openvswitch
15 years agoImplement a flow classifier, plus tests.
Ben Pfaff [Mon, 2 Mar 2009 19:37:58 +0000 (11:37 -0800)]
Implement a flow classifier, plus tests.

15 years agoNew function and data structure for handling flow wildcards.
Ben Pfaff [Mon, 2 Mar 2009 19:44:50 +0000 (11:44 -0800)]
New function and data structure for handling flow wildcards.

15 years agoGeneralize conversions between struct flow and struct ofp_match.
Ben Pfaff [Mon, 2 Mar 2009 21:42:04 +0000 (13:42 -0800)]
Generalize conversions between struct flow and struct ofp_match.

15 years agohash: Make hash function pieces available to other modules.
Ben Pfaff [Sat, 28 Feb 2009 00:54:38 +0000 (16:54 -0800)]
hash: Make hash function pieces available to other modules.

This way, modules that want to implement hash functions on their own terms,
for performance (e.g. the classifier), do not have to duplicate the code.

15 years agohmap: New function hmap_replace().
Ben Pfaff [Sat, 28 Feb 2009 00:55:30 +0000 (16:55 -0800)]
hmap: New function hmap_replace().

15 years agohmap: New function hmap_moved().
Ben Pfaff [Sat, 28 Feb 2009 00:55:54 +0000 (16:55 -0800)]
hmap: New function hmap_moved().

15 years agoNew function port_array_count().
Ben Pfaff [Sat, 28 Feb 2009 00:47:47 +0000 (16:47 -0800)]
New function port_array_count().

15 years agoFix indentation error.
Ben Pfaff [Fri, 30 Jan 2009 00:47:42 +0000 (16:47 -0800)]
Fix indentation error.

15 years agoNew function list_moved().
Ben Pfaff [Fri, 30 Jan 2009 00:47:03 +0000 (16:47 -0800)]
New function list_moved().

15 years agoNew function make_packet_out(), and reimplement helpers in terms of it.
Ben Pfaff [Thu, 29 Jan 2009 00:39:16 +0000 (16:39 -0800)]
New function make_packet_out(), and reimplement helpers in terms of it.

15 years agosecchan: Make hook_class structures const.
Ben Pfaff [Wed, 28 Jan 2009 22:02:24 +0000 (14:02 -0800)]
secchan: Make hook_class structures const.

15 years agoMake flow_print() print nw_proto. Print vlan in decimal.
Ben Pfaff [Wed, 28 Jan 2009 20:18:33 +0000 (12:18 -0800)]
Make flow_print() print nw_proto.  Print vlan in decimal.

15 years agoAdd comment.
Ben Pfaff [Mon, 2 Mar 2009 18:31:32 +0000 (10:31 -0800)]
Add comment.

15 years agoNew macro ALWAYS_INLINE to tell GCC that a function must be inlined.
Ben Pfaff [Wed, 28 Jan 2009 18:28:17 +0000 (10:28 -0800)]
New macro ALWAYS_INLINE to tell GCC that a function must be inlined.

15 years agoExport network address mask logic in switch-flow.c for public use.
Ben Pfaff [Tue, 27 Jan 2009 01:18:25 +0000 (17:18 -0800)]
Export network address mask logic in switch-flow.c for public use.

The flow classifier needs to do the same kinds of tests.

15 years agoAvoid a "statement has no effect" warning from BUILD_ASSERT.
Ben Pfaff [Mon, 26 Jan 2009 18:33:14 +0000 (10:33 -0800)]
Avoid a "statement has no effect" warning from BUILD_ASSERT.

15 years agoDelete empty file.
Ben Pfaff [Mon, 2 Mar 2009 19:15:50 +0000 (11:15 -0800)]
Delete empty file.

15 years agoopenflow.h: Fix typos in comments.
Ben Pfaff [Mon, 2 Mar 2009 20:51:57 +0000 (12:51 -0800)]
openflow.h: Fix typos in comments.

15 years agodpctl: Don't print trailing garbage in "dpctl status" output.
Ben Pfaff [Fri, 27 Feb 2009 00:20:00 +0000 (16:20 -0800)]
dpctl: Don't print trailing garbage in "dpctl status" output.

