openvswitch
12 years agotable: Avoid segmentation fault when printing an empty cell in JSON format.
Ben Pfaff [Fri, 27 Jan 2012 20:37:45 +0000 (12:37 -0800)]
table: Avoid segmentation fault when printing an empty cell in JSON format.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agodatapath: Add support for namespace.
Pravin B Shelar [Mon, 30 Jan 2012 14:56:54 +0000 (06:56 -0800)]
datapath: Add support for namespace.

Following patch adds support for Linux net-namespace. Now we can
have independent OVS instance in each net-ns.
Namespace support requires 2.6.32 or newer kernel as per-net-ns
genl-sock is not available in earlier kernel.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Bug #7821

12 years agovlog: Change the default timestamp structure.
Gurucharan Shetty [Fri, 27 Jan 2012 18:54:02 +0000 (10:54 -0800)]
vlog: Change the default timestamp structure.

Change the default timestamp for console and file logs to
UTC in a format that satisfies timestamp requirements in RFC 5424.

Also, add the ability for ovs-appctl to log timestamps in UTC.

Bug #9052.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
12 years agoovs-appctl: Document the facility "file" option.
Gurucharan Shetty [Fri, 27 Jan 2012 18:26:24 +0000 (10:26 -0800)]
ovs-appctl: Document the facility "file" option.

The ovs-appctl man page has missing information about the
facility - "file". This patch adds that information.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
12 years agoovs-ofctl: Fix "snoop" command.
Ben Pfaff [Fri, 27 Jan 2012 17:22:41 +0000 (09:22 -0800)]
ovs-ofctl: Fix "snoop" command.

The vconn that "snoop" opens does not process and reply to requests, so
sending a request to set the packet-in format will hang forever, which
means that "snoop" never actually prints any of the traffic that it
receives.

Bug #9346.
Reported-by: Alan Shieh <ashieh@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoodp-util: Describe invalid keys and actions in more detail.
Ben Pfaff [Fri, 27 Jan 2012 00:21:50 +0000 (16:21 -0800)]
odp-util: Describe invalid keys and actions in more detail.

I have an outstanding bug report that has tons of "***56 leftover bytes***"
messages with no way to guess what the problem is.  I hope this makes
debugging possible.

Bug #9346.
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoovs-ofctl: Fix typo in comment.
Ben Pfaff [Thu, 26 Jan 2012 21:39:38 +0000 (13:39 -0800)]
ovs-ofctl: Fix typo in comment.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofproto: Fix typo in handle_nxt_set_packet_in_format().
Ben Pfaff [Thu, 26 Jan 2012 00:58:08 +0000 (16:58 -0800)]
ofproto: Fix typo in handle_nxt_set_packet_in_format().

NXFF_OPENFLOW10 and NXPIF_OPENFLOW10 have the same value (both zero), so
this doesn't fix an actual bug.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agonicira-ext: Remove duplicative error codes.
Ben Pfaff [Wed, 25 Jan 2012 00:30:04 +0000 (16:30 -0800)]
nicira-ext: Remove duplicative error codes.

The information here duplicates the information in ofp-errors.h, so remove
it from here.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoovs-ctl: Restore ability to create 256 bridges.
Ben Pfaff [Fri, 27 Jan 2012 00:02:01 +0000 (16:02 -0800)]
ovs-ctl: Restore ability to create 256 bridges.

OVS is supposed to support at least 256 bridges simultaneously, but the
file descriptor count was a little too low for that.

Build tested only.

Bug #8218.
Reported-by: Luca Giraudo <lgiraudo@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agonetdev-linux: Add MTU check before setting MTU.
Pravin B Shelar [Wed, 25 Jan 2012 23:44:26 +0000 (15:44 -0800)]
netdev-linux: Add MTU check before setting MTU.

Following patch check if current MTU needs to be changed before
issuing set-mtu ioctl.

Suggested-by: Jesse Gross <jesse@nicira.com>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
12 years agostp: Allow manual topology change events.
Ethan Jackson [Sat, 14 Jan 2012 02:49:36 +0000 (18:49 -0800)]
stp: Allow manual topology change events.

Users may want to force the network to flush its MAC tables by
manually triggering a topology change event due to some event in
the system.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agostp: Flush MAC table on topology change.
Ethan Jackson [Mon, 16 Jan 2012 23:07:55 +0000 (15:07 -0800)]
stp: Flush MAC table on topology change.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agomac-learning: Only revalidate relevant flows upon flush.
Ethan Jackson [Wed, 25 Jan 2012 19:44:30 +0000 (11:44 -0800)]
mac-learning: Only revalidate relevant flows upon flush.

Most callers of mac_learning_flush() need to revalidate all flows
anyway, but this update forces new callers of mac_learning_flush()
to think about whether or not they need to explicitly handle
revalidation.  Also, it's theoretically more efficient when there
are lots of flows but the learning table is empty, (e.g. bridges
that don't use the NORMAL action).

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agovswitchd: Stop documenting nonexistent "min-rate" QoS.
Ethan Jackson [Wed, 25 Jan 2012 02:09:32 +0000 (18:09 -0800)]
vswitchd: Stop documenting nonexistent "min-rate" QoS.

