Ben Pfaff [Fri, 27 Aug 2010 19:32:05 +0000 (12:32 -0700)]
datapath: Report memory allocation errors in flow_extract().
Until now flow_extract() has simply returned a bogus flow when memory
allocation errors occurred. This fixes the problem by propagating the
error to the caller.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Tue, 10 Aug 2010 18:23:02 +0000 (11:23 -0700)]
learning-switch: Ignore "packet_in"s caused by OFPP_CONTROLLER actions.
It seems best to ignore "packet_in"s caused by OFPP_CONTROLLER actions in
learning-switch, since someone might be experimenting and it's best not
to interfere with that.
Ben Pfaff [Tue, 10 Aug 2010 18:05:01 +0000 (11:05 -0700)]
ofproto: Avoid ofpbuf_clone() for OFPAT_CONTROLLER common case.
This additionally optimizes the common case of the first packet of a flow
that consists only of an OFPAT_CONTROLLER action, by avoiding an
ofpbuf_clone() call along that path.
Ben Pfaff [Wed, 4 Aug 2010 21:08:26 +0000 (14:08 -0700)]
ofproto: Avoid user->kernel->user round-trip for many controller actions.
When an OpenFlow flow says to send packets to the controller, until now
ofproto has executed that using dpif_execute(), which passes the packet up
to the kernel. The kernel queues the packet into its "action" queue, and
then later ofproto pulls the packet back down from the kernel and sends it
to the controller.
However, this is unnecessary. Open vSwitch can just recognize in advance
that it will get the packet back and handle it directly, skipping the round
trip. This commit implements this optimization.
This generally affects only the first packet in a flow, since generally the
rest come directly down from the kernel. It only optimizes the "easy" case
where the first action in a flow is to send the packet to the controller,
since this seems to be the common case in the flows that I'm looking at
now.
Ben Pfaff [Thu, 26 Aug 2010 20:57:11 +0000 (13:57 -0700)]
xenserver: Finish renaming system-level external_ids.
vswitch.xml was updated to describe system-id and xs-system-uuid but the
implementation of this update was incomplete.
CC: Justin Pettit <jpettit@nicira.com>
CC: Jeremy Stribling <strib@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Fri, 20 Aug 2010 18:26:03 +0000 (11:26 -0700)]
configure: Enable OpenSSL support by default.
Years ago some users had broken OpenSSL libraries that didn't actually
work, so we disabled OpenSSL by default. By now, I hope that those users
have fixed their systems.
Ben Pfaff [Tue, 24 Aug 2010 23:00:46 +0000 (16:00 -0700)]
dpif-netdev: Expand tabs.
Ben Pfaff [Tue, 24 Aug 2010 23:00:27 +0000 (16:00 -0700)]
Add Nicira extension to OpenFlow for dropping spoofed ARP packets.
"ARP spoofing" is when a host claims an incorrect association between an
IP address and a MAC address for deceptive purposes. OpenFlow by itself
can prevent a host from sending out ARP replies from an incorrect MAC
address in the Ethernet L2 header, but it cannot control the MAC addresses
inside the ARP L3 packet. This commit adds a new action that can be used
to drop these spoofed packets.
CC: Paul Ingram <paul@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Thu, 26 Aug 2010 16:56:25 +0000 (09:56 -0700)]
vswitchd: Fix 100% CPU usage with bonds and --fake-proc-net.
The current date in milliseconds since the epoch is ~1,282,841,552,000,
which is greater than LONG_MAX of 4,294,967,295 on 32-bit systems, so
no matter what was stored into bond_next_fake_iface_update, it would always
appear to be expired. It really needs to be a 64-bit number. (This was
just a typo really.)
Since XenServer 5.5 requires --fake-proc-net, this probably fixes an
important bug there.
Reported-by: Luiz Henrique Ozaki <luiz.ozaki@gmail.com>
Ben Pfaff [Thu, 26 Aug 2010 16:39:54 +0000 (09:39 -0700)]
xenserver: Add type-checking to monitor-external-ids script.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Thu, 26 Aug 2010 16:38:52 +0000 (09:38 -0700)]
xenserver: Block until change in poll loop to avoid 100% CPU consumption.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Thu, 26 Aug 2010 17:06:36 +0000 (10:06 -0700)]
vswitchd: Fix "updelay" configuration for bonds.
Reported-by: Michael Mao <mmao@nicira.com>
Bug #3521.
Ben Pfaff [Thu, 12 Aug 2010 22:12:28 +0000 (15:12 -0700)]
datapath: Free up flow_extract() return value for reporting errors.
flow_extract() can fail due to memory allocation errors in pskb_may_pull().