15 years agodpctl: Fix assertion failure when second argument given to "dpctl status".
Ben Pfaff [Fri, 27 Feb 2009 00:19:39 +0000 (16:19 -0800)]
dpctl: Fix assertion failure when second argument given to "dpctl status".

15 years agodatapath: Disallow action length 0, preventing DoS due to infinite loop.
Ben Pfaff [Fri, 30 Jan 2009 00:42:48 +0000 (16:42 -0800)]
datapath: Disallow action length 0, preventing DoS due to infinite loop.

15 years agoSupport multiple NetFlow collectors.
Justin Pettit [Fri, 13 Feb 2009 18:36:44 +0000 (10:36 -0800)]
Support multiple NetFlow collectors.

Add support for sending NetFlow messages to up to eight different
collectors.  With these changes, secchan now reads configuration files
using the same syntax as vswitchd.  This address Redmine feature #901.

15 years agovswitch: Add startup and config files for the XenServer build.
Ben Pfaff [Wed, 11 Feb 2009 23:32:46 +0000 (15:32 -0800)]
vswitch: Add startup and config files for the XenServer build.

15 years agoCheck wildcards for in_port != out_port output validation. (udatapath)
Justin Pettit [Wed, 11 Feb 2009 23:23:23 +0000 (15:23 -0800)]
Check wildcards for in_port != out_port output validation. (udatapath)

OpenFlow requires that traffic that is to be sent out the interface it
came in on use the OFPP_IN_PORT virtual port.  The action validation
code that enforces this ignored the wildcards field, which meant it was
using the garbage 'in_port' value for this check.

NB: This problem was addressed in the kernel datapath with commit
1b580f69f3dfacee49532f71abd72755a09eabd4.

15 years agoFix minor typos in vswitch.conf.5 man page.
Justin Pettit [Wed, 11 Feb 2009 23:10:36 +0000 (15:10 -0800)]
Fix minor typos in vswitch.conf.5 man page.

15 years agonetdev: fix segfault in lookup_netdev().
Ben Pfaff [Mon, 9 Feb 2009 17:57:53 +0000 (09:57 -0800)]
netdev: fix segfault in lookup_netdev().

svec_find() returns SIZE_MAX, not 0, when the specified name cannot be
found.  Don't dereference the names array in this case.

Fixes a segfault that commonly occurred when secchan was started by
vswitchd.

15 years agovswitchd: Avoid 100% CPU when secchan dies too many times.
Ben Pfaff [Fri, 6 Feb 2009 23:07:38 +0000 (15:07 -0800)]
vswitchd: Avoid 100% CPU when secchan dies too many times.

vswitchd restarts secchan when necessary, but it limits the maximum number
of tries to avoid wasting CPU when secchan repeatedly dies.  Unfortunately,
when this happens it also throws vswitchd into a busy-wait by calling
process_wait() on the dead secchan process, because it doesn't clear out
the process from the bridge structure.

This commit clears out the secchan process from the bridge structure, so
that we don't attempt to wait on it any longer, and should fix the busy-wait
problem.

15 years agopoll-loop: Add support for logging the reason for wakeups.
Ben Pfaff [Wed, 4 Feb 2009 18:54:32 +0000 (10:54 -0800)]
poll-loop: Add support for logging the reason for wakeups.

It is useful to log the reason for wakeups, to debug why a program is
waking up more often than it should (for example, consuming 100% CPU load
for no apparent reason).  This adds that logging at DBG level in the
poll loop.

15 years agoleak-checker: Break backtracing code into new module "backtrace".
Ben Pfaff [Wed, 4 Feb 2009 18:51:09 +0000 (10:51 -0800)]
leak-checker: Break backtracing code into new module "backtrace".

This allows other code to use the backtracer too.

15 years agovswitchd: Add build number to --version output.
Ben Pfaff [Fri, 6 Feb 2009 17:16:35 +0000 (09:16 -0800)]
vswitchd: Add build number to --version output.

15 years agoAdd AC_SYS_LARGEFILE, to allow writing log files over 2 GB.
Ben Pfaff [Thu, 5 Feb 2009 17:28:54 +0000 (09:28 -0800)]
Add AC_SYS_LARGEFILE, to allow writing log files over 2 GB.

