Nithin Raju [Mon, 7 Dec 2015 23:13:03 +0000 (15:13 -0800)]
datapath-windows: Reduce padding size in _OVS_PACKET_HDR_INFO.
Fixes:
efee3309 ("datapath-windows: Support for OVS_KEY_ATTR_SCTP attribute")
Signed-off-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Ben Pfaff [Wed, 23 Dec 2015 07:27:45 +0000 (23:27 -0800)]
ovs-benchmark: Fix memory leak.
This leak is not a real problem.
Reported-by: xushengping
Reported-at: https://github.com/openvswitch/ovs/pull/100
Signed-off-by: Ben Pfaff <blp@ovn.org>
William Tu [Fri, 11 Dec 2015 01:58:15 +0000 (17:58 -0800)]
ofp-actions: Add padding in ofpacts_pull_openflow_instructions()
ofpacts_pull_openflow_instructions() should fill 'ofpacts' with a list
of OpenFlow actions and each action (including the last one) should be
padded to OFP_ACTION_ALIGN(8) bytes.
In most of the cases this is taken care of (e.g. by ofpacts_decode), but
for the Goto-Table instruction (and Clear-Actions, based on a quick code
inspection), this wasn't the case.
This caused the copy operation in recirc_unroll_actions() to read two
extra bytes after an allocated area (not a big deal, but enough to
displease the AddressSanitizer).
Signed-off-by: William Tu <u9012063@gmail.com>
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Co-authored-by: Daniele Di Proietto <diproiettod@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
William Tu [Fri, 11 Dec 2015 01:58:13 +0000 (17:58 -0800)]
test-classifier: Use `in_port.ofp_port`, instead of `in_port`.
The test uses 16-bit ofp_port_t, however the struct flow member
`in_port` is 32-bit, causing a memcpy to read uninitialized data.
We should restrict the test to the `ofp_port` member of the `in_port`
union
Signed-off-by: William Tu <u9012063@gmail.com>
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Co-authored-by: Daniele Di Proietto <diproiettod@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Simon Horman [Tue, 1 Dec 2015 06:03:16 +0000 (15:03 +0900)]
flow: Pass last field to miniflow_pad_to_64().
Make miniflow_pad_to_64() a little more robust with regards to updates to
struct flow by passing the last field, whose end should be considered for
padding, rather than the next field, whose start should be considered.
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Zoltán Balogh [Wed, 23 Dec 2015 01:10:40 +0000 (17:10 -0800)]
ofproto: Remove flows from all tables upon group deletion.
When a group is deleted, all flows which include a Group action with the ID
of the deleted group should be removed. Until now, only flows in table 0
were removed. This fixes the problem.
Signed-off-by: Zoltán Balogh <zoltan.balogh@ericsson.com>
[blp@ovn.org added a test]
Signed-off-by: Ben Pfaff <blp@ovn.org>
Flavio Leitner [Tue, 22 Dec 2015 17:02:31 +0000 (15:02 -0200)]
ofp-util: return BAD_TYPE for consistency at ofputil_decode_group_mod().
Code earlier in this function validated that gm->type is valid, so
the default case at the end of the function would be impossible, but
since the code can change or perhaps get copied, return the correct
error to keep consistency and avoid reintroducing the bug fixed by
commit
09d4b951636b ("ofp-util: Reject bad group type and command
with error instead of abort.")
Signed-off-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Jesse Gross [Wed, 9 Dec 2015 20:55:17 +0000 (12:55 -0800)]
dpif-netdev: Avoid using uninitialized memory with tunnel options.
When handling an upcall with the userspace datapath, it's currently
possible for a flow from a packet with no tunnel options to come back
with matches on the options. If that happens, dpif-netdev will
attempt to translate the wildcards provided by ofproto into the format
used by dpif. The translation requires use of the original wildcards
from the flow, which since they didn't exist, is uninitalized memory.
Matching on fields which don't actually exist is itself a bug. However,
this can occur when we attempt to set a tunnel option on the packet -
ofproto generates a match on the field in the original packet. This is
being fixed separately.
In other situations where we have a match on an unexpected field, we
simply ignore it. This happens with tunnel options with the kernel
datapath, non-tunnel fields that don't exist in the packet, and even
with Geneve where we do have some options but not the particular one
that was matched on. This brings the same behavior for this case and
avoids the possibility of accessing uninitialized memory.
Reported-by: Daniele Di Proietto <diproiettod@vmware.com>
Signed-off-by: Jesse Gross <jesse@kernel.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Panu Matilainen [Tue, 1 Dec 2015 14:48:04 +0000 (16:48 +0200)]
rhel: Add support DPDK port creation via network scripts
Add support for creating a userspace bridge and the four DPDK port
types via network scripts + basic documentation.
Signed-off-by: Panu Matilainen <pmatilai@redhat.com>
Acked-by: Aaron Conole <aconole@redhat.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
mweglicx [Thu, 3 Dec 2015 07:30:16 +0000 (23:30 -0800)]
netdev_dpdk: pci_dev pointer check.
This change prevents netdev_dpdk from accessing pointer
which is not valid.
Signed-off-by: Michal Weglicki <michalx.weglicki@intel.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
William Tu [Tue, 22 Dec 2015 17:44:14 +0000 (09:44 -0800)]
tun-metadata: Fix memory leak in table_free()
Found by valgrind, test case 643.
Signed-off-by: William Tu <u9012063@gmail.com>
Signed-off-by: Jesse Gross <jesse@kernel.org>
Joe Stringer [Mon, 21 Dec 2015 23:56:40 +0000 (15:56 -0800)]
types: Define OVS_*128_MAX statically.
The previous definitions of these variables using designated
initializers caused a variety of issues when attempting to compile with
MSVC, particularly if including these headers from C++ code. By defining
them like this, we can appease MSVC and keep the definitions the same on
all platforms.
VMware-BZ: #
1517163
Suggested-by: Yin Lin <linyi@vmware.com>
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Daniele Di Proietto [Mon, 2 Nov 2015 22:44:30 +0000 (14:44 -0800)]
system-kmod-macros: Do not require the 'conntrack' tool.
