Ben Pfaff [Fri, 13 Jul 2012 06:08:45 +0000 (23:08 -0700)]
debian: Do not change iptables rules by default.
Debian kernel maintainer Bastian Blank writes, at
http://bugs.debian.org/680537:
The netfilter rules are a shared resource. There is no synchronization,
so the admin have the last word. As kernel maintainer, I see it similar
to a configuration file, so §10.7 policy applies.
The purpose of openvswitch is to provide support for switching, not to
setup filter rules. This means it violates the principle of least
surprise.
I believe that the argument by analogy to configuration files is weak,
given that the Debian policy section in question is very specifically about
files, not about general principles. On the other hand, Debian does not
install any firewall by default, so the presence of a rule that blocks GRE
traffic is a sign that the administrator has taken an explicit action to
install a firewall that blocks GRE, and therefore it is rather rude to
override this. Therefore, this patch simply turns off this behavior on
Debian, given that in ordinary Debian installations it will have no
adverse effect on Open vSwitch.
Debian bug #680537.
CC: 680537@bugs.debian.org
Reported-by: Bastian Blank <waldi@debian.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Simon Horman <horms@verge.net.au>
Ben Pfaff [Wed, 18 Jul 2012 17:10:20 +0000 (10:10 -0700)]
ofproto-dpif: Make OFPP_TABLE always resubmit to table 0.
Commit
299016266ed1 (New action NXAST_RESUBMIT_TABLE.) changed OFPP_TABLE
from resubmitting to table 0 to resubmitting to the current table. This
wasn't mentioned in the change log and I believe it was a typo. This
commit changes the behavior back.
This isn't a very serious bug because OpenFlow 1.0 says that OFPP_TABLE is
supposed to be used only in packet-out messages, in which case the current
table is 0 anyhow.
OpenFlow 1.3 is explicit:
The action list of an OFPT_PACKET_OUT message can also specify the
OFPP_TABLE reserved port as an output action to process the packet
through the existing flow entries, starting at the first flow table.
Reported-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Isaku Yamahata [Wed, 18 Jul 2012 11:41:15 +0000 (20:41 +0900)]
ofp-actions: simplify ofpacts_from_openflow1[01]
Those logic is same, so simplify it. This will be also use for OF12.
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Mon, 16 Jul 2012 22:13:22 +0000 (15:13 -0700)]
INSTALL.userspace: Explain how and why to use iptables to drop packets.
Reported-by: Ed Maste <emaste@freebsd.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Simon Horman [Wed, 18 Jul 2012 01:47:56 +0000 (10:47 +0900)]
ofproto: More vlan tests
I'm not sure if this is the best place for this, but exercising
adding flows with dl_vlan and dl_vlan_pcp in this matter helped
my to find some bugs in changes that I am working on in relation
to the OpenFlow VLAN match.
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Tue, 17 Jul 2012 16:39:23 +0000 (09:39 -0700)]
tests: Add detailed test for OF1.0 match decoding and encoding.
This follows the form of the OF1.1 match decoding and encoding test that I
wrote a while back, which seems to be a good form to use.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Tested-by: Simon Horman <horms@verge.net.au>
Ben Pfaff [Tue, 10 Jul 2012 06:45:25 +0000 (23:45 -0700)]
ofp-util: Wildcard VLAN PCP in OF1.0 matches when 802.1Q not present.
When an output OF1.0 match uses OFP_VLAN_NONE to match only when the 802.1Q
header is not present, it is somewhat contradictory to specify any value
for the VLAN PCP, since none can be present without an 802.1Q header, but
the match output by Open vSwitch did so. This fixes it.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Tested-by: Simon Horman <horms@verge.net.au>
Ben Pfaff [Thu, 12 Jul 2012 19:29:40 +0000 (12:29 -0700)]
ofp-actions: Improve action error logging a bit more.
Commit
0c449c5683a improved action error logging for one case, but we might
as well do it for the other case too.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ethan Jackson [Tue, 17 Jul 2012 17:07:36 +0000 (10:07 -0700)]
tests: Fix unit test failures related to additional logging.
Commit
a890678229 (userspace: Log version on startup.) added
additional logging to ovsdb-server and ovs-vswitchd, but failed to
make certain the unit tests still passed.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
[blp@nicira.com changed the strategy for fixing ovsdb-server.at]
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ethan Jackson [Tue, 17 Jul 2012 16:28:08 +0000 (09:28 -0700)]
ovsdb-server, ovs-vswitchd: Log version after daemonize_complete().