15 years agoChanged control protocol name to OpenFlow Management Protocol.
Justin Pettit [Wed, 4 Feb 2009 22:26:11 +0000 (14:26 -0800)]
Changed control protocol name to OpenFlow Management Protocol.

15 years agoFirst cut of OpenFlow control protocol draft specification.
Justin Pettit [Wed, 4 Feb 2009 19:48:03 +0000 (11:48 -0800)]
First cut of OpenFlow control protocol draft specification.

15 years agoDon't define skb_copy_{to,from}_linear_data_offset if it is available.
Ben Pfaff [Tue, 3 Feb 2009 18:27:22 +0000 (10:27 -0800)]
Don't define skb_copy_{to,from}_linear_data_offset if it is available.

Linux 2.6.22 introduced functions skb_copy_from_linear_data_offset()
and skb_copy_to_linear_data_offset().  In earlier versions we defined them.
But Xen backports these functions, so this became a duplicate definition.
So check for them at configure time instead of depending on the kernel
version number.

15 years agodatapath: Fix up checksum on Xen before forwarding to controller.
Ben Pfaff [Mon, 2 Feb 2009 17:55:32 +0000 (09:55 -0800)]
datapath: Fix up checksum on Xen before forwarding to controller.

On Xen, the datapath can receive a packet that lacks a correct checksum
from a VM, because the VMs expect to use the host's hardware TX
checksumming.  Until now, we haven't fixed up the checksum before we sent
the packet to the controller.  The controller doesn't normally verify
the checksum (nor can it in general, since it doesn't necessarily get the
entire packet), so that part isn't a problem.

The problem here is in the buffered packet.  fwd_save_skb() makes a copy
(not a clone) of the packet, but skb_copy() doesn't make a copy of the
skbuff's proto_csum_blank, which is what dev_queue_xmit() uses (via
skb_checksum_setup()) to decide whether checksumming needs to be forced.
Thus, the buffered packet is transmitted with a bad checksum.

A partial solution would be to copy proto_csum_blank from the original
skb into the buffered copy, or to make the buffers use clones instead of
copies (they really should do this anyhow).  But this would still send
a bad checksum to the controller.  So instead we do the full checksum
calculation before we send the packet to the controller.

This change affects only Xen.  This situation cannot occur without Xen,
because any packets that arrive on physical interfaces must already have
correct checksums.

15 years agodatapath: Move all fwd_save_skb() calls into a single location.
Ben Pfaff [Fri, 30 Jan 2009 18:58:50 +0000 (10:58 -0800)]
datapath: Move all fwd_save_skb() calls into a single location.

15 years agoFix build issues with recent SNAT changes on older kernels.
Justin Pettit [Mon, 26 Jan 2009 21:42:16 +0000 (13:42 -0800)]
Fix build issues with recent SNAT changes on older kernels.

Recent changes that fixed fragmented packets for SNAT-enabled builds
used calls not implemented in older kernels.  These changes add those
calls to the compatibility layer and clean up a few warnings in those
older kernel builds.

15 years agoMove veth.c to Linux 2.6 compatibility directory.
Justin Pettit [Mon, 26 Jan 2009 20:45:56 +0000 (12:45 -0800)]
Move veth.c to Linux 2.6 compatibility directory.

The veth driver is only available on more recent kernels.  veth.c
contains a port to 2.6.18.  Since this is only needed for 2.6.18, the
source is being moved to the compatibility directory.

15 years agoFor SNAT, don't store the pre-fragment L2 header before actions are applied.
Justin Pettit [Mon, 26 Jan 2009 09:05:39 +0000 (01:05 -0800)]
For SNAT, don't store the pre-fragment L2 header before actions are applied.

The IP fragment code doesn't always write the L2 header when generating
new fragments.  This problem was fixed in an earlier commit.
Unfortunately, we stored the pre-fragment L2 header when the packet
first arrived--before other packet modifications were applied.  This
meant that the results of any OpenFlow L2 modification actions were lost.
This patch pushes the storage of the L2 header until right before the
packet is transmitted (and possibly refragmented).

