a test of flow-based IPFIX for tunnel set.

How to test flow-based IPFIX:
    1) Setup a test environment with two Linux host with Docker supported
    2) Create a Docker container and a GRE tunnel port on each host
    3) Use ovs-docker to add the container on the bridge
    4) Listen on port 4739 on the collector machine and use wireshark to filter
       'cflow' packets.
    5) Configure flow-based IPFIX:
       - 'ovs-vsctl -- create Flow_Sample_Collector_Set id=1 bridge="Bridge UUID"'
       - 'ovs-vsctl -- set Flow_Sample_Collector_Set
          "Flow_Sample_Collector_Set UUID" ipfix=@i -- --id=@i create IPFIX \
          targets=\"IP:4739\" cache_active_timeout=60 cache_max_flows=13 \
          other_config:enable-tunnel-sampling=true'
       - 'ovs-ofctl add-flow mybridge in_port=1,
          actions=sample'('probability=65535,collector_set_id=1,obs_domain_id=123,
          obs_point_id=456,sampling_port=3')',output:3'
       Note: The in-port is container port. The output port and sampling_port
             are both open flow port and the output port is a GRE tunnel port.
    6) Ping from the container whose host enabled flow-based IPFIX.
    7) Get the IPFIX template pakcets and IPFIX information packets.

Signed-off-by: Benli Ye <daniely@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

netdev-dpdk: Remove vhost send retries when no packets have been sent.

If the guest is connected but not servicing the virt queue, this leads
to vhost send retries until timeout. This is fine in isolation but if
there are other high rate queues also being serviced by the same PMD
it can lead to a performance hit on those queues. Change to only retry
when at least some packets have been successfully sent on the previous
attempt.

Also, limit retries to avoid a similar delays if packets are being sent
at a very low rate due to few available descriptors.

Reported-by: Bhanuprakash Bodireddy <bhanuprakash.bodireddy@intel.com>
Signed-off-by: Kevin Traynor <kevin.traynor@intel.com>
Acked-by: Bhanuprakash Bodireddy <bhanuprakash.bodireddy@intel.com>
Acked-by: Ilya Maximets <i.maximets@samsung.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>

ofp-util: Fix parsing of parenthesized values within key-value pairs.

Reported-by: james hopper <jameshopper@email.com>
Reported-at: http://openvswitch.org/pipermail/discuss/2016-June/021662.html
Signed-off-by: Ben Pfaff <blp@ovn.org>

at test vlog: Switch from stderr to log

Using the --detach parameter the child does not propagate the first
message to the parent.

Proposed change use the log file instead of the stderr.

Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Paul-Daniel Boca <pboca@cloudbasesolutions.com>
Tested-by: Paul-Daniel Boca <pboca@cloudbasesolutions.com>
Acked-by: Ryan Moats <rmoats@us.ibm.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ovs-ofctl: Fixed PID file naming on windows

On Windows if a relative file name is given to --pidfile parameter
(not containing ':') then the application name is used for PID file,
ignoring the given name.

Signed-off-by: Paul-Daniel Boca <pboca@cloudbasesolutions.com>
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

datapath-windows: Fix misc on vport

Remove ununsed variables, found by inspection.

On fail reset extInfo name.

Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

datapath-windows: Sample action support.

This patch adds support for sampling to the OVS extension.

The following flow was used for generating sample actions:
  ovs-ofctl add-flow tcp:127.0.0.1:9999 "actions=sample(
    probability=12345,collector_set_id=23456,obs_domain_id=34567,
    obs_point_id=45678)"

Signed-off-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ipfix: Bug fix for not sending template packets on 32-bit OS

'last_template_set_time' in truct dpif_ipfix_exporter is declared
as time_t and time_t is long int type. If we initialize
'last_template_set_time' as TIME_MIN, whose value is -2147483648
on 32-bit OS and -2^63 on 64-bit OS. There will be a problem on
32-bit OS when comparing 'last_template_set_time' with a unisgned int
type variable, because type casting will happen and negative value
could be a large positive number. Fix this problem by simply initialize
'last_template_set_time' as 0.

Signed-off-by: Benli Ye <daniely@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: William Tu <u9012063@gmail.com>

ipfix: Add support for exporting ipfix statistics.

It is meaningful for user to check the stats of IPFIX.
Using IPFIX stats, user can know how much flows the system
can support. It is also can be used for performance check
of IPFIX.

IPFIX stats is added for per IPFIX exporter. If bridge IPFIX is
enabled on the bridge, the whole bridge will have one exporter.
For flow IPFIX, the system keeps per id (column in
Flow_Sample_Collector_Set) per exporter.