This fixes unit tests, and generally seems more correct.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
[blp@nicira.com added the change to ovs-vswitchd]
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ethan Jackson [Tue, 17 Jul 2012 16:28:06 +0000 (09:28 -0700)]
ofproto: Fix compiler warnings.
This patch fixes the following warnings on my system:
lib/ofp-actions.c:458:13: error: format '%x' expects argument of
type 'unsigned int', but argument 4 has type 'long unsigned int'
[-Werror=format]
ofproto/ofproto.c:3940:13: error: comparison between 'enum
ofoperation_type' and 'enum nx_flow_update_event'
[-Werror=enum-compare]
ofproto/ofproto.c:3941:13: error: comparison between 'enum
ofoperation_type' and 'enum nx_flow_update_event'
[-Werror=enum-compare]
ofproto/ofproto.c:3942:13: error: comparison between 'enum
ofoperation_type' and 'enum nx_flow_update_event'
[-Werror=enum-compare]
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Simon Horman [Tue, 17 Jul 2012 08:27:06 +0000 (17:27 +0900)]
OXM, NXM: Add tests for all zero and all one masks
The motivation for this is that I was looking into some
bugs relating to masking of match code that I was developing
and it seemed that having these tests would be worthwhile.
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ethan Jackson [Fri, 13 Jul 2012 20:10:01 +0000 (13:10 -0700)]
userspace: Log version on startup.
It's convenient to have the OVS version directly in the logs so one
doesn't have to go digging through ovs-bugtool output to find it.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Leo Alterman [Tue, 17 Jul 2012 00:26:10 +0000 (17:26 -0700)]
datapath: fix typo in README
Signed-off-by: Leo Alterman <lalterman@nicira.com>
Justin Pettit [Mon, 16 Jul 2012 23:49:00 +0000 (16:49 -0700)]
Prepare for post-1.8.0 (1.8.90).
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Justin Pettit [Mon, 16 Jul 2012 23:47:08 +0000 (16:47 -0700)]
Prepare for 1.8.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Ben Pfaff [Mon, 16 Jul 2012 16:37:22 +0000 (09:37 -0700)]
ofp-actions: Improve comments.
Reported-by: Joe Stringer <joe@wand.net.nz>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Mon, 16 Jul 2012 17:23:58 +0000 (10:23 -0700)]
ovs-ofctl: Fix use-after-free error.
Commit
4ce9c31573 (ovs-ofctl: Factor code out of read_flows_from_switch().)
introduced a use-after-free error, fixed by this change.
Also adds a unit test for "ovs-ofctl diff-flows" that would have found the
problem. (The bug report cited "diff-flows" but this bug was present in
dump-flows as well because they share common code.)
Bug #12461.
Reported-by: James Schmidt <jschmidt@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Gurucharan Shetty [Mon, 16 Jul 2012 16:37:40 +0000 (09:37 -0700)]
ofproto: fix typo in documentation.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Ben Pfaff [Fri, 13 Jul 2012 17:25:27 +0000 (10:25 -0700)]
memory: Document the memory/show unixctl command.
Suggested-by: Justin Pettit <jpettit@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Zoltan Kiss [Thu, 12 Jul 2012 17:24:17 +0000 (18:24 +0100)]
lib: Define OVSP_NONE in a more clear way
The value represented by the macro would stay exactly the same, just become obvious.
Signed-off-by: Zoltan Kiss <zoltan.kiss@citrix.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Thu, 12 Jul 2012 23:32:56 +0000 (16:32 -0700)]
ovs-ofctl: Avoid use-after-free upon "ofctl/unblock" when connection dies.
The implementation of "ofctl/block" used a nested poll loop, with an inner
call to unixctl_server_run(). This poll loop always ran inside an outer
call to unixctl_server_run(), since that's the context within which unixctl
command implementations run. That means that, if a unixctl connection got
closed within the inner poll loop, and the outer poll loop happened to be
processing the same unixctl connection, then the outer poll loop would
dereference data in the freed connection.
The simplest solution is to avoid a nested poll loop, so that's what this
commit does.
This didn't cause a failure in the unit tests on i386 (which is why I
didn't catch it before pushing) but it did, reliably, on x86-64, and it
showed up in valgrind everywhere.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Jesse Gross [Thu, 12 Jul 2012 23:27:31 +0000 (16:27 -0700)]
Add Tadaaki Nagao to AUTHORS.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Tadaaki Nagao [Thu, 12 Jul 2012 07:25:29 +0000 (16:25 +0900)]
datapath: Check for backported skb_frag_page().
Recently released CentOS 6.3 (and probably also RHEL 6.3, I assume)
backported skb_frag_page() and others to their 2.6.32-based kernel,
which caused build failure of Open vSwitch kernel modules.
