Ben Pfaff [Wed, 4 Mar 2009 22:55:20 +0000 (14:55 -0800)]
secchan: Fix segfault when subrules are invalidated.
The subrules were being freed, but not removed from the classifier, so a
segfault would occur later when they were accessed during a lookup or
traversal.
Thanks to Dan and Natasha for the report and testcases.
Ben Pfaff [Wed, 4 Mar 2009 22:53:07 +0000 (14:53 -0800)]
secchan: Fix read-after-free error in OFPT_FLOW_MOD implementation.
Found via valgrind.
Ben Pfaff [Wed, 4 Mar 2009 22:52:18 +0000 (14:52 -0800)]
secchan: Fix segfault at startup due to uninitialized br_name member.
Ben Pfaff [Wed, 4 Mar 2009 21:20:47 +0000 (13:20 -0800)]
classifier: Test classifier_for_each_match().
Ben Pfaff [Wed, 4 Mar 2009 21:18:44 +0000 (13:18 -0800)]
classifier: Test exact-match flows also in test_many_rules_in_different_tables().
Ben Pfaff [Wed, 4 Mar 2009 21:08:45 +0000 (13:08 -0800)]
classifier: Style fix for test-classifier.
Line was too long.
Ben Pfaff [Wed, 4 Mar 2009 21:08:18 +0000 (13:08 -0800)]
classifier: In testing, don't put cls_rule at beginning of test_rule.
If we put cls_rule at the beginning of struct test_rule, then a cast is
sufficient to convert a pointer between the two, but we want to make sure
that we don't ever take that shortcut, because it is not valid in general.
Ben Pfaff [Wed, 4 Mar 2009 20:32:19 +0000 (12:32 -0800)]
classifier: Add tests for classifier_count(), classifier_count_exact().
Ben Pfaff [Wed, 4 Mar 2009 20:25:29 +0000 (12:25 -0800)]
classifier: Add tests for classifier_lookup_wild(), classifier_lookup_exact().
Ben Pfaff [Wed, 4 Mar 2009 21:26:19 +0000 (13:26 -0800)]
classifier: Allow classifier_for_each_match() callback to free the rule.
classifier_for_each_match() would segfault if the callback passed in
deleted and freed the rule in question, because it accessed the rule after
calling the callback. This commit should fix the problem.
Thanks to Natasha for reporting the problem.
Keith Amidon [Wed, 4 Mar 2009 18:58:53 +0000 (10:58 -0800)]
Work around header type clashes in Xen builds
Keith Amidon [Wed, 4 Mar 2009 18:58:31 +0000 (10:58 -0800)]
Remove unneeded header file that was breaking builds for Xen.
Ben Pfaff [Wed, 4 Mar 2009 18:16:04 +0000 (10:16 -0800)]
Distribute needed file that had been forgotten (fixes "make dist").
Ben Pfaff [Tue, 3 Mar 2009 22:24:12 +0000 (14:24 -0800)]
rconn: Make queued packet counting harder to screw up.
The semantics of the 'n_queued' parameter to rconn_send() and
rconn_send_with_limit() were too easy to screw up: if the memory area in
which the passed-in data lived was destroyed before the rconn was
destroyed, then rconn_destroy() (or simply flushing out the transmission
queue) would access invalid memory or, worse, decrement a random integer
in reused memory. It was possible to avoid this by destroying the rconn
before destroying the queue count data area, but this is difficult to
remember and not always possible in the general case.
This commit changes to using a reference-counted structure, which is harder
to get wrong.
Ben Pfaff [Tue, 3 Mar 2009 22:03:18 +0000 (14:03 -0800)]
datapath: Fix build on Linux 2.6.18 through 2.6.28.
Ben Pfaff [Tue, 3 Mar 2009 19:44:24 +0000 (11:44 -0800)]
vswitchd: Choose the bridge local port MAC address intelligently.
Fixes bug #928, "We should have a consistent model for representing the
nic/mac address to xenserver."
Ben Pfaff [Tue, 3 Mar 2009 19:34:52 +0000 (11:34 -0800)]
datapath: Allow datapath device MAC address to be changed while it is up.
vswitchd wants to do this, and I don't see a reason to disallow it.