We can use 'ovstest test-netlink-conntrack' instead. Now that it is
not required anymore, we can remove the HAVE_CONNTRACK macro in the
build system.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Joe Stringer <joe@ovn.org>
Daniele Di Proietto [Tue, 1 Dec 2015 00:32:43 +0000 (16:32 -0800)]
system-traffic: Use 'dpctl/dump-conntrack' for NAT tests.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Joe Stringer <joe@ovn.org>
Daniele Di Proietto [Mon, 2 Nov 2015 22:24:54 +0000 (14:24 -0800)]
system-traffic: use `dpctl/*conntrack` instead of `conntrack` tool.
Often in the tests we inspect the conntrack tables with the 'conntrack'
command line utility. Since this may not always be available, and since
these tests are supposed to run with the upcoming userspace connection
tracker, it is better to use the newly implemented dpctl command.
Due to the tcp state mapping done in tcp_state_coalesce(), SYN_RECV is
replaced by ESTABLISHED in four places in the testsuite. The rest of
the changes are just done to match the formatting style.
Also, check the conntrack entries for the IPv6 HTTP test.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Joe Stringer <joe@ovn.org>
Daniele Di Proietto [Thu, 29 Oct 2015 18:00:38 +0000 (11:00 -0700)]
ovstest: Add test-netlink-conntrack command.
Add a new test module to help debug Linux kernel conntrack development
unsing the netlink-conntrack module.
The tool has three uses:
* `ovstest test-netlink-conntrack dump [zone=zone]`
shows a list of the connection table
* `ovstest test-netlink-conntrack monitor`
displays the updates on the connection table, until killed with Ctrl-C
* `ovstest test-netlink-conntrack flush [zone=zone]`
empties connection (and therefore expectations table).
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Joe Stringer <joe@ovn.org>
Daniele Di Proietto [Wed, 28 Oct 2015 17:34:52 +0000 (10:34 -0700)]
dpctl: Add new 'flush-conntrack' command.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Joe Stringer <joe@ovn.org>
Daniele Di Proietto [Wed, 28 Oct 2015 17:34:26 +0000 (10:34 -0700)]
dpif-netlink: Implement ct_flush.
This member function is used by the ct-dpif module to provide its
services. It's implemented using the netlink-conntrack module.
N.B. The Linux kernel datapaths share the connection tracker among them
and with the rest of the system. Therefore the operations are not
really dpif specific.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Joe Stringer <joe@ovn.org>
Daniele Di Proietto [Wed, 28 Oct 2015 18:38:00 +0000 (11:38 -0700)]
dpctl: Add 'conntrack-dump' command.
It can be used to inspect the connection tracking entries in the
datapath.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Joe Stringer <joe@ovn.org>
Daniele Di Proietto [Wed, 28 Oct 2015 18:26:18 +0000 (11:26 -0700)]
dpif-netlink: Implement ct_dump_{start,next,done}.
These member functions are used by the ct-dpif module to provide its
services. They're implemented using the netlink-conntrack module.
N.B. The Linux kernel datapaths share the connection tracker among them
and with the rest of the system. Therefore the operations are not
really dpif specific.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Joe Stringer <joe@ovn.org>
Daniele Di Proietto [Wed, 28 Oct 2015 17:32:32 +0000 (10:32 -0700)]
ct-dpif: Add ct_dpif_flush().
This function will flush the connection tracking tables of a specific
datapath.
It simply calls a function pointer in the dpif_class. No dpif
currently implements the required interface.
The next commits will provide an implementation in dpif-netlink.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Joe Stringer <joe@ovn.org>
Daniele Di Proietto [Wed, 28 Oct 2015 18:24:25 +0000 (11:24 -0700)]
ct-dpif: Add ct_dpif_dump_{start,next,done}().
These function can be used to dump conntrack entries from a datapath.
They simply call a function pointer in the dpif_class. No dpif currently
implements the interface.
The next commits will provide an implementation in dpif-netlink.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Joe Stringer <joe@ovn.org>
Daniele Di Proietto [Tue, 3 Nov 2015 21:52:44 +0000 (13:52 -0800)]
netlink-conntrack: New module.
This module uses the netlink interface provide by the Linux kernel
connection tracker to provide some visibility into the conntrack tables.
The module provides functions to:
* Convert a netlink representation of a connection into a
struct 'ct_dpif_entry'.
* Dump all the connections.
* Flush all the connections.
* Listen for updates by registering a netlink notifier.
It will be used by dpif-netlink to implement the interface required by
the ct-dpif module.
Based on original work by Jarno Rajahalme
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Joe Stringer <joe@ovn.org>
Daniele Di Proietto [Tue, 3 Nov 2015 23:00:03 +0000 (15:00 -0800)]
ct-dpif: New module.
This defines some structures (and their related formatting functions) to
manipulate entries in connection tracking tables.
It will be used by next commits.
Based on original work by Jarno Rajahalme
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Joe Stringer <joe@ovn.org>
Russell Bryant [Mon, 21 Dec 2015 20:35:07 +0000 (15:35 -0500)]
tests: Add ovn keyword to all ovn tests.
Autotest keywords are helpful for running a subset of the test suite.
This patch makes it so you can run all OVN tests using the 'ovn'
keyword.
$ make check TESTSUITEFLAGS="-k ovn"
Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Pravin B Shelar [Mon, 21 Dec 2015 22:57:36 +0000 (14:57 -0800)]
datapath: Backport: openvswitch: Fix serialization of non-masked set actions.
I found this missing commit while checking diff against upstream OVS.
Upstream Commit msg:
Set actions consist of a regular OVS_KEY_ATTR_* attribute nested inside
of a OVS_ACTION_ATTR_SET action attribute. When converting masked actions
back to regular set actions, the inner attribute length was not changed,
ie, double the length being serialized. This patch fixes the bug.
Fixes:
83d2b9b ("net: openvswitch: Support masked set actions.")