Signed-off-by: Tadaaki Nagao <nagao@stratosphere.co.jp>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Ben Pfaff [Thu, 12 Jul 2012 21:18:05 +0000 (14:18 -0700)]
ofproto: New feature to notify controllers of flow table changes.
OpenFlow switching monitoring and controller coordination can be made more
efficient if the switch can notify a controller of flow table changes as
they occur, rather than periodically polling for changes. This commit
implements such a feature.
Feature #6633.
CC: Natasha Gude <natasha@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Tue, 3 Jul 2012 21:00:38 +0000 (14:00 -0700)]
ofproto: Add extra comments and checking for expiring a pending rule.
A given rule may only have one pending operation at a time, so when an
operation is pending we must not allow a flow expiration to be started on
that rule.
This doesn't fix a user-visible bug in ofproto-dpif because ofproto-dpif
always completes operations immediately, that is, no operations will be
pending when expiration runs. (Technically there is a bug if the user
runs "ovs-appctl ofproto/clog", but that feature is for debugging only and
there is no reason for a user to ever run it.)
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Thu, 12 Jul 2012 17:17:10 +0000 (10:17 -0700)]
ofproto: Represent flow cookie changes as operations too.
An upcoming commit will add support for monitoring changes to the flow
table. This feature wants to be able to report changes to flow cookies,
as well as to other properties of a flow. Until now, however, a flow_mod
that modifies only the flow's cookie is treated as a special case that does
not go through the ofoperation mechanism. That makes it harder to report
flow cookie-only changes (it would require an additional special case in
the reporting mechanism) so this commit changes cookie-only changes to
go through ofoperations.
The bulk of this change is to change the meaning of ofoperation's 'ofpacts'
member so that a NULL value indicates that the flow's actions are not
changing. Otherwise a flow-cookie only change would still require copying
and then freeing all the actions, which seems like a waste.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Fri, 6 Jul 2012 17:36:00 +0000 (10:36 -0700)]
ofproto: Revert change in flow cookie when an ofoperation fails.
The flow_cookie member of struct ofoperation has always been there, but it
seems that it's never been used. This fixes the code so that if a modify
operation fails the rule's original flow cookie is restored.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Thu, 12 Jul 2012 17:15:35 +0000 (10:15 -0700)]
rconn: Add byte counting feature to rconn_packet_counter.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Tue, 3 Jul 2012 21:23:10 +0000 (14:23 -0700)]
Add OFPRR_EVICTION to enum ofp_flow_removed_reason.
This is likely to be part of OpenFlow 1.3.1 or 1.4 and we have use for it
beforehand to report evicted flows.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Fri, 29 Jun 2012 23:35:17 +0000 (16:35 -0700)]
ofp-util: Make put_stats__() public as ofputil_put_stats_header().
An upcoming commit will introduce a user outside of ofp-util.c.
The change to put_stats_reply__() is larger than strictly necessary to
avoid making really ugly line breaks.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Fri, 29 Jun 2012 23:23:43 +0000 (16:23 -0700)]
ofp-print: Slightly extend ofp_print_bit_names().
In an upcoming commit I want to print comma-separated, not space-separated,
names for a set of bits.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Thu, 12 Jul 2012 17:13:10 +0000 (10:13 -0700)]
classifier: New function cls_rule_is_loose_match().
This function will be useful in an upcoming commit.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Sat, 30 Jun 2012 05:33:56 +0000 (22:33 -0700)]
ofproto: Finalize all ofoperations in a given ofgroup at the same time.
An upcoming commit will add support for flow table monitoring by
controllers. One feature of this upcoming support is that a controller's
own changes to the flow table can be abbreviated to a summary, since the
controller presumably knows what it has already sent to the switch.
However, the summary only makes sense if a set of flow table changes
completely succeeds or completely fails. If it partially fails, the
switch must not attempt to summarize it, because the controller needs
to know the details. Given that, we have to wait for all of the
operations in an ofgroup to either succeed or fail before the switch
can send its flow table update report to the controllers. This
commit makes that change.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Fri, 6 Jul 2012 17:02:09 +0000 (10:02 -0700)]
ofproto: Mark some function parameters const.
This allows FOR_EACH_MATCHING_TABLE to be used with const TABLE and
OFPROTO arguments.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Fri, 6 Jul 2012 20:05:38 +0000 (13:05 -0700)]
ofp-print: Print out_port field in "flow_mod"s.
Somehow we've overlooked this for a long time. I guess that feature
doesn't get used very much.