Currently it doesn't return those properly, instead just reporting a bogus
flow to the caller. But its return value is currently in use for reporting
whether the packet was an IPv4 fragment. This commit switches to reporting
that in the skb itself so that the return value can be reused to report
errors.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Fri, 13 Aug 2010 17:47:44 +0000 (10:47 -0700)]
datapath: Remove skb->len >= ETH_HLEN check from flow_extract().
The callers ensure that this is already the case.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Fri, 13 Aug 2010 17:18:28 +0000 (10:18 -0700)]
datapath: Use 'bool' instead of 'int' where appropriate.
'bool' is better modern kernel style.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Fri, 13 Aug 2010 16:43:04 +0000 (09:43 -0700)]
datapath: Use min() instead of open-coding it.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Justin Pettit [Tue, 24 Aug 2010 21:50:06 +0000 (14:50 -0700)]
xenserver: Add monitor-external-ids daemon
The monitor-external-ids daemon monitors the external_ids columns of the
Bridge and Interface OVSDB tables. Its primary responsibility is to
set the "bridge-id" and "iface-id" keys in the Bridge and Interface
tables, respectively. It also looks for the use of "network-uuids" in
the Bridge table and duplicates its value to the preferred
"xs-network-uuids".
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Justin Pettit [Mon, 9 Aug 2010 22:07:32 +0000 (15:07 -0700)]
xenserver: Prepend XenServer external ids with "xs-"
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Justin Pettit [Thu, 5 Aug 2010 01:52:17 +0000 (18:52 -0700)]
xenserver: Report the system type and version as external ids
The configuration schema defines the system-type and system-version
external-ids for the Open_vSwitch table. This commit adds support for
reporting them on XenServer.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Justin Pettit [Wed, 4 Aug 2010 06:00:04 +0000 (23:00 -0700)]
vswitch: Break out XenServer-specific external ids
As we move to new platforms, not all external identifiers will be
universally unique, but the "-uuid" suffix seemingly prevents their use.
Create new identifiers without the "-uuid" suffix. Change the existing
XenServer-specific external identifiers to contain a "xs-" prefix. This
also allows a XenServer integrator to define identifiers different from
the XenServer UUIDs, but still leave them in the config database to be
used by other programs.
Justin Pettit [Wed, 4 Aug 2010 05:21:43 +0000 (22:21 -0700)]
vswitch: Add port status column to Port table
Add "status" map to provide optional status of ports to Port table.
Ben Pfaff [Sat, 21 Aug 2010 22:39:27 +0000 (15:39 -0700)]
Delete local copy of simplejson.
The previous commit dropped usage of simplejson from the Python
code in the tree, because it did not provide adequate features to
support the JSON-RPC engine. In particular simplejson is not a
"push parser"--you can't give it a byte or a character at a time
and have it tell you when it has read a whole JSON value.
Ben Pfaff [Wed, 25 Aug 2010 17:26:40 +0000 (10:26 -0700)]
Implement initial Python bindings for Open vSwitch database.
These initial bindings pass a few hundred of the corresponding tests
for C implementations of various bits of the Open vSwitch library API.
The poorest part of them is actually the Python IDL interface in
ovs.db.idl, which has not received enough attention yet. It appears
to work, but it doesn't yet support writes (transactions) and it is
difficult to use. I hope to improve it as it becomes clear what
semantics Python applications actually want from an IDL.
Ben Pfaff [Sat, 21 Aug 2010 03:50:17 +0000 (20:50 -0700)]
reconnect: Refactor tests to use common macro.
This will make it easier to add tests for the Python implemenentation.
Ben Pfaff [Mon, 23 Aug 2010 23:56:25 +0000 (16:56 -0700)]
ovsdbmonitor: Fix uninstall.
We install an ovsdbmonitor binary so we should uninstall it too.
Ben Pfaff [Mon, 23 Aug 2010 06:13:35 +0000 (23:13 -0700)]
daemon: Improve comments.
Elsewhere we put the name of command-line options that control global
variables in the comment, so do so here as well.
Also fix a comment typo.
Ben Pfaff [Sun, 22 Aug 2010 20:39:43 +0000 (13:39 -0700)]
reconnect: Fix typo in comment.
Ben Pfaff [Sun, 22 Aug 2010 20:38:39 +0000 (13:38 -0700)]
json: Remove unused return value from json_parser_push().
No point in returning a value that no caller uses.
Ben Pfaff [Sun, 22 Aug 2010 19:52:35 +0000 (12:52 -0700)]
poll-loop: Fix obsolete comment.
The poll loop used to have support for autonomous subroutines, but it no
longer does.
Ben Pfaff [Sat, 21 Aug 2010 05:26:25 +0000 (22:26 -0700)]
jsonrpc: Indentation fix.
