git.cascardo.eti.br Git - cascardo/ovs.git/log

dpif-netdev: Don't run port names through netdev_vport_get_dpif_port().

The ports that exist within a dpif have already been translated through
netdev_vport_get_dpif_port(), so there is no value to translating them
again in the interfaces that query or dump ports (and possibly a drawback
if somehow the translation could change).

After this change, dpif-netdev translates port names in just one place,
the port_add path, which makes dpif-netdev act the same way as dpif-linux
in this respect.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: Do not give stats to rules bypassed by "drop" frag policy.

When the OFPC_FRAG_DROP policy is in effect, IP fragments are supposed to
be dropped before they reach the flow table. Open vSwitch properly dropped
IP fragments in this case, but still accounted them to the packet and byte
counters for the flow that they would have hit if the OFPC_FRAG_NX_MATCh
policy had been in effect.

Reported-by: love you <thunder.love07@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: Don't count misses in OpenFlow table stats.

Originally no rule existed for packets that did not match an
OpenFlow flow and therefore every packet with a rule could be
counted as a hit. However, newer versions of OVS have hidden
miss rules so this is no longer true. To return the correct
table stats, this subtracts packets that hit the miss rule
from the total and removes the separate counter.

Reported-by: love you <thunder.love07@gmail.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

packets: Fix typo in reserved multicast Ethernet addresses.

The reserved multicast Ethernet addresses begin with 01:80:c2, not
01:08:c2.

Reported-by: Padmanabhan Krishnan <kprad1@yahoo.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

Always use valid ids pointer in dec_ttl_cnt_ids_from_openflow()

Always update the ids pointer after calling ofpbuf_put()
to ensure that it is valid when accessed.

During testing a case came up where the call to ofpbuf_put() in the
for (i = 0; i < ids->n_controllers; i++) loop would cause the underlying
buffer to be reallocated. This resulted in ids->n_controllers being an
incorrect value, the loop continuing on longer than desired and finally a
segmentation fault.

Reported-by: Joe Stringer <joe@wand.net.nz>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>

cfm: Update netdev when changed.

If ofproto decided to change the netdev of a particular ofport,
cfm_demand mode would improperly continue using the old netdev to
collect stats.

Bug #17583.
Signed-off-by: Ethan Jackson <ethan@nicira.com>

INSTALL: Add documentaion for hot upgrades.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

ovs-ctl.in: Restore flows with vswitchd packet processing disabled.

It has been observed that when we upgrade openvswitch with
thousands of openflow flows already established and there is heavy
traffic going through the switch, restoring flows can take a very
long time (8 minutes in one use case) with CPU running at 100%.
This can make the upgrade very expensive.

This commit starts vswitchd by asking it to wait till flow restore is
finished. Once the flows are restored, it resumes normal operations.

Bug #16086.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

ovs-ctl.in: Add manager after restoring flows.

Currently we are adding the manager after starting ovs-vswitchd.
Instead, add the manager after flow restore is completed.

Bug #16086.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

ovs-vswitchd: An option to wait for userspace flow restore to complete.

While upgrading openvswitch, it helps to restore openflow flows before
starting packet processing. Typically we want to restart openvswitch,
add the openflow flows and then start packet processing.

To do this, we look for the other_config:flow-restore-wait column
in the Open_vSwitch table during startup. If set as true, we disable
receiving packets from the datapath, expiring or flushing flows and
running any periodic ofproto activities. This option does not prevent
the addition and deletion of ports. Once this option is set to false,
we return to normal processing.

An upcoming commit will use this feature in Open vSwitch startup scripts.

Bug #16086.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

ofproto-dpif.c: Modify vsp_realdev_to_vlandev() function

Commit 52a90c29 (Implement new "VLAN splinters" feature) passed in OpenFlow
port number to vsp_realdev_to_vlandev() function which asks for datapath port
number.

