Ben Pfaff [Fri, 13 Mar 2009 21:03:54 +0000 (14:03 -0700)]
dpif: Make dpif_port_group_get() work. (It was never tested until now.)
Ben Pfaff [Fri, 13 Mar 2009 20:17:01 +0000 (13:17 -0700)]
secchan: Validate subrules before attempting to dereference their super-rules.
rule_make_actions() is supposed to compose the datapath actions for an
exact-match rule, and to do so it needs to look up the super-rule (if the
rule is a subrule). The "super" pointer might be set to UNKNOWN_SUPER,
though, and before this commit that would cause a segfault.
This commit modifies the callers of rule_make_actions() to ensure that
the rule passed in can never have a "super" of UNKNOWN_SUPER. In most
cases, this was already impossible (e.g. we're passing in a new rule that
we just added to the table), but in two cases where the rule was obtained
from a bare classifier lookup we needed to validate the rule before
attempting to use it.
Fixes a crash reported by Keith.
Ben Pfaff [Fri, 13 Mar 2009 18:14:28 +0000 (11:14 -0700)]
secchan: Remove unused function ofproto_set_actions().
Justin Pettit [Fri, 13 Mar 2009 00:32:33 +0000 (17:32 -0700)]
Don't send mgmt OpenFlow messages if mgmt_rconn isn't set.
In some circumstances we try to send a configuration update to the
controller, regardless of whether we're actually connected. This fixes
that and warns if others try to do similar things.
Ben Pfaff [Fri, 13 Mar 2009 00:22:38 +0000 (17:22 -0700)]
debian: Fix confusion between dp0 and of0.
Earlier, 'nl:0' was changed to read 'dp0' in the Debian init script, but
this didn't take into account that this would also change the name of the
"local port" for the datapath from 'of0' to 'dp0'.
The "cleanest" fix would probably be to change all the instances of of0
to dp0, but this would also require changing the names of files in the
file system (e.g. /etc/openflow-switch/of0-cert.pem), so it's easier to
just change the dp0 instances to of0. Thanks to Reid for suggesting this
simpler fix.
Fixes bug #1056.
Ben Pfaff [Thu, 12 Mar 2009 21:45:36 +0000 (14:45 -0700)]
secchan: Treat invalid table IDs in stats requests as requests for no flows.
Before, we treated invalid table IDs as requests for any flows in the table
at all, but it makes more sense to treat them as requests for no flows at
all. (The value 0xff is explicitly defined by OpenFlow to mean "all
tables".)
Ben Pfaff [Thu, 12 Mar 2009 21:38:50 +0000 (14:38 -0700)]
debian: Remove obsolete --monitor support from switch init script.
Ben Pfaff [Thu, 12 Mar 2009 21:38:00 +0000 (14:38 -0700)]
Update documentation and fix up a few related inconsistencies in the code.
Justin Pettit [Thu, 12 Mar 2009 20:44:49 +0000 (13:44 -0700)]
Add retired Nicira entension types.
Old Nicira extension types must be kept around to prevent problems when
mixing and matching versions of the switch.
Ben Pfaff [Thu, 12 Mar 2009 17:17:44 +0000 (10:17 -0700)]
vswitchd: Use datapath ID format instead of MAC format for management ID.
A datapath ID is 12 hex digits: XXXXXXXXXXXX.
A MAC address is 12 delimited hex digits: XX:XX:XX:XX:XX:XX.
Discussed with Justin.
Ben Pfaff [Thu, 12 Mar 2009 17:14:25 +0000 (10:14 -0700)]
vswitchd: Improve formatting of manpage.
Ben Pfaff [Thu, 12 Mar 2009 17:04:25 +0000 (10:04 -0700)]
secchan: Remove unused variable.
Ben Pfaff [Thu, 12 Mar 2009 17:04:00 +0000 (10:04 -0700)]
cfg: Make 'cfg_cookie' static.
There is use of a variable of the same name in vswitchd/mgmt.c, but that
one is static so it's OK to make this one static too.
Ben Pfaff [Thu, 12 Mar 2009 17:00:35 +0000 (10:00 -0700)]
cfg: Write "# This file intentionally left blank.\n" to empty config file.
It's somewhat surprising to see an empty config file--it makes folks wonder
if something went wrong. If we write a comment, it is more reassuring.
