git.cascardo.info Git - cascardo/ovs.git/log

ovs-bugtool: Remove calls of ovs-ofctl on ovs-system.

With single datapath, making ovs-ofctl calls on ovs-system
does not give the necessary o/p. This patch removes those calls.

The next patch adds the correct commands to bugtool plugin scripts.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

bridge: Rate-limit updates to "instant stats".

Some information in the database must be kept as up-to-date as
possible to allow controllers to respond rapidly to network outages.
We call these statistics "instant" stats.

Until now, the instant stats have been updated on every trip through
the main loop.  This work scales with the number of interfaces that
ovs-vswitchd manages.  With CFM enabled on 5000 interfaces, even with
a low transmission rate, we see ovs-vswitchd using 100% CPU just to
maintain statistics, even with no actual changes.

This commit rate-limits updates to instant stats to at most 10 times
per second.  Earlier tests I did with similar patches showed a major
reduction in CPU usage.  I have not rerun those tests with this patch,
but I expect that the CPU usage should similarly decline.

CC: Ram Jothikumar <rjothikumar@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

debian: Re-add --timeout option for ifupdown script.

Commit fba6bd1d3f(ovs-vsctl: Try connecting only once for active connections..)
removed the timeout option from ifupdown.sh. Removing the "--timeout=" option
can cause ifupdown script to hang if ovs-vswitchd is not running and ifupdown
script changes the OVSDB. So, re-add it.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

ovs-vsctl: Try connecting only once for active connections by default.

Until now, ovs-vsctl has kept trying to the database server until it
succeeded or the timeout expired (if one was specified with --timeout).
This meant that if ovsdb-server wasn't running, then ovs-vsctl would hang.
The result was that almost every ovs-vsctl invocation in scripts specified
a timeout on the off-chance that the database server might not be running.
But it's difficult to choose a good timeout.  A timeout that is too short
can cause spurious failures.  A timeout that is too long causes long delays
if the server really isn't running.

This commit should alleviate this problem.  It changes ovs-vsctl's behavior
so that, if it fails to connect to the server, it exits unsuccessfully.
This makes --timeout obsolete for the purpose of avoiding a hang if the
database server isn't running.  (--timeout is still useful to avoid a hang
if ovsdb-server is running but ovs-vswitchd is not, for ovs-vsctl commands
that modify the database.  --no-wait also avoids that issue.)

Bug #2393.
Bug #15594.
Reported-by: Jeff Merrick <jmerrick@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ipsec: unset IPSEC_MARK flag from skb_mark after tunnel packet is decapsulated

After tunnel packet is unencapsulated we should unset IPsec flag from
skb_mark.

Otherwise, IPsec policies would be applied one more time on internal
interfaces, if there is one. This is especially necessary after we
will introduce global, low-priority IPsec drop policy that will make
sure that we never let through marked but unencrypted packets.

Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Issue: 15074

ovs-bugtool: Add ovs-ctl.log to debug bundle.

ovs-ctl.log will include the o/p of ovs-ctl when
run from rhel, debian and xenserver startup scripts.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

debian, rhel, xenserver: Ability to collect ovs-ctl logs.

We use ovs-ctl from startup scripts to start, stop, restart,
force-reload-kmod OVS daemons. ovs-ctl gives quite a descriptive
o/p while running the above commands. But the o/p goes to stdout.
Sometimes, this output is quite useful to debug issues.

With this patch, we store the o/p of ovs-ctl when called from
startup scripts in /var/log/openvswitch/ovs-ctl.log

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

tunnel: Remove references to multicast tunnels in schema documentation.

The vestigal multicast support in tunnels has been removed at this
point, so this deletes the remaining references in the documentation.

Reported-by: Guangvy <1965837689@qq.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

datapath: Check for Centos 6.4 backports.

Centos 6.4 backported a number of additional functions so our existing
versions started causing conflicts.

Reported-by: Denis Iskandarov <d.iskandarov@gmail.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

bridge: Store the 'mac_in_use' for interfaces in OVSDB.

It can be useful to remotely determine the MAC addresses of attached
interfaces without going through OpenFlow. This adds the MAC address to
a new 'mac_in_use' column on the Interface table.

