openvswitch
12 years agonetdev implementation for FreeBSD
Giuseppe Lettieri [Wed, 25 Jul 2012 20:51:05 +0000 (22:51 +0200)]
netdev implementation for FreeBSD

This patch adds new netdev classes that implement
"system" and "tap" devices on FreeBSD using the
libpcap library. This enables the use of the
"netdev" datapath_type of Open vSwitch on FreeBSD.

Signed-off-by: Gaetano Catalli <gaetano.catalli@gmail.com>
Signed-off-by: Ed Maste <emaste@adaranet.com>
Signed-off-by: Giuseppe Lettieri <g.lettieri@iet.unipi.it>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoNEWS: Document flow setup improvement in 1.7 release.
Justin Pettit [Mon, 23 Jul 2012 07:33:32 +0000 (00:33 -0700)]
NEWS: Document flow setup improvement in 1.7 release.

Also use consistent capitalization for "DSCP".

Signed-off-by: Justin Pettit <jpettit@nicira.com>
12 years agoFix "*tivty" typos.
Justin Pettit [Mon, 23 Jul 2012 07:24:30 +0000 (00:24 -0700)]
Fix "*tivty" typos.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
12 years agoMakefiles: Enable "dist-hook-git" check only when GNU make is in use.
Ben Pfaff [Wed, 25 Jul 2012 17:25:55 +0000 (10:25 -0700)]
Makefiles: Enable "dist-hook-git" check only when GNU make is in use.

Otherwise, it will always fail because the Makefile in datapath/linux
requires GNU make to generate the list of distributed files.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Reported-by: Ed Maste <emaste@freebsd.org>
12 years agoconfigure: Fix check for GNU make $(if) extension.
Ben Pfaff [Wed, 25 Jul 2012 17:28:38 +0000 (10:28 -0700)]
configure: Fix check for GNU make $(if) extension.

As it turns out, the argument to AC_CONFIG_COMMANDS_PRE gets copied into
config.status whether or not it gets run by the shell at "configure" time,
defeating my attempt to support non-GNU make here.

Reported-by: Ed Maste <emaste@freebsd.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoMakefile: Mark dist-hook-git and rate-limit-check as phony rules.
Ben Pfaff [Wed, 25 Jul 2012 16:56:53 +0000 (09:56 -0700)]
Makefile: Mark dist-hook-git and rate-limit-check as phony rules.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agometa-flow: Fix "sparse" warning in mf_are_prereqs_ok().
Ben Pfaff [Tue, 24 Jul 2012 22:43:27 +0000 (15:43 -0700)]
meta-flow: Fix "sparse" warning in mf_are_prereqs_ok().

This fixes the following warning from "sparse":

meta-flow.c:830:31: warning: incorrect type in return expression (different
base types)
meta-flow.c:830:31:    expected bool
meta-flow.c:830:31:    got restricted __be16

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofproto-dpif: Add more details to "ofproto/trace" output.
Ben Pfaff [Tue, 24 Jul 2012 20:06:44 +0000 (13:06 -0700)]
ofproto-dpif: Add more details to "ofproto/trace" output.

There are many reasons why OFPP_NORMAL translation can drop packets, and
it's often far from obvious why.  This should make it easier to debug.

Bug #12618.
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoFix race condition in parallel execution of "make install".
Ben Pfaff [Mon, 23 Jul 2012 16:54:16 +0000 (09:54 -0700)]
Fix race condition in parallel execution of "make install".

ovs-vsctl is listed, incorrectly, in both bin_PROGRAMS and bin_SCRIPTS.
This meant that "make install" with the -j option could try to install
ovs-vsctl two times in parallel, a race that occasionally caused a build
failure, e.g.:
http://buildd.debian.org/status/fetch.php?pkg=openvswitch&arch=s390&ver=1.4.2%2Bgit20120612-5&stamp=1342851603

Debian bug #682384.
CC: 682384@bugs.debian.org
Reported-by: Bastian Blank <waldi@debian.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agovswitch.xml: Fix typo in documentation.
Ben Pfaff [Mon, 23 Jul 2012 17:31:40 +0000 (10:31 -0700)]
vswitch.xml: Fix typo in documentation.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoovs-ofctl: Avoid printing false differences on "ovs-ofctl diff-flows".
Ben Pfaff [Mon, 23 Jul 2012 17:16:31 +0000 (10:16 -0700)]
ovs-ofctl: Avoid printing false differences on "ovs-ofctl diff-flows".

It is possible for "struct ofpact"s to differ bytewise even if they are
equivalent when converted to another representation, such as OpenFlow 1.0
action format or a string representation.  This can cause "ovs-ofctl
diff-flows" to print surprising false "differences", e.g. as in the bug
report:

    - actions=resubmit(,1)
    + actions=resubmit(,1)

This commit fixes the problem by comparing not just the ofpacts but also
the string representation and printing a difference only if both differ.

