openvswitch
12 years agovswitch.xml: Document that active-backup works OK with multiple switches.
Ben Pfaff [Tue, 14 Aug 2012 20:23:59 +0000 (13:23 -0700)]
vswitch.xml: Document that active-backup works OK with multiple switches.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agovswitch.xml: active-backup and balance-slb bonds must be one-sided.
Ben Pfaff [Tue, 14 Aug 2012 20:23:22 +0000 (13:23 -0700)]
vswitch.xml: active-backup and balance-slb bonds must be one-sided.

It doesn't work to hook up an active-backup bond on one switch to an
active-backup bond on another switch, because they might pick different
active interfaces and therefore not pass any traffic.

The same is true of balance-slb because multicast and broadcast
traffic is dropped on ingress to any interface other than the active
interface.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofproto-dpif: Avoid dereferencing possibly null or wild pointer.
Ben Pfaff [Thu, 16 Aug 2012 18:33:21 +0000 (11:33 -0700)]
ofproto-dpif: Avoid dereferencing possibly null or wild pointer.

If ofpacts_len is 0 then ofpacts->type is a bad reference.

(An early draft of ofpacts used an OFPACT_END sentinel so that there was
always data there in this function, but in review the sentinel got deleted
and I did not notice that this function needed an update.)

Found by valgrind.

Bug #12847.
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoAdd Nicira vendor extension action NXAST_DEC_TTL_CNT_IDS.
Mehak Mahajan [Thu, 16 Aug 2012 21:25:07 +0000 (14:25 -0700)]
Add Nicira vendor extension action NXAST_DEC_TTL_CNT_IDS.

Currently, if a controller having a nonzero id registers to get a
OFPR_INVALID_TTL async message, it will not receive it.  This is because
compose_dec_ttl() only sent the invalid ttl packets to the default controller
id.  NXAST_DEC_TTL_CNT_IDS is a new action that accepts a list of controller
ids, each separated by `,', to which the OFPR_INVALID_TTL packets must be sent.
The earlier requirement of the controller having to explicitly register to
receive these asynchronous messages is retained.
The syntax of this action is:
    dec_ttl(id1,id2)
where id1, id2 are valid controller ids.

Signed-off-by: Mehak Mahajan <mmahajan@nicira.com>
12 years agoofproto-dpif: Increase recursion limit.
Ethan Jackson [Thu, 16 Aug 2012 21:16:06 +0000 (14:16 -0700)]
ofproto-dpif: Increase recursion limit.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agobond: Correct comment.
Ben Pfaff [Tue, 14 Aug 2012 20:41:01 +0000 (13:41 -0700)]
bond: Correct comment.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agodpif-netdev: Eliminate two malloc() calls per packet sent to "userspace".
Ben Pfaff [Wed, 15 Aug 2012 23:05:31 +0000 (16:05 -0700)]
dpif-netdev: Eliminate two malloc() calls per packet sent to "userspace".

This is easy enough, so it seems worthwhile now that FreeBSD is starting
to make more use of the "userspace switch".

CC: Ed Maste <emaste@freebsd.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agodpif-netdev: Fix memory leak.
Ben Pfaff [Wed, 15 Aug 2012 22:19:18 +0000 (15:19 -0700)]
dpif-netdev: Fix memory leak.

upcall->packet is allocated with malloc(), via ofpbuf_new(), but nothing
ever frees it.

Found by valgrind.

CC: Ed Maste <emaste@freebsd.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofproto-dpif: Fix typo in comment.
Ben Pfaff [Thu, 16 Aug 2012 16:31:23 +0000 (09:31 -0700)]
ofproto-dpif: Fix typo in comment.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoovsdb-idl: Fix memory leak.
Ben Pfaff [Wed, 15 Aug 2012 23:19:47 +0000 (16:19 -0700)]
ovsdb-idl: Fix memory leak.

Found by valgrind.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofproto-dpif: Make sure one-packet flows have zero duration.
Ben Pfaff [Mon, 13 Aug 2012 16:41:59 +0000 (09:41 -0700)]
ofproto-dpif: Make sure one-packet flows have zero duration.

A Nicira internal build recently failed the "ofproto-dpif - NetFlow flow
expiration" test because of the following difference in output:

     header: v5, seq 0, engine 2,1
    -rec: [...], 1 pkts, 60 bytes, ICMP 8:0, time <moment>
    +rec: [...], 1 pkts, 60 bytes, ICMP 8:0, time <range>

Looking at the actual output, it is:
    rec: 192.168.0.1 > 192.168.0.2, if 1 > 65535, 1 pkts, 60 bytes,
    ICMP 8:0, time 8...9

That is, a one-packet flow was shown to have more than a momentary
duration, which doesn't make sense.

This commit fixes the problem by making sure that creating a facet and then
its initial subfacet only checks the current time once.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofproto-dpif: Avoid searching all subfacets when creating first in a facet.
Ben Pfaff [Mon, 13 Aug 2012 16:30:26 +0000 (09:30 -0700)]
ofproto-dpif: Avoid searching all subfacets when creating first in a facet.

When we create the first subfacet within a facet, we know that there
cannot be an existing subfacet with the same key, so we can skip the search
through the ofproto's table of subfacets.

