openvswitch
14 years agodebian: additional copyright update for xenserver/
Ben Pfaff [Thu, 23 Sep 2010 18:20:10 +0000 (11:20 -0700)]
debian: additional copyright update for xenserver/

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
14 years agodebian: update copyright for xenserver/
Simon Horman [Thu, 23 Sep 2010 01:55:15 +0000 (10:55 +0900)]
debian: update copyright for xenserver/

Further to the recent work done by Ben Pfaff and Ian Campbell to
clarify the license of all the files in xenserver/ the debian/copyright.in
file seems to need updating.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
14 years agoxenserver: Only put the primary XenServer UUID in default bridge-id
Ethan Jackson [Wed, 22 Sep 2010 06:57:13 +0000 (23:57 -0700)]
xenserver: Only put the primary XenServer UUID in default bridge-id

This patch defensively guarantees that the first id in
xs-network-uuids will belong to the primary network (as opposed to
a vlan).  Given that the primary network id comes first, it parses
xs-network-ids and only copies the primary id to bridge-id when
monitor-external-ids is run.

Feature #3647

Signed-off-by: Ethan Jackson <ethan@nicira.com>
Reviewed-by: Ben Pfaff <blp@nicira.com>
14 years agovswitch: Reference ipsec_local_ip and ipsec_psk with underscores
Justin Pettit [Thu, 23 Sep 2010 05:52:04 +0000 (22:52 -0700)]
vswitch: Reference ipsec_local_ip and ipsec_psk with underscores

The GRE-over-IPsec the documentation describes "ipsec-local-ip" and
"ipsec-psk" when they actually use underscores.

14 years agodebian: Add support for GRE-over-IPsec
Justin Pettit [Fri, 17 Sep 2010 02:19:11 +0000 (19:19 -0700)]
debian: Add support for GRE-over-IPsec

The ovs-monitor-ipsec daemon monitors the Interface table for GRE
entries.  If an entry specifies other-config parameters "ipsec-local-ip"
and ("ipsec-psk" or "ipsec-cert"), it will create the appropriate
security associations so that all GRE traffic to the remote host will be
encrypted.  In order for the two GRE tunnels to communicate, both sides
need to be configured for IPsec with appropriate authentication.

Currently, ovs-monitor-ipsec does not support certificate authentication
or ensure that an interface is actually attached to a bridge.  Both of
these issues will be addressed in a forthcoming patch.

NB: While GRE-over-IPsec should work on any system with a relatively
recent racoon and setkey, it has only been tested on Debian.  As such,
only Debian packaging has been provided.

14 years agodebian: Allow automake versions greater than or equal to 1.10
Justin Pettit [Thu, 16 Sep 2010 22:37:16 +0000 (15:37 -0700)]
debian: Allow automake versions greater than or equal to 1.10

14 years agotunneling: Allow disabling tunnel header caching.
Jesse Gross [Mon, 30 Aug 2010 22:34:04 +0000 (15:34 -0700)]
tunneling: Allow disabling tunnel header caching.

Tunnel header caching significantly improves performance by bypassing
much of the transmit path.  However, in some special cases or for
debugging it may be desirable to traverse the entire IP stack.  This
exposes that as an option (default is to enable header caching).

Signed-off-by: Jesse Gross <jesse@nicira.com>
Reviewed-by: Ben Pfaff <blp@nicira.com>
14 years agodatapath: Add tunnel header caching.
Jesse Gross [Fri, 27 Aug 2010 20:55:02 +0000 (13:55 -0700)]
datapath: Add tunnel header caching.

On the transmit path we generate essentially the same tunnel header
for every packet to a given destination.  However, each packet must
have the headers assembled in pieces, lookup the destination in the
routing table, and lookup the flow in OVS.  This avoids that extra
work by caching all of the header and output path information and
only rebuilding it when something actually changes.

This optimization reduces CPU load on transmit by approximately 13%.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Reviewed-by: Ben Pfaff <blp@nicira.com>
14 years agodatapath: Backport workqueue functions.
Jesse Gross [Tue, 31 Aug 2010 22:38:25 +0000 (15:38 -0700)]
datapath: Backport workqueue functions.

An upcoming commit will use some workqueue functions that weren't
available on earlier kernels, so this backports those functions.
The backporting uses timers instead of delayed work queues because
the earlier versions of work queues have some unsafe corner cases.
In addition, this removes some unused work queue backporting code
that is no longer used because it is potentially unsafe.

Note that this commit changes the behavior of work queues: normally
they run in process context but the backported version runs in
softirq context.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Reviewed-by: Ben Pfaff <blp@nicira.com>
14 years agodatapath: Move is_frag out of struct ovs_skb_cb.
Jesse Gross [Sun, 29 Aug 2010 21:28:58 +0000 (14:28 -0700)]
datapath: Move is_frag out of struct ovs_skb_cb.

is_frag is only used for communication between two functions, which
means that it doesn't really need to be in the SKB CB.  This wouldn't
necessarily be a problem except that there are also a number of other
paths that lead to this being uninitialized.  This isn't a problem
now but uninitialized memory seems dangerous and there isn't much
upside.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Reviewed-by: Ben Pfaff <blp@nicira.com>
14 years agodatapath: Enable usage of cached flows.
Jesse Gross [Sun, 29 Aug 2010 17:49:11 +0000 (10:49 -0700)]
datapath: Enable usage of cached flows.