Bug #8899.
Reported-by: Luca Giraudo <lgiraudo@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoOXM: Add tests for masked VLAN VID match
Simon Horman [Mon, 23 Jul 2012 06:33:16 +0000 (23:33 -0700)]
OXM: Add tests for masked VLAN VID match

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agotests: OXM VLAN match encoding and decoding
Simon Horman [Mon, 23 Jul 2012 02:36:46 +0000 (11:36 +0900)]
tests: OXM VLAN match encoding and decoding

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoOXM: Add VLAN VID as a prerequisite for VLAN PCP
Simon Horman [Mon, 23 Jul 2012 02:36:44 +0000 (11:36 +0900)]
OXM: Add VLAN VID as a prerequisite for VLAN PCP

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoOXM: Add encoding of VLAN VID and VLAN PCP
Simon Horman [Mon, 23 Jul 2012 02:36:43 +0000 (11:36 +0900)]
OXM: Add encoding of VLAN VID and VLAN PCP

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agometa-flow: Add OF1.2-like MFF_VLAN_VID and MFF_VLAN_PCP.
Ben Pfaff [Mon, 23 Jul 2012 06:20:22 +0000 (23:20 -0700)]
meta-flow: Add OF1.2-like MFF_VLAN_VID and MFF_VLAN_PCP.

OpenFlow 1.0 and 1.2 have notions of VLAN that are different
enough to warrant separate "meta-flow" fields, which this commit
adds.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Simon Horman <horms@verge.net.au>
12 years agoflow: Rename flow_set_vlan_vid() to flow_set_dl_vlan().
Ben Pfaff [Mon, 23 Jul 2012 05:42:55 +0000 (22:42 -0700)]
flow: Rename flow_set_vlan_vid() to flow_set_dl_vlan().

This function is specific to the OF1.0 dl_vlan field, so name it
consistently.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Simon Horman <horms@verge.net.au>
12 years agometa-flow: Rename MFF_VLAN_VID->MFF_DL_VLAN, MFF_VLAN_PCP->MFF_DL_VLAN_PCP.
Ben Pfaff [Mon, 23 Jul 2012 06:36:41 +0000 (23:36 -0700)]
meta-flow: Rename MFF_VLAN_VID->MFF_DL_VLAN, MFF_VLAN_PCP->MFF_DL_VLAN_PCP.

Giving these fields names that are the same as the OpenFlow 1.0 struct
member names should help make it clear what they are for.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Simon Horman <horms@verge.net.au>
12 years agoofp-util: Add OFPUTIL_P_OF12 and NXFF_OPENFLOW12
Simon Horman [Mon, 23 Jul 2012 04:14:41 +0000 (21:14 -0700)]
ofp-util: Add OFPUTIL_P_OF12 and NXFF_OPENFLOW12

Add OFPUTIL_P_OF12 and NXFF_OPENFLOW12 for Open Flow 1.2

OFPUTIL_P_OF12_TID and in turn OFPUTIL_P_OF12_ANY is not provided as
OFPUTIL_P_OF12 supports the use of table ids in modify flow messages.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agodebian: Remove controller keys on openvswitch-controller package purge.
Ben Pfaff [Fri, 20 Jul 2012 20:15:36 +0000 (13:15 -0700)]
debian: Remove controller keys on openvswitch-controller package purge.

A Debian package is expected to remove all its configuration files (which
includes all files in /etc) when it is purged, but the
openvswitch-controller package wasn't doing that.  This fixes the problem.

Debian bug #682187.
CC: 682187@bugs.debian.org
Reported-by: Andreas Beckmann <debian@abeckmann.de>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agotests: Remove bit-rotted support for "lcov".
Ben Pfaff [Fri, 20 Jul 2012 17:49:06 +0000 (10:49 -0700)]
tests: Remove bit-rotted support for "lcov".

At one point I got the "lcov" utilities to work well with OVS.  Then I
didn't try to use them again for a year or so, and when I did I found that
it didn't work at all.  I wasn't able to fix the problem easily, so it
seems better to remove the feature than to leave around broken code.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agotests: Remove daemon tests that have been skipped forever.
Ben Pfaff [Fri, 20 Jul 2012 17:38:50 +0000 (10:38 -0700)]
tests: Remove daemon tests that have been skipped forever.

The daemon code works fine, these tests didn't.  No one has debugged them
over a period of years so we might as well remove them.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-print: Print the type of truncated messages, when available.
Ben Pfaff [Wed, 23 May 2012 16:33:22 +0000 (09:33 -0700)]
ofp-print: Print the type of truncated messages, when available.

The function ofputil_decode_msg_type_partial() can figure out the type of
a truncated OpenFlow message, if the message is long enough that its type
can be determined, so we should print this information.   This is
especially valuable for printing OFPT_ERROR messages, in which the inner
OpenFlow message is often truncated to 64 bytes.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agocfm: Clear RDI on new CFM configurations.
Ethan Jackson [Fri, 20 Jul 2012 20:07:49 +0000 (13:07 -0700)]
cfm: Clear RDI on new CFM configurations.

When CFM is first configured, it detects no remote endpoints, and
thus sets RDI on its CCMs.  This can cause the receiver of these
CCMs to think there is a problem when really things are simply
initializing.  This patch fixes the issue by not setting the RDI
bit in CCMs until at least one fault interval has passed.

Bug #12610.
Reported-by: Paul Ingram <paul@nicira.com>
Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agocfm: Improve logging.
Ethan Jackson [Thu, 19 Jul 2012 03:39:54 +0000 (20:39 -0700)]
cfm: Improve logging.

This patch makes a two improvements to CFM logging which should
make debugging connectivity problems a bit more intuitive.  First,
when a remote_mp disappears, the length of time since its last CCM
reception is logged.  Second, the "CFM fault status changed"
message is reformatted in a more intuitive way.  Instead of
prefixing additions and deletions with pluses and minuses, the full
old fault status and new fault status are logged.

