Ben Pfaff [Thu, 10 Mar 2011 22:59:06 +0000 (14:59 -0800)]
ofp-print: Consistently print priority only if it is not default.
In NXST_FLOW replies, the priority was printed only if it was not
OFP_DEFAULT_PRIORITY, but it was always printed in OFPST_FLOW replies.
This commit changes OFPST_FLOW replies to match NXST_FLOW replies.
Ben Pfaff [Wed, 16 Mar 2011 21:51:41 +0000 (14:51 -0700)]
tests: Fix up interface-reconfigure test and results.
I forgot to update the test when I added the VLAN bug workaround.
Ben Pfaff [Wed, 16 Mar 2011 21:39:17 +0000 (14:39 -0700)]
Support vlan_group workaround implemented in XenServer kernels.
Some Linux network drivers support a feature called "VLAN acceleration",
associated with a data structure called a "vlan_group". A vlan_group is,
abstractly, a dictionary that maps from a VLAN ID (in the range 0...4095)
to a VLAN device, that is, a Linux network device associated with a
particular VLAN, e.g. "eth0.9" for VLAN 9 on eth0.
Some drivers that support VLAN acceleration have bugs that fall roughly
into the following categories:
* Some NICs strip VLAN tags on receive if no vlan_group is registered,
so that the tag is completely lost.
* Some drivers size their receive buffers based on whether a vlan_group
is enabled, meaning that a maximum size packet with a VLAN tag will
not fit if a vlan_group is not configured.
* On transmit some drivers expect that VLAN acceleration will be used
if it is available (which can only be done if a vlan_group is
configured). In these cases, the driver may fail to parse the packet
and correctly setup checksum offloading and/or TSO.
The correct long term solution is to fix these driver bugs. To cope until
then, we have prepared a patch to the Linux kernel network stack that works
around these problems. This commit adds support for the workaround
implemented by that patch.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Ethan Jackson [Tue, 22 Feb 2011 22:38:11 +0000 (14:38 -0800)]
bridge: Create new port_run() function.
Ethan Jackson [Tue, 15 Mar 2011 21:57:12 +0000 (14:57 -0700)]
htb: Set required min-rate to mtu not 1500.
Ethan Jackson [Mon, 14 Mar 2011 21:27:50 +0000 (14:27 -0700)]
hfsc: min-rate tweaks.
There doesn't appear to be any reason to enforce a minimum min-rate
of 1500Bps on queues. This commit lowers the minimum to 1Bps. A
min-rate of 0 is not allowed by hfsc in the kernel.
Ethan Jackson [Tue, 15 Mar 2011 18:50:53 +0000 (11:50 -0700)]
qos: Remove min-rate requirement for linux-htb and linux-hfsc.
One could quite reasonably desire to create a queue with no
min-rate. For example, a default queue could be reasonably
configured without a min-rate or a max-rate. This commit removes
the requirement that min-rate be configured on all queues. If not
configured, defaults to something very small.
Andrew Evans [Tue, 15 Mar 2011 21:42:49 +0000 (14:42 -0700)]
reconnect.py: Fix Python 2.4 compatibility break.
Commit
5eda645e36 (ovsdb-server: Report time since last connect and disconnect
for each manager.) used a conditional expression in reconnect.py. That syntax
is only supported in Python 2.5 and later. XenServer 5.6 is based on RHEL 5,
which uses Python 2.4.3, so various OVS scripts on XenServer fail with Python
tracebacks.
Reported-by: Cedric Hobbs <cedric@nicira.com>
Ethan Jackson [Fri, 11 Mar 2011 21:44:16 +0000 (13:44 -0800)]
vswitchd: Dump QoS with appctl.
The source of truth for QoS statistics on a given interface is tc.
Unfortunately, output from tc can be a little bit confusing and
does not follow the same data model as OVS. This commit adds a
"qos/show" appctl command which gives friendlier output.
Ben Pfaff [Mon, 14 Mar 2011 22:28:32 +0000 (15:28 -0700)]
bridge: Downgrade log level of some log messages that may indicate races.
Some legitimate system activity can cause network devices to be destroyed
just before they are removed from the database, added to the database
just before they are created, or destroyed and then recreated under the
same name while other database activity is going on. Logging these
events as errors makes it sound like something unexpectedly bad is going
on, but in fact these events are the most common instances of these log
messages, so downgrade them to warnings.
Reported-by: Reid Price <reid@nicira.com>
Bug #2584.
Ben Pfaff [Mon, 14 Mar 2011 23:39:28 +0000 (16:39 -0700)]
ovsdbmonitor: Fix "make install" race.
In a parallel make, the install-exec-local target runs concurrently with
the creation of the directory that it installs into. Fix the race by
using the install-exec-hook target instead, which runs subsequently to
directory creation.