Feature #15551

Requested-by: Paul Ingram <paul@nicira.com>
Signed-off-by: Justin Pettit <jpettit@nicira.com>

datapath: Reduce loop limit by one to 4.

We currently allow five trips through the kernel datapath
before dropping the packet to protect the stack. However, there
have been a few reports recently involving tunneling that this is
still too much. Although it's not a complete solution, this reduces
the limit by one to balance safety in common situations with
flexibility.

Bug #15477

Reported-by: Paul Ingram <paul@nicira.com>
Reported-by: 謝秉融 <faithfulman@gmail.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

connmgr: Fix memory leak in ofconn monitor table.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ovsdb: Fix memory leak.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

Set dates for 1.9.0 release.

This also sets the dates for 1.8.0, even though it was an internal-only
release.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

NEWS: Note tunneling feature removals in the correct release.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Conflicts:
NEWS

Add table_id to NXM flow_removed messages.

Feature #15466.
Requested-by: Ronghua Zhang <rzhang@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif: Fix up user specifying wrong bridge on "ofproto/trace".

If there is more than one bridge, then it's easy to specify the wrong one
on an ofproto/trace command.  Previously, this would produce surprising
results.  With this commit, "ofproto/trace" should silently fix up the
problem.

It would be nice to not require the user to specify a bridge at all, but
it's theoretically possible to have more than one backer, in which case we
need some way to distinguish, and a bridge name is as good an identifier
as we have.  We could ask the user to specify the datapath_type, I guess,
but that's a less familiar name to most users and it would be a somewhat
gratuitous change in synatx for ofproto/trace.

Bug #15419.
Reported-by: Paul Ingram <paul@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif: Print slow-path actions instead of "drop" in dump-flows.

The command "ovs-appctl dpif/dump-flows" would print slow-path actions
as "drop", which could be confusing to users. This is different from
"ovs-dpctl dump-flows", which prints a descriptive reason. This commit
replaces "drop" with the reason.

Bug #14840

Signed-off-by: Justin Pettit <jpettit@nicira.com>

timeval: Avoid backtrace() from signal handler on x86-64.

backtrace() is really useful, but it is not signal safe everywhere. We
need to reassess whether it is reasonable to use it anywhere, but
immediately we need to disable it on x86-64 (with glibc) because it is
causing segfaults in testing.

Bug #15497.
Reported-by: Ram Jothikumar <rjothikumar@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

tunnel: Mark ECN status on decapsulated tunnel packets.

In the kernel tunnel implementation, if a packet was marked as ECN CE on
the outer packet then we would carry this over to the inner packet on
decapsulation. With the switch to flow based tunneling, this stopped
happening. This commit reintroduces that behavior by using the set IP
header action.

Bug #15072

Signed-off-by: Justin Pettit <jpettit@nicira.com>

tunnel: Generate datapath flows for tunneled packets dropped due to ECN.

Move the check for whether tunneled packets should be dropped due to
congestion encountered (CE) when the encapsulated packet is not ECN
capable (non-ECT). This also adds some additional tests for ECN
handling on tunnel decapsulation.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

ofproto-dpif: Store the initial tunnel IP TOS values for later use.

When a packet arrives on an IP tunnel, store the TOS value for later
use. This value will be used in a couple of future commits.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

ofproto-dpif: Make initial packet value handling generic.

For VLAN splinters, an "initial_tci" value was introduced that is passed
around during flow processing to be used later for action translation.
This commit switches to passing around a struct so that additional
values beyond TCI can be used. A future commit will use this.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

ofproto-dpif: Pass around "facet" in flow_push_stats().

The flow_push_stats() function will need other members of the "facet"
structure in a future commit.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

tunneling: Simplify ovs_tnl_send() error handling code.

Following commit slightly improves code readability. It is
also correctness fix as ip_local_out() was storing error
code in err which was not int.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

Tunnel: Cleanup old tunnel infrastructure.

Since userspace flow based tunneling code is checked in, the kernel
port based tunneling code can be removed.

Patch removes following components:
- tunnel ports hash table and moved tunnel ports list to individual
vports.
- Cleaned per tnl-port config.
- OVS_KEY_ATTR_TUN_ID action is removed.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Bug #15078

datapath: Remove CAPWAP tunneling support.

The CAPWAP implementation is just the encapsulation format and
therefore really not the full protocol. While there were some
uses of it (primarily hardware support and UDP transport). But
these are most likely better provided by VXLAN.

