Ben Pfaff [Tue, 6 Apr 2010 19:40:11 +0000 (12:40 -0700)]
in-band: Fix memory leak in get_remote_mac().
If the call to netdev_open_default() failed then next_hop_dev was not
freed, but it should be.
Ben Pfaff [Tue, 6 Apr 2010 00:12:43 +0000 (17:12 -0700)]
in-band: Fix inconsistency in in-band code.
The IBR_TO_LOCAL_ARP and IBR_FROM_LOCAL_ARP flows are dropped if there is
no local MAC. I don't see why IBR_FROM_LOCAL_DHCP should be different, so
this commit adds it too.
Ben Pfaff [Wed, 7 Apr 2010 22:27:35 +0000 (15:27 -0700)]
ofproto: Make valgrind happy.
The "flags" member of struct odp_flow is not used for adding or deleting
flows, but valgrind doesn't know that. By zeroing it out we can suppress
spurious warnings.
Ben Pfaff [Wed, 7 Apr 2010 19:57:21 +0000 (12:57 -0700)]
fail-open: Fix typo in comment.
Ben Pfaff [Wed, 7 Apr 2010 20:30:14 +0000 (13:30 -0700)]
ovs-openflowd: Remove documentation for obsolete --mgmt-id option.
Also remove unused OPT_MGMT_ID enum.
Ben Pfaff [Fri, 16 Apr 2010 17:31:05 +0000 (10:31 -0700)]
ovsdb-doc: Distinguish hyphens and minus signs in nroff output.
In nroff, a minus sign (\-) should generally be used in literal text,
whereas hyphens are generally correct elsewhere. This roughly corresponds
to bold versus non-bold text, so this commit makes ovsdb-doc output "-"
that appears in input as a minus sign if it is bold or a hyphen if it is
not.
Ben Pfaff [Mon, 19 Apr 2010 21:37:56 +0000 (14:37 -0700)]
CodingStyle: Drop advice about breaking lines before binary operators.
I like the style that was prescribed here--I find it slightly easier to
read--but everyone else who submits code seems to prefer breaking
lines after binary operators instead. No point in fighting the tide.
Jesse Gross [Mon, 19 Apr 2010 20:35:30 +0000 (16:35 -0400)]
Document GRE port options.
Ben Pfaff [Mon, 19 Apr 2010 18:40:32 +0000 (11:40 -0700)]
xenserver: Restore original InterfaceReconfigure*.py on uninstall.
The %post script fragment in the RPM spec was moving aside the original
InterfaceReconfigure{,Bridge,Vswitch}.py scripts, but the %postun was
not restoring them. This commit restores them in %postun.
Without this change, installing the openvswitch RPM on a stock XenServer
and then uninstalling it breaks XenServer networking.
Bug #2624.
Reported-by: Ram Jothikumar <rjothikumar@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ben Pfaff [Mon, 19 Apr 2010 18:26:07 +0000 (11:26 -0700)]
Fix broken build by adding forgotten header file to list of headers.
Ben Pfaff [Mon, 19 Apr 2010 18:12:27 +0000 (11:12 -0700)]
Update fake bond devices' statistics with the sum of bond slaves' stats.
Needed by XAPI to accurately report bond statistics.
Ugh.
Bug NIC-63.
Jesse Gross [Thu, 8 Apr 2010 14:22:35 +0000 (10:22 -0400)]
tunneling: Remove old GRE implementation.
The new GRE implementation provides a complete drop in replacement
for the old Linux based implementation. Therefore, remove the
old implementation and rename "grenew" to "gre".
Jesse Gross [Sun, 11 Apr 2010 13:38:49 +0000 (09:38 -0400)]
tunneling: Add userspace support for new GRE implementation.
Add a netdev that supports the new datapath GRE implementation.
It currently coexists with the old implementation so it is named
"grenew".
Jesse Gross [Sun, 11 Apr 2010 13:37:19 +0000 (09:37 -0400)]
netdev: Allow get_ifindex and get_features to be null.
Allow netdev providers to set get_ifindex and get_features it
null if they would always return EOPNOTSUPP. This is particuarly
useful for virtual devices.
Jesse Gross [Tue, 30 Mar 2010 22:40:01 +0000 (18:40 -0400)]
netdev-linux: Don't free a member of a struct.
We allocate struct netdev_linux which contains struct netdev but
free the netdev. In practice this makes no difference because the
netdev is the first member of the struct but we should be correct
anyways.