Ben Pfaff [Mon, 14 Mar 2011 22:13:49 +0000 (15:13 -0700)]
debian: Restart daemons only after upgrade is complete.
This yields less downtime during an upgrade and allows an SSH session or
other network access to dpkg to continue during the upgrade to, e.g.,
answer questions about conffiles from dpkg. (Open vSwitch doesn't have
any conffiles but other packages being upgraded in the same dpkg run
might.)
Bug #542.
Ben Pfaff [Mon, 14 Mar 2011 22:11:39 +0000 (15:11 -0700)]
debian: Run tests in parallel too.
Passing e.g. -j4 in TESTSUITEFLAGS runs 4 tests in parallel, which speeds
up the testsuite.
Ben Pfaff [Mon, 14 Mar 2011 21:14:34 +0000 (14:14 -0700)]
xenserver: dbcache should always exist so don't bother checking.
Open vSwitch introduced the on-disk database cache a long time ago. Since
then, Citrix has integrated it upstream into XenServer's
interface-reconfigure and even into their installer. OVS no longer
supports XenServer before 5.6.100, so it is no longer necessary to check
for and create the database cache if it isn't there.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Bug #3388.
Justin Pettit [Mon, 14 Mar 2011 20:45:43 +0000 (13:45 -0700)]
netdev-vport: Log at ERR level when port won't be created.
Suggested-by: Ben Pfaff <blp@nicira.com>
Justin Pettit [Mon, 14 Mar 2011 20:15:25 +0000 (13:15 -0700)]
netdev-vport: Don't create port when ovs-monitor-ipsec not running.
It was suggested by Jesse that it would be better to just not create
IPsec tunnel devices if the ovs-monitor-ipsec daemon is not running. He
had legitimate concerns about users missing the warning message printed
and traffic possibly going out unencrypted.
Suggested-by: Jesse Gross <jesse@nicira.com>
Andrew Evans [Mon, 14 Mar 2011 20:19:20 +0000 (13:19 -0700)]
ofproto: Store time since last connect and disconnect in Controller table.
ovs-vswitchd writes only the duration of its connection to or disconnection
from each controller to the database. This changes that behavior to write the
time since both the last connection and disconnection events regardless of
connection state. This mirrors the new behavior for reporting database manager
connection status.
Requested-by: Peter Balland <peter@nicira.com>
Bug #4833.
Andrew Evans [Mon, 14 Mar 2011 20:10:02 +0000 (13:10 -0700)]
ovsdb-server: Report time since last connect and disconnect for each manager.
Only the time connected (if connected) or disconnected (if disconnected) is
currently reported for each manager. Change to reporting both in seconds since
the last connect and disconnect events respectively. An empty value indicates
no previous connection or disconnection.
This can help diagnose certain connectivity problems, e.g. flapping.
Requested-by: Peter Balland <peter@nicira.com>
Bug #4833.
Ben Pfaff [Mon, 14 Mar 2011 16:46:19 +0000 (09:46 -0700)]
ofp-print: Omit timestamp when printing packets in ofp_packet_to_string().
There's no value in the timestamp here, because it will always be the
same. Printing it just makes results less reproducible because output
then depends on the time zone.
This fixes a test failure in California due to yesterday's DST change,
and presumably a test failure almost everywhere else all the time.
Reported-by: Andrew Evans <aevans@nicira.com>
Jesse Gross [Fri, 11 Mar 2011 23:16:02 +0000 (15:16 -0800)]
datapath: Check for backported dev_get_by_index_rcu().
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Jesse Gross [Fri, 11 Mar 2011 22:58:18 +0000 (14:58 -0800)]
datapath: Use compat directory only for backported code.
Most necessary compatibility code is simply backported versions
of kernel functions from newer kernels. These belong in the compat
directory, where they can be transparently picked up when necessary.
However, in some situations there is code that is different
depending on the kernel version but is always needed in some form.
Here it is desirable to segregate the code but it does not really
belong in the compat directory because it does not exist in upstream
kernels. This moves those functions to a compat file, which makes
the meaning clear and prevents problems when Open vSwitch is integrated
into other projects.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Justin Pettit [Sun, 13 Mar 2011 08:01:53 +0000 (00:01 -0800)]
system-stats: Don't bother calling kill() after read_pidfile().
The function read_pidfile() will only return a PID if the process is
still running, so there's no reason to send a signal to check again.
Suggested-by: Andrew Evans <aevans@nicira.com>
Justin Pettit [Fri, 11 Mar 2011 23:18:30 +0000 (15:18 -0800)]
netdev-vport: Warn on IPsec tunnels when ovs-monitor-ipsec not running.
IPsec tunnels are only supported on Debian systems running
ovs-monitor-ipsec. Since that daemon configures IPsec, ovs-vswitchd
doesn't know whether IPsec will actually work. With this commit, a
warning is printed that it is unlikely to work unless that daemon is
started.
