Ben Pfaff [Mon, 14 Jul 2008 20:54:22 +0000 (13:54 -0700)]
packets: New IP header macros.
Ben Pfaff [Mon, 14 Jul 2008 20:54:13 +0000 (13:54 -0700)]
packets: Make Ethernet broadcast address available as a global object.
Ben Pfaff [Mon, 14 Jul 2008 20:51:46 +0000 (13:51 -0700)]
buffer: New functions buffer_reserve(), buffer_push(),
buffer_try_pull().
Ben Pfaff [Mon, 14 Jul 2008 20:51:37 +0000 (13:51 -0700)]
buffer: Rename buffer_reserve_headroom to buffer_prealloc_headroom.
Similarly for buffer_reserve_tailroom.
The new name better reflects what they do, and make way for a different
use of the term "reserve" in the upcoming buffer_reserve() function.
Ben Pfaff [Mon, 14 Jul 2008 20:51:26 +0000 (13:51 -0700)]
buffer: Make buffer_pull() return the start of the pulled data.
Some callers find this useful.
Ben Pfaff [Thu, 10 Jul 2008 17:45:05 +0000 (10:45 -0700)]
New function xmemdup0().
Ben Pfaff [Thu, 10 Jul 2008 00:22:17 +0000 (17:22 -0700)]
New function ds_clear().
Ben Pfaff [Wed, 9 Jul 2008 01:40:41 +0000 (18:40 -0700)]
New function random_range().
Ben Pfaff [Sat, 12 Jul 2008 00:07:27 +0000 (17:07 -0700)]
New header file timeval.h for time-related functionality.
Ben Pfaff [Sat, 12 Jul 2008 00:07:05 +0000 (17:07 -0700)]
New header file "type-props.h" for testing properties of types.
Ben Pfaff [Tue, 8 Jul 2008 20:46:14 +0000 (13:46 -0700)]
Set skb->dev before calling netif_rx().
Fixes null pointer dereference reported by David Erickson
<derickso@stanford.edu>.
Ben Pfaff [Tue, 15 Jul 2008 18:21:06 +0000 (11:21 -0700)]
Fix "make dist".
Ben Pfaff [Thu, 17 Jul 2008 00:52:41 +0000 (17:52 -0700)]
By default, log to syslog also.
It seems that this should be useful for debugging post-mortems. Also,
this ensures that the "current time is negative" log message appears in
syslog. Otherwise, it won't ever, because we log it before the vlog
client has a chance to configure its log levels.
Ben Pfaff [Thu, 17 Jul 2008 00:50:06 +0000 (17:50 -0700)]
Log an error when the time is negative at vlog startup.
Ben Pfaff [Wed, 16 Jul 2008 18:14:23 +0000 (11:14 -0700)]
Fix behavior when system date is negative.
Previously we set a few timers to expire at a time_t of 0, i.e.
immediately. But if the system date is set incorrectly to a date
before 1970, then these timers will essentially never expire.
Set them to expire at TIME_MIN instead.
Ben Pfaff [Thu, 17 Jul 2008 00:01:03 +0000 (17:01 -0700)]
Answer ARP requests from controller directly in secchan.
With in-band control, it can happen that the controller needs to send
out an ARP request to find out the MAC address of the switch. These
packets are sent as broadcasts, so the secure channel will attempt to
send them back to the controller as ofp_packet_in messages. Of course,
that won't work, because the controller won't be able to respond to
the ofp_packet_in (because it needs the MAC address of the switch to
do so).
This commit makes the secure channel recognize broadcast ARP packets
that originate from the controller and flood them without passing them
back up to the controller.
Ben Pfaff [Wed, 16 Jul 2008 20:22:11 +0000 (13:22 -0700)]
New function eth_addr_is_zero().
Ben Pfaff [Wed, 16 Jul 2008 19:55:18 +0000 (12:55 -0700)]
New function netdev_arp_lookup().