Thanks to Dan for catching this behavior.
(cherry picked from commit b4cd6fb07e0751832a22759e27c6ba63e3538c8b)

15 years agoAdd comment.
Ben Pfaff [Mon, 26 Jan 2009 17:56:11 +0000 (09:56 -0800)]
Add comment.

Thanks to Martin via DK for suggestion.

15 years agoMove setting Nicira datapath ID out of kernel.
Justin Pettit [Sat, 24 Jan 2009 01:30:16 +0000 (17:30 -0800)]
Move setting Nicira datapath ID out of kernel.

When generating the datapath id/mac address for an OpenFlow device, the
kernel checks the DMI for a suitable one in a Nicira UUID.  If one is
not found, then a random address is generated.  This patch makes it so
that a random address is always generated.  The DMI Nicira UUID check is
now done in the init script, which overrides the random address
generated when the datapath was created.  Ripping code out of the kernel
is good.

15 years agoBackport the veth driver to Linux 2.6.18. Build for that version only.
Ben Pfaff [Fri, 23 Jan 2009 18:23:58 +0000 (10:23 -0800)]
Backport the veth driver to Linux 2.6.18.  Build for that version only.

15 years agoMake choices to build and to distribute modules independent of each other.
Ben Pfaff [Fri, 23 Jan 2009 01:10:47 +0000 (17:10 -0800)]
Make choices to build and to distribute modules independent of each other.

15 years agoEliminate unused second argument to OFP_CHECK_LINUX in configure scripts.
Ben Pfaff [Fri, 23 Jan 2009 00:58:31 +0000 (16:58 -0800)]
Eliminate unused second argument to OFP_CHECK_LINUX in configure scripts.

15 years agoIgnore more files.
Ben Pfaff [Fri, 23 Jan 2009 00:51:58 +0000 (16:51 -0800)]
Ignore more files.

15 years agoAdd unit test for flow extraction.
Ben Pfaff [Mon, 19 Jan 2009 19:00:50 +0000 (11:00 -0800)]
Add unit test for flow extraction.

This tests only flow_extract() in lib/flow.c.  We should really test
the flow extraction in the kernel module also.

15 years agoAdd new function ofp_match_to_string() to ofp-print library.
Ben Pfaff [Sat, 17 Jan 2009 01:18:20 +0000 (17:18 -0800)]
Add new function ofp_match_to_string() to ofp-print library.

15 years agoMove flow_fill_match() from udatapath to lib, so that other code can use it.
Ben Pfaff [Sat, 17 Jan 2009 01:17:47 +0000 (17:17 -0800)]
Move flow_fill_match() from udatapath to lib, so that other code can use it.

15 years agoImplement pcap file reader/writer library and use it in ofp_packet_to_string().
Ben Pfaff [Mon, 19 Jan 2009 18:53:37 +0000 (10:53 -0800)]
Implement pcap file reader/writer library and use it in ofp_packet_to_string().

15 years agoFix minor bug in flow_extract().
Ben Pfaff [Mon, 19 Jan 2009 18:53:03 +0000 (10:53 -0800)]
Fix minor bug in flow_extract().

We were treating 802.2 frames that were too short to have a SNAP header as
if they had a dl_type of 0, when really they were supposed to have a
dl_type of OFP_DL_TYPE_NOT_ETH_TYPE.

This bug probably didn't affect anything in practice, because it is very
unusual to have a 802.2 frame that is too short to have a SNAP header,
because any frame that goes over a physical wire will be padded out so
that it is longer than that.

15 years agoMake port status change messages reliable.
Ben Pfaff [Wed, 7 Jan 2009 17:28:19 +0000 (09:28 -0800)]
Make port status change messages reliable.

Until now, port status change messages were sent out by the datapath
implementations and simply relayed by secchan.  In the kernel
implementation, they were unreliable because they were sent out over the
multicast socket used for packet-in events: if many packet-in messages
arrived and filled up that socket's receive buffer, then any subsequent
port status change messages were dropped.

This change moves port status change detection from the datapath
implementations into secchan, making them reliable, by using a
netdev_monitor.

(An alternate implementation would have been to detect the socket
receive buffer overflow and poll the network devices.  The current
implementation was chosen because it removes code from the datapaths,
which is the direction we want to move in for the future.)