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream:
f4f8e738505 ("openvswitch: Fix serialization of non-masked set
actions")
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Joe Stringer <joe@ovn.org>
Aaron Conole [Tue, 24 Nov 2015 20:28:35 +0000 (15:28 -0500)]
datapath/vport: Remove an invalid comment
Commit
3544358aa596 ("datapath: Improve kernel hash table") removed the
failure condition of ovs_vport_del by switching away from a custom
hashtable which allocated a new bucket, to an hlist with flexible-array
buckets. The function stopped returning failure code at that point, so
remove the misleading comment.
Signed-off-by: Aaron Conole <aconole@redhat.com>
Acked-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Pravin B Shelar [Mon, 21 Dec 2015 01:05:24 +0000 (17:05 -0800)]
datapath: stt: Fix device list management.
STT receive can accept packet on device which is not UP state.
Following patch fixes this issue by introducing another list
of devices which contains only devices in up state. This list can
be used for searching stt devices on packet receive.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@kernel.org>
Ben Pfaff [Sat, 19 Dec 2015 06:09:57 +0000 (22:09 -0800)]
stream-ssl: Fix misleading bound address format.
When the SSL code presents the name of the address to which it is bound,
it should include an "ssl:" or "pssl:" prefix instead of "tcp:" or "ptcp:".
Reported-by: meishengxin <meishengxin@huawei.com>
Reported-at: http://openvswitch.org/pipermail/discuss/2015-December/019694.html
Fixes:
e731d71bf47b ("Add IPv6 support for OpenFlow, OVSDB, NetFlow, and sFlow.")
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Russell Bryant <russell@ovn.org>
Anupam Chanda [Mon, 21 Dec 2015 20:20:06 +0000 (12:20 -0800)]
ovs-vtep: Clean up local mac entries on startup.
This change handles a corner case where local mac entries are not cleared if a
vlan binding is deleted while the emulator is not running. The fix is to clean
up the local mac entries once on restart.
Reported-by: Hsin-Yi Shen <shenh@vmware.com>
Signed-off-by: Anupam Chanda <achanda@vmware.com>
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Numan Siddique [Mon, 21 Dec 2015 07:01:14 +0000 (12:31 +0530)]
Remove broken pipe warning logs from ovsdb-server.log for ovn tests
Taken the fix from the commit
d3292dd... (in ovn-controller-vtep.at)
Signed-off-by: Numan Siddique <nusiddiq@redhat.com>
Signed-off-by: Russell Bryant <rbryant@redhat.com>
Pravin B Shelar [Sun, 20 Dec 2015 06:21:56 +0000 (22:21 -0800)]
datapath: stt: Fix error handling in stt_start().
The bug was reported by Joe Stringer.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@kernel.org>
Pravin B Shelar [Sun, 20 Dec 2015 03:19:22 +0000 (19:19 -0800)]
datapath: stt: Do not access stt_dev socket in lookup.
STT device is added to the device list at device create time. and
the dev socket is initialized when dev is UP. So avoid accessing
stt socket while searching a device.
---8<---
IP: [<
ffffffffc0e731fd>] nf_ip_hook+0xfd/0x180 [openvswitch]
Oops: 0000 [#1] PREEMPT SMP
Hardware name: VMware, Inc. VMware Virtual Platform/440BX
RIP: 0010:[<
ffffffffc0e731fd>] [<
ffffffffc0e731fd>] nf_ip_hook+0xfd/0x180 [openvswitch]
RSP: 0018:
ffff88043fd03cd0 EFLAGS:
00010206
RAX:
0000000000000000 RBX:
ffff8801008e2200 RCX:
0000000000000034
RDX:
0000000000000110 RSI:
ffff8801008e2200 RDI:
ffff8801533a3880
RBP:
ffff88043fd03d00 R08:
ffffffff90646d10 R09:
ffff880164b27000
R10:
0000000000000003 R11:
ffff880155eb9dd8 R12:
0000000000000028
R13:
ffff8802283dc580 R14:
00000000000076b4 R15:
ffff880013b20000
FS:
00007ff5ba73b700(0000) GS:
ffff88043fd00000(0000) knlGS:
0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
CR2:
0000000000000020 CR3:
000000037ff96000 CR4:
00000000000007e0
Stack:
ffff8801533a3890 ffff88043fd03d80 ffffffff90646d10 0000000000000000
ffff880164b27000 ffff8801008e2200 ffff88043fd03d48 ffffffff9064050a
ffffffff90d0f930 ffffffffc0e7ef80 0000000000000001 ffff8801008e2200
Call Trace:
<IRQ>
[<
ffffffff9064050a>] nf_iterate+0x9a/0xb0
[<
ffffffff9064059c>] nf_hook_slow+0x7c/0x120
[<
ffffffff906470f3>] ip_local_deliver+0x73/0x80
[<
ffffffff90646a3d>] ip_rcv_finish+0x7d/0x350
[<
ffffffff90647398>] ip_rcv+0x298/0x3d0
[<
ffffffff9060fc56>] __netif_receive_skb_core+0x696/0x880
[<
ffffffff9060fe58>] __netif_receive_skb+0x18/0x60
[<
ffffffff90610b3e>] process_backlog+0xae/0x180
[<
ffffffff906102c2>] net_rx_action+0x152/0x270
[<
ffffffff9006d625>] __do_softirq+0xf5/0x320
[<
ffffffff9071d15c>] do_softirq_own_stack+0x1c/0x30
Reported-by: Joe Stringer <joe@ovn.org>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Tested-by: Joe Stringer <joe@ovn.org>
Ben Pfaff [Thu, 17 Dec 2015 07:32:54 +0000 (23:32 -0800)]
tun-metadata: Fix memory leak in tun_metadata_add_entry() corner case.
Found by valgrind.
Reported-by: William Tu <u9012063@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
Joe Stringer [Tue, 15 Dec 2015 19:24:34 +0000 (11:24 -0800)]
compat: Backport conntrack strictly to v3.10+.
The conntrack/ipfrag backport was previously not entirely consistent in
its include for versions 3.9 and 3.10. The intention was to build it for
all kernels 3.10 and newer, so fix the version checks.
Reported-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Tested-by: Simon Horman <simon.horman@netronome.com>
Joe Stringer [Tue, 15 Dec 2015 19:24:33 +0000 (11:24 -0800)]
compat: Always use own __ipv6_select_ident().