Ben Pfaff [Tue, 3 Mar 2009 20:37:51 +0000 (12:37 -0800)]
netdev: New function netdev_nodev_set_etheraddr().
Ben Pfaff [Fri, 27 Feb 2009 23:48:39 +0000 (15:48 -0800)]
vswitch: Fix connection to a remote controller.
Without this change, vswitchd will kill secchan almost as soon as it
starts it, because it fails to recognize that it is connecting to a remote
controller instead of to vswitchd.
Ben Pfaff [Tue, 3 Mar 2009 21:39:23 +0000 (13:39 -0800)]
datapath: Fix build on 2.6.18 (both upstream and RHEL/Xen variants).
Ben Pfaff [Tue, 3 Mar 2009 01:30:32 +0000 (17:30 -0800)]
secchan: Make it possible to destroy an ofproto.
Ben Pfaff [Tue, 3 Mar 2009 00:52:55 +0000 (16:52 -0800)]
secchan: Implement OFPP_TABLE and NXAST_RESUBMIT actions.
Ben Pfaff [Tue, 3 Mar 2009 00:33:01 +0000 (16:33 -0800)]
secchan: Fix subrule revalidation.
When revalidating a subrule, we need to only match rules with wildcards.
Otherwise, a subrule will always match itself and we will explode.
Ben Pfaff [Mon, 2 Mar 2009 22:27:10 +0000 (14:27 -0800)]
secchan: Make secchan into a library.
Ben Pfaff [Mon, 2 Mar 2009 22:30:17 +0000 (14:30 -0800)]
datapath: Remove stray debugging printk.
Ben Pfaff [Mon, 2 Mar 2009 22:19:51 +0000 (14:19 -0800)]
vswitchd: Fix typo in comment.
Ben Pfaff [Mon, 2 Mar 2009 22:16:48 +0000 (14:16 -0800)]
secchan: Fix logging of datapath ID.
ofproto was logging the datapath ID passed in as part of its settings, but
that's allowed to be 0. Instead, it needs to log the datapath ID that is
actually in use.
Ben Pfaff [Mon, 2 Mar 2009 22:13:36 +0000 (14:13 -0800)]
vswitchd: Fix bad assumption about byte order of flow_t's "in_port".
In the big restructuring of secchan and the datapath, the "in_port"
member was changed from network byte order to host byte order, but vswitchd
hadn't quite caught up. This fixes the problem.
With this commit, at least the most basic use of vswitchd now works again.
Ben Pfaff [Mon, 2 Mar 2009 22:12:26 +0000 (14:12 -0800)]
vswitchd: Fix segfault when packet received on unknown port.
This problem and its fixed are independent of the recent secchan
restructuring (even though it turned out to be a good way to trigger it).
Ben Pfaff [Mon, 2 Mar 2009 22:09:19 +0000 (14:09 -0800)]
vswitchd: Don't pass --monitor to secchan.
The --monitor option was deleted from secchan, because it was intended for
monitoring the OpenFlow connection between secchan and the kernel. Since
secchan no longer uses OpenFlow to talk to the kernel, the option made
no sense.
Ben Pfaff [Mon, 2 Mar 2009 20:36:33 +0000 (12:36 -0800)]
netdev: Remove netdev_monitor, which is no longer used.
secchan now uses the dpifmon interface instead, which is more suited to
its purpose.
Ben Pfaff [Mon, 2 Mar 2009 21:42:44 +0000 (13:42 -0800)]
Refactor the OpenFlow implementation.
This new implementation has an architecture that is much more suited to
eventually getting pushed upstream into the Linux kernel, because it does
not do any OpenFlow processing in the kernel. Rather, we define a new
"datapath protocol" that secchan uses, via ioctl calls, to set up the
flow table in the kernel.
This implementation also should have much better performance with flows
that contain wildcards, since it uses a flow classifier that should be
much better than linear search in the cases that we suspect are important.
This release does contain some feature regressions; see the new file
MISSING at the root of the tree for more information. We will be fixing
these regressions over the next weeks and months.
This has not been tested much. It needs plenty of testing and QA before it
will be suitable for any kind of production environment. The vswitchd
changes, in particular, have not been tested at all and thus vswitchd is
likely to be broken.