An upcoming commit will add support for supplying cached flows for
packets entering the datapath.  This adds the code in the datapath
itself to recognize these cached flows and use them instead of
extracting the flow fields and doing a lookup.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Reviewed-by: Ben Pfaff <blp@nicira.com>
14 years agodatapath: Add ref counting for flows.
Jesse Gross [Sun, 29 Aug 2010 16:49:51 +0000 (09:49 -0700)]
datapath: Add ref counting for flows.

Currently flows are only used within the confines of one
rcu_read_lock()/rcu_read_unlock() session.  However, with the
addition of header caching we will need to hold references to flows
for longer periods of time.  This adds support for that by adding
refcounts to flows.  RCU is still used for normal packet handling
to avoid a performance impact from constantly updating the refcount.
However, instead of directly freeing the flow after a grace period
we simply decrement the refcount.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Reviewed-by: Ben Pfaff <blp@nicira.com>
14 years agodatapath: Move flow allocation into a function.
Jesse Gross [Tue, 27 Jul 2010 01:46:27 +0000 (18:46 -0700)]
datapath: Move flow allocation into a function.

As the process to allocate a flow becomes more involved it becomes
more cumbersome for the code to be mixed in with the general
datapath so split it out into a new function.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Reviewed-by: Ben Pfaff <blp@nicira.com>
14 years agoxenserver: Now everything is free.
Ben Pfaff [Wed, 22 Sep 2010 20:16:07 +0000 (13:16 -0700)]
xenserver: Now everything is free.

Signed-off-by: Ben Pfaff <blp@nicira.com>
14 years agoxenserver: Add license to uuid.py.
Ben Pfaff [Wed, 22 Sep 2010 17:03:31 +0000 (10:03 -0700)]
xenserver: Add license to uuid.py.

There seemed to be some confusion regarding this file's provenance, so it
is best to clarify.

Signed-off-by: Ben Pfaff <blp@nicira.com>
14 years agoxenserver: Add explicit license to refresh-xs-network-uuids.
Ben Pfaff [Wed, 22 Sep 2010 17:05:29 +0000 (10:05 -0700)]
xenserver: Add explicit license to refresh-xs-network-uuids.

I had assumed that a trivial one-line shell script didn't need an explicit
license, but it seems that I was wrong.

Signed-off-by: Ben Pfaff <blp@nicira.com>
14 years agoxenserver: Change license of xsconsole plugin to GPLv2.
Ben Pfaff [Wed, 22 Sep 2010 16:32:58 +0000 (09:32 -0700)]
xenserver: Change license of xsconsole plugin to GPLv2.

This file was under a proprietary license because it was derived from
proprietary XenServer code.  That upstream code is now under GPLv2, so
change the downstream code to GPLv2 also.

Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
14 years agoxenserver: Add GPLv2 license text.
Ben Pfaff [Wed, 22 Sep 2010 20:14:37 +0000 (13:14 -0700)]
xenserver: Add GPLv2 license text.

xsconsole is being relicensed under GPLv2 so we need to include the text.

It would be more usual to name this file COPYING and to name the LGPLv2.1
that is already named LICENSE as COPYING.LIB, but some of the files pulled
in from XenServer say that their license is in a file named LICENSE.  I
don't expect that Citrix would be willing to change that, so it seems
better to keep LGPLv2.1 named LICENSE.

Signed-off-by: Ben Pfaff <blp@nicira.com>
14 years agoxenserver: Remove LICENSE header that is difficult to keep up to date.
Ben Pfaff [Wed, 22 Sep 2010 16:52:27 +0000 (09:52 -0700)]
xenserver: Remove LICENSE header that is difficult to keep up to date.

I had forgotten that I had added this header.  Let's keep all the
information about licensing in individual files instead.

Signed-off-by: Ben Pfaff <blp@nicira.com>
14 years agoovs-vsctl: Add many more usage examples.
Ben Pfaff [Mon, 20 Sep 2010 18:57:13 +0000 (11:57 -0700)]
ovs-vsctl: Add many more usage examples.

14 years agoovs-vsctl: Allow "get" commands to create @names also.
Ben Pfaff [Mon, 20 Sep 2010 17:56:15 +0000 (10:56 -0700)]
ovs-vsctl: Allow "get" commands to create @names also.

This is useful for adding records that refer to other records by UUID, e.g.
   ovs-vsctl \
     -- set bridge br0 mirrors=@m \
     -- --id=@eth0 get port eth0 \
     -- --id=@eth0 get port eth1 \
     -- --id=@m create mirror name=mymirror select-dst-port=@eth0 \
                              select-src-port=@eth0 output-port=@eth1

14 years agotests: Add 5-second timeout to ovs-vsctl tests.
Ben Pfaff [Tue, 21 Sep 2010 21:27:51 +0000 (14:27 -0700)]
tests: Add 5-second timeout to ovs-vsctl tests.

Otherwise some of the tests may not terminate if something goes wrong.
(Formerly, ovs-vsctl had a default timeout of 5 seconds, so this was not
necessary before.)

14 years agoxenserver: reload sends SIGHUP to monitor-external-ids
Ethan Jackson [Fri, 17 Sep 2010 23:05:04 +0000 (16:05 -0700)]
xenserver: reload sends SIGHUP to monitor-external-ids

When the init script's reload function is called it will send a
SIGHUP to monitor-external-ids.  This will cause
monitor-external-ids to re-generate everything.

Feature #3668.