1) Add 'ovs-ofctl dump-ipfix-bridge SWITCH' to export IPFIX stats of
   the bridge which enable bridge IPFIX. The output format:
   NXST_IPFIX_BRIDGE reply (xid=0x2):
     bridge ipfix: flows=0, current flows=0, sampled pkts=0, \
                   ipv4 ok=0, ipv6 ok=0, tx pkts=0
                   pkts errs=0, ipv4 errs=0, ipv6 errs=0, tx errs=0
2) Add 'ovs-ofctl dump-ipfix-flow SWITCH' to export IPFIX stats of
   the bridge which enable flow IPFIX. The output format:
   NXST_IPFIX_FLOW reply (xid=0x2): 2 ids
     id   1: flows=4, current flows=4, sampled pkts=14, ipv4 ok=13, \
             ipv6 ok=0, tx pkts=0
             pkts errs=0, ipv4 errs=0, ipv6 errs=0, tx errs=0
     id   2: flows=0, current flows=0, sampled pkts=0, ipv4 ok=0, \
             ipv6 ok=0, tx pkts=0
             pkts errs=0, ipv4 errs=0, ipv6 errs=0, tx errs=0

flows: the number of total flow records, including those exported.
current flows: the number of current flow records cached.
sampled pkts: Successfully sampled packet count.
ipv4 ok: successfully sampled IPv4 flow packet count.
ipv6 ok: Successfully sampled IPv6 flow packet count.
tx pkts: the count of IPFIX exported packets sent  to the collector(s).
pkts errs: count of packets failed when sampling, maybe not supported or other error.
ipv4 errs: Count of IPV4 flow packet in the error packets.
ipv6 errs: Count of IPV6 flow packet in the error packets.
tx errs: the count of IPFIX exported packets failed when sending to the collector(s).

Signed-off-by: Benli Ye <daniely@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ovs-vsctl: Support identifying Flow_Sample_Collector_Set records by id.

This allows commands like
ovs-vsctl list Flow_Sample_Collector_Set 123
if there's a record with id 123. It's not perfect, since there can be
more than one record with the same id, but it's helpful.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Andy Zhou <azhou@ovn.org>

netlink-notifier: Support multiple groups.

A netlink notifier ('nln') already supports multiple notifiers.  This
patch allows each of these notifiers to subscribe to a different
multicast group.  Sharing a single socket for multiple event types
(each on their own multicast group) provides serialization of events
when reordering of different event types could be problematic.  For
example, if a 'create' event and 'delete' event are on different
netlink multicast group, we may want to process those events in the
order in which kernel issued them, rather than in the order we happen
to check for them.

Moving the multicast group argument from nln_create() to
nln_notifier_create() allows each notifier to specify a different
multicast group.  The parse callback needs to identify the group the
message belonged to by returning the corresponding group number, or 0
when an parse error occurs.

Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>

dpif-netdev: Print installed flows in dpif format.

When debug logging is enabled, dpif-netdev can print each flow as it is
installed, which it currently does using OpenFlow match formatting. Compared
to ODP formatting, there generally isn't too much difference since the
fields are largely the same but it is inconsistent with other logging in
dpif-netdev as well as the analogous functions that deal with the kernel.

However, in some cases there is a difference between the two formats, such
as in the cases of input port or tunnel metadata. For input port, datapath
format helped detect that the generated masks were incorrect. As for tunnels,
at the moment, it's possible to convert between the two formats on demand as
we have a global metadata table. In the future, though this won't be possible
as the metadata table becomes per-bridge which the datapath won't have access
to.

Signed-off-by: Jesse Gross <jesse@kernel.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>

odp-util: Remove odp_in_port from struct odp_flow_key_parms.

When calling odp_flow_key_from_flow (or _mask), the in_port included
as part of the flow is ignored and must be explicitly passed as a
separate parameter. This is because the assumption was that the flow's
version would often be in OFP format, rather than ODP.

However, at this point all flows that are ready for serialization in
netlink format already have their in_port properly set to ODP format.
As a result, every caller needs to explicitly initialize the extra
paramter to the value that is in the flow. This switches to just use
the value in the flow to simply things and avoid the possibility of
forgetting to initialize the extra parameter.

Signed-off-by: Jesse Gross <jesse@kernel.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>

ofproto-dpif-upcall: Translate input port as part of upcall translation.

When we generate wildcards for upcalled flows, the flows and therefore
the wildcards, are in OpenFlow format. These are mostly the same but
one exception is the input port. We work around this problem by simply
performing an exact match on the input port when generating netlink
formatted keys. (This does not lose any information in practice because
action translation also always exact matches on input port.)

While this works fine for kernel based flows, it misses the userspace
datapath, which directly consumes the OFP format mask for the input
port. The effect of this is that the in_port mask is sometimes only
the lower 16 bits of the field. (This is because OFP format is a 16-bit
value stored in a 32-bit field. The full width of the field is initialized
with an exact match mask but certain operations result in cleaving this
down to 16 bits.) In practice this does not cause a problem because datapath
port numbers are almost always in the lower 16 bits of the range anyways.

This moves the masking of the datapath format field to translation so that
all datapaths see the same result. This also makes more sense conceptually
as the input port in the flow is also in ODP format at this stage.

Signed-off-by: Jesse Gross <jesse@kernel.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>

ovn-architecture.7.xml: Fix ovn-controller behavior in VIF life cycle

Signed-off-by: Hui Kang <kangh@us.ibm.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ovn: Replace tabs with spaces and clean up alignment in unit tests.

Signed-off-by: Justin Pettit <jpettit@ovn.org>

ovn-nbctl: Update logical switch commands.

