openvswitch
13 years agovswitchd: Add miimon support.
Ethan Jackson [Sat, 8 Jan 2011 00:22:34 +0000 (16:22 -0800)]
vswitchd: Add miimon support.

This commit allows users to check link status in bonded ports using
MII instead of carrier.

13 years agonx-match: Print register values in hex in "load" action also.
Ben Pfaff [Wed, 12 Jan 2011 21:38:19 +0000 (13:38 -0800)]
nx-match: Print register values in hex in "load" action also.

cls_rule_format() prints register values are printed in hex, but the "load"
action was printing them in decimal.  This makes it consistent.

Requested-by: Paul Ingram <paul@nicira.com>
Bug #4249.

13 years agoofp-print: Add tests for OpenFlow message formatting.
Ben Pfaff [Wed, 12 Jan 2011 21:57:53 +0000 (13:57 -0800)]
ofp-print: Add tests for OpenFlow message formatting.

It's become clear over the past few weeks that some people really depend
on the formatting of ofp-print output.  It has also become clear that OVS
doesn't have anything that actually checks or enforces the formatting of
the output.  The former is not something I want to encourage, but the
latter is somewhat worrisome because the formatting does change from time
to time and I want to make sure that that is intentional.

So this commit adds at least one test for each supported OpenFlow and
Nicira extension message, so that we can better keep track of changes.

13 years agoofp-print: Insert missing whitespace.
Ben Pfaff [Tue, 14 Dec 2010 00:19:19 +0000 (16:19 -0800)]
ofp-print: Insert missing whitespace.

13 years agoofp-print: Print fragment handling in OpenFlow switch config messages.
Ben Pfaff [Tue, 14 Dec 2010 20:08:10 +0000 (12:08 -0800)]
ofp-print: Print fragment handling in OpenFlow switch config messages.

13 years agoAutomatically extract error types and codes for formatting.
Ben Pfaff [Wed, 12 Jan 2011 21:42:50 +0000 (13:42 -0800)]
Automatically extract error types and codes for formatting.

13 years agopython: Use os.path.basename instead of open-coding it.
Ben Pfaff [Wed, 12 Jan 2011 21:43:22 +0000 (13:43 -0800)]
python: Use os.path.basename instead of open-coding it.

Reported-by: Justin Pettit <jpettit@nicira.com>
13 years agonicira-ext: Fix typo in comment.
Ben Pfaff [Wed, 12 Jan 2011 21:50:18 +0000 (13:50 -0800)]
nicira-ext: Fix typo in comment.

Reported-by: Justin Pettit <jpettit@nicira.com>
13 years agotests: Fix bonding related test failures.
Ethan Jackson [Wed, 12 Jan 2011 18:39:52 +0000 (10:39 -0800)]
tests: Fix bonding related test failures.

The tests did not get updated with recent interface reconfigure
changes.  This fixes the problem.

13 years agoFix non-static instances of "struct vlog_rate_limit" and add check.
Ben Pfaff [Wed, 12 Jan 2011 17:22:12 +0000 (09:22 -0800)]
Fix non-static instances of "struct vlog_rate_limit" and add check.

A non-static vlog_rate_limit is not actually going to rate-limit anything.

13 years agoAdd some new generated files to .gitignore.
Justin Pettit [Wed, 12 Jan 2011 03:05:09 +0000 (19:05 -0800)]
Add some new generated files to .gitignore.

A few generated files have snuck in that should be ignored by git.

13 years agouuid: Correct name of header file in comment.
Justin Pettit [Wed, 12 Jan 2011 02:57:01 +0000 (18:57 -0800)]
uuid: Correct name of header file in comment.

13 years agoxenserver: Allow bond_mode configuration in xen.
Ethan Jackson [Mon, 10 Jan 2011 20:18:50 +0000 (12:18 -0800)]
xenserver: Allow bond_mode configuration in xen.

This commit adds bond_mode configuration to Interface Reconfigure
so that it may be changed using standard XenServer commands.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
13 years agovswitchd: Rename bond_mode configuration.
Ethan Jackson [Mon, 10 Jan 2011 19:23:13 +0000 (11:23 -0800)]
vswitchd: Rename bond_mode configuration.

This commit renames bond_type to bond_mode to be more consistent
with XenServer configuration.  It also renames the "slb" bond_mode
to "balance-slb".

13 years agoDebian: Update change log for 1.1.0~pre2.g2.ea763e0e-1 upload
Simon Horman [Tue, 11 Jan 2011 23:45:25 +0000 (08:45 +0900)]
Debian: Update change log for 1.1.0~pre2.g2.ea763e0e-1 upload

13 years agobridge: Move tunnel_egress_iface to status column.
Ethan Jackson [Wed, 5 Jan 2011 19:51:15 +0000 (11:51 -0800)]
bridge: Move tunnel_egress_iface to status column.

This commit removes the tunnel_egress_iface column from the
interface table and moves it's data to the status column.  In the
process it reverts the database to version 1.0.0.

13 years agoxenserver: Remove "Required-" parameters from "openvswitch" init script.
Justin Pettit [Tue, 11 Jan 2011 05:32:09 +0000 (21:32 -0800)]
xenserver: Remove "Required-" parameters from "openvswitch" init script.

Commit 72dfb3b (xenserver: Add LSB init info to scripts.) added LSB init
info to the XenServer scripts.  This was verified to work on XenServer
5.5, but newer versions of XenServer interpret these values and alter
when "openvswitch" gets called.  This causes XenServer to not come up
with its networking configuration properly.

By removing the "Required-" parameters, OVS will properly come up.  This
is just a temporary fix, and a more proper one will be forthcoming.

