git.cascardo.info Git - cascardo/ovs.git/log

odp-util: Clearly indicate VID mask is printed in hex.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>

odp-util: Always encode mask of 0xffff for dl_type < ETH_TYPE_MIN.

For non-Ethernet II packets, we don't set an EtherType netlink attribute
and set the Ethertype mask attribute to 0xffff. The code was encoding
whatever mask was passed in, which could lead to bugs if the caller
didn't know the userspace-kernel interface.

Found by inspection.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>

Keep all of tunnel metadata in flow.

Do not clear tunnel metadata on tunnel input.

This is a backport of 4110a57 (Keep all of tunnel metadata in
flow.) to branch-1.11.  This fixes an issue with received tunnel
traffic and megaflows.  xlate_actions() calls tnl_port_should_receive()
to determine whether it should un-wildcard the tunnel fields.  Without
this commit, the original flow's tunnel information is zeroed and is
unavailable for tnl_port_should_receive()'s use to determine whether
it's a tunnel flow or not.  This resulted in some tunnel traffic
being wildcarded inappropriately.

Bug #18277.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath: Fix tunnel source port selection for mega flow

Tunnel source port selection was based on hash value cached in the
flow. This no longer works with mega flow, since all flows matching
a mega flow will be transmitted with the same tunnel source port.

This patch computes the tunnel source port at run time based on each
incoming packet. Packets belong to the same micro flow would still get
the same source port, but multiple micro flows hitting the same mega flow
can get different source ports.

Packets injected from the usespace will be assigned to the same
source port as if they are forwarded in the kernel.

Bug #18216

Signed-off-by: Andy Zhou <azhou@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

ofproto-dpif: Add ability to disable megaflows.

Add new "dpif/disable-megaflows" and "dpif/enable-megaflows" commands to
ovs-appctl to disable and enable megaflows, respectively. By default,
megaflows are enabled, and these commands should only be used for
debugging.

Feature #18265.

Requested-by: Ronghua Zhang <rzhang@vmware.com>
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

flow: Don't assume non-IPv4 is IPv6 for un-wildcarding.

When determinining what fields to un-wildcard for the symmetric L4 hash,
don't include the IPv6 address fields if the packet isn't IPv6.

Reported-by: Jarno Rajahalme <jarno.rajahalme@nsn.com>
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ovs-appctl: allow ofproto/trace to take mega flow input

ofproto/trace command was not updated to take mega flow input, which made
it hard to use by cutting and pasting output from "ovs-dpctl dump-flows".

(The mask is not actually used for tracing.)

Bug #18267.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovs-dpctl: Fix mega flow output

ovs-dpctl sometimes displays wildcarded fields as exact match. This
patch fixes those cases.

This patch implements the following logic. When OVS_FLOW_ATTR_MASK is
missing, the entire key attributes will be displayed as exact match fields.
When OVS_FLOW_ATTR_MASK is present, but some individual key attributes do
not have matching attributes in the mask, those key attributes will be
displayed as wildcarded fields.

Signed-off-by: Andy Zhou <azhou@nicira.com>
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

netflow: Only un-wildcard IPv4 packets.

NetFlow v5 only supports IPv4, so don't bother un-wildcarding
non-IPv4 packets.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

flow: Only un-wildcard relevant IP headers.

When determining the fields to un-wildcard, we need to be careful
about only un-wildcarding fields that are relevant. Also, we
didn't properly handle IPv6 addresses.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

odp-util: Fix converting masked VLAN from flow.

When converting the VLAN from a flow to an ODP key, the processing logic
would always store the VLAN ethertype. However, when handling a mask,
it should be a mask, not an ethertype. And since we don't support
bit-wise masking of the ethertype, just make it an exact-match mask.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

odp-util: Correct printing the VLAN PCP mask.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: Remove old comment.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

datapath: Bug fix: Kernel rejects flow with valid vlan field

Bug #18233

Signed-off-by: Andy Zhou <azhou@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

Datapath: Bug fix: kernel rejects mega flow with encap masks

Bug #18233

Signed-off-by: Andy Zhou <azhou@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

datapath: Convert IPv6 TCP and UDP port netlink attributes properly.