Following patch removes CAPWAP tunneling support.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

timeval: Increase accuracy of cached time 4X, from 100 ms to 25 ms.

With CFM and other tunnel monitoring protocols, having a fairly precise
time is good. My measurements don't show this change increasing CPU use.
(In fact it appears to repeatably reduce CPU use slightly, from about
22% to about 20% with 1000 CFM instances, although it's not obvious why.)

Bug #15171.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

timeval: Enable caching the current time even on x86-64.

With CFM enabled on 1000 tunnels, this reduced CPU use from about 30% to
about 22%.

Bug #15171.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ovsdb-idlc: Make no-op writes to write-only columns cheaper.

For 1000 tunnels with CFM enabled, this reduces CPU use from
about 36% to about 30%.

Bug #15171.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

datapath: Fix circular dependency between bug.h and kernel.h.

In Linux 3.4 the definition for BUILD_BUG_ON_NOT_POWER_OF_2 was
moved from kernel.h to bug.h. On various kernels these header
files include each other in various orders (often through a
long chain of other header files), which can create circular
dependency issues. Since we not longer need this definition,
this simply removes the backport.

Reported-by: Palo Andi <andi@dis.uniroma1.it>
Signed-off-by: Jesse Gross <jesse@nicira.com>

ovs-ctl.in: Restore interfaces and ofports for userspace restarts.

When we upgrade from pre-1.9 to 1.10 or later branches, when just
the user space daemons are restarted, with the older kernel module
intact, datapaths are recreated.

This results in loosing the internal interface states like ip addresses,
routing table entries etc. Also, the 'ofport' value of the older interfaces
change.

With this patch we restore the interface states, ofport values etc,
when "ovs-ctl restart" or "/etc/init.d/openvswitch[-switch] restart
--save-flows" is called. The later command is automatically called
when debian packages are installed.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

ovs-ctl.in: Clean up code for the next commit.

Previously, we would null the variables holding the names of the restore
scripts in case there were any errors in creating the restore script or if
we did not need to run a particular restore script. That is not necessary,
as we can just check the execution permission set on those scirpts.

Also, carve out a couple of functions which will be used in the next commit.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

datapath: Increase maximum allocation size of action list.

The switch to flow based tunneling increased the size of each output
action in the flow action list. In extreme cases, this can result
in the action list exceeding the maximum buffer size.
This doubles the maximum buffer size to compensate for the increase
in action size.
Action list is recieved from netlink callback which is allocating
linear-skb, therefore allocating another multi-page buffer would
not increase probability of the allocation-failure a lot.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Bug #15203

Revert "datapath: Increase maximum allocation size of action list."

This reverts commit 649b1c68fdd39316e3bcea21ce5464da614a6691.
This patch introduced bug by calling vfree() from interrupt context.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

netdev-linux: Fix netdev_linux_send() return value in corner case.

A negative 'sock' means there was an error but netdev_linux_send() returns
a positive errno value on error.

Signed-off-by: Ben Pfaff <blp@nicira.com>

nx-match: Correct writing of value and length in set_field_to_ofast()

ofpbuf_put_* may reallocate the underlying buffer of the ofpbuf and
thus writing data after a ofpbuf_put_* call must write to memory
relative to the pointer returned by the call.

Prior to this change the length and trailing value would not be written to
the set_field action if ofpbuf_put_* may reallocated the underlying buffer.

Also make use of ofpbuf_put_zero() to avoid calling memset() directly.

Tested-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif: Handle tunnel config changes in facet_revalidate().

For most of the history of Open vSwitch, one could assume that a
given datapath flow key would consistently translate into the same
userspace struct flow representation.  However, with the switch to
flow based tunneling, we now have a situation where a database
configuration change can cause a datapath flow key's in_port to
correspond to a completely different OpenFlow in_port possibly on a
completely different bridge.  This can cause all sorts of problems,
including traffic black holes due to confused facet revalidations.

To solve the problem, this patch verifies that each facet's
subfacets still result in the appropriate struct flow.  If a facet
fails this test, it is simply removed.

Bug #15213.
Signed-off-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: Ignore subfacet install errors.