The secchan needs to handle ARP requests from the controller itself, so
it has to translate the controller's IP address into a MAC address to
allow it to match those packets on dl_src. (OpenFlow doesn't allow us
to look into ARP packets and match on the encapsulated IP addresses, so
this is the best we can do.)
Ben Pfaff [Wed, 16 Jul 2008 20:22:30 +0000 (13:22 -0700)]
New function rconn_get_ip().
Ben Pfaff [Wed, 16 Jul 2008 19:51:34 +0000 (12:51 -0700)]
New function vconn_get_ip().
The secchan needs to know the IP address of the peer so that it can
handles ARP requests from the controller by itself.
Ben Pfaff [Thu, 17 Jul 2008 05:51:35 +0000 (22:51 -0700)]
Assert on structure sizes in openflow.h.
This causes the build to fail if structures are not the sizes that we
expect.
Ben Pfaff [Thu, 17 Jul 2008 05:50:39 +0000 (22:50 -0700)]
Adjust OpenFlow to have same structure layout on 32- and 64-bit platforms.
Pointed out by "Brandon Heller" <brandon.heller@gmail.com>.
Ben Pfaff [Wed, 16 Jul 2008 21:38:20 +0000 (14:38 -0700)]
Include date and time in vlog messages.
Ben Pfaff [Thu, 3 Jul 2008 19:06:14 +0000 (12:06 -0700)]
Add "probe" command to dpctl.
Ben Pfaff [Tue, 15 Jul 2008 19:43:59 +0000 (12:43 -0700)]
Prevent switch implementations from complaining about echo-reply messages.
Thanks to Reid Price <reid@nicira.com> for reporting the issue (which
only caused spurious warning messages).
Ben Pfaff [Tue, 8 Jul 2008 18:06:19 +0000 (11:06 -0700)]
Fix typo in comment.
Ben Pfaff [Fri, 23 May 2008 23:23:51 +0000 (16:23 -0700)]
Fix typo in comment.
Ben Pfaff [Tue, 1 Jul 2008 21:17:41 +0000 (14:17 -0700)]
Fix segfault when SSL_connect or SSL_accept reports an error.
Ben Pfaff [Fri, 27 Jun 2008 22:16:30 +0000 (15:16 -0700)]
Announce fail-open mode more aggressively in secchan.
Without this change, the secure channel announces that it is
entering or exiting fail-open mode only when an OpenFlow
message actually arrives from the local datapath. Thus,
when no packets arrive on any switch port, the secchan
never enters fail-open mode. Functionally, this makes no
difference, because there are no packets to switch anyhow
in that case, but it makes the log harder to interpret
since it's unclear whether the controller connection is
actually up.
With this change, the secure channel announcing that it is
entering or exiting fail-open mode is not tied to receiving
a packet on a switch port. Thus, the log is easier to
interpret.
Ben Pfaff [Tue, 1 Jul 2008 18:14:45 +0000 (11:14 -0700)]
Make the secure channel and controller send out keepalives.
It can happen that the secure channel thinks that it is connected
to the controller, but in fact the connection has dropped. For
example, a switch intermediate between the secure channel and the
controller could have a flow inserted, due to a malfunction, that
causes packets in one direction or the other to be dropped. When
this happens, the Linux kernel's TCP implementation will continue
retransmitting packets for somewhere between 13 and 30 minutes,
depending on the connection's retransmission timeout (according
to linux/Documentation/networking/ip-sysctl.txt) with the default
Linux settings.
We want to detect the lost connection and re-connect much faster
than that. We use OpenFlow echo request and reply messages: if
no message is received from the controller for N seconds, we
send out an echo request. If no reply (actually, any message at
all) is received for an additional N seconds, then we assume
that the connection has been lost, and reconnect.
Ben Pfaff [Tue, 1 Jul 2008 17:52:34 +0000 (10:52 -0700)]
Drop "benchmark" netlink message and "benchmark-nl" dpctl command.
The new OFPT_ECHO_REQUEST and OFPT_ECHO_REPLY OpenFlow messages
have the same functionality and are more general (in that they
are not Netlink-specific).