14 years agoxenserver: monitor-external-ids responds to SIGHUP
Ethan Jackson [Fri, 17 Sep 2010 22:07:02 +0000 (15:07 -0700)]
xenserver: monitor-external-ids responds to SIGHUP

When monitor-external-ids receives a SIGHUP it will forget
everything and run as if it was newly started.

Feature #3668.

14 years agoIndicate that OVS only works with kernels 2.6.18 and greater
Justin Pettit [Tue, 21 Sep 2010 18:58:11 +0000 (11:58 -0700)]
Indicate that OVS only works with kernels 2.6.18 and greater

At one time, we tested against 2.6.15.  This hasn't been done for a long
time, and it almost certainly no longer works.

14 years agodebian: Rename openvswitch-python to python-openvswitch
Sajjad Lateef [Tue, 21 Sep 2010 18:18:26 +0000 (11:18 -0700)]
debian: Rename openvswitch-python to python-openvswitch

Package name changed to be consistent with
Debian Python policy.

The python files are installed in
/usr/share/python-support/python-openvswitch/ovs and
/usr/share/python-support/python-openvswitch/ovs/db

Changed Section to python, per lintian

14 years agodebian: The second argument to m-a should be openvswitch-datapath
Simon Horman [Tue, 21 Sep 2010 03:06:14 +0000 (12:06 +0900)]
debian: The second argument to m-a should be openvswitch-datapath

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
14 years agodebian: Dont fail init if module cant be inserted
Simon Horman [Tue, 21 Sep 2010 03:06:13 +0000 (12:06 +0900)]
debian: Dont fail init if module cant be inserted

The problem here is that the daemon is started/restarted on
package installation, but the module may not be present at that
time and (as far as I know) its bad form to fail the package installation
in that circumstance.

In keeping with the way ipvsadm handles a similar problem,
exit with a non-error exit status if the module can't be inserted.
The loud error message is still displayed.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
14 years agodebian: Add override of non-standard-dir-perm to corekeeper
Simon Horman [Tue, 21 Sep 2010 03:06:12 +0000 (12:06 +0900)]
debian: Add override of non-standard-dir-perm to corekeeper

Remove code to restart openvswitch-switch from its postinst script
as this is automatically added by dh_installinit

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
14 years agopython: timer_wait_until calculated current time incorrectly
Ethan Jackson [Fri, 17 Sep 2010 22:06:17 +0000 (15:06 -0700)]
python: timer_wait_until calculated current time incorrectly

The timer_wait_until function in poller.py was using Time.msec to
figure out the current time.  Unfortunately, Time.msec does not in
exist. Changed to use ovs.timeval.msec .

14 years agodebian: Add openvswitch-python package
Sajjad Lateef [Fri, 17 Sep 2010 21:53:42 +0000 (14:53 -0700)]
debian: Add openvswitch-python package

This installs the Python runtime bindings for
Open vSwitch database into
/usr/share/python-support/openvswitch-python/ovs and
/usr/share/python-support/openvswitch-python/ovs/db

Updated FSF address in copyright file

Minor Whitespace re-formatting

Removed prerm, preinst, postinst files for openvswitch-python

14 years agovswitchd: Document policing implementation and caveats.
Ben Pfaff [Mon, 20 Sep 2010 17:22:19 +0000 (10:22 -0700)]
vswitchd: Document policing implementation and caveats.

With some text from Dan Wendlandt <dan@nicira.com> adapted from
http://openvswitch.org/?page_id=267

CC: Keith Amidon <keith@nicira.com>
14 years agoAvoid shadowing local variable names.
Ben Pfaff [Thu, 2 Sep 2010 17:09:09 +0000 (10:09 -0700)]
Avoid shadowing local variable names.

All of these changes avoid using the same name for two local variables
within a same function.  None of them are actual bugs as far as I can tell,
but any of them could be confusing to the casual reader.

The one in lib/ovsdb-idl.c is particularly brilliant: inner and outer
loops both using (different) variables named 'i'.

Found with GCC -Wshadow.

14 years agoovsdb: Fix bug in "wait" command implementation.
Ben Pfaff [Thu, 2 Sep 2010 17:06:42 +0000 (10:06 -0700)]
ovsdb: Fix bug in "wait" command implementation.

The declaration of "error" that this commit removes shadowed an outer local
declaration of "error", which caused errors detected by this code not to be
propagated up to the outer level.

Found with GCC -Wshadow.

14 years agoxenserver: monitor-external-ids remove redundant ovs-vsctl calls
Ethan Jackson [Fri, 17 Sep 2010 15:23:32 +0000 (08:23 -0700)]
xenserver: monitor-external-ids remove redundant ovs-vsctl calls

The number of ovs-vsctl calls required to add a new vif in
monitor-external-ids grew linearly with the number of vifs in the
system.  Changed to only do O(1) ovs-vsctl calls per vif addition.

14 years agoovs-vsctl: Remove default timeout.
Ben Pfaff [Fri, 17 Sep 2010 21:37:51 +0000 (14:37 -0700)]
ovs-vsctl: Remove default timeout.

On overloaded XenServers the current default timeout of 5 seconds can
occasionally be reached, which causes VM startup to fail.  This commit
fixes the problem by removing the default timeout and changing each
invocation of ovs-vsctl within the tree to specify its own timeout,
if appropriate.

Bug #3573.

14 years agoAUTHORS: Add Alexey I. Froloff as reporter.
Jesse Gross [Fri, 17 Sep 2010 18:47:49 +0000 (11:47 -0700)]
AUTHORS: Add Alexey I. Froloff as reporter.