There is a more serious issue that IPsec traffic can pass unencrypted if
that daemon is not running. To fix that problem, changes to the kernel
module will need to occur. A future commit will address that issue, but
this earlier warning will be useful regardless.
Bug #4854
Andrew Evans [Fri, 11 Mar 2011 00:02:12 +0000 (16:02 -0800)]
xenserver: Don't touch /etc/xensource/network.conf on upgrade.
The post-install script for the openvswitch userspace package always sets the
bridge type to 'vswitch'. If someone reconfigures XenServer to use the Linux
bridge instead, then upgrades Open vSwitch, their system will revert to using
Open vSwitch as the bridge.
Reported-by: Michael Mao <mmao@nicira.com>
Bug #4825.
Justin Pettit [Thu, 10 Mar 2011 21:47:31 +0000 (13:47 -0800)]
netdev-vport: Don't warn when a tunnel key is set.
Reported-by: Reid Price <reid@nicira.com>
Ethan Jackson [Thu, 10 Mar 2011 20:38:40 +0000 (12:38 -0800)]
ovsdb: Fix uninitialized data;.
This could causes unit tests to fail sometimes.
Ben Pfaff [Thu, 10 Mar 2011 20:01:36 +0000 (12:01 -0800)]
vswitchd: Regenerate schema diagram.
The schema diagram was generated with an intermediate version of the
ovsdb-dot tool that put the wrong borders on the non-root nodes. This
version is regenerated with the currently checked in version of the
ovsdb-dot tool.
Jesse Gross [Wed, 9 Mar 2011 01:33:14 +0000 (17:33 -0800)]
tunneling: Rely on protocol handles to parse ToS.
Currently the generic tunneling code assumes that on receive the
outer IP header is present on the packet and the protocol pointers
are initialized to it. This knowledge is used in only one place,
which is to copy ECN bits from outer to inner IP packets. These
assumptions are difficult to keep track of because the receive code
generally uses the protocol pointers for the inner packet. A
number of bugs have resulted from incorrect assumptions, including
one fixed here about the location of a vlan header. This drops the
convention and instead uses the protocol handles to supply the ToS,
which is less error-prone.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Thu, 10 Mar 2011 19:16:46 +0000 (11:16 -0800)]
table: Fix typo in manpage.
Reported-by: Paul Ingram <paul@nicira.com>
Ben Pfaff [Thu, 10 Mar 2011 19:15:01 +0000 (11:15 -0800)]
ovsdb: Implement garbage collection.
Ben Pfaff [Tue, 1 Mar 2011 21:23:49 +0000 (13:23 -0800)]
ovsdb: Don't count self-references in ovsdb_row's n_refs member.
The comment on the n_refs member of struct ovsdb_row says that it does not
count references from a row to itself, but the code didn't implement this
properly. This commit makes the code consistent with the comment.
This does not actually affect any existing OVSDB behavior, because a row's
reference count currently affects only whether it may be deleted, and
references from a row to itself disappear when the row is deleted. But
an upcoming commit will add new uses for a row's reference count, so at
that point it becomes important.
Ben Pfaff [Tue, 1 Mar 2011 21:31:08 +0000 (13:31 -0800)]
ovsdb: Provide a way for for_each_txn_row() callback to delete any row.
for_each_txn_row() restricts the txn_rows that its callback may delete.
Until now, this has meant that its callback could not delete any rows
that were created within the transaction being processed. These rows have
txn_rows with null 'old' and nonnull 'new', so to delete them requires
either removing the txn_row entirely (forbidden by for_each_txn_row()) or
clearing its 'new' to null. The latter is forbidden because a txn_row
is not allowed to have both 'old' and 'new' null.
Until now, this has not been a significant restriction, because none of
the processing at transaction commit time required deleting arbitrary rows.
Implementing garbage collection, however, does require this ability, so
this commit makes it possible by eliminating the requirement that at least
'old' or 'new' be nonnull.
Ben Pfaff [Tue, 1 Mar 2011 21:11:56 +0000 (13:11 -0800)]
ovsdb-data: Expose guts of ovsdb_symbol_table() to clients.
ovs-vsctl will, in upcoming commits, want to more closely examine its
ovsdb_symbol_table structures. This could be done by providing a more
complete API, but it doesn't seem worth it to me. This commit instead goes
the other way, exposing the internals to clients. This commit also
eliminates the ovsdb_symbol_table_find_uncreated() function, which
ovs-vsctl can now implement itself.
Ben Pfaff [Mon, 28 Feb 2011 20:43:15 +0000 (12:43 -0800)]
ovsdb-data: Rename 'used' to 'created' in struct ovsdb_symbol.
The name 'created' better reflects the actual meaning of this member: in
both ovsdb and ovs-vsctl, it is true if a row has been created with the
symbol's UUID and false otherwise.