This is a small optimization, but it should not affect the flow setup rate
in most benchmarks, because in the stressful situations that benchmarks
create, OVS does not set up flows.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agonetdev: Map to OpenFlow port for flow lookup
Ed Maste [Wed, 15 Aug 2012 22:00:34 +0000 (22:00 +0000)]
netdev: Map to OpenFlow port for flow lookup

In the flow hash special ports are stored using OpenFlow constants.
For example the "local port" is stored as 0xfffe (OFPP_LOCAL).

Signed-off-by: Ed Maste <emaste@freebsd.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agobridge: Write certain statistics to the database instantly.
Ethan Jackson [Tue, 14 Aug 2012 21:08:09 +0000 (14:08 -0700)]
bridge: Write certain statistics to the database instantly.

Traditionally the bridge has written interface and port statistics
to the database in a rate limited fashion.  This makes a lot of
sense for statistics which are either constantly changing, or are
expensive to collect.  However, some statistics were rate limited
which have neither of these properties.  Furthermore some of these
statistics (most notably carrier) could be very useful to a
controller if updated promptly.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agoCorrect number of bytes to allocated for slaves in bundle action.
Mehak Mahajan [Wed, 15 Aug 2012 18:19:35 +0000 (11:19 -0700)]
Correct number of bytes to allocated for slaves in bundle action.

The size of each slave is a uint16_t.  This means that each slave needs 2 bytes
at the end of nx_action_bundle.  Earlier, the size of each slave was not being
factored in when allocating space.  This commit corrects that by allocating 2
bytes for each slave when calculating the total number of bytes to be allocated
at the end of nx_action_bundle.

Signed-off-by: Mehak Mahajan <mmahajan@nicira.com>
12 years agoofp-actions/instruction: helper functions for intructions
Isaku Yamahata [Wed, 1 Aug 2012 15:24:10 +0000 (00:24 +0900)]
ofp-actions/instruction: helper functions for intructions

This patch introduces helper functions
- to cast
- to convert from/to text

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-actions: sort OVSINST_OFPIT11_xxx value in execution order
Isaku Yamahata [Wed, 1 Aug 2012 15:24:09 +0000 (00:24 +0900)]
ofp-actions: sort OVSINST_OFPIT11_xxx value in execution order

This order is used by parser from text string to check if the instruction
is given in this order.

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-actions: export OVSINST_OFPIT11_xxx
Isaku Yamahata [Wed, 1 Aug 2012 15:24:08 +0000 (00:24 +0900)]
ofp-actions: export OVSINST_OFPIT11_xxx

They will be used by ofp-parser.c.

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agotests: Add delay in NetFlow unit tests before killing processes.
Jesse Gross [Tue, 7 Aug 2012 22:26:33 +0000 (15:26 -0700)]
tests: Add delay in NetFlow unit tests before killing processes.

At the end of the NetFlow unit tests we warp time to force any
remaining flows to expire and then immediately kill OVS and the
collector.  However, this creates a race where sometimes these
processes are killed before the last records are sent or collected.
It's possible to force OVS to go through the run loop one last time
before exiting but it's harder to enforce that the collector receives
the packet.  This simply avoids the problem by adding a 1 second delay
before killing the processes, which should be more than enough time.

Signed-off-by: Jesse Gross <jesse@nicira.com>
12 years agocfm: Expose remote CFM opstate in the database.
Ethan Jackson [Fri, 10 Aug 2012 23:14:45 +0000 (16:14 -0700)]
cfm: Expose remote CFM opstate in the database.

A controller may want to know the remote CFM opstate of a given CFM
enabled interface.  This patch makes this data available in the
database.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agocfm: Report opup as undefined if not in extended mode.
Ethan Jackson [Fri, 10 Aug 2012 23:36:18 +0000 (16:36 -0700)]
cfm: Report opup as undefined if not in extended mode.

The cfm_get_opup() function's result doesn't make sense when CFM is
not configured in extended mode.  This patch makes it report -1 in
this case.  Future patches will rely on this behavior.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agostream-ssl: Change "bootstrap race" log message from ERR to INFO.
Ben Pfaff [Mon, 13 Aug 2012 17:54:31 +0000 (10:54 -0700)]
stream-ssl: Change "bootstrap race" log message from ERR to INFO.

This situation can and will happen, and we handle it successfully, so it's
not an error.

Bug #12922.
Reported-by: Scott Hendricks <shendricks@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agonetdev-dummy: New appctl command netdev-dummy/set-admin-state.
Ethan Jackson [Fri, 10 Aug 2012 01:08:40 +0000 (18:08 -0700)]
netdev-dummy: New appctl command netdev-dummy/set-admin-state.

There's currently no way to set the admin state on dummy netdevs.
This patch provides a mechanism to do so which will be used in
future unit tests.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agoofp-print: Enable display of Open Flow 1.1 & 1.2 Table Stats Reply Messages
Simon Horman [Thu, 9 Aug 2012 08:49:34 +0000 (17:49 +0900)]
ofp-print: Enable display of Open Flow 1.1 & 1.2 Table Stats Reply Messages

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-msgs: Split OFPRAW_OFPST_TABLE_REPLY
Simon Horman [Thu, 9 Aug 2012 08:49:33 +0000 (17:49 +0900)]
ofp-msgs: Split OFPRAW_OFPST_TABLE_REPLY

Split OFPRAW_OFPST_TABLE_REPLY into OpenFlow 1.0, 1.1 and 1.2 versions.