When we fail to install a subfacet, there's not much we can do
other than note that it happened.  However, doing this requires us
to maintain a pointer to a subfacet which theoretically could be
destroyed by facet_revalidate() later.  This patch solves the
problem by simply assuming dpif_flow_put() always succeeds.  This
should have no effect on behavior.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: Always maintain subfacet key.

Due to flow based tunneling, we can no longer assume that it's
possible to reconstruct a subfacet's key from its facet's flow.
The flow's in_port may be stale due to tunnel configuration
changes.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

tests: Remove LISP unit test.

LISP doesn't exist yet in Open vSwitch 1.10, so the test fails
(correctly). This removes the test from this release.

Signed-off-by: Jesse Gross <jesse@nicira.com>

tests: Add VXLAN and LISP tunnel tests to the unit test infrastructure.

Signed-off-by: Kyle Mestery <kmestery@cisco.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

ofproto: Create and delete tnl_backers in type_run()

Garbage collect tnl_backers during type_run(). Add new
tnl_backers if a VXLAN port's UDP port changes.

Signed-off-by: Kyle Mestery <kmestery@cisco.com>
Signed-off-by: Ethan Jackson <ethan@nicira.com>

vxlan: Change dpif_backer->tnl backer to a "struct simap"

Move dpif_backer->tnl_backers from a "struct sset" to a
"struct simap". Store odp_port in the new map. This will make it easier to
access the odp_port for future patches.

Signed-off-by: Kyle Mestery <kmestery@cisco.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

dpif-linux: Fix byte-swapping direction in nl_msg_put_u16() call.

OVS_TUNNEL_ATTR_DST_PORT expects a u16, tnl_cfg->dst_port is a be16, so
we want ntohs() instead of htons().

In practice htons() and ntohs() perform the same operation, so this does
not fix a real bug.

Found by sparse.

Signed-off-by: Ben Pfaff <blp@nicira.com>

Modify dpif_linux_port_add() to set the destination port for VXLAN ports.

Signed-off-by: Kyle Mestery <kmestery@cisco.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

vxlan: Update netdev_vport_get_dpif_port() to support VXLAN port names

Modify netdev_vport_get_dpif_port() to return a name for
VXLAN ports which includes the destination UDP port number as a part of the
name.

Signed-off-by: Kyle Mestery <kmestery@cisco.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

vxlan: Add utility functions to the simap data structure.

Add utility functions to the simap structure. These are
used by future patches in this seris. The functions added are.

Signed-off-by: Kyle Mestery <kmestery@cisco.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

in-band: Use "internal" netdev type for local ports.

A bridge's local port always has type "internal", so opening it
with type "system" can't be correct.  This was causing upgrade
problems.  Specifically, in certain bridge topologies, if there was
a manager set force-reload-kmod would fail.  This is because the
local port netdev would open in the in-band code with type
"system", confusing the more important netdev_open() in
iface_create().

Bug #15067.
Signed-off-by: Ethan Jackson <ethan@nicira.com>

vxlan: new draft revision

The VXLAN draft just got updated from -02 to -03, with no major changes.
Update documentation to reflect the change.

Signed-off-by: Lorand Jakab <lojakab@cisco.com>
Acked-by: Kyle Mestery <kmestery@cisco.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

datapath: fix the calculation of checksum for vlan header

In vlan_insert_tag(), we insert a 4-byte VLAN header _after_
mac header:

        memmove(skb->data, skb->data + VLAN_HLEN, 2 * ETH_ALEN);
        ...
        veth->h_vlan_proto = htons(ETH_P_8021Q);
        ...
        veth->h_vlan_TCI = htons(vlan_tci);

so after it, we should recompute the checksum to include these 4 bytes.
skb->data still points to the mac header, therefore VLAN header is at
(2 * ETH_ALEN = 12) bytes after it, not (ETH_HLEN = 14) bytes.

This can also be observed via tcpdump:

         0x0000:  ffff ffff ffff 5254 005d 6f6e 8100 000a
         0x0010:  0806 0001 0800 0604 0001 5254 005d 6f6e
         0x0020:  c0a8 026e 0000 0000 0000 c0a8 0282

Similar for __pop_vlan_tci(), the vlan header we remove is the one
overwritten in:

memmove(skb->data + VLAN_HLEN, skb->data, 2 * ETH_ALEN);

Therefore the VLAN_HLEN = 4 bytes after 2 * ETH_ALEN is the part
we want to sub from checksum.