Also updates the test output for OFPT_FLOW_MOD to include the out_port
output and adds out_port to the NXT_FLOW_MOD tests.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Thu, 12 Jul 2012 20:32:47 +0000 (13:32 -0700)]
ovs-ofctl: Add --sort and --rsort options for "dump-flows" command.
Feature #8754.
Signed-off-by: Arun Sharma <arun.sharma@calsoftinc.com>
[blp@nicira.com rewrote most of the code]
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Tue, 3 Jul 2012 18:31:03 +0000 (11:31 -0700)]
ovs-ofctl: Factor code out of read_flows_from_switch().
I want to use this code in another function in an upcoming commit.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Tue, 3 Jul 2012 17:25:35 +0000 (10:25 -0700)]
ovs-ofctl: Use the prepared connection to dump flows in do_dump_flows__().
The logic in do_dump_flows__() went to some trouble to open an OpenFlow
connection and set the correct protocol, but then it allowed
dump_stats_transaction() to create and use a completely different OpenFlow
connection that hadn't been prepared that way. This commit fixes the
problem.
I don't think that there is a real bug here because currently the set of
protocols doesn't influence flow stats replies. But that could change in
the future.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Thu, 12 Jul 2012 18:31:13 +0000 (11:31 -0700)]
ofp-util: Reload ofpbuf pointers after nx_put_match().
Fixes a wild pointer write when nx_put_match() expands the ofpbuf.
The change to the OFPST_FLOW case isn't strictly a bug fix, it just makes
the code for that case more closely resemble the NXST_FLOW case.
Bug #12403.
Bug #12460.
Bug #12461.
Bug #12481.
Reported-by: Timothy Chen <tchen@nicira.com>
Reported-by: Natasha Gude <natasha@nicira.com>
Reported-by: James Schmidt <jschmidt@nicira.com>
Reported-by: Alan Shieh <ashieh@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Simon Horman [Thu, 5 Jul 2012 08:15:17 +0000 (17:15 +0900)]
meta-flow: Remove mf_set_subfield and mf_set_subfield
These functions do not appear to be used any more.
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Thu, 12 Jul 2012 15:43:29 +0000 (08:43 -0700)]
ovs-vsctl: Correct example for removing a mirror.
Reported-by: Kris zhang <zhang.kris@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Thu, 12 Jul 2012 15:08:15 +0000 (08:08 -0700)]
FAQ: Patch ports are not targeted for upstream.
The previous text was ambiguous.
Reported-by: Konstantin Khorenko <khorenko@openvz.org>
CC: Jesse Gross <jesse@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Joe Stringer [Wed, 11 Jul 2012 23:07:15 +0000 (11:07 +1200)]
meta-flow: Reduce redundant transport set/get code
Signed-off-by: Joe Stringer <joe@wand.net.nz>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Tue, 10 Jul 2012 21:51:29 +0000 (14:51 -0700)]
cfm: Always initialize CCM "internal_ms_x" extension field.
Found by valgrind:
Syscall param socketcall.sendmsg(msg.msg_iov[i]) points to uninitialised
byte(s)
at 0x42D3021: sendmsg (in /lib/libc-2.5.so)
by 0x80E4D23: nl_sock_transact (netlink-socket.c:670)
by 0x80D9086: dpif_linux_execute__ (dpif-linux.c:872)
by 0x807D6AE: dpif_execute__ (dpif.c:957)
by 0x807D6FE: dpif_execute (dpif.c:987)
by 0x805DED9: send_packet (ofproto-dpif.c:4727)
by 0x805F8E1: port_run_fast (ofproto-dpif.c:2441)
by 0x8065CF6: run_fast (ofproto-dpif.c:926)
by 0x805674F: ofproto_run_fast (ofproto.c:1148)
by 0x804C957: bridge_run_fast (bridge.c:1980)
by 0x8053F49: main (ovs-vswitchd.c:123)
Address 0xbea0895c is on thread 1's stack
Bug #11797.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Joe Stringer [Wed, 11 Jul 2012 12:01:11 +0000 (00:01 +1200)]
tests: Improve test coverage of OXM metadata field
Signed-off-by: Joe Stringer <joe@wand.net.nz>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Simon Horman [Mon, 9 Jul 2012 09:03:54 +0000 (18:03 +0900)]
NXM, OXM: Add Flow Label Tests
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ed Maste [Wed, 11 Jul 2012 13:16:00 +0000 (09:16 -0400)]
Add forgotten header
Signed-off-by: Ed Maste <emaste@freebsd.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Wed, 11 Jul 2012 07:58:53 +0000 (00:58 -0700)]
FAQ: Add FAQ entry for determining OpenFlow port numbers.