13 years agotests: Fix Y2011 bug in testsuite.
Ben Pfaff [Mon, 10 Jan 2011 20:54:26 +0000 (12:54 -0800)]
tests: Fix Y2011 bug in testsuite.

The tests have been failing for a few days now, because the PKI expired a
few days into 2011.  This commit instead generates the PKI at "make check"
time, which has the additional benefit of getting some test exposure for
the ovs-pki program.

Reported-by: Aaron M. Ucko <ucko@debian.org>
CC: 609506@bugs.debian.org
13 years agovswitchd: Fix "make distcheck" by cleaning up stray "stamp" file.
Ben Pfaff [Mon, 10 Jan 2011 20:46:26 +0000 (12:46 -0800)]
vswitchd: Fix "make distcheck" by cleaning up stray "stamp" file.

13 years agoovs-pki: Fix handling of relative log file name on --log option.
Ben Pfaff [Mon, 10 Jan 2011 20:44:46 +0000 (12:44 -0800)]
ovs-pki: Fix handling of relative log file name on --log option.

"$var=value" is not valid shell syntax, but "var=value" is.

13 years agovswitchd: Active backup bonding.
Ethan Jackson [Thu, 6 Jan 2011 20:14:23 +0000 (12:14 -0800)]
vswitchd: Active backup bonding.

This commit adds active backup bonding support to vswitchd.

Bug #4210.

13 years agovswitchd: Fix segmentation fault with bonded ports.
Ethan Jackson [Fri, 7 Jan 2011 00:17:23 +0000 (16:17 -0800)]
vswitchd: Fix segmentation fault with bonded ports.

This commit fixes a segmentation fault which could occur when a
bonded port was destroyed.

13 years agovswitchd: Whitespace fixups.
Ethan Jackson [Thu, 6 Jan 2011 20:09:05 +0000 (12:09 -0800)]
vswitchd: Whitespace fixups.

Removed tabs from vswitch.xml.  Removed trailing whitespace from
the bridge.

13 years agoxenserver: Remove Linux bridge on startup if no bridges exist.
Patrick Mullaney [Wed, 15 Dec 2010 19:07:10 +0000 (11:07 -0800)]
xenserver: Remove Linux bridge on startup if no bridges exist.

Otherwise, if the bridge module is loaded but no bridges exist, on all
but the most recent Linux kernels this prevents the Open vSwitch kernel
module from loading.

Signed-off-by: Ben Pfaff <blp@nicira.com>
13 years agoxenserver: Add defaults for ENABLE_BRCOMPAT, ENABLE_FAKE_PROC_NET.
Patrick Mullaney [Wed, 15 Dec 2010 18:41:13 +0000 (10:41 -0800)]
xenserver: Add defaults for ENABLE_BRCOMPAT, ENABLE_FAKE_PROC_NET.

On non-XenServer systems there is no $PRODUCT_VERSION to test for default
behavior, so use reasonable defaults in that case.

Signed-off-by: Patrick Mullaney <pm.mullaney@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
13 years agoxenserver: Don't require /etc/xensource/network.conf if not on XenServer.
Patrick Mullaney [Wed, 15 Dec 2010 18:39:08 +0000 (10:39 -0800)]
xenserver: Don't require /etc/xensource/network.conf if not on XenServer.

On XenServer systems, the "network mode" (that is, whether the network
uses OpenvSwitch or the Linux bridge) is stored in
/etc/xensource/network.conf.  On other systems, we can't expect it to be
there.  This changes the init script to tolerate its absence, treating that
as meaning that Open vSwitch should be used (otherwise, why did the admin
install it?).

NETWORK_MODE can always be overridden in /etc/sysconfig/openvswitch anyway.

Signed-off-by: Patrick Mullaney <pm.mullaney@gmail.com>
[changed back to read /etc/xensource/network.conf if present]
Signed-off-by: Ben Pfaff <blp@nicira.com>
13 years agoxenserver: Only start ovs-external-ids on XenServer.
Patrick Mullaney [Wed, 15 Dec 2010 18:31:56 +0000 (10:31 -0800)]
xenserver: Only start ovs-external-ids on XenServer.

ovs-external-ids's job is to synchronize UUIDs between XAPI and OVSDB.
Non-XenServer systems don't have XAPI so they don't need ovs-external-ids.

Signed-off-by: Patrick Mullaney <pm.mullaney@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
13 years agoxenserver: Generate system UUID for non-XenServer systems.
Ben Pfaff [Wed, 5 Jan 2011 19:08:25 +0000 (11:08 -0800)]
xenserver: Generate system UUID for non-XenServer systems.

Currently the scripts in xensever/ are intended specifically for XenServer,
but supporting other distros seems like a worthy goal, so this is a step
in the right direction.

It would be good to be able to determine a suitable system-type and
system-version, but those are less important than system-id.

Signed-off-by: Patrick Mullaney <pm.mullaney@gmail.com>
[changed not to set xs-system-uuid on non-XenServer systems]
[whitespace changes]
[changed to handle missing uuidgen, suggested by Justin Pettit]
Signed-off-by: Ben Pfaff <blp@nicira.com>
13 years agoxenserver: Be compatible with non-XenServer func libraries in init script.
Ben Pfaff [Wed, 5 Jan 2011 19:00:41 +0000 (11:00 -0800)]
xenserver: Be compatible with non-XenServer func libraries in init script.

XenServer has its function library in /etc/init.d/functions but other
distros have it in different places.  Currently this init script is
specifically intended for XenServer but adding compatibility with other
distros seems like a worthwhile goal.

Also, SuSE does not have the "action" function, so test whether it is
implemented and when not supply a fallback.