Ben Pfaff [Mon, 28 Feb 2011 22:46:20 +0000 (14:46 -0800)]
ovs-vsctl: Remove stray \ from end of manpage.
Ben Pfaff [Wed, 9 Mar 2011 20:49:23 +0000 (12:49 -0800)]
ovs-vsctl: Update list of tables in manpage.
The QoS and Queue tables weren't mentioned at all, and some of the
tables were in a different order from that in vswitch.xml. This
fixes both.
Ben Pfaff [Mon, 28 Feb 2011 20:45:16 +0000 (12:45 -0800)]
ovs-vsctl: Check for uncreated symbols earlier.
The check for uncreated symbols does not rely on anything that happens
during transaction commit, so there is no point in allowing the transaction
to be sent to the database server, only to fail there, before reporting
the problem locally.
Ben Pfaff [Wed, 9 Mar 2011 20:42:46 +0000 (12:42 -0800)]
ovsdb: Improve error message for duplicate uuid-name.
ovsdb_execute_insert() tried to return a helpful error message when there
was a duplicate uuid-name, but ovsdb_execute() (its caller) makes any
parse error override a parse error. Since ovsdb_execute_insert() would
skip parsing the row when the uuid-name was a duplicate, this meant that
the error actually reported would be that "row" was not allowed here, which
wasn't at all helpful (since "row" is in fact mandatory).
This commit clears up the problem by always retrieving the "row" member,
which required a small amount of refactoring, and adds a test.
Ben Pfaff [Wed, 9 Mar 2011 20:41:37 +0000 (12:41 -0800)]
ovsdb: Improve error reporting for some internal errors.
Sometimes internal errors are generated based on an originating error. In
these cases we were just throwing this information away. This commit adds
this information to the internal error report so that the error will be
easier to track down.
I haven't actually seen a situation like this come up.
Ben Pfaff [Mon, 28 Feb 2011 23:43:29 +0000 (15:43 -0800)]
ovsdb-data: Verify that named-uuid string is an <id>.
The "uuid-name" that creates symbols must be an <id> but we weren't
verifying the same constraint on the "named-uuid"s that refer to symbols,
which was a bit confusing in writing transactions by hand. This commit
fixes the inconsistency and updates the SPECS file to clarify that a
named-uuid string has to be an <id>.
Ben Pfaff [Mon, 28 Feb 2011 20:36:34 +0000 (12:36 -0800)]
ovsdb-idlc: Initialize refType in IDL reference columns' types.
Otherwise the refType always appears to be 0 (OVSDB_REF_STRONG).
Nothing in the code that uses these structures actually uses the refType
yet, so this does not fix any existing bug, but upcoming commits will add
users.
Ben Pfaff [Mon, 28 Feb 2011 23:33:08 +0000 (15:33 -0800)]
python/ovs/ovsuuid: Fix behavior of UUID.from_json() with no symbol table.
UUID.from_json(['named-uuid', 'x'], None) should raise an error about
invalid syntax, but instead it was raising a TypeError because it would
try to evaluate "'x' not in None". This fixes the problem and adds a test.
Andrew Evans [Wed, 9 Mar 2011 18:42:24 +0000 (10:42 -0800)]
reconnect: Rename CONNECT_IN_PROGRESS state to CONNECTING (like rconn).
reconnect uses the same connection state names as rconn with the exception of
the above. This commit makes their states identical, which should reduce
confusion for people debugging connection problems.
Ethan Jackson [Thu, 10 Mar 2011 00:12:10 +0000 (16:12 -0800)]
xenserver: Delete Bridge when creating vlan.
Commit
34edeccfd8d4273844d12c85fe38ec47002c47cd removed a
workaround which still applies to XenServer versions older than
5.5. This could causes creation of vlans to fail in some cases.
CC: "David Tsai" <dtsai@nicira.com>
Bug #4877.
Ethan Jackson [Thu, 10 Mar 2011 18:21:13 +0000 (10:21 -0800)]
reconnect: Fix printf() format warning.
tests/test-reconnect.c:245:9: error: format '%llu' expects type
'long long unsigned int', but argument 2 has type 'unsigned int'
Andrew Evans [Thu, 10 Mar 2011 02:36:26 +0000 (18:36 -0800)]
reconnect: Track last-disconnected time.
Commit
a4613b01ab (ovsdb: Change the way connection duration time is reported
in Manager table.), pushed earlier today, requires this commit, so OVSDB has
been unbuildable from then to now.
Jesse Gross [Fri, 4 Mar 2011 23:52:43 +0000 (15:52 -0800)]
datapath: Enable vlan offload on internal devices.
Although it is generally best to configure vlans directly though
Open vSwitch, enabling vlan acceleration on internal devices can
avoid some issues and hardware limitations if Linux vlan devices
are used. It is only used on kernels that support modern vlan
data structures, which are 2.6.27 and later.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Wed, 9 Mar 2011 22:44:20 +0000 (14:44 -0800)]
ovs-ofctl: Make add-flows command read from stdin if file name is "-".
