git.cascardo.info Git - cascardo/ovs.git/log

ofproto-dpif: Store the initial tunnel IP TOS values for later use.

When a packet arrives on an IP tunnel, store the TOS value for later
use. This value will be used in a couple of future commits.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

ofproto-dpif: Make initial packet value handling generic.

For VLAN splinters, an "initial_tci" value was introduced that is passed
around during flow processing to be used later for action translation.
This commit switches to passing around a struct so that additional
values beyond TCI can be used. A future commit will use this.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

ofproto-dpif: Pass around "facet" in flow_push_stats().

The flow_push_stats() function will need other members of the "facet"
structure in a future commit.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

tunneling: Simplify ovs_tnl_send() error handling code.

Following commit slightly improves code readability. It is
also correctness fix as ip_local_out() was storing error
code in err which was not int.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

Tunnel: Cleanup old tunnel infrastructure.

Since userspace flow based tunneling code is checked in, the kernel
port based tunneling code can be removed.

Patch removes following components:
- tunnel ports hash table and moved tunnel ports list to individual
vports.
- Cleaned per tnl-port config.
- OVS_KEY_ATTR_TUN_ID action is removed.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Bug #15078

datapath: Remove CAPWAP tunneling support.

The CAPWAP implementation is just the encapsulation format and
therefore really not the full protocol. While there were some
uses of it (primarily hardware support and UDP transport). But
these are most likely better provided by VXLAN.

Following patch removes CAPWAP tunneling support.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

timeval: Increase accuracy of cached time 4X, from 100 ms to 25 ms.

With CFM and other tunnel monitoring protocols, having a fairly precise
time is good. My measurements don't show this change increasing CPU use.
(In fact it appears to repeatably reduce CPU use slightly, from about
22% to about 20% with 1000 CFM instances, although it's not obvious why.)

Bug #15171.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

timeval: Enable caching the current time even on x86-64.

With CFM enabled on 1000 tunnels, this reduced CPU use from about 30% to
about 22%.

Bug #15171.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ovsdb-idlc: Make no-op writes to write-only columns cheaper.

For 1000 tunnels with CFM enabled, this reduces CPU use from
about 36% to about 30%.

Bug #15171.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

datapath: Fix circular dependency between bug.h and kernel.h.

In Linux 3.4 the definition for BUILD_BUG_ON_NOT_POWER_OF_2 was
moved from kernel.h to bug.h. On various kernels these header
files include each other in various orders (often through a
long chain of other header files), which can create circular
dependency issues. Since we not longer need this definition,
this simply removes the backport.

Reported-by: Palo Andi <andi@dis.uniroma1.it>
Signed-off-by: Jesse Gross <jesse@nicira.com>

ovs-ctl.in: Restore interfaces and ofports for userspace restarts.

When we upgrade from pre-1.9 to 1.10 or later branches, when just
the user space daemons are restarted, with the older kernel module
intact, datapaths are recreated.

This results in loosing the internal interface states like ip addresses,
routing table entries etc. Also, the 'ofport' value of the older interfaces
change.

With this patch we restore the interface states, ofport values etc,
when "ovs-ctl restart" or "/etc/init.d/openvswitch[-switch] restart
--save-flows" is called. The later command is automatically called
when debian packages are installed.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

ovs-ctl.in: Clean up code for the next commit.

Previously, we would null the variables holding the names of the restore
scripts in case there were any errors in creating the restore script or if
we did not need to run a particular restore script. That is not necessary,
as we can just check the execution permission set on those scirpts.

Also, carve out a couple of functions which will be used in the next commit.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

datapath: Increase maximum allocation size of action list.

The switch to flow based tunneling increased the size of each output
action in the flow action list. In extreme cases, this can result
in the action list exceeding the maximum buffer size.
This doubles the maximum buffer size to compensate for the increase
in action size.
Action list is recieved from netlink callback which is allocating
linear-skb, therefore allocating another multi-page buffer would
not increase probability of the allocation-failure a lot.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Bug #15203

Revert "datapath: Increase maximum allocation size of action list."

This reverts commit 649b1c68fdd39316e3bcea21ce5464da614a6691.
This patch introduced bug by calling vfree() from interrupt context.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

netdev-linux: Fix netdev_linux_send() return value in corner case.