The code that converts netlink attributes to a flow match always
stored TCP and UDP ports in the IPv4 structure. This commit
properly puts TCP and UDP traffic into appropriate IPv4 and IPv6
structures.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

ofproto-dpif: Always un-wildcard 'dl_type'.

We always look at the fragment status and often look at other L3
headers when processing the packet, so just un-wildcard the
Ethertype.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

tunnel: Only un-wildcard the ECN bits for IP traffic.

With tunnels carrying IP packets, ECN bits are always inherited by
the encapsulating tunnel. However, it doesn't make sense to
unwildcard the inner packet's TOS fields if the packet is not IP.

Found by inspection.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

datapath: Make OVS_ACTION_ATTR_USERSPACE action to send packet key

OVS_ACTION_ATTR_USERSPACE action was sending the key from the matching
flow. This works for exact match flows because flow keys are the
same as packet keys. However, it does not work with wildcarded flows as
the packet keys may be different than the flow keys. This patch uses
the packet keys carried in OVS_CB(skb) when calling output_userspace().

Bug #18163

Signed-off-by: Andy Zhou <azhou@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

datapath: Do not clear key in ovs_match_init()

When executing packets sent from userspace, the majority of the
flow information is extracted from the packet itself and a small
amount of metadata supplied by userspace is added. However, when
adding this metadata, the extracted flow information is currently
being cleared.

This manifests in a problem when executing actions as elements of key are
used when verifying some actions. For example a dec_ttl action verifies the
proto of the flow. An example of a flow that fails as a result of this
problem is:

ovs-ofctl add-flow br0 "ip actions=dec_ttl,normal"

This is a regression added by "datapath: Mega flow implementation",
a1c564be1e2ffc31f8da09ab654c8ed987907fe5.

CC: Andy Zhou <azhou@nicira.com>
Reported-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Jesse Gross <jesse@nicira.com>

datapath: Fix a kernel crash caused by corrupted mask list.

When flow table is copied, the mask list from the old table
is not properly copied into the new table. The corrupted mask
list in the new table will lead to kernel crash. This patch
fixes this bug.

Bug #18110
Reported-by: Justin Pettit <jpettit@nicira.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

datapath: Use a single attribute array for parsing values and masks.

When parsing flow Netlink messages we currently have arrays to hold the
attribute pointers for both values and masks. This results in a large
stack, which some compilers warn about. It's not actually necessary
to have both arrays at the same time, so we can collapse this to a
single array.

Reported-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

ofproto-dpif: Use megaflows.

The commit configures the masks generated from megaflows and pushes
them through the dpif layer.

With this commit and a wildcard supporting OVS kernel module,
ovs-vswitchd's flow setup rate is very close to that of the Linux
bridge.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

dpif: Log flow masks for "put" and "dump_next".

When debugging the system, it's useful to not just see the key but
also the mask.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif: Handle failed flow 'put's.

If a flow cannot be installed in the datapath, we should notice
this and not treat it as installed. This becomes an issue with
megaflows, since a batch of unique flows may come in that generate
a single new datapath megaflow that covers them. Since userspace
doesn't know whether the datapath supports megaflows, each unique
flow will get a separate flow entry (which overlap when masks are
applied) and all except the first will get rejected by a megaflow-
supporting datapath as duplicates.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

odp-util: Introduce odp_flow_key_from_mask().

Add a new function for converting a mask into a set of
OVS_KEY_ATTR* attributes. This will be useful in a future commit.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

datapath: Return EEXIST on overlapping new flow request

Flow update still requires unmasked key to match. If not,
return EINVAL.

CC: Justin Pettit <jpettit@nicira.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

ovs-dpctl: Add mega flow support

Added support to allow mega flow specified and displayed. ovs-dpctl tool
is mainly used as debugging tool.

This patch also implements the low level user space routines to send
and receive mega flow netlink messages. Those netlink suppor
routines are required for forthcoming user space mega flow patches.