14 years agodatapath: Remove backported random32().
Jesse Gross [Fri, 17 Sep 2010 18:23:19 +0000 (11:23 -0700)]
datapath: Remove backported random32().

Nothing uses it anymore and it causes problems when backported on
some distributions.  Kernels we support have net_random(), which
is the same thing so there is no reason to have an entire copy of
the random number generator in our source tree.

Reported-by: Alexey I. Froloff <raorn@altlinux.org>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
14 years agodebian: Created a debian equivalent to xen-bugtool
Ethan Jackson [Wed, 15 Sep 2010 08:51:40 +0000 (01:51 -0700)]
debian: Created a debian equivalent to xen-bugtool

ovs-bugtool creates a tarball of useful information which people
can submit with bug reports.  The source is copied from xen-bugtool
with the xen specific removed or changed.

14 years agodebian: Init script should put core dumps in an appropriate place
Ethan Jackson [Wed, 15 Sep 2010 08:51:15 +0000 (01:51 -0700)]
debian: Init script should put core dumps in an appropriate place

Before this commit the init script did not change the cwd of
openvswitch processes it started.  Thus, core files were created in
root directory.  This patch changes the cwd of openvswitch to
a more reasonable location.

14 years agoovsdb-doc: Be less explicit in ovs-vswitchd.conf.db(5).
Ben Pfaff [Wed, 1 Sep 2010 22:12:23 +0000 (15:12 -0700)]
ovsdb-doc: Be less explicit in ovs-vswitchd.conf.db(5).

The documentation doesn't really need to say that a field may be "between
0 and 4294967295 characters long".

This regression was introduced by commit 991559357 "Implement initial
Python bindings for Open vSwitch database."

14 years agoAUTHORS: Add Vivien Bernet-Rollande.
Jesse Gross [Thu, 16 Sep 2010 18:02:15 +0000 (11:02 -0700)]
AUTHORS: Add Vivien Bernet-Rollande.

14 years agobrcompat_mod: Check if user has CAP_NET_ADMIN in ioctl handler
Vivien Bernet-Rollande [Thu, 16 Sep 2010 17:56:55 +0000 (10:56 -0700)]
brcompat_mod: Check if user has CAP_NET_ADMIN in ioctl handler

This patch checks that the user calling ioctl() to create, delete, or
modify bridges has the CAP_NET_ADMIN capability. This prevents
unpriviledged users from modifying the bridge configuration through
brcompatd. The checks are actually the same performed in
net/bridge/br_ioctl.c by the Linux kernel.

Signed-off-by: Vivien Bernet-Rollande <vbr@soprive.net>
Signed-off-by: Jesse Gross <jesse@nicira.com>
14 years agodatapath: Check IS_ERR() in do_execute().
Jesse Gross [Wed, 15 Sep 2010 23:52:48 +0000 (16:52 -0700)]
datapath: Check IS_ERR() in do_execute().

flow_actions_alloc() returns an error code in the form of a pointer
but we checked that the pointer was not NULL, which is always true.
This caused oopses on allocation errors when we would write into
an invalid pointer.

NIC-234

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
14 years agoovs-ofctl, ovs-controller: Disable flow idle timeout by default.
Ben Pfaff [Wed, 15 Sep 2010 22:21:03 +0000 (15:21 -0700)]
ovs-ofctl, ovs-controller: Disable flow idle timeout by default.

Until now, flows set up by ovs-ofctl and by "ovs-controller --with-flows"
by default expired after 60 seconds of inactivity.  This was surprising,
especially in the latter case where one is normally trying to set up
permanent flows.  Even in the former case, however, we can't think of a
good reason that flows added by ovs-ofctl should expire by default.  So
this commit make flows permanent by default.

Reported-by: Michael Mao <mmao@nicira.com>
14 years agoProperly print drop_spoofed_arp actions when decoding OpenFlow and ODP.
Ben Pfaff [Wed, 15 Sep 2010 20:26:08 +0000 (13:26 -0700)]
Properly print drop_spoofed_arp actions when decoding OpenFlow and ODP.

Also fix formatting of unknown Nicira actions in OpenFlow.

14 years agoofp-util: Also accept NXAST_DROP_SPOOFED_ARP.
Ben Pfaff [Wed, 15 Sep 2010 19:47:10 +0000 (12:47 -0700)]
ofp-util: Also accept NXAST_DROP_SPOOFED_ARP.

Reported-by: Bryan Fulton <bryan@nicira.com>
Reported-by: Michael Mao <mmao@nicira.com>
Bug #3655.

14 years agoovsdb-tool: Remove reference to non-implemented "extract-schema" command
Justin Pettit [Wed, 15 Sep 2010 00:57:53 +0000 (17:57 -0700)]
ovsdb-tool: Remove reference to non-implemented "extract-schema" command

While useful sounding, ovsdb-tool does not actually implement a command
called "extract-schema".

14 years agovswitchd: Remove duplicate "external_id" from Interface table
Justin Pettit [Tue, 14 Sep 2010 22:10:46 +0000 (15:10 -0700)]
vswitchd: Remove duplicate "external_id" from Interface table

14 years agodatapath: Increase maximum number of actions per flow.
Ben Pfaff [Tue, 14 Sep 2010 20:32:36 +0000 (13:32 -0700)]
datapath: Increase maximum number of actions per flow.

