git.cascardo.info Git - cascardo/ovs.git/log

Prevent test failures when there are non Ethernet devices on the system.

When there are PtP TUN devices on the system or SIT devices, tests will fail
because of a warning that it was not possible to get their Ethernet addresses.
That call comes from the route code adding tunnel ports.

Make that warning an informational message and filter that out during tests.

Also, return EINVAL when trying to get those interface Ethernet addresses, which
will prevent them from being added to the tunnel ports pool and will properly
fail in other places as well.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

xenserver: Add ovsdb_port variable to xapi configuration update plugin.

The hardcoded ovsdb port causes problems when hooking up xenserver to
different SDN stacks. Changing this to a variable at the start of the
script makes it easier to update this when needed (using chef/puppet/etc)

Signed-off-by: Sten Spans <sten@blinkenlights.nl>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ovsdb-idl: Add support for change tracking.

Ovsdb-idl notifies a client that something changed; it does not track
which table, row changed in what way (insert, modify or delete).
As a result, a client has to scan or reconfigure the entire idl after
ovsdb_idl_run(). This is presumably fine for typical ovs schemas where
tables are relatively small. In use-cases where ovsdb is used with
schemas that can have very large tables, the current ovsdb-idl
notification mechanism does not appear to scale - clients need to do a
lot of processing to determine the exact change delta.

This change adds support for:
- Table and row based change sequence numbers to record the
   most recent IDL change sequence numbers associated with insert,
   modify or delete update on that table or row.
- Change tracking of specific columns. This ensures that changed
   rows (inserted, modified, deleted) that have tracked columns, are
   tracked by IDL. The client can directly access the changed rows
   with get_first, get_next operations without the need to scan the
   entire table.
   The tracking functionality is not enabled by default and needs to
   be turned on per-column by the client after ovsdb_idl_create()
   and before ovsdb_idl_run().

     /* Example Usage */

     idl = ovsdb_idl_create(...);

     /* Track specific columns */
     ovsdb_idl_track_add_column(idl, column);
     /* Or, track all columns */
     ovsdb_idl_track_add_all(idl);

     for (;;) {
         ovsdb_idl_run(idl);
         seqno = ovsdb_idl_get_seqno(idl);

         /* Process only the changed rows in Table FOO */
         FOO_FOR_EACH_TRACKED(row, idl) {
             /* Determine the type of change from the row seqnos */
             if (foo_row_get_seqno(row, OVSDB_IDL_CHANGE_DELETE)
                    >= seqno)) {
                 printf("row deleted\n");
             } else if (foo_row_get_seqno(row, OVSDB_IDL_CHANGE_MODIFY)
                           >= seqno))
                 printf("row modified\n");
             } else if (foo_row_get_seqno(row, OVSDB_IDL_CHANGE_INSERT)
                           >= seqno))
                 printf("row inserted\n");
             }
         }

         /* All changes processed - clear the change track */
         ovsdb_idl_track_clear(idl);
    }

Signed-off-by: Shad Ansari <shad.ansari@hp.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ovsdb-idl: Support for readonly columns that are fetched on-demand

There is currently no mechanism in IDL to fetch specific column values
on-demand without having to register them for monitoring. In the case
where the column represent a frequently changing entity (e.g. counter),
and the reads are relatively infrequent (e.g. CLI client), there is a
significant overhead in replication.

This patch adds support in the Python IDL to register a subset of the
columns of a table as "readonly". Readonly columns are not replicated.
Users may "fetch" the readonly columns of a row on-demand. Once fetched,
the columns are not updated until the next fetch by the user. Writes by
the user to readonly columns does not change the value (both locally or
on the server).