There are no known implementations of the "min-rate" QoS algorithm
documented on ovs-vswitchd.conf.db.  This patch removes its
documentation pending an implementation.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agoofproto: Optionally flush all learning tables with appctl.
Ethan Jackson [Tue, 24 Jan 2012 22:33:23 +0000 (14:33 -0800)]
ofproto: Optionally flush all learning tables with appctl.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agotests: Fix broken interface-reconfigure tests.
Ben Pfaff [Tue, 24 Jan 2012 22:49:11 +0000 (14:49 -0800)]
tests: Fix broken interface-reconfigure tests.

Commit acfb4e9597 updated the interface-reconfigure scripts without
updating the corresponding tests, causing false test failures.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agodebian: Delete log files correctly when packages are purged.
Ben Pfaff [Thu, 19 Jan 2012 18:07:38 +0000 (10:07 -0800)]
debian: Delete log files correctly when packages are purged.

Debian Policy 10.8 says "Log files should be removed when the package is
purged (but not when it is only removed)," but the Open vSwitch packages
didn't properly implement this:

   - The openvswitch-brcompat and openvswitch-pki packages didn't delete
     their log files at purge time.

   - The openvswitch-switch package deleted all of the log files at purge
     time, even those owned by openvswitch-brcompat or openvswitch-pki.

This commit fixes both problems.

CC: 656448@bugs.debian.org
Reported-by: Andreas Beckmann <debian@abeckmann.de>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoopenvswitch-xen.spec: Avoid warning if build_number not defined.
Ben Pfaff [Tue, 24 Jan 2012 18:23:36 +0000 (10:23 -0800)]
openvswitch-xen.spec: Avoid warning if build_number not defined.

I expect that only Nicira internal builds want a build number, so it's
nice to avoid a complaint from RPM if the build_number macro is not
defined.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoxenserver/README: Remove bad instructions.
Ben Pfaff [Tue, 24 Jan 2012 18:18:30 +0000 (10:18 -0800)]
xenserver/README: Remove bad instructions.

The instructions in INSTALL.XenServer are more detailed and correct.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoINSTALL.XenServer: spelling fix.
Ben Pfaff [Tue, 24 Jan 2012 18:18:01 +0000 (10:18 -0800)]
INSTALL.XenServer: spelling fix.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoxenserver: Only replace XenServer hosts scripts that we recognize.
Ben Pfaff [Tue, 24 Jan 2012 17:53:44 +0000 (09:53 -0800)]
xenserver: Only replace XenServer hosts scripts that we recognize.

Open vSwitch comes with slightly improved versions of upstream Citrix
XenSever host scripts.  Until now, the Open vSwitch RPMs have always
installed its own versions of the scripts over the Citrix versions.  This
commit changes behavior to replace the scripts only if we recognize the
exact versions being replaced.  This approach seems safer given that the
benefits of the OVS changes are minor and we don't want to break any
upstream changes inadvertently.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoxenserver: Synchronize scripts with XenServer 6.0.0.
Ben Pfaff [Mon, 16 Jan 2012 19:23:26 +0000 (11:23 -0800)]
xenserver: Synchronize scripts with XenServer 6.0.0.

This commit updates the "vif" and "interface-reconfigure" scripts installed
by Open vSwitch on Citrix XenServer with those in XenServer 6.0.0.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofproto-dpif: Revalidate flows after "fdb/flush".
Ben Pfaff [Thu, 19 Jan 2012 00:08:46 +0000 (16:08 -0800)]
ofproto-dpif: Revalidate flows after "fdb/flush".

Otherwise bad translations can stick around.

Bug #9253.
Reported-by: Paul Ingram <paul@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofproto-dpif: Rate-limit all messages output by facet_check_consistency().
Ben Pfaff [Wed, 18 Jan 2012 22:27:10 +0000 (14:27 -0800)]
ofproto-dpif: Rate-limit all messages output by facet_check_consistency().

Some but not all of the log messages were rate-limited here.  Rate-limit
all of them to avoid filling up logs if an inconsistency persists.

Bug #9345.
Reported-by: Ethan Jackson <ethan@nicira.com>
Reported-by: Michael Hu <mhu@nicira.com>
Reported-by: Alan Shieh <ashieh@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agocfm: Log more aggressively amidst packet loss.
Ethan Jackson [Tue, 17 Jan 2012 00:42:08 +0000 (16:42 -0800)]
cfm: Log more aggressively amidst packet loss.

While debugging some issues today it became clear that it would be
useful to log when the CFM fault status changes and when packets
are lost.  The CFM module logs pretty aggressively when in debug
mode, but this can be chatty and most systems don't operate under
this logging level for extended periods of time.  This patch logs
when CCMs are received which indicate reordering or packet loss and
when the CFM fault status changed.

Requested-by: Jacob Cherkas <jcherkas@nicira.com>
Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agolacp: Require successful LACP negotiations when configured.
Ethan Jackson [Mon, 28 Nov 2011 21:54:08 +0000 (13:54 -0800)]
lacp: Require successful LACP negotiations when configured.