This patch fixes this bug by making the vsp_realdev_to_vlandev() function
take in and return OpenFlow port number.

Signed-off-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif: Revamp xlate_actions() interface.

This patch implements a new interface to xlate_actions which, aside
from being simpler and more intuitive, achieves several goals. It
pulls all of xlate_actions() results into a single structure which
will be easier to cache and pass around in future. And it shields
xlate_ctx from the rest of the code, making it possible to factor
xlate_actions() in the future (hopefully).

Signed-off-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: Rename action_xlate_ctx.

This patch changes the name of action_xlate_ctx to xlate_ctx. Aside
from being a bit snappier, it fits more cleanly with structures
added in future patches.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: Move odp_actions from subfacet to facet.

Upon close inspection, it appears that it's not possible for
actions to differ between subfacets belonging to a given facet.
Given this fact, it makes sense to move datapath actions from
subfacets to their parent facets. It's both conceptually more
straightforward, and necessary for future threading and megaflow
work.

Co-authored-by: Justin Pettit <jpettit@nicira.com>
Signed-off-by: Ethan Jackson <ethan@nicira.com>

odp-util: Make slow_path_reasons mutually exclusive.

It's no longer possible for a single datapath flow to be slow
pathed for two different reasons. This patch updates the code to
reflect this fact (marginally simplifying it).

Signed-off-by: Ethan Jackson <ethan@nicira.com>

ofproto: Ditch SLOW_IN_BAND slow path reason.

Before this patch, when in band control was enabled, every DHCP
packet had to be sent to userspace to calculate it's actions.
Those DHCP packets intended for the local port would have a special
action added to ensure they actually make it there.  This
unnecessarily complicates the code, so this patch takes a slightly
different approach.  When in-band is enabled, *all* DHCP packets
must be sent to the local port.  This guarantees that
xlate_actions() returns the same result every time for a given
flow.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: Ditch SLOW_MATCH slow path reason.

Before this patch, datapath keys with ODP_FIT_TO_LITTLE, would be
assigned subfacets and installed in the kernel with a SLOW_MATCH
slow path reason.  This is problematic, because these flow keys
can't be reliable converted into a 'struct flow' thus breaking a
fundamental assumption of ofproto-dpif.  This patch circumvents the
issue by skipping facet creation for these flows altogether.  This
approach has the added benefit of simplifying the code for future
patches.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

ofpbuf: New helper ofpbuf_equal().

Used in future commits.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: Avoid redundant facet_find() in facet_lookup_valid().

Suggested-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: handle_flow_miss_common() without facets.

handle_flow_miss_common() is intended to be called whether or not a
miss needs a facet. Found by inspection.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

debian: Don't fail ovs-controller restart if daemon not running.

Reported-by: Maxime Brun <m.brun@alphalink.fr>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

ovs-xapi-sync: Handle exceptions from XAPI for get_single_bridge_id.

There are possibilities when records disappear underneath ovs-xapi-sync.
In this particular case, when VLAN network was deleted, the corresponding
record in bridge's external_ids:xs_network_ids column was not deleted by
xenserver. In situations like that handle the exceptions cleanly.

Bug #17390.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

cfm: Implement "demand mode".

The new CFM "demand mode" (named after BFD's demand mode) uses
data traffic to indicate interface liveness. It's helpful on
heavily congested networks where CCMs may be dropped.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

don't forget to define HAVE_BACKTRACE

Signed-off-by: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovs-xapi-sync: Handle multiple xs-network-uuids for xs 6.1.

For xenservers with version less than 6.1, interface reconfiguration
happened through interface-reconfigure scripts in this repo. In cases
where there were multiple xs-network-uuids for a single bridge,
interface-reconfigure script would add the network uuid associated
with the non-VLAN network as the first record. ovs-xapi-sync would
just blindly use the first record to create the bridge-id

But it looks like for xenserver 6.1, interface-reconfigure script
is no longer used and xenserver natively writes the xs-network-uuids.
So, in ovs-xapi-sync we no longer can copy the first value in
xs-network-uuids as bridge-id. This commit fetches the PIF record
for each xs-network-uuids and the network that does not have a VLAN
associated with it is copied over to bridge-id.