This is preparation for allowing encoding and  decoding of Open Flow 1.1
and 1.2 Table Stats Reply messages.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-msgs: Allow 1.0-1.2 range
Simon Horman [Thu, 9 Aug 2012 08:49:32 +0000 (17:49 +0900)]
ofp-msgs: Allow 1.0-1.2 range

This is intended for use with OFPRAW_OFPST_TABLE_REQUEST
in order for it to be symmetric with OpenFlow 1.0, 1.1 and 1.2
versions of OFPRAW_OFPST1TABLE_REPLY.

OpenFlow 1.3 introduces yet another format for OFPRAW_OFPST1TABLE_REPLY.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-util: Allow decoding of Open Flow 1.2 Flow Statistics Response Messages
Simon Horman [Thu, 9 Aug 2012 08:49:30 +0000 (17:49 +0900)]
ofp-util: Allow decoding of Open Flow 1.2 Flow Statistics Response Messages

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-util: Allow encoding of Open Flow 1.2 Flow Statistics Response Messages
Simon Horman [Thu, 9 Aug 2012 08:49:29 +0000 (17:49 +0900)]
ofp-util: Allow encoding of Open Flow 1.2 Flow Statistics Response Messages

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-msgs: Split OFPRAW_OFPST_FLOW_{REQUEST,REPLY}
Simon Horman [Thu, 9 Aug 2012 08:49:26 +0000 (17:49 +0900)]
ofp-msgs: Split OFPRAW_OFPST_FLOW_{REQUEST,REPLY}

Split OFPRAW_OFPST_FLOW_{REQUEST,REPLY} into OpenFlow 1.0 and 1.1+
versions.

This is in preparation for adding encoding and decoding of
Open Flow 1.1 & 1.2 messages.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-util: Allow decoding of Open Flow 1.2 Port Mod Message
Simon Horman [Thu, 9 Aug 2012 08:49:25 +0000 (17:49 +0900)]
ofp-util: Allow decoding of Open Flow 1.2 Port Mod Message

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-util: Allow encoding of Open Flow 1.2 Port Mod Messages
Simon Horman [Thu, 9 Aug 2012 08:49:24 +0000 (17:49 +0900)]
ofp-util: Allow encoding of Open Flow 1.2 Port Mod Messages

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-util: Use 32bit port for Open Flow 1.1 & 1.2 Port Mod Request
Simon Horman [Thu, 9 Aug 2012 08:49:23 +0000 (17:49 +0900)]
ofp-util: Use 32bit port for Open Flow 1.1 & 1.2 Port Mod Request

When encoding Open Flow 1.1 & 1.2 Port Mod Request messages
the port number should be converted to 32bits using
ofputil_port_to_ofp11() rather than htonl(). This ensures
that port numbers in the reserved range are translated correctly.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agotimeval: On Linux x86-64 systems refresh time whenever it is requested.
Leo Alterman [Tue, 7 Aug 2012 23:36:27 +0000 (16:36 -0700)]
timeval: On Linux x86-64 systems refresh time whenever it is requested.

64-bit Linux appears to avoid syscalls for clock_gettime(), so we can get
higher resolution timing and avoid having a timer firing off SIGALRM
without introducing extra overhead.

Signed-off-by: Leo Alterman <lalterman@nicira.com>
12 years agolockfile: Remove lockfile_lock timeout argument
Leo Alterman [Thu, 9 Aug 2012 00:40:43 +0000 (17:40 -0700)]
lockfile: Remove lockfile_lock timeout argument

lockfile_lock() accepts a timeout argument but, aside from unit tests
pertaining to timeout, its value is always 0. Since this feature relies on
a periodic SIGALRM signal, which is not a given if we're not caching time,
the cleanest solution is just to remove it.

Signed-off-by: Leo Alterman <lalterman@nicira.com>
12 years agostream-ssl: Avoid logging no-match error redundantly.
Ben Pfaff [Thu, 9 Aug 2012 17:49:57 +0000 (10:49 -0700)]
stream-ssl: Avoid logging no-match error redundantly.

If we've already reported an error at this point, then we currently report
a no-match error also, but that doesn't add any useful information; it's
just noise in the log.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agostream-ssl: Seed OpenSSL if it fails to seed itself.
Ben Pfaff [Thu, 9 Aug 2012 21:18:46 +0000 (14:18 -0700)]
stream-ssl: Seed OpenSSL if it fails to seed itself.

We occasionally see OpenSSL fail to seed its random number generator in
heavily loaded hypervisors.  I suspect the following scenario:

1. OpenSSL calls read() to get 32 bytes from /dev/urandom.
2. The kernel generates 10 bytes of randomness and copies it out.
3. A signal arrives (perhaps SIGALRM).
4. The kernel interrupts the system call to service the signal.
5. Userspace gets 10 bytes of entropy.
6. OpenSSL doesn't read again to get the final 22 bytes.  Therefore
   OpenSSL doesn't have enough entropy to consider itself initialized.
   It never tries again, so we're stuck forever.