15 years agonetdev: Implement netdev_monitor, for monitoring network device status changes.
Ben Pfaff [Wed, 7 Jan 2009 17:29:50 +0000 (09:29 -0800)]
netdev: Implement netdev_monitor, for monitoring network device status changes.

15 years agonetdev: Make carrier status available in device flags.
Ben Pfaff [Wed, 7 Jan 2009 01:26:12 +0000 (17:26 -0800)]
netdev: Make carrier status available in device flags.

Before, network device carrier status was available only through
netdev_get_link_status().  However, Linux makes it available in network
device flags, so we might as well use it.

15 years agoNew hash table keyed on string data.
Ben Pfaff [Wed, 7 Jan 2009 01:20:23 +0000 (17:20 -0800)]
New hash table keyed on string data.

15 years agonetdev: New function netdev_nodev_get_flags().
Ben Pfaff [Wed, 14 Jan 2009 23:35:12 +0000 (15:35 -0800)]
netdev: New function netdev_nodev_get_flags().

An upcoming change will move detection of netdev flags changes into
secchan.  That change will require polling the flags for many network
devices.  Opening and closing that many network devices, or keeping
around fds for them, is a waste of time (or fds).

But it's easy to get flags for any number of netdevs from a single file
descriptor, so add a function to do this.

15 years agoMake nl_policy_parse() compatible with non-Generic Netlink packets.
Ben Pfaff [Wed, 7 Jan 2009 01:06:48 +0000 (17:06 -0800)]
Make nl_policy_parse() compatible with non-Generic Netlink packets.

Some packets that are not Generic Netlink packets nevertheless use its
attribute format.  By making the caller pass in the offset to the
attributes we can support these packet formats too.

(Another approach would be to make the caller pull off the headers.)

15 years agoAdd lookup3-based hash for bytes, and remove FNV hash entirely.
Ben Pfaff [Tue, 6 Jan 2009 20:55:14 +0000 (12:55 -0800)]
Add lookup3-based hash for bytes, and remove FNV hash entirely.

The lookup3 hash is superior to FNV.  This change makes OpenFlow use
lookup3 exclusively, by adding a variant of it that can hash arbitrary
byte sequences.

15 years agoAdd support for dynamic library symbols to ofp-parse-leaks.
Ben Pfaff [Mon, 19 Jan 2009 23:19:40 +0000 (15:19 -0800)]
Add support for dynamic library symbols to ofp-parse-leaks.

In adding support for the leak checker to NOX, it became clear that we
needed to support fetching symbols for dynamically loaded libraries,
because most of NOX is in fact in such libraries.  This adds that support.

15 years agoFix fragment issue for large IP packets when SNAT action enabled.
Justin Pettit [Wed, 21 Jan 2009 02:22:49 +0000 (18:22 -0800)]
Fix fragment issue for large IP packets when SNAT action enabled.

The Netfilter code automatically reassembles IP fragments.  We need to
explicitly have them refragmented before transmitting. (Bug #823)
(cherry picked from commit dfc7aa676ab44db7a49284a80798c7be5369db85)

15 years agoImprove handling of unexpected 'status' in process_status_msg().
Ben Pfaff [Wed, 21 Jan 2009 00:28:38 +0000 (16:28 -0800)]
Improve handling of unexpected 'status' in process_status_msg().

This function was getting passed -1 as 'status' due to a bug elsewhere,
and it was outputting ", core dumped" as the result, which clearly isn't
very helpful.  This improves the situation.

15 years agoprocess: New function process_escape_args().
Ben Pfaff [Wed, 21 Jan 2009 00:27:27 +0000 (16:27 -0800)]
process: New function process_escape_args().

15 years agoDebian packaging: Remove IP addresses from netdevs within a switch.
Ben Pfaff [Wed, 21 Jan 2009 00:24:00 +0000 (16:24 -0800)]
Debian packaging: Remove IP addresses from netdevs within a switch.

15 years agoNew function netdev_enumerate().
Ben Pfaff [Tue, 20 Jan 2009 21:34:13 +0000 (13:34 -0800)]
New function netdev_enumerate().

15 years agoNew function svec_join().
Ben Pfaff [Tue, 20 Jan 2009 21:34:02 +0000 (13:34 -0800)]
New function svec_join().