Jesse Gross [Tue, 30 Mar 2010 22:39:20 +0000 (18:39 -0400)]
netdev-linux: Check notifications are for netdev-linux device.
When receiving a change notification from rtnetlink we checked whether
a netdev of that name existed and if so tried to handle it. This also
checks that the type of the device is one handled by netdev-linux.
Jesse Gross [Sat, 17 Apr 2010 19:23:31 +0000 (15:23 -0400)]
tunneling: Add datapath GRE support.
Add a new vport type that implements GRE support inside of the
datapath instead of relying on Linux devices. This provides
greater scalability, performance, and control.
The new GRE implementation supports nearly all features of the
Linux implementation. It does not currently support multicast,
NBMA tunnels, or non-Ethernet devices.
This implementation of GRE has several important benefits over the
existing Linux implementation. The first is simply that is not a
Linux device. Linux devices are fairly heavy weight both in terms
of memory consumption and interactions with the rest of the system
(notifications, processes polling, etc.). There are many pieces of
code that make assumptions about the maximum reasonable number of
ports. Simply maintaining the state of several thousand devices is
enough to full occupy the CPU.
A tighter coupling between the GRE implementation and datapath
also allows more flexibility. The key can be set and retrieved
from the flow table, which allows even greater scalability.
There will probably be additional use cases in the future.
Jesse Gross [Wed, 7 Apr 2010 17:55:28 +0000 (13:55 -0400)]
datapath: Add function to copy skb checksum bits.
Some kernels don't copy the checksum offload state in the skb
header when doing different types of copies. Xen adds even more
fields, which are also not consistently copied. The result is
uninitialized memory and random outcomes. This adds a function to
consistently copy these bits across all kernel versions.
Jesse Gross [Thu, 1 Apr 2010 21:34:18 +0000 (17:34 -0400)]
datapath: Add skb_csum_help compatibility function.
Later kernel versions remove the direction argument from
skb_checksum_help. This provides a compatibility function so we
can have consistent syntax across versions.
Since CHECKSUM_PARTIAL is the same as CHECKSUM_HW on older kernels
this allows a unified code path for computing checksums.
Jesse Gross [Fri, 2 Apr 2010 20:46:18 +0000 (16:46 -0400)]
datapath: Genericize hash table.
Currently the flow hash table assumes that it is storing flows.
However, we will need additional types of hash tables in the
future so remove assumptions about flows and convert the datapath
to use the new table.
Jesse Gross [Sat, 10 Apr 2010 05:19:29 +0000 (01:19 -0400)]
dpif-linux: Clean up vports that are no longer in config.
If the config changes while ovs-vswitchd is not running it is possible
that there could be some vports which are no longer needed but won't
be destroyed when closed because they aren't open. This deletes
unneeded vports at the same time that we clean up unneeded datapaths.
Jesse Gross [Tue, 13 Apr 2010 17:57:40 +0000 (13:57 -0400)]
netdev: Add function netdev_is_open().
Add netdev_is_open(), which checks to see if a given netdev is
currently open. It will be used to assist in cleaning up old ports
that are no longer in use.
Jesse Gross [Mon, 12 Apr 2010 19:53:39 +0000 (15:53 -0400)]
datapath: Add generic virtual port layer.
Currently the datapath directly accesses devices through their
Linux functions. Obviously this doesn't work for virtual devices
that are not backed by an actual Linux device. This creates a
new virtual port layer which handles all interaction with devices.
The existing support for Linux devices was then implemented on top
of this layer as two device types. It splits out and renames dp_dev
to internal_dev. There were several places where datapath devices
had to handled in a special manner and this cleans that up by putting
all the special casing in a single location.
Jesse Gross [Mon, 12 Apr 2010 19:53:10 +0000 (15:53 -0400)]
datapath: Don't read net namespace on kernels that don't use them.
Use macros to eliminate the network namespace argument before it
gets to the compiler. This allows us to specify a namespace on
kernels that know about them and prevent the compiler from complaining
on kernels that don't.
Jesse Gross [Sun, 11 Apr 2010 13:52:40 +0000 (09:52 -0400)]
datapath: Add rtnl_is_locked compatibility function.
rtnl_is_locked wasn't added until 2.6.26 so provide an implementation
of it.
Jesse Gross [Tue, 6 Apr 2010 02:38:31 +0000 (22:38 -0400)]
datapath: Add dev_get_stats compatibility function.
The dev_get_stats function wasn't added until 2.6.29 so provide
a replacement for it.
Jesse Gross [Mon, 12 Apr 2010 15:49:16 +0000 (11:49 -0400)]
tunneling: Add support for tunnel ID.