Bug #17090.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

datapath: Fix compilation with Linux kernel 3.7.

Definition of __sum16 and __wsum is moved to uapi header.
Following patch adds check in config script for second possible
header.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

ofproto-dpif: Make fin_timeout work when governor kicks in.

The xlate_actions() call in handle_flow_miss_without_facet() didn't
implement fin_timeout properly because tcp_flags wasn't getting set.

I have not tested that this fixes the problem, but it seems "obviously
correct".

Bug #16506.
Reported-by: Ying Chen <yingchen@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

INSTALL: Finish sentence about running tests with valgrind.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

flow: Fix IPv6 fragment packet handling

IPv6 fragmented packet (except first fragment) will not be handled
correctly. When extracting packet at parse_ipv6(), although nw_frag
should have both of FLOW_NW_FRAG_ANY and FLOW_NW_FRAG_LATER for
later fragment, only FLOW_NW_FRAG_LATER is set.

Signed-off-by: Takashi Kawaguchi <kawaguchi-takashi@mxd.nes.nec.co.jp>
Signed-off-by: Ken Ajiro <ajiro@mxw.nes.nec.co.jp>
Signed-off-by: Jesse Gross <jesse@nicira.com>

meta-flow: Make 'in_port' field writable.

OpenFlow says that an "output" action to a flow's input port is ordinarily
dropped, unless the flow explicitly outputs to OFPP_IN_PORT.  We've
occasionally been asked to implement some way to avoid this behavior in
cases where it is not easily known in advance whether a given port is the
input port (so that OFPP_IN_PORT is not easy to use).

This commit implements such a feature.  With this commit, one may write:
    actions=load:0->NXM_OF_IN_PORT[],output:123
which will output to port 123 regardless of whether it is the input port.
If the input port is important, then one may save and restore it on the
stack:
    actions=push:NXM_OF_IN_PORT[],load:0->NXM_OF_IN_PORT[],output:123,
            pop:NXM_OF_IN_PORT[]

(Sometimes I am asked whether "resubmit" changes the in_port and would
therefore interact badly with this feature.  It does not.   "resubmit" only
(optionally) changes the in_port used for the resubmit's flow table lookup.
It does not otherwise have any effect on in_port.)

Bug #14091.
CC: Jarno Rajahalme <jarno.rajahalme@nsn.com>
CC: Ronghua Zhang <rzhang@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif: Avoid figuring out sFlow and IPFIX actions twice.

Not only is it easier to re-use the actions we already have, this avoids
potential problems due to the state that add_sflow_action() and
add_ipfix_action() look at having possibly been changed by
do_xlate_actions(). Currently those functions appear to look only at
the flow's 'in_port', which currently can't change. However, an upcoming
commit will make it possible for actions to change the flow's 'in_port',
and in addition, with this change, one doesn't have to wonder whether these
functions might look at other state that translation might change.

Signed-off-by: Ben Pfaff <blp@nicira.com>

ovs-pki: Reduce CA certificate validity to 10 years to fix 32-bit OpenSSL.

Before I applied this commit, when I generated CA certificate with OpenSSL
0.9.8o on my 32-bit Debian system, I got a certificate that expired
sometime in 1977. This made all SSL-based tests fail with an invalid
certificate.

32-bit time_t only extends to 2038, so this must be a bug in OpenSSL.
This commit works around the problem by reducing the validity period of
certificates to 10 years.

CC: Gurucharan Shetty <gshetty@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovsdb-client: Fix recently introduced svec_sort() bug.

Commit 66980be9 (ovsdb-client: Avoid assertion with multiple databases.)
passed in a pointer to an svec pointer, when it should have just been an
svec pointer. This corrects the bug.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

ovsdb-client: Avoid assertion with multiple databases.