Requested-by: Ben Basler <bbasler@nicira.com>,
Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agonetdev-vport: Warn about invalid TOS.
Ben Pfaff [Fri, 20 Jul 2012 17:24:50 +0000 (10:24 -0700)]
netdev-vport: Warn about invalid TOS.

Otherwise the kernel will reject it later and the result is no tunnel,
whereas a tunnel with an unexpected TOS seems like a better result.

Bug #12566.
Reported-by: Luca Giraudo <lgiraudo@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agotests: Add more tests for VLAN match encoding and decoding.
Ben Pfaff [Fri, 20 Jul 2012 05:17:10 +0000 (22:17 -0700)]
tests: Add more tests for VLAN match encoding and decoding.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Simon Horman <horms@verge.net.au
12 years agoovs-bugtool: Added --ovs option to get only ovs related information
Arun Sharma [Thu, 19 Jul 2012 06:50:03 +0000 (23:50 -0700)]
ovs-bugtool: Added --ovs option to get only ovs related information

Option --ovs is added for ovs-bugtool command to collect
only OpenvSwitch relevant information. To perform
filtering in plugins, a new xml attribute filters="ovs" (optional)
would be required in element 'command','files','directory' in
openvswitch.xml. Value of 'filters' attribute will be compared
with filtering option in load_plugins to get all relevant operation
to collect information. If no "--ovs" option is passed then it will
behave as earlier.

Fixed an issue which occurs in scenario where option '--yestoall'
is not passed and user keeps entering "y" or "n" on prompt.

Plus, trailing whitespaces are fixed. White space before '=' and
after in function def and call is also fixed.

Signed-off-by: Arun Sharma <arun.sharma@calsoftinc.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoOXM: Allow masking of ARP SHA and THA
Simon Horman [Thu, 19 Jul 2012 16:21:49 +0000 (09:21 -0700)]
OXM: Allow masking of ARP SHA and THA

Signed-off-by: Simon Horman <horms@verge.net.au>
[blp@nicira.com added NEWS, updated a few overlooked meta-flow bits]
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agometa-flow: Fix mf_get_mask() bug for IPv6 flow label.
Ben Pfaff [Thu, 19 Jul 2012 16:20:49 +0000 (09:20 -0700)]
meta-flow: Fix mf_get_mask() bug for IPv6 flow label.

Commit 32455024 (OXM: Allow masking of IPv6 Flow Label) made the flow label
maskable but did not update mf_get_mask() accordingly.

CC: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoclassifier: Add helpers for setting ethernet addresses
Simon Horman [Wed, 18 Jul 2012 03:02:20 +0000 (12:02 +0900)]
classifier: Add helpers for setting ethernet addresses

Add helpers for setting ethernet addresses.
This patch makes use of them for setting the dl_src and dl_dst
addresses. A subsequent patch will also use them for arp_sha and arp_tpa.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoOXM: Allow masking of IPv6 Flow Label
Simon Horman [Wed, 18 Jul 2012 03:02:19 +0000 (12:02 +0900)]
OXM: Allow masking of IPv6 Flow Label

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agotests: Avoid hash order sensitivity in "ofproto - flow monitoring" test.
Ben Pfaff [Thu, 19 Jul 2012 15:42:21 +0000 (08:42 -0700)]
tests: Avoid hash order sensitivity in "ofproto - flow monitoring" test.

The order in which flows appear in an NXST_FLOW_MONITOR reply depends on
the hash order, which makes it depend on the details of the hash and on
system endianness.  This avoids sensitivity to the order by sorting the
results.

Reported-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agonx-match: Improve log message in nx_entry_ok().
Ben Pfaff [Thu, 19 Jul 2012 07:15:35 +0000 (00:15 -0700)]
nx-match: Improve log message in nx_entry_ok().

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agonx-match: Succeed pulling 0-byte nx-match from NULL buffer.
Ben Pfaff [Thu, 19 Jul 2012 07:15:19 +0000 (00:15 -0700)]
nx-match: Succeed pulling 0-byte nx-match from NULL buffer.

I don't think this corner case can come up in a real OpenFlow message,
because the presence of the OpenFlow header guarantees that the ofpbuf's
data is nonnull, but it did in a simple test that is coming up in a few
commits.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agobridge: Segfault when missing Open vSwitch table.
Ethan Jackson [Wed, 18 Jul 2012 17:56:21 +0000 (10:56 -0700)]
bridge: Segfault when missing Open vSwitch table.

The enable_system_stats() function calls smap_get_bool() on the
ovsrec_open_vswitch passed to it.  This was segmentation faulting
when 'null_cfg' defined in bridge_reconfigure() was used because
there was no Open vSwitch table.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agosystem-stats: Run as part of worker process.
Ben Pfaff [Wed, 18 Jul 2012 17:59:52 +0000 (10:59 -0700)]
system-stats: Run as part of worker process.

The stats gathering can be time-consuming in some cases, so it's better to
do it in the worker process.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agosystem-stats: Use "smap" instead of "shash".
Ben Pfaff [Wed, 18 Jul 2012 17:51:02 +0000 (10:51 -0700)]
system-stats: Use "smap" instead of "shash".

"smap" is now the appropriate data structure for a string-to-string map.

Also changes ovsdb_datum_from_shash() into ovsdb_datum_from_smap() since
system-stats related code was the only client.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agosmap: New function smap_steal().
Ben Pfaff [Wed, 27 Jun 2012 18:06:10 +0000 (11:06 -0700)]
smap: New function smap_steal().