A negative 'sock' means there was an error but netdev_linux_send() returns
a positive errno value on error.

Signed-off-by: Ben Pfaff <blp@nicira.com>

nx-match: Correct writing of value and length in set_field_to_ofast()

ofpbuf_put_* may reallocate the underlying buffer of the ofpbuf and
thus writing data after a ofpbuf_put_* call must write to memory
relative to the pointer returned by the call.

Prior to this change the length and trailing value would not be written to
the set_field action if ofpbuf_put_* may reallocated the underlying buffer.

Also make use of ofpbuf_put_zero() to avoid calling memset() directly.

Tested-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif: Handle tunnel config changes in facet_revalidate().

For most of the history of Open vSwitch, one could assume that a
given datapath flow key would consistently translate into the same
userspace struct flow representation.  However, with the switch to
flow based tunneling, we now have a situation where a database
configuration change can cause a datapath flow key's in_port to
correspond to a completely different OpenFlow in_port possibly on a
completely different bridge.  This can cause all sorts of problems,
including traffic black holes due to confused facet revalidations.

To solve the problem, this patch verifies that each facet's
subfacets still result in the appropriate struct flow.  If a facet
fails this test, it is simply removed.

Bug #15213.
Signed-off-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: Ignore subfacet install errors.

When we fail to install a subfacet, there's not much we can do
other than note that it happened.  However, doing this requires us
to maintain a pointer to a subfacet which theoretically could be
destroyed by facet_revalidate() later.  This patch solves the
problem by simply assuming dpif_flow_put() always succeeds.  This
should have no effect on behavior.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: Always maintain subfacet key.

Due to flow based tunneling, we can no longer assume that it's
possible to reconstruct a subfacet's key from its facet's flow.
The flow's in_port may be stale due to tunnel configuration
changes.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

tests: Remove LISP unit test.

LISP doesn't exist yet in Open vSwitch 1.10, so the test fails
(correctly). This removes the test from this release.

Signed-off-by: Jesse Gross <jesse@nicira.com>

tests: Add VXLAN and LISP tunnel tests to the unit test infrastructure.

Signed-off-by: Kyle Mestery <kmestery@cisco.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

ofproto: Create and delete tnl_backers in type_run()

Garbage collect tnl_backers during type_run(). Add new
tnl_backers if a VXLAN port's UDP port changes.

Signed-off-by: Kyle Mestery <kmestery@cisco.com>
Signed-off-by: Ethan Jackson <ethan@nicira.com>

vxlan: Change dpif_backer->tnl backer to a "struct simap"

Move dpif_backer->tnl_backers from a "struct sset" to a
"struct simap". Store odp_port in the new map. This will make it easier to
access the odp_port for future patches.

Signed-off-by: Kyle Mestery <kmestery@cisco.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

dpif-linux: Fix byte-swapping direction in nl_msg_put_u16() call.

OVS_TUNNEL_ATTR_DST_PORT expects a u16, tnl_cfg->dst_port is a be16, so
we want ntohs() instead of htons().

In practice htons() and ntohs() perform the same operation, so this does
not fix a real bug.

Found by sparse.

Signed-off-by: Ben Pfaff <blp@nicira.com>

Modify dpif_linux_port_add() to set the destination port for VXLAN ports.

Signed-off-by: Kyle Mestery <kmestery@cisco.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

vxlan: Update netdev_vport_get_dpif_port() to support VXLAN port names

Modify netdev_vport_get_dpif_port() to return a name for
VXLAN ports which includes the destination UDP port number as a part of the
name.

Signed-off-by: Kyle Mestery <kmestery@cisco.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

vxlan: Add utility functions to the simap data structure.

Add utility functions to the simap structure. These are
used by future patches in this seris. The functions added are.

Signed-off-by: Kyle Mestery <kmestery@cisco.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

in-band: Use "internal" netdev type for local ports.

A bridge's local port always has type "internal", so opening it
with type "system" can't be correct.  This was causing upgrade
problems.  Specifically, in certain bridge topologies, if there was
a manager set force-reload-kmod would fail.  This is because the
local port netdev would open in the in-band code with type
"system", confusing the more important netdev_open() in
iface_create().