    A few minor changes related to logical switch commands:

        - Use "ls" instead of "lswitch" to be more consistent with other
          command changes.
        - Use commands where possible in ovn unit tests.
        - Update references from "lswitch" to "ls" (code) or "switch" (user).

Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>
Acked-by: Ben Pfaff <blp@ovn.org>

ovn-nbctl: Update logical switch port commands.

A few minor changes related to logical switch port commands:

    - Use "lsp" instead of "lport" to be more consistent with later
      changes.
    - Use commands where possible in ovn unit tests.
    - Update references from "lport" to "lsp" (code) or "port" (user).

Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>
Acked-by: Ben Pfaff <blp@ovn.org>

ovn: Use Logical_Switch_Port in NB.

We have both logical switch and router ports. Router ports are
referenced in "Logical_Router_Port" table, so this make it more
consistent.

Also change internal use of "lport" to "lsp".

Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>
Acked-by: Ben Pfaff <blp@ovn.org>

ovn-nbctl: Add static route commands.

Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>
Acked-by: Ben Pfaff <blp@ovn.org>

packets: Parse IP address strings with a zero length prefix.

A zero prefix length is used to match any IP address, which is useful
for defining default routes.

Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Flavio Fernandes <flavio@flaviof.com>
Acked-by: Ben Pfaff <blp@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>

ovn-nbctl: Update logical router port commands.

A few minor changes related to logical router port commands:

    - Use "lrp" instead of "lrport" to be more consistent with later
      changes.
    - Use commands where possible in ovn unit tests.
    - Move documentation to group router commands together.
    - Adds mac/network/peer to lrp-add command.  The existing command
      doesn't require creating a mac or network address, which shouldn't
      be possible.
    - Drops lrport-[get|set]-mac-addresses commands in favor of
      initializing them in lrp-add command.
    - Update references from "lrport" to "lrp" (code) or "port" (user).

Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>
Acked-by: Ben Pfaff <blp@ovn.org>

ovn-nbctl: Update basic router commands.

A few minor changes related to router commands:

    - Use "lr" instead of "lrouter" to be more consistent with later
      changes.
    - Use the commands where possible in ovn unit tests.
    - Move documentation to group router commands together.
    - Update references from "lrouter" to "router".

Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>

ovn-nbctl: Use "ctx->output" instead of printf for list ACLs.

Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>

ovn-controller: Fix memory leak reported by valgrind.

Calling ovsdb_idl_set_remote() might overwrite the 'idl->session'.  The patch
fixes them by freeing 'idl->session' before it is overwritten.

Testcast ovn-controller - ovn-bridge-mappings reports two definitely losts in:
    xmalloc (util.c:112)
    jsonrpc_session_open (jsonrpc.c:784)
    ovsdb_idl_create (ovsdb-idl.c:246)
    main (ovn-controller.c:384)
and,
    xmalloc (util.c:112)
    jsonrpc_session_open (jsonrpc.c:784)
    ovsdb_idl_set_remote (ovsdb-idl.c:289)
    main (ovn-controller.c:409)

Signed-off-by: William Tu <u9012063@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>

tests: Remove "test" from test names.

Every test is a test, so each test doesn't need to attest to being a test.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>

ovn-nb.xml: Fix typo.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Russell Bryant <russell@ovn.org>

ovs-bugtool: Fix flake8 errors.

A previous commit added this file to be checked by flake8, but the file
failed a number of checks done by the 'hacking' flake8 plugin.

Fixes: b00bdc728e7a ("automake: Add ovs-bugtool.in to flake8-check.")
Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-By: Kyle Mestery <mestery@mestery.com>

datapath:backport: openvswitch: use flow protocol when recalculating ipv6 checksums

Upstream commit:
    commit b4f70527f052b0c00be4d7cac562baa75b212df5
    Author: Simon Horman <simon.horman@netronome.com>
    Date:   Thu Apr 21 11:49:15 2016 +1000

    openvswitch: use flow protocol when recalculating ipv6 checksums

    When using masked actions the ipv6_proto field of an action
    to set IPv6 fields may be zero rather than the prevailing protocol
    which will result in skipping checksum recalculation.

    This patch resolves the problem by relying on the protocol
    in the flow key rather than that in the set field action.

    Fixes: 83d2b9ba1abc ("net: openvswitch: Support masked set actions.")
Cc: Jarno Rajahalme <jrajahalme@nicira.com>
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>

automake: Add ovs-bugtool.in to flake8-check.

Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>

ovs-bugtool.in: Do not assign a lambda expression, use a def.

Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>

ovs-bugtool.in: Comparison to None should be 'if cond is None:'

Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>

ovs-bugtool.in: Test for membership should be 'not in'.

Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>

ovs-bugtool.in: Remove usage of 'has_key'.

Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>

ovs-bugtool.in: Remove unused variables.

Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>

ovs-bugtool.in: Fix errors around spaces and line length.

Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>

ovs-bugtool.in: Remove unused imports.

Also take care of a 'import not at top of file' warning from
flake8.

Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>

ovs-numa: Fix a compilation error

Fix the following error on NetBSD 7.0.