When using ovsdb-client with an ovsdb-server with multiple databases, an
assertion could trigger due to them being returned in non-sorted order.
This commit changes the fetch_dbs() function to always return databases
in sorted order, since both callers are expecting that behavior.

Bug #16882

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Reported-by: Spiro Kourtessis <spiro@vmware.com>

netdev-bsd: Use UINT64_MAX for unsupported stats.

As documented in netdev-provider.h for the get_stats method.

Signed-off-by: Ed Maste <emaste@freebsd.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>

Change sFlow model to reflect per-bridge sampling

Until now, we were presenting a separate sFlow data-source (sampler) for
each ifIndex-interface.  This caused problems with samples that did not
easily map to an ifIndex being aliased together and breaking the sFlow
containment rules.  This patch changes the model to present a single sFlow
data-source for each bridge.  Now we can still make all reasonable effort
to map packet samples to ingress/egress ifIndex numbers, knowing that the
fallback to "unknown" does not break the sFlow model.  Note that
interface-counter-polling is still handled the same way as before, with
sFlow counter-polling data only being exported for ifIndex-interfaces.

Signed-off-by: Neil Mckee <neil.mckee@inmon.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

dpif-linux: Close channel Netlink sockets when a port number gets recycled.

When ovs-vswitchd deletes a port with dpif_linux_port_del(), that function
uses del_channel() to delete the corresponding channel, including closing
its Netlink socket fd. However, if the vport gets removed by some other
process (e.g. "ip link delete" for veths) then this function never gets
called and thus the channel never gets deleted.

This commit partially fixes the problem. Now, if a port number gets
reused, add_channel() closes the old Netlink socket assigned to that port
before it installs the new one.

Bug #16784.
Reported-by: Paul Ingram <paul@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

Revert "Prepare for post-1.11.0 (1.11.90)."

This reverts commit 9f31efc731090e8d33236c55a4adbf461f3acbd1.

This is the 1.11.0 release, so this patch doesn't belong.

Set release date for 1.10.0.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

ovs-sandbox: Use $schema for creating the db.

The code here went to some trouble to properly set $schema and then
ignored it.

Signed-off-by: Duffie Cooley <dcooley@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif: Fix 'size' argument to fix_sflow_action().

The sflow action only uses 8 bytes of the total 16 for user_action_cookie,
but fix_sflow_action() was checking for the presence of all 16, so if the
sflow action wasn't followed by a few other actions then 'cookie' would
end up NULL and the assertion would segfault.

Bug #16659.
Reported-by: Dhaval Badiani <dbadiani@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

worker: Prevent worker from being responsible for pidfile deletion.

Currently we are creating the worker process after creation of the pidfile.
This means that the responsibility of deleting the pidfile after process
termination rests with the worker process.

When we restart openvswitch using the startup scripts, we SIGTERM the main
process and once it is cleaned up, we start ovs-vswitchd again. This results
in a race condition. The new ovs-vswitchd will create a pidfile because it is
unlocked. But, if the old worker process exits after the start of new
ovs-vswitchd, it will simply delete the pidfile underneath the new ovs-vswitchd.
This will eventually result in multiple ovs-vswitchd daemons.

This patch gives the responsibility of deleting the pidfile to the main
process.

Bug #16669.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

vswitchd: Disable system stats collection on a concurrently running daemon.

There are very rare cases (ex: ovs-vswitchd.pid is inadvertantly deleted),
when multiple ovs-vswitchd daemons can end up running at the same time.
In a situation like that one of the daemons can wait on the poll()
with a 0 ms wait time as it would be expecting system stats to be collected.

But system stats are never run for the daemon that does not have the
lock on the database and hence it takes up 100% of the CPU if its state
machine for stats collection previously was S_WAITING.