The main part of the change is refactoring. This may be going a bit
overboard, but it should make the code more obvious and easier to
maintain, I hope.
Ben Pfaff [Thu, 12 Mar 2009 17:01:07 +0000 (10:01 -0700)]
svec: Add new argument to svec_join().
Ben Pfaff [Thu, 12 Mar 2009 16:36:58 +0000 (09:36 -0700)]
cfg: Write correct data when retrying a partial write, in cfg_write_data().
Justin Pettit [Thu, 12 Mar 2009 02:03:42 +0000 (19:03 -0700)]
Allow ignoring "mgmt.controller" settings per bridge.
By setting the "bridge.<name>.controller" key to an empty value, it is
now possible to perform local switching, while allowing the rest of
vswitchd to be remotely controlled.
Justin Pettit [Thu, 12 Mar 2009 01:41:12 +0000 (18:41 -0700)]
Indicate that SSL configuration is global in vswitchd.
The vconn-ssl library only supports global settings for keys and other
SSL configuration. Make vswitchd.conf mgmt use "ssl." instead of
"mgmt.ssl." to relect that the settings are shared with the bridges.
Justin Pettit [Thu, 12 Mar 2009 01:24:19 +0000 (18:24 -0700)]
Fix copy/paste naming issue.
Ben Pfaff [Thu, 12 Mar 2009 00:19:49 +0000 (17:19 -0700)]
Make sure that the .man include files get into "make dist" output.
Justin Pettit [Thu, 12 Mar 2009 00:09:21 +0000 (17:09 -0700)]
Various fixes for SSL configruation and mgmt id generation.
To configure SSL options in vswitchd, one now uses the "mgmt.ssl" key
prefix. This commit also fixes a problem where a management id would
change part way through the startup. Also, documents how to configure
mgmt in vswitch.conf.
Ben Pfaff [Thu, 12 Mar 2009 00:07:56 +0000 (17:07 -0700)]
secchan: Update documentation.
Ben Pfaff [Thu, 12 Mar 2009 00:10:42 +0000 (17:10 -0700)]
secchan: Drop configuration file support.
Configuration file support was added to secchan specifically to allow
vswitchd to change the set of NetFlow collectors at runtime without killing
and restarting secchan. secchan is integrated into vswitchd, so vswitchd
can now do this through a function call instead of through a configuration
file. This means that we can kill off the secchan configuration file
and add back the --netflow option that it replaced.
Also, add a --mgmt-id option to supplant the other use for the
configuration file that had appeared in the meantime.
Ben Pfaff [Tue, 10 Mar 2009 23:14:26 +0000 (16:14 -0700)]
dpctl: Update manpage.
Ben Pfaff [Wed, 11 Mar 2009 23:22:03 +0000 (16:22 -0700)]
Make manpages come out better in PostScript format.
For some reason, "man -Tps" outputs a blank page at the beginning, at
least on my system, if there is a blank line between .ds and .TH. This
fixes it.
Ben Pfaff [Wed, 11 Mar 2009 23:22:53 +0000 (16:22 -0700)]
dpctl: Remove nl: special case that no longer makes sense.
It looks like this was always broken anyway, since the "name" that was
computed was never used.
Keith Amidon [Wed, 11 Mar 2009 22:28:10 +0000 (15:28 -0700)]
Update Xen init scripts & default config for changes to config file handling.
Ben Pfaff [Wed, 11 Mar 2009 22:38:22 +0000 (15:38 -0700)]
vswitch: Don't delete all flows on SIGHUP if a controller is configured.
This was intended to only take effect when we had been running standalone
and were now connecting to a controller, but the test was reversed.
Instead of just reversing the test, this change also deletes flows when
we switch from connected to standalone as well.
Ben Pfaff [Wed, 11 Mar 2009 21:43:53 +0000 (14:43 -0700)]
cfg: Fix cfg_unlock() to remove the lockfile unconditionally.
Calling remove_lockfile() does the wrong thing here, because it only
removes stale lockfiles. Here, the lockfile is not stale, because we know
that we own it. Therefore, we can remove it unconditionally.
Ben Pfaff [Wed, 11 Mar 2009 21:34:23 +0000 (14:34 -0700)]
cfg: Make lock_fd, dirty static.