If the ip fragmentation backport is enabled, we should always use our
own {,__}ipv6_select_ident(). This fixes the following issue on some
v3.19 kernels:
datapath/linux/ip6_output.c:93:12: error: conflicting types for
‘__ipv6_select_ident’
static u32 __ipv6_select_ident(struct net *net, u32 hashrnd,
Reported-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Tested-by: Simon Horman <simon.horman@netronome.com>
Han Zhou [Fri, 18 Dec 2015 06:23:22 +0000 (22:23 -0800)]
ovsdb: separate json cache for different monitor versions
Cached json objects were reused when sending notifications to
clients. This created a problem when there were different versions
of monitors coexisting. E.g. clients expecting version2 notification
would receive messages with method == "update2" but payload in
version1 format, which end up failure of processing the updates.
This patch fixes the issue by including version in cache node.
Signed-off-by: Han Zhou <zhouhan@gmail.com>
Acked-by: Andy Zhou <azhou@ovn.org>
Signed-off-by: Andy Zhou <azhou@ovn.org>
Pravin B Shelar [Thu, 17 Dec 2015 21:56:39 +0000 (13:56 -0800)]
datapath: stt: Use RCU API to update stt-dev list.
Following crash was reported for STT tunnel. I am not able to reproduce
it, But the usage of wrong list manipulation API is likely culprit.
---8<---
IP: [<
ffffffffc0e731fd>] nf_ip_hook+0xfd/0x180 [openvswitch]
Oops: 0000 [#1] PREEMPT SMP
Hardware name: VMware, Inc. VMware Virtual Platform/440BX
RIP: 0010:[<
ffffffffc0e731fd>] [<
ffffffffc0e731fd>] nf_ip_hook+0xfd/0x180 [openvswitch]
RSP: 0018:
ffff88043fd03cd0 EFLAGS:
00010206
RAX:
0000000000000000 RBX:
ffff8801008e2200 RCX:
0000000000000034
RDX:
0000000000000110 RSI:
ffff8801008e2200 RDI:
ffff8801533a3880
RBP:
ffff88043fd03d00 R08:
ffffffff90646d10 R09:
ffff880164b27000
R10:
0000000000000003 R11:
ffff880155eb9dd8 R12:
0000000000000028
R13:
ffff8802283dc580 R14:
00000000000076b4 R15:
ffff880013b20000
FS:
00007ff5ba73b700(0000) GS:
ffff88043fd00000(0000) knlGS:
0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
CR2:
0000000000000020 CR3:
000000037ff96000 CR4:
00000000000007e0
Stack:
ffff8801533a3890 ffff88043fd03d80 ffffffff90646d10 0000000000000000
ffff880164b27000 ffff8801008e2200 ffff88043fd03d48 ffffffff9064050a
ffffffff90d0f930 ffffffffc0e7ef80 0000000000000001 ffff8801008e2200
Call Trace:
<IRQ>
[<
ffffffff90646d10>] ? ip_rcv_finish+0x350/0x350
[<
ffffffff9064050a>] nf_iterate+0x9a/0xb0
[<
ffffffff90646d10>] ? ip_rcv_finish+0x350/0x350
[<
ffffffff9064059c>] nf_hook_slow+0x7c/0x120
[<
ffffffff90646d10>] ? ip_rcv_finish+0x350/0x350
[<
ffffffff906470f3>] ip_local_deliver+0x73/0x80
[<
ffffffff90646a3d>] ip_rcv_finish+0x7d/0x350
[<
ffffffff90647398>] ip_rcv+0x298/0x3d0
[<
ffffffff9060fc56>] __netif_receive_skb_core+0x696/0x880
[<
ffffffff9060fe58>] __netif_receive_skb+0x18/0x60
[<
ffffffff90610b3e>] process_backlog+0xae/0x180
[<
ffffffff906102c2>] net_rx_action+0x152/0x270
[<
ffffffff9006d625>] __do_softirq+0xf5/0x320
[<
ffffffff9071d15c>] do_softirq_own_stack+0x1c/0x30
Reported-by: Joe Stringer <joe@ovn.org>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@kernel.org>
Gurucharan Shetty [Tue, 15 Dec 2015 16:27:15 +0000 (08:27 -0800)]
ovn-ctl: Add daemon status functions.
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Russell Bryant <russell@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Ilya Maximets [Wed, 16 Dec 2015 12:32:21 +0000 (15:32 +0300)]
ovs-lib: Try to call exit before killing.
While killing OVS may not free all allocated resources.
Example:
Socket for vhost-user port will stay in a system
after 'systemctl stop openvswitch' and opening
that port after restart will fail.
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Tue, 8 Dec 2015 00:56:34 +0000 (16:56 -0800)]
actions: Bundle action parsing parameters into a structure.
This will make it easier to add and change parameters, as done in an
upcoming commit.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
Ben Pfaff [Wed, 2 Dec 2015 17:51:33 +0000 (09:51 -0800)]
actions: Factor parsing a single action into a new function parse_action().
This will have another user in an upcoming commit.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
Ben Pfaff [Mon, 7 Dec 2015 23:35:15 +0000 (15:35 -0800)]
actions: Factor out new helper function add_prerequisite().
This will acquire new users in upcoming commits.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
Ben Pfaff [Wed, 16 Dec 2015 02:04:20 +0000 (18:04 -0800)]
Use ip_parse() and ipv6_parse() and variants in more places.
This saves some code and improves clarity, in my opinion.
Some of these changes just change an inet_pton() call into a similar
ip_parse() or ipv6_parse() call. In those cases the benefit is better
type safety, since inet_pton()'s output parameter is type "void *".
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
Ben Pfaff [Sat, 31 Oct 2015 02:57:41 +0000 (19:57 -0700)]
packets: Add new functions for IPv4 and IPv6 address parsing.
These will be used in an upcoming patch to reduce duplicated code.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
Ben Pfaff [Mon, 7 Dec 2015 23:00:16 +0000 (15:00 -0800)]
packets: New macro ETH_ADDR_STRLEN.
An upcoming commit will introduce another user.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
Ben Pfaff [Thu, 3 Dec 2015 02:04:35 +0000 (18:04 -0800)]
sparse: Define INET_ADDRSTRLEN.