Ben Pfaff [Mon, 23 Aug 2010 19:18:05 +0000 (12:18 -0700)]
stream, vconn: Fix comments.
All streams and all vconns are "active", so there's no point in noting that
requirement in comments. (A long time ago, active and passive vconns were
conflated instead of having passive vconns broken out as pvconns. But
active and passive streams have always been distinct.)
Ben Pfaff [Fri, 20 Aug 2010 16:13:20 +0000 (09:13 -0700)]
json: Remove write-only variable from json_lex_number().
Ben Pfaff [Tue, 17 Aug 2010 19:49:31 +0000 (12:49 -0700)]
ovsdb: Remove unused ovsdb_datum_from_json_unique().
This function was not used outside of the test-ovsdb program. It seems
like we might as well remove it.
Ben Pfaff [Wed, 25 Aug 2010 20:04:34 +0000 (13:04 -0700)]
xenserver: Add ovs-parse-leaks manpage to list of files.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Wed, 25 Aug 2010 16:59:26 +0000 (09:59 -0700)]
utilities: Remove ovs-wdt.
We used ovs-wdt at Nicira for a while when we were working on building
hardware switches. We don't use it anymore, so remove it from the tree.
CC: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Wed, 25 Aug 2010 16:57:11 +0000 (09:57 -0700)]
utilities: Remove ovs-monitor.
The ovs-monitor script is now more than adequately replaced by the
--monitor option to the various daemons.
CC: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Wed, 25 Aug 2010 00:49:13 +0000 (17:49 -0700)]
ovs-parse-leaks: Add manpage.
CC: Simon Horman <horms@verge.net.au>
Simon Horman [Wed, 25 Aug 2010 03:10:32 +0000 (12:10 +0900)]
datapath: Unconditionally call kfree_skb()
kfree_skb() will ignore a NULL pointer.
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Ben Pfaff [Wed, 25 Aug 2010 00:12:23 +0000 (17:12 -0700)]
debian: Use pfaffben@debian.org as uploader address for Ben Pfaff.
I use pfaffben@debian.org as my contact address for Debian packages, so
use it here too. I've had annoyed emails from folks when I am not
consistent about this, so fix it proactively.
Simon Horman [Tue, 24 Aug 2010 00:54:58 +0000 (09:54 +0900)]
Debian: make debian/copyright more friendly to the ftpmasters
Signed-off-by: Simon Horman <horms@verge.net.au>
[list of copyright holders adjusted]
Signed-off-by: Ben Pfaff <blp@nicira.com>
Jesse Gross [Thu, 12 Aug 2010 23:27:19 +0000 (19:27 -0400)]
netdev-tunnel: Add CAPWAP userspace interface.
Provide a userspace interface to the CAPWAP UDP transport
tunneling mechanism in the kernel.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Jesse Gross [Tue, 17 Aug 2010 22:09:53 +0000 (18:09 -0400)]
netdev: Don't assume all netdevs are available at runtime.
Currently we print a warning if a user tries to configure a
netdev that is not in the list that userspace knows about.
However, it is possible that a given netdev maybe be enabled but
when it tries to create a device it finds out that it can't
(not supported by kernel module, hardware not present, etc.).
This makes the behavior the same in both cases.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Jesse Gross [Thu, 12 Aug 2010 00:55:58 +0000 (20:55 -0400)]
datapath: Add support for CAPWAP UDP transport.
Add support for the transport portion of the CAPWAP protocol as
an alternative to GRE for L2 over L3 tunneling. This is not
full support for the CAPWAP protocol. CAPWAP covers management
of wireless access points and describes a control protocol for
setting those devices up. It also describes a data plane protocol
that allows packets to be tunneled to a controller for inspection.
This data plane protocol is the only component covered by this
commit.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Jesse Gross [Mon, 16 Aug 2010 14:32:41 +0000 (10:32 -0400)]
datapath: Add support for tunnel fragmentation.
Up until now it was assumed that encapsulated packets larger than
the MTU would be fragmented by the IP stack. However, some
tunneling protocols provide their own fragmentation mechanism. This
adds the necessary support to the generic tunnel code to support
fragmentation.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Jesse Gross [Wed, 11 Aug 2010 22:29:48 +0000 (18:29 -0400)]
netdev-gre: Genericize GRE netdev.
Since the GRE netdev doesn't actually implement any of the GRE
protocol, none of the code is really specific to GRE. This commit
makes the netdev a little more generic so that additional tunnel
types can easily piggyback on it in the future.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Jesse Gross [Wed, 11 Aug 2010 00:11:48 +0000 (20:11 -0400)]
datapath: Abstract tunneling implementation from GRE.