These aren't used elsewhere, so there is no reason for them to be extern.
Ben Pfaff [Wed, 11 Mar 2009 21:32:50 +0000 (14:32 -0700)]
dpif: More consistently initialize dpifs in failure cases.
Ben Pfaff [Wed, 11 Mar 2009 21:32:24 +0000 (14:32 -0700)]
dpif: Fix fd leak in dpif_create().
Ben Pfaff [Wed, 11 Mar 2009 21:33:32 +0000 (14:33 -0700)]
lockfile: Fix inverted comparison.
remove_lockfile() returns a negative errno value on error, 0 on success.
Minor style fix also.
Ben Pfaff [Wed, 11 Mar 2009 21:24:39 +0000 (14:24 -0700)]
lockfile: Remove fd parameter to remove_lockfile().
There is no reason that remove_lockfile() should close a fd passed in to
it. The caller can do that just as well.
Ben Pfaff [Wed, 11 Mar 2009 21:23:15 +0000 (14:23 -0700)]
cfg: Initialize lock_fd to -1.
Otherwise cfg_unlock() will close stdin on the first call. Since
create_lockfile() calls remove_lockfile() as its first action, that's
on every useful execution.
Keith Amidon [Wed, 11 Mar 2009 20:27:28 +0000 (13:27 -0700)]
Fix 64-bit alignment issue in management protocol message.
Keith Amidon [Wed, 4 Mar 2009 23:35:59 +0000 (15:35 -0800)]
Example configuration in comments in the configuration files.
Ben Pfaff [Wed, 11 Mar 2009 20:43:47 +0000 (13:43 -0700)]
vswitch: Disallow bridges named "dpN" or "nl:N".
Natasha discovered that naming a datapath numerically, e.g.
"bridge.dp0.port = <device>", provokes an error. The easiest fix is to
just disallow this.
Fixes bug #1030.
Ben Pfaff [Wed, 11 Mar 2009 20:41:36 +0000 (13:41 -0700)]
secchan: Don't infinite-loop in switch_status_destroy().
Duh.
Ben Pfaff [Wed, 11 Mar 2009 20:41:15 +0000 (13:41 -0700)]
datapath: Always return EFAULT to userspace when copy_to/from_user() fails.
copy_from_user() and copy_to_user() return the number of bytes that could
not be copied, not a conventional error code, so we need to translate it
into -EFAULT ourselves.
Ben Pfaff [Wed, 11 Mar 2009 18:13:01 +0000 (11:13 -0700)]
datapath: Refuse module load if an active bridge exists.
Loading when an active bridge exists will cause an OOPS as soon as any
packet is received on a bridged interface, because the datapath will
attempt to interpret the bridge's "struct net_bridge_port" as a datapath
"struct net_bridge_port", which is completely wrong.
Ben Pfaff [Wed, 11 Mar 2009 18:08:14 +0000 (11:08 -0700)]
datapath: End load-time greeting message with new-line.
Justin Pettit [Wed, 11 Mar 2009 07:49:18 +0000 (00:49 -0700)]
Fix help output that indicated multiple config files can be read.
Justin Pettit [Wed, 11 Mar 2009 06:59:36 +0000 (23:59 -0700)]
First cut of management control protocol.
Defines a management control protocol between the switch and NOX.
Currently, this is only used by vswitchd. It allows the configuration
and monitoring of a switch as a whole, as opposed to the flow table view
provided by OpenFlow. To enable, add the appropriate "mgmt" keys to
"vswitchd.conf". Better docs will be forthcoming...
Justin Pettit [Wed, 11 Mar 2009 06:48:50 +0000 (23:48 -0700)]
Ignore vim swap files.
Ben Pfaff [Wed, 11 Mar 2009 00:01:52 +0000 (17:01 -0700)]
vswitch: Choose the datapath ID more intelligently.
The new algorithm needs to be documented (along with a lot of new vswitch
settings).
Ben Pfaff [Wed, 11 Mar 2009 00:01:16 +0000 (17:01 -0700)]
cfg: Add ability to parse datapath IDs.
Ben Pfaff [Tue, 10 Mar 2009 23:37:43 +0000 (16:37 -0700)]
cfg: Fix collision between CFG_VLAN and CFG_REQUIRED.