Signed-off-by: Patrick Mullaney <pm.mullaney@gmail.com>
[changed to only define action() if not already defined]
Signed-off-by: Ben Pfaff <blp@nicira.com>
13 years agoxenserver: Add LSB init info to scripts.
Ben Pfaff [Wed, 5 Jan 2011 18:52:36 +0000 (10:52 -0800)]
xenserver: Add LSB init info to scripts.

XenServer itself does not use this information as part of startup, but
other distributions that may wish to derive their startup scripts from
these may need it.

Signed-off-by: Patrick Mullaney <pm.mullaney@gmail.com>
[updated some info in xenserver/etc_init.d_openvswitch-xapi-update]
[used Debian LSB info for xenserver/etc_init.d/openvswitch]
Signed-off-by: Ben Pfaff <blp@nicira.com>
13 years agodebian: Update check for Debian package version.
Ben Pfaff [Fri, 7 Jan 2011 17:35:19 +0000 (09:35 -0800)]
debian: Update check for Debian package version.

A version number like "1.1.0pre2" is properly translated into a Debian
version number as "1.1.0~pre2", so we need to make that translation.  Also,
the Debian version number will often have suffixes on it, so don't check
for a trailing parenthesis.

13 years agodebian: Update changelog for 1.1.0~pre2.g1.bbe8d06e-1 upload
Simon Horman [Thu, 6 Jan 2011 05:56:36 +0000 (14:56 +0900)]
debian: Update changelog for 1.1.0~pre2.g1.bbe8d06e-1 upload

This brings the changelog into line with that is in the
debian 1.1.0~pre2.g1.bbe8d06e-1 package on debian.org

13 years agodatapath: Distinguish set_config() functions' names.
Ben Pfaff [Thu, 6 Jan 2011 21:18:10 +0000 (13:18 -0800)]
datapath: Distinguish set_config() functions' names.

Both tunnel.c and vport-patch.c have set_config() functions.  They are
static so this does not confuse the compiler, but it does (slightly)
confuse me from time to time, so this commit changes their names to
tnl_set_config() and patch_set_config(), respectively.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
13 years agodatapath: Improve vport-patch names that are too generic.
Ben Pfaff [Tue, 4 Jan 2011 20:36:07 +0000 (12:36 -0800)]
datapath: Improve vport-patch names that are too generic.

"device_config" and "devconf" always sound to me like something that would
be part of the kernel's core device layer.  Give them the more-specific
names "patch_config" and "patchconf".

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
13 years agodatapath: Clean up code in vport_get_stats().
Ben Pfaff [Thu, 6 Jan 2011 04:47:03 +0000 (20:47 -0800)]
datapath: Clean up code in vport_get_stats().

This should not change behavior.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
13 years agodatapath: Fix vport_get_stats() in !VPORT_F_GEN_STATS case.
Ben Pfaff [Wed, 5 Jan 2011 18:17:17 +0000 (10:17 -0800)]
datapath: Fix vport_get_stats() in !VPORT_F_GEN_STATS case.

When VPORT_F_GEN_STATS was not set, vport_get_stats() would always return
an error (either an error returned by ->get_stats(), otherwise
-EOPNOTSUPP).  This fixes the problem.

Found by inspection.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
13 years agodatapath: Treat GSO skbs as if they were fragments
Simon Horman [Thu, 6 Jan 2011 01:26:42 +0000 (10:26 +0900)]
datapath: Treat GSO skbs as if they were fragments

In dp_output_control() UDP GSO skbs are split into fragments which are
passed to userspace.  So the resulting flow set-up by the controller
(I am using ovs-vswitchd) is created based on a fragment.  This means
that the UDP source and destination port of the flow is zero.

In order for the datapath to match the resulting flow flow_extract() needs
to treat UDP GSO skbs as if they are fragments.  That is, set the UDP
source and destination port to 0.

A flow established for a UDP GSO skb with this change won't match any
subsequent non-GSO skbs, they will need to be passed to the controller and
a new flow established. But without this change no UDP GSO skbs will ever
match any flow.

I noticed this while using KVM using virtio with VhostNet and netperf's
UDP_STREAM test. The result was that the test sent ~5Gbit/s but only a
small fraction of that was received by the other side. Much less than the
1Gbit/s available on the physical link between the host (and guest) and the
machine running netserver. 100% of one of the host's CPUs was consumed, 50%
for the host and 50% for the guest.  The host consumption was contributed
to largely by ovs-vswitchd.

With this change I get a much nicer result of a fraction under 1Gbit/s sent
and almost all packets ending up at the other end.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Jesse Gross <jesse@nicira.com>
13 years agoAUTHORS: Add Krishna Miriyala as reporter.
Jesse Gross [Wed, 5 Jan 2011 16:35:11 +0000 (08:35 -0800)]
AUTHORS: Add Krishna Miriyala as reporter.

13 years agodatapath: Fix double counting of packet stats for Linux devices.
Jesse Gross [Wed, 5 Jan 2011 15:25:41 +0000 (07:25 -0800)]
datapath: Fix double counting of packet stats for Linux devices.

The kernel augments stats for Linux devices that only provide 32-bit stats
with its own internal 64-bit counters.  When doing this it takes the error
stats from the device but uses the packet and byte values from its local
counters.  However, we were also taking the packet and byte counts from
the device, leading to double counting.

Problem introduced by commit ec61a01cd8ed73b13ffe042ddff4baf41f6b63e7
'datapath: Use "struct rtnl_link_stats64" instead of "struct odp_vport_stats".'.