Ben Pfaff [Mon, 2 Mar 2009 19:13:14 +0000 (11:13 -0800)]
vconn: Make check_ofp_message() return value more useful.
Ben Pfaff [Mon, 2 Mar 2009 19:12:33 +0000 (11:12 -0800)]
vconn: New function normalize_match().
Ben Pfaff [Mon, 2 Mar 2009 19:12:06 +0000 (11:12 -0800)]
vconn: New functions for validating and iterating over OpenFlow actions.
Ben Pfaff [Mon, 2 Mar 2009 20:51:08 +0000 (12:51 -0800)]
openflow.h: Add new error types and codes.
Ben Pfaff [Mon, 2 Mar 2009 20:50:54 +0000 (12:50 -0800)]
Add new "union ofp_action" to make working with actions easier.
Ben Pfaff [Mon, 2 Mar 2009 19:09:13 +0000 (11:09 -0800)]
vconn: New function check_ofp_packet_out().
Ben Pfaff [Mon, 2 Mar 2009 19:08:16 +0000 (11:08 -0800)]
New macro PORT_ARRAY_FOR_EACH.
Ben Pfaff [Mon, 2 Mar 2009 19:07:53 +0000 (11:07 -0800)]
vconn: Distinguish between parse errors and other messages in rate-limiting.
The vconn code wants to rate-limit errors, which there's not too much
point in reporting a lot of, from the log of all OpenFlow messages, which
are very important if we really want to log them at all. So use a
different rate-limiter for each category.
Ben Pfaff [Mon, 2 Mar 2009 18:49:40 +0000 (10:49 -0800)]
netdev: New function netdev_nodev_get_etheraddr().
Ben Pfaff [Mon, 2 Mar 2009 18:48:00 +0000 (10:48 -0800)]
netdev: New function netdev_set_advertisements().
The new implementation of the switch needs to do this from userspace.
Ben Pfaff [Mon, 2 Mar 2009 18:47:26 +0000 (10:47 -0800)]
netdev: Don't cache network device features.
The new implementation of secchan wants to get updates of network device
features by keeping a network device open for each port and checking its
features when notified of a port status change. This wouldn't work, since
the features were cached once at startup. This commit makes the netdev
code check the actual devices features on each call.
Also, generalizes do_ethtool() to be useful for other kinds of ethtool
operations.
Ben Pfaff [Mon, 2 Mar 2009 20:43:47 +0000 (12:43 -0800)]
netdev: Avoid some system calls in the common case in netdev_open().
The new secchan opens one netdev per OpenFlow port. We should be able to
handle this in the common case without one file descriptor per netdev
(because most netdev operations can be performed using a single AF_INET
socket). This change starts along that path by moving the operations
that are required only to receive netdev packets out of the common path.
Ben Pfaff [Mon, 2 Mar 2009 18:35:18 +0000 (10:35 -0800)]
netdev: Set *flagsp to 0 if flags cannot be obtained.
This interface is more convenient for some clients.
Ben Pfaff [Mon, 2 Mar 2009 20:41:25 +0000 (12:41 -0800)]
netdev: New function netdev_get_stats().
Ben Pfaff [Mon, 2 Mar 2009 18:52:05 +0000 (10:52 -0800)]
netdev: Fix typo in comment.
Ben Pfaff [Mon, 2 Mar 2009 18:30:00 +0000 (10:30 -0800)]
New function time_timeval().
Ben Pfaff [Mon, 2 Mar 2009 19:37:58 +0000 (11:37 -0800)]
Implement a flow classifier, plus tests.
Ben Pfaff [Mon, 2 Mar 2009 19:44:50 +0000 (11:44 -0800)]
New function and data structure for handling flow wildcards.
Ben Pfaff [Mon, 2 Mar 2009 21:42:04 +0000 (13:42 -0800)]
Generalize conversions between struct flow and struct ofp_match.
Ben Pfaff [Sat, 28 Feb 2009 00:54:38 +0000 (16:54 -0800)]
hash: Make hash function pieces available to other modules.
This way, modules that want to implement hash functions on their own terms,
for performance (e.g. the classifier), do not have to duplicate the code.
Ben Pfaff [Sat, 28 Feb 2009 00:55:30 +0000 (16:55 -0800)]
hmap: New function hmap_replace().