The only part I'm not entirely sure about is #6, because the OpenSSL code
is so hard to read.

Thanks to Alex Yip for suggesting that this might be a startup problem.

Bug #10164.
Reported-by: Ram Jothikumar <ram@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoAllow decoding of Open Flow 1.1 & 1.2 Flow Removed Messages
Simon Horman [Thu, 9 Aug 2012 08:49:54 +0000 (17:49 +0900)]
Allow decoding of Open Flow 1.1 & 1.2 Flow Removed Messages

Signed-off-by: Simon Horman <horms@verge.net.au>
[blp@nicira.com added support for hard_timeout, plus a test]
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoAdd support for 'hard_timeout' in OF1.2 flow_removed message.
Ben Pfaff [Thu, 9 Aug 2012 18:01:48 +0000 (11:01 -0700)]
Add support for 'hard_timeout' in OF1.2 flow_removed message.

ofputil_decode_flow_removed() doesn't yet support OF1.2 at all so that
piece is missing but this otherwise should be complete.

CC: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-util: Allow encoding Open Flow 1.2 Flow Stats Request Messages
Simon Horman [Tue, 7 Aug 2012 21:49:47 +0000 (06:49 +0900)]
ofp-util: Allow encoding Open Flow 1.2 Flow Stats Request Messages

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-util: Allow encoding of Open Flow 1.2 Flow Removed messages
Simon Horman [Tue, 7 Aug 2012 21:49:46 +0000 (06:49 +0900)]
ofp-util: Allow encoding of Open Flow 1.2 Flow Removed messages

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-util: Allow decoding of Open Flow 1.1 and 1.2 Packet Out Messages
Simon Horman [Tue, 7 Aug 2012 21:49:45 +0000 (06:49 +0900)]
ofp-util: Allow decoding of Open Flow 1.1 and 1.2 Packet Out Messages

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-util: Prepare Packet Out decoder for other Open Flow versions
Simon Horman [Tue, 7 Aug 2012 21:49:44 +0000 (06:49 +0900)]
ofp-util: Prepare Packet Out decoder for other Open Flow versions

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-util: Allow encoding of Open Flow 1.1 and 1.2 Packet Out Messages
Simon Horman [Tue, 7 Aug 2012 21:49:43 +0000 (06:49 +0900)]
ofp-util: Allow encoding of Open Flow 1.1 and 1.2 Packet Out Messages

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-util: Prepare Packet Out encoder for other Open Flow versions
Simon Horman [Wed, 8 Aug 2012 03:19:57 +0000 (12:19 +0900)]
ofp-util: Prepare Packet Out encoder for other Open Flow versions

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-actions: Return action size
Simon Horman [Tue, 7 Aug 2012 21:49:41 +0000 (06:49 +0900)]
ofp-actions: Return action size

Modify ofpacts_put_openflow11_actions() to return the length of actions
appended. This will be used when encoding Packet Out messages for
Open Flow 1.1 and 1.2. The motivation for this is to avoid open coding
the size calculation which may end up being needed elsewhere too.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-msgs: Update OFPRAW_OFPT_SET_CONFIG for OpenFlow 1.2
Simon Horman [Tue, 7 Aug 2012 21:49:40 +0000 (06:49 +0900)]
ofp-msgs: Update OFPRAW_OFPT_SET_CONFIG for OpenFlow 1.2

This is sufficient to allow encoding and decoding of
OpenFlow 1.2 Set Config messages as the format is the same
as OpenFlow 1.0 and OpenFlow 1.2.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-util: Allow decoding of Open Flow 1.2 Packet In Messages
Simon Horman [Tue, 7 Aug 2012 21:49:39 +0000 (06:49 +0900)]
ofp-util: Allow decoding of Open Flow 1.2 Packet In Messages

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-util: Allow encoding of Open Flow 1.2 Packet In Messages
Simon Horman [Tue, 7 Aug 2012 21:49:38 +0000 (06:49 +0900)]
ofp-util: Allow encoding of Open Flow 1.2 Packet In Messages

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-print: Open Flow 1.2 Flow Mod message tests
Simon Horman [Tue, 7 Aug 2012 21:49:37 +0000 (06:49 +0900)]
ofp-print: Open Flow 1.2 Flow Mod message tests

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-util: ofputil_pull_ofp11_match: Allow OXM match
Simon Horman [Tue, 7 Aug 2012 21:49:36 +0000 (06:49 +0900)]
ofp-util: ofputil_pull_ofp11_match: Allow OXM match

* Allow OXM matches which specified in OpenFlow 1.2.
  Also allow them for OpenFlow 1.1 as there seems little reason not to.

* Pass padded_match_len parameter which if on NULL will be set to
  the padded match len. This will be used when decoding flow statistics
  response messages.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agonetdev-bsd: Initialize variable to silence a compiler warning.
Ed Maste [Wed, 8 Aug 2012 18:48:01 +0000 (18:48 +0000)]
netdev-bsd: Initialize variable to silence a compiler warning.

FreeBSD's system compiler is a somewhat old version of GCC that produced
a spurious warning about a potential unitialized variable use.