POSIX defines this but it was missing from the OVS header file definitions
for "sparse".
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
Ben Pfaff [Wed, 9 Dec 2015 17:31:40 +0000 (09:31 -0800)]
tests: Fix typo in comment.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
Mengke Liu [Tue, 15 Dec 2015 18:47:50 +0000 (02:47 +0800)]
geneve-map-rename: rename geneve-map to tlv-map.
This patch renames the command name related with geneve-map to a more
generic name as following:
add-geneve-map -> add-tlv-map
del-geneve-map -> del-tlv-map
dump-geneve-map -> dump-tlv-map
It also renames the Geneve_table to tlv_table.
By doing this renaming, the NSH variable context header (the same TLV
format as Geneve) or other protocol can reuse the field tun_metadata<N>
in the future.
Signed-off-by: Mengke Liu <mengke.liu@intel.com>
Signed-off-by: Ricky Li <ricky.li@intel.com>
Signed-off-by: Jesse Gross <jesse@kernel.org>
Russell Bryant [Mon, 14 Dec 2015 17:54:45 +0000 (12:54 -0500)]
ovn: Use constants for conntrack state bits.
A previous commit fixed this code to match changes to the conntrack
state bit assignments. This patch further updates the code to use
the defined constants to ensure this code adapts automatically to any
possible future changes.
Signed-off-by: Russell Bryant <russell@ovn.org>
Requested-by: Joe Stringer <joe@ovn.org>
Acked-by: Joe Stringer <joe@ovn.org>
Andy Zhou [Mon, 14 Dec 2015 23:03:23 +0000 (15:03 -0800)]
lib: fix sparse warnings
Fixes the following sparse warning messages:
lib/ovsdb-idl.c:146:12: error: symbol 'table_updates_names' was not
declared. Should it be static?
lib/ovsdb-idl.c:147:12: error: symbol 'table_update_names' was not
declared. Should it be static?
lib/ovsdb-idl.c:148:12: error: symbol 'row_update_names' was not
declared. Should it be static?
Reported-by: Joe Stringer <joe@ovn.org>
Signed-off-by: Andy Zhou <azhou@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Acked-by: Joe Stringer <joe@ovn.org>
Joe Stringer [Tue, 15 Dec 2015 06:30:11 +0000 (22:30 -0800)]
lib: Use proper type cast to poison lists.
'struct ovs_list' comprises of two pointers to 'struct ovs_list'.
Use these in the cast rather than void*.
VMware-BZ: #
1571356
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Nithin Raju [Thu, 10 Dec 2015 19:16:51 +0000 (11:16 -0800)]
datapath-windows: remove ASSERT in OvsDoFlowLookupOutput()
We needed this ASSERT earlier to catch unexpected cases. This code seems
to be fairly stable, and we can remove the ASSERT.
It is annoying to be hitting this ASSERT while changing the internal
adapter properties.
Signed-off-by: Nithin Raju <nithin@vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Mon, 14 Dec 2015 11:09:07 +0000 (03:09 -0800)]
jsonrpc-server: Use prototype style for ovsdb_jsonrpc_disable_monitor2().
Without "void", this is a pre-ANSI style function definition that has
subtly different semantics.
Found by sparse.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Andy Zhou <azhou@ovn.org>
Daniele Venturino [Fri, 11 Dec 2015 12:59:00 +0000 (13:59 +0100)]
AUTHORS: Add Carlo Andreotti
Carlo was involved in the testing and validation processes of the Rapid
Spanning Tree Implementation.
I also updated the Copyright string in some files.
Signed-off by: Daniele Venturino <daniele.venturino@m3s.it>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Alin Serdean [Thu, 10 Dec 2015 22:18:51 +0000 (22:18 +0000)]
confifugre: Fix broken sed calls in shell code.
Commit
43000bc (openvswitch.m4: Portability improvement), which introduced
a portability improvement, also introduces two bugs. This commit fixes
both bug, by adding the command for $SED 's' and changes to x86 for 32 bit
instead of x64.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Alin Serdean [Fri, 11 Dec 2015 17:32:41 +0000 (17:32 +0000)]
datapath-windows: Cleanup unused variables
This patch removes unused variables defined in stt and vxlan ports.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Alin Serdean [Fri, 11 Dec 2015 14:59:07 +0000 (14:59 +0000)]
datapath-windows: Cleanup Stt.c
Remove double include for Flow.h and sort the includes alphabetically.
Also remove tabs.
Found by inspection.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Andy Zhou [Tue, 20 Oct 2015 19:50:23 +0000 (12:50 -0700)]
ovsdb: test ovs-vswitchd for backward compatibility
Add test to make sure ovs-vswitchd fall back to use the
"monitor" method when connecting to an older ovsdb-server that
does not support "monitor2".
For testing backward compatibility, add an ovs-appctl command:
"ovsdb-server/disable-monitor2". This command will restart
all currently open jsonrpc connections, but without support for
'monitor2' JSON-RPC method for the new connections.
There is no corresponding enable command, since this feature is only
useful for testing. 'monitor2' will be available when ovsdb-server
restarts.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ben Pfaff <blp@ovn.org>
Andy Zhou [Thu, 15 Oct 2015 21:09:37 +0000 (14:09 -0700)]
lib: add monitor2 support in ovsdb-idl.
Add support for monitor2. When idl starts to run, monitor2 will be
attempted first. In case the server is an older version that does
not recognize monitor2. IDL will then fall back to use "monitor"
method.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ben Pfaff <blp@ovn.org>
Andy Zhou [Thu, 15 Oct 2015 21:09:07 +0000 (14:09 -0700)]
ovsdb-client: support monitor2
Add monitor2 option to ovsdb-client. See ovsdb-client(1) manpage patch
for details.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ben Pfaff <blp@ovn.org>
Andy Zhou [Thu, 15 Oct 2015 21:08:23 +0000 (14:08 -0700)]
ovsdb: enable jasonrpc-server to service monitor2 request
ovsdb-server now accepts the new "monitor2" request. The next
patch will switch IDL to use monitor2 by default.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ben Pfaff <blp@ovn.org>
Andy Zhou [Thu, 15 Oct 2015 21:07:43 +0000 (14:07 -0700)]
ovsdb: generate update2 notification for a monitor2 session
Add functions that can generate "update2" notification for a
"monitor2" session. "monitor2" and "update2" are RFC 7047 extensions
described by ovsdb-server(1) manpage. See the manpage changes
for more details.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ben Pfaff <blp@ovn.org>
Andy Zhou [Fri, 25 Sep 2015 23:19:48 +0000 (16:19 -0700)]
lib: add diff and apply diff APIs for ovsdb_datum
When an OVSDB column change its value, it is more efficient to only
send what has changed, rather than sending the entire new copy.