Cc: David S. Miller <davem@davemloft.net>
Cc: Jesse Gross <jesse@nicira.com>
Signed-off-by: Cong Wang <amwang@redhat.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

datapath: Increase maximum allocation size of action list.

The switch to flow based tunneling increased the size of each output
action in the flow action list.  In extreme cases, this can result
in the action list exceeding the maximum buffer size.

This doubles the maximum buffer size to compensate for the increase
in action size.  In the common case, most allocations will be
less than a page and those uses kmalloc.  Therefore, for the majority
of situations, this will have no impact.

Bug #15203
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

ofproto-dpif: Look at the flow's ofproto when handling flow misses.

When handling flow misses, an attempt is made to group identical packets
together.  Before the single datapath, each OpenFlow port number was
unique, so the flow_equal() function was sufficient to check whether
packets are identical.  With the single datapath, the OpenFlow port
numbers are shared across bridges, so packets that arrive at the same
time and are identical other than their ingress port were being serviced
by the same ofproto instance.  This commit changes the duplicate flow
finding function to take the ofproto into account.

Bug #14934

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

datapath: Fix parsing invalid LLC/SNAP ethertypes

Before this patch, if an LLC/SNAP packet with OUI 00:00:00 had an ethertype
less than 1536 the flow key given to userspace in the upcall would contain the
invalid ethertype (for example, 3). If userspace attempted to insert a kernel
flow for this key it would be rejected by ovs_flow_from_nlattrs.

This patch allows OVS to pass the OFTest pktact.DirectBadLlcPackets.

Signed-off-by: Rich Lane <rlane@bigswitch.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

ofproto-dpif: Receive special packets on patch ports.

Commit 0a740f48293 (ofproto-dpif: Implement patch ports in
userspace.) allowed special packets (i.e. LACP, CFM, etc) to be
sent on patch ports, but not received. This patch implements the
logic required to receive special packets on patch ports.

Bug #15154.
Signed-off-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: Reduce number of get_ofp_port() calls during flow xlate.

Until now the flow translation code has done one get_ofp_port() call
initially to check for special processing, then one for each level of
action processing.  Only one call is actually necessary, though, because
the in_port of a flow doesn't change in ordinary circumstances, and so this
commit eliminates the unnecessary calls.

The one case where the in_port can change is when a packet passes through
a patch port.  The implementation here was buggy anyway: when the patch
port's peer had forwarding disabled by STP, then the code would drop all
ODP actions, even those that were executed before the packet crossed the
patch port.  This commit fixes that case.

With a complicated flow table involving multiple levels of resubmit, this
increases flow setup performance by 2-3%.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

tunnel: set skb mark for IPsec tunnel packets

The new ovs-monitor-ipsec implementation will use skb marks in
IPsec policies. This patch will configure datapath to use these
skb marks for IPsec tunnel packets.

Issue: 14870
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

datapath: use skb_mark for route lookups

If IPsec policy uses skb mark, then we have to do route look up
with skb mark as well.

Issue: 14870
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

ipsec: prepare IPsec for flow based tunneling

This patch removes unused TNL_F_IPSEC flag.

Issue: 14870
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

datapath: Call genlmsg_end in queue_userspace_packet

Without genlmsg_end the upcall message ends (according to nlmsg_len) after the
struct ovs_header.

Signed-off-by: Rich Lane <rlane@bigswitch.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

ofp-msgs: ensure that l2 is set in ofpmp_reserve()

Ensure that the buffer returned by ofpmp_reserve() has buf->l2 set
as this may be required by nxm_reg_load_to_nxast() when generating
the reply to an stats request

This problem was observed when dumping a large number of flows
with set_field actions using ovs-ofctl dump-flows.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Co-authored-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Simon Horman <horms@verge.net.au>

ovs-ctl.in: Don't execute the restore ofport script in some cases.

While upgrading from openvswitch1.10, we need not restore ofports
across force-reload-kmod.

This patch fixes a bug wherein 'force-reload-kmod' command
tried to execute an empty script that did not have '+x' in
file permissions.

Bug #15067
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

stream-unix: Use rundir as root for relative paths.