Add a tun_id field which contains the ID of the encapsulating tunnel
on which a packet was received (0 if not received on a tunnel). Also
add an action which allows the tunnel ID to be set for outgoing
packets. At this point there aren't any tunnel implementations so
these fields don't have any effect.
The matching is exposed to OpenFlow by overloading the high 32 bits
of the cookie as the tunnel ID. ovs-ofctl is capable of turning
on this special behavior using a new "tun-cookie" command but this
command is intentially undocumented to avoid it being used without
a full understanding of the consequences.
Ben Pfaff [Fri, 16 Apr 2010 00:11:45 +0000 (17:11 -0700)]
bridge: Don't learn from inadmissible flows when revising learning table.
Various kinds of flows are inadmissible and must be dropped. Most notably,
OVS drops packets received on a bond whose destinations are ones that OVS
has already learned on a different port. As the comment says:
/* Drop all packets for which we have learned a different input
* port, because we probably sent the packet on one slave and got
* it back on the other. Broadcast ARP replies are an exception
* to this rule: the host has moved to another switch. */
As an important side effect of dropping these packets, OVS does not use
them for MAC learning when it sets up the corresponding flows.
However, OVS also periodically scans the datapath flow table and uses
information about flow activity to update its learning tables. (Otherwise,
learning table entries could expire because no new flows were being set up,
even though active flows existed.) This process, implemented in
bridge_account_flow_ofhook_cb(), did not check for admissibility, so
packets received on a bond could be used for learning even though another
port had already been learned.
This commit fixes the problem by making bridge_account_flow_ofhook_cb()
check for admissibility.
QA notes: Reproducing this problem requires some care and some luck. One
way is to have two VMs with network interfaces on a single bonded network.
Both bonded interfaces must be up (otherwise packets sent out on one slave
will never be received on the other). The problem will also not occur if
the physical switch that the bond slaves are plugged into has learned the
MAC address of the VMs involved (because the physical switch will then,
again, drop the packets without sending them back in on the other slave).
Finally, there needs to be some luck in timing and perhaps with the OVS
internal hash function also.
(One way to reproduce it reliably is to plug a pair of Ethernet ports into
each other with a cable, without an intermediate switch, and then use that
pair of ports as a bond. Then every packet sent out on one will
immediately be received on the other, triggering the problem fairly often.
If this doesn't work at first, try changing the Ethernet address used on
one side or the other.)
To verify that the problem being observed is the one fixed by this commit,
turn on bridge debugging with "ovs-appctl vlog/set bridge:file" and look
for "bridge xapi2: learned that 00:01:02:03:04:06 is on port bond0 in VLAN
0" where 00:01:02:03:04:06 is a VM's Ethernet address and bond0 is the
name of the bond in the ovs-vswitchd log file.
Testing: I ran the "loopback bond" test above with and without this commit,
twice each in case I was just lucky.
CC: Henrik Amren <henrik@nicira.com>
Bug #2366.
Bug NIC-64.
Bug NIC-69.
Ben Pfaff [Thu, 15 Apr 2010 23:43:10 +0000 (16:43 -0700)]
bridge: Factor admissibility check out of process_flow().
The next commit will need to make the same tests as the first part of
process_flow(), so this commit breaks that out into a new function
is_admissible().
Should have no externally visible effect.
Ben Pfaff [Thu, 15 Apr 2010 22:37:20 +0000 (15:37 -0700)]
bridge: Minor cleanup in process_flow().
Should have no externally visible effect.
Ben Pfaff [Thu, 15 Apr 2010 23:36:14 +0000 (16:36 -0700)]
bridge: Don't log warnings when revalidating.
The rest of the warnings along this path follow this rule, but this one
didn't. Make it consistent.
Justin Pettit [Thu, 15 Apr 2010 14:39:02 +0000 (07:39 -0700)]
xenserver: Fix name of veth module so it can be loaded on startup
Justin Pettit [Wed, 14 Apr 2010 04:24:37 +0000 (21:24 -0700)]
netdev: Add support for "patch" type
This commit introduces a new netdev type called "patch". A patch is a
pair of interfaces, in which frames sent through one of the devices
pop out of the other. This is useful for linking together datapaths.
A patch's only argument on creation is "peer", which specifies the other
side of the patch. A patch must be created in pairs, so a second netdev
must be created with the "name" and "peer" values reversed.
The current implementation is built using veth devices. Further, it's
limited to the veth devices which support configuration through sysfs.