Ben Pfaff [Tue, 10 Mar 2009 23:14:11 +0000 (16:14 -0700)]
dpctl: New command "get-name", for symmetry with "get-idx".
The utility of both commands is now seriously in question, however, since
all dpctl commands now accept both names and numbers.
Ben Pfaff [Tue, 10 Mar 2009 23:13:35 +0000 (16:13 -0700)]
dpctl: Allow initial set of interfaces to be specified on "adddp" command.
Commands such as e.g. "dpctl adddp dp0 eth0 eth1 eth2" are now accepted.
Ben Pfaff [Tue, 10 Mar 2009 23:58:06 +0000 (16:58 -0700)]
vswitch: Fix sense of comparison.
We only want to reconnect if the controller is *different*, not if it
is the same.
Ben Pfaff [Tue, 10 Mar 2009 23:54:00 +0000 (16:54 -0700)]
secchan: In ofproto_set_controller(), only reconnect if controller really changed.
The vswitchd bridge code tries not to call this function if it doesn't
have to, but it's not doing a good job. We should fix it in vswitchd, but
it's also a good idea to do it here.
Ben Pfaff [Tue, 10 Mar 2009 22:23:14 +0000 (15:23 -0700)]
dpctl: Accept port names (e.g. "NORMAL") on in_port in flow specifications.
Ben Pfaff [Tue, 10 Mar 2009 22:15:06 +0000 (15:15 -0700)]
ofp-print: Make flow statistics and actions slightly easier to read.
Ben Pfaff [Tue, 10 Mar 2009 22:12:05 +0000 (15:12 -0700)]
ofp-print: Support printing NXAST_RESUBMIT Nicira action.
Ben Pfaff [Tue, 10 Mar 2009 22:06:49 +0000 (15:06 -0700)]
secchan: Fix segfault in handling OFPP_TABLE, NXAST_RESUBMIT actions.
Ben Pfaff [Tue, 10 Mar 2009 21:03:13 +0000 (14:03 -0700)]
Implement OFPP_NORMAL action in secchan and hook into vswitchd.
Bonded interface accounting and rebalancing has been removed and needs to
be added back in.
Handling of ARP packets arriving on bonded interfaces is also known to
be broken.
Ben Pfaff [Tue, 10 Mar 2009 21:04:16 +0000 (14:04 -0700)]
vswitch: Work in terms of ODP port numbers.
The vswitch used to be an OpenFlow client, so all of its internals were in
terms of OpenFlow port numbering. When it was converted to be a datapath
client instead, a shim layer that converted between OpenFlow and ODP port
numbering was inserted, so that it could still work internally in terms of
OpenFlow port numbers.
This commit makes the vswitch use ODP port numbering internally, removing
this shim layer.
Ben Pfaff [Tue, 10 Mar 2009 17:41:30 +0000 (10:41 -0700)]
secchan: Purge buffered packets on startup.
This keeps packets that can be minutes old from getting forwarded.
Ben Pfaff [Tue, 10 Mar 2009 17:14:14 +0000 (10:14 -0700)]
secchan: Fix memory leak, and flush all flows on ofproto destruction.
Ben Pfaff [Tue, 10 Mar 2009 17:13:27 +0000 (10:13 -0700)]
secchan: New function ofproto_flush_flows() to flush all flows.
Ben Pfaff [Tue, 10 Mar 2009 17:12:40 +0000 (10:12 -0700)]
classifier: New enum CLS_INC_ALL, for convenience.
Ben Pfaff [Tue, 10 Mar 2009 16:55:41 +0000 (09:55 -0700)]
secchan: Make ofproto_add_flow() able to add a permanent flow.
Ben Pfaff [Tue, 10 Mar 2009 17:44:23 +0000 (10:44 -0700)]
secchan: Add wildcard support to ofproto_add_flow(), ofproto_delete_flow().
Ben Pfaff [Mon, 9 Mar 2009 18:28:01 +0000 (11:28 -0700)]
secchan: Keep track of ofproto even when translating nested actions.
Allowing vswitch to hook OFPP_NORMAL will require nested actions (via
NXAST_RESUBMIT) to access the ofproto, so we need to be able to get to it
in that case.
Ben Pfaff [Tue, 10 Mar 2009 18:12:14 +0000 (11:12 -0700)]
vswitch: Fix typo in comment.