With this patch, we disable the system stats collection for the daemon that
does not have the database lock. When it eventually gets the lock on the
database, system stats are automatically enabled if other_config:\
enable-statistics=true.

Bug #16669.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

netlink-socket: Use xmalloc() instead of malloc().

This was the only obvious use of bare malloc() in the tree, other
than in the implementation of wrapper functions.

Signed-off-by: Ben Pfaff <blp@nicira.com>

netlink-socket: Minor style fix.

Signed-off-by: Ben Pfaff <blp@nicira.com>

timeval: Remove prototype for unimplemented function.

Signed-off-by: Ben Pfaff <blp@nicira.com>

Prepare for post-1.11.0 (1.11.90).

Signed-off-by: Justin Pettit <jpettit@nicira.com>

Prepare for 1.11.0

Signed-off-by: Justin Pettit <jpettit@nicira.com>

datapath: Use generic struct pcpu_tstats.

Rather than defining ovs specific stats struct (vport_percpu_stats),
we can use existing pcpu_tstats to achieve exactly same functionality.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

dpif-netdev: Update max_mtu correctly.

What a dumb bug.

Signed-off-by: Ben Pfaff <blp@nicira.com>

vxlan: Correct comments and NEWS to reflect IANA port assigment.

Signed-off-by: Jesse Gross <jesse@nicira.com>

Add FAQ entries around the VXLAN support in Open vSwitch.

Add a section to the FAQ explaining VXLAN with a pointer to the IETF draft.
Add sections detailing how much of the VXLAN protocol is currently supported
in OVS, along with a section explaining the default UDP port and how to change
this when creating VXLAN ports.

Signed-off-by: Kyle Mestery <kmestery@cisco.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

Update the default VXLAN destination UDP port to the IANA assigned port

VXLAN was recently assigned UDP port 4789 by IANA. This
comit updates the OVS VXLAN implementation to reflect the new UDP port
number.

Cc: Kenneth Duda <kduda@aristanetworks.com>
Signed-off-by: Kyle Mestery <kmestery@cisco.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

bridge: Report PID of yielding process when multiple instances run.

Normally, the daemon code will detect when multiple instances are run
and print the conflicting PID. However, if ovs-vswitchd is not run in
daemon mode or the pidfile is removed, a database lock is checked. The
message it prints wasn't specific enough about which process was backing
off due to not getting the lock.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

datapath: Account for RHEL6.4 backports in compat layer

Explicitly check the availability of several kernel API functions
instead of relying on the kernel version to account for Red Hat
Enterprise Linux backports.

Signed-off-by: Thomas Graf <tgraf@redhat.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

datapath: Use openvswitch_handle_frame hook in >=RHEL6.4 to live side by side with bridging

Due to the missing register rx_handler API in the kernel RHEL6 is
based on, the datapath currently falls back to using the bridging
hook with the consequence that bridging and OVS cannot be used in
parallel on any RHEL6 release.

For this purpose, >=RHEL6.4 releases provide a special rx frame hook
to be used by OVS. It captures frames at the same location in the
stack as the rx_handler would do in more recent kernel releases. In
order to store the vport pointer, the net_device's ax25_ptr field is
utilized under the assumption that an AX25 device will never be
attached to an OVS bridge.

Signed-off-by: Thomas Graf <tgraf@redhat.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

FAQ: Explain why VMs on a VLAN can't access the Internet.

Signed-off-by: Ben Pfaff <blp@nicira.com>

match: Correct formatting of MPLS

1. mpls or mplsm should be included in the formatted match  instead of
   dl_type=0xXXXX if the dl_type of the match is ETH_TYPE_MPLS or
   ETH_TYPE_MPLS_MCAST respectively. This is consistent with the treatment
   of other dl_types in match_format().