This limits the ability to use a "patch" on 2.6.18 kernels using the
veth device we include (read: flavors of XenServer 5.5). In the not too
distant future, the implementation will be modified to use the new
kernel port abstraction introduced by Jesse Gross's forthcoming GRE
work. At that point, patch devices will work on any Linux platform
supported by OVS.
Justin Pettit [Wed, 14 Apr 2010 03:52:48 +0000 (20:52 -0700)]
xenserver: Load veth driver on 2.6.18 systems
In a future commit, the "patch" netdev type will be introduced. The
initial implementation will be based on veth, for which we have a kernel
module on 2.6.18. A more general solution will be used in the future,
at which time, this loading of the veth module can be removed.
Justin Pettit [Tue, 13 Apr 2010 22:53:37 +0000 (15:53 -0700)]
veth: Fix problems removing veth devices
When a user tried to delete a veth device through sysfs, the driver
wasn't properly parsing the device name. Also, it called
dev_get_by_name(), which increments a refcount on the device, but didn't
make a dev_put() before trying to delete it.
Justin Pettit [Wed, 14 Apr 2010 01:18:51 +0000 (18:18 -0700)]
ovs-vsctl: Cleanup some formatting in man page
Ben Pfaff [Wed, 14 Apr 2010 17:49:34 +0000 (10:49 -0700)]
ofproto: Use original in_port for executing NXAST_RESUBMIT actions.
If NXAST_RESUBMIT adopts the replacement in_port for executing actions,
then OFPP_NORMAL will believe that traffic originated from whatever port
that is. This seems unlikely to ever be useful and in fact breaks
applications that use NXAST_RESUBMIT for two-stage ACLs.
Bug #2644.
Ben Pfaff [Wed, 14 Apr 2010 23:02:38 +0000 (16:02 -0700)]
stream-ssl: Avoid access-after-free error in update_ssl_config().
Commit
b84f503d "stream-ssl: Read existing CA certificate more eagerly
during bootstrap" inadvertently introduced an access-after-free error:
do_ca_cert_bootstrap() calls
stream_ssl_set_ca_cert_file(ca_cert.file_name, true), which calls
update_ssl_config(&ca_cert, file_name), which calls
free(ca_cert.file_name) then xstrdup(ca_cert.file_name).
Fix the problem.
Reported-by: Cedric Hobbs <cedric@nicira.com>
Reported-by: Peter Balland <peter@nicira.com>
Ben Pfaff [Tue, 13 Apr 2010 17:30:28 +0000 (10:30 -0700)]
ovs-ofctl: Fix write before beginning of string in "add-flow".
If "action" is the first word in a flow specification, then we were writing
one byte before the beginning of the string. So overwrite the 'a' in
"action" instead; we know it's really there.
Reported-by: Ghanem Bahri <bahri.ghanem@gmail.com>
Ben Pfaff [Tue, 13 Apr 2010 22:08:37 +0000 (15:08 -0700)]
configure: Convert --with-l26=<dir> argument to absolute path.
If the argument to --with-l26 is given as a relative pathname, then if
configuration succeeds, the build will fail, because the current directory
during the kernel build is different from that at configuration time.
Avoid the problem by converting the argument to an absolute path if
necessary.
Ben Pfaff [Tue, 13 Apr 2010 23:50:31 +0000 (16:50 -0700)]
odp-util: Print bad action numbers in hexadecimal in format_odp_action().
Given that dpif.c clears action numbers to 0xcccc it can be much less
mystifying to see that instead of 52428.
Ben Pfaff [Tue, 13 Apr 2010 23:49:22 +0000 (16:49 -0700)]
dpif: Make dpif_flow_get() results predictable on error.
If dpif_flow_get()'s caller is less cautious than it should be, then it
will get surprising results when it looks at the returned flow on error.
This commit at least gives it plausible results.
Ben Pfaff [Tue, 13 Apr 2010 23:48:10 +0000 (16:48 -0700)]
ovs-dpctl: In "dump-flows", only print flows that can be retrieved.
If dpif_flow_get() returns an error then we'd better not try to print
the flow (especially not the actions since check_rw_odp_flow() clears
the first action to 0xcc).
Ben Pfaff [Fri, 9 Apr 2010 21:04:10 +0000 (14:04 -0700)]
ofproto: Maximum value of "int" is INT_MAX, not UINT32_MAX.
This bug seems to be dormant at the moment, since the -1 gets passed
through unchanged to do_send_packet_in() and then to make_packet_in()
and then gets converted to SIZE_MAX as part of the MIN invocation in that
function. It is still better to fix it.