Ben Pfaff [Tue, 10 Mar 2009 20:34:24 +0000 (13:34 -0700)]
secchan: Drop unused function.
Ben Pfaff [Tue, 10 Mar 2009 19:29:43 +0000 (12:29 -0700)]
vswitch: Drop unused extern declaration.
This was entirely unused.
Ben Pfaff [Mon, 9 Mar 2009 22:39:46 +0000 (15:39 -0700)]
vconn: Delete fd-based vconns.
These vconns were only a crappy kluge for communication between vswitchd
and its subordinate secchans. We are better off rid of them.
Ben Pfaff [Mon, 9 Mar 2009 22:37:16 +0000 (15:37 -0700)]
vswitch: Eliminate OpenFlow connection to ofproto.
The vswitch interface to the ofproto is now entirely a functional
interface, instead of going partially over an OpenFlow connection that
"loops back" to the ofproto via a socketpair. So this commit drops
the code that connects and maintains that connection.
Ben Pfaff [Mon, 9 Mar 2009 22:49:35 +0000 (15:49 -0700)]
Stop using vswitch OpenFlow connection to ofproto, by adding ofproto features.
Ben Pfaff [Mon, 9 Mar 2009 21:12:25 +0000 (14:12 -0700)]
secchan: Make netflow expiration arguments more sensible.
This cleanup is useful preparation for adding a flow expiration hook for
vswitchd to use, since that hook wants to receive essentially the same
information.
Ben Pfaff [Mon, 9 Mar 2009 20:50:16 +0000 (13:50 -0700)]
secchan: Optimize flow expiration when not connected.
There is no point in composing a flow-expiration message for an ofconn
whose rconn is not connected.
This optimization might be a win for a standalone vswitch.
Ben Pfaff [Mon, 9 Mar 2009 20:58:01 +0000 (13:58 -0700)]
secchan: Add comments.
Ben Pfaff [Mon, 9 Mar 2009 18:25:37 +0000 (11:25 -0700)]
Move ODP-related functions into new module "odp-util".
This allows code outside ofproto.c to use it, which will soon be useful
to allow vswitchd to hook OFPP_NORMAL.
Ben Pfaff [Mon, 9 Mar 2009 18:07:06 +0000 (11:07 -0700)]
secchan: Retain original input port for NXAST_RESUBMIT action.
The NXAST_RESUBMIT action causes a secondary lookup in the flow table with
a different input port value. However, we want to retain the original
input port for processing the result of that secondary lookup. Otherwise,
output to OFPP_IN_PORT will send the packet to the wrong port, and output
to the input port without specifying OFPP_IN_PORT will be mistakenly
allowed.
Ben Pfaff [Mon, 9 Mar 2009 18:03:24 +0000 (11:03 -0700)]
secchan: Fix typo in comment.
Ben Pfaff [Mon, 9 Mar 2009 19:56:29 +0000 (12:56 -0700)]
secchan: Add clarifying comment.
Ben Pfaff [Mon, 9 Mar 2009 20:12:54 +0000 (13:12 -0700)]
vswitch: Fix memory leak in error path.
Ben Pfaff [Sat, 7 Mar 2009 00:37:01 +0000 (16:37 -0800)]
dpif: New function dpif_id() for getting the datapath index.
Using this function instead of referring to the "minor" member directly
helps with abstraction.
Ben Pfaff [Sat, 7 Mar 2009 00:29:51 +0000 (16:29 -0800)]
vswitch: Fix file descriptor leak.
Need to close all the dpifs that we open.
Ben Pfaff [Sat, 7 Mar 2009 00:16:19 +0000 (16:16 -0800)]
secchan: Remove an invalid optimization.
Justin Pettit [Mon, 9 Mar 2009 01:07:46 +0000 (18:07 -0700)]
Repair recently broken cfg_has_section().
Justin Pettit [Mon, 9 Mar 2009 01:04:58 +0000 (18:04 -0700)]
Have secchan reply to OpenFlow echo requests.
Justin Pettit [Thu, 5 Mar 2009 19:59:24 +0000 (11:59 -0800)]
Include limits.h for UINT_MAX definition.
Ben Pfaff [Fri, 6 Mar 2009 22:34:46 +0000 (14:34 -0800)]
Keep secchan and vswitchd from consuming 100% CPU when a datapath is deleted.