Added a unit test to test parsing and display of mega flows.

Ethan contributed the ovs-dpctl mega flow output function.

Co-authored-by: Ethan Jackson <ethan@nicira.com>
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath: Mega flow implementation

Add wildcarded flow support in kernel datapath.

Wildcarded flow can improve OVS flow set up performance by avoid sending
matching new flows to the user space program. The exact performance boost
will largely dependent on wildcarded flow hit rate.

In case all new flows hits wildcard flows, the flow set up rate is
within 5% of that of linux bridge module.

Pravin has made significant contributions to this patch. Including API
clean ups and bug fixes.

Co-authored-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>
[jesse: Additional documentation, fix memory leak, and improve validation.]
Signed-off-by: Jesse Gross <jesse@nicira.com>

tests: Tolerate init process pid != 1.

On Ubuntu Saucy based desktops, upstart runs with user sessions
enabled which means that the init process under which a daemon
might run is not always pid = 1.

Instead of checking for pid = 1, check to ensure that the parent
pid of the monitor is not the pid of the shell that started it.

Signed-off-by: James Page <james.page@ubuntu.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

vswitchd: Update flow-eviction-threshold documentation

Patch 27a88d1373cbfcceac6d901bbf1c17051aa7845f caused the vswitchd
documentation and the code to digress. This brings them back in line.

Signed-off-by: Joe Stringer <joe@wand.net.nz>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif: Tighten up megaflow wildcard handling.

A number of use-cases weren't handled properly when determining what can
be wildcarded for megaflows. This commit both catches additional fields
that cannot be wildcarded and loosens a few other cases.

Bug #17979

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ovs-xapi-sync: Cache the bridge-id value for non nicira-bridge-id too.

Currently we connect to xapi in case there are multiple
external_ids:xs-network-uuids to get the single bridge id everytime
we have a change in the database for all the interested columns in
ovs-xapi-sync. The xs-network-uuids value can also change whenever
new VLANs are added or deleted, which is a common use case. The
disadvantage with this approach is that we query XAPI more often
and set the bridge-id as "" if we don't get a valid response for
our query. This can take down the logical connectivity for all the
VMs on that xenserver.

Instead of looking at the PIF records for all the xs-network-uuids,
we can instead just look at the xapi record which has the same bridge
name as the OVS bridge name and then cache its uuid. This value will
hold true till the OVS bridge is recreated in which case we will re-read
the value.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

ofproto-dpif: Don't wildcard fields used in special processing.

A number of fields are looked at when determining whether special
processing (slow-path) is needed. This commit removes wildcarding when
they were consulted.

Reported-by: Ethan Jackson <ethan@nicira.com>
Reported-by: Paul Ingram <paul@nicira.com>
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ovs-xapi-sync: Retry getting bridge-ids in case xapi is not ready.

When there are multiple xs-network-uuids set for a bridge,
we query xapi to get the record that does not have a VLAN
associated with it. For cases when xapi does not respond,
retry again after a second.

During the times when xapi does not respond, set the value
as external_ids:bridge_id "".

Bug #17877.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

odp-util: Use proper formatting for ODP port number.

Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto: Fix use of uninitialized local variable.

Also make the table id arithmetic less confusing.

Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

tunnel: Don't wildcard TTL and TOS in some circumstances.

For tunnels, we need to handle the facet's wildcards specially in a
couple of cases:

    - Don't wildcard TTL for facets if "ttl" option is "inherit".
    - Never wildcard the ECN bits, since they are always inherited.
    - Wildcard the rest of the TOS field if the "tos" option is "inherit".

Issue #17911

Signed-off-by: Justin Pettit <jpettit@nicira.com>

ovsdb-server: Preserve remotes across crash and restart.

Commit b421d2af0ab (ovsdb-server: Add commands for adding and removing
remotes) made it possible to make ovsdb-server connect to OVS managers only
after ovs-vswitchd has completed its initial configuration. But this
results in an undesirable effect: whenever ovsdb-server crashes, the
monitor restarts its, but ovsdb-server can no longer connect to the manager
because the remotes were added during runtime and that information is lost
during the crash.