Reported-by: Jean Tourrilhes <jt@hpl.hp.com>
Ben Pfaff [Tue, 13 Apr 2010 17:12:25 +0000 (10:12 -0700)]
ofproto: Make NXAST_RESUBMIT take header modifications into account.
Until now, the NXAST_RESUBMIT action has always looked up the original
flow except for the updated in_port. This commit changes the semantics to
instead look up the flow as modified by any preceding actions that affect
it, e.g. if OFPAT_SET_VLAN_VID precedes NXAST_RESUBMIT, then NXAST_RESUBMIT
now looks up the flow with the modified VLAN, not the original (as well as
the modified in_port).
Also, document how NXAST_RESUBMIT is supposed to work.
Suggested-by: Paul Ingram <paul@nicira.com>
Ben Pfaff [Fri, 9 Apr 2010 22:19:12 +0000 (15:19 -0700)]
ofproto: Copy the flow being translated in xlate_actions().
This change should have no user-visible effect, but it paves the way for
the following commit, which requires the action_xlate_ctx's flow to be
modifiable.
Ben Pfaff [Tue, 13 Apr 2010 16:28:13 +0000 (09:28 -0700)]
Make fatal signals cause an exit more promptly in special cases.
The fatal-signal library notices and records fatal signals (e.g. SIGTERM)
and terminates the process on the next trip through poll_block(). But
some special utilities do not always invoke poll_block() promptly, e.g.
"ovs-ofctl monitor" does not call poll_block() as long as OpenFlow messages
are available. But these special cases seem like they are all likely to
call into functions that themselves block (those with "_block" in their
names). So make a new rule that such functions should always call
fatal_signal_run(), either directly or through poll_block(). This commit
implements and documents that rule.
Bug #2625.
Justin Pettit [Mon, 12 Apr 2010 20:12:34 +0000 (13:12 -0700)]
xenserver: Fix ip_gre_mod modprobe issue in init script
The OVS kernel modules were moved to kernel/extra/openvswitch, but the
init script wasn't updated to look for the ip_gre_mod kernel module
there. This commit fixes that.
CC: Paul Ingram <paul@nicira.com>
Justin Pettit [Fri, 9 Apr 2010 15:10:34 +0000 (08:10 -0700)]
xenserver: Allow use first class datamodel field for controller IP
Starting in XenServer 5.6.0, a "vswitch_controller" key is available to
store the controller's IP address in the "pool" table of XAPI. Older
versions must still use the "vSwitchController" key in "other_config".
Based on commits 37fee7 and
0ebd737 from the xs5.7 branch written by
Ian Campbell.
Justin Pettit [Fri, 9 Apr 2010 07:40:18 +0000 (00:40 -0700)]
xenserver: Only register xsconsole plugin if OVS is running
The 5.6.0 XenServer release will include OVS but not have it enabled by
default. By only registering the xsconsole plugin on systems running OVS,
this plugin can be included in the main distribution.
Based on commit
0ebd737 from the xs5.7 branch written by Ian Campbell.
Justin Pettit [Thu, 8 Apr 2010 19:42:24 +0000 (12:42 -0700)]
xenserver: Do not raise XenAPIPlugin.Failure in xsconsole plugin
Do not raise XenAPIPlugin.Failure, it is not an exception xsconsole will
handle.
Based on commit fcc495 from the xs5.7 branch written by Ian Campbell.
Ben Pfaff [Wed, 7 Apr 2010 22:20:53 +0000 (15:20 -0700)]
vswitch: Fix documentation for network-uuids external ID in Bridge table.
Jeremy pointed out that this field is semicolon-delimited but we document
it as space-delimited. Fix the documentation.
Reported-by: Jeremy Stribling <strib@nicira.com>
Ben Pfaff [Thu, 18 Mar 2010 19:59:34 +0000 (12:59 -0700)]
ovsdb: Use port 6632 as a default port for database connections.
Until now we have required a port number to be specified explicitly for
database connections. This commit adopts port 6632 as a default.
Ben Pfaff [Thu, 18 Mar 2010 19:59:33 +0000 (12:59 -0700)]
vconn-stream: Factor out port defaults into public helper functions.
These functions will be used elsewhere in an upcoming commit.
Ben Pfaff [Thu, 18 Mar 2010 19:59:32 +0000 (12:59 -0700)]
stream: Generalize stream_open_block().
This change makes it possible to separate opening a stream from blocking on
connection completion. This avoids some code redundancy in an upcoming
commit.