This is analogous to software programmer send patches rather than
the entire source file.
For columns store a single element, the "diff" datum is the same
as the "new" datum.
For columns that store set or map, it is only necessary to send the
information about the elements changed (including addition or removal).
The "diff" for those types are all elements that are changed.
Those APIs are mainly used for implementing a new OVSDB server
"update2" JSON-RPC notification, which encodes modifications
of a column with the contents of those "diff"s. Later patch implements
the "update2" notification.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ben Pfaff <blp@ovn.org>
Andy Zhou [Fri, 16 Oct 2015 22:33:36 +0000 (15:33 -0700)]
ovsdb-date.at: convert tabs into spaces
No content change.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ben Pfaff <blp@ovn.org>
Andy Zhou [Wed, 14 Oct 2015 23:57:52 +0000 (16:57 -0700)]
lib: avoid set size check when generating diff datum from json
Added ovsdb_transient_datum_from_json() to avoid size check for
the diff datum that is transient in nature.
Suppose a datum contains set, and the max number of elements is 2.
If we are changing from set that contains [A, B], to a set contains
[C, D], the diff datum will contains 4 elements [A, B, C, D].
Thus diff datum should not be constrained by the size limit. However
the datum after diff is applied should not violate the size limit.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ben Pfaff <blp@ovn.org>
Andy Zhou [Thu, 24 Sep 2015 21:13:45 +0000 (14:13 -0700)]
ovsdb: refactor, add ovsdb_monitor_max_columns()
This function will have multiple callers in later patches.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ben Pfaff <blp@ovn.org>
Pravin B Shelar [Fri, 11 Dec 2015 04:03:01 +0000 (20:03 -0800)]
datapath: compat: Block upstream ip_tunnels functions.
Since upstream and compat ip_tunnel structures are not same, we can not
use exported upstream functions.
Following patch blocks definitions which used ip_tunnel internal
structure. Function which do not depend on these structures are
allows by explicitly by defining it in the header files. e.g.
iptunnel_handle_offloads(), iptunnel_pull_header(). etc.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@kernel.org>
Pravin B Shelar [Fri, 11 Dec 2015 04:03:00 +0000 (20:03 -0800)]
datapath: define compat ip_tunnel_get_link_net()
Same as ip_tunnel_get_iflink(), function ip_tunnel_get_link_net()
also depends on ip_tunnel structure. So this patch defines
compat implementation for same.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@kernel.org>
Pravin B Shelar [Fri, 11 Dec 2015 04:02:59 +0000 (20:02 -0800)]
datapath: define compat ip_tunnel_get_iflink()
ip_tunnel_get_iflink() depends on ip_tunnel structure. But OVS
compat layer defines its own ip_tunnel structure which is not
compatible with all upstream kernel versions. Therefore we
can no use such function.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@kernel.org>
Alin Serdean [Fri, 11 Dec 2015 20:54:05 +0000 (20:54 +0000)]
datapath-windows: Fix small bug in STT
Allow STT encapsulation to take place in the case we have a TCP payload
without LSO.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Alin Serdean [Fri, 11 Dec 2015 19:18:25 +0000 (19:18 +0000)]
datapath-windows: Add GRE TEB support for windows datapath
This patch introduces the support for GRE TEB (trasparent ethernet bridging)
for the windows datapath.
The GRE support is based on http://tools.ietf.org/html/rfc2890, without
taking into account the GRE sequence, and it supports only the GRE protocol
type 6558 (trasparent ethernet bridging) like its linux counterpart.
Util.h: define the GRE pool tag
Vport.c/h: sort the includes alphabetically
add the function OvsFindTunnelVportByPortType which searches the
tunnelVportsArray for a given port type
Actions.c : sort the includes alphabetically
call the GRE encapsulation / decapsulation functions when needed
Gre.c/h : add GRE type defines
add initialization/cleanup functions
add encapsulation / decapsulation functions with software offloads
(hardware offloads will be added in a separate patch)
support
Tested using: PSPING
(https://technet.microsoft.com/en-us/sysinternals/psping.aspx)
(ICMP, TCP, UDP) with various packet lengths
IPERF3
(https://iperf.fr/iperf-download.php)
(TCP, UDP) with various options
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Acked-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Sairam Venugopal [Thu, 10 Dec 2015 01:31:03 +0000 (17:31 -0800)]
datapath-windows: Fix compilation issue
The previous patch was missing a ";".
Signed-off-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Justin Pettit [Fri, 11 Dec 2015 01:56:22 +0000 (17:56 -0800)]
ovn-controller: Add clarifying comment about main loop in binding_run().
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Russell Bryant <russell@ovn.org>
Russell Bryant [Thu, 10 Dec 2015 19:22:58 +0000 (14:22 -0500)]
xml2nroff: Read whole file instead of line by line.
The previous code processed the input file line by line, but I think
it looks a little more straight forward to just process the whole file
at once.
This patch also explicitly closes the file after reading its contents.
Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
Russell Bryant [Thu, 10 Dec 2015 19:16:44 +0000 (14:16 -0500)]
xml2nroff: Don't use built-in function name.
Don't use "input" as a variable name, as input is a built-in Python
function.
Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
Russell Bryant [Thu, 10 Dec 2015 19:08:44 +0000 (14:08 -0500)]
xml2nroff: Fix issues pointed out by flake8.
This patch includes a few minor fixes pointed out by the flake8 tool.