Much of the code in the GRE implementation is not specific to the
GRE protocol but is actually common to all types of tunnels. In
order to support future types of tunnels, move this code into a
common library.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Simon Horman [Mon, 23 Aug 2010 06:30:12 +0000 (15:30 +0900)]
datapath: struct brport_attribute no longer has an owner element
Between 2.6.35 and 2.6.36-rc1 the owner element of struct brport_attribute
was removed.
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Simon Horman [Mon, 23 Aug 2010 06:30:11 +0000 (15:30 +0900)]
datapath: Use rtnl_link_stats64
This adds compatibility with a series kernel changesets that
introduces 64bit statistics. The final changeset (to date) being
"net: Document that dev_get_stats() returns the given pointer".
The relevant changesets were added between 2.6.35 and 2.6.36-rc1.
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Simon Horman [Mon, 23 Aug 2010 06:30:10 +0000 (15:30 +0900)]
datapath: use rx_handler_data pointer
This adds compatibility with kernel changeset
"bridge: use rx_handler_data pointer to store net_bridge_port pointer"
which was added between 2.6.35 and 2.6.36-rc1.
With this change it is now safe to (attempt to) insert both bridge and
datapath with newer (>=2.6.36) kernels, although whichever is inserted
second will fail to initialise on the call to netdev_rx_handler_register()
Signed-off-by: Simon Horman <horms@verge.net.au>
[Jesse: fixed merge conflicts in vport-netdev.c and netdevice.h]
Signed-off-by: Jesse Gross <jesse@nicira.com>
Simon Horman [Mon, 23 Aug 2010 06:30:09 +0000 (15:30 +0900)]
datapath: Take a rcu_dereference() in netdev_get_vport()
Although not strictly necessary, this will make this
function more consistent when compatibility for 2.6.36 is added.
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Simon Horman [Mon, 23 Aug 2010 06:30:08 +0000 (15:30 +0900)]
datapath: rtable may not have a u. member
This brings the code up to sync with the kernel as
of changeset "net-next: remove useless union keyword",
which was added between 2.6.35 and 2.6.36-rc1
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Simon Horman [Mon, 23 Aug 2010 06:30:07 +0000 (15:30 +0900)]
datapath: Handle duplicate netdev in netdev_rx_handler_register()
For kernels that have netdev_rx_handler_register() (>=2.6.35),
duplicate netdevs are detected by netdev_rx_handler_register().
So by adding duplicate detection to the netdev_rx_handler_register()
compatibility code the explicit check in netdev_create() can be removed.
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Simon Horman [Mon, 23 Aug 2010 06:30:06 +0000 (15:30 +0900)]
datapath: dont use non-existent receive hooks
This adds compatibility with kernel changeset
of changeset "net: add rx_handler data pointer"
and thus "net: replace hooks in __netif_receive_skb V5",
which were added between 2.6.35 and 2.6.36-rc1
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Jesse Gross [Mon, 23 Aug 2010 17:42:19 +0000 (13:42 -0400)]
terminal: Remove vlog modules.
The terminal modules in vlog-modules.def weren't removed when the
code was, which breaks compilation due to a check for this
condition.
Ben Pfaff [Fri, 20 Aug 2010 19:37:01 +0000 (12:37 -0700)]
Remove ezio-term and ovs-switchui utilities.
These utilities were useful when Nicira was building switches with 16x2 LCD
front panel displays, but they aren't useful for other environments and
even Nicira does not use that kind of switch any longer. So remove them
and all the build infrastructure on which they depended.
Jesse Gross [Thu, 29 Jul 2010 01:20:43 +0000 (18:20 -0700)]
datpath: Avoid reporting half updated statistics.
We enforce mutual exclusion when updating statistics by disabling
bottom halves and only writing to per-CPU state. However, reading
requires looking at the statistics for foreign CPUs, which could be
in the process of updating them since there isn't a lock. This means
we could get garbage values for 64-bit values on 32-bit machines or
byte counts that don't correspond to packet counts, etc.
This commit introduces a sequence lock for statistics values to avoid
this problem. Getting a write lock is very cheap - it only requires
incrementing a counter plus a memory barrier (which is compiled away
on x86) to acquire or release the lock and will never block. On
read we spin until the sequence number hasn't changed in the middle
of the operation, indicating that the we have a consistent set of
values.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Jesse Gross [Sat, 14 Aug 2010 16:25:58 +0000 (12:25 -0400)]
gre: Don't require incoming checksum.
The current meaning of the GRE checksum option is to include
checksums on transmit and require packets to have them on receive.