Ben Pfaff [Wed, 24 Mar 2010 17:42:17 +0000 (10:42 -0700)]
ovs-controller: Document how to use with management protocol.
Ben Pfaff [Wed, 24 Mar 2010 17:14:39 +0000 (10:14 -0700)]
jsonrpc: Add support for passive connections.
This allows ovs-vsctl to work as a simple Open vSwitch "manager" if the
XenServer host is configured to connect to it remotely.
Ben Pfaff [Wed, 24 Mar 2010 20:09:38 +0000 (13:09 -0700)]
reconnect: Implement "passive mode".
This allows the reconnect library to support clients that want to listen
for an incoming connection.
Ben Pfaff [Tue, 23 Mar 2010 21:01:54 +0000 (14:01 -0700)]
reconnect: Get rid of unused state.
Nothing ever caused the reconnect FSM to transition to the S_START_CONNECT
state, so we might as well get rid of the code for it.
Ben Pfaff [Wed, 24 Mar 2010 00:19:36 +0000 (17:19 -0700)]
stream-ssl: Make it possible to avoid checking peer SSL certificate.
In Citrix XenServer, the hosts have SSL private keys and certificates, but
those certificates are not signed by any certificate authority. So we
must provide a way to avoid checking certificates against a CA if we want
other OVS tools to be able to talk to XenServer hosts over SSL. This
commit makes that possible.
Ben Pfaff [Tue, 23 Mar 2010 22:30:17 +0000 (15:30 -0700)]
stream: New functions stream_verify_name() and pstream_verify_name().
These functions can be useful for checking whether a given name is an
active or passive connection method.
The implementation is cut-and-paste from vconn_verify_name() and
pvconn_verify_name().
Ben Pfaff [Tue, 23 Mar 2010 22:29:10 +0000 (15:29 -0700)]
ovs-vsctl: Add SSL support.
Normally ovs-vsctl is run locally, with a Unix domain socket as target, but
it can be useful over SSL as well from a remote host, so this commit
enables that use.
Ben Pfaff [Tue, 23 Mar 2010 18:24:38 +0000 (11:24 -0700)]
ovs-controller: Add --unixctl option.
Ben Pfaff [Tue, 23 Mar 2010 18:22:42 +0000 (11:22 -0700)]
ovsdb-server: Document --unixctl option.
Ben Pfaff [Tue, 23 Mar 2010 18:21:34 +0000 (11:21 -0700)]
Fix hyphens in manpage.
Ben Pfaff [Fri, 9 Apr 2010 23:01:02 +0000 (16:01 -0700)]
stream-ssl: Read existing CA certificate more eagerly during bootstrap.
When do_ca_cert_bootstrap() attempts to bootstrap a CA certificate from a
remote host, it gives up if the CA certificate file already exists. It
knows that this file did not exist some time earlier (because it checked),
so it logged a warning and just returns. The next time that
stream_ssl_set_ca_cert_file() gets called, it will read the new CA
certificate file and all will be well.
That works OK in ovsdb-server, which calls stream_ssl_set_ca_cert_file()
every time through its main loop. It does not work well for ovs-vswitchd,
which only calls that function when it needs to reconfigure. But it
should work fine to call it directly from do_ca_cert_bootstrap(), so this
commit changes it to do that.
Bug #2635.
Justin Pettit [Sat, 10 Apr 2010 08:20:23 +0000 (01:20 -0700)]
print: Print mod_vlan_vid action in decimal
In a flow description, the VLAN VID was printed in hex, but an VLAN VID
modification would print the value in decimal. This commit consistently
prints the value in decimal.
CC: Paul Ingram <paul@nicira.com>
Justin Pettit [Sat, 10 Apr 2010 08:09:08 +0000 (01:09 -0700)]
ovs-ofctl: Allow setting cookie as a decimal or hex value
Clean-up a few items related to flow cookies:
- Allow setting the flow cookie as a hex or decimal string
- Consistently print the cookie in hex
- Document the ability to set the flow cookie in ovs-ofctl.
Ben Pfaff [Fri, 9 Apr 2010 20:54:37 +0000 (13:54 -0700)]
netdev: Allow recv, recv_wait, drain, send, send_wait to be null.
Suggested by partner.
Justin Pettit [Fri, 9 Apr 2010 00:53:58 +0000 (17:53 -0700)]
vswitch: Mark bridge_update_desc argument as unused
The implementation of bridge_update_desc() is empty, which causes a
compiler warning for the argument. Mark the argument unused until we
get a chance to fix the function's implementation.