In the original Open vSwitch LACP implementation, when no slaves
found a LACP partner, the LACP module would attach all of them.
This allowed the LACP bond to fall back to a standard bond when
partnered with a non-LACP switch.  In practice, this has caused
confusion with marginal benefit, so this feature is removed with
this patch.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agorhel: Correct an example in README.RHEL
Gurucharan Shetty [Fri, 20 Jan 2012 23:07:50 +0000 (15:07 -0800)]
rhel: Correct an example in README.RHEL

Change the value of OVS_BRIDGE in an example to point
to the correct bridge name.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
12 years agodatapath: Correct GRE checksum offset.
Jesse Gross [Fri, 20 Jan 2012 23:12:38 +0000 (15:12 -0800)]
datapath: Correct GRE checksum offset.

If a statically defined GRE key is used with checksums then the
checksum will overwrite the key.  This is because the key is set
at header caching time and the checksum is set at packet processing
time and we don't update the offset on packet processing because
we don't do anything with the key.

Reported-by: Christos Argyropoulos <cargious@netmode.ntua.gr>
Signed-off-by: Jesse Gross <jesse@nicira.com>
12 years agoofproto-dpif: Fix "ofproto/trace" command.
Ben Pfaff [Fri, 20 Jan 2012 00:23:32 +0000 (16:23 -0800)]
ofproto-dpif: Fix "ofproto/trace" command.

Commit 0e15264f96e3c (unixctl: Implement quoting.) broke one form of
ofproto/trace.  This fixes it.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoAdd cmdline arg to specify unix domain control socket.
Andrew Lambeth [Thu, 19 Jan 2012 18:26:03 +0000 (10:26 -0800)]
Add cmdline arg to specify unix domain control socket.

This is useful for sandboxing multiple instances of the daemon for
testing purposes.

Signed-off-by: Andrew Lambeth <wal@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agodummy: Make --enable-dummy=override replace all dpifs, netdevs by dummies.
Ben Pfaff [Thu, 19 Jan 2012 18:24:46 +0000 (10:24 -0800)]
dummy: Make --enable-dummy=override replace all dpifs, netdevs by dummies.

Plain "--enable-dummy" just creates new dummy dpif and netdev classes.
This commit makes "--enable-dummy=override" go a step farther and actually
delete and replace all the existing dpif and netdev classes by copies of
the dummy class.

This is useful for testing in an environment where changing the classes in
Bridge or Interface records is challenging.

Requested-by: Andrew Lambeth <wal@nicira.com>
Tested-by: Andrew Lambeth <wal@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agodatapath: Enforce mutual exclusion between bridge and brcompat_mod.
Ben Pfaff [Tue, 17 Jan 2012 19:15:49 +0000 (11:15 -0800)]
datapath: Enforce mutual exclusion between bridge and brcompat_mod.

In kernels 2.6.36, Open vSwitch can (and does) safely coexist with the
Linux bridge module, but it does not make sense to load both bridge and
brcompat_mod at the same time.  Until now, nothing has prevented both from
loading; when they both load, confusion (at best) results.  This fixes
the problem by enforcing mutual exclusion.

Bug #9226.
Launchpad bug #917309.
Reported-by: Rogério Vinhal Nunes
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
12 years agoAUTHORS: Add Linux upstream committers.
Jesse Gross [Tue, 17 Jan 2012 17:13:21 +0000 (09:13 -0800)]
AUTHORS: Add Linux upstream committers.

Signed-off-by: Jesse Gross <jesse@nicira.com>
12 years agodatapath: kill duplicate included header
Shan Wei [Tue, 17 Jan 2012 17:08:20 +0000 (09:08 -0800)]
datapath: kill duplicate included header

For net part, remove duplicate included header.

Signed-off-by: Shan Wei <davidshan@tencent.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jesse Gross <jesse@nicira.com>
12 years agodatapath: remove unused version.h includes
Devendra Naga [Tue, 17 Jan 2012 17:05:33 +0000 (09:05 -0800)]
datapath: remove unused version.h includes

remove unused version.h includes as reported by make versioncheck.

Signed-off-by: Devendra Naga <devendra.aaru@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jesse Gross <jesse@nicira.com>
12 years agobond: Change default bond_mode to active-backup.
Ethan Jackson [Thu, 12 Jan 2012 01:23:38 +0000 (17:23 -0800)]
bond: Change default bond_mode to active-backup.

As promised, post version 1.4 the default bond_mode is changing to
active-backup with this commit.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agobond: Revalidate when lacp_negotiated status changes.
Ethan Jackson [Mon, 28 Nov 2011 23:14:11 +0000 (15:14 -0800)]
bond: Revalidate when lacp_negotiated status changes.

Typically, when the lacp_negotiated flag changes, the result of
bond_is_tcp_hash() will change as well.  However, for certain bond
types (SLB, Active-Backup, etc) this may not be true.  Since the
lacp_negotiated flag affects the results of
bond_check_admissibility() revalidation needs to happen whenever it
changes.  This patch makes the revalidation explicit.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agolacp: Enforce valid lacp-system-id configuration.
Ethan Jackson [Thu, 15 Dec 2011 00:34:52 +0000 (16:34 -0800)]
lacp: Enforce valid lacp-system-id configuration.