Signed-off-by: Ed Maste <emaste@freebsd.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agolib: Add header #include for writev
Ed Maste [Wed, 8 Aug 2012 18:35:13 +0000 (18:35 +0000)]
lib: Add header #include for writev

This fixes a warning on FreeBSD.

Signed-off-by: Ed Maste <emaste@freebsd.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agolib: Correct "old-style function definition" warning.
Ed Maste [Wed, 8 Aug 2012 18:29:32 +0000 (18:29 +0000)]
lib: Correct "old-style function definition" warning.

Signed-off-by: Ed Maste <emaste@freebsd.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoAUTHORS: Add Kyle Mestery.
Jesse Gross [Wed, 8 Aug 2012 18:06:30 +0000 (11:06 -0700)]
AUTHORS: Add Kyle Mestery.

Signed-off-by: Jesse Gross <jesse@nicira.com>
12 years agoBump up the supported kernel versions to include 3.5.x.
Kyle Mestery [Tue, 7 Aug 2012 22:48:21 +0000 (18:48 -0400)]
Bump up the supported kernel versions to include 3.5.x.

Signed-off-by: Kyle Mestery <kmestery@cisco.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
12 years agovlog: Ignore return value of some write() calls.
Justin Pettit [Tue, 7 Aug 2012 22:45:06 +0000 (15:45 -0700)]
vlog: Ignore return value of some write() calls.

A couple of calls to write() would generate warnings when the
"-Wunused-result" compiler option is enabled.  This change ignores the
return value, since we can't do anything about it in logging code.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
12 years agotests: Test that ofp10_match bytes that should be ignored really are.
Ben Pfaff [Sat, 21 Jul 2012 16:56:28 +0000 (09:56 -0700)]
tests: Test that ofp10_match bytes that should be ignored really are.

Rob Sherwood reported a bug in OVS treatment of ofp10_match bytes that
should be ignored some time ago:

> In any case, the pktact.SingleWildcardMatch and
> pktact.AllExceptOneWildcardMatch tests were failing because it looks
> like OVS (v1.4 release) was  not matching vlan tagged packets when the
> match wildcarded vlan but the dl_vlan value (which should be ignored,
> because it is wildcarded) was non-zero.  We've worked around this in
> OFTest by making sure that the dl_vlan value is zero when vlan is
> wildcarded and now the test passes.
>
> In other words:
>
> if (ofp_match->wildcards&OFPFW_DL_VLAN) is true, then the match should
> match both tagged and untagged packets, independent of the value of
> ofp_match->dl_vlan.  OVS (seemingly) only matches tagged packets if
> ofp_match->dl_vlan == 0.

I wasn't able to spot the problem at the time, and I still don't see a
problem (perhaps it has been fixed since then), but this commit should
prevent any regression for this specific problem and for anything like it.

It would be natural to modify the parse-ofp11-match test in the same way,
but this commit doesn't do it.

Rob's original bug report is at:
https://mailman.stanford.edu/pipermail/openflow-discuss/2012-March/003107.html

Reported-by: Rob Sherwood <rob.sherwood@bigswitch.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agovconn: Properly line up description for "tcp:" and "ssl:" usage.
Justin Pettit [Tue, 7 Aug 2012 22:18:27 +0000 (15:18 -0700)]
vconn: Properly line up description for "tcp:" and "ssl:" usage.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
12 years agolearning-switch: Normalize the flows that are sent to the switch.
Ben Pfaff [Tue, 7 Aug 2012 18:32:32 +0000 (11:32 -0700)]
learning-switch: Normalize the flows that are sent to the switch.

This suppresses a long-standing warning from ovs-vswitchd about
non-normalized flows.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agolearning-switch: Don't use exact-match on every field by default.
Ben Pfaff [Tue, 7 Aug 2012 18:30:46 +0000 (11:30 -0700)]
learning-switch: Don't use exact-match on every field by default.

OVS has all kinds of odd fields, e.g. registers, and it doesn't make sense
to try to match on all of them.  This commit changes learning-switch to
only try to match on the fields defined by OpenFlow 1.0.  That's still not
minimal, but it's more reasonable.

This commit should not have an immediately visible effect since
ovs-controller always sends OF1.0 format flows to the switch, and OF1.0
format flows don't have these extra fields.  But in the future when we
add support for new protocols and flow formats to ovs-controller, it
will make a difference.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agolearning-switch: Delay sending handshake until version negotiation is done.
Ben Pfaff [Tue, 7 Aug 2012 17:38:35 +0000 (10:38 -0700)]
learning-switch: Delay sending handshake until version negotiation is done.

The learning-switch implementation needs to know the OpenFlow version in
use to send the initial handshake messages (e.g. the feature request), but
the version is not always available at the time that the code currently
sends the handshake.  This can cause an assertion failure later when
ofputil_encode_flow_mod() checks the protocol, which will be 0 if the
version wasn't known.

This commit fixes the problem by introducing a state machine that sends the
handshake messages only after version negotiation has finished.

Reported-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agolearning-switch: Make lswitch own its rconn.
Ben Pfaff [Tue, 24 Jul 2012 23:15:37 +0000 (16:15 -0700)]
learning-switch: Make lswitch own its rconn.

Until now, ovs-controller and the learning-switch code split responsibility
for the OpenFlow connection.  This commit moves all the responsibility into
the learning-switch code.