The two main user visible changes in this patch are:
  - The SchemaHelper.register_columns() method now takes an optionaly
    argument to specify the subset of readonly column(s)
  - A new Row.fetch(columns) method to fetch values of readonly columns(s)

Usage:
------

    # Schema file includes all columns, including readonly
    schema_helper = ovs.db.idl.SchemaHelper(schema_file)

    # Register interest in columns with 'r' and 's' as readonly
    schema_helper.register_columns("simple", [i, r, s], [r, s])

    # Create Idl and jsonrpc, and wait for update, as usual
    ...

    # Fetch value of column 'r' for a specific row
    row.fetch('r')
    txn.commit_block()

    print row.r
    print getattr(row, 'r')

    # Writing to readonly column has no effect (locally or on server)
    row.r = 3
    print row.r     # prints fetched value not 3

Signed-off-by: Shad Ansari <shad.ansari@hp.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ofproto: Check actions also for packet outs and traces.

Make the packet out and trace processing perform the same actions
checks as flow mod processing does.

This used to be the case before, but at some point these have diverged
to perform different combinations of checks.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

utilities/ovs-ofctl: Fix meter requests.

Meter requests should use dump/stats transaction, instead of
transact_noreply, which caused the output to go to stderr and an error
exit.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

AUTHORS: Update email address.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Ben Pfaff <blp@ovn.org>

AUTHORS: Update Andy Zhou's email address.

Signed-off-by: Andy Zhou <azhou@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Acked-by: Russell Bryant <russell@ovn.org>

AUTHORS: Update email address.

Signed-off-by: Jarno Rajahalme <jarno@ovn.org>

HW VTEP Schema: update Tunnel table definition

vtep/vtep.xml : Tunnel table definitions were reviewed against
latest OVS schema.
Relevant changes taken into HW VTEP schema.
XML formatting of Tunnel table corrected

Signed-off-by: Ariel Tubaltsev <tubaltzev@gmail.com>
Acked-by: Bruce Davie <bdavie@vmware.com>
Signed-off-by: Russell Bryant <russell@ovn.org>

netdev-dpdk: assume dpdkr peer can be multi-producer/consumer

Although netdev does explicit locking, it is only valid from the ovs
perspective, then only the ring ends used by ovs should be declared as
single producer/consumer.
The other ends that are used by the application should be declared as
multiple producer/consumer that is the most general case.

Signed-off-by: Mauricio Vasquez B <mauricio.vasquezbernal@studenti.polito.it>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>

vlog: Fix a deadlock bug.

Calling VLOG_FATAL() while holding the 'log_file_mutex" may lead to
deadlock since VLOG_FATAL() implementation tries to acquire the
same lock. Fix this by building the error message first, then
call VLOG_FATAL() after the 'log_file_mutex' has been released.

This bug is not likely show up in practice since chown() usually
won't fail. It is still better to have a correct implementation.

Reported-by: Daniele Di Proietto <ddiproietto@vmware.com>
Signed-off-by: Andy Zhou <azhou@ovn.org>
Acked-by: Daniele Di Proietto <ddiproietto@vmware.com>

Merge pull request #89 from zhouyaguo/master

FAQ.md: Fix typo

FAQ.md: Fix typo

typo in FAQ.md: ovs-vcstl

Signed-off-by: Yaguo Zhou <zhouyaguo@unionpay.com>

Add Docker integration for OVN.

Docker multi-host networking is now part of
Docker 1.9.

This commit adds two drivers for OVN integration
with Docker. The first driver is a pure overlay driver
that does not need OpenStack integration. The second driver
needs OVN+OpenStack.

The description of the Docker API exists here:
https://github.com/docker/libnetwork/blob/master/docs/remote.md

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@ovn.org>

vlog: fix clang warnings

Make sure clang does not complain about accessing ovs_log_file
outside of log_file_mutex protection.

Signed-off-by: Andy Zhou <azhou@nicira.com>

ovn-tutorial: Use github instead of relative links.

All of these links when viewing OVN-Tutorial on github, but most of
these links didn't work when viewing OVN-Tutorial.md.html in dist-docs.
Use full github links so that they always work (as long as you have
internet access).

Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-By: Kyle Mestery <mestery@mestery.com>

vlog: Only compile vlog_change_owner on Unix platform

uid_t and gid_t are not defined for Windows platform.

Signed-off-by: Andy Zhou <azhou@nicira.com>

lib: allow group access to Unix domain sockets

By default, Unix domain sockets are created with file system permission
mode of 0700. This means that only processes that runs under the same
user can access this socket.