An upcoming commit will add a caller.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agosmap: New functions smap_from_json(), smap_to_json().
Ben Pfaff [Wed, 23 May 2012 00:12:22 +0000 (17:12 -0700)]
smap: New functions smap_from_json(), smap_to_json().

These will acquire a caller in an upcoming commit.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agovlog: Use worker process to write to log file.
Ben Pfaff [Wed, 27 Jun 2012 17:42:34 +0000 (10:42 -0700)]
vlog: Use worker process to write to log file.

Writes to regular files under Unix-like kernels, including Linux, typically
block until the write is complete, regardless of O_NONBLOCK.  When the I/O
subsystem is busy, this can cause indefinite delays.  We have actually
observed "write" calls sleep for 5 seconds or more for this reason.

Delegating to a subprocess through the worker mechanism should solve the
problem.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agovlog: Use system calls instead of stdio to write log files.
Ben Pfaff [Mon, 21 May 2012 17:44:20 +0000 (10:44 -0700)]
vlog: Use system calls instead of stdio to write log files.

This will be easier to deal with in an upcoming commit that will use a
subprocess to do asynchronous log I/O.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoworker: New library for breaking a daemon into multiple processes.
Ben Pfaff [Wed, 27 Jun 2012 17:40:50 +0000 (10:40 -0700)]
worker: New library for breaking a daemon into multiple processes.

ovs-vswitchd is effectively a "soft real-time" process, because flows that
do not get set up quickly lead to packet loss or retransmission.  We've
done our best to keep it from blocking unnecessarily, but some operations
unavoidably block.  This new library allows a daemon to break itself up
into a main process and a worker process, connected by an RPC channel,
with the idea being that the main process will delegate any possibly
blocking operations to the worker.

This commit also modifies ovs-vswitchd to start a worker process, but it
does not actually introduce any uses for the worker process.  Upcoming
commits will add those.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agovlog: Add VLOG_ABORT() to log and call abort().
Ben Pfaff [Tue, 22 May 2012 18:36:50 +0000 (11:36 -0700)]
vlog: Add VLOG_ABORT() to log and call abort().

Whereas VLOG_FATAL() eventually calls exit(1), VLOG_ABORT()
eventually calls abort().  The key difference is that abort()
will cause a "monitor" process to restart, where exit(1) will
cause it to exit along with the monitored process.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agodaemon: Factor out code into new function daemonize_post_detach().
Ben Pfaff [Mon, 21 May 2012 18:08:59 +0000 (11:08 -0700)]
daemon: Factor out code into new function daemonize_post_detach().

This code will have another user in an upcoming commit.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agodaemon: Factor out code into new function fork_and_wait_for_startup().
Ben Pfaff [Mon, 21 May 2012 18:08:13 +0000 (11:08 -0700)]
daemon: Factor out code into new function fork_and_wait_for_startup().

This function will be useful in an upcoming commit.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoutil: Introduce "subprogram_name" to identify subprocesses and threads.
Ben Pfaff [Wed, 18 Jul 2012 17:30:47 +0000 (10:30 -0700)]
util: Introduce "subprogram_name" to identify subprocesses and threads.

This will be more useful later when we introduces "worker" subprocesses.
I don't have any current plans to introduce threading, but I can't
think of a disadvantage to wording this in a general manner.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agosocket-util: Add functions for sending fds over Unix domain sockets.
Ben Pfaff [Thu, 14 Jun 2012 16:46:18 +0000 (09:46 -0700)]
socket-util: Add functions for sending fds over Unix domain sockets.

These will be used in upcoming commits.

This commit also adds corresponding definitions to the "sparse" header,
so that sparse still works.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agosocket-util: New function xset_nonblocking().
Ben Pfaff [Mon, 14 May 2012 21:40:06 +0000 (14:40 -0700)]
socket-util: New function xset_nonblocking().

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agosocket-util: Remove 'passcred' parameter from make_unix_socket().
Ben Pfaff [Mon, 14 May 2012 21:32:14 +0000 (14:32 -0700)]
socket-util: Remove 'passcred' parameter from make_unix_socket().

Nothing in the tree ever tries to send or receive credentials over a Unix
domain socket so there's no point in configuring them to be received.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agodebian: Do not change iptables rules by default.
Ben Pfaff [Fri, 13 Jul 2012 06:08:45 +0000 (23:08 -0700)]
debian: Do not change iptables rules by default.

Debian kernel maintainer Bastian Blank writes, at
http://bugs.debian.org/680537:

   The netfilter rules are a shared resource. There is no synchronization,
   so the admin have the last word. As kernel maintainer, I see it similar
   to a configuration file, so Â§10.7 policy applies.

   The purpose of openvswitch is to provide support for switching, not to
   setup filter rules. This means it violates the principle of least
   surprise.

I believe that the argument by analogy to configuration files is weak,
given that the Debian policy section in question is very specifically about
files, not about general principles.  On the other hand, Debian does not
install any firewall by default, so the presence of a rule that blocks GRE
traffic is a sign that the administrator has taken an explicit action to
install a firewall that blocks GRE, and therefore it is rather rude to
override this.  Therefore, this patch simply turns off this behavior on
Debian, given that in ordinary Debian installations it will have no
adverse effect on Open vSwitch.