Bug #4327

Reported-by: Krishna Miriyala <krishna@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
13 years agodatapath: Use call_rcu() when deleting a datapath.
Jesse Gross [Wed, 5 Jan 2011 20:39:57 +0000 (12:39 -0800)]
datapath: Use call_rcu() when deleting a datapath.

When deleting a datapath, we remove all of the vports and then immediately
free the datapath data structures.  Since the vports are allowed to use
call_rcu() to free their data, it's possible for them to return immediately
while packet processing is still taking place.  This breaks apart the dropping
of references and the freeing of the data using call_rcu() for protection.

This race cannot actually occur in practice since the last port to be
deleted is an internal device, which uses synchronize_rcu() itself
(implicitly through unregister_netdevice()).  However, there is no
requirement that it must do this nor should there be.

Reported-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
13 years agodebian: Remove openvswitch-pki-server package.
Ben Pfaff [Tue, 4 Jan 2011 18:19:59 +0000 (10:19 -0800)]
debian: Remove openvswitch-pki-server package.

The functionality provided by this package was used only by
openvswitch-switch-config, which was removed some time ago.  If I had been
more careful at the time, I would have removed this package at the same
time.

13 years agolib: Show tunnel egress interface in ovsdb
Ethan Jackson [Wed, 22 Dec 2010 00:26:21 +0000 (16:26 -0800)]
lib: Show tunnel egress interface in ovsdb

This commit parses rtnetlink address notifications from the
kernel in order to display the egress interface of tunnels in the
database.

Bug #4103.

13 years agortnetlink: Remove LINK specific messages from rtnetlink
Ethan Jackson [Tue, 21 Dec 2010 21:44:37 +0000 (13:44 -0800)]
rtnetlink: Remove LINK specific messages from rtnetlink

Abstracted rtnetlink so that it may be used for messages other than
RTM LINK messages.  Created a new rtnetlink-link module which
specifically deals with these kinds of messages and follows the old
rtnetlink API.

13 years agopython: properly initialize string length on 64bit systems.
Ethan Jackson [Mon, 3 Jan 2011 20:27:50 +0000 (12:27 -0800)]
python: properly initialize string length on 64bit systems.

types.py was initializing max string length to 2^64 - 1 instead of
UINT_MAX on 64 bit systems.  This commit fixes that problem.

13 years agostream-ssl: Fix compiler warning.
Ethan Jackson [Sun, 2 Jan 2011 21:28:58 +0000 (13:28 -0800)]
stream-ssl: Fix compiler warning.

This commit fixes the following compiler warnings:
"format '%d' expects type 'int', but argument 4 has type 'size_t'"

13 years agomultipath: Fix compiler warning.
Ethan Jackson [Sun, 2 Jan 2011 21:24:27 +0000 (13:24 -0800)]
multipath: Fix compiler warning.

This commit fixes the following compiler warning:
"cast from function call of type 'uint16_t' to non-matching type
'enum nx_mp_fields'"

13 years agodebian: Remove ${shlibs:Depends} dependency pki packages
Simon Horman [Fri, 31 Dec 2010 04:27:35 +0000 (13:27 +0900)]
debian: Remove ${shlibs:Depends} dependency pki packages

Remove ${shlibs:Depends} dependency from openvswitch-pki
and openvswitch-pki-server as neither package includes binaries

13 years agoofp-parse: ofp-parse fails to properly validate DROP.
Ethan Jackson [Sun, 2 Jan 2011 20:52:11 +0000 (12:52 -0800)]
ofp-parse: ofp-parse fails to properly validate DROP.

The str_to_action function of ofp-parse was not properly
incrementing it's actions counter.  Thus it did not enforce the
requirement that DROP actions not be preceded by other actions.

13 years agodatapath: Drop constness of datapath pointers.
Jesse Gross [Wed, 29 Dec 2010 19:42:13 +0000 (11:42 -0800)]
datapath: Drop constness of datapath pointers.

A few places marked struct datapath pointers as const since they
didn't expect to make modifications.  However, when compiled with
lockdep the datapath mutex pointer is passed to lockdep_is_held(),
which has a non-const argument.  That provoked warnings about
casting away the const, so this drops the const from the original
pointers.

Reported-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
13 years agodatapath: Report ifindex of 0 if vport doesn't have one.
Jesse Gross [Wed, 29 Dec 2010 18:59:01 +0000 (10:59 -0800)]
datapath: Report ifindex of 0 if vport doesn't have one.

If a vport is a virtual device then it doesn't have a system ifindex.
We currently return the ifindex of the bridge device in this situation
but that's somewhat misleading, so this replaces it with 0.  Nothing
actually reads the ifindex for devices other than the bridge device,
so this doesn't have a functional change.

Suggested-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
13 years agodatapath: Don't check for RCU in free_buckets in table.
Jesse Gross [Wed, 29 Dec 2010 23:05:02 +0000 (15:05 -0800)]
datapath: Don't check for RCU in free_buckets in table.

free_buckets() is only called in places where the lifetime of its
container has ended: on allocation failure and on deletion after
a grace period.  If the container can no longer be referenced then
neither can the buckets, so it is safe to directly free them.
sparse complains if the pointer is directly dereferenced and lockdep
complains if the RCU functions are used without some type of lock,
both of which are fine in this case.  This adds an explicit cast to
avoid the complaints.

Found with lockdep.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
13 years agodatapath: Hold dp->mutex when calling new_vport().
Jesse Gross [Wed, 29 Dec 2010 22:48:38 +0000 (14:48 -0800)]
datapath: Hold dp->mutex when calling new_vport().

On datapath creation we hold dp_mutex but not dp->mutex when
creating the vport for the datapath device.  However, there are
lockdep checks that validate that we hold dp->mutex during the call
to new_vport().  The lock isn't actually necessary in this case
because no one else can access the datapath but it's good to have
the lock assertions, so this holds dp->mutex while initializing
the datapath.