It is conventional for Unix tools to read from standard input if "-" is
specified as a file name. It's easy for "ovs-ofctl add-flows" to behave
this way, too, so this commit implements it.
Suggested-by: Paul Ingram <paul@nicira.com>
Justin Pettit [Mon, 7 Mar 2011 00:54:58 +0000 (16:54 -0800)]
xenserver: Remove other_config option for setting controller.
Since XenServer 5.6, "vswitch_controller" has been a first-class key for
setting the Open vSwitch controller. Prior to that, we stored it in
"other_config". Since we no longer support such old versions, we can
remove references to the "other_config" option.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Ethan Jackson [Wed, 9 Mar 2011 20:41:26 +0000 (12:41 -0800)]
utilities: Improve ovs-vlan-test man page.
The IP addresses used in the ovs-vlan-test example where more or
less random. This caused a great deal of confusion which hopefully
this patch will remedy.
Also changes the management port to 8080 in the examples because
XenServer uses port 80 on Dom0 for something.
Andrew Evans [Wed, 9 Mar 2011 18:46:57 +0000 (10:46 -0800)]
ovsdb: Change the way connection duration time is reported in Manager table.
Commit
0b3e7a8b71 (ovsdb-server: Write manager status information to Manager
table.) attempted to provide managers with the ability to debug manager-related
connection problems, but it turns out that reporting "time_in_state" is not
very useful, because the state is constantly changing. What people really want
is the time each manager has been connected or disconnected, depending on the
current connection state.
Replace "time_in_state" key with "time_connected" and "time_disconnected"
keys. Only one exists at a time, and time is in seconds.
Bug #4833.
Andrew Evans [Wed, 9 Mar 2011 18:45:26 +0000 (10:45 -0800)]
ofproto: Report time connected or disconnected, not time in rconn state.
Commit
bffc058934 (bridge: Add controller status to Controller table.) exposed
the underlying time in a particular connection state for each controller, but
this turns out not to be very useful, because controller state tends to
fluctuate even when the connection is unbroken. Change to set
"time_connected" or "time_disconnected" keys in the status column of the
Controller table.
Bug #4833.
Ben Pfaff [Wed, 9 Mar 2011 18:39:30 +0000 (10:39 -0800)]
datapath: Avoid random tun_id in odp_packet_cmd_execute().
flow_extract() sets key->tun_id from OVS_CB(packet)->tun_id, which until
now has contained whatever Netlink put there in its NETLINK_CB structure.
Zero it earlier so that its value is at least predictable.
The resulting code is still not correct, because key->tun_id and
key->in_port are now set to arbitrary values. I have known about this
since I wrote this function (and before, too, in its earlier incarnations),
but until now I did not think that it was a problem because I did not
think that there were any users along this code path. But that is wrong:
sFlow sampling uses tun_id and in_port and ODP_ACTION_ATTR_CONTROLLER uses
in_port. So we need a way to pass these back down from userspace. An
upcoming commit will add a way.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Andrew Evans [Tue, 8 Mar 2011 19:21:48 +0000 (11:21 -0800)]
vswitch: Fix typos in schema documentation.
Ben Pfaff [Fri, 4 Mar 2011 21:44:35 +0000 (13:44 -0800)]
netdev-port: Fix invalid memory access in netdev_vport_poll_add().
shash_find_data() returns an shash_node's 'data' member, but this code here
wants the shash_node itself, so it needs to use shash_find() instead.
This bug meant that any attempt to add a single netdev_vport to more than
one netdev_monitor would cause a segmentation fault. Here's an example
command that reproduces it reliably for me under valgrind (because ofproto
always monitors its ports and the bridge monitors bond interfaces):
ovs-vsctl -- add-bond br0 bond0 p0 p1 \
-- set interface p0 type=patch options:peer=p1 \
-- set interface p1 type=patch options:peer=p0
Bug #4527.
Reported-by: Krishna Miriyala <krishna@nicira.com>
Jesse Gross [Fri, 4 Mar 2011 20:56:25 +0000 (12:56 -0800)]
tunneling: Don't leak dst on vlan tagging failure.
When we need to send a packet through the IP stack we need to attach
a dst to the skb. Due to some interactions with caching this doesn't
happen until late in the transmission process. However, if we are
inserting a vlan tag and the insertion fails it is possible to leak
the dst.
Reported-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Fri, 4 Mar 2011 20:46:37 +0000 (12:46 -0800)]
ovs-dpctl: Support more than one option for "add-if" command.
This "while" loop in do_add_if() is supposed to split up everything after
the interface name with ',' as the delimiter, but it didn't do that
correctly.
Also corrects a typo in the manpage pointed out by Justin Pettit.