../lib/ovs-numa.c: In function 'ovs_numa_set_cpu_mask':
../lib/ovs-numa.c:555:9: error: array subscript has type 'char' [-Werror=char-subscripts]

Signed-off-by: YAMAMOTO Takashi <yamamoto@ovn.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Ben Pfaff <blp@ovn.org>

sparse: Fix conflict between netinet/in.h and linux/in.h

linux/in.h (from linux uapi headers) carries many of the same
definitions as netinet/in.h (from glibc).

If linux/in.h is included after netinet/in.h, conflicts are avoided in
two ways:

1) linux/libc-compat.h (included by linux/in.h) detects the include
   guard of netinet/in.h and defines some macros (e.g.
   __UAPI_DEF_IN_IPPROTO) to 0.  linux/in.h avoids exporting the same
   enums if those macros are 0.

2) The two files are allowed to redefine the same macros as long as the
   values are the same.

Our include/sparse/netinet/in.h creates problems, because:

1) It uses a custom include guard
2) It uses dummy values for some macros.

This commit changes include/sparse/netinet/in.h to use the same include
guard as glibc netinet/in.h, and to use the same values for some macros.

I think this problem is present with linux headers after
a263653ed798("netfilter: don't pull include/linux/netfilter.h from netns
headers") which cause our lib/netlink-conntrack.c to include linux/in.h
after netinet/in.h.

sample output from sparse:

/usr/include/linux/in.h:29:9: warning: preprocessor token IPPROTO_IP
redefined
../include/sparse/netinet/in.h:60:9: this was the original definition
/usr/include/linux/in.h:31:9: warning: preprocessor token IPPROTO_ICMP
redefined
../include/sparse/netinet/in.h:63:9: this was the original definition
[...]
/usr/include/linux/in.h:28:3: error: bad enum definition
/usr/include/linux/in.h:28:3: error: Expected } at end of specifier
/usr/include/linux/in.h:28:3: error: got 0
/usr/include/linux/in.h:84:16: error: redefinition of struct in_addr

Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Tested-by: Joe Stringer <joe@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

Add optional C extension wrapper for Python JSON parsing

The pure Python in-tree JSON parser is *much* slower than the
in-tree C JSON parser. A local test parsing a 100Mb JSON file
showed the Python version taking 270 seconds. With the C wrapper,
it took under 4 seconds.

The C extension will be used automatically if it can be built. If
the extension fails to build, a warning is displayed and the build
is restarted without the extension.

The Serializer class is replaced with Python's built-in
JSON library since the ability to process chunked data is not
needed in that case.

The extension should work with both Python 2.7 and Python 3.3+.

Signed-off-by: Terry Wilson <twilson@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

Ensure significand remains an integer in Python3 json parser

The / operation in Python 2 is "floor division" for int/long types
while in Python 3 is "true division". This means that the
significand can become a float with the existing code in Python 3.
This, in turn, can result in a parse of something like [1.10e1]
returning 11 in Python 2 and 11.0 in Python 3. Switching to the
// operator resolves this difference.

The JSON tests do not catch this difference because the built-in
serializer prints floats with the %.15g format which will convert
floats with no fractional part to an integer representation.

Signed-off-by: Terry Wilson <twilson@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ofproto-dpif-upcall: Prevent memory leak on log message.

When DPIF does not support UFID (like old kernels), it may print this
message quite frequently, if using an OVS version that does not include
the upstream fix af50de800ecb ("ofproto-dpif-upcall: Pass key to
dpif_flow_get().").

Fixes: 64bb477f0568 ("dpif: Minimize memory copy for revalidation.")
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Joe Stringer <joe@ovn.org>

tunnels: Update schema documentation related to tunnels.

As both OVS and tunnel protocols themselves have evolved, some changes
have caused the documentation to drift from current reality.

Signed-off-by: Jesse Gross <jesse@kernel.org>
Acked-by: Ben Pfaff <blp@ovn.org>

xenserver: Remove deprecated print statement.

PEP 3105 removed the print statement in favour of a print function.
Replace usage of the old statement with equivalent functionality that
works in both python2.7 and python3.

Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

xenserver: Use PEP 3110 exception syntax.

This syntax is usable with both python2.7 and python3, so use it instead
of the outdated syntax.

Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

xenserver: Remove tuple unpacking in lambdas.

PEP 3113 removed the use of tuple parameter unpacking in conjunction
with lambdas, replace this code with something that works in python2.7
and python3.

Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

xenserver: Fix list/map access for python3.

Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

xenserver: Fix string compatibility in python3.

PEP 3120 made UTF-8 the default source encoding for python3 strings;
ensure that the output for strings are consistent between python2.7 and
python3.

Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

xenserver: Sort vsctl port options.

In python3, dictionaries are less likely to be sorted consistently from
one run to the next, so sort port options when outputting to provide
reliable test results.

Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

INSTALL.Debian.md: Describe a pitfall and some solutions.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Jarno Rajahalme <jarno@ovn.org>

testsuite: Add PMD specific tests.

Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>

ofproto-dpif.at: Run tests with dummy-pmd.

Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>

dpif-netdev.at: Run tests with dummy-pmd.

Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>

tests: Allow extra cmd line args to OVS_VSWITCHD_START.