Until now the number of actions in a flow has been limited to what fits in
a page.  Each action is 8 bytes, and on 32-bit architectures there is a
12-byte header, so with 4-kB pages that limits flows to 510 actions.  We
and Citrix have noticed that OVS stops working properly after about 509
VIFs are added to a bridge.  According to log messages this is the reason:
at this point it is no longer possible to flood a packet to all ports.

This commit should help, by increasing the maximum number of actions in a
flow.  In the long term, though, we should adopt use of port groups or
otherwise reduce the number of actions needed to flood a packet.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Bug #3573.
NIC-234.

14 years agodatapath: Increase default MTU on patch ports
Justin Pettit [Tue, 14 Sep 2010 15:36:55 +0000 (08:36 -0700)]
datapath: Increase default MTU on patch ports

The default MTU on patch ports was 1500, which would cause jumbo frames
to get dropped between the ends of the patch.  It also dropped the MTU
of attached bridges to no more that 1500 bytes.  This patch increases
the default MTU to 65535.  Long term, we should eliminate MTU on patch
ports entirely.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
14 years agoREPORTING-BUGS: Rewrite based on experience.
Ben Pfaff [Mon, 13 Sep 2010 16:16:29 +0000 (09:16 -0700)]
REPORTING-BUGS: Rewrite based on experience.

Burying the description of the problem, which is usually the most important
part in my experience, at the bottom of the REPORTING-BUGS file might be
the reason why we don't get good descriptions sometimes.  It is certainly
not the reason in other cases, but we might as well prioritize a bit
better.

14 years agoRelease Open vSwitch 1.1.0pre2
Justin Pettit [Tue, 14 Sep 2010 04:55:56 +0000 (21:55 -0700)]
Release Open vSwitch 1.1.0pre2

14 years agoxenserver: Don't delete pidfile when stopping monitor-external-ids
Justin Pettit [Fri, 10 Sep 2010 21:32:41 +0000 (14:32 -0700)]
xenserver: Don't delete pidfile when stopping monitor-external-ids

It's not necessary to explicitly delete the pidfile when stopping
monitor-external-ids through the init script, since the daemon will take
care of that.

14 years agoxenserver: Don't monitor external-ids until XAPI is up
Justin Pettit [Fri, 10 Sep 2010 21:20:49 +0000 (14:20 -0700)]
xenserver: Don't monitor external-ids until XAPI is up

monitor-external-ids can't complete all its tasks until XAPI is up.  The
daemon is usually started before XAPI, so it can miss events.  This
commit causes the daemon to block until XAPI is finished initializing.

14 years agovswitchd: Add some references for the HTB classifier to the documentation.
Ben Pfaff [Fri, 10 Sep 2010 16:57:01 +0000 (09:57 -0700)]
vswitchd: Add some references for the HTB classifier to the documentation.

14 years agoovs-ofctl: Add support for drop_spoofed_arp action.
Ben Pfaff [Fri, 10 Sep 2010 16:17:29 +0000 (09:17 -0700)]
ovs-ofctl: Add support for drop_spoofed_arp action.

Requested-by: Michael Mao <mmao@nicira.com>
14 years agodatapath: Check for backported __wsum and __sum16.
Jesse Gross [Wed, 8 Sep 2010 17:04:47 +0000 (10:04 -0700)]
datapath: Check for backported __wsum and __sum16.

Reported-by: Alexey I. Froloff <raorn@altlinux.org>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
14 years agodebian: Generate authorship in debian/copyright from AUTHORS.
Ben Pfaff [Wed, 1 Sep 2010 17:50:49 +0000 (10:50 -0700)]
debian: Generate authorship in debian/copyright from AUTHORS.

14 years agoRename "xs-vif-mac" external_ids key to "attached-mac", for generality.
Ben Pfaff [Wed, 1 Sep 2010 23:49:19 +0000 (16:49 -0700)]
Rename "xs-vif-mac" external_ids key to "attached-mac", for generality.

This can be useful on systems other than XenServer so there is no reason
to make it looks XenServer-specific.

CC: Jeremy Stribling <strib@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
14 years agoofproto: Get enough headroom in fail-open when connected to controller.
Ben Pfaff [Wed, 1 Sep 2010 17:17:40 +0000 (10:17 -0700)]
ofproto: Get enough headroom in fail-open when connected to controller.

Since commit 750638bb "ofproto: Avoid ofpbuf_clone() for OFPAT_CONTROLLER
common case," send_packet_in() needs at least DPIF_RECV_MSG_PADDING bytes
of headroom, which ofpbuf_clone() doesn't supply.  This commit should fix
that.

This fixes an assertion failure in ofpbuf_prealloc_headroom() via
send_packet_in().

Reported-by: Justin Pettit <jpettit@nicira.com>
14 years agoofpbuf: Add ofpbuf_new_with_headroom(), ofpbuf_clone_with_headroom().
Ben Pfaff [Wed, 1 Sep 2010 19:55:38 +0000 (12:55 -0700)]
ofpbuf: Add ofpbuf_new_with_headroom(), ofpbuf_clone_with_headroom().

These new functions simplify an increasingly common usage pattern.

Suggested-by: Jesse Gross <jesse@nicira.com>
14 years agonetflow: Send multiple records for byte counts > UINT32_MAX
Justin Pettit [Wed, 1 Sep 2010 01:41:32 +0000 (18:41 -0700)]
netflow: Send multiple records for byte counts > UINT32_MAX

When a NetFlow record is to be sent for a flow that had more than 2^32
bytes, we used to set the byte count to UINT32_MAX.  With this change,
we will send out multiple records to account for all the traffic.