Ethan Jackson [Fri, 4 Mar 2011 18:59:40 +0000 (10:59 -0800)]
vswitchd: Initialize configuration on active-backup bonds.
Some configuration settings which were not balance-[slb|tcp]
specific were only initialized for these bond types.
Bug #4806.
Ethan Jackson [Thu, 3 Mar 2011 23:59:25 +0000 (15:59 -0800)]
ofproto: facet_execute() stats changes.
facet_execute() should rely on facet_update_stats() to update the
relevant facet's used parameter.
Before this patch, in very rare cases, the current practice could
lead to assertion failures. The used value of a facet could be
slightly in the future due to the clocks being out of sync between
the kernel and user space. Thus manually setting the used
parameter of a facet could put it slightly behind an already pushed
used value causing an assertion failure.
Bug #4745.
Ethan Jackson [Thu, 3 Mar 2011 23:57:10 +0000 (15:57 -0800)]
ofproto: Update facet stats when used time increases.
Jesse Gross [Thu, 3 Mar 2011 21:38:09 +0000 (13:38 -0800)]
datapath: Add backport for USHRT_MAX.
Kernels before 2.6.26 didn't have type limits for short at all
and before 2.6.35 it was called SHORT instead of SHRT.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Jesse Gross [Thu, 3 Mar 2011 21:53:08 +0000 (13:53 -0800)]
datapath: Drop BUG_ON when checksumming and copying.
Normally when performing checksum offloading the transport header
must be present in the linear data area. However, this might not
be the case with packets processed by GRO. On transmit these
packets are processed by GSO if emulation of checksum offloading
needs to be performed. Unlike skb_checksum_help(), the GSO code
does not have any requirements about the packet structure. Since
our code that copies and checksums packets to userspace is called
in conditions similar to GSO and does not have any assumptions
about layout, drop the BUG_ON assertion.
NIC-343
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Jesse Gross [Wed, 2 Mar 2011 23:12:48 +0000 (15:12 -0800)]
flow: Make IPv6 userspace code match kernel.
The flow extraction code for IPv6 has some deviations from both the
kernel version and other protocols in userspace. These differences
make it difficult to compare the two for correctness. This updates
the code to be more similar to the others in design and style. There
is no functional change.
Jesse Gross [Sat, 26 Feb 2011 00:46:19 +0000 (16:46 -0800)]
datapath: Update IPv6 parsing code for kernel style.
Fixes a number of minor elements in the IPv6 extraction and
parsing code to better conform to kernel style. Examples include
using kernel types/functions, adding line breaks, and using
unlikely() macros. There is no functional change.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Jesse Gross [Wed, 2 Mar 2011 22:51:31 +0000 (14:51 -0800)]
datapath: Allow jumbograms through IPv6 parsing.
Currently we stop parsing packets that are IPv6 jumbograms. While
it isn't possible to send such large packets to userspace, it's better
to drop them at that point rather than prematurely in the IPv6 code.
IPv6 does make some use of the payload length field but we can just as
easily use skb->len, which is what all other parsing uses.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Jesse Gross [Mon, 28 Feb 2011 22:32:33 +0000 (14:32 -0800)]
datapath: Check packet len does not exceed attribute len.
Netlink attributes have a maximum length of 64k. It's theoretically
possible that a packet could exceed this length, so check for it before
we try to send the packet to userspace.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Jesse Gross [Mon, 28 Feb 2011 22:26:39 +0000 (14:26 -0800)]
datapath: Record upcall errors as lost packets.
It's possible to encounter a few different errors when preparing
to send a packet to userspace in queue_control_packet(). This
ensures that if we encounter one of these problems, the issue is
properly recorded as a lost packet.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Jesse Gross [Wed, 2 Mar 2011 01:56:01 +0000 (17:56 -0800)]
flow: Avoid assertion failure on invalid IPv6 packet.
We compute the length of the IPv6 header by parsing all of the
extension headers that we know about. However, the final result
is checked using ofpbuf_pull(), which checks the size with an
assertion. Since the length of the final header is not checked
in any other way an invalid packet can trigger this assertion.
Ben Pfaff [Wed, 2 Mar 2011 18:38:14 +0000 (10:38 -0800)]
datapath: Remove unneeded modify_vlan_tci() parameters.
These parameters were once needed but they are no longer used.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Ben Pfaff [Tue, 1 Mar 2011 23:33:40 +0000 (15:33 -0800)]
datapath: Avoid duplicate test in tnl_free_linked_skbs().
I don't see the value in testing 'skb' for nonnull twice. This is only
called on error paths, so it seems really doubtful to me that there is any
value in the "unlikely", either. (It could be put into the "while"
expression if it is valuable.)
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Ben Pfaff [Tue, 1 Mar 2011 23:31:32 +0000 (15:31 -0800)]
datapath: Simplify send_frags().