Ben Pfaff [Sat, 28 Feb 2009 00:55:54 +0000 (16:55 -0800)]
hmap: New function hmap_moved().
Ben Pfaff [Sat, 28 Feb 2009 00:47:47 +0000 (16:47 -0800)]
New function port_array_count().
Ben Pfaff [Fri, 30 Jan 2009 00:47:42 +0000 (16:47 -0800)]
Fix indentation error.
Ben Pfaff [Fri, 30 Jan 2009 00:47:03 +0000 (16:47 -0800)]
New function list_moved().
Ben Pfaff [Thu, 29 Jan 2009 00:39:16 +0000 (16:39 -0800)]
New function make_packet_out(), and reimplement helpers in terms of it.
Ben Pfaff [Wed, 28 Jan 2009 22:02:24 +0000 (14:02 -0800)]
secchan: Make hook_class structures const.
Ben Pfaff [Wed, 28 Jan 2009 20:18:33 +0000 (12:18 -0800)]
Make flow_print() print nw_proto. Print vlan in decimal.
Ben Pfaff [Mon, 2 Mar 2009 18:31:32 +0000 (10:31 -0800)]
Add comment.
Ben Pfaff [Wed, 28 Jan 2009 18:28:17 +0000 (10:28 -0800)]
New macro ALWAYS_INLINE to tell GCC that a function must be inlined.
Ben Pfaff [Tue, 27 Jan 2009 01:18:25 +0000 (17:18 -0800)]
Export network address mask logic in switch-flow.c for public use.
The flow classifier needs to do the same kinds of tests.
Ben Pfaff [Mon, 26 Jan 2009 18:33:14 +0000 (10:33 -0800)]
Avoid a "statement has no effect" warning from BUILD_ASSERT.
Ben Pfaff [Mon, 2 Mar 2009 19:15:50 +0000 (11:15 -0800)]
Delete empty file.
Ben Pfaff [Mon, 2 Mar 2009 20:51:57 +0000 (12:51 -0800)]
openflow.h: Fix typos in comments.
Ben Pfaff [Fri, 27 Feb 2009 00:20:00 +0000 (16:20 -0800)]
dpctl: Don't print trailing garbage in "dpctl status" output.
Ben Pfaff [Fri, 27 Feb 2009 00:19:39 +0000 (16:19 -0800)]
dpctl: Fix assertion failure when second argument given to "dpctl status".
Ben Pfaff [Fri, 30 Jan 2009 00:42:48 +0000 (16:42 -0800)]
datapath: Disallow action length 0, preventing DoS due to infinite loop.
Justin Pettit [Fri, 13 Feb 2009 18:36:44 +0000 (10:36 -0800)]
Support multiple NetFlow collectors.
Add support for sending NetFlow messages to up to eight different
collectors. With these changes, secchan now reads configuration files
using the same syntax as vswitchd. This address Redmine feature #901.
Ben Pfaff [Wed, 11 Feb 2009 23:32:46 +0000 (15:32 -0800)]
vswitch: Add startup and config files for the XenServer build.
Justin Pettit [Wed, 11 Feb 2009 23:23:23 +0000 (15:23 -0800)]
Check wildcards for in_port != out_port output validation. (udatapath)
OpenFlow requires that traffic that is to be sent out the interface it
came in on use the OFPP_IN_PORT virtual port. The action validation
code that enforces this ignored the wildcards field, which meant it was
using the garbage 'in_port' value for this check.
NB: This problem was addressed in the kernel datapath with commit
1b580f69f3dfacee49532f71abd72755a09eabd4.
Justin Pettit [Wed, 11 Feb 2009 23:10:36 +0000 (15:10 -0800)]
Fix minor typos in vswitch.conf.5 man page.
Ben Pfaff [Mon, 9 Feb 2009 17:57:53 +0000 (09:57 -0800)]
netdev: fix segfault in lookup_netdev().
svec_find() returns SIZE_MAX, not 0, when the specified name cannot be
found. Don't dereference the names array in this case.
Fixes a segfault that commonly occurred when secchan was started by
vswitchd.
