git.onelab.eu Git - sliver-openvswitch.git/log

xenserver: Add information about some bugtool scripts.

The README file in xenserver directory currently misses information
about a few bugtool scripts. Add them.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

ovs-bugtool: Add ovs-appctl dpif commands to debug bundle.

With single datapath, 'ovs-dpctl dump-flows ' dumps datapath flows for
all the userspace bridges in a system. It can get a little harder
to figure out the datapath flows belonging to a particular userspace
bridge.

This patch adds the 'ovs-appctl dpif/show' and 'ovs-appctl dpif/dump-flows'
output for each userspace bridge. This gives us a summary of configured
datapaths and all datapath flow entries for each bridge separately.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

ovs-bugtool: Add iptables output for all tables.

Currently we list all the rules only from the 'filter' table.
Include the rules from all the other tables too.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

odp-utils: Fix memory corruption while flow parsing.

Currently, when flow attribute type is greater than OVS_KEY_ATTR_MAX,
we can write into a random memory address causing corruption. Fix it.

Bug #15702.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

ofproto-dpif: Push statistics in rule_get_stats().

As time goes on, and flow tables become more complicated, the
tradeoff between keeping up to date statistics, and the CPU
resources needed to maintain them, will become more important.
Commit 5c0243a (ofproto-dpif: xlate actions once with subfacets.)
delayed the reporting of some statistics in an effort to achieve
higher flow setup performance. Future commits will continue in the
same direction.

This patch helps to alleviate the issue, by pushing statistics
rule_get_stats(), when users actually want them. Presumably, this
happens rarely, and thus will not have a negative impact on
ovs-vswitchd performance.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

extract-ofp-errors: Make Python 3 compatible.

extract-ofp-errors doesn't work with python 3 for the
following reasons:

- several "SyntaxError: invalid syntax":
print not a keyword anymore. As a function it requires '()'
- AttributeError: 'dict' object has no attribute 'itervalues'
Use values() instead.

Test done:
Generate using ofp-errors.inc as a reference
Patch for python 3, then regenerate ofp-errors.inc
Diff between the two outputs.

Signed-off-by: Damien Millescamps <damien.millescamps@6wind.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

FAQ: Change stray triple-blank line to double-blank line for consistency.

Reported-by: Reid Price <rprice@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovs-bugtool: Add ovs-ofctl commands to bugtool plugin scripts.

This patch adds two new scripts that run "ovs-ofctl show" and
"ovs-ofctl dump-flows" on each bridge.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

ovs-bugtool: Remove calls of ovs-ofctl on ovs-system.

With single datapath, making ovs-ofctl calls on ovs-system
does not give the necessary o/p. This patch removes those calls.

The next patch adds the correct commands to bugtool plugin scripts.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

nicira-ext: Fix comment on NXAST_STACK_PUSH and NXAST_STACK_POP.

CC: Pankaj Thakkar <pthakkar@vmware.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif: xlate actions once with subfacets.

Before this patch, when ofproto-dpif decided that a particular flow
miss needed a facet, it would do action translation multiple times.
Once in subfacet_make_actions(), and once per packet in
subfacet_update_stats().  In the common case (once per miss), this
would double the amount of work required in xlate_actions().

The call to facet_push_stats() in subfacet_update_stats() is
unnecessary.  If the packets are simply accounted to the facet,
they will eventually be pushed to the relevant rules in
update_stats() or when the facet is removed.   Removing the
unnecessary step gives us a 20% improvement of the netperf TCP_CRR
benchmark with the complex flow tables installed by our controller.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

mpls: Allow l3 and l4 actions to prior to a push_mpls action

* Update the order in which actions are committed and thus
  appear in the datapath such that MPLS actions appear after
  l3 and l4 (nw and port) actions.

  In the case where an mpls_push action is present it should ensure
  that l3 and l4 actions occur first, which seems logical as
  once a mpls_push has occur the frame will be MPLS rather
  than IPv4 or IPv6.

  In the case where there is an mpls_pop action is present this should
  not make any difference as the frame will have been MPLS to start with
  and thus not satisfy the pre-requisites for  l3 or l4 actions.