Found with lockdep.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
13 years agodatapath: Add owner to file_operations declaration.
Jesse Gross [Wed, 29 Dec 2010 22:10:50 +0000 (14:10 -0800)]
datapath: Add owner to file_operations declaration.

It's currently possible for operations on our character device to
be still running when we unload the module.  This will result in
an oops when the executing code is suddenly freed.  The chrdev
code has a way to avoid this by taking a reference on the module
every time the device is opened, which means that we can't be
unloaded as long as there is an open file descriptor and therefore
the possibility of an operation.  However, our file_operations
structure doesn't include an owner member, which prevents this
mechanism from working.  This adds one.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
13 years agodatapath: Acquire dp->mutex when deleting a datapath.
Jesse Gross [Wed, 29 Dec 2010 21:09:56 +0000 (13:09 -0800)]
datapath: Acquire dp->mutex when deleting a datapath.

It's possible that someone is using the datapath data structures
when we attempt to delete the datapath.  The first writer will
only hold dp->mutex, which we don't currently acquire when deleting.
This adds that lock to prevent a potential race (this can't currently
happen because userspace is single threaded, as long as "ovs-dpctl
del-dp" is not used at the same time).

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
13 years agodatapath: Merge do_destroy_dp into destroy_dp.
Jesse Gross [Wed, 29 Dec 2010 21:08:15 +0000 (13:08 -0800)]
datapath: Merge do_destroy_dp into destroy_dp.

Both do_destroy_dp() and destroy_dp() are small functions and
only have a single caller.  There's no good reason for them to
be separate so this merges them together.  It also makes things
more logically consistent and easier to read in the next commit,
which adds additional locking as everything is in one place.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
13 years agoofproto: Increase max recursion level from 8 to 16.
Ben Pfaff [Thu, 30 Dec 2010 16:57:01 +0000 (08:57 -0800)]
ofproto: Increase max recursion level from 8 to 16.

Requested-by: Pankaj Thakkar <thakkar@nicira.com>
13 years agoINSTALL.XenServer: Fix directory where RPMs end up.
Ben Pfaff [Wed, 29 Dec 2010 18:09:51 +0000 (10:09 -0800)]
INSTALL.XenServer: Fix directory where RPMs end up.

We can be specific about i386 here since that's the only architecture that
XenServer supports.

Reported-by: Bryan Osoro <bosoro@nicira.com>
13 years agodatapath: Use local variable for freeing on flow put error.
Jesse Gross [Fri, 24 Dec 2010 05:50:49 +0000 (21:50 -0800)]
datapath: Use local variable for freeing on flow put error.

If inserting a flow failed and we need to free the actions, we
currently directly free them from the flow struct.  This is fine
but it makes sparse complain about directly accessing an RCU
protected field.  We could insert some casts to avoid this but
it's cleaner to just free the data from the local variable
instead.

Found with sparse.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
13 years agodatapath: Allocate vports in more RCU friendly manner.
Jesse Gross [Fri, 24 Dec 2010 00:36:26 +0000 (16:36 -0800)]
datapath: Allocate vports in more RCU friendly manner.

In a few places, when creating a new vport we also need to allocate
some memory for configuration that can change.  This data is protected
by RCU but we directly access the memory when initializing it.  This
is fine, since the vport has not yet been published and we use the
apropriate memory barriers when doing so.  However, it makes tools
like sparse unhappy and is also asymmetric since we use RCU to
dereference the pointers but not to assign them.  This cleans that
up somewhat by initializing the memory first and then using RCU
to assign it, which makes everyone happy.

Found with sparse.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
13 years agodatapath: Use RCU dereference in vport_get_ifindex().
Jesse Gross [Fri, 24 Dec 2010 00:47:45 +0000 (16:47 -0800)]
datapath: Use RCU dereference in vport_get_ifindex().

If we don't have an ifindex for a device (because it is a virtual
port), we fall back to using the ifindex of the local port.
However, we weren't properly dereferencing the vport from the ports
array, so this adds that.  This isn't a real problem though, because
the local port always exists and never changes as long as the
datapath exists.

Found with sparse.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
13 years agodatapath: Add casts for direct freeing of RCU data.
Jesse Gross [Fri, 24 Dec 2010 00:44:22 +0000 (16:44 -0800)]
datapath: Add casts for direct freeing of RCU data.

There are a few places where we have two levels of RCU protected
data to allow the second level to change independently of the
first.  Although the two pieces are independent, they have the
same users and lifetime of the first level always exceeds that
of the second level.  This means that we can directly free the
second level when it is safe to free the first.  This implies
that we directly access RCU-protected data, which is generally
not allowed.  There are no locks to check, so none of the normal
RCU functions apply.  Instead, this adds an explicit cast.

Found with sparse.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
13 years agotunnel: Drop spinlock around cache free.
Jesse Gross [Sat, 25 Dec 2010 03:16:20 +0000 (19:16 -0800)]
tunnel: Drop spinlock around cache free.

We hold a spinlock when freeing the cache, since you're generally
supposed to do that when writing to RCU protected data.  However,
there's really no point in doing that here because the port has
already been removed from both the transmit and receive side
data structures and we've waited for an RCU grace period.  In
addition, we're about to free the port itself, which contains the
spinlock and will be in trouble if anyone else is trying to
access it.  For clarity, drop the spinlock.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
13 years agodatapath: Fix table sparse annotations.
Jesse Gross [Fri, 24 Dec 2010 04:31:39 +0000 (20:31 -0800)]
datapath: Fix table sparse annotations.