15 years agoDebian packaging: Add several new settings to /etc/default/openflow-switch.
Ben Pfaff [Tue, 20 Jan 2009 21:33:44 +0000 (13:33 -0800)]
Debian packaging: Add several new settings to /etc/default/openflow-switch.

15 years agoprocess: Avoid stealing pclose()'s exit status.
Ben Pfaff [Wed, 21 Jan 2009 00:06:59 +0000 (16:06 -0800)]
process: Avoid stealing pclose()'s exit status.

When we use popen() and pclose(), pclose() wants to return the process's
exit status, but it can't if the SIGCHLD handler gets it first.  So,
instead of asking for any child process exit status in sigchld_handler(),
only ask for the exit status of registered PIDs.

15 years agodaemon: Fix behavior in read_pidfile() when pid file is not locked.
Ben Pfaff [Wed, 21 Jan 2009 00:34:11 +0000 (16:34 -0800)]
daemon: Fix behavior in read_pidfile() when pid file is not locked.

15 years agodaemon: Fix bogus error message in read_pidfile() when pidfile is empty.
Ben Pfaff [Wed, 21 Jan 2009 00:33:52 +0000 (16:33 -0800)]
daemon: Fix bogus error message in read_pidfile() when pidfile is empty.

15 years agodaemon: Fix segfault in read_pidfile() when pidfile does not exist.
Ben Pfaff [Wed, 21 Jan 2009 00:33:32 +0000 (16:33 -0800)]
daemon: Fix segfault in read_pidfile() when pidfile does not exist.

15 years agodebian: Avoid aborting on switch startup when $COMMANDS is empty.
Ben Pfaff [Mon, 19 Jan 2009 23:54:22 +0000 (15:54 -0800)]
debian: Avoid aborting on switch startup when $COMMANDS is empty.

15 years agoFix typo in comment.
Ben Pfaff [Mon, 19 Jan 2009 19:23:43 +0000 (11:23 -0800)]
Fix typo in comment.

15 years agoReopen log file in addition to reading conf file when vswitchd receives sighup
Keith Amidon [Tue, 13 Jan 2009 23:30:40 +0000 (15:30 -0800)]
Reopen log file in addition to reading conf file when vswitchd receives sighup

This only reopens the vswitchd log file.  The child secchan processes
for each bridge are not requested to do the same thing.  Since secchan
in general logs very little data, rotating those files isn't being
done right now, so this is probably okay.  At some point we should
probably correct it however.

15 years agovswitchd: Reduce flow idle time when flow table grows large.
Ben Pfaff [Fri, 16 Jan 2009 18:37:13 +0000 (10:37 -0800)]
vswitchd: Reduce flow idle time when flow table grows large.

This change halves the number of steady-state flows in the flow table
for hping3 --faster --quiet, from over 5000 to less than 2500.  It does
cause some oscillation in flow table size, because there is a harsh step
function in idle time when the flow table goes from 1000 to 1001 flows,
from 2001 to 2002 flows, and from 4003 to 4004 flows, but I doubt that is
a problem.  (If it is, we can introduce some randomness.)

15 years agovswitchd: Don't reset idle timer when updating flows.
Ben Pfaff [Fri, 16 Jan 2009 18:23:51 +0000 (10:23 -0800)]
vswitchd: Don't reset idle timer when updating flows.

When a flow was revalidated, we would use a OFPFC_ADD flow_mod message to
change the flow's actions.  However, this resets the idle-timer countdown.
In extreme circumstances, such as when VMs are being continuously migrated,
this meant that completely idle flows would never expire, because their
idle timers would keep getting reset more often than every 5 seconds, and
so the flow table would keep growing, never shrinking.

Now, when we revalidate an existing flow and update its actions, we use
an OFPFC_MODIFY_STRICT flow_mod message, which also updates actions but
does not reset the idle-timer countdown.

15 years agoRevert "brcompat: Don't re-read configuration file from inside bridge code."
Ben Pfaff [Fri, 16 Jan 2009 18:11:04 +0000 (10:11 -0800)]
Revert "brcompat: Don't re-read configuration file from inside bridge code."