Justin Pettit [Wed, 7 Apr 2010 21:51:18 +0000 (14:51 -0700)]
leak-checker: Document "--leak-limit" option
Justin Pettit [Wed, 7 Apr 2010 01:58:08 +0000 (18:58 -0700)]
xenserver: Put kernel modules in "extra" directory
This change cleans up a couple of items. First, it makes sure that our
newly installed kernel modules are picked up instead of any ones that
shipped with XenServer. Second, it prevents having to do the install
with "--nodeps".
Ian Campbell [Thu, 8 Apr 2010 14:00:21 +0000 (15:00 +0100)]
interface-reconfigure+vif: accept openvswitch in /etc/xensource/network.conf
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Justin Pettit [Tue, 6 Apr 2010 19:14:22 +0000 (12:14 -0700)]
vswitchd: Fix small memory leak in bridge_init
Justin Pettit [Tue, 6 Apr 2010 19:13:32 +0000 (12:13 -0700)]
xenserver: Remove stray "\" in spec file
Ben Pfaff [Tue, 6 Apr 2010 18:17:39 +0000 (11:17 -0700)]
dpif: Really don't log many dpif errors.
The comment here was out of touch with the actual definition. Limiting a
log message to 9999 per minute is not much of a limit!
I suspect that I turned this way up during initial development at some
point and forgot to turn it down to a reasonable level.
Justin Pettit [Tue, 6 Apr 2010 01:13:26 +0000 (18:13 -0700)]
xenserver: Don't install xsconsole plugin as symlink
The OVS xsconsole plugin used to be installed in
/usr/share/openvswitch/scripts directory and then a symlink was created
to the /usr/lib/xsconsole/plugins-base directory. The Citrix packaging of
OVS just placed it directly into the xsconsole plugin directory. This
worked fine until we renamed our package "openvswitch", which is the
same as Citrix uses.
On an upgrade, the default package handler would attempt to clean up files
that were in the Cirix packaging, but not in the upgraded package. Since
it didn't know that we had replaced their plugin with our symlink, it would
destroy our symlink.
This commit just places the plugin directly into the
/usr/lib/xsconsole/plugins-base directory, which allows us to seamlessly
upgrade to newer Open vSwitch versions.
Bug #2608
Justin Pettit [Thu, 1 Apr 2010 12:12:17 +0000 (05:12 -0700)]
xenserver: Minor spec file cleanups
Remove compiled InterfaceReconfigure byte code on uninstall. Also, fix
minor typo in error message.
Justin Pettit [Thu, 1 Apr 2010 12:11:42 +0000 (05:11 -0700)]
xenserver: Only rotate files that end in .log
Ben Pfaff [Mon, 5 Apr 2010 21:21:38 +0000 (14:21 -0700)]
vswitchd: Make the bond rebalancing interval user-configurable.
This may make some bond debugging problems easier. It also seems
reasonable to expose this parameter to the user.
Related to bug #2366.
Ben Pfaff [Mon, 5 Apr 2010 19:58:21 +0000 (12:58 -0700)]
ovs-vsctl: Allow setting arbitrary database columns in add-port, add-bond.
Ben Pfaff [Fri, 2 Apr 2010 22:12:42 +0000 (15:12 -0700)]
ofproto: Make OFPFC_MODIFY and OFPFC_MODIFY_STRICT add a flow if no match.
OpenFlow 1.0 says that OFPFC_MODIFY and OFPFC_MODIFY_STRICT are supposed
to add the specified flow to the flow table if it does not already contain
one that matches.
Reported-by: Natasha Gude <natasha@nicira.com>
Bug #2506.
Ben Pfaff [Mon, 5 Apr 2010 16:37:46 +0000 (09:37 -0700)]
ovs-ofctl: Add support for "resubmit" Nicira vendor extension.
CC: Paul Ingram <paul@nicira.com>
Justin Pettit [Thu, 1 Apr 2010 01:25:02 +0000 (18:25 -0700)]
debian: Updated templates.pot
The various fixes that were made earlier caused a new templates.pot file
to be generated.
Justin Pettit [Thu, 1 Apr 2010 01:09:23 +0000 (18:09 -0700)]
debian: Cleanup config template for Lintian
Lintian wants "boolean" to be used instead of "select" if there are only
two choices. It also wants short descriptions to not end in a period.