With this patch, when a user attempts to configure LACP with an
invalid system ID, OVS will fail to create the bond and warn.
This behavior seems safer then defaulting to the bridge Ethernet
address which may surprise users.

Bug #8710.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agobond: Add ovs-appctl bond/show to LACP sanity checks.
Ethan Jackson [Thu, 15 Dec 2011 02:35:42 +0000 (18:35 -0800)]
bond: Add ovs-appctl bond/show to LACP sanity checks.

This commit makes the LACP unit tests more general by adding
ovs-appctl bond/show output.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agobond: Sort slaves in ovs-appctl bond/show.
Ethan Jackson [Thu, 15 Dec 2011 02:56:07 +0000 (18:56 -0800)]
bond: Sort slaves in ovs-appctl bond/show.

This will simplify unit tests which appear in future commits.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agobond: Support ovs-appctl bond/show without arguments.
Ethan Jackson [Thu, 15 Dec 2011 02:48:07 +0000 (18:48 -0800)]
bond: Support ovs-appctl bond/show without arguments.

Similarly to lacp/show and cfm/show, the bond/show ovs-appctl
command now shows all bonds when given no arguments.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agoovs-ctl: Do not load brcompat_mod if the bridge module is already loaded.
Ben Pfaff [Mon, 16 Jan 2012 22:43:22 +0000 (14:43 -0800)]
ovs-ctl: Do not load brcompat_mod if the bridge module is already loaded.

brcompat_mod and the Linux bridge module are incompatible, so it doesn't
make sense to try to load both at the same time.  This commit prevents
ovs-ctl from trying.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Reported-by: Rogério Vinhal Nunes
Launchpad bug #917309.

12 years agodpif: Log each operation in dpif_operate().
Ben Pfaff [Mon, 26 Dec 2011 22:42:48 +0000 (14:42 -0800)]
dpif: Log each operation in dpif_operate().

Without logging of operation groups, it becomes more difficult to debug
problems related to flow setups, since those go through operation groups.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agodpif: Change provider interface to consistently use operation structs.
Ben Pfaff [Mon, 26 Dec 2011 22:39:03 +0000 (14:39 -0800)]
dpif: Change provider interface to consistently use operation structs.

Until now, a "flow put" has represented its parameters in two different
ways, depending on whether it was coming from dpif_flow_put() or from
dpif_operate(), and similarly for an "execute" operation.  This commit
adopts the operation struct consistently within the dpif provider
interface, which seems cleaner.

This commit also factors out logging for flow puts and executes, which
is useful in the following commit.

This doesn't change the dpif client interface, since the two forms are
more convenient for clients than always filling out an operation struct.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agodpif: Factor 'type' and 'error' out of individual dpif_op members.
Ben Pfaff [Mon, 26 Dec 2011 22:17:55 +0000 (14:17 -0800)]
dpif: Factor 'type' and 'error' out of individual dpif_op members.

I'd like to change ->dpif_flow_put() and ->dpif_execute() in the dpif
provider to take the structures of the same names as parameters, instead of
passing them discrete parameters, because this seems like a more sensible
way to do things internally than to have two different ways to pass the
parameters.  It might even simplify code slightly.  But ->flow_put() and
->execute() wouldn't want the 'type' (because it's implied by the function
being called) or 'error' (because it would be the same as the return
value).  Although of course they could just ignore those members, it seems
slightly cleaner to omit them entirely, as this change allows.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofproto-dpif: Restore optimization for no-actions case (without leak).
Ben Pfaff [Tue, 10 Jan 2012 23:34:55 +0000 (15:34 -0800)]
ofproto-dpif: Restore optimization for no-actions case (without leak).

Commit 968131c1809 (ofproto-dpif: Omit "execute" operation entirely when
there are no actions.) introduced an optimization for the case where a
flow translated to ODP actions had no actions at all (i.e. the packet is
to be dropped).  It also introduced a memory leak (the packet was not
freed).

Commit 999fba59afd (ofproto-dpif: Implement PACKET_IN in userspace.)
inadvertently removed the optimization and as a side effect fixed the
memory leak.

This commit restores the optimization but not the memory leak.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoovs-vsctl: Add example of creating a GRE tunnel to manpage.
Ben Pfaff [Mon, 16 Jan 2012 20:54:05 +0000 (12:54 -0800)]
ovs-vsctl: Add example of creating a GRE tunnel to manpage.

We've had questions about this a few times.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofproto-dpif: Implement self-check of flow translations.
Ben Pfaff [Mon, 16 Jan 2012 20:37:44 +0000 (12:37 -0800)]
ofproto-dpif: Implement self-check of flow translations.

One of the major tasks of ofproto-dpif is to translate OpenFlow
actions into "ODP" datapath actions.  These translations are essentially
a cache that requires revalidation when certain state changes occur.  For
best performance it's important to revalidate flows only when necessary,
so from time to time Open vSwitch has gotten this wrong, which meant that
stale flows could persist in the kernel and cause surprising behavior.

This commit implements a simple "self check": every trip through the
Open vSwitch main loop randomly chooses one flow entry and checks that
its actions have been correctly translated.  If not, Open vSwitch logs
the details of the problem.  This should help find problems more
quickly in the future.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofproto-dpif: Remove many redundant "struct ofproto_dpif *" parameters.
Ben Pfaff [Mon, 26 Dec 2011 23:08:53 +0000 (15:08 -0800)]
ofproto-dpif: Remove many redundant "struct ofproto_dpif *" parameters.