Ben Pfaff [Fri, 6 Feb 2009 23:07:38 +0000 (15:07 -0800)]
vswitchd: Avoid 100% CPU when secchan dies too many times.
vswitchd restarts secchan when necessary, but it limits the maximum number
of tries to avoid wasting CPU when secchan repeatedly dies. Unfortunately,
when this happens it also throws vswitchd into a busy-wait by calling
process_wait() on the dead secchan process, because it doesn't clear out
the process from the bridge structure.
This commit clears out the secchan process from the bridge structure, so
that we don't attempt to wait on it any longer, and should fix the busy-wait
problem.
Ben Pfaff [Wed, 4 Feb 2009 18:54:32 +0000 (10:54 -0800)]
poll-loop: Add support for logging the reason for wakeups.
It is useful to log the reason for wakeups, to debug why a program is
waking up more often than it should (for example, consuming 100% CPU load
for no apparent reason). This adds that logging at DBG level in the
poll loop.
Ben Pfaff [Wed, 4 Feb 2009 18:51:09 +0000 (10:51 -0800)]
leak-checker: Break backtracing code into new module "backtrace".
This allows other code to use the backtracer too.
Ben Pfaff [Fri, 6 Feb 2009 17:16:35 +0000 (09:16 -0800)]
vswitchd: Add build number to --version output.
Ben Pfaff [Thu, 5 Feb 2009 17:28:54 +0000 (09:28 -0800)]
Add AC_SYS_LARGEFILE, to allow writing log files over 2 GB.
Justin Pettit [Wed, 4 Feb 2009 22:26:11 +0000 (14:26 -0800)]
Changed control protocol name to OpenFlow Management Protocol.
Justin Pettit [Wed, 4 Feb 2009 19:48:03 +0000 (11:48 -0800)]
First cut of OpenFlow control protocol draft specification.
Ben Pfaff [Tue, 3 Feb 2009 18:27:22 +0000 (10:27 -0800)]
Don't define skb_copy_{to,from}_linear_data_offset if it is available.
Linux 2.6.22 introduced functions skb_copy_from_linear_data_offset()
and skb_copy_to_linear_data_offset(). In earlier versions we defined them.
But Xen backports these functions, so this became a duplicate definition.
So check for them at configure time instead of depending on the kernel
version number.
Ben Pfaff [Mon, 2 Feb 2009 17:55:32 +0000 (09:55 -0800)]
datapath: Fix up checksum on Xen before forwarding to controller.
On Xen, the datapath can receive a packet that lacks a correct checksum
from a VM, because the VMs expect to use the host's hardware TX
checksumming. Until now, we haven't fixed up the checksum before we sent
the packet to the controller. The controller doesn't normally verify
the checksum (nor can it in general, since it doesn't necessarily get the
entire packet), so that part isn't a problem.
The problem here is in the buffered packet. fwd_save_skb() makes a copy
(not a clone) of the packet, but skb_copy() doesn't make a copy of the
skbuff's proto_csum_blank, which is what dev_queue_xmit() uses (via
skb_checksum_setup()) to decide whether checksumming needs to be forced.
Thus, the buffered packet is transmitted with a bad checksum.
A partial solution would be to copy proto_csum_blank from the original
skb into the buffered copy, or to make the buffers use clones instead of
copies (they really should do this anyhow). But this would still send
a bad checksum to the controller. So instead we do the full checksum
calculation before we send the packet to the controller.
This change affects only Xen. This situation cannot occur without Xen,
because any packets that arrive on physical interfaces must already have
correct checksums.
Ben Pfaff [Fri, 30 Jan 2009 18:58:50 +0000 (10:58 -0800)]
datapath: Move all fwd_save_skb() calls into a single location.
Justin Pettit [Mon, 26 Jan 2009 21:42:16 +0000 (13:42 -0800)]
Fix build issues with recent SNAT changes on older kernels.
Recent changes that fixed fragmented packets for SNAT-enabled builds
used calls not implemented in older kernels. These changes add those
calls to the compatibility layer and clean up a few warnings in those
older kernel builds.
Justin Pettit [Mon, 26 Jan 2009 20:45:56 +0000 (12:45 -0800)]
Move veth.c to Linux 2.6 compatibility directory.
The veth driver is only available on more recent kernels. veth.c
contains a port to 2.6.18. Since this is only needed for 2.6.18, the
source is being moved to the compatibility directory.