Justin Pettit [Thu, 1 Apr 2010 01:00:40 +0000 (18:00 -0700)]
debian: Clarify packages' purpose in description
Lintian was complaining about empty binary packages for nicira-switch
and openvswitch-pki. By clarifying that they are a "meta-package" or
"dependency package", it shuts Lintian up.
Justin Pettit [Thu, 1 Apr 2010 00:42:50 +0000 (17:42 -0700)]
debian: Add $remote_fs to Required-Start/-Stop field in init scripts
Init scripts that depend on items in /usr must have $remote_fs defined
in their Required-Start and Required-Stop fields. This will ensure that
/usr is mounted before a start or stop call is made.
Found by Lintian.
Justin Pettit [Thu, 1 Apr 2010 00:12:37 +0000 (17:12 -0700)]
Define IQ macro for SSL man page fragment
The ssl.man page uses the IQ macro, but doesn't define it. Usually this
doesn't matter since its already been defined by man page that's
including it. However, in a couple of cases it doesn't, so this cleans
that up.
Caught by Lintian.
Justin Pettit [Tue, 30 Mar 2010 09:10:37 +0000 (02:10 -0700)]
debian: Bring Debian packaging in-line with new file locations
This commit brings the Debian packaging in-line with the similar changes
that were made to XenServer in commit
bc39196.
Justin Pettit [Tue, 30 Mar 2010 00:06:19 +0000 (17:06 -0700)]
debian: Fix references to OpenFlow in ovs-switch-config template
The ovs-switch-config template had clearly not been updated since the
project switched from OpenFlow to Open vSwitch. This updates the
dialog's so they're consistent with the project's real name.
Justin Pettit [Mon, 29 Mar 2010 23:27:07 +0000 (16:27 -0700)]
ovs-monitor: Put run files in "/var/run/openvswitch"
Justin Pettit [Mon, 29 Mar 2010 22:21:48 +0000 (15:21 -0700)]
debian: Fix executable name of ovs-controller in init script
Ian Campbell [Thu, 1 Apr 2010 09:45:22 +0000 (10:45 +0100)]
xenserver: strip all alpha-suffixes from the xenserver build number.
The letter at the end of the build number indicates the site where the build
was done. All publicly released builds come from "p" but within Citrix we have
other suffixes (i.e. in Cambridge we get c).
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Justin Pettit [Tue, 30 Mar 2010 23:58:12 +0000 (16:58 -0700)]
xenserver: Add emergency_reset hook to XAPI plugin
There's a requirement that OVS can be put back into a known good state
remotely. This will be implemented as a function through the OVS XAPI
plugin. This commit only provides a hook for testing purposes. The
functionality will be added later.
Ben Pfaff [Tue, 30 Mar 2010 21:13:52 +0000 (14:13 -0700)]
xenserver: Add comment to XAPI plugin.
Ben Pfaff [Tue, 30 Mar 2010 16:02:06 +0000 (09:02 -0700)]
openvswitch-cfg-update: Fix "set-ssl" command arguments.
The SSL certificate and the private key are both in
/etc/xensource/xapi-ssl.pem, so it must be mentioned twice in the set-ssl
command invocation.
Bug accidentally introduced in commit
bc391960 "Cleanup default file
locations and XenServer packaging".
Reported-by: Peter Balland <peter@nicira.com>
Tested-by: Peter Balland <peter@nicira.com>
Ben Pfaff [Tue, 30 Mar 2010 16:45:48 +0000 (09:45 -0700)]
xenserver: updated xen-bugtool to XenServer trunk version.
The version of xen-bugtool include in openvswitch.git was forked long
ago from the xenserver version. Pull up to the version taken from
XenServer's trunk branch just after the integration of
22c75d593 from
openvswitch.git.
I tested that core and log files as well as ovs-dpctl {show,dump-flows}
and ovs-ofctl {show,dump-flows,status} are picked up correctly after the
big vswitch->openvswitch renaming.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Ian Campbell [Tue, 30 Mar 2010 08:34:29 +0000 (09:34 +0100)]
xenserver: gate all logrotate reopens on presence of a pid file
This probably only makes a difference in the case where you have vswitch
installed but (deliberately) not running _and_ you happen to have ovs-* logs big
enough to be worth rotating. Very much an edge case.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Justin Pettit [Sat, 27 Mar 2010 00:15:12 +0000 (17:15 -0700)]
xenserver: Don't reload ovs-brcompatd's log file if it's not running
Justin Pettit [Fri, 26 Mar 2010 23:46:44 +0000 (16:46 -0700)]
xenserver: Update MD5 sums of scripts for 5.5.900-29381p