Ben Pfaff [Tue, 1 Jul 2008 17:50:25 +0000 (10:50 -0700)]
Add "benchmark" command to work like "benchmark-nl" with echo requests.
Suggested by Justin.
Ben Pfaff [Fri, 27 Jun 2008 18:18:40 +0000 (11:18 -0700)]
Add "ping" command to dpctl for testing echo requests.
Also may be useful for latency testing.
Ben Pfaff [Fri, 27 Jun 2008 17:42:31 +0000 (10:42 -0700)]
Respond to echo requests in OpenFlow implementations.
Nothing yet sends such requests. This is preparation for their
use in following commits.
Ben Pfaff [Fri, 27 Jun 2008 17:52:11 +0000 (10:52 -0700)]
Add utility functions for generating random numbers, and use where appropriate.
Ben Pfaff [Fri, 27 Jun 2008 21:16:53 +0000 (14:16 -0700)]
Fix -v, --verbose options to userspace programs.
Now providing an argument to these options works as documented.
Ben Pfaff [Fri, 27 Jun 2008 23:20:27 +0000 (16:20 -0700)]
Fix typo in user message.
Ben Pfaff [Tue, 1 Jul 2008 16:02:59 +0000 (09:02 -0700)]
Fix commit
8bdd107e0 (jiffies linking error) when not running on Red Hat.
From David Erickson <derickso@stanford.edu>.
Justin Pettit [Tue, 1 Jul 2008 06:05:14 +0000 (23:05 -0700)]
Improve flow handling in dpctl.
This makes the handling of defining and printing actions more consistent in
dpctl. The flow portion of the output of "dump-flows" can now be used as the
input of "add-flows". Flows can be added on the command line with the new
"add-flow" command.
Justin Pettit [Mon, 30 Jun 2008 23:00:25 +0000 (16:00 -0700)]
Don't allow adding a flow entry with an output port of OFPP_NONE.
Justin Pettit [Mon, 30 Jun 2008 22:58:44 +0000 (15:58 -0700)]
Don't allow adding a flow entry with an output port of OFPP_NONE.
David Erickson [Mon, 23 Jun 2008 23:22:49 +0000 (16:22 -0700)]
Fixed a linking collision where jiffies have been backported to kernel
2.6.18-53 which is included in CENTOS 5.1.
Ben Pfaff [Thu, 26 Jun 2008 23:21:18 +0000 (16:21 -0700)]
Modified the naming scheme for hardware tables.
Because of historical string munging during the kernel build process
if you named your hardware table hwtable-something, when it was built
the filename would look appropriate, but the actual module info would change
the internal name to be hwtable_something, thus after an insmod with the filename
you could not perform an rmmod with the same filename. As a result
the naming scheme has been changed to hwtable_NAME, NAME being the hardware
the table supports.
Further, include files in the hardware table should be prefixed with the
folder name, e.g. #include "hwtable_NAME/my_header.h".
Based on commits from David Erickson <derickso@stanford.edu>.
Ben Pfaff [Thu, 26 Jun 2008 18:52:36 +0000 (11:52 -0700)]
Don't special-case broadcast packets in in-band mode.
Before, in in-band mode, the secure channel would flood all flows
destined for the broadcast destination when not connected to a
controller. The rationale was that this allowed for ARP replies
to be forwarded to the local port, so that the secure channel
could obtain the Ethernet address of the controller. But this
is a false rationale: ARP replies are unicast to the requester,
not broadcast. (Frames unicast to the local port are always handled
by the secure channel.)
Also, even if it were a correct rationale, it would not help in
at least one case: if the controller's Ethernet address has expired
from the ARP cache, but the secure channel's TCP connection to
the controller is still connected, then the secure channel attempt
to ARP would fail, since the broadcast ARP reply would not be
handled by the secure channel (since the secure channel thought
that it was still connected).
Justin Pettit [Thu, 26 Jun 2008 18:48:31 +0000 (11:48 -0700)]
Fix extraction of flow data from match structure.