It drops an unused variable and the related imports, adds some blank
lines where the PEP8 formatting standard indicates they should be, and
does a comparison with None as "is None" instead of "== None".
Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
Russell Bryant [Thu, 10 Dec 2015 19:07:26 +0000 (14:07 -0500)]
xml2nroff: Don't use import *.
It's generally considered bad style to do a wildcard import. It makes
it more difficult to figure out where things come from.
Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
Russell Bryant [Thu, 10 Dec 2015 19:04:51 +0000 (14:04 -0500)]
xml2nroff: Drop duplicated usage().
The usage() function was included twice. Drop the one that was out of
date.
Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
Russell Bryant [Tue, 17 Nov 2015 22:00:06 +0000 (14:00 -0800)]
ovn: Fix ACLs for child logical ports.
The physical input flows for child logical ports (for the
container-in-a-VM use case, for example) did not set a conntrack zone
ID. The previous code only allocated a zone ID for local VIFs and
missed doing it for child ports.
Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
Pravin B Shelar [Thu, 10 Dec 2015 22:42:43 +0000 (14:42 -0800)]
datapath: Backport: skbuff: Fix skb checksum partial check.
This bug fix is not required for OVS use cases. But is it
nice to keep function consistent with upstream implementation.
Upstream commit:
Earlier patch
6ae459bda tried to detect void ckecksum partial
skb by comparing pull length to checksum offset. But it does
not work for all cases since checksum-offset depends on
updates to skb->data.
Following patch fixes it by validating checksum start offset
after skb-data pointer is updated. Negative value of checksum
offset start means there is no need to checksum.
Fixes:
6ae459bda ("skbuff: Fix skb checksum flag on skb pull")
Reported-by: Andrew Vagin <avagin@odin.com>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream:
31b33dfb0a1 ("skbuff: Fix skb checksum partial check");
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@kernel.org>
Pravin B Shelar [Thu, 10 Dec 2015 22:19:56 +0000 (14:19 -0800)]
datapath: Fix STT packet receive handling.
STT reassembly can generate list of packets. But it was
handled as a single skb. Following patch fixes it.
Fixes:
e23775f20 ("datapath: Add support for lwtunnel").
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@kernel.org>
Acked-by: Joe Stringer <joe@ovn.org>
Daniele Di Proietto [Fri, 11 Dec 2015 00:15:11 +0000 (16:15 -0800)]
FAQ: Add entry about different datapaths features.
This is an easy way to keep track of the features supported by the
different datapaths.
Nithin helped filling the list for the Hyper-V port.
CC: Nithin Raju <nithin@vmware.com>
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Ben Pfaff <blp@ovn.org>
Acked-by: Nithin Raju <nithin@vmware.com>
Acked-by: Justin Pettit <jpettit@ovn.org>
Daniele Di Proietto [Wed, 9 Dec 2015 02:39:18 +0000 (18:39 -0800)]
odp-util: Correctly [de]serialize mask for ND attributes.
When converting between ODP attributes and struct flow_wildcards, we
check that all the prerequisites are exact matched on the mask.
For ND(ICMPv6) attributes, an exact match on tp_src and tp_dst
(which in this context are the icmp type and code) shold look like
htons(0xff), not htons(0xffff). Fix this in two places.
The consequences were that the ODP mask wouldn't include the ND
attributes and the flow would be deleted by the revalidation.
Daniele Di Proietto [Tue, 8 Dec 2015 01:30:25 +0000 (17:30 -0800)]
odp-util: Return exact mask if netlink mask attribute is missing.
In the ODP context an empty mask netlink attribute usually means that
the flow should be an exact match.
odp_flow_key_to_mask{,_udpif}() instead return a struct flow_wildcards
with matches only on recirc_id and vlan_tci.
A more appropriate behavior is to handle a missing (zero length) netlink
mask specially (like we do in userspace and Linux datapath) and create
an exact match flow_wildcards from the original flow.
This fixes a bug in revalidate_ukey(): every flow created with
megaflows disabled would be revalidated away, because the mask would
seem too generic. (Another possible fix would be to handle the special
case of a missing mask in revalidate_ukey(), but this seems a more
generic solution).
Daniele Di Proietto [Tue, 8 Dec 2015 23:44:51 +0000 (15:44 -0800)]
odp-util: Commit ICMP set only for ICMP packets.
commit_set_icmp_action() should do its job only if the packet is ICMP,
otherwise there will be two problems:
* A set ICMP action will be inserted in the ODP actions and the flow
will be slow pathed.
* The tp_src and tp_dst field will be unwildcarded.
Normal TCP or UDP packets won't be impacted, because
commit_set_icmp_action() is called after commit_set_port_action() and it
will see the fields as already committed (TCP/UCP transport ports and ICMP
code/type are stored in the same members in struct flow).
MPLS packets though will hit the bug, causing a nonsensical set action
(which will end up zeroing the transport source port) and an invalid
mask to be generated.
The commit also alters an MPLS testcase to trigger the bug.
Daniele Di Proietto [Mon, 23 Nov 2015 23:37:46 +0000 (15:37 -0800)]
tnl-ports: Generate mask with correct prerequisites.
We should match on the transport ports only if the tunnel has a UDP
header. It doesn't make sense to match on transport port for GRE
tunnels.
Also, to match on fragment bits we should use FLOW_NW_FRAG_MASK instead
of 0xFF. FLOW_NW_FRAG_MASK is what we get if we convert to the ODP
netlink format and back.
Adding the correct masks in the tunnel router classifier helps in making
sure that the translation generates masks that respect prerequisites.
If the mask has some fields that do not respect prerequisites, the flow
will get deleted by revalidation, because translating to ODP format and
back will generate a more generic mask, which will be perceived as too
generic (compared with the one generated by the translation).
Daniele Di Proietto [Fri, 4 Dec 2015 22:04:26 +0000 (14:04 -0800)]
ofproto-dpif-xlate: Fix revalidation in execute_controller_action().
If there's no actual packet (e.g. during revalidation),
execute_controller_action() exits right away, without calling
xlate_commit_actions().
xlate_commit_actions() might have an influence on slow_path reason
(which is included in the generated ODP actions), meaning that the
revalidation will not generate the same actions than the original
translation.