In addition, incoming packets with checksums are always validated
regardless of this option. Requiring checksums on receive creates
surprising behavior and interoperability issues. This disables the
requirement on receive. The new behavior is that the sender decides
whether to checksum packets and the receiver will validate packets
with checksums (similar to UDP).
Signed-off-by: Jesse Gross <jesse@nicira.com>
Jesse Gross [Fri, 13 Aug 2010 03:31:03 +0000 (23:31 -0400)]
gre: Disable checksums by default.
GRE checksums aren't really all that useful because they only
add value for the GRE and inner Ethernet header. However, they
are expensive since they cover the entire packet, even though
most of the data is protected by L3 and L4 checksums. Therefore
disable checksumming by default to improve performance. In addition,
since CAPWAP doesn't support checksums this makes it consistent with
GRE.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Tsvi Slonim [Fri, 20 Aug 2010 17:43:13 +0000 (10:43 -0700)]
backtrace: Use generic code to find the bottom of the stack.
This fixes an ugly GCC warning without using inline asm.
Bryan Phillippe [Fri, 20 Aug 2010 16:27:16 +0000 (09:27 -0700)]
socket-util: Suppress uninitialized variable warning with old GCC.
Bryan Phillippe [Fri, 20 Aug 2010 16:25:34 +0000 (09:25 -0700)]
vconn-stream: printf() specifier for int is %d (not %zu)
Bryan Phillippe [Fri, 20 Aug 2010 17:42:29 +0000 (10:42 -0700)]
socket-util: Remove stray printf() from make_unix_socket().
Simon Horman [Fri, 20 Aug 2010 02:32:52 +0000 (11:32 +0900)]
debian: Use horms@debian.org the uploaders field
Sorry for the noise, I should have noticed this earlier,
but for consistency with other packages I'd prefer to
use my debian.org address here.
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Ben Pfaff [Thu, 19 Aug 2010 20:11:05 +0000 (13:11 -0700)]
debian: Fix "make dist" by adding corekeeper.override to EXTRA_DIST.
Reported-by: Teemu Koponen <koponen@nicira.com>
Ben Pfaff [Thu, 19 Aug 2010 16:53:08 +0000 (09:53 -0700)]
AUTHORS: Add Simon Horman <horms@verge.net.au>.
Ben Pfaff [Mon, 16 Aug 2010 22:59:26 +0000 (15:59 -0700)]
Fix SSL boilerplate descriptions in manpages.
Some of the SSL boilerplate was specific to switches, but it was included
in OVSDB programs also. Make it more generic. Also document SSL options
in some manpages where they were missing.
Ben Pfaff [Mon, 16 Aug 2010 22:57:03 +0000 (15:57 -0700)]
Fix typos in manpages.
Ben Pfaff [Mon, 16 Aug 2010 22:54:47 +0000 (15:54 -0700)]
ovs-vsctl: Fix parsing of short SSL options.
The short versions of the SSL options (e.g. -p, -c, -C) did not work,
because they were not in the string passed to getopt_long(). This commit
fixes the problem and should avoid its recurrence with any other short
options that we add in the future.
Simon Horman [Thu, 19 Aug 2010 07:55:38 +0000 (16:55 +0900)]
debian: Add override of non-standard-dir-perm to corekeeper
It is intentional that var/log/core/ has a non standard permission
of 1777 instead of 0755.
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Simon Horman [Thu, 19 Aug 2010 07:55:37 +0000 (16:55 +0900)]
Debian: Use ${source:Version} for versioned dependencies as appropriate
${source:Version} should be used for versioned dependencies
of arch:any packages on arch:all packages.
${source:Version} may be used for versioned dependencies
of arch:all packages on arch:any packages.
See: http://lintian.debian.org/tags/not-binnmuable-any-depends-all.html
http://lintian.debian.org/tags/not-binnmuable-all-depends-any.html
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Simon Horman [Thu, 19 Aug 2010 07:55:36 +0000 (16:55 +0900)]
Debian: Add Build-Depends on python
Python is needed in order to run the following tests:
interface-reconfigure
579: non-VLAN, non-bond ok
580: VLAN, non-bond ok
581: Bond, non-VLAN ok
582: VLAN on bond ok
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Simon Horman [Thu, 19 Aug 2010 07:55:35 +0000 (16:55 +0900)]
Debian: Update to standards version 3.9.1
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Simon Horman [Thu, 19 Aug 2010 07:55:34 +0000 (16:55 +0900)]
Debian: Add Ben Pfaff and Simon Horman the uploaders
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Wed, 4 Aug 2010 17:50:40 +0000 (10:50 -0700)]
odp-util: Avoid branch in odp_actions_add().
I have no idea why, but the test and branch in odp_actions_add() has always
bugged me. This commit eliminates it.