14 years agoXenServer builds barf on hyphens in versions.
Justin Pettit [Wed, 1 Sep 2010 09:26:06 +0000 (02:26 -0700)]
XenServer builds barf on hyphens in versions.

14 years agoRelease Open vSwitch 1.1.0-pre1
Justin Pettit [Tue, 31 Aug 2010 21:16:14 +0000 (14:16 -0700)]
Release Open vSwitch 1.1.0-pre1

14 years agodatapath: Include net/udp.h in vport-capwap.c
Simon Horman [Tue, 31 Aug 2010 02:47:28 +0000 (11:47 +0900)]
datapath: Include net/udp.h in vport-capwap.c

net/udp.h is currently included indirectly via linux/ipv6.h which is
in turn included indirectly via linux/ip.h.  However, this breaks down
if CONFIG_IPV6 is not set, leading to a number of build errors.

Signed-off-by: Simon Horman <horms@verge.net.au>
[Jesse: shortened commit message]
Signed-off-by: Jesse Gross <jesse@nicira.com>
14 years agoDebian: Add Joe Perches to debian/copyright
Simon Horman [Tue, 31 Aug 2010 01:13:55 +0000 (10:13 +0900)]
Debian: Add Joe Perches to debian/copyright

This syncs debian/copyright with the AUTHORS file.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Jesse Gross <jesse@nicira.com>
14 years agodatapath: Include linux/version.h in action.h for LINUX_VERSION
Simon Horman [Mon, 30 Aug 2010 07:33:17 +0000 (16:33 +0900)]
datapath: Include linux/version.h in action.h for LINUX_VERSION

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Jesse Gross <jesse@nicira.com>
14 years agoAUTHORS: Add Joe Perches.
Jesse Gross [Mon, 30 Aug 2010 17:51:41 +0000 (10:51 -0700)]
AUTHORS: Add Joe Perches.

Signed-off-by: Jesse Gross <jesse@nicira.com>
14 years agotreewide: Use pr_fmt and pr_<level>
Joe Perches [Mon, 30 Aug 2010 07:24:54 +0000 (00:24 -0700)]
treewide: Use pr_fmt and pr_<level>

Signed-off-by: Joe Perches <joe@perches.com>
Acked-by: Simon Horman <horms@verge.net.au>
[Jesse: Added missing pr_fmt in vport-gre.c and dp_sysfs_dp.c]
Signed-off-by: Jesse Gross <jesse@nicira.com>
14 years agodatapath: Add compat functions for pr_*.
Jesse Gross [Mon, 30 Aug 2010 17:56:49 +0000 (10:56 -0700)]
datapath: Add compat functions for pr_*.

In the earliest kernels that we support this family of macros
wasn't defined at all.  Later they were defined but did not include
the module name.  Finally, pr_warn was made a synonym for pr_warning.
This harmonizes the behavior across all kernels.

Signed-off-by: Jesse Gross <jesse@nicira.com>
14 years agotreewide: Remove trailing whitespace
Joe Perches [Mon, 30 Aug 2010 07:24:53 +0000 (00:24 -0700)]
treewide: Remove trailing whitespace

Signed-off-by: Joe Perches <joe@perches.com>
Acked-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Jesse Gross <jesse@nicira.com>
14 years agoINSTALL.Linux: Don't discourage building Debian packages.
Ben Pfaff [Mon, 30 Aug 2010 17:08:06 +0000 (10:08 -0700)]
INSTALL.Linux: Don't discourage building Debian packages.

For a while the Debian packages were not well maintained or regularly used,
but we at Nicira use them all the time now.  We now aim to have them
accepted into Debian downstream, so we should at least not discourage
users from trying them out.

Signed-off-by: Ben Pfaff <blp@nicira.com>
14 years agoRemove openvswitch-switch-config package.
Ben Pfaff [Mon, 30 Aug 2010 17:03:46 +0000 (10:03 -0700)]
Remove openvswitch-switch-config package.

This package was never used by many users, has not worked properly for a
while, and causes lintian warnings, so remove it.

CC: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
14 years agoDebian: openswitch-dbg should depend on the packages it has debugging symbols for
Simon Horman [Mon, 30 Aug 2010 07:32:38 +0000 (16:32 +0900)]
Debian: openswitch-dbg should depend on the packages it has debugging symbols for

See: http://lintian.debian.org/tags/dbg-package-missing-depends.html

Signed-off-by: Simon Horman <horms@verge.net.au>
14 years agoDebian: Add Homepage
Simon Horman [Mon, 30 Aug 2010 07:32:17 +0000 (16:32 +0900)]
Debian: Add Homepage

Signed-off-by: Simon Horman <horms@verge.net.au>
14 years agostream-ssl: Use OPENSSL_free() to free memory from X509_NAME_oneline().
Ben Pfaff [Fri, 27 Aug 2010 20:30:31 +0000 (13:30 -0700)]
stream-ssl: Use OPENSSL_free() to free memory from X509_NAME_oneline().

Reported-by: Tsvi Slonim <tsvi@toroki.com>
14 years agodatapath: Avoid accesses past the end of skbuff data in actions.
Ben Pfaff [Fri, 13 Aug 2010 17:46:12 +0000 (10:46 -0700)]
datapath: Avoid accesses past the end of skbuff data in actions.