The rationale here is twofold.  First, the split itself seems odd; I think
there must have been a reason for it at one time, but I don't remember it
and don't see one anymore.  Second, I intend to make the lswitch code more
stateful in upcoming commits, and it seems odd to have the lswitch manage
quite a bit of state but not the entity that that state applies to.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agovconn: Fix vconn_get_version().
Ben Pfaff [Tue, 7 Aug 2012 18:33:35 +0000 (11:33 -0700)]
vconn: Fix vconn_get_version().

It's documented to return -1 if the version isn't yet known, but in fact
it returned 0.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agovconn: Ensure that vconn_run() is enough to complete a connection.
Ben Pfaff [Tue, 7 Aug 2012 18:45:44 +0000 (11:45 -0700)]
vconn: Ensure that vconn_run() is enough to complete a connection.

Until now, it seems that all vconn users have immediately started reading
messages from the connection.  Today, however, I added a new user that
only wants to read packets after the OpenFlow version is negotiated, so
it never called vconn_recv() before that happened.  It turns out that if
you do this, the version never gets negotiated at all.

This commit fixes the problem by ensuring that vconn_run() will continue
version negotiation if it isn't done yet.

This changes the error return that I get for Unix sockets in the
test-vconn "accept-then-close" test from EPIPE to ECONNRESET, so this
commit also adjusts that test to accept either error code; both of them
seem reasonable enough to me.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoAdding checksum to ICMP packets created by OVS for testing.
Mehak Mahajan [Tue, 7 Aug 2012 19:40:23 +0000 (12:40 -0700)]
Adding checksum to ICMP packets created by OVS for testing.

OVS provides a utility to create ICMP packets for the purpose of
testing using ovs-appctl netdev-dummy/receive.  These packets created
by flow_compose() earlier did not have the ICMP checksum in them.
With this commit, the checksum will be added to these test ICMP
packets.

Signed-off-by: Mehak Mahajan <mmahajan@nicira.com>
12 years agoofp-util: Allow encoding of Open Flow 1.2 Flow Mod messages
Simon Horman [Wed, 1 Aug 2012 07:01:53 +0000 (16:01 +0900)]
ofp-util: Allow encoding of Open Flow 1.2 Flow Mod messages

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agolearning-switch: Send Features Request and Set Config with correct version
Simon Horman [Wed, 1 Aug 2012 07:01:52 +0000 (16:01 +0900)]
learning-switch: Send Features Request and Set Config with correct version

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-print: Use the prevailing protocol to call ofputil_decode_flow_mod()
Simon Horman [Wed, 1 Aug 2012 07:01:51 +0000 (16:01 +0900)]
ofp-print: Use the prevailing protocol to call ofputil_decode_flow_mod()

Pass a protocol based on the prevailing protocol to ofputil_decode_flow_mod()

Note that ofputil_protocol_from_ofp_version() needs to be made
Open Flow 1.1 aware.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-util: Make make_echo_request() aware of different OpenFlow versions.
Simon Horman [Wed, 1 Aug 2012 07:01:50 +0000 (16:01 +0900)]
ofp-util: Make make_echo_request() aware of different OpenFlow versions.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-error: Remove ofperr_domain from external API
Simon Horman [Wed, 1 Aug 2012 07:01:49 +0000 (16:01 +0900)]
ofp-error: Remove ofperr_domain from external API

It seems that ofp_version suffices in all cases.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-util: Make ofperr_encode_msg__() use correct Open Flow version
Simon Horman [Wed, 1 Aug 2012 07:01:48 +0000 (16:01 +0900)]
ofp-util: Make ofperr_encode_msg__() use correct Open Flow version

Make ofperr_encode_msg__() use correct Open Flow version in the header
of messages.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-util: Allow encoding of Open Flow 1.1 & 1.2 Barrier Request Messages
Simon Horman [Wed, 1 Aug 2012 07:01:47 +0000 (16:01 +0900)]
ofp-util: Allow encoding of Open Flow 1.1 & 1.2 Barrier Request Messages

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoFAQ: Add section on basic configuration.
Ben Pfaff [Mon, 6 Aug 2012 22:41:37 +0000 (15:41 -0700)]
FAQ: Add section on basic configuration.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agorconn: Treat draining a message from the send queue as activity.
Ben Pfaff [Mon, 6 Aug 2012 22:03:32 +0000 (15:03 -0700)]
rconn: Treat draining a message from the send queue as activity.

Until now, the rconn module has used messages received from the
controller as the sole means to determine that the connection is up.
This can interact badly with the OVS connection manager in ofproto,
which stops reading and processing messages from the receive queue
when there is a backlog in the send queue for a given connection
(because reading and processes messages is the main cause of messages
getting pushed onto the send queue).  So, if a send queue backlog
lasts more than twice the inactivity probe interval, then the
connection drops, whether the controller is sending messages or not.
Dumping a large flow table can trigger this behavior if the controller
becomes temporarily busy or if the network between OVS and a
controller is slow.  The problem can easily repeat itself, since upon
reconnection the controller will generally dump the flow table.

This commit fixes the problem by expanding the definition of
"activity" to include successfully sending an OpenFlow message that
was previously queued.