Bug #15067.
Signed-off-by: Ethan Jackson <ethan@nicira.com>

vxlan: new draft revision

The VXLAN draft just got updated from -02 to -03, with no major changes.
Update documentation to reflect the change.

Signed-off-by: Lorand Jakab <lojakab@cisco.com>
Acked-by: Kyle Mestery <kmestery@cisco.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

datapath: fix the calculation of checksum for vlan header

In vlan_insert_tag(), we insert a 4-byte VLAN header _after_
mac header:

        memmove(skb->data, skb->data + VLAN_HLEN, 2 * ETH_ALEN);
        ...
        veth->h_vlan_proto = htons(ETH_P_8021Q);
        ...
        veth->h_vlan_TCI = htons(vlan_tci);

so after it, we should recompute the checksum to include these 4 bytes.
skb->data still points to the mac header, therefore VLAN header is at
(2 * ETH_ALEN = 12) bytes after it, not (ETH_HLEN = 14) bytes.

This can also be observed via tcpdump:

         0x0000:  ffff ffff ffff 5254 005d 6f6e 8100 000a
         0x0010:  0806 0001 0800 0604 0001 5254 005d 6f6e
         0x0020:  c0a8 026e 0000 0000 0000 c0a8 0282

Similar for __pop_vlan_tci(), the vlan header we remove is the one
overwritten in:

memmove(skb->data + VLAN_HLEN, skb->data, 2 * ETH_ALEN);

Therefore the VLAN_HLEN = 4 bytes after 2 * ETH_ALEN is the part
we want to sub from checksum.

Cc: David S. Miller <davem@davemloft.net>
Cc: Jesse Gross <jesse@nicira.com>
Signed-off-by: Cong Wang <amwang@redhat.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

datapath: Increase maximum allocation size of action list.

The switch to flow based tunneling increased the size of each output
action in the flow action list.  In extreme cases, this can result
in the action list exceeding the maximum buffer size.

This doubles the maximum buffer size to compensate for the increase
in action size.  In the common case, most allocations will be
less than a page and those uses kmalloc.  Therefore, for the majority
of situations, this will have no impact.

Bug #15203
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

ofproto-dpif: Look at the flow's ofproto when handling flow misses.

When handling flow misses, an attempt is made to group identical packets
together.  Before the single datapath, each OpenFlow port number was
unique, so the flow_equal() function was sufficient to check whether
packets are identical.  With the single datapath, the OpenFlow port
numbers are shared across bridges, so packets that arrive at the same
time and are identical other than their ingress port were being serviced
by the same ofproto instance.  This commit changes the duplicate flow
finding function to take the ofproto into account.

Bug #14934

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

datapath: Fix parsing invalid LLC/SNAP ethertypes

Before this patch, if an LLC/SNAP packet with OUI 00:00:00 had an ethertype
less than 1536 the flow key given to userspace in the upcall would contain the
invalid ethertype (for example, 3). If userspace attempted to insert a kernel
flow for this key it would be rejected by ovs_flow_from_nlattrs.

This patch allows OVS to pass the OFTest pktact.DirectBadLlcPackets.

Signed-off-by: Rich Lane <rlane@bigswitch.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

ofproto-dpif: Receive special packets on patch ports.

Commit 0a740f48293 (ofproto-dpif: Implement patch ports in
userspace.) allowed special packets (i.e. LACP, CFM, etc) to be
sent on patch ports, but not received. This patch implements the
logic required to receive special packets on patch ports.

Bug #15154.
Signed-off-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: Reduce number of get_ofp_port() calls during flow xlate.

Until now the flow translation code has done one get_ofp_port() call
initially to check for special processing, then one for each level of
action processing.  Only one call is actually necessary, though, because
the in_port of a flow doesn't change in ordinary circumstances, and so this
commit eliminates the unnecessary calls.

The one case where the in_port can change is when a packet passes through
a patch port.  The implementation here was buggy anyway: when the patch
port's peer had forwarding disabled by STP, then the code would drop all
ODP actions, even those that were executed before the packet crossed the
patch port.  This commit fixes that case.

With a complicated flow table involving multiple levels of resubmit, this
increases flow setup performance by 2-3%.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

tunnel: set skb mark for IPsec tunnel packets

The new ovs-monitor-ipsec implementation will use skb marks in
IPsec policies. This patch will configure datapath to use these
skb marks for IPsec tunnel packets.