I don't understand why, but I've had this question from multiple people
recently.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Mon, 9 Jul 2012 21:21:00 +0000 (14:21 -0700)]
ofp-actions: Add hex dump of bad actions to log message on error.
This should make debugging easier in such cases.
Bug #12460.
Reported-by: Natasha Gude <natasha@nicira.com>
Reported-by: James Schmidt <jschmidt@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Wed, 11 Jul 2012 07:54:53 +0000 (00:54 -0700)]
FAQ: Add FAQ entry about flow normalization.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Tue, 10 Jul 2012 21:11:59 +0000 (14:11 -0700)]
datapath: Check gso_type for correct sk_buff in queue_gso_packets().
At the point where it was used, skb_shinfo(skb)->gso_type referred to a
post-GSO sk_buff. Thus, it would always be 0. We want to know the pre-GSO
gso_type, so we need to obtain it before segmenting.
Before this change, the kernel would pass inconsistent data to userspace:
packets for UDP fragments with nonzero offset would be passed along with
flow keys that indicate a zero offset (that is, the flow key for "later"
fragments claimed to be "first" fragments). This inconsistency tended
to confuse Open vSwitch userspace, causing it to log messages about
"failed to flow_del" the flows with "later" fragments.
Bug #12394.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Ethan Jackson [Mon, 9 Jul 2012 22:59:44 +0000 (15:59 -0700)]
cfm: Remove sequence fault reason.
Commit
2b540ecb (Added handling of previously ignored cfm faults.)
made the CFM code trigger a fault when a packet is received with an
out of order sequence number. This means that if even one CFM
probe is dropped, a fault will be triggered because the next
received probe's sequence would be two greater than the last. This
is in conflict with the 802.1ag requirement that 3.5 dropped probes
triggers fault.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Arun Sharma [Sun, 8 Jul 2012 11:38:36 +0000 (04:38 -0700)]
Rename static functions to increase uniqueness.
Rename do_* in ovs-dpctl and ovs-ofctl command with "dpctl_" or "ofctl_"
prefix.
Rename add_flow with dp_netdev_flow_add in lib/dpif-netdev.c.
Signed-off-by: Arun Sharma <arun.sharma@calsoftinc.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Fri, 6 Jul 2012 22:13:25 +0000 (15:13 -0700)]
debian: Remove obsolete advice to edit /etc/default/openvswitch-switch.
This hasn't been necessary for a long time.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Fri, 6 Jul 2012 22:08:10 +0000 (15:08 -0700)]
debian: Add "netbase" dependency for /etc/protocols.
ovs-ctl.in uses /etc/protocols, which is in the "netbase" package, so a
dependency is required.
Debian bug #680537.
CC: 680537@bugs.debian.org
Reported-by: Bastian Blank <waldi@debian.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Justin Pettit [Sun, 8 Jul 2012 20:04:27 +0000 (13:04 -0700)]
ipsec gre: Don't cache bad ovs-monitor-ipsec pid values.
Commit
2a586a5 (ipsec gre: Do not reread ovs monitor ipsec pidfile in
netdev vport so much) attempts to cache the pid of ovs-monitor-ipsec so
that it's not re-checked so often. Unfortunately, it also cached error
returns, so errors never recover. This commit continues to check for
the process's existence after an error.
Issue #12399
Reported-by: Paul Ingram <paul@nicira.com>
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Ben Pfaff [Wed, 27 Jun 2012 23:00:08 +0000 (16:00 -0700)]
ofproto: Make ofoperation_create() return the new operation.
This seems like sensible return value semantics to me, even though the new
operation is also available through rule->pending.
This is a code cleanup only that should not affect behavior.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Fri, 29 Jun 2012 23:22:41 +0000 (16:22 -0700)]
nicira-ext: Fix wrong information in comment.
The priority of exact-match flows is ignored only for the OF1.0 flow match
format, never for NXM.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Fri, 29 Jun 2012 23:20:23 +0000 (16:20 -0700)]
ovs-ofctl: Fix typos in manpage.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Fri, 29 Jun 2012 17:36:48 +0000 (10:36 -0700)]
ofproto: Fix typos in comments.
This corrects the spelling of the OFOPERATION_* constants.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ethan Jackson [Thu, 28 Jun 2012 21:55:55 +0000 (14:55 -0700)]
ovs-lib: Support old versions of strace.
The ovs-lib strace wrapper requires the -D (run tracer process as a
detached grandchild, not as parent) option which does not exist in
older versions. This patch falls back to attaching to the running
process when the -D option does not exists.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Ben Pfaff [Tue, 26 Jun 2012 21:43:08 +0000 (14:43 -0700)]
ovs-vswitchd: Log datapath ID in a more user-friendly way.