Fix the problem by making execute_controller_action() call
xlate_commit_actions() even without a packet.
Daniele Di Proietto [Sat, 21 Nov 2015 00:15:36 +0000 (16:15 -0800)]
dpif-netdev: Initialize match.tun_md in various places.
This solves a crash in dp_netdev_flow_add(), when log level is debug.
Joe Stringer [Wed, 9 Dec 2015 00:14:07 +0000 (16:14 -0800)]
datapath: Define nf_connlabels_{put,get}.
Previously this was only done when connlabels were enabled in the kernel
config, even if the functions didn't exist. Fix the compile error.
Fixes:
d70a6ff5d40d ("datapath: Define nf_connlabels_{put,get}.")
Reported-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Joe Stringer [Wed, 9 Dec 2015 00:14:06 +0000 (16:14 -0800)]
datapath: Respect conntrack zone even if invalid.
If userspace executes ct(zone=1), and the connection tracker determines
that the packet is invalid, then the ct_zone flow key field is populated
with the default zone rather than the zone that was specified. Even
though connection tracking failed, this field should be updated with the
value that userspace specified. Fix the issue.
Fixes:
a94ebc39996b ("datapath: Add conntrack action")
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Russell Bryant [Wed, 9 Dec 2015 19:04:01 +0000 (14:04 -0500)]
CONTRIBUTING: Document the Fixes header.
Document the use of the Fixes header to refer to a commit that
introduced a bug being fixed.
Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-by: Joe Stringer <joe@ovn.org>
Russell Bryant [Tue, 8 Dec 2015 22:32:47 +0000 (17:32 -0500)]
ovn: Fix ct_state bit mappings in OVN symtab.
The OVN symbol table contained outdated mappings between connection
states and the corresponding bit in the ct_state field. This patch
updates the symbol table with the proper values as defined in
lib/packets.h.
Signed-off-by: Russell Bryant <russell@ovn.org>
Fixes:
63bc9fb1c69f ("packets: Reorder CS_* flags to remove gap.")
Acked-by: Joe Stringer <joe@ovn.org>
Jarno Rajahalme [Tue, 8 Dec 2015 19:35:49 +0000 (11:35 -0800)]
seq: Add a coverage counter for seq_change.
Having a coverage counter tracking the value of the internal seq_next
should help in debugging.
Suggested-by: Justin Pettit <jpettit@ovn.org>
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Nithin Raju [Wed, 25 Nov 2015 20:32:33 +0000 (12:32 -0800)]
datapath-windows: Don't assert for unknown actions
On Hyper-V, we currently don't validate a flow to see if datapath can
indeed execute all the actions specified or not. While support for it
gets implemented, an ASSERT seems too strong. I'm working on the support
for actions validation. Here's a workaround in the meantime to help
debugging.
Signed-off-by: Nithin Raju <nithin@vmware.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Pravin B Shelar [Tue, 8 Dec 2015 02:23:21 +0000 (18:23 -0800)]
datapath: Backport: vxlan: interpret IP headers for ECN correctly
Upstream commit:
When looking for outer IP header, use the actual socket address family, not
the address family of the default destination which is not set for metadata
based interfaces (and doesn't have to match the address family of the
received packet even if it was set).
Fix also the misleading comment.
Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream:
ce212d0f6f5 ("vxlan: interpret IP headers for ECN correctly")
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@kernel.org>
Pravin B Shelar [Tue, 8 Dec 2015 02:23:20 +0000 (18:23 -0800)]
datapath: Backport: vxlan: fix incorrect RCO bit in VXLAN header
Upstream commit:
Commit
3511494ce2f3d ("vxlan: Group Policy extension") changed definition of
VXLAN_HF_RCO from 0x00200000 to BIT(24). This is obviously incorrect. It's
also in violation with the RFC draft.
Fixes:
3511494ce2f3d ("vxlan: Group Policy extension")
Cc: Thomas Graf <tgraf@suug.ch>
Cc: Tom Herbert <therbert@google.com>
Signed-off-by: Jiri Benc <jbenc@redhat.com>
Acked-by: Tom Herbert <tom@herbertland.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream:
c5fb8caaf91 ("vxlan: fix incorrect RCO bit in VXLAN header")
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@kernel.org>
Pravin B Shelar [Tue, 8 Dec 2015 02:23:19 +0000 (18:23 -0800)]
datapath: Backport: openvswitch: properly refcount vport-vxlan module
Upstream commit:
After
614732eaa12d, no refcount is maintained for the vport-vxlan module.
This allows the userspace to remove such module while vport-vxlan
devices still exist, which leads to later oops.
v1 -> v2:
- move vport 'owner' initialization in ovs_vport_ops_register()
and make such function a macro
Fixes:
614732eaa12d ("openvswitch: Use regular VXLAN net_device device")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream:
83e4bf7a74 ("openvswitch: properly refcount vport-vxlan
module").
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@kernel.org>
Pravin B Shelar [Tue, 8 Dec 2015 02:23:18 +0000 (18:23 -0800)]
datapath: Backport: openvswitch: fix hangup on vxlan/gre/geneve device deletion
Upstream commit:
Each openvswitch tunnel vport (vxlan,gre,geneve) holds a reference
to the underlying tunnel device, but never released it when such
device is deleted.
Deleting the underlying device via the ip tool cause the kernel to
hangup in the netdev_wait_allrefs() loop.
This commit ensure that on device unregistration dp_detach_port_notify()
is called for all vports that hold the device reference, properly
releasing it.
Fixes:
614732eaa12d ("openvswitch: Use regular VXLAN net_device device")
Fixes:
b2acd1dc3949 ("openvswitch: Use regular GRE net_device instead of vport")
Fixes:
6b001e682e90 ("openvswitch: Use Geneve device.")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream:
131753030("openvswitch: fix hangup on vxlan/gre/geneve device
deletion").
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@kernel.org>
Ben Pfaff [Mon, 7 Dec 2015 20:34:08 +0000 (12:34 -0800)]
datapath: Avoid warning for unused static data on Linux <=3.9.0.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Pravin B Shelar <pshelar@nicira.com>