Several of the pointers in table.c were missing the correct
__rcu annotation and the pointer type in the actual declaration
of struct tbl was incorrect, so this fixes that.  It also adds
usage of rcu_dereference() to access an RCU protected pointer,
which is not strictly correct since an update side lock should
be held.  However, since the table is used in different pieces
of code and therefore different locks are used it is difficult
to know which lock to check without threading the information
though, which is ugly.  Since other places in table.c have this
same problem and this code should go away in the future it is
left as is.

Found with sparse.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
13 years agodatapath: Don't directly access port array in query_port().
Jesse Gross [Fri, 24 Dec 2010 01:56:29 +0000 (17:56 -0800)]
datapath: Don't directly access port array in query_port().

query_port() directly accesses the datapath port array, without
using any kind of RCU dereference.  It's OK, since it is holding
DP mutex but this adds an explicit check to make sparse happy.
It also simplifies the code path somewhat.

Found with sparse.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
13 years agodatapath: Add get_vport_protected().
Jesse Gross [Sat, 25 Dec 2010 03:53:26 +0000 (19:53 -0800)]
datapath: Add get_vport_protected().

In some places we access the array of datapath ports without
RCU protection.  This introduces a new function to check that in
these case the dp mutex is held for protection.

Found with sparse.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
13 years agodatapath: Use get_table_protected() in additional places.
Jesse Gross [Sat, 25 Dec 2010 03:44:34 +0000 (19:44 -0800)]
datapath: Use get_table_protected() in additional places.

There are several places where the flow table is accessed
without any kind of RCU protection.  This is fine because dp
mutex is held so this adds checks for that condition.

Found with sparse.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
13 years agodatapath: Add missing rtnl_dereference() calls.
Jesse Gross [Fri, 24 Dec 2010 00:28:23 +0000 (16:28 -0800)]
datapath: Add missing rtnl_dereference() calls.

There are a few additional places where RCU protected pointers
are directly dereferenced because they assume RTNL lock.  These
were previously not reported due to some other sparse errors in
the Linux headers files.  This adds the necessary rtnl_dereference()
calls to make sparse happy and allow lockdep to validate.

Found with sparse.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
13 years agodpif-netdev: Add missing 'const' qualifiers to function parameters.
Ben Pfaff [Wed, 29 Dec 2010 06:40:52 +0000 (22:40 -0800)]
dpif-netdev: Add missing 'const' qualifiers to function parameters.

These functions don't modify their flow key arguments but the prototypes
implied that they did.

Acked-by: Jesse Gross <jesse@nicira.com>
13 years agodatapath: Remove ODPP_NORMAL macro.
Ben Pfaff [Tue, 28 Dec 2010 20:23:16 +0000 (12:23 -0800)]
datapath: Remove ODPP_NORMAL macro.

This macro hasn't ever been used.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
13 years agodatapath: Fix 32-bit truncation of argument to ODPAT_OUTPUT_CONTROL.
Ben Pfaff [Tue, 28 Dec 2010 21:28:31 +0000 (13:28 -0800)]
datapath: Fix 32-bit truncation of argument to ODPAT_OUTPUT_CONTROL.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
13 years agoovs-dpctl: Reimplement get_port_number() using dpif_port_query_by_name().
Ben Pfaff [Mon, 27 Dec 2010 20:46:48 +0000 (12:46 -0800)]
ovs-dpctl: Reimplement get_port_number() using dpif_port_query_by_name().

Presumably this function was written to iterate all of the ports because
at some point we didn't have a direct way to do this, but now
dpif_port_query_by_name() is the obvious way to do it.

Acked-by: Jesse Gross <jesse@nicira.com>
13 years agoofproto: Use shash instead of svec for uniquifying, in reinit_ports().
Ben Pfaff [Mon, 27 Dec 2010 19:32:08 +0000 (11:32 -0800)]
ofproto: Use shash instead of svec for uniquifying, in reinit_ports().

No point in using an O(n log n) algorithm when an O(n) algorithm is
readily available.

(I'm sure that the actual performance difference, if any, does not matter
in practice.)

Acked-by: Jesse Gross <jesse@nicira.com>
13 years agomultipath: Zero padding bytes in fields before hashing.
Ben Pfaff [Wed, 29 Dec 2010 06:23:43 +0000 (22:23 -0800)]
multipath: Zero padding bytes in fields before hashing.

Otherwise the hash includes 3 bytes of trailing indeterminate data.

Reported-by: Pankaj Thakkar <thakkar@nicira.com>
13 years agovswitch: Provide option to pull cert from SSL table
Justin Pettit [Tue, 28 Dec 2010 01:44:33 +0000 (17:44 -0800)]
vswitch: Provide option to pull cert from SSL table

Introduce "use_ssl_cert" option to "ipsec_gre" interface types, which
will pull certificate and private key options from the SSL table.  In
the future, multiple SSL entries will be supported through the
configuration database, so use of this option is strongly discouraged as
this "feature" will be retired.

13 years agodebian: Require ipsec-tools version 0.8~alpha20101208.
Justin Pettit [Wed, 22 Dec 2010 20:55:30 +0000 (12:55 -0800)]
debian: Require ipsec-tools version 0.8~alpha20101208.

There have been a number of important bug fixes since 0.8~alpha20090903,
so require at least the newer package.

13 years agovswitch: Add support for IPsec certificate authentication.
Justin Pettit [Thu, 16 Dec 2010 07:44:41 +0000 (23:44 -0800)]
vswitch: Add support for IPsec certificate authentication.

Previously, it was possible to fake configuring the use of certificate
authentication for IPsec, but it really just used a static pre-shared key
behind the scenes.  This commit publicly mentions certificate
authentication and finally does the real work behind the scenes.