This will be used by a following commit, to add dummy-numa options.

Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Ilya Maximets <i.maximets@samsung.com>

vswitchd: Add --dummy-numa command line option.

This option is used to initialize the ovs_numa module with a fake
configuration and to avoid pthread_setaffinity_np() calls. It will be
useful to test dpif-netdev with pmd threads.

Since it is only used for testing it is not documented in the man pages.

Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Ilya Maximets <i.maximets@samsung.com>

netdev-dummy: Introduce sched_yield() in rxq_recv() for pmd devices.

Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Ilya Maximets <i.maximets@samsung.com>

ovs-numa: Introduce function to set current thread affinity.

This commit moves the code that sets the pmd threads affinity from
netdev-dpdk to ovs-numa. There's one small part left in netdev-dpdk, to
set the lcore_id.

Now dpif-netdev will call both modules (ovs-numa and netdev-dpdk) when
starting a pmd thread.

This change will allow having a dummy implementation of the set affinity
call, for testing purposes.

Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Ilya Maximets <i.maximets@samsung.com>

ovs-numa: Remove non-linux stubs.

Instead of having static inline stubs for non linux platform we can use
the implementations in ovs-numa.c. With one small change to
ovs_numa_dump_cores_on_numa(), they will behave exactly like the
stubs for the non-linux case, because 'found_numa_and_core' will be
false and the socket and cpu hmaps will be empty.

There are a few places where conditional compilation is required: the
code that parses the linux specific sysfs entries and its dependencies.
It requires opendir() and readdir() and doesn't make sense outside of
linux anyway.

This change is required to have a cross-platform ovs-numa dummy
implementation for testing.

Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Ilya Maximets <i.maximets@samsung.com>

datapath-windows: Add ECN support on STT decapsulation

Signed-off-by: Paul-Daniel Boca <pboca@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

datapath-windows: STT reassemble small fix

Fixed possible deadlock in case NdisGetDataBuffer fails
Validate the segment length and offset on reassemble to avoid buffer overflow

Signed-off-by: Paul-Daniel Boca <pboca@cloudbasesolutions.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

datapath-windows: Add VLAN support to STT

Add VLAN to STT header and on receive applyit to encapsulated packet

Signed-off-by: Paul-Daniel Boca <pboca@cloudbasesolutions.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

datapath-windows: Improved offloading on STT tunnel

*Added OvsExtractLayers - populates only the layers field without unnecessary
memory operations for flow part
*If in STT header the flags are 0 then force packets checksums calculation
on receive.
*Ensure correct pseudo checksum is set for LSO both on send and receive.
Linux includes the segment length to TCP pseudo-checksum conforming to
RFC 793 but in case of LSO Windows expects this to be only on
Source IP Address, Destination IP Address, and Protocol.
*Fragment expiration on rx side of STT was set to 30 seconds, but the correct
timeout would be TTL of the packet

Signed-off-by: Paul-Daniel Boca <pboca@cloudbasesolutions.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

tests: Skip "daemon --service" test on Windows from non-admin console

Check if we have enough rights to create a service on Windows
otherwise we skip daemon test

Signed-off-by: Paul-Daniel Boca <pboca@cloudbasesolutions.com>
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Tested-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

debian, rhel: Ship ovs shared libraries and header files

Compile and package ovs shared libraries and create new header
package for debian (openvswitch-dev) and rhel (openvswitch-devel).

VMware-BZ: #1556299
Signed-off-by: Edwin Chiu <echiu@vmware.com>
Co-authored-by: Harold Lim <haroldl@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

INSTALL.md: Note use of "hacking" flake8 plugin.

The automatic flake8 check that runs against Python code has some
warnings enabled that come from the "hacking" flake8 plugin. If it's
not installed, the warnings just won't occur until it's run on a system
with "hacking" installed.

Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

ovn-northd: logical router icmp response should not care about inport

When responding to icmp echo requests (aka ping) packets, the logical
router should not restrict responses based on the inport.

Example diagram:

vm: IP1.1 (subnet1)
logical_router: IP1.2 (subnet1) and IP2.2 (subnet2)

vm -------[subnet1]------- logical_router -------[subnet2]
<IP1.1> <IP1.2> <IP2.2>

vm should be able to ping <IP2.2>, even though it is an address
of a subnet that can only be reached through L3 routing.

Reference to the mailing list thread:
http://openvswitch.org/pipermail/discuss/2016-May/021172.html

Signed-off-by: Ben Pfaff <blp@ovn.org>

tests: Fixed access denied on ovs-vswitchd.log

On Windows trying to overwrite the opened ovs-vswitchd.log
fails with access denied. Closing it before trying to overwrite it
solves the problem

Signed-off-by: Paul-Daniel Boca <pboca@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

netdev-dummy: Add multiqueue support to dummy-pmd.

All previous multi-open logic preserved for rx queues.
Also, added new optional parameter '--qid' for 'netdev-dummy/receive'
in order to allow user to choose id of rx queue to which packet will
be sent.

Ex.:
ovs-appctl netdev-dummy/receive p1 --qid 3 'in_port(1) ...'

Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>

ovs-vsctl.at: Use OVS_VSCTL_CLEANUP.

OVSDB_SERVER_SHUTDOWN defined in another module and not inside
'*-macros.at'. So, it should not be used inside ovs-vsctl.at.

Also, OVS_VSCTL_CLEANUP should be used instead of direct calls
to OVSDB_SERVER_SHUTDOWN.

Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>

dpctl: Implement dpctl/flow-get for dpif-netdev.

Currently 'dpctl/flow-get' doesn't work for flows installed by
PMD threads.

Fix that by implementing search across all PMD threads. Will be returned
flow from first PMD thread with match.

Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>

netdev-dummy: Add dummy-pmd class.

'dummy-pmd' class is a new dummy class.
Created in purposes of testing of PMD interfaces.

Ex.:
ovs-vsctl set interface <iface> type=dummy-pmd

Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>

Add *.c to datapath/linux/.gitignore

This should prevent any additional *.c files from sneaking in here.

Signed-off-by: Aaron Rosen <aaronorosen@gmail.com>
Signed-off-by: Jesse Gross <jesse@kernel.org>

ipfix: Bug fix for configuring IPFIX for flows

There are two kinds of IPFIX: bridge level IPFIX and flow level
IPFIX. Now if we only configure flow level IPFIX, even if there
is no bridge IPFIX configuration, the datapath flow will contain
a sample action for bridge IPFIX. Fix it.

Steps to configure flow level IPFIX:
1) Create a new record in Flow_Sample_Collector_Set table:
   'ovs-vsctl -- create Flow_Sample_Collector_Set id=1 bridge="Bridge UUID"'
2) Add IPFIX configuration which is referred by corresponding
   row in Flow_Sample_Collector_Set table:
   'ovs-vsctl -- set Flow_Sample_Collector_Set
   "Flow_Sample_Collector_Set UUID" ipfix=@i -- --id=@i create IPFIX
   targets=\"IP:4739\" obs_domain_id=123 obs_point_id=456
   cache_active_timeout=60 cache_max_flows=13'
3) Add sample action to the flows:
   'ovs-ofctl add-flow mybridge in_port=1,
   actions=sample'('probability=65535,collector_set_id=1,
   obs_domain_id=123,obs_point_id=456')',output:LOCAL'

Before this fix, if you only configure flow IPFIX, the datapath flow is:
   id(0),in_port(2),eth_type(0x0806), packets:0, bytes:0, used:never,
   actions:sample(sample=0.0%,actions(userspace(pid=4294960835,
   ipfix(output_port=4294967295)))),sample(sample=100.0%,
   actions(userspace(pid=4294960835,flow_sample(probability=65535,
   collector_set_id=1,obs_domain_id=123,obs_point_id=456)))),
   sample(sample=0.0%,actions(userspace(pid=4294960835,
   ipfix(output_port=1)))),1

The datapath flow should only contain the sample action like below:
   id(0),in_port(2),eth_type(0x0800),ipv4(frag=no), packets:9, bytes:871,
   used:0.656s, actions:sample(sample=100.0%,actions(userspace(pid=4294962911,
   flow_sample(probability=65535,collector_set_id=1,obs_domain_id=123,
   obs_point_id=456)))),1

Signed-off-by: Benli Ye <daniely@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

INSTALL.md: Document system-traffic tests.

Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

tests: Avoid endianness sensitivity in MPLS handling test.

The test "ofproto-dpif - MPLS handling" included a test of the "multipath"
action whose results depended on the hash function in use. The OVS hash
function yields different results on little-endian and big-endian systems,
so this caused a failure.

This commit fixes the problem by changing the modulus in the multipath
action from 256 to 1; any (nonnegative) value modulo 1 is 0, so this makes
the results consistent across endianness (and across hash function
changes). I think that this is still a good enough test.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Aaron Conole <aconole@redhat.com>
Acked-by: Gerhard Stenzel <gstenzel@linux.vnet.ibm.com>

tests: Fix select group test on big-endian systems.

This test ensures that, when the selection criteria for a select group are
the same from packet to packet, the same bucket is always selected.
However, it hardcoded the bucket that was selected to the one that happens
to be selected with the current OVS hash function on little-endian systems.
On big-endian systems, the current OVS hash functions turns out to select
the other bucket. That's fine (it's consistent, it just consistently makes
the other choice), so this commit fixes the problem by allowing either
bucket to be selected.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Aaron Conole <aconole@redhat.com>
Acked-by: Gerhard Stenzel <gstenzel@linux.vnet.ibm.com>

ofp-print: Sort queues before printing in OFPT_QUEUE_GET_CONFIG_REPLY.

Otherwise the ordering tends to vary across endianness.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Aaron Conole <aconole@redhat.com>
Acked-by: Gerhard Stenzel <gstenzel@linux.vnet.ibm.com>

netdev-native-tnl: Fix treatment of GRE key on big-endian systems.

The GRE implementation used bitwise shifts to convert an ovs_be32 to an
ovs_be64 (with zero extension), but on big-endian systems these conversions
are no-ops. This fixes the problem.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Aaron Conole <aconole@redhat.com>
Acked-by: Gerhard Stenzel <gstenzel@linux.vnet.ibm.com>

types: Change ofp_port_t from uint16_t to uint32_t.