Issue: 14870
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

datapath: use skb_mark for route lookups

If IPsec policy uses skb mark, then we have to do route look up
with skb mark as well.

Issue: 14870
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

ipsec: prepare IPsec for flow based tunneling

This patch removes unused TNL_F_IPSEC flag.

Issue: 14870
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

datapath: Call genlmsg_end in queue_userspace_packet

Without genlmsg_end the upcall message ends (according to nlmsg_len) after the
struct ovs_header.

Signed-off-by: Rich Lane <rlane@bigswitch.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

ofp-msgs: ensure that l2 is set in ofpmp_reserve()

Ensure that the buffer returned by ofpmp_reserve() has buf->l2 set
as this may be required by nxm_reg_load_to_nxast() when generating
the reply to an stats request

This problem was observed when dumping a large number of flows
with set_field actions using ovs-ofctl dump-flows.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Co-authored-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Simon Horman <horms@verge.net.au>

ovs-ctl.in: Don't execute the restore ofport script in some cases.

While upgrading from openvswitch1.10, we need not restore ofports
across force-reload-kmod.

This patch fixes a bug wherein 'force-reload-kmod' command
tried to execute an empty script that did not have '+x' in
file permissions.

Bug #15067
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

stream-unix: Use rundir as root for relative paths.

Until now, "unix:" and "punix:" paths that are not absolute have
been considered relative to the current working directory. It
is more useful to consider them relative to the rundir, so this
commit makes that change to the C and Python implementations of
the stream code.

This commit also relaxes the whitelist check in the bridge code
so that any name that does not contain a "/" is considered OK.

Signed-off-by: Pavithra Ramesh <paramesh@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

tunnel: Treat in_key=0 the same as a missing in_key.

The documented behavior of ovs is that a missing key is the
same as a zero key.  However, the tunneling code actually treated
them differently.  This could cause problems with tunneling modes
such as vxlan which always have a key.  Specifically, a tunnel with
no key configured, would send have to send traffic with a key of
zero.  However, the same tunnel would drop incoming traffic with a
zero key because it was expecting there to be none at all.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

tunnel: Log tunneling changes at INFO level.

These log messages occur infrequently, and are quite useful when
debugging problems after the fact. So they should be logged at
info level which makes them more readily available.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

datapath: Fix ovs_vport_cmd_new return value on success

This bug was introduced in 1fc7083d (datapath: Remove vport MAC address
configuration.)

Signed-off-by: Rich Lane <rlane@bigswitch.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

datapath: Fix ovs_vport_cmd_del return value on success

If the pointer does not represent an error then the PTR_ERR macro may still
return a nonzero value. The fix is the same as in ovs_vport_cmd_set.

Signed-off-by: Rich Lane <rlane@bigswitch.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

Prepare for 1.10.0.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

NEWS: Rearrange announcements related to 1.10 and 1.9.

Suggested-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Justin Pettit <jpettit@nicira.com>

NEWS: Mention experimental support for newer versions of OpenFlow.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

NEWS: Correct some items incorrectly stating they arrived in 1.9.0.

A few items were listed as arriving in 1.9.0, but they actually were new
to 1.10.0.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

FAQ: Add an entry describing the different ways to dump flows.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

python/ovs/db/types: Fix English grammar for enums with one member.

Before this change, enums that have one member were formatted as, e.g.:
"one of xyzzy, , or "
This changes them to be formatted as:
"must be xyzzy"
which makes much more sense.

(An enum with one member may make some sense if you are trying to leave
the possibility for future expansion.)

Signed-off-by: Ben Pfaff <blp@nicira.com>

FAQ: Add question and answer about PPP.

We've had this question a few times lately.

Signed-off-by: Ben Pfaff <blp@nicira.com>

tunneling: Don't send ICMP messages if no tunnel port is found.

Some tunnel code in OVS (for example, CAPWAP) uses the skb->cb to
store information while processing packets.  However, if we don't
find an appropriate tunnel port on receive, then we send an ICMP
port unreachable message, which calls back into the IP stack.  The
stack assumes that skb->cb will still contain valid information
about from the IP layer, including any IP options.  As a result,
icmp_echo_options() can read the garbage values from OVS and
overwrite data on the stack, panicing the machine.