This reverts commit 2b34f542b1015b69c589bc4fa324d236cd35dd5f, because
not re-reading the config file from phy_port_changed() meant that, later,
the next time we modified the config file we would do it based on the
older version, not the version that we just wrote out.

15 years agovswitchd: Delete flows on a deleted interface when revalidating.
Ben Pfaff [Fri, 16 Jan 2009 18:08:51 +0000 (10:08 -0800)]
vswitchd: Delete flows on a deleted interface when revalidating.

When an interface is deleted from a datapath by an entity other than
vswitchd (e.g. by a vif being deleted), we would revalidate all the
flows and change them to drop packets.  But that's a waste of flow
table space.  This commit changes the behavior in this case to delete
those flows entirely.

This commit is complicated by the need to deal gracefully with flows
on datapath interfaces that we don't know about, e.g. from the local port
if the local port is not part of the bridge or from interfaces added to
a datapath by an external mechanism (e.g. added with "dpctl addif"
manually).  We don't want to delete those flows, even though they resemble
the ones that we do want to delete, because they potentially save us from
processing a lot of packet-in messages that we don't care about.  So we
mark those flows with a new "need_drop" flag.

15 years agoNew functions make_flow_mod(), make_del_flow().
Ben Pfaff [Fri, 16 Jan 2009 17:45:43 +0000 (09:45 -0800)]
New functions make_flow_mod(), make_del_flow().

15 years agovswitchd: Avoid mishandling duplicate object names.
Ben Pfaff [Fri, 16 Jan 2009 00:33:51 +0000 (16:33 -0800)]
vswitchd: Avoid mishandling duplicate object names.

If a port was named twice in bridge.BRNAME.port, we would add two different
ports with the same name to bridge BRNAME.  Fix the problem.

Also, be more vigilant about duplicate names for other kinds of objects,
even though it should be difficult or impossible to end up with them.

15 years agoNew function svec_sort_unique(), svec_is_unique(), svec_get_duplicate().
Ben Pfaff [Fri, 16 Jan 2009 00:08:31 +0000 (16:08 -0800)]
New function svec_sort_unique(), svec_is_unique(), svec_get_duplicate().

15 years agobrcompat: Don't re-read configuration file from inside bridge code.
Ben Pfaff [Fri, 16 Jan 2009 00:08:00 +0000 (16:08 -0800)]
brcompat: Don't re-read configuration file from inside bridge code.

brc_modify_config() re-reads the configuration files by calling cfg_read(),
but we don't want to do that when we're deep inside the bridge code, in
the call to brc_modify_config() from phy_port_changed().  So only call
cfg_read() from the callers of brc_modify_config() that are in brcompat.c.

Also, each cfg_read() call was followed by a call to bridge_reconfigure(),
which is what reconfigure() in vswitchd.c does, so just use that function
instead of open-coding the pair of calls.

This should not have caused a real problem, because no pointers into
configuration data are retained by bridge code, but it still seems like
the "correct" way to do things.

15 years agobrcompat: Drop write-only variable.
Ben Pfaff [Thu, 15 Jan 2009 23:34:13 +0000 (15:34 -0800)]
brcompat: Drop write-only variable.

15 years agovlog: Add INFO level and apply it to messages for "normal" behavior.
Ben Pfaff [Thu, 15 Jan 2009 22:57:59 +0000 (14:57 -0800)]
vlog: Add INFO level and apply it to messages for "normal" behavior.

Fixes bug #246.

15 years agovconn: Ignore async messages before version negotiation completes.
Ben Pfaff [Thu, 15 Jan 2009 22:31:55 +0000 (14:31 -0800)]
vconn: Ignore async messages before version negotiation completes.

The kernel can send a packet_in or other asynchronous message to
the secchan before the version negotiation step is finished, which
causes the secchan to drop the connection and try again.  This commit
fixes the problem.

Fixes bug #368.

15 years agosecchan: Document --rate-limit and --burst-limit options in manpage.
Ben Pfaff [Thu, 15 Jan 2009 21:55:52 +0000 (13:55 -0800)]
secchan: Document --rate-limit and --burst-limit options in manpage.

Fixes bug #674.

15 years agosecchan: Divide options in manpage into labeled subsections.
Ben Pfaff [Thu, 15 Jan 2009 21:44:04 +0000 (13:44 -0800)]
secchan: Divide options in manpage into labeled subsections.