For OVS, it may be more convenient to control access at the group
level rather than at the user level, since other processes need to
access OVSDB and UNIXCTL sockets while running under different users.

This patch changes Unix domain sockets' file system permission to 0770,
to grant group access.

It has not been an issue in the past since OVS, until very recently,
had to run as root. If a process needed to access OVSDB or UNIXCTL
sockets, it had to be a root process as well.

With the added --user option to OVS daemons and this change, system
administrators can deploy OVS more securely: OVS daemons can run as
a non root user. Various processes that need to talk to OVS does not
have to run as root process anymore.

Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ansis Atteka <aatteka@nicira.com>

vlog: change log file owner when switching user

vlog log file can be created when parsing --log-file option, before
switching user, in case the --user option is also specified. While this
does not directly cause errors for the running daemons, it can
leave the log files on the disk as created under the "root" user.
This patch fix the log file ownership to the user specified with --user.

Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ansis Atteka <aatteka@nicira.com>

lib: simplify daemon_become_new_user__()

A global variable 'switch_user' was used to make sure
we switch process's current user only once. This logic is now
simplified by testing for uid directly; if switch process has
taken place, the current uid will be not be zero.

Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ansis Atteka <aatteka@nicira.com>

system-traffic: Add resubmit conntrack test.

This tests that resubmits return as expected when conntrack is used
with recirculation to another table.

Signed-off-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Joe Stringer <joestringer@nicira.com>

ofproto-dpif-xlate: Don't stop processing after ct.

If conntrack recirculates, it should not stop processing the current
pipeline. The cloned packet will begin processing in the table specified
with the current metadata and action set; The current copy of the packet
will continue processing, including to return back to prior resubmit()
calls.

Reported-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

dist-docs: Fix text and HTML manpage generation with some groff versions.

Some versions of groff use termcap sequences for bold, italic, etc. by
default. The dist-docs script doesn't cope with those; it expects
sequences based on backspacing and overprinting. This commit fixes the
problem by setting an environment variable GROFF_NO_SGR that forces groff
to use backspacing.

Found on Fedora.

Reported-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Russell Bryant <rbryant@redhat.com>

ovs-ofctl.8: Improve description of dec_ttl action.

Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

ovs-thread: Fix memory leak in thread exit.

'n' is the number of keys, which are grouped into blocks of L2_SIZE
indexes. Even if only one key in a block is allocated, the whole block has
a pointer to it that must be freed. Thus, we need to round up instead of
down.

Reported-at: https://github.com/openvswitch/ovs/pull/87
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

tunneling: extend tnl_match with ipv6

[cascardo: use IPv4-mapped IPv6 addresses]

Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Co-authored-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

tnl-arp-cache: Include tnl-arp-cache.h as first header.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

tnl-arp-cache: fix log error when using tnl/arp/set with IPv6

lookup_ip will emit an error when used with an IPv6 address, like below.

2015-10-20T18:48:22.357Z|00036|socket_util|ERR|"2001:cafe::92" is not a valid IP address

Verify if address looks like IPv6 before giving it to either lookup_ip or
lookup_ipv6.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

lib: add ipv6 helper functions for tnl_config

These functions will be used by the next patches.

Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

ovn-northd: Support pinging logical router ports.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

vswitchd: Allow modifying ICMP type and code.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>

packets: Add support for modifying ICMP type and code.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>

ovn: Change printed stage names.

The stage names were getting long and throwing off the formatting when
dumping the logical flows.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

ovn: Use "ip.ttl--" instead of "ip4.ttl--".

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

ovn-sb: Fix "ip.ttl--" lower limit description.

To decrement the IP TTL, the existing TTL can't be less than two. The
field is not bit-maskable, though, so "ip.ttl < 2" will not work.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

ovn-northd.8: Correct description of sending out inport.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

AUTHORS: Update my email address.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>

TODO.md: Remove old item.

The patchwork instance has been recreated, so this doesn't point any
place valid.

Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Russell Bryant <rbryant@redhat.com>
Acked-by: Ben Pfaff <blp@ovn.org>

AUTHORS: Update Justin Pettit's email address.

Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Russell Bryant <rbryant@redhat.com>
Acked-by: Ben Pfaff <blp@ovn.org>

INSTALL.DPDK: Mention issue with QEMU v2.4.0 & dpdkvhostuser

Currently when using QEMU v2.4.0+, two (or more) dpdkvhostuser ports cannot
be unbound from the kernel driver in the guest without causing the
ovs-vswitchd process to crash. Document this limitation and potential
workarounds.

Signed-off-by: Ciara Loftus <ciara.loftus@intel.com>
Acked-by: Acked-by: Daniele Di Proietto <diproiettod@vmware.com>

upcall: Check for recirc_id in ukey_create_from_dpif_flow()

Filter out not only flows with recirculation actions, but also flows
with non-zero recirculation id in flow key when creating ukeys from
datapath flows, as such flows also depend on the recirculation
context, which have been lost after a restart.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>

ofp-actions: Fix conntrack action usable_protocols handling.

Restrictions from embedded actions should be folded in rather than
discarded.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>

upcall: Eliminate dead code.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>

tests: Strip more variable output from conntrack output.

'conntrack' output format varies depending on the system
configuration, i.e., conntrack accounting or timestamping is enabled.
Modify the FORMAT_CT() macro to hide these differences.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>

ovn-tutorial: Add a section on ACLs.

Add a section that gives a quick introduction to applying ACLs. It
discusses how the ACLs are translated into OVN logical flows. It doesn't
get down to the OpenFlow level because that's not supported in
ovs-sandbox yet. Instead, it provides a reference to an OpenStack
related blog post that talks about how OVN ACLs are used there and gives
examples of the resulting OpenFlow flows.

In theory, once we have a userspace conntrack implementation available,
we'll be able to provide better suppot for it in ovs-sandbox.

Signed-off-by: Russell Bryant <rbryant@redhat.com>
Acked-by: Kyle Mestery <mestery@mestery.com>

ofp-parse: Fix parsing, formatting of multiple fields in NTR extension.

Until now, the only way to specify multiple fields in the "fields"
parameter for the Netronome groups extension, was to specify "fields"
more than once, e.g. fields=eth_dst,fields=ip_dst

However, this wasn't documented and the code in ofp-print didn't use it,
generating output that couldn't be parsed.

This commit fixes the situation by introducing a more straightforward
syntax, e.g. fields(eth_dst,ip_dst), documents it, and adjusts ofp-print
code to use it when there is more than one field (it retains the previous
format for backward compatibility when there is exactly one field)

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Simon Horman <simon.horman@netronome.com>

dpctl: Fix jump through wild pointer in "dpctl/help".

dpctl_unixctl_handler() didn't fully initialize the dpctl_params structure
it passed to the handler, which meant that dpctl_help() could see a nonnull
(indeterminate) 'usage' pointer and jump through it, causes a crash.
This commit fixes the crash by fully initializing the structure.

The dpctl/help command wasn't going to do anything useful anyway, so this
commit also stops registering it.

Reported-by: Murali R <muralirdev@gmail.com>
Reported-at: http://openvswitch.org/pipermail/discuss/2015-October/019135.html
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>

tests: add documentation for OVS_WAIT_UNTIL and OVS_WAIT_WHILE macros

It is very easy to misuse these macros, because when the COMMAND
returns exit code "0" it is actually considered as if condition
evaluated to "true" and not "false" as some might think.

This patch ensures that this is clearly reflected in documentation.

Acked-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Ansis Atteka <aatteka@nicira.com>

ovn-northd: Fix table ID in a comment.

This changed from 2 to 3 when ACLs got implemented, as it turned out
ACLs needed two tables (1 and 2).

While we're at it, do a bit of OCD formatting cleanup by fixing the
alignment of '\' at the end of each line in the logical flow table
defininitions.

Signed-off-by: Russell Bryant <rbryant@redhat.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ovn: Remove duplicate versions from schemas.