This brings the user-space switch in-line with fixes that were previously
made to the kernel one. The main problem was that when wildcards are used
some of the fields that follow should also be wildcarded.
Justin Pettit [Thu, 26 Jun 2008 18:44:30 +0000 (11:44 -0700)]
Fix a couple of problems when modifying VLAN tags.
Ben Pfaff [Thu, 26 Jun 2008 16:25:47 +0000 (09:25 -0700)]
Add --max-idle option to secchan and controller.
Justin Pettit [Thu, 26 Jun 2008 06:22:39 +0000 (23:22 -0700)]
Fix VLAN modification action in kernel switch.
A number of errors were uncovered when we actually tried playing with VLAN tags on real traffic. This fixes endian, sk_buff, and other issues. Unrelated to VLAN tagging, this also protects some printk calls with net_ratelimit.
Justin Pettit [Sat, 14 Jun 2008 02:12:51 +0000 (19:12 -0700)]
Add printing of all supported action types.
Ben Pfaff [Mon, 23 Jun 2008 21:08:37 +0000 (14:08 -0700)]
Drop "send_openflow_skb: send failed: -3" warning.
This message appeared in the normal course of OpenFlow usage when
a packet arrived on an OpenFlow interface and no secure channel
was running, or if packets arrived too fast for the secure channel
to process them. It confused more people than it assisted, so drop
it.
Ben Pfaff [Fri, 13 Jun 2008 20:36:00 +0000 (13:36 -0700)]
Implement Debian-based packaging and deployment infrastructure.
Ben Pfaff [Fri, 13 Jun 2008 17:18:07 +0000 (10:18 -0700)]
Bring manpages and usage messages up-to-date.
Ben Pfaff [Fri, 13 Jun 2008 17:20:12 +0000 (10:20 -0700)]
Allow priority to be specified in dpctl del-flows command.
Ben Pfaff [Fri, 13 Jun 2008 17:19:46 +0000 (10:19 -0700)]
Make flow specifications more general in dpctl:
- More special port names.
- Allow fields to be comma-separated, for use on command line.
- Allow ANY as a synonym for *, to avoid globbing on command line.
Ben Pfaff [Fri, 13 Jun 2008 18:29:39 +0000 (11:29 -0700)]
Add --detach and --pidfile options to daemons.
Ben Pfaff [Fri, 13 Jun 2008 17:16:58 +0000 (10:16 -0700)]
Set fail-open explicitly as default.
It was the default accidentally before, because FAIL_OPEN happened
to have the value 0.
Justin Pettit [Fri, 13 Jun 2008 03:40:02 +0000 (20:40 -0700)]
Have the switch list all the stats types it support in the capabilities field.
Thanks to Brandon for pointing this out.
Justin Pettit [Fri, 13 Jun 2008 03:07:11 +0000 (20:07 -0700)]
Fix identification of SNAP packets.
The result of the memcmp that checks whether the OUI is all zeroes was the reverse of what it should have been. This checkin also removes the masking of the least signficant bit from SAP checks, since it's not need for checking SNAP.
Thanks to Masa and Brandon for catching this.
Ben Pfaff [Tue, 10 Jun 2008 21:41:04 +0000 (14:41 -0700)]
Fix "NOHZ: local_softirq_pending 08" message.
Only call netif_rx within an interrupt.
Outside an interrupt, netif_rx_in has to be used.
Ben Pfaff [Mon, 9 Jun 2008 18:01:46 +0000 (11:01 -0700)]
Move manpages from man directory to next to their programs.
Ben Pfaff [Mon, 9 Jun 2008 17:35:49 +0000 (10:35 -0700)]
Add "fail open" feature to secchan.
Ben Pfaff [Wed, 4 Jun 2008 18:08:08 +0000 (11:08 -0700)]
Factor learning switch out of controller into library.
This prepares for adding "fail-open" support to the secchan, which
will require the secchan to act as a learning switch.