Debian bug #680537.
CC: 680537@bugs.debian.org
Reported-by: Bastian Blank <waldi@debian.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Simon Horman <horms@verge.net.au>
12 years agoofproto-dpif: Make OFPP_TABLE always resubmit to table 0.
Ben Pfaff [Wed, 18 Jul 2012 17:10:20 +0000 (10:10 -0700)]
ofproto-dpif: Make OFPP_TABLE always resubmit to table 0.

Commit 299016266ed1 (New action NXAST_RESUBMIT_TABLE.) changed OFPP_TABLE
from resubmitting to table 0 to resubmitting to the current table.  This
wasn't mentioned in the change log and I believe it was a typo.  This
commit changes the behavior back.

This isn't a very serious bug because OpenFlow 1.0 says that OFPP_TABLE is
supposed to be used only in packet-out messages, in which case the current
table is 0 anyhow.

OpenFlow 1.3 is explicit:

    The action list of an OFPT_PACKET_OUT message can also specify the
    OFPP_TABLE reserved port as an output action to process the packet
    through the existing flow entries, starting at the first flow table.

Reported-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-actions: simplify ofpacts_from_openflow1[01]
Isaku Yamahata [Wed, 18 Jul 2012 11:41:15 +0000 (20:41 +0900)]
ofp-actions: simplify ofpacts_from_openflow1[01]

Those logic is same, so simplify it. This will be also use for OF12.

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoINSTALL.userspace: Explain how and why to use iptables to drop packets.
Ben Pfaff [Mon, 16 Jul 2012 22:13:22 +0000 (15:13 -0700)]
INSTALL.userspace: Explain how and why to use iptables to drop packets.

Reported-by: Ed Maste <emaste@freebsd.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofproto: More vlan tests
Simon Horman [Wed, 18 Jul 2012 01:47:56 +0000 (10:47 +0900)]
ofproto: More vlan tests

I'm not sure if this is the best place for this, but exercising
adding flows with dl_vlan and dl_vlan_pcp in this matter helped
my to find some bugs in changes that I am working on in relation
to the OpenFlow VLAN match.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agotests: Add detailed test for OF1.0 match decoding and encoding.
Ben Pfaff [Tue, 17 Jul 2012 16:39:23 +0000 (09:39 -0700)]
tests: Add detailed test for OF1.0 match decoding and encoding.

This follows the form of the OF1.1 match decoding and encoding test that I
wrote a while back, which seems to be a good form to use.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Tested-by: Simon Horman <horms@verge.net.au>
12 years agoofp-util: Wildcard VLAN PCP in OF1.0 matches when 802.1Q not present.
Ben Pfaff [Tue, 10 Jul 2012 06:45:25 +0000 (23:45 -0700)]
ofp-util: Wildcard VLAN PCP in OF1.0 matches when 802.1Q not present.

When an output OF1.0 match uses OFP_VLAN_NONE to match only when the 802.1Q
header is not present, it is somewhat contradictory to specify any value
for the VLAN PCP, since none can be present without an 802.1Q header, but
the match output by Open vSwitch did so.  This fixes it.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Tested-by: Simon Horman <horms@verge.net.au>
12 years agoofp-actions: Improve action error logging a bit more.
Ben Pfaff [Thu, 12 Jul 2012 19:29:40 +0000 (12:29 -0700)]
ofp-actions: Improve action error logging a bit more.

Commit 0c449c5683a improved action error logging for one case, but we might
as well do it for the other case too.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agotests: Fix unit test failures related to additional logging.
Ethan Jackson [Tue, 17 Jul 2012 17:07:36 +0000 (10:07 -0700)]
tests: Fix unit test failures related to additional logging.

Commit a890678229 (userspace: Log version on startup.) added
additional logging to ovsdb-server and ovs-vswitchd, but failed to
make certain the unit tests still passed.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
[blp@nicira.com changed the strategy for fixing ovsdb-server.at]
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoovsdb-server, ovs-vswitchd: Log version after daemonize_complete().
Ethan Jackson [Tue, 17 Jul 2012 16:28:08 +0000 (09:28 -0700)]
ovsdb-server, ovs-vswitchd: Log version after daemonize_complete().

This fixes unit tests, and generally seems more correct.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
[blp@nicira.com added the change to ovs-vswitchd]
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofproto: Fix compiler warnings.
Ethan Jackson [Tue, 17 Jul 2012 16:28:06 +0000 (09:28 -0700)]
ofproto: Fix compiler warnings.

This patch fixes the following warnings on my system:

lib/ofp-actions.c:458:13: error: format '%x' expects argument of
type 'unsigned int', but argument 4 has type 'long unsigned int'
[-Werror=format]

ofproto/ofproto.c:3940:13: error: comparison between 'enum
ofoperation_type' and 'enum nx_flow_update_event'
[-Werror=enum-compare]

ofproto/ofproto.c:3941:13: error: comparison between 'enum
ofoperation_type' and 'enum nx_flow_update_event'
[-Werror=enum-compare]

ofproto/ofproto.c:3942:13: error: comparison between 'enum
ofoperation_type' and 'enum nx_flow_update_event'
[-Werror=enum-compare]

Signed-off-by: Ethan Jackson <ethan@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoOXM, NXM: Add tests for all zero and all one masks
Simon Horman [Tue, 17 Jul 2012 08:27:06 +0000 (17:27 +0900)]
OXM, NXM: Add tests for all zero and all one masks

The motivation for this is that I was looking into some
bugs relating to masking of match code that I was developing
and it seemed that having these tests would be worthwhile.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agouserspace: Log version on startup.
Ethan Jackson [Fri, 13 Jul 2012 20:10:01 +0000 (13:10 -0700)]
userspace: Log version on startup.