This fixes several tests that failed on big-endian systems because "union
flow_in_port" overlays an ofp_port_t and odp_port_t and in some cases it
is not easy to determine which one is in use.

This commit also fixes up a few places where this broke other code.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Aaron Conole <aconole@redhat.com>
Acked-by: Gerhard Stenzel <gstenzel@linux.vnet.ibm.com>

FAQ: Explain that the order of actions is significant.

I've seen users make this error several times. This FAQ will provide a
useful answer to pass along.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Gurucharan Shetty <guru@ovn.org>

netdev: Fix typo in comment.

The name of the macro was wrong.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Russell Bryant <russell@ovn.org>

route-table: If device is not there, route is still parseable.

Do not return failure to parse a route if device has been removed before we are
able to parse the route. That prevents "received bad netlink message" warnings
on the log.

This can be reproduced by simply removing interfaces.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

vswitch.xml: Document interface name length restrictions.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Andy Zhou <azhou@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>

rconn: Disable probe for local connections.

There are four sessions established from ovn-controller to the following:
OVN Southbound — JSONRPC based
Local ovsdb — JSONRPC based
Local vswitchd — openflow based from ofctrl
Local vswitchd — openflow based from pinctrl

All of these sessions have their own probe_interval, For the last
two connections, they do not need probe_timer as they are over unix domain
socket. This patch takes care of that.

This change has been tested putting logs in several places like in
ovn-controller.c, lib/rconn.c to make sure the probe_timer is
disabled. Also, by making sure from ovn-controller's
log file that there is no more reconnect happening due to probe
under heavy load.

Signed-off-by: Nirapada Ghosh <nghosh@us.ibm.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ovn-nbctl: Add lrouter and lrport related commands.

ovn-nbctl provides a shortcut to perform commands related lswitch, lport
and such but it doesn't have similar commands related to logical routers
and logical router ports. Also, 'ovn-nbctl show' is supposed to show an
overview of database contents, which means it should show the routers
as well. "ovn-nbctl show LSWITCH" shows the switch details, similarly
"ovn-nbctl show LROUTER" should show the router details too. This patch
takes care of all of these.

Modifications;
1) ovn-nbctl show -- will now show lrouters as well
2) ovn-nbctl show <lrouter> -- will show the router now

New commands added:
3) ovn-nbctl lrouter-add [LROUTER]
4) ovn-nbctl lrouter-del LROUTER
5) ovn-nbctl lrouter-list
6) lrport-add LROUTER LRPORT
7) lrport-del LRPORT
8) lrport-list LROUTER
9) lrport-set-mac-address LRPORT [ADDRESS]
10) lrport-get-mac-address LRPORT
11) lrport-set-enabled LRPORT STATE
12) lrport-get-enabled LRPORT

Unit test cases have been added to test all of these modifications and
additions.

Signed-off-by: Nirapada Ghosh <nghosh@us.ibm.com>
[blp@ovn.org added features to match the lswitch and lport commands]
Co-authored-by: Ben Pfaff <blp@ovn.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>

INSTALL.DPDK: Replace tabs with spaces

Signed-off-by: Ciara Loftus <ciara.loftus@intel.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ovn-controller: Assign conntrack zones for gateway router.

OVS NAT currently cannot do snat and dnat in the same zone.
So we need two zones per gateway router.

Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

ovn-northd.8.xml: fix sock path of NB and SB database.

commit 60bdd01148e4 ("Separating OVN NB and SB database processes")
introduced a separating OVN NB and SB database process, the path of
sock files need to be updated.

Fixes: 60bdd01148e4 ("Separating OVN NB and SB database processes")
Signed-off-by: Li Wei <lw@cn.fujitsu.com>
Signed-off-by: Russell Bryant <russell@ovn.org>

ovn-controller: Refactor conntrack zone allocation.

We currently allocate conntrack zones in binding.c. It fits
in nicely there because we currently only allocate conntrack
zones to logical ports and binding.c is where we figure out
the local ones.

An upcoming commit needs conntrack zone allocation for routers
in a gateway. For that reason, this commit moves conntrack zone
allocation code to ovn-controller.c where it would be easily
accessible for router zone allocation too.

Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

ovn: Introduce l3 gateway router.

Currently OVN has distributed switches and routers. When a packet
exits a container or a VM, the entire lifecycle of the packet
through multiple switches and routers are calculated in source
chassis itself. When the destination endpoint resides on a different
chassis, the packet is sent to the other chassis and it only goes
through the egress pipeline of that chassis once and eventually to
the real destination.

When the packet returns back, the same thing happens. The return
packet leaves the VM/container on the chassis where it resides.
The packet goes through all the switches and routers in the logical
pipleline on that chassis and then sent to the eventual destination
over the tunnel.

The above makes the logical pipeline very flexible and easy. But,
creates a problem for cases where you need to add stateful services
(via conntrack) on switches and routers.

For l3 gateways, we plan to leverage DNAT and SNAT functionality
and we want to apply DNAT and SNAT rules on a router. So we ideally need
the packet to go through that router in both directions in the same
chassis. To achieve this, this commit introduces a new gateway router which is
static and can be connected to your distributed router via a switch.