Until now, "unix:" and "punix:" paths that are not absolute have
been considered relative to the current working directory. It
is more useful to consider them relative to the rundir, so this
commit makes that change to the C and Python implementations of
the stream code.

This commit also relaxes the whitelist check in the bridge code
so that any name that does not contain a "/" is considered OK.

Signed-off-by: Pavithra Ramesh <paramesh@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

tunnel: Treat in_key=0 the same as a missing in_key.

The documented behavior of ovs is that a missing key is the
same as a zero key.  However, the tunneling code actually treated
them differently.  This could cause problems with tunneling modes
such as vxlan which always have a key.  Specifically, a tunnel with
no key configured, would send have to send traffic with a key of
zero.  However, the same tunnel would drop incoming traffic with a
zero key because it was expecting there to be none at all.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

tunnel: Log tunneling changes at INFO level.

These log messages occur infrequently, and are quite useful when
debugging problems after the fact. So they should be logged at
info level which makes them more readily available.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

datapath: Fix ovs_vport_cmd_new return value on success

This bug was introduced in 1fc7083d (datapath: Remove vport MAC address
configuration.)

Signed-off-by: Rich Lane <rlane@bigswitch.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

datapath: Fix ovs_vport_cmd_del return value on success

If the pointer does not represent an error then the PTR_ERR macro may still
return a nonzero value. The fix is the same as in ovs_vport_cmd_set.

Signed-off-by: Rich Lane <rlane@bigswitch.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

Prepare for 1.10.0.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

NEWS: Rearrange announcements related to 1.10 and 1.9.

Suggested-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Justin Pettit <jpettit@nicira.com>

NEWS: Mention experimental support for newer versions of OpenFlow.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

NEWS: Correct some items incorrectly stating they arrived in 1.9.0.

A few items were listed as arriving in 1.9.0, but they actually were new
to 1.10.0.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

FAQ: Add an entry describing the different ways to dump flows.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

python/ovs/db/types: Fix English grammar for enums with one member.

Before this change, enums that have one member were formatted as, e.g.:
"one of xyzzy, , or "
This changes them to be formatted as:
"must be xyzzy"
which makes much more sense.

(An enum with one member may make some sense if you are trying to leave
the possibility for future expansion.)

Signed-off-by: Ben Pfaff <blp@nicira.com>

FAQ: Add question and answer about PPP.

We've had this question a few times lately.

Signed-off-by: Ben Pfaff <blp@nicira.com>

tunneling: Don't send ICMP messages if no tunnel port is found.

Some tunnel code in OVS (for example, CAPWAP) uses the skb->cb to
store information while processing packets.  However, if we don't
find an appropriate tunnel port on receive, then we send an ICMP
port unreachable message, which calls back into the IP stack.  The
stack assumes that skb->cb will still contain valid information
about from the IP layer, including any IP options.  As a result,
icmp_echo_options() can read the garbage values from OVS and
overwrite data on the stack, panicing the machine.

This simply stops sending ICMP messages when ports are not found.
Many people find them confusing and flow based tunneling will
never send them (since it always finds a port) so it solves both
problems at once.

Bug #14880

Reported-by: Deepesh Govindan <dgovindan@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Kyle Mestery <kmestery@cisco.com>

Use is_pow2() function, where possible, instead of IS_POW2 macro.

The IS_POW2 macro is meant for use in contexts where a function call is not
allowed.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

socket-util: Use set_nonblocking() helper function.

There's no reason to inline this when we have a helper for it.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

timeval: Avoid unnecessary integer overflow in time_alarm().

Durations longer than 4294967 seconds would unnecessarily overflow in the
multiplication here.

Found by Coverity.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

worker: Use ovs_retval_to_string() where EOF is a possible return value.

Found by Coverity.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

unixctl: Use ovs_retval_to_string() where EOF is a possible value.

jsonrpc_transact_block() might return EOF so passing its return value to
strerror() isn't general enough.

It might be better to change jsonrpc_transact{_block}() to never return
EOF, since a closed connection seems like it is always an error in that
context.

Found by Coverity.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

netdev-linux: Check return value of set_nonblocking().

It's unlikely to fail but checking it can't hurt.

Found by Coverity.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

process: Check return value of set_nonblocking().

It's unlikely to fail but checking it can't hurt.