This should make no difference at runtime, but it is shorter and looks more
straightforward to me.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Ben Pfaff [Fri, 28 Jan 2011 23:32:57 +0000 (15:32 -0800)]
stream-ssl: Only set SSL client session once.
Attempting to call SSL_set_session() on every trip through the SSL
connection state machine seems like it could cause the session to be
re-set to the cached one even after the server has told us which session
is actually to be used.
In testing, this change didn't make any difference, but it seems seems like
the right thing to do.
Bug #4448.
Ben Pfaff [Fri, 28 Jan 2011 22:39:23 +0000 (14:39 -0800)]
stream-ssl: Break interpretation of queued error into new function.
The following commit will introduce another user.
Ben Pfaff [Tue, 22 Feb 2011 21:43:14 +0000 (13:43 -0800)]
ovs-ofctl: Implement documented semantics of --flow-format for flow_mods.
Also adds a test and moves some code around in tests/ to make sure that
OFPROTO_START and OFPROTO_STOP are available in tests/ovs-ofctl.at.
Reported-by: Michael Mao <mmao@nicira.com>
Bug #4566.
Ben Pfaff [Tue, 22 Feb 2011 21:17:51 +0000 (13:17 -0800)]
ofp-util: Make NXM required for 64-bit cookies in is_nxm_required().
Only NXM supports 64-bit cookies, but this code didn't properly check
for that. This commit fixes the problem and makes the code much more
explicit about what it is checking.
This will hide bug #4566, but the following commit actually fixes it.
Andrew Evans [Tue, 1 Mar 2011 02:26:04 +0000 (18:26 -0800)]
xenserver: Add support for disabling in-band management via XAPI.
Allow users or applications to enable or disable in-band management of
individual bridges by setting the 'vswitch-disable-in-band' key in the
'other_config' attribute of the corresponding network to 'true' or
'false'.
Bug #4749.
Jesse Gross [Fri, 25 Feb 2011 20:35:52 +0000 (12:35 -0800)]
AUTHORS: Add Valient Gough.
Valient Gough [Fri, 25 Feb 2011 05:45:18 +0000 (21:45 -0800)]
datapath: call tnl_ops only after setting options
Calling methods in tnl_ops should be done only after initializing the tunnel
configuration options. This patch moves the hdr_len call after the output key
setup.
Signed-off-by: Valient Gough <vgough@pobox.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Jesse Gross [Thu, 24 Feb 2011 22:07:29 +0000 (14:07 -0800)]
datapath: Destroy internal devices before freeing datapath.
When destroying vports we account for two types of synchronization
mechanisms: RTNL and RCU. However, it is possible to call into
network device methods with just a device reference without either
of these. These device methods can use the datapath data structures
but we don't wait for all of the references to go away before freeing
the datapath. The actual wait happens in rtnl_unlock(), so by moving
up that call we can avoid the possibility of use after free with
internal devices.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Jesse Gross [Thu, 24 Feb 2011 22:16:24 +0000 (14:16 -0800)]
datapath: Don't free vport until all references are gone.
We currently call vport_free() for internal devices after the
device is unregistered. This takes care of callers that use
either RTNL or RCU but not ones that have only a device reference.
In particular, if stats are requested while a datapath is being
unregistered we can try to use the vport data structures which
have already been freed.
Bug #4736
Reported-by: Brad Hall <brad@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Fri, 25 Feb 2011 01:03:28 +0000 (17:03 -0800)]
ofproto: Log warning if controller requests an invalid table.
This might have saved us some time debugging.
Ben Pfaff [Fri, 25 Feb 2011 00:58:40 +0000 (16:58 -0800)]
ofp-print: Don't print priority for flow stats requests.
A flow stats or aggregate stats request does not have a priority, but we
were printing one anyway.
Reported-by: Justin Pettit <jpettit@nicira.com>
Ethan Jackson [Fri, 25 Feb 2011 01:04:47 +0000 (17:04 -0800)]
ofproto: Change account_cb to use uint64_t.
This is more consistent with ofproto internals and its users.
Ben Pfaff [Thu, 24 Feb 2011 23:33:57 +0000 (15:33 -0800)]
util: Avoid uninitialized pointer complaints from Coverity.
Ethan Jackson [Thu, 24 Feb 2011 21:53:02 +0000 (13:53 -0800)]
ofproto: Guarantee uninstalled facets have no dp_packet_count.
facet_push_stats() implicitly assumes that uninstalled facets have
no dp_[packet|byte]_count. This commit guarantees and enforces
this invariant.
Bug #4732.
Ethan Jackson [Thu, 24 Feb 2011 20:38:30 +0000 (12:38 -0800)]
ofproto: Reset facet's rs_used at rule changes.
When a facet changes rules it's 'used' timer is set to the new
rule's created time. This is possibly before the time stored in
'rs_used' which could cause an assertion failure in
facet_push_stats().