The layering between ofproto and ovs-vswitchd caused the datapath ID to be
logged in a needlessly confusing way. First, ofproto would log its
default datapath ID:
using datapath ID
0000505400000004
then the bridge code would immediately determine the datapath ID that it
wanted and call ofproto_set_datapath_id(), which would log the change
datapath ID changed to
0000111122223333
This commit stops logging the default datapath ID, which is never actually
visible in OpenFlow. This should make the log files easier to understand.
Bug #12164.
Reported-by: Jacob Cherkas <jcherkas@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Tue, 26 Jun 2012 19:40:27 +0000 (12:40 -0700)]
ofproto: Always include ofproto name in log messages.
Otherwise the log messages can be confusing when there's more than one
bridge.
Reported-by: Jacob Cherkas <jcherkas@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ethan Jackson [Mon, 25 Jun 2012 22:46:44 +0000 (15:46 -0700)]
bond: Sending learning packets on active-backup.
Suppose we have an active bond with two ports, eth1 and eth2,
attached to a standard L2 learning switch which does not know it's
participating in a bond (i.e. isn't running LACP). Suppose eth1 is
active and therefore the L2 learning switch is forwarding traffic
to eth1 as instructed by its learning table. Now suppose, for some
reason, OVS fails over from eth1 to eth2. For each destination
MAC, the L2 learning switch will continue sending traffic to eth1,
which will be dropped, until either traffic from that MAC appears
on eth2, or the learning table entries expire.
To alleviate this issue, this patch sends learning packets on newly
active interfaces in active-backup bonds in order to educate the
upstream network of the change.
Requested-by: Frido Roose <fr.roose@gmail.com>
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Ethan Jackson [Mon, 25 Jun 2012 22:48:10 +0000 (15:48 -0700)]
bond: Don't send learning packets on STABLE bonds.
Stable bonds require upstream switch support to avoid confusing
learning tables. Therefore, sending learning packets on these
bonds doesn't make a lot of sense.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Ben Pfaff [Thu, 5 Jul 2012 19:57:16 +0000 (12:57 -0700)]
ovs-check-dead-ifs: Tolerate processes that disappear during run.
os.listdir("/proc/%d/fd" % pid) throws OSError if 'pid' died since the
list of pids was obtained.
Bug #12375.
Reported-by: Amey Bhide <abhide@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Thu, 5 Jul 2012 18:11:42 +0000 (11:11 -0700)]
ofp-util: Add comment to ofputil_postappend_stats_reply().
It seemed like it could use one.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Thu, 5 Jul 2012 18:11:21 +0000 (11:11 -0700)]
nx-match: Drop NXM_MAX_LEN.
It isn't used anymore and keeping it up-to-date is error-prone.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Simon Horman [Thu, 5 Jul 2012 08:41:10 +0000 (17:41 +0900)]
openflow: Rename OFP_VLAN_NONE as OFP10_VLAN_NONE
* Remove duplicate definition of OFP_VLAN_NONE
* Rename OFP_VLAN_NONE as OFP10_VLAN_NONE as it appears to be
only used by OpenFlow 1.0.
As suggested by Ben Pfaff.
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Thu, 5 Jul 2012 15:41:03 +0000 (08:41 -0700)]
ovs-brcompatd: Fix sending replies to kernel requests.
Commit 7d7447 (netlink: Postpone choosing sequence numbers until send
time.) broke ovs-brcompatd because it prevented userspace replies to
kernel requests from using the correct sequence numbers. This commit fixes
it.
Atzm Watanabe found the root cause and provided an alternative patch to
avoid the problem.
Reported-by: André Ruß <andre.russ@hybris.com>
Reported-by: Atzm Watanabe <atzm@stratosphere.co.jp>
Tested-by: Atzm Watanabe <atzm@stratosphere.co.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Isaku Yamahata [Thu, 5 Jul 2012 03:53:37 +0000 (12:53 +0900)]
openflow-1.2: correct action number
The number 13, 14 aren't used.
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Wed, 4 Jul 2012 05:14:29 +0000 (22:14 -0700)]
ofp-actions: Add decoding and encoding OF1.1 instructions and actions.
So far, only the Apply-Actions instruction is supported, and only
actions that have identical semantics to OpenFlow 1.0 actions.
Co-authored-by: Simon Horman <horms@verge.net.au>
Co-authored-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Wed, 4 Jul 2012 05:17:14 +0000 (22:17 -0700)]
Introduce ofpacts, an abstraction of OpenFlow actions.
OpenFlow actions have always been somewhat awkward to handle.