2. Add formatting of MPLS TTL to match_format().
   The format is mpls_ttl=YY.

3. Set the mpls_lse mask of a match to all 1's if
   the dl_type of the flow is ETH_TYPE_MPLS or ETH_TYPE_MPLS_MCAST.
   This will cause mpls_label=LLLL,mpls_tc=W,mpls_ttl=YY,mpls_bos=Z to
   be included with the match is formatted.

4. mpls(label:LLLL,tc:W,ttl:TT,bos:Z) and
   mplsm(label:LLLL,tc:W,ttl:TT,bos:Z) should not be included
   in a formatted match as this is not consistent with the
   formatting of other match elements.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>

FAQ: Describe how to connect bridges with patch ports.

I keep seeing this question.

Signed-off-by: Ben Pfaff <blp@nicira.com>

timeval: Check for HAVE_BACKTRACE instead of HAVE_EXECINFO_H.

Other code in the tree uses HAVE_BACKTRACE and then blindly includes
<execinfo.h> if it is present, so this doesn't make anything worse.

Once we do that, HAVE_EXECINFO_H has no further users, so this commit also
removes the check for <execinfo.h>

Reported-by: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>

deal with platforms where backtrace() is in a different library than libc.

execinfo for NetBSD and ubacktrace for uClibc.
i don't know if the latter is relevant to Open vSwitch, though.

Signed-off-by: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>

debian: force-reload-kmod while package upgrading.

Currently, when we upgrade openvswitch packages, we do a restart
of userspace daemons automatically. This does not replace the
kernel module.

But almost everytime, we want to use the new kernel module
that comes with the new version. This means that we need to
manually do a "force-reload-kmod". This step, reloads the
kernel module and also restarts the userspace daemons. This gives
us a total of two restarts of userspace daemons. This is quite
expensive in a hypervisor with hundreds of VMs sending real traffic.
This also hurts the controller as it gets two reconnections in a short
amount of time.

With this patch, during a package upgrade, if the kernel module
on disk is different than the one that is loaded, we will
automatically do a force-reload-kmod while openvswitch-switch
is installed. If not, we will just do a "restart" like before.

One can install the kernel package first and then install the userspace
packages in 2 separate steps to enforce a single 'force-reload-kmod'.

If anyone wants to just restart the userspace package instead of
force-reload-kmod, they can set the value of OVS_FORCE_RELOAD_KMOD=no
while installing the package.
Ex: OVS_FORCE_RELOAD_KMOD=no dpkg -i openvswitch-switch*

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

INSTALL.Debian: Update instructions related to package ordering.

If we install the userspace packages first, without a kernel module
present in the correct path, we get an error because package install
automatically tries to start the userspace daemons and we look for
a kernel module to load.

Installing a kernel module package first and then following it by
userspace package sounds like the correct way to do it. This change
in ordering helps my next commit.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

FAQ: Explain how to drop packets.

This question keeps coming up.

Signed-off-by: Ben Pfaff <blp@nicira.com>

tutorial: Correct typos.

Reported-by: Yeming Zhao <zhaoyeming@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

Implement IPFIX export

Define a new NXAST_SAMPLE OpenFlow vendor action and the corresponding
OFPACT_SAMPLE OVS action, to do per-flow packet sampling, translated
into a new SAMPLE "flow_sample" dp action.

Make the userspace action's userdata size vary depending on the union
member used.  Add a new "flow_sample" upcall to do per-flow packet
sampling.  Add a new "ipfix" upcall to do per-bridge packet sampling
to IPFIX collectors.

Extend the OVSDB schema to support configuring IPFIX collector sets.
Add support for configuring multiple IPFIX collectors for per-flow
packet sampling.  Add support for configuring per-bridge IPFIX
sampling.

Automatically generate standard IPFIX entity definitions from the IANA
specs.  Send one IPFIX data record message for every packet sampled by
an OpenFlow sample action or received by a bridge configured with
IPFIX sampling, and periodically send IPFIX template set messages.

Signed-off-by: Romain Lenglet <rlenglet@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

Restore all flow changes by compose_output_action__().