15 years agodebian: Move ofp-switch-setup and manpage into correct package.
Ben Pfaff [Thu, 15 Jan 2009 17:57:19 +0000 (09:57 -0800)]
debian: Move ofp-switch-setup and manpage into correct package.

These files were accidentally included in the openflow-switch package,
but they were supposed to be in openflow-switch-config.

15 years agodpctl: Fix "add-flow" and "add-flows" when actions are specified.
Ben Pfaff [Wed, 14 Jan 2009 22:08:40 +0000 (14:08 -0800)]
dpctl: Fix "add-flow" and "add-flows" when actions are specified.

Thanks to Justin for noticing the problem.

15 years agoMerge branch 'master' of nicira.dyndns.org:/srv/git/openflow/
Justin Pettit [Wed, 14 Jan 2009 22:53:10 +0000 (14:53 -0800)]
Merge branch 'master' of nicira.dyndns.org:/srv/git/openflow/

15 years agoCheck wildcards for in_port != out_port output validation.
Justin Pettit [Wed, 14 Jan 2009 22:52:59 +0000 (14:52 -0800)]
Check wildcards for in_port != out_port output validation.

OpenFlow requires that traffic that is to be sent out the interface it
came in on use the OFPP_IN_PORT virtual port.  The action validation
code that enforces this ignored the wildcards field, which meant it was
using the garbage 'in_port' value for this check.

15 years agoAdd missing #includes.
Ben Pfaff [Wed, 14 Jan 2009 21:39:20 +0000 (13:39 -0800)]
Add missing #includes.

15 years agoAllow controller to set MAC address to use in ARP responses for SNAT IPs.
root [Wed, 14 Jan 2009 01:30:08 +0000 (17:30 -0800)]
Allow controller to set MAC address to use in ARP responses for SNAT IPs.

This allows the controller to set a MAC address to use in response to
an ARP request for the NAT IP address on a non-NAT interface.  This is
useful if a NAT'd device needs to communicate with a non-NAT'd device,
when they are on the same interface on the OpenFlow switch.  When the
non-NAT'd device requests the MAC address of the NAT IP address, the
switch responds with the supplied MAC address (often the L3 router
behind it).  This allows communication in both directions to bounce off
the L3 router and not confuse controller.

15 years agovswitchd: Fix more memory leaks.
Ben Pfaff [Wed, 14 Jan 2009 01:03:01 +0000 (17:03 -0800)]
vswitchd: Fix more memory leaks.

15 years agoFix typo.
Ben Pfaff [Wed, 14 Jan 2009 00:22:07 +0000 (16:22 -0800)]
Fix typo.

15 years agovswitchd: Fix typo in comment.
Ben Pfaff [Wed, 14 Jan 2009 00:21:55 +0000 (16:21 -0800)]
vswitchd: Fix typo in comment.

15 years agobrcompat: Don't try to write the config file if it isn't configured.
Ben Pfaff [Wed, 14 Jan 2009 00:21:37 +0000 (16:21 -0800)]
brcompat: Don't try to write the config file if it isn't configured.

15 years agoleak-checker: Make output file unbuffered.
Ben Pfaff [Wed, 14 Jan 2009 00:21:18 +0000 (16:21 -0800)]
leak-checker: Make output file unbuffered.

This way, we get an up-to-date record when the process is killed.

15 years agovswitchd: Fix memory leak.
Ben Pfaff [Tue, 13 Jan 2009 23:29:58 +0000 (15:29 -0800)]
vswitchd: Fix memory leak.

15 years agoFix bugs in leak checker.
Ben Pfaff [Tue, 13 Jan 2009 23:10:11 +0000 (15:10 -0800)]
Fix bugs in leak checker.

Oops.

15 years agovswitchd: Fix memory leaks.
Ben Pfaff [Tue, 13 Jan 2009 22:03:24 +0000 (14:03 -0800)]
vswitchd: Fix memory leaks.

15 years agoFix memory leak in nl_sock_transact().
Ben Pfaff [Tue, 13 Jan 2009 21:54:46 +0000 (13:54 -0800)]
Fix memory leak in nl_sock_transact().