Moreover, over time we've started creating actions that require more
complicated parsing. When we maintain those actions internally in
their wire format, we end up parsing them multiple times, whenever
we have to look at the set of actions.
When we add support for OpenFlow 1.1 or later protocols, the situation
will get worse, because these newer protocols support many of the same
actions but with different representations. It becomes unrealistic to
handle each protocol in its wire format.
This commit adopts a new strategy, by converting OpenFlow actions into
an internal form from the wire format when they are read, and converting
them back to the wire format when flows are dumped. I believe that this
will be more maintainable over time.
Thanks to Simon Horman and Pravin Shelar for reviews.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Fri, 8 Jun 2012 00:23:59 +0000 (20:23 -0400)]
ofp-util: Add OFPUTIL_ACTION_INVALID to enum ofputil_action_code.
Possibly the ofputil_decode_action() interface should be rethought now
that ofputil_action_code has an invalid value.
Reviewed-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Arun Sharma [Tue, 3 Jul 2012 01:30:21 +0000 (18:30 -0700)]
ipsec gre: Do not reread ovs monitor ipsec pidfile in netdev vport so much
Instead of rereading ovs-monitor-ipsec pidfile in netdev-vport so much. It's
probably only necessary to check once if ovs-monitor-ipsec is running,
and then cache the result. If the result is negative, then it may be
worthwhile to try again the next time someone tries to configure an ipsec
tunnel.
Signed-off-by: Arun Sharma <arun.sharma@calsoftinc.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Mon, 2 Jul 2012 17:34:32 +0000 (10:34 -0700)]
python: Call 'wait' methods correctly in jsonrpc and stream code.
Bug #12301.
Reported-by: Mike Kruze <mkruze@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ansis Atteka [Mon, 2 Jul 2012 22:02:39 +0000 (15:02 -0700)]
Fix build error on XenServer
A missing backslash broke the build.
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Ansis Atteka [Thu, 28 Jun 2012 22:52:40 +0000 (15:52 -0700)]
ovs-l3ping: A new test utility that allows to detect L3 tunneling issues
ovs-l3ping is similar to ovs-test, but the main difference
is that it does not require administrator to open firewall
holes for the XML/RPC control connection. This is achieved
by encapsulating the Control Connection over the L3 tunnel
itself.
This tool is not intended as a replacement for ovs-test,
because ovs-test covers much broader set of test cases.
Sample usage:
Node1: ovs-l3ping -s 192.168.122.236,10.1.1.1 -t gre
Node2: ovs-l3ping -c 192.168.122.220,10.1.1.2,10.1.1.1 -t gre
Issue#11791
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Arun Sharma [Mon, 2 Jul 2012 11:32:44 +0000 (04:32 -0700)]
Python daemons: Changed log date time format.
Changed the python daemons log date and time format to keep similar
as C binaries logging format. The date time is in UTC.
Signed-off-by: Arun Sharma <arun.sharma@calsoftinc.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Mon, 2 Jul 2012 16:12:13 +0000 (09:12 -0700)]
Use UTC consistently instead of local timezone.
Signed-off-by: Arun Sharma <arun.sharma@calsoftinc.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Fri, 29 Jun 2012 16:22:59 +0000 (09:22 -0700)]
ovs-vswitchd: Call mlockall() from the daemon, not the parent or monitor.
mlockall(2) says:
Memory locks are not inherited by a child created via fork(2) and are
automatically removed (unlocked) during an execve(2) or when the
process terminates.
which means that --mlockall was ineffective in combination with --detach
or --monitor or both. Both are used in the most common production
configuration of Open vSwitch, so this means that --mlockall has never been
effective in production.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ed Maste [Fri, 29 Jun 2012 21:11:24 +0000 (21:11 +0000)]
Route-table implementation for (Free)BSD
This is a trivial implementation of the route-table functionality for
FreeBSD, as needed by ofproto/ofproto-dpif-sflow.c. It has not yet
been extensively tested.
Signed-off-by: Ed Maste <emaste@freebsd.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ed Maste [Fri, 29 Jun 2012 21:13:54 +0000 (21:13 +0000)]
vlandev: Move Linux #include under #ifdef __linux__
Signed-off-by: Ed Maste <emaste@freebsd.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Arun Sharma [Fri, 29 Jun 2012 02:56:39 +0000 (19:56 -0700)]
Debian packaging to remove system-id.conf
Debian packaging, "--purge" to remove /etc/openvswitch/system-id.conf
Signed-off-by: Arun Sharma <arun.sharma@calsoftinc.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Thu, 28 Jun 2012 05:48:01 +0000 (22:48 -0700)]
openflow: Move enums for "packet_out" and "flow_mod" to common header.