This commit fixes the problem.

Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif: Fix format specifier.

list_size() returns a size_t, not a uint64_t.

Found by GCC.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

ofproto-dpif: Print slow path actions in dpif/dump-megaflows.

It's often helpful to see what the slow path actions actual are. Print
them when "ovs-appctl dpif/dump-megaflows" is called.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: Use proper flow when using facets.

The handle_flow_miss_with_facet() function used the facet's flow
information instead of the missed flow. This corrects that.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: Never wildcard dl_type for "normal" action.

The is_gratuitous_arp() function is occasionally called when
processing the "normal" action. The previous code only disabled
wildcarding the dl_type field when the function was called, but
since it runs occasionally, it could lead to inconsistencies in the
facet table. This commit causes the dl_type to never be wildcarded
when the "normal" action is used.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: Store relevant fields for wildcarding in facet.

Dynamically determines the flow fields that were relevant in
processing flows based on the OpenFlow flow table and switch
configuration. The immediate use for this functionality is to
cache action translations for similar flows in facets. This yields
a roughly 80% improvement in flow set up rates for a complicated
flow table.

More importantly, these wildcards will be used to determine what to
wildcard for the forthcoming kernel wildcard (megaflow) patches
that will allow wildcarding in the kernel, which will provide
significant flow set up improvements.

The approach to tracking fields and caching action translations in
facets was based on an impressive prototype by Ethan Jackson.

Co-authored-by: Ethan Jackson <ethan@nicira.com>
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Signed-off-by: Justin Pettit <jpettit@nicira.com>

flow: Add new wildcard functions.

Rename the function flow_wildcards_combine() to flow_wildcards_and().
Add new flow_wildcards_or() and flow_hash_in_wildcards() functions.
These will be useful in a future patch.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
Signed-off-by: Justin Pettit <jpettit@nicira.com>

classifier: Add 'wc' argument to classifier_lookup().

A future commit will want to know what bits were significant during the
classifier lookup.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
Co-authored-by: Justin Pettit <jpettit@nicira.com>
Signed-off-by: Justin Pettit <jpettit@nicira.com>

flow: Add new flow_wildcards_fold_minimask() function.

This function will be useful in a future commit.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
Co-authored-by: Justin Pettit <jpettit@nicira.com>
Signed-off-by: Justin Pettit <jpettit@nicira.com>

ofproto-dpif: Consolidate facet stat logic.

The logic for updating statistics at the facet level had been
spread through ofproto-dpif in a rather confusing manner. This
patch consolidates as much of this logic as is reasonable into
facet_push_stats().

On a side note, I'd expect this patch to have a marginal positive
performance impact when using learning (though I haven't bothered
to measure it). It combines facet_learn() and facet_push_stats()
into one step allowing us to avoid a redundant xlate_actions().

Signed-off-by: Ethan Jackson <ethan@nicira.com>

ovsdb-idlc: Write a new-line at the end of "annotate" output.

Some tools do not like text files that lack a trailing new-line.  In
particular, Debian's dpkg-source utility complains about a missing new-line
in the file generated by ovsdb-idlc:

    dpkg-source: warning: file
    openvswitch-1.9.2+git20130605/lib/vswitch-idl.ovsidl has no final
    newline (either original or modified version)

This commit fixes the problem.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

dpif-netdev: Don't run port names through netdev_vport_get_dpif_port().

The ports that exist within a dpif have already been translated through
netdev_vport_get_dpif_port(), so there is no value to translating them
again in the interfaces that query or dump ports (and possibly a drawback
if somehow the translation could change).

After this change, dpif-netdev translates port names in just one place,
the port_add path, which makes dpif-netdev act the same way as dpif-linux
in this respect.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: Do not give stats to rules bypassed by "drop" frag policy.

When the OFPC_FRAG_DROP policy is in effect, IP fragments are supposed to
be dropped before they reach the flow table. Open vSwitch properly dropped
IP fragments in this case, but still accounted them to the packet and byte
counters for the flow that they would have hit if the OFPC_FRAG_NX_MATCh
policy had been in effect.