13 years agovswitch: Remove unnecessary iface_get_options function
Justin Pettit [Thu, 2 Dec 2010 02:03:44 +0000 (18:03 -0800)]
vswitch: Remove unnecessary iface_get_options function

Since GRE-over-IPsec is a proper tunnel type and no longer configured
through "other_config", we can remove this function that folded an
interface's "other_confg" into "options".

13 years agovswitch: Use "ipsec_gre" vport instead of "gre" with "other_config"
Justin Pettit [Thu, 2 Dec 2010 01:23:33 +0000 (17:23 -0800)]
vswitch: Use "ipsec_gre" vport instead of "gre" with "other_config"

Previously, a GRE-over-IPsec tunnel was created as an interface with a
"type" of "gre" and the "other_config" column with "ipsec_cert" or
"ipsec_psk" set.  This could lead to a potential security problem if a user
intended to create a GRE-over-IPsec tunnel, but misconfigured the
"ipsec_*" config and created an unencrypted GRE tunnel.

This commit defines an "ipsec_gre" tunnel type, which should prevent
users from inadvertently establishing insecure tunnels.

13 years agodebian: Don't require ipsec_local_ip to configure IPsec
Justin Pettit [Tue, 30 Nov 2010 02:55:54 +0000 (18:55 -0800)]
debian: Don't require ipsec_local_ip to configure IPsec

Commit e97a103 (Open vSwitch: ovs-monitor-ipsec: Add ability to traverse
NATs) removed the requirement that the "ipsec_local_ip" key must be set
to use IPsec, but other code and documentation was not updated to
reflect this.  This commit does that.

13 years agoovs-dpctl: Print extended information about vports.
Justin Pettit [Sat, 18 Dec 2010 09:07:06 +0000 (01:07 -0800)]
ovs-dpctl: Print extended information about vports.

When "ovs-dpctl show" is run, return additional information about the
port.  For example, tunnel ports will print the remote_ip, local_ip, and
in_key when defined.

13 years agodatapath: Return vport configuration when queried.
Justin Pettit [Sat, 18 Dec 2010 09:04:37 +0000 (01:04 -0800)]
datapath: Return vport configuration when queried.

Additional configuration is passed down to the kernel in the "config"
array of an odp_port when a vport is created.  This information is not
returned when a vport is queried, though.  This information is useful
for debugging, since it may be used to distinguish ports based on
additional data, such as the peer in tunnels.  In a forthcoming patch, it
will be essential to distinguish between plain GRE and GRE over IPsec.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
13 years agodebian: Fix filename for ovs-vlan-test manpage.
Ben Pfaff [Tue, 28 Dec 2010 18:03:44 +0000 (10:03 -0800)]
debian: Fix filename for ovs-vlan-test manpage.

This fixes the Debian package build.

13 years agotunneling: Don't shadow vport when generating cache.
Jesse Gross [Tue, 28 Dec 2010 05:19:35 +0000 (21:19 -0800)]
tunneling: Don't shadow vport when generating cache.

When generating the tunnel header cache we have two vports that we
are working with: the sender and destination.  Unfortunately, both of
these use the name 'vport'.  This renames the destination to avoid
shadowing the sender.  This doesn't actually fix a bug because the
compiler correctly uses the right one, even when shadowed.

Found with sparse.

Reported-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
13 years agoodp-util: Improve formatting of bad ODP actions.
Ben Pfaff [Thu, 23 Dec 2010 22:21:01 +0000 (14:21 -0800)]
odp-util: Improve formatting of bad ODP actions.

nla_len is the size of a Netlink attribute including its header, but we
only want to print the attribute payload, so use nl_attr_get_size()
instead.

Also, make it clear that what follows the "bad action" information is a
dump of the action itself.

Acked-by: Jesse Gross <jesse@nicira.com>
13 years agodatapath: Clean up use of TBL_* constants.
Ben Pfaff [Tue, 28 Dec 2010 00:20:11 +0000 (16:20 -0800)]
datapath: Clean up use of TBL_* constants.

A lot of the TBL_* constants were being used in conceptually wrong ways,
even though the code was correct because the actual values were correct.
(This is because TBL_L1_BITS, TBL_L2_BITS, and TBL_L1_SHIFT are all 10
and TBL_L1_SIZE and TBL_L2_SIZE are both 1024.)

Signed-off-by: Ben Pfaff <blp@nicira.com>
Reported-by: Jesse Gross <jesse@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
13 years agodatapath: Clarify meaning of n_buckets argument to tbl_create().
Ben Pfaff [Tue, 28 Dec 2010 00:06:08 +0000 (16:06 -0800)]
datapath: Clarify meaning of n_buckets argument to tbl_create().

The n_buckets argument to tbl_create() can be zero, but the comment didn't
mention that.  However, there's no reason that the caller can't just pass
in a correct size, so this commit changes them to do that.

Also, TBL_L1_SIZE was conceptually wrong as the minimum size: the minimum
size is one L2 page, e.g. TBL_L2_SIZE.  But TBL_MIN_BUCKETS seems like a
better all-around way to indicate the minimum size, so this commit also
introduces that macro and uses it.

Jesse Gross pointed out inconsistencies in this area.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
13 years agodatapath: Do not shadow 'err' variable name in tnl_send().
Ben Pfaff [Mon, 27 Dec 2010 23:28:58 +0000 (15:28 -0800)]
datapath: Do not shadow 'err' variable name in tnl_send().

The sparse checker reported that 'err' was used for two different variables
in tnl_send().  The two variables have different types, so this patch
renames the inner one.