Reviewed-by: Joe Stringer <joe@wand.net.nz>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Mon, 11 Jun 2012 18:23:06 +0000 (11:23 -0700)]
ofproto: Report nonexistent ports and queues as errors in queue stats.
Until now, Open vSwitch has ignored missing ports and queues in most cases
in queue stats requests, simply returning an empty set of statistics.
It seems that it is better to report an error, so this commit does this.
Reported-by: Prabina Pattnaik <Prabina.Pattnaik@nechclst.in>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Mon, 11 Jun 2012 18:15:31 +0000 (11:15 -0700)]
ovs-ofctl: Fix handling of unexpected replies in dump_stats_transaction().
dump_stats_transaction() ignored errors and other non-stats replies to
its request and would continue to wait forever. This fixes the problem.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Simon Horman [Wed, 27 Jun 2012 08:19:52 +0000 (17:19 +0900)]
openflow: Add Open Flow 1.2 to ofp_to_string__()
Signed-off-by: Simon Horman <horms@verge.net.au>
[blp@nicira.com fixed testsuite failure.]
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ethan Jackson [Wed, 27 Jun 2012 20:41:17 +0000 (13:41 -0700)]
ovs-ctl: Add additional options to strace wrapper.
It's useful to know how long each system call took, and at what
time each system call happened. In addition this patch causes
strace to print strings more fully allowing log messages to be seen
in the output.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Ben Pfaff [Wed, 27 Jun 2012 16:56:20 +0000 (09:56 -0700)]
tests: Fix MockXenAPI to make the ovs-xapi-sync test case pass again.
Commit
1dc6839d2d (xenserver: Improve efficiency of code by using
get_all_records_where()) updated the ovs-xapi-sync script and caused a unit
test failure. This fixes it.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Rob Hoes [Wed, 27 Jun 2012 15:14:21 +0000 (16:14 +0100)]
xenserver: Improve efficiency of code by using get_all_records_where()
Replace the get_record() for network references which caused as many
slave-to-master calls as there are Network records plus one.
The get_all_records_where() call gets exactly what is needed with a single
call.
Signed-off-by: Rob Hoes <rob.hoes@citrix.com>
Acked-by: Dominic Curran <dominic.curran@citrix.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Isaku Yamahata [Wed, 27 Jun 2012 14:23:25 +0000 (07:23 -0700)]
lib/meta-flow: introduce a macro, CASE_MFF_REGS, to catch "case MFF_REG<N>:"
Introduce a macro instead for
With this macro, the code is a bit reduced.
test: compile-tested and unit tests passed.
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
[blp@nicira.com moved the macro declaration, moved trailing colon from
macro definition to invocation, adjusted style slightly]
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Wed, 27 Jun 2012 14:12:04 +0000 (07:12 -0700)]
nicira-ext: Fix typo in comment.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Joe Stringer [Tue, 26 Jun 2012 13:09:44 +0000 (01:09 +1200)]
Add OXM_OF_METADATA field as a step toward OpenFlow 1.1 support.
Signed-off-by: Joe Stringer <joe@wand.net.nz>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Tue, 26 Jun 2012 17:52:34 +0000 (10:52 -0700)]
meta-flow: Accept NXM and OXM field names, support NXM and OXM for output.
This commit makes actions that accept NXM header values also accept OXM
header values and accept OXM field names where previously only NXM field
names were accepted.
This makes it possible to add new OXM fields that don't have NXM header
values, e.g. the OXM "metadata" field.
Inspired by Joe Stringer's patch:
http://openvswitch.org/pipermail/dev/2012-June/018344.html
Reported-by: Joe Stringer <joe@wand.net.nz>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Isaku Yamahata [Wed, 27 Jun 2012 04:26:57 +0000 (13:26 +0900)]
lib/meta-flow: use symbolic value instead of ~7
mf_is_value_valid() use symbolic value instead of 7 for vlan pcp
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Joe Stringer [Wed, 27 Jun 2012 03:38:39 +0000 (15:38 +1200)]
nicira-ext: Fix nx-action documentation
Signed-off-by: Joe Stringer <joe@wand.net.nz>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Wed, 27 Jun 2012 01:38:20 +0000 (18:38 -0700)]
SubmittingPatches: Correct mailing list to use for sending patches.
Reported-by: Ed Maste <emaste@freebsd.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Justin Pettit [Tue, 26 Jun 2012 04:44:56 +0000 (21:44 -0700)]
Update dates and notes for 1.6.1 release.
Signed-off-by: Justin Pettit <jpettit@nicira.com>