It's convenient to have the OVS version directly in the logs so one
doesn't have to go digging through ovs-bugtool output to find it.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
12 years agodatapath: fix typo in README
Leo Alterman [Tue, 17 Jul 2012 00:26:10 +0000 (17:26 -0700)]
datapath: fix typo in README

Signed-off-by: Leo Alterman <lalterman@nicira.com>
12 years agoPrepare for post-1.8.0 (1.8.90).
Justin Pettit [Mon, 16 Jul 2012 23:49:00 +0000 (16:49 -0700)]
Prepare for post-1.8.0 (1.8.90).

Signed-off-by: Justin Pettit <jpettit@nicira.com>
12 years agoPrepare for 1.8.
Justin Pettit [Mon, 16 Jul 2012 23:47:08 +0000 (16:47 -0700)]
Prepare for 1.8.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
12 years agoofp-actions: Improve comments.
Ben Pfaff [Mon, 16 Jul 2012 16:37:22 +0000 (09:37 -0700)]
ofp-actions: Improve comments.

Reported-by: Joe Stringer <joe@wand.net.nz>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoovs-ofctl: Fix use-after-free error.
Ben Pfaff [Mon, 16 Jul 2012 17:23:58 +0000 (10:23 -0700)]
ovs-ofctl: Fix use-after-free error.

Commit 4ce9c31573 (ovs-ofctl: Factor code out of read_flows_from_switch().)
introduced a use-after-free error, fixed by this change.

Also adds a unit test for "ovs-ofctl diff-flows" that would have found the
problem.  (The bug report cited "diff-flows" but this bug was present in
dump-flows as well because they share common code.)

Bug #12461.
Reported-by: James Schmidt <jschmidt@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofproto: fix typo in documentation.
Gurucharan Shetty [Mon, 16 Jul 2012 16:37:40 +0000 (09:37 -0700)]
ofproto: fix typo in documentation.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
12 years agomemory: Document the memory/show unixctl command.
Ben Pfaff [Fri, 13 Jul 2012 17:25:27 +0000 (10:25 -0700)]
memory: Document the memory/show unixctl command.

Suggested-by: Justin Pettit <jpettit@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agolib: Define OVSP_NONE in a more clear way
Zoltan Kiss [Thu, 12 Jul 2012 17:24:17 +0000 (18:24 +0100)]
lib: Define OVSP_NONE in a more clear way

The value represented by the macro would stay exactly the same, just become obvious.

Signed-off-by: Zoltan Kiss <zoltan.kiss@citrix.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoovs-ofctl: Avoid use-after-free upon "ofctl/unblock" when connection dies.
Ben Pfaff [Thu, 12 Jul 2012 23:32:56 +0000 (16:32 -0700)]
ovs-ofctl: Avoid use-after-free upon "ofctl/unblock" when connection dies.

The implementation of "ofctl/block" used a nested poll loop, with an inner
call to unixctl_server_run().  This poll loop always ran inside an outer
call to unixctl_server_run(), since that's the context within which unixctl
command implementations run.  That means that, if a unixctl connection got
closed within the inner poll loop, and the outer poll loop happened to be
processing the same unixctl connection, then the outer poll loop would
dereference data in the freed connection.

The simplest solution is to avoid a nested poll loop, so that's what this
commit does.

This didn't cause a failure in the unit tests on i386 (which is why I
didn't catch it before pushing) but it did, reliably, on x86-64, and it
showed up in valgrind everywhere.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoAdd Tadaaki Nagao to AUTHORS.
Jesse Gross [Thu, 12 Jul 2012 23:27:31 +0000 (16:27 -0700)]
Add Tadaaki Nagao to AUTHORS.

Signed-off-by: Jesse Gross <jesse@nicira.com>
12 years agodatapath: Check for backported skb_frag_page().
Tadaaki Nagao [Thu, 12 Jul 2012 07:25:29 +0000 (16:25 +0900)]
datapath: Check for backported skb_frag_page().

Recently released CentOS 6.3 (and probably also RHEL 6.3, I assume)
backported skb_frag_page() and others to their 2.6.32-based kernel,
which caused build failure of Open vSwitch kernel modules.

Signed-off-by: Tadaaki Nagao <nagao@stratosphere.co.jp>
Signed-off-by: Jesse Gross <jesse@nicira.com>
12 years agoofproto: New feature to notify controllers of flow table changes.
Ben Pfaff [Thu, 12 Jul 2012 21:18:05 +0000 (14:18 -0700)]
ofproto: New feature to notify controllers of flow table changes.

OpenFlow switching monitoring and controller coordination can be made more
efficient if the switch can notify a controller of flow table changes as
they occur, rather than periodically polling for changes.  This commit
implements such a feature.

Feature #6633.
CC: Natasha Gude <natasha@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofproto: Add extra comments and checking for expiring a pending rule.
Ben Pfaff [Tue, 3 Jul 2012 21:00:38 +0000 (14:00 -0700)]
ofproto: Add extra comments and checking for expiring a pending rule.

A given rule may only have one pending operation at a time, so when an
operation is pending we must not allow a flow expiration to be started on
that rule.