This simply stops sending ICMP messages when ports are not found.
Many people find them confusing and flow based tunneling will
never send them (since it always finds a port) so it solves both
problems at once.

Bug #14880

Reported-by: Deepesh Govindan <dgovindan@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Kyle Mestery <kmestery@cisco.com>

Use is_pow2() function, where possible, instead of IS_POW2 macro.

The IS_POW2 macro is meant for use in contexts where a function call is not
allowed.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

socket-util: Use set_nonblocking() helper function.

There's no reason to inline this when we have a helper for it.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

timeval: Avoid unnecessary integer overflow in time_alarm().

Durations longer than 4294967 seconds would unnecessarily overflow in the
multiplication here.

Found by Coverity.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

worker: Use ovs_retval_to_string() where EOF is a possible return value.

Found by Coverity.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

unixctl: Use ovs_retval_to_string() where EOF is a possible value.

jsonrpc_transact_block() might return EOF so passing its return value to
strerror() isn't general enough.

It might be better to change jsonrpc_transact{_block}() to never return
EOF, since a closed connection seems like it is always an error in that
context.

Found by Coverity.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

netdev-linux: Check return value of set_nonblocking().

It's unlikely to fail but checking it can't hurt.

Found by Coverity.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

process: Check return value of set_nonblocking().

It's unlikely to fail but checking it can't hurt.

Found by Coverity.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

bridge: Rename iface_create() variable to avoid hiding parameter.

This function has a parameter 'ofp_port' and a local variable 'ofp_port',
so rename the local variable to reduce confusion.

Found by Coverity.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ofp-util: Rename ofputil_port_from_string() variable to avoid hiding param.

This function has a parameter 's' and a local variable 's', so rename the
local variable to reduce confusion.

Found by Coverity.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

vlog: New function vlog_set_levels_from_string_assert().

Two of the users of vlog_set_levels_from_string() in the tests could have
silently failed, if their arguments were invalid. This avoids that problem
(and a memory leak).

Found by Coverity.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ofp-parse: Ignore "idle_age" and "hard_age" when parsing a flow string.

It should be possible to feed to output of "ovs-ofctl dump-flows" to
"ovs-ofctl add-flows".  However, some of the metadata needs to be
ignored.  "idle_age" and "hard_age" was recently added to the output of
"ovs-ofctl dump-flows", but they were not ignored like the other
metadata.  This commit ignores them.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

netlink-socket: Don't bother logging SO_RCVBUFFORCE failure as non-root.

Some Open vSwitch utilities can do useful work when they are not run as
root. Without this commit, these utilities will log a warning on failure
to use the SO_RCVBUFFORCE socket option if they open any Netlink sockets.
This will always happen, it does not report anything unexpected or
fixable as non-root, and sometimes it makes users wonder if something is
wrong, so there is no benefit to logging it. This commit drops it in that
case.

Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif: Fix memory leak in port_dump_next().

The caller of port_query_by_name() is responsible for freeing the
ofproto_port that it returns on success, but ofproto-dpif did not do this.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ovs-ctl: Update comment.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Kyle Mestery <kmestery@cisco.com>

ofproto-dpif: Clear revalidation flags only once, not per-ofproto.

Found by inspection.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ovsdb-tool: Fix memory leak on error path in "show-log" implementation.

Found by Coverity.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ovsdb-idl: Fix memory leak on error path.

Found by Coverity.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

meta-flow: Add missing "break" to mf_set_wild().

Found by Coverity.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

meta-flow: Avoid null pointer dereference in mf_format_frag_string().

The 'maskp' parameter to this function can be NULL, but the function
always dereferenced it. This commit fixes the problem.

This commit also fixes the order in which the value and mask were adjusted
to correctly discard 1-bits outside of FLOW_NW_FRAG_MASK.

Found by Coverity.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ovs-ctl: Fix a couple of typos.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

netdev-vport: Build on all platforms.

This patch removes the final bit of linux specific code which
prevents building netdev-vport everywhere. With this, other
platforms automatically get access to patch ports, and (if their
datapath supports it), flow based tunneling.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

tests: Add tunnel unit tests.

This commit adds unit tests which exercise the flow based
tunneling code added in previous patches.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

lib: Switch to flow based tunneling.