Since commit 5935835968c9d36ffe306863f0c8079d3b670e2a, the OVN nb and sb
schema definitions have included duplicate version entries. In the nb
case, the version has since been updated to 2.0.0, but only in one
place. Remove the duplicate version entries that were at the bottom of
the files.

Signed-off-by: Russell Bryant <rbryant@redhat.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ovn: Fix check on existing encap row.

This code does some checking to validate the existing encaps for a
chassis to see if they need to be updated. This typo resulted in
ovn-controller re-creating its encap(s) every time this code ran, making
ovn-controller and ovsdb-server eat up a CPU in my testing.

Signed-off-by: Russell Bryant <rbryant@redhat.com>
Acked-by: Ben Pfaff <blp@nicira.com>

datapath-windows: STT - Offload inner checksum calculation

Offload the inner checksum computation to NDIS in OvsDecapStt function.

Signed-off-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

bfd: improve ovs-vswitchd.conf.db(5) manpage

Use the wording from RFC 5880 to describe the "diagnostic" and
"remote_diagnostic" fields.

Reported-by: Justin Pettit <jpettit@nicira.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

datapath-windows: Report correctly when trying to add tunnel types

Report invalid parameter to the userspace if the user tries to add a vport
tunnel type which is not supported by the kernel extension.

Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath-windows: Updating an External Adapter causes flow lookup failure

This patch fixes an issue with updating the propeties of an external
adapter in Windows. The issue causes flow lookups to fail until the
kernel is reinstalled.

Reported-at: https://github.com/openvswitch/ovs-issues/issues/102
Signed-off-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

debian: place kernel module to satisfy depmod search.

On Ubuntu depmod's search priority is configured in /etc/depmod to be
updates and then the kernel built-in directory.
$ cat /etc/depmod.d/ubuntu.conf
search updates ubuntu built-in

Thus change the placement of openvswitch.ko under updates/ not kernel/updates.

Acked-by: Ansis Atteka <aatteka@nicira.com>
Signed-off-by: Saurabh Mohan <saurabh@cplanenetworks.com>

travis: Update target kernel list.

Update the kernel list to sync with stable kernels from kernel.org

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>

test: Make test independent of the recirc_id

Commit 8ae8176fd0d8ed919e3301cc961dcf02b65ff49d (tests: Make test
independent of the hash function) improves the test "ofprot-dpif
- balance-tcp bonding, different recirc flow" to not dependent on
the values of dp-hash, but it still depends on the value of recirc_id,
which can be a different value based on runs, specifically, it depends
which one of the two bonds allocates recirc id first.

Since both dp_hash and recirc_id values are runtime dependent,
consolidate the masking scripts into ofctl_strip.

Bug-report: http://openvswitch.org/pipermail/discuss/2015-October/019269.html
Reported-by: Gerhrd Stenzel <gstenzel@linux.vnet.ibm.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

AUTHORS: use actual address for emaste@freebsd.org

Signed-off-by: Ed Maste <emaste@freebsd.org>
Signed-off-by: Russell Bryant <rbryant@redhat.com>

INSTALL.DPDK.md: Fix small documentation error in ovs with DPDK installation

The openvswitch directory does not exist anymore, boot.sh and configure are
located at $(OVS_DIR).

Signed-off-by: Mauricio Vasquez B <mauricio.vasquezbernal@studenti.polito.it>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>

datapath-windows: STT - Enable support for TCP Segmentation offloads

Add support to STT - Encap and Decap functions to reassemble the packet
fragments. Also add support to offload the packet to NDIS.

Signed-off-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

datapath-windows: STT - Add support for TCP Segmentation Offload

Create and initialize the background thread and buffer that
assists in defragmenting and completing a TSO packet.

Signed-off-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

datapath-windows: Move OvsAllocateNBLFromBuffer to BufferMgmt

Move the functionality around creating an NBL from Buffer to
Buffermanagement. This function will be used for converting the buffer
from user-space to NBL and also by STT - reassembly logic.

Signed-off-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

Revert "datapath-windows: Support attribute OVS_KEY_ATTR_TCP_FLAGS"

This reverts commit a26b2023ce33fed1ef962012dc2c03765d2e92cb.