It's redundant to pass both a facet or subfacet and an ofproto_dpif,
because the latter can be derived from the former.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofproto: New action TTL decrement.
Pravin B Shelar [Sat, 14 Jan 2012 01:54:04 +0000 (17:54 -0800)]
ofproto: New action TTL decrement.

Following patch implements dec_ttl as vendor action with similar
semantics as OpenFlow 1.2. If TTL reaches zero while procession
actions in current table, the remaining actions in previous tables
are processed. A configuration parameter is added to make TTL
decrement to zero generate packet in.

Feature #8758
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
12 years agodatapath: Fix version check for 3.2.
Jesse Gross [Sat, 14 Jan 2012 01:09:21 +0000 (17:09 -0800)]
datapath: Fix version check for 3.2.

We support Linux 3.2 and all of its patch levels but the current
check only allows for 3.2.0.

Reported-by: Justin Pettit <jpettit@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
12 years agoovs-vsctl: Document a pitfall of the syntax for maps.
Ben Pfaff [Sat, 14 Jan 2012 00:00:00 +0000 (16:00 -0800)]
ovs-vsctl: Document a pitfall of the syntax for maps.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agonetdev-dummy: Fix use-after-free error.
Ben Pfaff [Fri, 13 Jan 2012 21:30:42 +0000 (13:30 -0800)]
netdev-dummy: Fix use-after-free error.

Found by valgrind.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoPrepare for post-1.5.0 (1.5.90).
Justin Pettit [Thu, 12 Jan 2012 23:53:55 +0000 (15:53 -0800)]
Prepare for post-1.5.0 (1.5.90).

Signed-off-by: Justin Pettit <jpettit@nicira.com>
12 years agodpif: Simplify the "listen mask" concept.
Ben Pfaff [Fri, 13 Jan 2012 01:09:22 +0000 (17:09 -0800)]
dpif: Simplify the "listen mask" concept.

At one point in the past, there were three separate queues between the
kernel module and OVS userspace, each of which corresponded to a Netlink
socket (or, before that, to a character device).  It made sense to allow
each of these to be enabled or disabled separately, hence the "listen mask"
concept in the dpif layer.

These days, the concept is much less clear-cut.  Queuing is no longer on
the basis of different classes of packets but instead striped across a
collection of sockets based on input port.  It doesn't really make sense
to enable receiving packets on the basis of the kind of packet anymore.
Accordingly, this commit simplifies the "listen_mask" to just a bool that
either enables or disables receiving packets.

It could be useful to enable or disable receiving packets on a per-vport
basis, but the rest of the code isn't ready to make use of that so this
commit doesn't generalize this much.

Based on this discussion on ovs-dev:
http://openvswitch.org/pipermail/dev/2011-October/012044.html

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agomultipath: Correctly calculate number of required destination bits.
Ben Pfaff [Tue, 27 Dec 2011 21:37:43 +0000 (13:37 -0800)]
multipath: Correctly calculate number of required destination bits.

The previous calculation was wrong when n_links was a power of 2.

Reported-by: Paul Ingram <paul@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoBetter abstract OpenFlow error codes.
Ben Pfaff [Thu, 12 Jan 2012 23:48:19 +0000 (15:48 -0800)]
Better abstract OpenFlow error codes.

This commit switches from using the actual protocol values of error codes
internally in Open vSwitch, to using abstract values that are translated to
and from protocol values at message parsing and serialization time.  I
believe that this makes the code easier to read and to write.

This is also one step along the way toward OpenFlow 1.1 support because
OpenFlow 1.1 renumbered a bunch of error codes.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agodatapath: IFF_OVS_DATAPATH is backported by RHEL 6.2.
Jesse Gross [Wed, 11 Jan 2012 23:01:37 +0000 (15:01 -0800)]
datapath: IFF_OVS_DATAPATH is backported by RHEL 6.2.

On kernels 2.6.37 and above IFF_OVS_DATAPATH has a unique value upstream,
on 2.6.36 we define it to be IFF_BRIDGE_PORT and below to 0.  There isn't
really a good reason to use IFF_BRIDGE_PORT on 2.6.36 (and it's perhaps
bad because it's checked in a few places and we don't want those checks
to trigger on just this kernel) and it makes it difficult to know what
value we should use in the face of backporting.  Therefore, this just
uses 0 on the places where we don't have a real value.

Reported-by: Benoit ML <ben42ml@gmail.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
12 years agodpif-netdev: Make port numbers predictable for dummy dpif, for unit tests.
Ben Pfaff [Thu, 12 Jan 2012 23:23:23 +0000 (15:23 -0800)]
dpif-netdev: Make port numbers predictable for dummy dpif, for unit tests.

The unit tests feed a lot of flows through the ofproto-dpif "trace"
command, which means that they need to know the port numbers of the ports
that they create.  Until now, they've had to actually query those port
numbers from the database, which is a bit of unnecessary overhead for unit
tests.