Bug #12789.
Reported-by: Natasha Gude <natasha@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agorconn: Remove unused functions.
Ben Pfaff [Mon, 6 Aug 2012 20:31:53 +0000 (13:31 -0700)]
rconn: Remove unused functions.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agonx-match: Separate raw match and header/pad pull/put
Simon Horman [Wed, 1 Aug 2012 07:01:45 +0000 (16:01 +0900)]
nx-match: Separate raw match and header/pad pull/put

In the case of Open Flow 1.2, which is currently the only
time that OXM is be used, there is a 4 byte header before
the match which needs to be taken into account when calculating
the pad length. This complicates nx_match pull and put somewhat.

This patch takes an approach suggested by Ben Pfaff to separate the
encoding of the match and the adding of padding and, in the case of OXM,
a header.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-util: Set switch_features actions to zero for Open Flow 1.1+
Simon Horman [Wed, 1 Aug 2012 07:01:44 +0000 (16:01 +0900)]
ofp-util: Set switch_features actions to zero for Open Flow 1.1+

As of Open Flow 1.1 what was the actions element of
struct switch_features becomes reserved. As such
it seems sensible to always decode it as zero.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoovs-pki: Improve manpage style.
Ben Pfaff [Fri, 3 Aug 2012 18:59:16 +0000 (11:59 -0700)]
ovs-pki: Improve manpage style.

The usual manpage style is to write metasyntactic variable names in
lowercase, so this commit adopts that consistently.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoINSTALL.SSL: Remove obsolete information.
Ben Pfaff [Fri, 3 Aug 2012 18:56:58 +0000 (11:56 -0700)]
INSTALL.SSL: Remove obsolete information.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoovs-pki: Remove "online PKI" features and ovs-pki-cgi.
Ben Pfaff [Fri, 3 Aug 2012 18:56:33 +0000 (11:56 -0700)]
ovs-pki: Remove "online PKI" features and ovs-pki-cgi.

Debian bug #683665, Red Hat bug #845350, and CVE-2012-3449 all claim that
ovs-pki's "incoming" directory is a security vulnerability.  I do not think
that this is the case, but I do not know of any users for this feature, so
on balance I prefer to remove it and the ovs-pki-cgi program associated
with it, just to be sure.

CVE-2012-3449.
Bug-report: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683665
Bug-report: https://bugzilla.redhat.com/show_bug.cgi?id=84535
Reported-by: Andreas Beckmann <debian@abeckmann.de>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-msgs: ofpmp_reserve() must add "more" flag when splitting stats.
Ben Pfaff [Fri, 3 Aug 2012 22:56:02 +0000 (15:56 -0700)]
ofp-msgs: ofpmp_reserve() must add "more" flag when splitting stats.

Commit 982697a4d2 "ofp-msgs: New approach to encoding and decoding OpenFlow
headers." introduced a bug in multipart message composition such that, when
a multipart message actually requires multiple parts, the OFPSF_REPLY_MORE
bit failed to be set on any of the parts, which in turn caused the receiver
to see a truncated reply.  This commit fixes the problem.

This commit also adds a test case that would have detected the problem and
fixes a minor bug in that test case (if an error actually occurred, then
the test case would hang).

Bug #12766.
Reported-by: James Schmidt <jschmidt@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoFAQ: Add an introduction to VLANs.
Ben Pfaff [Fri, 3 Aug 2012 23:34:04 +0000 (16:34 -0700)]
FAQ: Add an introduction to VLANs.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agodatapath: Relax set header validation.
Jesse Gross [Fri, 3 Aug 2012 01:22:38 +0000 (18:22 -0700)]
datapath: Relax set header validation.

When installing a flow with an action to set a particular field we
need to validate that the packets that are part of the flow actually
contain that header.  With IP we use zeroed addresses and with TCP/UDP
the check is for zeroed ports.  This check is overly broad and can catch
packets like DHCP requests that have a zero source address in a
legitimate header.  This changes the check to look for a zeroed protocol
number for IP or for both ports be zero for TCP/UDP before considering
the header to not exist.

Bug #12769

Reported-by: Ethan Jackson <ethan@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
12 years agoofp-util: Remove extra blank line.
Ben Pfaff [Mon, 18 Jun 2012 16:56:54 +0000 (09:56 -0700)]
ofp-util: Remove extra blank line.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-util: Fix typo in comment.
Ben Pfaff [Mon, 18 Jun 2012 20:56:19 +0000 (13:56 -0700)]
ofp-util: Fix typo in comment.

This comment is talking about the obsolete "tun_id_from_cookie" protocol
extension that we removed from OVS long ago.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoutil: New macro CONST_CAST.
Ben Pfaff [Fri, 13 Jul 2012 23:00:29 +0000 (16:00 -0700)]
util: New macro CONST_CAST.

Casts are sometimes necessary.  One common reason that they are necessary
is for discarding a "const" qualifier.  However, this can impede
maintenance: if the type of the expression being cast changes, then the
presence of the cast can hide a necessary change in the code that does the
cast.  Using CONST_CAST, instead of a bare cast, makes these changes
visible.