Ben Pfaff [Wed, 4 Jun 2008 17:54:01 +0000 (10:54 -0700)]
Only log unprocessed packets in the controller if debugging enabled.
Otherwise OFP_FLOW_EXPIRED messages tend to swamp the console after
a while.
Ben Pfaff [Thu, 5 Jun 2008 20:38:03 +0000 (13:38 -0700)]
Fix "waiting for of0 to become free" message on deldp.
Thanks to Murphy for help debugging this.
Ben Pfaff [Wed, 4 Jun 2008 23:14:39 +0000 (16:14 -0700)]
Delete unneeded line.
Ben Pfaff [Wed, 4 Jun 2008 23:14:23 +0000 (16:14 -0700)]
Fix "make dist" in datapath/linux-2.4 when --with-l24 not used.
This makes the linux-2.4 Makefile.main.in structure much more
similar to the linux-2.6 Makefile.main.in.
Ben Pfaff [Wed, 4 Jun 2008 22:57:33 +0000 (15:57 -0700)]
Make boot.sh give an error if pkg-config is not installed.
Ben Pfaff [Wed, 4 Jun 2008 19:30:23 +0000 (12:30 -0700)]
Improve formatting of manpage.
Ben Pfaff [Fri, 30 May 2008 23:09:00 +0000 (16:09 -0700)]
Prevent deadlock in OpenSSL.
Justin Pettit [Wed, 4 Jun 2008 07:40:05 +0000 (00:40 -0700)]
Fixed typos in dummy hardware table example that caused compilation errors.
This still has a license conflict with GPL-only "call_rcu" function. We'll figure this out later. Thanks for pointing it out, Ben!
Ben Pfaff [Tue, 3 Jun 2008 00:05:42 +0000 (17:05 -0700)]
Use kernel build system for linux-2.4.
Based on changes originally by Bobby Holley <bobbyholley@stanford.edu>.
Justin Pettit [Tue, 3 Jun 2008 04:30:20 +0000 (21:30 -0700)]
Define skb_reset_mac_header for Linux 2.6 kernels older than 2.6.22.
Ben Pfaff [Mon, 2 Jun 2008 17:18:00 +0000 (10:18 -0700)]
Don't oops on deldp, by avoiding use-after-free on net_bridge_port.
Ben Pfaff [Mon, 2 Jun 2008 17:16:34 +0000 (10:16 -0700)]
Don't try to destroy dp_dev while the local port holds a reference to it.
Fixes a message output at deldp time:
unregister_netdevice: waiting for of0 to become free. Usage count = 1
Thanks to Murphy and Justin for reporting this bug.
Ben Pfaff [Mon, 2 Jun 2008 17:14:02 +0000 (10:14 -0700)]
Free ofX network device when we're done with it.
Ben Pfaff [Mon, 2 Jun 2008 17:13:23 +0000 (10:13 -0700)]
Avoid wild pointer write in del_switch_port().
Ben Pfaff [Tue, 3 Jun 2008 00:06:52 +0000 (17:06 -0700)]
Remove vestigial support for auto-running unit tests.
These hadn't worked for a long time.
Ben Pfaff [Tue, 3 Jun 2008 00:03:29 +0000 (17:03 -0700)]
Fix "make dist" by distributing some more files.
Justin Pettit [Sat, 24 May 2008 20:54:22 +0000 (13:54 -0700)]
Make capitalization consistent.
Ben Pfaff [Thu, 29 May 2008 19:55:55 +0000 (12:55 -0700)]
Fix "make clean" to delete symlinks created by "make".
Ben Pfaff [Wed, 28 May 2008 23:03:36 +0000 (16:03 -0700)]
Ignore NLMSG_DONE Netlink messages in dpif.
Otherwise the secchan considers the NLMSG_DONE at the end of a stats
dump to be an error and disconnects from the netlink connection.
Thanks to Martin for discovering the problem.
Ben Pfaff [Wed, 28 May 2008 23:02:00 +0000 (16:02 -0700)]
Fix use-after-free bug.