This commit makes dummy dpif port numbers predictable: if the name of a
port contains a number, then the dummy dpif uses that number, if it is
valid and available, as the port number.

This commit also simplifies the unit tests that previously queried port
numbers to depend on the new behavior.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-util: Extend message decoding data structures with version field.
Ben Pfaff [Thu, 12 Jan 2012 19:35:57 +0000 (11:35 -0800)]
ofp-util: Extend message decoding data structures with version field.

This makes it possible to add entries for decoding OpenFlow messages with
newer versions, e.g. OpenFlow 1.1 or 1.2.  However, no actual messages for
newer versions are actually implemented yet; that will come later.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agonicira-ext: Rename "struct nxt_*" to "struct nx_*".
Ben Pfaff [Thu, 12 Jan 2012 19:35:50 +0000 (11:35 -0800)]
nicira-ext: Rename "struct nxt_*" to "struct nx_*".

Most structures in this file have an "nx_" prefix, so this makes naming
more consistent.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoSubmittingPatches: Fix typo.
Ben Pfaff [Thu, 12 Jan 2012 17:08:28 +0000 (09:08 -0800)]
SubmittingPatches: Fix typo.

Reported-by: Reid Price <reid@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agovswitchd: Document maximum queue_id for Linux QoS.
Ethan Jackson [Wed, 11 Jan 2012 22:15:49 +0000 (14:15 -0800)]
vswitchd: Document maximum queue_id for Linux QoS.

The code enforces an exclusive maximum of 0xf000 on queue_ids for
Linux queueing disciplines, but the documentation doesn't mention
this limitation.

Reported-by: Michael Mao <mmoa@nicira.com>
Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agoodp-util: Handle ipv6 in set nw action.
Pravin B Shelar [Wed, 11 Jan 2012 20:44:23 +0000 (12:44 -0800)]
odp-util: Handle ipv6 in set nw action.

Rather than silently skipping ipv6 action generation, following patch
generates OVS_ACTION_ATTR_SET action for ipv6. Datapath which do not
support ipv6 action can reject this action.

Bug #8758
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
12 years agoofproto-dpif: Honor statistics in packet_out().
Ethan Jackson [Wed, 11 Jan 2012 03:01:04 +0000 (19:01 -0800)]
ofproto-dpif: Honor statistics in packet_out().

A "packet out" ordinarily isn't accounted to any OpenFlow rule,
because its actions come directly from the controller instead of
from an OpenFlow rule.  However, any "resubmit" actions or output
to OFPP_TABLE within the set of actions do bring in actions from a
rule, and the "packet out" should be accounted to the rule in that
case.  This commit implements that behavior.

Reported-by: Jesse Gross <jesse@nicira.com>
Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agoDon't specify program name in passive connection man page fragments.
Justin Pettit [Wed, 11 Jan 2012 18:45:29 +0000 (10:45 -0800)]
Don't specify program name in passive connection man page fragments.

The vconn and ovsdb passive connection man page fragments used the
PN (program name) macro to describe their functionality.  This was
usually correct, but in the case of ovs-vsctl, they may be used to
describe configuring ovs-vswitchd.  This commit rewords the fragments to
make them correct regardless of whether they're describing a local or
remote passive connection.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
12 years agoovsdb-tool: Use typical db and schema install locations as defaults.
Ben Pfaff [Wed, 11 Jan 2012 18:23:10 +0000 (10:23 -0800)]
ovsdb-tool: Use typical db and schema install locations as defaults.

This makes ovsdb-tool easier to use in the common case.

Feature #7756.
Requested-by: Reid Price <reid@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agodatapath: Fix multipart datapath dumps.
Ben Pfaff [Wed, 11 Jan 2012 17:58:17 +0000 (09:58 -0800)]
datapath: Fix multipart datapath dumps.

The logic to split up the list of datapaths into multiple Netlink messages
was simply wrong, causing the list to be terminated after the first part.
Only about the first 50 datapaths would be dumped.  This fixes the
problem.

Bug #9124.
Reported-by: Paul Ingram <paul@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
12 years agoNEWS: Fix typo.
Ben Pfaff [Wed, 11 Jan 2012 17:56:35 +0000 (09:56 -0800)]
NEWS: Fix typo.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoovs-vsctl: Add set relational operators to "find" command.
Ben Pfaff [Wed, 11 Jan 2012 17:55:53 +0000 (09:55 -0800)]
ovs-vsctl: Add set relational operators to "find" command.

Requested-by: Shih-Hao Li <shli@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoovsdb-data: Short-circuit ovsdb_datum_includes_all() in trivial case.
Ben Pfaff [Wed, 30 Nov 2011 18:43:59 +0000 (10:43 -0800)]
ovsdb-data: Short-circuit ovsdb_datum_includes_all() in trivial case.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agonews: Mention NXM_PACKET_IN.
Ethan Jackson [Wed, 11 Jan 2012 01:25:59 +0000 (17:25 -0800)]
news: Mention NXM_PACKET_IN.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agoopenflow: New Nicira Extended PACKET_IN format.
Ethan Jackson [Fri, 9 Dec 2011 23:48:26 +0000 (15:48 -0800)]
openflow: New Nicira Extended PACKET_IN format.