Some of the flow actions that modify skbuff data did not check that the
skbuff was long enough before doing so.  This commit fixes that problem.

Previously, the strategy for avoiding this was to only indicate the layer-3
nw_proto field in the flow if the corresponding layer-4 header was fully
present, so that if, for example, nw_proto was IPPROTO_TCP, this meant
that a TCP header was present.  The original motivation for this patch was
to add corresponding code to only indicate a layer-2 dl_type if the
corresponding layer-3 header was fully present.  But I'm now convinced that
this approach is conceptually wrong, because the meaning of a layer-N
header should not be affected by the meaning of a layer-(N+1) header.

This commit switches to a new approach.  Now, when a header is missing, its
fields in the flow are simply zeroed and have no effect on the "type" field
for the outer header.  Responsibility for ensuring that a header is fully
present is now shifted to the actions that wish to modify that header.

Signed-off-by: Ben Pfaff <blp@nicira.com>
14 years agodatapath: Fix default value of skb transport_header.
Ben Pfaff [Fri, 27 Aug 2010 19:41:00 +0000 (12:41 -0700)]
datapath: Fix default value of skb transport_header.

This commit started out as simply better documenting flow_extract(),
but then I realized that nothing cares about transport_header in the
non-IP case, so don't bother with it at all.

Signed-off-by: Ben Pfaff <blp@nicira.com>
14 years agodatapath: Avoid pskb_may_pull() checks where not needed.
Ben Pfaff [Thu, 12 Aug 2010 22:37:47 +0000 (15:37 -0700)]
datapath: Avoid pskb_may_pull() checks where not needed.

These calls to pskb_may_pull() can be reduced to checks on skb->len because
in these contexts those headers will already have been pulled into the
skb linear area if it is there at all.

Signed-off-by: Ben Pfaff <blp@nicira.com>
14 years agodatapath: Report memory allocation errors in flow_extract().
Ben Pfaff [Fri, 27 Aug 2010 19:32:05 +0000 (12:32 -0700)]
datapath: Report memory allocation errors in flow_extract().

Until now flow_extract() has simply returned a bogus flow when memory
allocation errors occurred.  This fixes the problem by propagating the
error to the caller.

Signed-off-by: Ben Pfaff <blp@nicira.com>
14 years agolearning-switch: Ignore "packet_in"s caused by OFPP_CONTROLLER actions.
Ben Pfaff [Tue, 10 Aug 2010 18:23:02 +0000 (11:23 -0700)]
learning-switch: Ignore "packet_in"s caused by OFPP_CONTROLLER actions.

It seems best to ignore "packet_in"s caused by OFPP_CONTROLLER actions in
learning-switch, since someone might be experimenting and it's best not
to interfere with that.

14 years agoofproto: Avoid ofpbuf_clone() for OFPAT_CONTROLLER common case.
Ben Pfaff [Tue, 10 Aug 2010 18:05:01 +0000 (11:05 -0700)]
ofproto: Avoid ofpbuf_clone() for OFPAT_CONTROLLER common case.

This additionally optimizes the common case of the first packet of a flow
that consists only of an OFPAT_CONTROLLER action, by avoiding an
ofpbuf_clone() call along that path.

14 years agoofproto: Avoid user->kernel->user round-trip for many controller actions.
Ben Pfaff [Wed, 4 Aug 2010 21:08:26 +0000 (14:08 -0700)]
ofproto: Avoid user->kernel->user round-trip for many controller actions.

When an OpenFlow flow says to send packets to the controller, until now
ofproto has executed that using dpif_execute(), which passes the packet up
to the kernel.  The kernel queues the packet into its "action" queue, and
then later ofproto pulls the packet back down from the kernel and sends it
to the controller.

However, this is unnecessary.  Open vSwitch can just recognize in advance
that it will get the packet back and handle it directly, skipping the round
trip.  This commit implements this optimization.

This generally affects only the first packet in a flow, since generally the
rest come directly down from the kernel.  It only optimizes the "easy" case
where the first action in a flow is to send the packet to the controller,
since this seems to be the common case in the flows that I'm looking at
now.

14 years agoxenserver: Finish renaming system-level external_ids.
Ben Pfaff [Thu, 26 Aug 2010 20:57:11 +0000 (13:57 -0700)]
xenserver: Finish renaming system-level external_ids.

vswitch.xml was updated to describe system-id and xs-system-uuid but the
implementation of this update was incomplete.

CC: Justin Pettit <jpettit@nicira.com>
CC: Jeremy Stribling <strib@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
14 years agoconfigure: Enable OpenSSL support by default.
Ben Pfaff [Fri, 20 Aug 2010 18:26:03 +0000 (11:26 -0700)]
configure: Enable OpenSSL support by default.

Years ago some users had broken OpenSSL libraries that didn't actually
work, so we disabled OpenSSL by default.  By now, I hope that those users
have fixed their systems.

14 years agodpif-netdev: Expand tabs.
Ben Pfaff [Tue, 24 Aug 2010 23:00:46 +0000 (16:00 -0700)]
dpif-netdev: Expand tabs.

14 years agoAdd Nicira extension to OpenFlow for dropping spoofed ARP packets.
Ben Pfaff [Tue, 24 Aug 2010 23:00:27 +0000 (16:00 -0700)]
Add Nicira extension to OpenFlow for dropping spoofed ARP packets.