* Update commit_set_nw_action() to use the base ethertype when considering
  eligibility to commit l3 (nw) actions. This allows l3 actions to be
  applied so long as the frame was originally IPv4 or IPv6, even if
  an mpls_push action will be applied and thus flow indicates the
  frame will be MPLS.

* Make actions that may modify port or network information conditional on
  the flow's ethernet type being an IP ethernet type. This is to ensure
  that actions that modify network and port information do not occur
  on non IP packets, for example if an mpls_push action has changed a
  packet from IP to MPLS.

  Note that modification of network data is already prevented by
  virtue of commit_set_nw_action() only having cases for when the
  ethernet type of the flow is  IPV4 or IPV6. The conditionality
  of network actions on the ethernet type has been added to
  do_xlate_actions() to make it explicit.

* Add a check to commit_set_port_action() to ensure that the base
  flow is IP. This protects against the case where move_reg is used
  to change transport ports after an MPLS header is pushed.

Signed-off-by: Simon Horman <horms@verge.net.au>
[jesse: Add check for an IP protocol when committing L4 actions.]
Signed-off-by: Jesse Gross <jesse@nicira.com>

configure: Only link against libpcap on FreeBSD.

On other platforms there is no benefit to linking against libpcap, because
it is not used.

Signed-off-by: Ben Pfaff <blp@nicira.com>
CC: Ed Maste <emaste@freebsd.org>

bridge: Rate-limit updates to "instant stats".

Some information in the database must be kept as up-to-date as
possible to allow controllers to respond rapidly to network outages.
We call these statistics "instant" stats.

Until now, the instant stats have been updated on every trip through
the main loop.  This work scales with the number of interfaces that
ovs-vswitchd manages.  With CFM enabled on 5000 interfaces, even with
a low transmission rate, we see ovs-vswitchd using 100% CPU just to
maintain statistics, even with no actual changes.

This commit rate-limits updates to instant stats to at most 10 times
per second.  Earlier tests I did with similar patches showed a major
reduction in CPU usage.  I have not rerun those tests with this patch,
but I expect that the CPU usage should similarly decline.

CC: Ram Jothikumar <rjothikumar@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

datapath: Remove checks for preinitialized flow.

Header caching used to store a precomputed flow along with the skb
but no longer exists. There were a few remaining checks for those
flows, which this removes. It simplifies the code slightly and brings
us closer to upstream.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

debian: Re-add --timeout option for ifupdown script.

Commit fba6bd1d3f(ovs-vsctl: Try connecting only once for active connections..)
removed the timeout option from ifupdown.sh. Removing the "--timeout=" option
can cause ifupdown script to hang if ovs-vswitchd is not running and ifupdown
script changes the OVSDB. So, re-add it.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

rhel: Set STP of a bridge during bridge creation.

This patch sets the value of STP (if provided) at the same
time of bridge creation. This eliminates an extra ovs-vsctl call
and does not let ovs-vswitchd run briefly with STP not enabled.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

rhel: Prevent duplicate ifup calls.

When we configure OVS using rhel ifupdown scripts,
we call ifup on a bridge twice. Once while configuring the
bridge and once while configuring the ports of the bridge.
This looks harmless but unnecessary. This patch fixes the
behavior.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

NEWS: Update release for ovs-vsctl changes from post-1.10 to 1.10.

This feature was backported.

Signed-off-by: Ben Pfaff <blp@nicira.com>

ipsec: unset IPSEC_MARK flag from skb_mark after tunnel packet is decapsulated

After tunnel packet is unencapsulated we should unset IPsec flag from
skb_mark.

Otherwise, IPsec policies would be applied one more time on internal
interfaces, if there is one. This is especially necessary after we
will introduce global, low-priority IPsec drop policy that will make
sure that we never let through marked but unencrypted packets.

Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Issue: 15074

ovs-vsctl: Try connecting only once for active connections by default.

Until now, ovs-vsctl has kept trying to the database server until it
succeeded or the timeout expired (if one was specified with --timeout).
This meant that if ovsdb-server wasn't running, then ovs-vsctl would hang.
The result was that almost every ovs-vsctl invocation in scripts specified
a timeout on the off-chance that the database server might not be running.
But it's difficult to choose a good timeout.  A timeout that is too short
can cause spurious failures.  A timeout that is too long causes long delays
if the server really isn't running.