The new PACKET_IN format implemented in this patch includes flow
metadata such as the cookie, table_id, and registers.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agoofproto-dpif: Implement PACKET_IN in userspace.
Ethan Jackson [Thu, 15 Dec 2011 23:21:23 +0000 (15:21 -0800)]
ofproto-dpif: Implement PACKET_IN in userspace.

In future patches, PACKET_IN messages will include meta-data which
is only available in userspace during action translation.  Either,
this data needs to be stored until it's required by a userspace
datapath action, or the PACKET_IN messages must be sent at the time
the data is available.  This patch implements the latter.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agonx-match: New function nx_pull_match_loose().
Ethan Jackson [Tue, 3 Jan 2012 21:30:45 +0000 (13:30 -0800)]
nx-match: New function nx_pull_match_loose().

Future patches will need the ability to skip over unsupported NXM
headers.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agoflow: Create new flow_metadata structure for packet_in messages.
Ethan Jackson [Thu, 5 Jan 2012 00:40:13 +0000 (16:40 -0800)]
flow: Create new flow_metadata structure for packet_in messages.

This will ease the implementation of future patches.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agopackets: New packet_set_*() helper functions.
Ethan Jackson [Fri, 16 Dec 2011 01:58:23 +0000 (17:58 -0800)]
packets: New packet_set_*() helper functions.

This commit pulls code used to modify L3 and L4 header fields
from dp_netdev into the packet library.  An additional user will
be added in a future commit.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agoofputil: New function ofputil_decode_packet_in().
Ethan Jackson [Fri, 23 Dec 2011 00:35:23 +0000 (16:35 -0800)]
ofputil: New function ofputil_decode_packet_in().

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agoofp-util: Don't use ofpbuf in ofputil_packet_in struct.
Ethan Jackson [Thu, 22 Dec 2011 03:01:18 +0000 (19:01 -0800)]
ofp-util: Don't use ofpbuf in ofputil_packet_in struct.

This will make the memory ownership clearer in future patches which
make more extensive use of ofputil_packet_in.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agoofproto: Always clone packets in PACKET_IN message.
Ethan Jackson [Tue, 3 Jan 2012 22:22:44 +0000 (14:22 -0800)]
ofproto: Always clone packets in PACKET_IN message.

This patch removes an optimization which significantly complicates
the code in ways which would get worse in future patches if not
removed.  Furthermore, future patches will have fewer cases which
can take advantage of the optimization further mitigating its
justification.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agotests: Unit test PACKET_IN.
Ethan Jackson [Wed, 21 Dec 2011 01:40:25 +0000 (17:40 -0800)]
tests: Unit test PACKET_IN.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agoovs-ofctl: Support daemonization for monitor and snoop.
Ethan Jackson [Tue, 20 Dec 2011 23:31:34 +0000 (15:31 -0800)]
ovs-ofctl: Support daemonization for monitor and snoop.

This will ease implementation of future unit tests.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agoofp-print: Print checksum in ofp_packet_to_string().
Ethan Jackson [Wed, 21 Dec 2011 03:56:43 +0000 (19:56 -0800)]
ofp-print: Print checksum in ofp_packet_to_string().

This will improve the unit tests of future patches.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agoofp-print: Remove tcpdump from ofp_packet_to_string().
Ethan Jackson [Wed, 21 Dec 2011 20:59:28 +0000 (12:59 -0800)]
ofp-print: Remove tcpdump from ofp_packet_to_string().

Instead this patch uses flow_format() which gives very similar
output.  This patch will improve the reliability of unit tests in
future patches which rely on the results of ofp_packet_to_string().

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agopackets: Mask out CFI bit in eth_push_vlan().
Ethan Jackson [Tue, 3 Jan 2012 18:42:56 +0000 (10:42 -0800)]
packets: Mask out CFI bit in eth_push_vlan().

We should never push a VLAN tag with the CFI bit set.  This patch
defensively enforces this invariant.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agopktbuf: Directly use pointers in pktbuf_save().
Ethan Jackson [Tue, 3 Jan 2012 18:27:04 +0000 (10:27 -0800)]
pktbuf: Directly use pointers in pktbuf_save().

In future patches, directly using a void * pointer in the
pktbuf_save() definition will simplify the code.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agoofp-print: Remove vestigial 'total_len' argument.
Ethan Jackson [Fri, 23 Dec 2011 01:47:15 +0000 (17:47 -0800)]
ofp-print: Remove vestigial 'total_len' argument.

ofp_print_packet() and ofp_packet_to_string() don't use the
'total_len' argument which they require callers to supply.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agoflow: Improve flow_format() output.
Ethan Jackson [Tue, 20 Dec 2011 20:57:04 +0000 (12:57 -0800)]
flow: Improve flow_format() output.

I find this significantly easier to read.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agoofpbuf: Maintain header pointers in clone functions.
Ethan Jackson [Tue, 27 Dec 2011 18:35:56 +0000 (10:35 -0800)]
ofpbuf: Maintain header pointers in clone functions.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agoclassifier: Update cls_rule_set_in_port() prototype.
Ethan Jackson [Wed, 28 Dec 2011 18:51:15 +0000 (10:51 -0800)]
classifier: Update cls_rule_set_in_port() prototype.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agodebian: Look in /lib/modules instead of /usr/src for DKMS kernel sources.
Ben Pfaff [Tue, 10 Jan 2012 22:22:22 +0000 (14:22 -0800)]
debian: Look in /lib/modules instead of /usr/src for DKMS kernel sources.