Ben Pfaff [Fri, 13 Aug 2010 16:58:29 +0000 (09:58 -0700)]
uuid: Fix warnings carelessly introduced a few commits ago.
Commit e251c8 "uuid: Break code to read /dev/urandom into a new module"
carelessly introduced a few warnings, which this commit fixes up.
Ben Pfaff [Fri, 13 Aug 2010 16:57:25 +0000 (09:57 -0700)]
ofproto: Add support for NXAST_RESUBMIT recursion.
CC: Teemu Koponen <koponen@nicira.com>
Ben Pfaff [Thu, 12 Aug 2010 00:24:13 +0000 (17:24 -0700)]
Remove vestigial support for Spanning Tree Protocol.
Open vSwitch has never properly supported IEEE 802.1D Spanning Tree
Protocol (STP), but it has various bits and pieces that claim to support
it. This commit deletes them, to reduce the amount of dead code in the
tree. We can always reintroduce it later if it proves to be a good idea.
Bug #1175.
Ben Pfaff [Thu, 12 Aug 2010 18:12:13 +0000 (11:12 -0700)]
random: Get random seed from /dev/urandom.
Even though this PRNG is not meant to be cryptographically secure, there is
no reason not to get a high-quality seed.
CC: Stephen Hemminger <shemminger@vyatta.com>
Ben Pfaff [Thu, 12 Aug 2010 22:47:25 +0000 (15:47 -0700)]
uuid: Break code to read /dev/urandom into a new module.
This code is useful for seeding other random number generators, so we might
as well make it a separate source file.
Ben Pfaff [Thu, 12 Aug 2010 18:05:07 +0000 (11:05 -0700)]
util: Make ovs_fatal() understand EOF also.
ovs_error() interprets EOF as "end of file" when printing an error message,
so ovs_fatal() might as well.
Ben Pfaff [Thu, 12 Aug 2010 17:18:19 +0000 (10:18 -0700)]
Wait for daemons to die in init.d script "stop" commands.
Sometimes it takes a moment for the OVS daemons to die. When that happens,
the "start" half of "openvswitch restart" can fail when ovsdb-tool
runs, because ovsdb-server will still have the lock on the database if it
has not exited yet. So this commit just makes the "stop" half wait for
the daemons to really die.
Bug #3369.
Ben Pfaff [Thu, 12 Aug 2010 16:47:33 +0000 (09:47 -0700)]
daemon: Make sure that vlog is initialized when a process daemonizes.
If a process daemonizes itself, then it should be possible to control that
process's log levels with "ovs-appctl vlog/set" and related commands. The
vlog_init() function registers those commands. But vlog_init() doesn't
normally get called until the first log message is issued. This can take a
while, especially for ovs-controller, where I first noticed the problem.
This commit fixes the problem by calling vlog_init() from
daemonize_start(), which always gets called as a process daemonizes.
Ben Pfaff [Thu, 5 Aug 2010 17:59:26 +0000 (10:59 -0700)]
debian: Use dh_installmodules instead of calling "depmod" wrongly.
Until now, the postinst for kernel modules built by the Debian packaging
has simply run "depmod -a", which is wrong, since this command rebuilds
the dependencies for the *running* kernel, which is not necessarily the
kernel for which modules are being installed.
The dh_installmodules script automatically adds the correct invocation of
depmod to the postinst script, so this commit switches to using that
instead.
This commit moves the kernel modules from /lib/modules/$KVERS into the
"kernel" subdirectory of that directory because dh_installmodules does not
support modules that are directly in the $KVERS directory.
CC: Sajjad Lateef <slateef@nicira.com>
Ben Pfaff [Thu, 5 Aug 2010 17:23:36 +0000 (10:23 -0700)]
random: Implement a decent random number generator.
Until now this library has based its random number upon those returned
by libc's rand() function. This has always bugged me--it is not a good
solution since rand() varies in quality so much. This commit changes
the random library to use a simple but high-quality PRNG.
Ben Pfaff [Wed, 11 Aug 2010 22:29:36 +0000 (15:29 -0700)]
bridge: Don't pay attention to columns that vswitchd doesn't need.
Not replicating unneeded columns has some value in avoiding CPU time and
bandwidth to the database. In ovs-vswitchd, setting cur_cfg as write-only
also have great value in avoiding extra reconfiguration steps. When
ovs-vsctl is used in its default mode this essentially avoids half of the
reconfigurations that ovs-vswitchd currently does. What happens now is:
1. ovs-vsctl updates the database and increments next_cfg.
2. ovs-vswitchd notices the change to the database, reconfigures
itself, then increments cur_cfg to match next_cfg.