Justin Pettit [Mon, 26 Jan 2009 09:05:39 +0000 (01:05 -0800)]
For SNAT, don't store the pre-fragment L2 header before actions are applied.
The IP fragment code doesn't always write the L2 header when generating
new fragments. This problem was fixed in an earlier commit.
Unfortunately, we stored the pre-fragment L2 header when the packet
first arrived--before other packet modifications were applied. This
meant that the results of any OpenFlow L2 modification actions were lost.
This patch pushes the storage of the L2 header until right before the
packet is transmitted (and possibly refragmented).
Thanks to Dan for catching this behavior.
(cherry picked from commit
b4cd6fb07e0751832a22759e27c6ba63e3538c8b)
Ben Pfaff [Mon, 26 Jan 2009 17:56:11 +0000 (09:56 -0800)]
Add comment.
Thanks to Martin via DK for suggestion.
Justin Pettit [Sat, 24 Jan 2009 01:30:16 +0000 (17:30 -0800)]
Move setting Nicira datapath ID out of kernel.
When generating the datapath id/mac address for an OpenFlow device, the
kernel checks the DMI for a suitable one in a Nicira UUID. If one is
not found, then a random address is generated. This patch makes it so
that a random address is always generated. The DMI Nicira UUID check is
now done in the init script, which overrides the random address
generated when the datapath was created. Ripping code out of the kernel
is good.
Ben Pfaff [Fri, 23 Jan 2009 18:23:58 +0000 (10:23 -0800)]
Backport the veth driver to Linux 2.6.18. Build for that version only.
Ben Pfaff [Fri, 23 Jan 2009 01:10:47 +0000 (17:10 -0800)]
Make choices to build and to distribute modules independent of each other.
Ben Pfaff [Fri, 23 Jan 2009 00:58:31 +0000 (16:58 -0800)]
Eliminate unused second argument to OFP_CHECK_LINUX in configure scripts.
Ben Pfaff [Fri, 23 Jan 2009 00:51:58 +0000 (16:51 -0800)]
Ignore more files.
Ben Pfaff [Mon, 19 Jan 2009 19:00:50 +0000 (11:00 -0800)]
Add unit test for flow extraction.
This tests only flow_extract() in lib/flow.c. We should really test
the flow extraction in the kernel module also.
Ben Pfaff [Sat, 17 Jan 2009 01:18:20 +0000 (17:18 -0800)]
Add new function ofp_match_to_string() to ofp-print library.
Ben Pfaff [Sat, 17 Jan 2009 01:17:47 +0000 (17:17 -0800)]
Move flow_fill_match() from udatapath to lib, so that other code can use it.
Ben Pfaff [Mon, 19 Jan 2009 18:53:37 +0000 (10:53 -0800)]
Implement pcap file reader/writer library and use it in ofp_packet_to_string().
Ben Pfaff [Mon, 19 Jan 2009 18:53:03 +0000 (10:53 -0800)]
Fix minor bug in flow_extract().
We were treating 802.2 frames that were too short to have a SNAP header as
if they had a dl_type of 0, when really they were supposed to have a
dl_type of OFP_DL_TYPE_NOT_ETH_TYPE.
This bug probably didn't affect anything in practice, because it is very
unusual to have a 802.2 frame that is too short to have a SNAP header,
because any frame that goes over a physical wire will be padded out so
that it is longer than that.
Ben Pfaff [Wed, 7 Jan 2009 17:28:19 +0000 (09:28 -0800)]
Make port status change messages reliable.
Until now, port status change messages were sent out by the datapath
implementations and simply relayed by secchan. In the kernel
implementation, they were unreliable because they were sent out over the
multicast socket used for packet-in events: if many packet-in messages
arrived and filled up that socket's receive buffer, then any subsequent
port status change messages were dropped.
This change moves port status change detection from the datapath
implementations into secchan, making them reliable, by using a
netdev_monitor.
(An alternate implementation would have been to detect the socket
receive buffer overflow and poll the network devices. The current
implementation was chosen because it removes code from the datapaths,
which is the direction we want to move in for the future.)
Ben Pfaff [Wed, 7 Jan 2009 17:29:50 +0000 (09:29 -0800)]
netdev: Implement netdev_monitor, for monitoring network device status changes.