This makes sure that output actions leave no changes to any flow fields,
while all explicit set_field actions are retained across output actions.

Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif: Restore flow nw_tos in all cases.

Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

odp-util: Keep base flow in sync with the kernel view.

Change the base flow only if a corresponding kernel action is generated
in commit_odp_tunnel_action().

Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

use RT_ROUNDUP on NetBSD

Signed-off-by: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>

include some headers to satisfy header file dependencies on NetBSD-6

while this change don't seem to be necessary on NetBSD-current,
NetBSD-6 is the latest release at this point.

Signed-off-by: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>

some ctype related casts to suppress gcc warnings on NetBSD

where it can't be EOF, cast a value to unsigned char before passing it
to ctype functions to avoid unintended sign extension.

Signed-off-by: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>

be compilable even when _SC_PHYS_PAGES is not available

Signed-off-by: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>

change the type of popcount unsigned

it's a natural choice and compatible with a version found in NetBSD libc.

Signed-off-by: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>

invoke perl as ${PERL}

as suggested by Ben Pfaff.

Signed-off-by: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>

explicitly invoke perl for uuidfilt.pl (rather than via shebang)

depending on a platform, perl might not be /usr/bin/perl.
eg. on NetBSD it's usually /usr/pkg/bin/perl.

Signed-off-by: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovs-pki: Add NetBSD case for test

Signed-off-by: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>

include strings.h for strcasecmp

while this is not the only place strcasecmp is used without an
explicit inclusion of the header, it's the only place gcc complains
on my environment. for other places, probably the header is included
indirectly via other headers, i guess.

Signed-off-by: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>

remove remaining pkg-config references

Signed-off-by: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>

use ax_check_openssl.m4 instead of a direct use of pkg-config.

on some platforms, including NetBSD-6, openssl is available but
its pkg-config files (*.pc) are not. according to Ed Maste,
this is the case for FreeBSD as well.

Signed-off-by: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>

add ax_check_openssl.m4

this file is obtained from:
http://git.savannah.gnu.org/gitweb/?p=autoconf-archive.git;a=blob_plain;f=m4/ax_check_openssl.m4;hb=5a7260331c7d13263126e35c5743fdc35cbc2894

Signed-off-by: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>

fix an obvious mistake in a test of IFM_ETHER

fix a bug in FreeBSD code. the fix is suggested by Ed Maste.

Signed-off-by: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>

Add a tutorial for advanced Open vSwitch features.

Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath: Fix struct vport comment.

Removes remaining part of comment about `linkname` vport member.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

datapath: Fix inconsistency in upstream and out of tree ovs module.

There is a inconsistent ordering in function ovs_vport_cmd_set()
between upstream and out of tree ovs module. Following patch
fixes it by releasing lock before calling ovs_notify.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

ovsdb-server: Announce bound listening ports as status:bound_port.

The administrator can request that OVSDB bind any available TCP port, but
in that case there is no easy way to find out what port it has bound. This
commit adds that information as the "bound_port" key in the "status"
column.

Signed-off-by: Ben Pfaff <blp@nicira.com>

tests: Avoid race conditions, by letting the kernel choose ports to bind.

An occasionally occurring problem with "make check", especially when
parallel tests are enabled, is that multiple tests try to bind the same
TCP port and, of course, fail. This happens because the code to select
a TCP port to bind just generates random numbers until it finds a port that
is not currently in use and uses the first one, which is of course prone
to races.

This commit changes the tests to let the kernel directly choose an
available port, which should avoid this type of failure.

Also, some of the tests that generated a random free TCP port actually
used the port number to bind a UDP socket, which of course doesn't work
well. This commit fixes that problem too as a side effect.

Signed-off-by: Ben Pfaff <blp@nicira.com>

socket-util: Log kernel-chosen bound ports in inet_open_passive().