3. The database sends the change to cur_cfg back to ovs-vswitchd.
4. ovs-vswitchd reconfigures itself a second time.
By not replicating cur_cfg we avoid step 3 and save a whole reconfiguration
step.
Also, now that the database contains interface statistics, this avoids
reconfiguring every time that statistics are updated.
Ben Pfaff [Wed, 11 Aug 2010 22:41:41 +0000 (15:41 -0700)]
ovsdb-idl: Make it possible to omit or pay less attention to columns.
ovs-vswitchd has no need to replicate some parts of the database. In
particular, it doesn't need to replicate the bits that it never reads,
such as the external_ids column in the Open_vSwitch table. This saves
some memory, CPU time, and bandwidth to the database.
Another type of column that benefits from special treatment is "write-only
columns", that is, those that ovs-vswitchd writes and keeps up-to-date but
never expects another client to write, such as the cur_cfg column in the
Open_vSwitch table. If the IDL reports that the database has changed when
ovs-vswitchd updates such a column, then ovs-vswitchd reconfigures itself
for no reason, wasting CPU time. This commit also adds support for such
columns.
Ben Pfaff [Wed, 11 Aug 2010 17:24:40 +0000 (10:24 -0700)]
stream-ssl: Enable SSL session caching.
Ben Pfaff [Mon, 9 Aug 2010 21:42:35 +0000 (14:42 -0700)]
stream-ssl: Remove unused 'connect_error' member.
Never read, never written.
Ben Pfaff [Tue, 10 Aug 2010 21:35:36 +0000 (14:35 -0700)]
vswitch: Fix speling error in documentation.
Ben Pfaff [Wed, 28 Jul 2010 00:00:54 +0000 (17:00 -0700)]
dpif-netdev: Properly track whether there is a vlan header.
It looks to me like the current dpif-netdev implementation doesn't handle
the case where a packet comes in without a VLAN and then is subjected to
multiple ODPAT_SET_VLAN_* operations. dp_netdev_modify_vlan_tci() just
checks the flow key each time to see whether there's a VLAN, but it doesn't
update the flow key to note that there is now a VLAN.
One fix would be to update the flow key, but it's "const" these days.
Instead, add a check for whether the Ethernet type is ETH_TYPE_VLAN,
which should be equivalent.
Ben Pfaff [Tue, 10 Aug 2010 18:38:55 +0000 (11:38 -0700)]
dpif-netdev: Tolerate undersized packets.
Actions that modify packets need to tolerate packets that are too small.
Most of the actions already implicitly do this check, since they check for
appropriate values in the flow key that would only be there if the
corresponding data was present. But actions to modify the Ethernet header
didn't have a guarantee that the packet was at least 14 bytes long, and
actions to modify the VLAN didn't have such a guarantee either, so this
adds appropriate checks.
Problem found by code inspection.
Ben Pfaff [Tue, 10 Aug 2010 18:35:46 +0000 (11:35 -0700)]
datapath: Fix handling of 802.1Q and SNAP headers.
The kernel and user datapaths have code that assumes that 802.1Q headers
are used only inside Ethernet II frames, not inside SNAP-encapsulated
frames. But the kernel and user flow_extract() implementations would
interpret 802.1Q headers inside SNAP headers as being valid VLANs. This
would cause packet corruption if any VLAN-related actions were to be taken,
so change the two flow_extract() implementations only to accept 802.1Q as
an Ethernet II frame type, not as a SNAP-encoded frame type.
802.1Q-2005 says that this is correct anyhow:
Where the ISS instance used to transmit and receive tagged frames is
provided by a media access control method that can support Ethernet
Type encoding directly (e.g., is an IEEE 802.3 or IEEE 802.11 MAC) or
is media access method independent (e.g., 6.6), the TPID is Ethernet
Type encoded, i.e., is two octets in length and comprises solely the
assigned Ethernet Type value.
Where the ISS instance is provided by a media access method that
cannot directly support Ethernet Type encoding (e.g., is an IEEE
802.5 or FDDI MAC), the TPID is encoded according to the rule for
a Subnetwork Access Protocol (Clause 10 of IEEE Std 802) that
encapsulates Ethernet frames over LLC, and comprises the SNAP
header (AA-AA-03) followed by the SNAP PID (00-00-00) followed by
the two octets of the assigned Ethernet Type value.
All of the media that OVS handles supports Ethernet Type fields, so to me
that means that we don't have to handle 802.1Q-inside-SNAP.
On the other hand, we *do* have to handle SNAP-inside-802.1Q, because this
is actually allowed by the standards. So this commit also adds that
support.
I verified that, with this change, both SNAP and Ethernet packets are
properly recognized both with and without 802.1Q encapsulation.