Reported-by: love you <thunder.love07@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: Don't count misses in OpenFlow table stats.

Originally no rule existed for packets that did not match an
OpenFlow flow and therefore every packet with a rule could be
counted as a hit. However, newer versions of OVS have hidden
miss rules so this is no longer true. To return the correct
table stats, this subtracts packets that hit the miss rule
from the total and removes the separate counter.

Reported-by: love you <thunder.love07@gmail.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

packets: Fix typo in reserved multicast Ethernet addresses.

The reserved multicast Ethernet addresses begin with 01:80:c2, not
01:08:c2.

Reported-by: Padmanabhan Krishnan <kprad1@yahoo.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

Always use valid ids pointer in dec_ttl_cnt_ids_from_openflow()

Always update the ids pointer after calling ofpbuf_put()
to ensure that it is valid when accessed.

During testing a case came up where the call to ofpbuf_put() in the
for (i = 0; i < ids->n_controllers; i++) loop would cause the underlying
buffer to be reallocated. This resulted in ids->n_controllers being an
incorrect value, the loop continuing on longer than desired and finally a
segmentation fault.

Reported-by: Joe Stringer <joe@wand.net.nz>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>

cfm: Update netdev when changed.

If ofproto decided to change the netdev of a particular ofport,
cfm_demand mode would improperly continue using the old netdev to
collect stats.

Bug #17583.
Signed-off-by: Ethan Jackson <ethan@nicira.com>

INSTALL: Add documentaion for hot upgrades.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

ovs-ctl.in: Restore flows with vswitchd packet processing disabled.

It has been observed that when we upgrade openvswitch with
thousands of openflow flows already established and there is heavy
traffic going through the switch, restoring flows can take a very
long time (8 minutes in one use case) with CPU running at 100%.
This can make the upgrade very expensive.

This commit starts vswitchd by asking it to wait till flow restore is
finished. Once the flows are restored, it resumes normal operations.

Bug #16086.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

ovs-ctl.in: Add manager after restoring flows.

Currently we are adding the manager after starting ovs-vswitchd.
Instead, add the manager after flow restore is completed.

Bug #16086.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

ovs-vswitchd: An option to wait for userspace flow restore to complete.

While upgrading openvswitch, it helps to restore openflow flows before
starting packet processing. Typically we want to restart openvswitch,
add the openflow flows and then start packet processing.

To do this, we look for the other_config:flow-restore-wait column
in the Open_vSwitch table during startup. If set as true, we disable
receiving packets from the datapath, expiring or flushing flows and
running any periodic ofproto activities. This option does not prevent
the addition and deletion of ports. Once this option is set to false,
we return to normal processing.

An upcoming commit will use this feature in Open vSwitch startup scripts.

Bug #16086.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

ofproto-dpif.c: Modify vsp_realdev_to_vlandev() function

Commit 52a90c29 (Implement new "VLAN splinters" feature) passed in OpenFlow
port number to vsp_realdev_to_vlandev() function which asks for datapath port
number.

This patch fixes this bug by making the vsp_realdev_to_vlandev() function
take in and return OpenFlow port number.

Signed-off-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif: Revamp xlate_actions() interface.

This patch implements a new interface to xlate_actions which, aside
from being simpler and more intuitive, achieves several goals. It
pulls all of xlate_actions() results into a single structure which
will be easier to cache and pass around in future. And it shields
xlate_ctx from the rest of the code, making it possible to factor
xlate_actions() in the future (hopefully).

Signed-off-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: Rename action_xlate_ctx.

This patch changes the name of action_xlate_ctx to xlate_ctx. Aside
from being a bit snappier, it fits more cleanly with structures
added in future patches.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: Move odp_actions from subfacet to facet.

Upon close inspection, it appears that it's not possible for
actions to differ between subfacets belonging to a given facet.
Given this fact, it makes sense to move datapath actions from
subfacets to their parent facets. It's both conceptually more
straightforward, and necessary for future threading and megaflow
work.