To make minimal changes in OVN's logical pipeline, this commit
tries to make the switch port connected to a l3 gateway router look like
a container/VM endpoint for every other chassis except the chassis
on which the l3 gateway router resides. On the chassis where the
gateway router resides, the connection looks just like a patch port.

This is achieved by the doing the following:
Introduces a new type of port_binding record called 'gateway'.
On the chassis where the gateway router resides, this port behaves just
like the port of type 'patch'. The ovn-controller on that chassis
populates the "chassis" column for this record as an indication for
other ovn-controllers of its physical location. Other ovn-controllers
treat this port as they would treat a VM/Container port on a different
chassis.

Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

ovn-northd: Support connecting multiple routers to a switch.

Currently we can connect routers via "peer"ing. This limits
the number of routers that can be connected with each other
directly to 2.

One of the design goals for L3 Gateway is to be able to
have multiple gateways (each with their own router)
connected to a distributed router via a switch.

With the above goal in mind, this commit gives the general
ability to connect multiple routers via a switch.

Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

AUTHORS: Add Dustin Lundquist.

Signed-off-by: Ben Pfaff <blp@ovn.org>

ovn-northd: Restrict use of unspecified source addresses

Restrict use of the unspecified source addresses (:: and 0.0.0.0) to
traffic necessary to obtain an IP address. DHCP discovery messages for
the IPv4 case, and ICMP6 types necessary for duplicate address detection
for IPv6.

This breaks the existing ovn -- portsecurity : 3 HVs, 1 LS, 3 lports/HV
test since it tests sourcing IPv6 packets from the unspecified address
with and invalid ICMPv6 type (0). Modified this test should be extended
to verify ICMPv6 types for DAD are permitted, and other IPv6 traffic
sourced from the unspecified address are dropped.

Signed-off-by: Dustin Lundquist <dustin@null-ptr.net>
Signed-off-by: Ben Pfaff <blp@ovn.org>

tests: Add a tunnel packet-out test.

We only stress the same code path in testcase "ovn -- 3 HVs, 3 LS,
3 lports/LS, 1 LR", which is slow to execute under valgrind.

It's probably worth adding a separate case.

Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Ben Pfaff <blp@ovn.org>

tests: Wait for ARPs to be sent in tunnel-push-pop.

Otherwise the tests can fail under heavy load (or with valgrind).

Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Ben Pfaff <blp@ovn.org>

netdev-dpdk: vhost-user port link state fix

OVS reports that link state of a vhost-user port (type=dpdkvhostuser) is
DOWN, even when traffic is running through the port between a Virtual
Machine and the vSwitch. Changing admin state with the
"ovs-ofctl mod-port <BR> <PORT> up/down" command over OpenFlow does
affect neither the reported link state nor the traffic.

The patch below does the flowing:
- Triggers link state change by altering netdev's change_seq member.
- Controls sending/receiving of packets through vhost-user port
according to the port's current admin state.
- Sets admin state of newly created vhost-user port to UP.

Signed-off-by: Zoltán Balogh <zoltan.balogh@ericsson.com>
Co-authored-by: Jan Scheurich <jan.scheurich@ericsson.com>
Signed-off-by: Jan Scheurich <jan.scheurich@ericsson.com>
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>

ofproto-dpif: Cache result of time_msec() for rule_expire().

In the run() function of ofproto-dpif we call rule_expire() for every
possible flow that has a timeout and rule_expire() calls time_msec().
Calling time_msec() repeatedly can be pretty expensive, even though most
of the time it involves only a vdso call.

This commit calls time_msec only once in run(), to reduce the workload.

Keeping the flows ordered by expiration in some kind of heap or timing
wheel data structure could help make this process more efficient, if
rule_expire() turns out to be a bottleneck.

VMware-BZ: #1655122
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Ben Pfaff <blp@ovn.org>

netdev-vport: Update copyright headers

Red Hat has contributed to the original code that has moved to netdev-native-tnl
module and to code that has been kept in netdev-vport as well.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Jesse Gross <jesse@kernel.org>

netdev-vport: remove unneeded headers

Throughout the years, changes in netdev vport have removed the need for some of
the headers, like shash, hmap, and many others. With the recent split of
push/pop code, less headers are needed in each of the two modules.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Jesse Gross <jesse@kernel.org>

system-tests: fix module removal during cleanup

Currently, cleanup files for system tests will look like this:

modprobe -q -r vport_vxlan
modprobe -q -r vport_sttmodprobe
modprobe -q -r vport_lispmodprobe
modprobe -q -r vport_gremodprobe
modprobe -q -r vport_genevemodprobe
modprobe -r openvswitch

This is caused by a missing newline in m4_foreach EXPRESSION and the fact that
on_exit is a shell function. It was being expanded like this:

on_exit 'modprobe -q -r vport_genevemodprobe' -q vport_gre

Fixes: 53eb8cb83013 ("tests: Replace ON_EXIT m4 macro by on_exit() shell function.")
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Joe Stringer <joe@ovn.org>