This doesn't fix a user-visible bug in ofproto-dpif because ofproto-dpif
always completes operations immediately, that is, no operations will be
pending when expiration runs.  (Technically there is a bug if the user
runs "ovs-appctl ofproto/clog", but that feature is for debugging only and
there is no reason for a user to ever run it.)

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofproto: Represent flow cookie changes as operations too.
Ben Pfaff [Thu, 12 Jul 2012 17:17:10 +0000 (10:17 -0700)]
ofproto: Represent flow cookie changes as operations too.

An upcoming commit will add support for monitoring changes to the flow
table.  This feature wants to be able to report changes to flow cookies,
as well as to other properties of a flow.  Until now, however, a flow_mod
that modifies only the flow's cookie is treated as a special case that does
not go through the ofoperation mechanism.  That makes it harder to report
flow cookie-only changes (it would require an additional special case in
the reporting mechanism) so this commit changes cookie-only changes to
go through ofoperations.

The bulk of this change is to change the meaning of ofoperation's 'ofpacts'
member so that a NULL value indicates that the flow's actions are not
changing.  Otherwise a flow-cookie only change would still require copying
and then freeing all the actions, which seems like a waste.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofproto: Revert change in flow cookie when an ofoperation fails.
Ben Pfaff [Fri, 6 Jul 2012 17:36:00 +0000 (10:36 -0700)]
ofproto: Revert change in flow cookie when an ofoperation fails.

The flow_cookie member of struct ofoperation has always been there, but it
seems that it's never been used.  This fixes the code so that if a modify
operation fails the rule's original flow cookie is restored.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agorconn: Add byte counting feature to rconn_packet_counter.
Ben Pfaff [Thu, 12 Jul 2012 17:15:35 +0000 (10:15 -0700)]
rconn: Add byte counting feature to rconn_packet_counter.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoAdd OFPRR_EVICTION to enum ofp_flow_removed_reason.
Ben Pfaff [Tue, 3 Jul 2012 21:23:10 +0000 (14:23 -0700)]
Add OFPRR_EVICTION to enum ofp_flow_removed_reason.

This is likely to be part of OpenFlow 1.3.1 or 1.4 and we have use for it
beforehand to report evicted flows.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-util: Make put_stats__() public as ofputil_put_stats_header().
Ben Pfaff [Fri, 29 Jun 2012 23:35:17 +0000 (16:35 -0700)]
ofp-util: Make put_stats__() public as ofputil_put_stats_header().

An upcoming commit will introduce a user outside of ofp-util.c.

The change to put_stats_reply__() is larger than strictly necessary to
avoid making really ugly line breaks.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-print: Slightly extend ofp_print_bit_names().
Ben Pfaff [Fri, 29 Jun 2012 23:23:43 +0000 (16:23 -0700)]
ofp-print: Slightly extend ofp_print_bit_names().

In an upcoming commit I want to print comma-separated, not space-separated,
names for a set of bits.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoclassifier: New function cls_rule_is_loose_match().
Ben Pfaff [Thu, 12 Jul 2012 17:13:10 +0000 (10:13 -0700)]
classifier: New function cls_rule_is_loose_match().

This function will be useful in an upcoming commit.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofproto: Finalize all ofoperations in a given ofgroup at the same time.
Ben Pfaff [Sat, 30 Jun 2012 05:33:56 +0000 (22:33 -0700)]
ofproto: Finalize all ofoperations in a given ofgroup at the same time.

An upcoming commit will add support for flow table monitoring by
controllers.  One feature of this upcoming support is that a controller's
own changes to the flow table can be abbreviated to a summary, since the
controller presumably knows what it has already sent to the switch.
However, the summary only makes sense if a set of flow table changes
completely succeeds or completely fails.  If it partially fails, the
switch must not attempt to summarize it, because the controller needs
to know the details.  Given that, we have to wait for all of the
operations in an ofgroup to either succeed or fail before the switch
can send its flow table update report to the controllers.  This
commit makes that change.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofproto: Mark some function parameters const.
Ben Pfaff [Fri, 6 Jul 2012 17:02:09 +0000 (10:02 -0700)]
ofproto: Mark some function parameters const.

This allows FOR_EACH_MATCHING_TABLE to be used with const TABLE and
OFPROTO arguments.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-print: Print out_port field in "flow_mod"s.
Ben Pfaff [Fri, 6 Jul 2012 20:05:38 +0000 (13:05 -0700)]
ofp-print: Print out_port field in "flow_mod"s.

Somehow we've overlooked this for a long time.  I guess that feature
doesn't get used very much.

Also updates the test output for OFPT_FLOW_MOD to include the out_port
output and adds out_port to the NXT_FLOW_MOD tests.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoovs-ofctl: Add --sort and --rsort options for "dump-flows" command.
Ben Pfaff [Thu, 12 Jul 2012 20:32:47 +0000 (13:32 -0700)]
ovs-ofctl: Add --sort and --rsort options for "dump-flows" command.

Feature #8754.
Signed-off-by: Arun Sharma <arun.sharma@calsoftinc.com>
[blp@nicira.com rewrote most of the code]
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoovs-ofctl: Factor code out of read_flows_from_switch().
Ben Pfaff [Tue, 3 Jul 2012 18:31:03 +0000 (11:31 -0700)]
ovs-ofctl: Factor code out of read_flows_from_switch().