This patch punishes performance without the implementation of
megaflows on Windows.

Once megaflows is implemented in the flow logic this patch will be
revisited.

Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

tests: Enable debugging in pyftpdlib.

Helps diagnosing problems.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>

odp-util: Fix CT action formating.

Comma was missing after "label" attribute.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>

datapath-windows: Support attribute OVS_KEY_ATTR_TCP_FLAGS

This patch adds OVS_KEY_ATTR_TCP_FLAGS to our flow mechanism.

Also clean unecesarry parts of code.

Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Co-authored-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Signed-off-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

bfd: always export remote_state and remote_diagnostic to OVSDB

RFC 5880 specified bfd.RemoteSessionState as one of the state
variables. In OVS implementation, this value is exported to OVSDB's
BFD status column of the interface table, as one of the map elements,
with the key of 'remote_state'.

It can be surprising when the 'remote_state' map element disappears
when BFD is in the 'DOWN' state, but otherwise always exported.
Change to always exporting it, to make it more predictable for
applications that monitors the BFD status column.

While at it, make the same change to 'remote_diagnostic', so that it
is also always exported to OVSDB for consistency.

VMWare-BZ: 1535979
Reported-by: Mihir Gangar <gangarm@vmware.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

ofproto-dpif-xlate: Fix small typo.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>

ovn-nbctl: Fix memory leak in option processing.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>

test-ovn: Fix memory leak in option processing.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>

ovsdb: Fix outdated comment for function description.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>

ovsdb: Destroy allocated hmap.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>

ovsdb-server: Destroy allocated shash.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>

tnl-ports: Free "ip_dev" on error.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>

vtep-ctl: Exit if database connection fails.

Before this commit vtep-ctl hung forever if it didn't manage to reach
the database.

This caused the testcase "ovn -- 3 HVs, 1 VIFs/HV, 1 GW, 1 LS" to hang
occasionally, because ovsdb-server could be killed before ovs-vtep
called vtep-ctl.

This mimics the behaviour of ovs-vsctl, ovn-nbctl and ovn-sbctl.

Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

ovn-northd: Fix memory leak in ARP reply flows.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

netdev-dpdk: Clean-up after vHost User port delete

Unregister and delete the socket associated with a vhost-user
port when the port is deleted and/or the switch is brought down.
Do not delete the socket if the vhost-user device is still attached
to the guest.

Signed-off-by: Ciara Loftus <ciara.loftus@intel.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>

netdev-dpdk: Fix comment about vhost cuse/user vswitchd arguments

Signed-off-by: Ciara Loftus <ciara.loftus@intel.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>

ovn-northd: Fix memory leak in logical router flow generation.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>

datapath-windows: fix NULL check in OvsGetExtInfoIoctl()

End result is that "mac_in_use" column gets populated in
OVSDB for internal and external NICs.

Signed-off-by: Nithin Raju <nithin@vmware.com>
Acked-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

ovn: Reduce range of ACL priorities.

To implement stateful ACLs, we've needed to reserve multiple logical
flow priorities in the ACL table. Rather than continue to have a
strange range of ACL priorities, we'll make ACL priority range 0 to
32767 and then offset them by 1000 when inserting them into the logical
flow table.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ovs-ofctl: Fix OpenFlow versions with '--bundle'

While the presence of the '--bundle' option implicitly added the
OpenFlow 1.4 to the allowed protocols, it failed to remove OpenFlow
1.0 from the allowed protocols. This is changed so that '--bundle'
option now also implicitly removes versions lesser than 1.4 from the
allowed protocols. This has no behavioral difference when ovs-ofctl
is paired with OVS that supports OpenFlow 1.4, as the greatest common
version is negotiated, but prevents negotiation of OpenFlow 1.0 when
OVS does not support OpenFlow 1.4.

Found by inspection.

Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: YAMAMOTO Takashi <yamamoto@midokura.com>

ovs-ofctl: Fix replace-flows.