Co-authored-by: Justin Pettit <jpettit@nicira.com>
Signed-off-by: Ethan Jackson <ethan@nicira.com>

odp-util: Make slow_path_reasons mutually exclusive.

It's no longer possible for a single datapath flow to be slow
pathed for two different reasons. This patch updates the code to
reflect this fact (marginally simplifying it).

Signed-off-by: Ethan Jackson <ethan@nicira.com>

ofproto: Ditch SLOW_IN_BAND slow path reason.

Before this patch, when in band control was enabled, every DHCP
packet had to be sent to userspace to calculate it's actions.
Those DHCP packets intended for the local port would have a special
action added to ensure they actually make it there.  This
unnecessarily complicates the code, so this patch takes a slightly
different approach.  When in-band is enabled, *all* DHCP packets
must be sent to the local port.  This guarantees that
xlate_actions() returns the same result every time for a given
flow.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: Ditch SLOW_MATCH slow path reason.

Before this patch, datapath keys with ODP_FIT_TO_LITTLE, would be
assigned subfacets and installed in the kernel with a SLOW_MATCH
slow path reason.  This is problematic, because these flow keys
can't be reliable converted into a 'struct flow' thus breaking a
fundamental assumption of ofproto-dpif.  This patch circumvents the
issue by skipping facet creation for these flows altogether.  This
approach has the added benefit of simplifying the code for future
patches.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

ofpbuf: New helper ofpbuf_equal().

Used in future commits.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: Avoid redundant facet_find() in facet_lookup_valid().

Suggested-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: handle_flow_miss_common() without facets.

handle_flow_miss_common() is intended to be called whether or not a
miss needs a facet. Found by inspection.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

debian: Don't fail ovs-controller restart if daemon not running.

Reported-by: Maxime Brun <m.brun@alphalink.fr>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

ovs-xapi-sync: Handle exceptions from XAPI for get_single_bridge_id.

There are possibilities when records disappear underneath ovs-xapi-sync.
In this particular case, when VLAN network was deleted, the corresponding
record in bridge's external_ids:xs_network_ids column was not deleted by
xenserver. In situations like that handle the exceptions cleanly.

Bug #17390.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

cfm: Implement "demand mode".

The new CFM "demand mode" (named after BFD's demand mode) uses
data traffic to indicate interface liveness. It's helpful on
heavily congested networks where CCMs may be dropped.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

don't forget to define HAVE_BACKTRACE

Signed-off-by: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovs-xapi-sync: Handle multiple xs-network-uuids for xs 6.1.

For xenservers with version less than 6.1, interface reconfiguration
happened through interface-reconfigure scripts in this repo. In cases
where there were multiple xs-network-uuids for a single bridge,
interface-reconfigure script would add the network uuid associated
with the non-VLAN network as the first record. ovs-xapi-sync would
just blindly use the first record to create the bridge-id

But it looks like for xenserver 6.1, interface-reconfigure script
is no longer used and xenserver natively writes the xs-network-uuids.
So, in ovs-xapi-sync we no longer can copy the first value in
xs-network-uuids as bridge-id. This commit fetches the PIF record
for each xs-network-uuids and the network that does not have a VLAN
associated with it is copied over to bridge-id.

Bug #17090.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

datapath: Fix compilation with Linux kernel 3.7.

Definition of __sum16 and __wsum is moved to uapi header.
Following patch adds check in config script for second possible
header.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

ofproto-dpif: Make fin_timeout work when governor kicks in.

The xlate_actions() call in handle_flow_miss_without_facet() didn't
implement fin_timeout properly because tcp_flags wasn't getting set.

I have not tested that this fixes the problem, but it seems "obviously
correct".

Bug #16506.
Reported-by: Ying Chen <yingchen@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

INSTALL: Finish sentence about running tests with valgrind.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

flow: Fix IPv6 fragment packet handling

IPv6 fragmented packet (except first fragment) will not be handled
correctly. When extracting packet at parse_ipv6(), although nw_frag
should have both of FLOW_NW_FRAG_ANY and FLOW_NW_FRAG_LATER for
later fragment, only FLOW_NW_FRAG_LATER is set.