Jesse confirmed that the original code was correct as written.  This patch
does not change its behavior.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
13 years agodatapath: Suppress sparse complaints about address spaces.
Ben Pfaff [Mon, 27 Dec 2010 23:23:54 +0000 (15:23 -0800)]
datapath: Suppress sparse complaints about address spaces.

The sparse checker was complaining about incorrect address spaces (e.g.
__user versus non-__user pointers).  I looked at each of them, checked
that the code looked correct to me, and added the appropriate __force
annotations to casts.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
13 years agodatapath: Fix type of actions_len_left in modify_vlan_tci().
Ben Pfaff [Mon, 27 Dec 2010 23:21:29 +0000 (15:21 -0800)]
datapath: Fix type of actions_len_left in modify_vlan_tci().

The sparse checker reported that the type of the pointer passed to
nla_next(), as &actions_len_left, was incorrect: whereas the parameter
has type "int *", &actions_len_left is an "unsigned int *".  This fixes
the problem.  It is not a bug fix since the code is equally correct (or
incorrect) either way, but it gets the types right anyhow.

I don't know why GCC was not reporting this as an error.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
13 years agodatapath: Remove shadowed 'err' variable.
Ben Pfaff [Mon, 27 Dec 2010 23:18:37 +0000 (15:18 -0800)]
datapath: Remove shadowed 'err' variable.

sparse reported that 'err' was declared in two different places in this
function.  This patch removes the inner one.  I verified that this didn't
affect correctness either way, so this is not a bug fix.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
13 years agoImplement database schema versioning.
Ben Pfaff [Mon, 27 Dec 2010 22:26:47 +0000 (14:26 -0800)]
Implement database schema versioning.

As the database schema evolves, it might be useful to have an identifier
for the particular version in use.  This commit adds that feature.

13 years agovswitchd: Add OVS version to database, give system info its own columns.
Ben Pfaff [Mon, 27 Dec 2010 18:18:14 +0000 (10:18 -0800)]
vswitchd: Add OVS version to database, give system info its own columns.

Until now, nothing in the database has reported the Open vSwitch version
number.  This commit adds that.

In addition, this commits moves the system type and version from
external-ids to individual columns, because we decided that these were
important enough not to relegate them to a grab-bag field.

13 years agoofp-util: Improve log messages for bad Nicira extension actions.
Ben Pfaff [Thu, 23 Dec 2010 18:41:17 +0000 (10:41 -0800)]
ofp-util: Improve log messages for bad Nicira extension actions.

check_action_exact_len() will always report that a Nicira extension action
has type 65535 (OFPAT_VENDOR), which isn't very helpful for debugging.
This introduces a new function that reports the subtype.

Also, log the subtype of unknown Nicira vendor actions.

13 years agoofp-util: Upgrade log messages for controller bugs to warning level.
Ben Pfaff [Thu, 23 Dec 2010 18:36:55 +0000 (10:36 -0800)]
ofp-util: Upgrade log messages for controller bugs to warning level.

All of these messages indicate that there is a bug in the controller.  We
want to know about that, so increase the log level from debug to warning.

13 years agoofp-util: Improve log message for bad OpenFlow action length.
Ben Pfaff [Thu, 23 Dec 2010 18:36:02 +0000 (10:36 -0800)]
ofp-util: Improve log message for bad OpenFlow action length.

First, this is an important message since it indicates a bug in the
controller, so log it at warning level instead of debug level--we want to
know about it.

Second, properly byteswap the action type.

Third, use the correct PRIu16 format specified for a uint16_t.

13 years agoutilities: Implement ovs-vlan-test script
Ethan Jackson [Wed, 8 Dec 2010 02:49:28 +0000 (18:49 -0800)]
utilities: Implement ovs-vlan-test script

This patch implements a script which may be used to check for
connectivity issues caused by bugs in Linux drivers relating to
VLAN traffic.

13 years agodatapath: Don't recursively sample packets or reset their "tun_id"s.
Ben Pfaff [Thu, 23 Dec 2010 17:35:15 +0000 (09:35 -0800)]
datapath: Don't recursively sample packets or reset their "tun_id"s.

execute_actions() is called recursively when ODPAT_SET_DL_TCI adds a VLAN
header to a GSO packet, but we don't want to re-sample the sub-packet or
re-reset its tun_id, so break those two actions into a wrapper function.

This commit mostly moves code around without modifying it.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
13 years agobacktrace: Only use __builtin_frame_address if GNU C is in use.
Ben Pfaff [Thu, 16 Dec 2010 19:04:14 +0000 (11:04 -0800)]
backtrace: Only use __builtin_frame_address if GNU C is in use.

This eliminates one small GNU C dependency.

13 years agodatapath: Correct argument size for ODP_FLOW_GET.
Ben Pfaff [Thu, 23 Dec 2010 17:36:19 +0000 (09:36 -0800)]
datapath: Correct argument size for ODP_FLOW_GET.

ODP_FLOW_GET takes an odp_flowvec, not an odp_flow.

(This would merely introduce a gratuitous ABI incompatibility for the sake
of pedantic correctness, except that we're breaking the ABI regularly
anyhow.)

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
13 years agoINSTALL.Linux: Make pkg-config a requirement to build.
Ben Pfaff [Wed, 22 Dec 2010 18:02:32 +0000 (10:02 -0800)]
INSTALL.Linux: Make pkg-config a requirement to build.

pkg-config is needed to detect the presence of libssl, so it is needed even
if the build system doesn't need to be rebuilt.

In theory we'd only need pkg-config if OpenSSL is to be used, but I don't
see much point in being that explicit.

Reported-by: Bryan Osoro <bosoro@nicira.com>