DKMS packages usually look in /lib/modules for kernel sources, since that
is the "standard" location, but our packages was looking directly in
/usr/src.  This fixes the problem.

Reported-by: Alban Browaeys <prahal@yahoo.com>
Tested-by: Alban Browaeys <prahal@yahoo.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agodebian: Ignore temporary files for openvswitch-test package too.
Ben Pfaff [Tue, 10 Jan 2012 18:31:05 +0000 (10:31 -0800)]
debian: Ignore temporary files for openvswitch-test package too.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoovs-monitor-ipsec: Don't reconfigure cert-based authentication as often.
Justin Pettit [Tue, 10 Jan 2012 02:46:23 +0000 (18:46 -0800)]
ovs-monitor-ipsec: Don't reconfigure cert-based authentication as often.

ovs-monitor-ipsec wakes up when the Interface table is modified.  To
prevent needless reconfiguration, it maintains a dictionary of the
currently implemented configuration and compares it to any new changes.
Unfortunately, for certificate-based authentication we create a new
"peer_cert_file" key in our local dictionary, which always causes the
comparison to fail.  This forces expensive renegotiation for any change
in the Interface tables.  This commit uses set difference to detect
changes from the previous configuration as opposed to a straight simple
comparison.

Bug #9103

Signed-off-by: Justin Pettit <jpettit@nicira.com>
12 years agoovs-ctl: Pull system_type and system_version from config file
Gurucharan Shetty [Fri, 6 Jan 2012 02:28:20 +0000 (18:28 -0800)]
ovs-ctl: Pull system_type and system_version from config file

Currently system-type and system-version can only be set through
ovs-vsctl and ovs-ctl in the commandline. This patch allows you
to place system-type.conf and system-version.conf files in $etcdir
and their contents will be used if no arguments are specified with
ovs-vsctl or ovs-ctl.

Bug #9033.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
12 years agoofproto-dpif: Keep subfacets longer to avoid assert-fail in facet_account().
Ben Pfaff [Fri, 6 Jan 2012 23:03:07 +0000 (15:03 -0800)]
ofproto-dpif: Keep subfacets longer to avoid assert-fail in facet_account().

If a subfacet expired when its facet still had statistics that had not
yet been pushed into the rule, and the facet either used the "normal"
action or the bridge contained a bond port, then facet_account() would
be called after the last subfacet was removed from its facet's list of
subfacets, triggering an assertion failure in list_front().

This fixes the problem by always running facet_flush_stats() (which calls
facet_account()) before deleting the last subfacet from a facet.

This problem took a while to surface because subfacets usually expire only
long after their statistics have been pushed into the rule.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Reported-by: Mike Kruze <mkruze@nicira.com>
Bug #9074.

12 years agoovs-benchmark: Improve output format for "rate" command.
Ben Pfaff [Thu, 5 Jan 2012 18:44:40 +0000 (10:44 -0800)]
ovs-benchmark: Improve output format for "rate" command.

Before, the "rate" command kept the status of the test continually updated
on the screen.  This form of output is nice to watch, but it isn't very
useful for reporting, because you only end up with a single number at the
end, and redirecting it to a file yields one long line with lots of
carriage returns.

This commit simplifies the output format by simply printing one line per
second.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofproto-dpif.at: Add test for normal action with OFPP_NONE in_port.
Justin Pettit [Thu, 5 Jan 2012 18:19:15 +0000 (10:19 -0800)]
ofproto-dpif.at: Add test for normal action with OFPP_NONE in_port.

Commit 33158a (ofproto-dpif: Fake-up OFPP_NONE input bundle for
mirroring and normal.) fixed handling of packets sent from a controller
with an ingress port of OFPP_NONE.  It includes a unit test for the
mirroring case, but not the "normal" processing case.  The reason is
that the test requires commit fadc05 (ofproto-dpif: Fix nondeterministic
flow revalidation behavior.), which removes a check that causes the test
to fail.  That fix isn't available in all branches that 33158a is on, so
this test is only being run on those that are.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
12 years agotests: Fix bug in NetFlow test case.
Ben Pfaff [Thu, 5 Jan 2012 00:12:08 +0000 (16:12 -0800)]
tests: Fix bug in NetFlow test case.

The "sed" command here is intended to replace something like 1234...1234
(where the two numbers are the same) with <moment> and something like
1234...2345 (where the two numbers differ) with <range>, but in fact it
accidentally changed, e.g., 10...1016 into <moment>16.  This commit fixes
that.

This fixes only a test case, not the code under test.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Bug #9057.

12 years agodatapath: Implement flow table re-hashing.
Pravin B Shelar [Thu, 5 Jan 2012 01:23:03 +0000 (17:23 -0800)]
datapath: Implement flow table re-hashing.

Following patch introduces a timer based event to rehash flow-hash
table. It makes finding collisions difficult to for an attacker.

Suggested-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>