Bug #4732.
Jesse Gross [Thu, 24 Feb 2011 04:04:31 +0000 (20:04 -0800)]
datapath: Memset executed packet's fields using memset.
Currently we explicitly zero out each of the fields in the OVS_CB for
executed packets. However, it seems simpler and more robust to just
memset the whole thing to zero.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Wed, 23 Feb 2011 23:43:34 +0000 (15:43 -0800)]
util: Make out_of_memory() call abort() instead of exit(EXIT_FAILURE).
exit(EXIT_FAILURE) will make a monitoring process (the one created by
--monitor) think that it should exit. But the most likely reason for
out_of_memory() to be called is a bug: probably, the process is trying
to allocate more memory than there is available address space, e.g.
something like malloc(-1). So it's better, in my opinion, to call abort()
instead, so that the monitor process restarts the daemon and we are more
likely to stay alive and, in addition, get a core dump and a useful bug
report.
I decided to implement a new general-purpose function for this purpose in
case we run into other similar situations in the future.
(I haven't actually run into this problem in practice. This commit is
just speculation about what is better behavior.)
Ben Pfaff [Wed, 23 Feb 2011 21:13:44 +0000 (13:13 -0800)]
ovsdb: Explicitly ignore sscanf() return value in is_valid_version().
The return value isn't interesting here: it will always be 0.
Coverity #10698.
Ben Pfaff [Wed, 23 Feb 2011 21:11:35 +0000 (13:11 -0800)]
test-ovsdb: Check uuid_from_string() return value.
Coverity #10699.
Ben Pfaff [Wed, 23 Feb 2011 21:09:33 +0000 (13:09 -0800)]
dhcp-client: Remove useless call to timeout() from send_reliably().
timeout() has no side effects so calling it without looking at the return
value is pointless.
Coverity #10700.
Ben Pfaff [Wed, 23 Feb 2011 21:05:25 +0000 (13:05 -0800)]
ovs-vsctl: Clarify that uuid_from_string() shouldn't fail in post_create().
Coverity #10701.
Ben Pfaff [Wed, 23 Feb 2011 20:56:31 +0000 (12:56 -0800)]
ovs-kill: Remove.
This utility isn't used anywhere (except INSTALL.Linux), so remove it.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Coverity #10708.
Ben Pfaff [Wed, 23 Feb 2011 20:20:38 +0000 (12:20 -0800)]
ovs-vsctl: Simplify parse_column_key_value().
Coverity pointed out some inconsistencies on tests for whether columnp and
keyp were nonnull. These tests were, at best, confusing, but in fact every
caller always passed nonnull for both parameters, so this commit drops all
of those tests.
Coverity #10715, 10710.
Ben Pfaff [Wed, 23 Feb 2011 18:27:04 +0000 (10:27 -0800)]
ovs-brcompatd: Simplify code in brc_recv_update().
This code was baffling and it confused Coverity, too.
Coverity #11070.
Ben Pfaff [Wed, 23 Feb 2011 20:42:44 +0000 (12:42 -0800)]
ovsdb-idl: JSONRPC_REPLY message always has nonnull 'id'.
A JSONRPC_REPLY message always have a nonnull 'id' member, as ensured by
jsonrpc_msg_is_valid(). Checking for NULL here confused Coverity into
believing that the call to ovsdb_idl_txn_process_reply() just below could
cause a null pointer dereference, since ovsdb_idl_txn_process_reply() uses
the 'id' member without checking it for null.
Coverity #10713.
Ben Pfaff [Wed, 23 Feb 2011 20:35:32 +0000 (12:35 -0800)]
rconn: Clarify rconn_run_wait().
At first glance the vconn_wait() call looks risky because this function
checked whether rc->vconn is nonnull at the top. In fact it's OK because
rc->state will be S_ACTIVE or S_IDLE only if rc->vconn is nonnull, but
there's no harm in putting that check inside the block that only runs if
rc->vconn is nonnull.
Coverity #10714.
Ben Pfaff [Wed, 23 Feb 2011 18:31:41 +0000 (10:31 -0800)]
leak-checker: Avoid printing freed pointer.
I think that this will work OK, and it should avoid complaints from static
checkers about using a freed pointer.
Coverity #11069.
Ben Pfaff [Wed, 23 Feb 2011 19:29:37 +0000 (11:29 -0800)]
stream: Make stream_report_content() tolerate negative size.
A negative size probably means that a system call failed. The caller could
set that to 0 but we might as well just tolerate it in
stream_report_content() by making the parameter type signed.
Coverity #10718.
Ben Pfaff [Wed, 23 Feb 2011 19:16:07 +0000 (11:16 -0800)]
process: Avoid late failure if /dev/null cannot be opened.
It is (very slightly) risky to open /dev/null every time that we need it,
because open can fail. So this commit opens /dev/null in advance instead.
Coverity #10719.