Usually, for passive sockets, one wishes to bind a particular well-known
port, so that clients can easily connect.  But automated tests cannot
necessarily bind a well-known port, because that would cause multiple
concurrent tests to interfere with each other or with a real instance of
the service running on the system.  They could bind to a randomly selected
port chosen by the user (the Open vSwitch automated tests currently do this)
but this leads to occasional "false negative" test failures when the port
selected happens to be in use.

The best alternative for automated tests is to let the kernel choose a
port that is not otherwise in use, which can be accomplished by specifying
port 0.  But in that case there is no easy way for other software to know
what port the kernel chose.  This commit fixes that problem one way by
logging the bound port when it is chosen by the kernel.

Signed-off-by: Ben Pfaff <blp@nicira.com>

tests: Make test-netflow, test-sflow accept all logging options.

An upcoming patch will start using the --log-file option with these test
programs, so they need to support it.

Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath: Fix stale comment in flow.c.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

sparse: Support recent distributions

sparse support seems to be broken on some recent Linux distributions.
For example, ubuntu 12.04 with Linux 3.5 kernel, and Debian latest test
distribution, running Linux 3.2 kernel.

On both systems that sparse was broken, It was not able find the header files
in the default system include directories. GCC finds them by default.

This patch adds the required GCC default search path when running sparse.

Tested on:

Ubuntu 12.04 - w/ linux 3.5 kernel
Debian-6 March test distribution - w/ linux 3.2 kernel

Signed-off-by: Andy Zhou <azhou@nicira.com>
[blp@nicira.com also tested on Debian squeeze and wheezy (testing)]
Signed-off-by: Ben Pfaff <blp@nicira.com>

python: fix a typo error in python/ovs/socket_util.py.

The commit 89d7ffa9 (python: Workaround UNIX socket path
length limits), fixes most failed tests. But it has a
typo and the typo causes the failure of test <unixctl
server errors - Python> when the path length is very
long (e.g. more than 90 characters).

This patch fixes the above issue.

Signed-off-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

Correctly implement the OpenFlow 1.2+ OXM_OF_IP_DSCP field.

NXM puts the DSCP value in bits 2-7 of NXM_OF_IP_TOS.
OXM puts the DSCP value in bits 0-6 of OXM_OF_IP_DSCP.

Before this commit, Open vSwitch incorrectly implemented OXM_OF_IP_DSCP
with the same format as NXM_OF_IP_TOS. This commit fixes the problem and
adds a test (previously missing but I don't know why).

Reported-by: Hiroshi Miyata <miyahiro.dazu@gmail.com>
Tested-by: Hiroshi Miyata <miyahiro.dazu@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

INSTALL.XenServer: Add a note for tunnel firewall rules.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

rhel: Remove the firewall hole that we create for GRE.

Till now, by default, we add firewall holes for
gre traffic. There may be users that do not use GRE tunnels
and they may be surprised with this behavior. So, don't add
the firewall rules by default and update the documentation
to mention the same.

This patch does not remove the default GRE firewall rule for
xenserver because xenserver has a feature called "Cross-Host
Internal Networks" (CHIN) that uses GRE.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

Revert "rhel, xenserver: Punch holes through firewall for VXLAN."

This reverts commit 5902b4ed6.

For end users that do not plan to use tunnels or use only selected
tunnels, it probably is a bad idea to punch firewall holes by default.
Opening holes like this may surprise the user.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

list: Style fixes.

Signed-off-by: Ben Pfaff <blp@nicira.com>

python/ovs/poller.py: workaround an eventlet bug

Signed-off-by: YAMAMOTO Takashi <yamamoto@valinux.co.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>

debian: build with debugging symbol

Signed-off-by: Zang MingJie <zealot0630@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

INSTALL: Admit that only GNU make works.

I promised some time ago to take a look at fixing the behavior of the
Makefiles with non-GNU make, but it doesn't realistically seem that I will.

CC: Ed Maste <emaste@freebsd.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>