The replace-flows test cases tested for incorrect
behavior due to the missing initialization of the out_group member of
struct ofputil_flow_stats_request. This patch fixes this by properly
initializing out_group to OFPG_ANY.

Note that replace-flows still does not support multiple tables, but
that will be fixed in a later patch in the series.

Reported-by: YAMAMOTO Takashi <yamamoto@midokura.com>
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: YAMAMOTO Takashi <yamamoto@midokura.com>

ovn: Support multiple router ports per logical switch.

This allows multiple subnets to be routed directly to a logical switch.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

ovn: Add test for logical router ARP replies.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

physical: Fix implementation of logical patch ports.

Logical patch ports do not have a physical location and effectively reside
on every hypervisor.  This is fine for unicast output to logical patch
ports.  However, when a logical patch port is part of a logical multicast
group, lumping them together with the other "local" ports in a multicast
group yields packet duplication, because every hypervisor to which the
packet is tunneled re-outputs it to the logical patch port.

This commit fixes the problem, by treating logical patch ports as remote
rather than local when they are part of a logical multicast group.  This
yields exactly-once semantics.

Found while testing implementation of ARP in OVN logical router.  The
following commit adds a test that fails without this fix.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

ovn: Implement the ability to send a packet back out its input port.

Otherwise logical router ARP replies won't work as implemented.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

logical-fields: New header for logical field assignments.

The original concept for "expr" and "actions" was that they should not need
to know anything about the mapping between physical and logical fields,
that instead everything should be provided via the symbol table.  In
practice this has proven difficult because a couple of actions need to know
about logical fields.  For now, it seems reasonable to put the logical
field mapping into a header of its own.  Later, maybe we'll figure out
whether there's value in a less leaky abstraction.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

packets: Make ip_parse_masked() pickier about formatting.

It's happened a couple of times now that I've entered a typoed IP address,
e.g. "192.168.0.0$x", and ip_parse_masked() or its predecessor has accepted
it anyway, and it's been hard to track down the real problem. This change
makes the parser pickier, by disallowing trailing garbage.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

ovn: Implement basic logical L3 routing.

This implements basic logical L3 routing.  It has a lot of caveats,
including the following regarding testing:

   * Only single-router hops have been tested.  Chains or trees of
     logical routers may work but definitely need testing and may
     need a little extra code.

   * No testing of logical router ARP replies.

   * Not enough testing in general.

ovn/TODO describes a lot of other caveats in terms of the work needed
to fix them.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

ovn-northd: Add stages for logical routers.

Until now, ovn-northd has only set up flows for logical switches. With the
arrival of logical routers, it needs to set up flows for them too. The
stages within logical routers are completely different from those for
logical switches, so this prepares for that by adding logic for identifying
those stages.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

packets: New function ip_parse_masked().

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

ovn-nb: Add "enabled" column to Logical_Router_Port.

This is just for symmetry with Logical_Port, since it seems that if users
want to be able to disable switch ports they might want to disable router
ports as well.

There is no "up" column because a logical router port doesn't have the same
concept.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

ovn-nb: Change how router ports work.

This is for two reasons.  First, a router port is not really much of a
special case from a logical switch's point of view.  For switching
purposes, it works exactly the same as any other port.  Having a special
column for it just adds artificial special cases.

Second, the previous form of router ports specified that all of them use
the logical port name "ROUTER".  This seemed to make sense at the time but
now it is just adding more special cases.  Instead just giving them names
like any other port makes life easier.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

ovn-nb.xml: Reorganize documentation for Logical_Port table.

This uses the column grouping feature and the ability to document an
individual key within a column to better, in my opinion, organize the
documentation for the Logical_Port table.

This will make it easier to document a new port type that a future commit
will add.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

ovn-nb: Add support for IP+MAC binding pairs in Port_Binding 'address'.

When a logical router can statically obtain the IP+MAC pairs for its
attached logical switches, it can avoid expensive ARP resolution.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

ovn-nb: Rename Port_Bindings 'macs' column to 'addresses'.

In an upcoming commit this column will also support IP+MAC pairs.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>

ovn-nb: Extend schema to support networks of routers.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>