I want to use this code in another function in an upcoming commit.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoovs-ofctl: Use the prepared connection to dump flows in do_dump_flows__().
Ben Pfaff [Tue, 3 Jul 2012 17:25:35 +0000 (10:25 -0700)]
ovs-ofctl: Use the prepared connection to dump flows in do_dump_flows__().

The logic in do_dump_flows__() went to some trouble to open an OpenFlow
connection and set the correct protocol, but then it allowed
dump_stats_transaction() to create and use a completely different OpenFlow
connection that hadn't been prepared that way.  This commit fixes the
problem.

I don't think that there is a real bug here because currently the set of
protocols doesn't influence flow stats replies.  But that could change in
the future.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-util: Reload ofpbuf pointers after nx_put_match().
Ben Pfaff [Thu, 12 Jul 2012 18:31:13 +0000 (11:31 -0700)]
ofp-util: Reload ofpbuf pointers after nx_put_match().

Fixes a wild pointer write when nx_put_match() expands the ofpbuf.

The change to the OFPST_FLOW case isn't strictly a bug fix, it just makes
the code for that case more closely resemble the NXST_FLOW case.

Bug #12403.
Bug #12460.
Bug #12461.
Bug #12481.
Reported-by: Timothy Chen <tchen@nicira.com>
Reported-by: Natasha Gude <natasha@nicira.com>
Reported-by: James Schmidt <jschmidt@nicira.com>
Reported-by: Alan Shieh <ashieh@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agometa-flow: Remove mf_set_subfield and mf_set_subfield
Simon Horman [Thu, 5 Jul 2012 08:15:17 +0000 (17:15 +0900)]
meta-flow: Remove mf_set_subfield and mf_set_subfield

These functions do not appear to be used any more.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoovs-vsctl: Correct example for removing a mirror.
Ben Pfaff [Thu, 12 Jul 2012 15:43:29 +0000 (08:43 -0700)]
ovs-vsctl: Correct example for removing a mirror.

Reported-by: Kris zhang <zhang.kris@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoFAQ: Patch ports are not targeted for upstream.
Ben Pfaff [Thu, 12 Jul 2012 15:08:15 +0000 (08:08 -0700)]
FAQ: Patch ports are not targeted for upstream.

The previous text was ambiguous.

Reported-by: Konstantin Khorenko <khorenko@openvz.org>
CC: Jesse Gross <jesse@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agometa-flow: Reduce redundant transport set/get code
Joe Stringer [Wed, 11 Jul 2012 23:07:15 +0000 (11:07 +1200)]
meta-flow: Reduce redundant transport set/get code

Signed-off-by: Joe Stringer <joe@wand.net.nz>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agocfm: Always initialize CCM "internal_ms_x" extension field.
Ben Pfaff [Tue, 10 Jul 2012 21:51:29 +0000 (14:51 -0700)]
cfm: Always initialize CCM "internal_ms_x" extension field.

Found by valgrind:

Syscall param socketcall.sendmsg(msg.msg_iov[i]) points to uninitialised
byte(s)
   at 0x42D3021: sendmsg (in /lib/libc-2.5.so)
   by 0x80E4D23: nl_sock_transact (netlink-socket.c:670)
   by 0x80D9086: dpif_linux_execute__ (dpif-linux.c:872)
   by 0x807D6AE: dpif_execute__ (dpif.c:957)
   by 0x807D6FE: dpif_execute (dpif.c:987)
   by 0x805DED9: send_packet (ofproto-dpif.c:4727)
   by 0x805F8E1: port_run_fast (ofproto-dpif.c:2441)
   by 0x8065CF6: run_fast (ofproto-dpif.c:926)
   by 0x805674F: ofproto_run_fast (ofproto.c:1148)
   by 0x804C957: bridge_run_fast (bridge.c:1980)
   by 0x8053F49: main (ovs-vswitchd.c:123)
  Address 0xbea0895c is on thread 1's stack

Bug #11797.
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agotests: Improve test coverage of OXM metadata field
Joe Stringer [Wed, 11 Jul 2012 12:01:11 +0000 (00:01 +1200)]
tests: Improve test coverage of OXM metadata field

Signed-off-by: Joe Stringer <joe@wand.net.nz>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoNXM, OXM: Add Flow Label Tests
Simon Horman [Mon, 9 Jul 2012 09:03:54 +0000 (18:03 +0900)]
NXM, OXM: Add Flow Label Tests

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoAdd forgotten header
Ed Maste [Wed, 11 Jul 2012 13:16:00 +0000 (09:16 -0400)]
Add forgotten header

Signed-off-by: Ed Maste <emaste@freebsd.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoFAQ: Add FAQ entry for determining OpenFlow port numbers.
Ben Pfaff [Wed, 11 Jul 2012 07:58:53 +0000 (00:58 -0700)]
FAQ: Add FAQ entry for determining OpenFlow port numbers.

I don't understand why, but I've had this question from multiple people
recently.

Signed-off-by: Ben Pfaff <blp@nicira.com>
12 years agoofp-actions: Add hex dump of bad actions to log message on error.
Ben Pfaff [Mon, 9 Jul 2012 21:21:00 +0000 (14:21 -0700)]
ofp-actions: Add hex dump of bad actions to log message on error.

This should make debugging easier in such cases.

Bug #12460.
Reported-by: Natasha Gude <natasha@nicira.com>
Reported-by: James Schmidt <jschmidt@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>