Inspired by my own work elsewhere:
http://git.savannah.gnu.org/cgit/pspp.git/tree/src/libpspp/cast.h#n80

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agotest-sha1: Remove unneeded casts.
Ben Pfaff [Fri, 13 Jul 2012 21:34:51 +0000 (14:34 -0700)]
test-sha1: Remove unneeded casts.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofproto-dpif: Remove superfluous cast.
Ben Pfaff [Fri, 13 Jul 2012 21:30:15 +0000 (14:30 -0700)]
ofproto-dpif: Remove superfluous cast.

'packet' is already a struct ofpbuf *.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoflow: Remove superfluous casts.
Ben Pfaff [Fri, 13 Jul 2012 21:16:36 +0000 (14:16 -0700)]
flow: Remove superfluous casts.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoflow: Correctly consider nw_frag_mask in some flow_wildcards_*() functions.
Ben Pfaff [Mon, 18 Jun 2012 21:02:12 +0000 (14:02 -0700)]
flow: Correctly consider nw_frag_mask in some flow_wildcards_*() functions.

This probably means that some classifier functions based on the fragment
type of packets have never worked properly.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofproto: Avoid sensitivity to hash order in flow monitor pause/resume test.
Ben Pfaff [Thu, 12 Jul 2012 22:20:03 +0000 (15:20 -0700)]
ofproto: Avoid sensitivity to hash order in flow monitor pause/resume test.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agodirs: dbdir default must be based on sysconfdir.
Ben Pfaff [Thu, 2 Aug 2012 23:01:49 +0000 (16:01 -0700)]
dirs: dbdir default must be based on sysconfdir.

Some in-tree and out-of-tree code sets the OVS_SYSCONFDIR environment
variable to control where /etc files go (mostly for test purposes).  When
the database directory (dbdir) was split off from the sysconfdir, the
configure-time default continued to be based on the sysconfdir, but
overriding the sysconfdir at runtime with OVS_SYSCONFDIR didn't have any
effect on the dbdir, which caused a visible change in behavior for code
that set the OVS_SYSCONFDIR environment variable.  This commit reverts that
change in behavior, by basing the dbdir on OVS_SYSCONFDIR if that
environment variable is set (but the OVS_DBDIR environment variable is
not).

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoAdding checksum to IP packets created by ovs for testing.
Mehak Mahajan [Thu, 2 Aug 2012 23:11:58 +0000 (16:11 -0700)]
Adding checksum to IP packets created by ovs for testing.

OVS provides a utility to create IP packets for the purpose of testing
using ovs-appctl netdev-dummy/receive.  These packets created by
flow_compose() earlier did not have the IP checksum in them.  With this
commit, the checksum with be added to these test IP packets.

Signed-off-by: Mehak Mahajan <mmahajan@nicira.com>
12 years agoCreate .conf.db.~lock~ in same dir as DBDIR.
Mehak Mahajan [Thu, 2 Aug 2012 06:25:35 +0000 (23:25 -0700)]
Create .conf.db.~lock~ in same dir as DBDIR.

Commit f973f2af (Make the location of the database separately configurable.)
introduced the environment variable OVS_DBDIR which specifies the path for
the conf.db.  With this commit, .conf.db.~lock~ will also be created in the
DBDIR.

Signed-off-by: Mehak Mahajan <mmahajan@nicira.com>
12 years agoFix a typo in commit f973f2af2.
Mehak Mahajan [Thu, 2 Aug 2012 02:57:03 +0000 (19:57 -0700)]
Fix a typo in commit f973f2af2.

Signed-off-by: Mehak Mahajan <mmahajan@nicira.com>
12 years agoImproving comment for OFP10_VLAN_NONE.
Mehak Mahajan [Thu, 2 Aug 2012 00:26:39 +0000 (17:26 -0700)]
Improving comment for OFP10_VLAN_NONE.

Signed-off-by: Mehak Mahajan <mmahajan@nicira.com>
12 years agoflow: Fix wild pointer dereference in flow_compose().
Ethan Jackson [Wed, 1 Aug 2012 20:01:01 +0000 (13:01 -0700)]
flow: Fix wild pointer dereference in flow_compose().

The 'ip' variable in flow_compose() points to some memory allocated
in an ofpbuf.  The ofpbuf is modified without making the necessary
updates to the location of 'ip' causing a potential wild memory
access.

Found by inspection.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agoovsdb: Do not replace symlinks by regular files during compaction.
Ben Pfaff [Mon, 30 Jul 2012 21:55:10 +0000 (14:55 -0700)]
ovsdb: Do not replace symlinks by regular files during compaction.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agolockfile: Be more forgiving about lockfiles for symlinks.
Ben Pfaff [Mon, 30 Jul 2012 21:41:13 +0000 (14:41 -0700)]
lockfile: Be more forgiving about lockfiles for symlinks.

As the database is being transitioned from /etc to /var, there is a symlink
from the old to the new location for the database and a symlink for its
lockfile.  This works OK, but it would be more user-friendly to still work
correctly in case the symlink for the lockfile isn't there (since its
existence is non-obvious), so this commit implements that behavior.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoutil: New function follow_symlinks().
Ben Pfaff [Mon, 30 Jul 2012 18:36:06 +0000 (11:36 -0700)]
util: New function follow_symlinks().

It will acquire its first user in an upcoming commit.

Signed-off-by: Ben Pfaff <blp@nicira.com>