Signed-off-by: Takashi Kawaguchi <kawaguchi-takashi@mxd.nes.nec.co.jp>
Signed-off-by: Ken Ajiro <ajiro@mxw.nes.nec.co.jp>
Signed-off-by: Jesse Gross <jesse@nicira.com>

meta-flow: Make 'in_port' field writable.

OpenFlow says that an "output" action to a flow's input port is ordinarily
dropped, unless the flow explicitly outputs to OFPP_IN_PORT.  We've
occasionally been asked to implement some way to avoid this behavior in
cases where it is not easily known in advance whether a given port is the
input port (so that OFPP_IN_PORT is not easy to use).

This commit implements such a feature.  With this commit, one may write:
    actions=load:0->NXM_OF_IN_PORT[],output:123
which will output to port 123 regardless of whether it is the input port.
If the input port is important, then one may save and restore it on the
stack:
    actions=push:NXM_OF_IN_PORT[],load:0->NXM_OF_IN_PORT[],output:123,
            pop:NXM_OF_IN_PORT[]

(Sometimes I am asked whether "resubmit" changes the in_port and would
therefore interact badly with this feature.  It does not.   "resubmit" only
(optionally) changes the in_port used for the resubmit's flow table lookup.
It does not otherwise have any effect on in_port.)

Bug #14091.
CC: Jarno Rajahalme <jarno.rajahalme@nsn.com>
CC: Ronghua Zhang <rzhang@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif: Avoid figuring out sFlow and IPFIX actions twice.

Not only is it easier to re-use the actions we already have, this avoids
potential problems due to the state that add_sflow_action() and
add_ipfix_action() look at having possibly been changed by
do_xlate_actions(). Currently those functions appear to look only at
the flow's 'in_port', which currently can't change. However, an upcoming
commit will make it possible for actions to change the flow's 'in_port',
and in addition, with this change, one doesn't have to wonder whether these
functions might look at other state that translation might change.

Signed-off-by: Ben Pfaff <blp@nicira.com>

ovs-pki: Reduce CA certificate validity to 10 years to fix 32-bit OpenSSL.

Before I applied this commit, when I generated CA certificate with OpenSSL
0.9.8o on my 32-bit Debian system, I got a certificate that expired
sometime in 1977. This made all SSL-based tests fail with an invalid
certificate.

32-bit time_t only extends to 2038, so this must be a bug in OpenSSL.
This commit works around the problem by reducing the validity period of
certificates to 10 years.

CC: Gurucharan Shetty <gshetty@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovsdb-client: Fix recently introduced svec_sort() bug.

Commit 66980be9 (ovsdb-client: Avoid assertion with multiple databases.)
passed in a pointer to an svec pointer, when it should have just been an
svec pointer. This corrects the bug.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

ovsdb-client: Avoid assertion with multiple databases.

When using ovsdb-client with an ovsdb-server with multiple databases, an
assertion could trigger due to them being returned in non-sorted order.
This commit changes the fetch_dbs() function to always return databases
in sorted order, since both callers are expecting that behavior.

Bug #16882

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Reported-by: Spiro Kourtessis <spiro@vmware.com>

netdev-bsd: Use UINT64_MAX for unsupported stats.

As documented in netdev-provider.h for the get_stats method.

Signed-off-by: Ed Maste <emaste@freebsd.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>

Change sFlow model to reflect per-bridge sampling

Until now, we were presenting a separate sFlow data-source (sampler) for
each ifIndex-interface.  This caused problems with samples that did not
easily map to an ifIndex being aliased together and breaking the sFlow
containment rules.  This patch changes the model to present a single sFlow
data-source for each bridge.  Now we can still make all reasonable effort
to map packet samples to ingress/egress ifIndex numbers, knowing that the
fallback to "unknown" does not break the sFlow model.  Note that
interface-counter-polling is still handled the same way as before, with
sFlow counter-polling data only being exported for ifIndex-interfaces.