With this patch, ovs-vswitchd uses flow based tunneling
exclusively.  I.E. each kind of tunnel shares a single tunnel
backer in the datapath.  Tunnel headers are set by userspace using
the ipv4_tunnel datapath action.  And, the configuration of
individual tunnels is now a userspace responsibility, so
netdev-vport no longer marshals and unmarshals Netlink attributes
for tunnel configuration, instead only storing the configuration
internally.  There are still some significant pieces of work to do,
but the basic building blocks are there to begin testing.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
Co-authored-by: Jesse Gross <jesse@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

tunnel: Userspace implementation of tunnel manipulation.

The kernel tunneling code currently needs to handle a large number
of operations when tunnel packets are encapsulated and
decapsulated. Some examples of this are: finding the correct
tunnel port on receive, TTL and ToS inheritance, ECN handling, etc.
All of these can be done on a per-flow basis in userspace now that
we have both the inner and outer header information, which allows
us to both simplify the kernel and take advantage of userspace's
information. Once tunnel packets are redirected into this code,
the redundant pieces can be removed from other places.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Signed-off-by: Ethan Jackson <ethan@nicira.com>

netdev: New function netdev_get_dpif_port().

In future patches, a netdev's datapath port name may not
necessarily be the same as its device name. This patch prepares for
this by making the distinction in the netdev and dpif layers.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

packets: Create global helper is_ip_any().

Used outside of meta-flow in future patches.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

dpif-netdev: Allow stub interfaces on the dummy datapath.

Future patches will need to add netdevs to the dummy datapath which
can't actually send or receive packets.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: Install drops for flows from invalid in_ports.

Before this patch, if a packet came in on a port which userspace
doesn't know about, it would be silently dropped without installing
a drop flow.  Historically, this has been fine because this
situation could only occur during transient reconfiguration
periods.  However, in future, this could occur when the tunneling
code decides to reject a packet due to invalid headers.  In this
case, it's preferable to drop the packet in the kernel to avoid a
high bandwidth stream of invalid packets DoSing the switch.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: Require an in_port when tracing datapath flows.

All datapath flows should have an in_port, so it doesn't make a lot
of sense to allow omitting it when tracing. If a user wants to
trace a flow which has no in_port, they can use the OpenFlow syntax
which doesn't go through ofproto_receive().

Signed-off-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: Use ofproto_receive() in update_stats().

This removes a bit of duplicate code, and will be necessary to
support future patches.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

route-table: Add route_table_wait() to the stub implementation.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

datapath: Remove kernel patch ports.

Now that userspace implements patch ports completely internally,
it's possible to remove the kernel implementation of them.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Kyle Mestery <kmestery@cisco.com>

datapath: Remove compatibility GRE identifier.

We want to move the GRE vport ID into the upstream range but in
order to ease the transition kept the old ID around for one release.
This removes the old value.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Kyle Mestery <kmestery@cisco.com>

datapath: Remove tunnel configuration sequence number.

When tunnel header caching was in use, it was necessary to detect
configuration changes that would invalidate the cache. This was
done using a sequence number on the configuration. However, now
that header caching has been removed the sequence number is no
longer necessary.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Kyle Mestery <kmestery@cisco.com>

datapath: Remove vport MAC address configuration.

The ability to retrieve and set MAC addresses on vports is only
necessary for tunnel ports (the addresses for actual devices can be
retrieved through direct Linux mechanisms). Tunnel ports only used
the information for the purpose of generating path MTU discovery
packets, which has now been removed. Current userspace code already
reflects these changes, so this drops the functionality from the
kernel.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Kyle Mestery <kmestery@cisco.com>

datapath: Remove tunnel path MTU discovery support.

Path MTU discovery can improve tunnel performance in some cases
but is non-standard and can introduce problems in others. As a
result it has already been deprecated and removed from userspace.
This removes the corresponding kernel support to simplify the
code.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Kyle Mestery <kmestery@cisco.com>

datapath: Remove support for Don't Fragment inheritance.

Inheritance of the Don't Fragment bit in tunnels will not be
supported with flow based tunneling and has already been removed
from userspace. This removes the corresponding kernel support.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Kyle Mestery <kmestery@cisco.com>

FAQ: Add entry describing upgrade order between userspace and kernel.