Found by Coverity.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

bridge: Rename iface_create() variable to avoid hiding parameter.

This function has a parameter 'ofp_port' and a local variable 'ofp_port',
so rename the local variable to reduce confusion.

Found by Coverity.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ofp-util: Rename ofputil_port_from_string() variable to avoid hiding param.

This function has a parameter 's' and a local variable 's', so rename the
local variable to reduce confusion.

Found by Coverity.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

vlog: New function vlog_set_levels_from_string_assert().

Two of the users of vlog_set_levels_from_string() in the tests could have
silently failed, if their arguments were invalid. This avoids that problem
(and a memory leak).

Found by Coverity.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ofp-parse: Ignore "idle_age" and "hard_age" when parsing a flow string.

It should be possible to feed to output of "ovs-ofctl dump-flows" to
"ovs-ofctl add-flows".  However, some of the metadata needs to be
ignored.  "idle_age" and "hard_age" was recently added to the output of
"ovs-ofctl dump-flows", but they were not ignored like the other
metadata.  This commit ignores them.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

netlink-socket: Don't bother logging SO_RCVBUFFORCE failure as non-root.

Some Open vSwitch utilities can do useful work when they are not run as
root. Without this commit, these utilities will log a warning on failure
to use the SO_RCVBUFFORCE socket option if they open any Netlink sockets.
This will always happen, it does not report anything unexpected or
fixable as non-root, and sometimes it makes users wonder if something is
wrong, so there is no benefit to logging it. This commit drops it in that
case.

Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif: Fix memory leak in port_dump_next().

The caller of port_query_by_name() is responsible for freeing the
ofproto_port that it returns on success, but ofproto-dpif did not do this.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ovs-ctl: Update comment.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Kyle Mestery <kmestery@cisco.com>

ofproto-dpif: Clear revalidation flags only once, not per-ofproto.

Found by inspection.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ovsdb-tool: Fix memory leak on error path in "show-log" implementation.

Found by Coverity.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ovsdb-idl: Fix memory leak on error path.

Found by Coverity.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

meta-flow: Add missing "break" to mf_set_wild().

Found by Coverity.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

meta-flow: Avoid null pointer dereference in mf_format_frag_string().

The 'maskp' parameter to this function can be NULL, but the function
always dereferenced it. This commit fixes the problem.

This commit also fixes the order in which the value and mask were adjusted
to correctly discard 1-bits outside of FLOW_NW_FRAG_MASK.

Found by Coverity.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ovs-ctl: Fix a couple of typos.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

netdev-vport: Build on all platforms.

This patch removes the final bit of linux specific code which
prevents building netdev-vport everywhere. With this, other
platforms automatically get access to patch ports, and (if their
datapath supports it), flow based tunneling.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

tests: Add tunnel unit tests.

This commit adds unit tests which exercise the flow based
tunneling code added in previous patches.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

lib: Switch to flow based tunneling.

With this patch, ovs-vswitchd uses flow based tunneling
exclusively.  I.E. each kind of tunnel shares a single tunnel
backer in the datapath.  Tunnel headers are set by userspace using
the ipv4_tunnel datapath action.  And, the configuration of
individual tunnels is now a userspace responsibility, so
netdev-vport no longer marshals and unmarshals Netlink attributes
for tunnel configuration, instead only storing the configuration
internally.  There are still some significant pieces of work to do,
but the basic building blocks are there to begin testing.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
Co-authored-by: Jesse Gross <jesse@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

tunnel: Userspace implementation of tunnel manipulation.

The kernel tunneling code currently needs to handle a large number
of operations when tunnel packets are encapsulated and
decapsulated. Some examples of this are: finding the correct
tunnel port on receive, TTL and ToS inheritance, ECN handling, etc.
All of these can be done on a per-flow basis in userspace now that
we have both the inner and outer header information, which allows
us to both simplify the kernel and take advantage of userspace's
information. Once tunnel packets are redirected into this code,
the redundant pieces can be removed from other places.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Signed-off-by: Ethan Jackson <ethan@nicira.com>

netdev: New function netdev_get_dpif_port().

In future patches, a netdev's datapath port name may not
necessarily be the same as its device name. This patch prepares for
this by making the distinction in the netdev and dpif layers.

Signed-off-by: Ethan Jackson <ethan@nicira.com>