Signed-off-by: Neil Mckee <neil.mckee@inmon.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

dpif-linux: Close channel Netlink sockets when a port number gets recycled.

When ovs-vswitchd deletes a port with dpif_linux_port_del(), that function
uses del_channel() to delete the corresponding channel, including closing
its Netlink socket fd. However, if the vport gets removed by some other
process (e.g. "ip link delete" for veths) then this function never gets
called and thus the channel never gets deleted.

This commit partially fixes the problem. Now, if a port number gets
reused, add_channel() closes the old Netlink socket assigned to that port
before it installs the new one.

Bug #16784.
Reported-by: Paul Ingram <paul@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

Revert "Prepare for post-1.11.0 (1.11.90)."

This reverts commit 9f31efc731090e8d33236c55a4adbf461f3acbd1.

This is the 1.11.0 release, so this patch doesn't belong.

Set release date for 1.10.0.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

ovs-sandbox: Use $schema for creating the db.

The code here went to some trouble to properly set $schema and then
ignored it.

Signed-off-by: Duffie Cooley <dcooley@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif: Fix 'size' argument to fix_sflow_action().

The sflow action only uses 8 bytes of the total 16 for user_action_cookie,
but fix_sflow_action() was checking for the presence of all 16, so if the
sflow action wasn't followed by a few other actions then 'cookie' would
end up NULL and the assertion would segfault.

Bug #16659.
Reported-by: Dhaval Badiani <dbadiani@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

worker: Prevent worker from being responsible for pidfile deletion.

Currently we are creating the worker process after creation of the pidfile.
This means that the responsibility of deleting the pidfile after process
termination rests with the worker process.

When we restart openvswitch using the startup scripts, we SIGTERM the main
process and once it is cleaned up, we start ovs-vswitchd again. This results
in a race condition. The new ovs-vswitchd will create a pidfile because it is
unlocked. But, if the old worker process exits after the start of new
ovs-vswitchd, it will simply delete the pidfile underneath the new ovs-vswitchd.
This will eventually result in multiple ovs-vswitchd daemons.

This patch gives the responsibility of deleting the pidfile to the main
process.

Bug #16669.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

vswitchd: Disable system stats collection on a concurrently running daemon.

There are very rare cases (ex: ovs-vswitchd.pid is inadvertantly deleted),
when multiple ovs-vswitchd daemons can end up running at the same time.
In a situation like that one of the daemons can wait on the poll()
with a 0 ms wait time as it would be expecting system stats to be collected.

But system stats are never run for the daemon that does not have the
lock on the database and hence it takes up 100% of the CPU if its state
machine for stats collection previously was S_WAITING.

With this patch, we disable the system stats collection for the daemon that
does not have the database lock. When it eventually gets the lock on the
database, system stats are automatically enabled if other_config:\
enable-statistics=true.

Bug #16669.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

netlink-socket: Use xmalloc() instead of malloc().

This was the only obvious use of bare malloc() in the tree, other
than in the implementation of wrapper functions.

Signed-off-by: Ben Pfaff <blp@nicira.com>

netlink-socket: Minor style fix.

Signed-off-by: Ben Pfaff <blp@nicira.com>

timeval: Remove prototype for unimplemented function.

Signed-off-by: Ben Pfaff <blp@nicira.com>

Prepare for post-1.11.0 (1.11.90).

Signed-off-by: Justin Pettit <jpettit@nicira.com>

Prepare for 1.11.0

Signed-off-by: Justin Pettit <jpettit@nicira.com>

datapath: Use generic struct pcpu_tstats.

Rather than defining ovs specific stats struct (vport_percpu_stats),
we can use existing pcpu_tstats to achieve exactly same functionality.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

dpif-netdev: Update max_mtu correctly.

What a dumb bug.

Signed-off-by: Ben Pfaff <blp@nicira.com>

vxlan: Correct comments and NEWS to reflect IANA port assigment.

Signed-off-by: Jesse Gross <jesse@nicira.com>