Ben Pfaff [Wed, 28 May 2008 23:01:49 +0000 (16:01 -0700)]
Fix typo in error message.
Ben Pfaff [Wed, 21 May 2008 21:31:33 +0000 (14:31 -0700)]
Make in-band communication work.
Ben Pfaff [Wed, 21 May 2008 18:36:43 +0000 (11:36 -0700)]
Make the OFPP_LOCAL port work in the kernel OpenFlow implementation.
Ben Pfaff [Wed, 21 May 2008 17:06:58 +0000 (10:06 -0700)]
Break MAC learning out of controller into library.
This is preparation for use of MAC learning in the secure channel.
Ben Pfaff [Wed, 21 May 2008 21:11:59 +0000 (14:11 -0700)]
New functions for getting and setting network device flags.
This allows us to open network devices without bringing them up
and setting them for promiscuous mode, which will be useful in the
secchan for in-band communication.
Ben Pfaff [Wed, 28 May 2008 17:26:03 +0000 (10:26 -0700)]
Expose device IP addresses through netdev.
This will be useful for the secure channel later.
Ben Pfaff [Wed, 21 May 2008 21:57:15 +0000 (14:57 -0700)]
Move netdev from switch to lib.
This is in preparation for the secure channel wanting to access
network devices.
Ben Pfaff [Tue, 20 May 2008 23:46:57 +0000 (16:46 -0700)]
Print actions in ofp_flow_mod messages.
Ben Pfaff [Wed, 28 May 2008 17:46:40 +0000 (10:46 -0700)]
Pretty-print port numbers when printing ofp_switch_features messages.
Ben Pfaff [Tue, 20 May 2008 23:46:39 +0000 (16:46 -0700)]
Print special ports by name in ofp_packet_in messages.
Ben Pfaff [Tue, 20 May 2008 23:46:15 +0000 (16:46 -0700)]
Put newline before packet info in ofp_packet_out pretty-print output.
Ben Pfaff [Sat, 17 May 2008 03:20:14 +0000 (20:20 -0700)]
Print more special ports by name in ofp-print.c.
Ben Pfaff [Fri, 16 May 2008 19:41:47 +0000 (12:41 -0700)]
Get rid of obsolete, commented-out debugging code in datapath.c.
Ben Pfaff [Wed, 21 May 2008 17:49:02 +0000 (10:49 -0700)]
Demote warning about runt frames to debug message.
This message is not too useful since there are various legitimate
ways that we can end up with runt frames, e.g. frames that only
ever passed through virtual network devices and never touched a
physical Ethernet.
Ben Pfaff [Sat, 17 May 2008 00:00:36 +0000 (17:00 -0700)]
Always do exact-match on undefined flow fields, so that such flows can be in table-hash.
Ben Pfaff [Fri, 16 May 2008 23:02:34 +0000 (16:02 -0700)]
Don't allow CONFIG_PREEMPT with Linux 2.6.x before 2.6.21, because it's busted.
Ben Pfaff [Mon, 19 May 2008 20:39:24 +0000 (13:39 -0700)]
Fix buggy table-linear iterator function.
Apparently the linear table iteration had never really been tested,
since most flows go into table-hash. It didn't work. This fixes it.
Ben Pfaff [Wed, 28 May 2008 00:42:16 +0000 (17:42 -0700)]
Don't ever send frames on OpenFlow devices to the host stack.
On Linux 2.6 only, we would send frames received on OpenFlow devices to
the host TCP/IP stack if the dest Ethernet address matched the device's
Ethernet address (or under some other conditions). This caused confusion
when the host stack was configured for forwarding, because received IP
packets would be forwarded to other interfaces with IP addresses even if
the device on which they were received was configured with no IP address.
(This was discovered by Murphy. Thanks Murphy!)
This change drops this "feature". A more or less equivalent feature that
may be less prone to confusion and which works on any kernel version will
be added in a future commit via the of%d device.
This also allowed factoring out common code from the bridge hooks.