"ARP spoofing" is when a host claims an incorrect association between an
IP address and a MAC address for deceptive purposes.  OpenFlow by itself
can prevent a host from sending out ARP replies from an incorrect MAC
address in the Ethernet L2 header, but it cannot control the MAC addresses
inside the ARP L3 packet.  This commit adds a new action that can be used
to drop these spoofed packets.

CC: Paul Ingram <paul@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
14 years agovswitchd: Fix 100% CPU usage with bonds and --fake-proc-net.
Ben Pfaff [Thu, 26 Aug 2010 16:56:25 +0000 (09:56 -0700)]
vswitchd: Fix 100% CPU usage with bonds and --fake-proc-net.

The current date in milliseconds since the epoch is ~1,282,841,552,000,
which is greater than LONG_MAX of 4,294,967,295 on 32-bit systems, so
no matter what was stored into bond_next_fake_iface_update, it would always
appear to be expired.  It really needs to be a 64-bit number.  (This was
just a typo really.)

Since XenServer 5.5 requires --fake-proc-net, this probably fixes an
important bug there.

Reported-by: Luiz Henrique Ozaki <luiz.ozaki@gmail.com>
14 years agoxenserver: Add type-checking to monitor-external-ids script.
Ben Pfaff [Thu, 26 Aug 2010 16:39:54 +0000 (09:39 -0700)]
xenserver: Add type-checking to monitor-external-ids script.

Signed-off-by: Ben Pfaff <blp@nicira.com>
14 years agoxenserver: Block until change in poll loop to avoid 100% CPU consumption.
Ben Pfaff [Thu, 26 Aug 2010 16:38:52 +0000 (09:38 -0700)]
xenserver: Block until change in poll loop to avoid 100% CPU consumption.

Signed-off-by: Ben Pfaff <blp@nicira.com>
14 years agovswitchd: Fix "updelay" configuration for bonds.
Ben Pfaff [Thu, 26 Aug 2010 17:06:36 +0000 (10:06 -0700)]
vswitchd: Fix "updelay" configuration for bonds.

Reported-by: Michael Mao <mmao@nicira.com>
Bug #3521.

14 years agodatapath: Free up flow_extract() return value for reporting errors.
Ben Pfaff [Thu, 12 Aug 2010 22:12:28 +0000 (15:12 -0700)]
datapath: Free up flow_extract() return value for reporting errors.

flow_extract() can fail due to memory allocation errors in pskb_may_pull().
Currently it doesn't return those properly, instead just reporting a bogus
flow to the caller.  But its return value is currently in use for reporting
whether the packet was an IPv4 fragment.  This commit switches to reporting
that in the skb itself so that the return value can be reused to report
errors.

Signed-off-by: Ben Pfaff <blp@nicira.com>
14 years agodatapath: Remove skb->len >= ETH_HLEN check from flow_extract().
Ben Pfaff [Fri, 13 Aug 2010 17:47:44 +0000 (10:47 -0700)]
datapath: Remove skb->len >= ETH_HLEN check from flow_extract().

The callers ensure that this is already the case.

Signed-off-by: Ben Pfaff <blp@nicira.com>
14 years agodatapath: Use 'bool' instead of 'int' where appropriate.
Ben Pfaff [Fri, 13 Aug 2010 17:18:28 +0000 (10:18 -0700)]
datapath: Use 'bool' instead of 'int' where appropriate.

'bool' is better modern kernel style.

Signed-off-by: Ben Pfaff <blp@nicira.com>
14 years agodatapath: Use min() instead of open-coding it.
Ben Pfaff [Fri, 13 Aug 2010 16:43:04 +0000 (09:43 -0700)]
datapath: Use min() instead of open-coding it.

Signed-off-by: Ben Pfaff <blp@nicira.com>
14 years agoxenserver: Add monitor-external-ids daemon
Justin Pettit [Tue, 24 Aug 2010 21:50:06 +0000 (14:50 -0700)]
xenserver: Add monitor-external-ids daemon

The monitor-external-ids daemon monitors the external_ids columns of the
Bridge and Interface OVSDB tables.  Its primary responsibility is to
set the "bridge-id" and "iface-id" keys in the Bridge and Interface
tables, respectively.  It also looks for the use of "network-uuids" in
the Bridge table and duplicates its value to the preferred
"xs-network-uuids".

Signed-off-by: Justin Pettit <jpettit@nicira.com>
14 years agoxenserver: Prepend XenServer external ids with "xs-"
Justin Pettit [Mon, 9 Aug 2010 22:07:32 +0000 (15:07 -0700)]
xenserver: Prepend XenServer external ids with "xs-"

Signed-off-by: Justin Pettit <jpettit@nicira.com>
14 years agoxenserver: Report the system type and version as external ids
Justin Pettit [Thu, 5 Aug 2010 01:52:17 +0000 (18:52 -0700)]
xenserver: Report the system type and version as external ids

The configuration schema defines the system-type and system-version
external-ids for the Open_vSwitch table.  This commit adds support for
reporting them on XenServer.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
14 years agovswitch: Break out XenServer-specific external ids
Justin Pettit [Wed, 4 Aug 2010 06:00:04 +0000 (23:00 -0700)]
vswitch: Break out XenServer-specific external ids

As we move to new platforms, not all external identifiers will be
universally unique, but the "-uuid" suffix seemingly prevents their use.
Create new identifiers without the "-uuid" suffix.  Change the existing
XenServer-specific external identifiers to contain a "xs-" prefix.  This
also allows a XenServer integrator to define identifiers different from
the XenServer UUIDs, but still leave them in the config database to be
used by other programs.