I was a bit surprised to find out that Linux does not accept
SNAP-encapsulated IP frames on Ethernet.
Here's a summary of how frames are handled before and after this commit:
Common cases
------------
Ethernet
+------------+
1. |dst|src|TYPE|
+------------+
Ethernet LLC SNAP
+------------+ +--------+ +-----------+
2. |dst|src| len| |aa|aa|03| |000000|TYPE|
+------------+ +--------+ +-----------+
Ethernet 802.1Q
+------------+ +---------+
3. |dst|src|8100| |VLAN|TYPE|
+------------+ +---------+
Ethernet 802.1Q LLC SNAP
+------------+ +---------+ +--------+ +-----------+
4. |dst|src|8100| |VLAN| LEN| |aa|aa|03| |000000|TYPE|
+------------+ +---------+ +--------+ +-----------+
Unusual cases
-------------
Ethernet LLC SNAP 802.1Q
+------------+ +--------+ +-----------+ +---------+
5. |dst|src| len| |aa|aa|03| |000000|8100| |VLAN|TYPE|
+------------+ +--------+ +-----------+ +---------+
Ethernet LLC
+------------+ +--------+
6. |dst|src| len| |xx|xx|xx|
+------------+ +--------+
Ethernet LLC SNAP
+------------+ +--------+ +-----------+
7. |dst|src| len| |aa|aa|03| |xxxxxx|xxxx|
+------------+ +--------+ +-----------+
Ethernet 802.1Q LLC
+------------+ +---------+ +--------+
8. |dst|src|8100| |VLAN| LEN| |xx|xx|xx|
+------------+ +---------+ +--------+
Ethernet 802.1Q LLC SNAP
+------------+ +---------+ +--------+ +-----------+
9. |dst|src|8100| |VLAN| LEN| |aa|aa|03| |xxxxxx|xxxx|
+------------+ +---------+ +--------+ +-----------+
Behavior
--------
--------------- --------------- -------------------------------------
Before After
this commit this commit
dl_type dl_vlan dl_type dl_vlan Notes
------- ------- ------- ------- -------------------------------------
1. TYPE ffff TYPE ffff no change
2. TYPE ffff TYPE ffff no change
3. TYPE VLAN TYPE VLAN no change
4. LEN VLAN TYPE VLAN proposal fixes behavior
5. TYPE VLAN 8100 ffff 802.1Q says this is invalid framing
6. 05ff ffff 05ff ffff no change
7. 05ff ffff 05ff ffff no change
8. LEN VLAN 05ff VLAN proposal fixes behavior
9. LEN VLAN 05ff VLAN proposal fixes behavior
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Fri, 6 Aug 2010 18:36:39 +0000 (11:36 -0700)]
vswitch: Clarify "arguments" versus "options".
Interface has an "options" column but some text referred to "arguments"
instead, which confused some readers. Also be even more explicit about
syntax, since this also confused some readers.
CC: Dan Wendlandt <dan@nicira.com>
Ben Pfaff [Fri, 6 Aug 2010 23:49:20 +0000 (16:49 -0700)]
ofproto: Add support for remote "service controllers".
CC: Dan Wendlandt <dan@nicira.com>
Ben Pfaff [Fri, 6 Aug 2010 23:49:14 +0000 (16:49 -0700)]
ovs-openflowd: Fix support for multiple controllers.
The multiple controller support here has apparently never been tested. I
still haven't tested it, but I fixed a few obvious problems in the source
code and in the manpage.
Ben Pfaff [Thu, 5 Aug 2010 21:56:53 +0000 (14:56 -0700)]
ofproto: Improve terminology.
To me, "primary" and "service" connections seem like better terminology
than "controller" and "transient".
Ben Pfaff [Fri, 6 Aug 2010 23:05:17 +0000 (16:05 -0700)]
json: Add extern "C" { ... } to headers.
This makes it easier for external C++ projects to import the header.
CC: Jeremy Stribling <strib@nicira.com>
Ben Pfaff [Fri, 6 Aug 2010 17:24:13 +0000 (10:24 -0700)]
ovs-pki: Create private keys with restricted permissions.
OpenSSL will happily create private keys world-writable, but we probably
should not do that.
CC: Keith Amidon <keith@nicira.com>
Ben Pfaff [Fri, 6 Aug 2010 20:32:47 +0000 (13:32 -0700)]
ovs-pki: Create log directory if it does not exist.
Otherwise "ovs-pki init" can create the pkidir and then fail when it tries
to create the log file, if it is in a directory that does not exist.
Ben Pfaff [Fri, 6 Aug 2010 17:22:29 +0000 (10:22 -0700)]
ovs-pki: Consistently write error messages to stderr.