There will be significant changes for tunneling between 1.9 and 1.10
so this describes how to smoothly upgrade.

Suggested-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

worker: Don't have worker abort when parent dies.

Depending on how forcefully the parent process is killed, the worker
could abort when trying to read or write on their shared socket. This
changes those errors from VLOG_ABORT to VLOG_FATAL so that a core isn't
generated.

Bug #14821

Reported-by: Amey Bhide <abhide@nicira.com>
Signed-off-by: Justin Pettit <jpettit@nicira.com>

datapath: Clear struct ovs_key_ipv4_tunnel padding.

Following patch memset ovs_key_ipv4_tunnel padding area so that
packets from a flow would be mapped to same flow in kernel datapath
flow table.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Bug #14843

ofproto: Maintain "expirable" list for "add" flow_mod with replaced rule.

Commit e503cc199 (ofproto: Optimise OpenFlow flow expiry) optimized
OpenFlow flow expiration by putting expirable flows on a list, but it
failed to remove flows from the list when they were replaced by a new
flow with an OpenFlow flow_mod "add" operation. This commit fixes the
problem.

Found by valgrind.

CC: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto: Properly refresh rule modified time when nothing else changes.

In Open vSwitch, a "modify" or "modify_strict" flow_mod is supposed to
refresh the flow's last-modified time even if nothing else changes, because
this interpretation makes the "learn" action more useful.  As commit
308881afb (ofproto: Reinterpret meaning of OpenFlow hard timeouts with
OFPFC_MODIFY.) notes:

    I finally found a good use for hard timeouts in OpenFlow, but they
    require a slight reinterpretation of the meaning of hard timeouts.
    Until now, a hard timeout meant that a flow would be removed the
    specified number of seconds after a flow was created.  Intervening
    modifications with OFPFC_MODIFY(_STRICT) had no effect on the hard
    timeout; the flow would still be deleted the specified number of
    seconds after its original creation.

    This commit changes the effect of OFPFC_MODIFY(_STRICT).  Now,
    modifying a flow resets its hard timeout counter.  A flow will time out
    the specified number of seconds after creation or after the last time
    it is modified, whichever comes later.

However, commit 080437614b (ofproto: Represent flow cookie changes as
operations too.) broke this behavior because it incorrectly optimized out
"modify" operations that didn't change the flow's actions or flow cookie.
This commit fixes the problem, and adds a test to prevent future
regression.

Thanks to Amar Padmanabhan <amar@nicira.com> for helping to track this
down.

Bug #14841.
Reported-by: Hiroshi Tanaka <htanaka@vmware.com>
CC: Amar Padmanabhan <amar@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

vconn: Initialize 'recv_any_version' member of struct vconn in vconn_init().

This uninitialized data caused failures in the test "ofproto -
eviction upon table overflow (OpenFlow 1.2)" for some developers and in
some circumstances.

Found by valgrind.

Reported-by: Justin Pettit <jpettit@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

linux: Increase accuracy of ingress_policing_rate at low rates

The current method of calculating the ingress policer rate
can lead to inaccuracy if ingress_policing_rate is set to
a smallish values because the rate is divided by 8 first
which causes rounding errors.

Signed-off-by: Thomas Graf <tgraf@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

dpif-linux: Report dropped lost messages at WARN level.

Messages about packets being lost are logged at level WARN, but when
they were generated at a high rate, those consolidated messages were
logged at ERR. This changes to consolidated messages to be logged at
WARN, too.

Thanks to Ben Pfaff for quickly suggesting the culprit.

Bug #14783

Reported-by: James Schmidt <jschmidt@nicira.com>
Signed-off-by: Justin Pettit <jpettit@nicira.com>

rhel: Add OVSREQUIRES to automatically bring up OpenFlow interface dependencies

The use of OpenFlow controllers may require for a subset of
the network (typically the management network intrerface) to be
brought up before the openvswitch service is started.

The newly introduced key "OVSREQUIRES" allows to specify a
list of interfaces that need the be brought up before the
openvswitch service is autostarted. It is also possible to
build a chain of bridge dependencies.

TYPE=OVSBridge
OVSREQURIES="em1"
[...]

A special UPPEDSTACK var that is passed along avoids getting
lost in dependency loops.

Signed-off-by: Thomas Graf <tgraf@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>