Before this commit, "dpctl deldp x" would cause secchan or vswitchd to
consume 100% CPU if they were responsible for the given datapath. This
fixes the problem.
Ben Pfaff [Fri, 6 Mar 2009 22:12:36 +0000 (14:12 -0800)]
vswitch: Keep existing datapaths when starting up.
Until now, vswitchd has deleted all existing datapaths when it started up,
and then re-created the ones that are actually configured. This is a very
"clean", conservative design, but it has undesirable effects in practice.
In particular, if any datapath has a local port with an IP address
configured on it, then deleting the datapath and recreating it will drop
that IP address, which can mean that your machine just lost connectivity
to the outside world.
So, with this commit, now vswitchd only deletes datapaths at startup that
don't have configured bridges, preserving local port IP addresses.
Ben Pfaff [Fri, 6 Mar 2009 22:03:24 +0000 (14:03 -0800)]
dpif: New function dpif_get_name().
This function is equivalent to querying the ODPP_LOCAL port, but its name
better reflects the caller's intent, and its interface is slightly more
convenient.
Ben Pfaff [Fri, 6 Mar 2009 22:02:06 +0000 (14:02 -0800)]
Make ODP_DP_CREATE distinguish conflicting name from conflicting number.
There's no point in retrying with a different number if the name conflicts.
Ben Pfaff [Fri, 6 Mar 2009 21:58:47 +0000 (13:58 -0800)]
shash: Don't free block we didn't allocate in shash_destroy().
Ben Pfaff [Fri, 6 Mar 2009 21:30:09 +0000 (13:30 -0800)]
flow: Properly translate port numbers in flow_from_match().
The OpenFlow and datapath port numbers for the local port are different.
We were translating them in one direction (in flow_to_match()) but not
in the other (in flow_from_match()).
This fixes a performance problem (we were setting up the wrong flow).
Ben Pfaff [Fri, 6 Mar 2009 18:58:13 +0000 (10:58 -0800)]
netdev: Don't log a warning for unsupported ethtool operations.
Plenty of devices don't support ethtool, and we don't use ethtool for
anything essential, so there's no point in logging a warning here.
Ben Pfaff [Fri, 6 Mar 2009 18:57:30 +0000 (10:57 -0800)]
dpif: Don't log a warning in dpifmon_poll() for missing device.
We were using dpif_port_query_by_name() here to see whether the device is
part of the datapath, so there's no point in logging a warning if it isn't.
Ben Pfaff [Fri, 6 Mar 2009 17:52:08 +0000 (09:52 -0800)]
secchan: Fix use-after-free by allocating rule actions as separate blocks.
The ofproto code tried to cleverly save memory and time by allocating
rule actions as a flexible array member at the end of "struct rule". When
the actions changed, this required a realloc() call. Unfortunately, there
are sometimes pointers to rules (e.g. the "super" pointer from subrules)
that were not getting adjusted to point to the new location.
It's better to just allocate actions separately, so fix it by doing that.
Justin Pettit [Fri, 6 Mar 2009 08:34:37 +0000 (00:34 -0800)]
Cleanup .gitignore for 2.4 datapath builds.
Justin Pettit [Fri, 6 Mar 2009 08:34:01 +0000 (00:34 -0800)]
More files for git to ignore for 2.6 datapath builds.
Justin Pettit [Fri, 6 Mar 2009 08:24:45 +0000 (00:24 -0800)]
Cleanup files for git to ignore in datapath linux-2.6 build directory.
Justin Pettit [Fri, 6 Mar 2009 08:01:25 +0000 (00:01 -0800)]
Only build SSL components if build configured with HAVE_OPENSSL.
Justin Pettit [Fri, 6 Mar 2009 08:01:00 +0000 (00:01 -0800)]
Add limits.h for UINT_MAX definition.
Ben Pfaff [Fri, 6 Mar 2009 01:34:42 +0000 (17:34 -0800)]
secchan: Correctly maintain rule's number of actions.
We were reallocating memory properly but not updating the "n_actions"
member, which sometimes led to reading past the end of a block.
This problem possibly caused segfaults, since the OpenFlow->ODP action
translation code assumes that OpenFlow actions are prevalidated, and
random memory is not necessarily valid OpenFlow actions :-)
Spotted by Valgrind.