This commit should alleviate this problem.  It changes ovs-vsctl's behavior
so that, if it fails to connect to the server, it exits unsuccessfully.
This makes --timeout obsolete for the purpose of avoiding a hang if the
database server isn't running.  (--timeout is still useful to avoid a hang
if ovsdb-server is running but ovs-vswitchd is not, for ovs-vsctl commands
that modify the database.  --no-wait also avoids that issue.)

Bug #2393.
Bug #15594.
Reported-by: Jeff Merrick <jmerrick@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

Remove encal_dl_type from struct flow

There were plans to use this in conjunction with inner/outer flows,
however that plan has been changed in favour of using recirculation.
This leaves us with the current usage.

encal_dl_type is currently only used to allow decoding of packets used in
the test suite. However, this is a bit of a fudge and the packets may be
provided as hexadecimal instead.

Also remove comments from parse_l2_5_onward() relating to MPLS which are
not in keeping with the commenting throughout the rest of the function.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Jesse Gross <jesse@nicira.com>

Revert "flow: Split flow_extract"

It was planned to use this code to allow further processing of packets, a
second pass done when constructing a flow. Instead it is now planned to
use recirculation to address the problems that secondary processing aimed
to resolve. As a result there are no longer plans to use
flow_extract_l3_onwards() and it seems prudent to remove it.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Jesse Gross <jesse@nicira.com>

ovs-dpctl: New add-flow, mod-flow, del-flow commands.

Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath: Remove old patch interface definitions.

Patch ports have been completely moved to userspace at this point
but one part of the interface remained. It's no longer used by
either userspace or kernel so this deletes it.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

datapath: Provide additional RCU backports.

A recent commit started using rcu_dereference_raw, hlist_first_rcu,
and hlist_next_rcu so this provides backports for kernels where they
don't exist.

Signed-off-by: Jesse Gross <jesse@nicira.com>

ovs-bugtool: Add ovs-ctl.log to debug bundle.

ovs-ctl.log will include the o/p of ovs-ctl when
run from rhel, debian and xenserver startup scripts.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

debian, rhel, xenserver: Ability to collect ovs-ctl logs.

We use ovs-ctl from startup scripts to start, stop, restart,
force-reload-kmod OVS daemons. ovs-ctl gives quite a descriptive
o/p while running the above commands. But the o/p goes to stdout.
Sometimes, this output is quite useful to debug issues.

With this patch, we store the o/p of ovs-ctl when called from
startup scripts in /var/log/openvswitch/ovs-ctl.log

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

datapath: hlist: drop the node parameter from iterators

I'm not sure why, but the hlist for each entry iterators were conceived

        list_for_each_entry(pos, head, member)

The hlist ones were greedy and wanted an extra parameter:

        hlist_for_each_entry(tpos, pos, head, member)

Why did they need an extra pos parameter? I'm not quite sure. Not only
they don't really need it, it also prevents the iterator from looking
exactly like the list iterator, which is unfortunate.

Besides the semantic patch, there was some manual work required:

- Fix up the actual hlist iterators in linux/list.h
- Fix up the declaration of other iterators based on the hlist ones.
- A very small amount of places were using the 'node' parameter, this
was modified to use 'obj->member' instead.
- Coccinelle didn't handle the hlist_for_each_entry_safe iterator
properly, so those had to be fixed up manually.

The semantic patch which is mostly the work of Peter Senna Tschudin is here:

@@
iterator name hlist_for_each_entry, hlist_for_each_entry_continue, hlist_for_each_entry_from, hlist_for_each_entry_rcu, hlist_for_each_entry_rcu_bh, hlist_for_each_entry_continue_rcu_bh, for_each_busy_worker, ax25_uid_for_each, ax25_for_each, inet_bind_bucket_for_each, sctp_for_each_hentry, sk_for_each, sk_for_each_rcu, sk_for_each_from, sk_for_each_safe, sk_for_each_bound, hlist_for_each_entry_safe, hlist_for_each_entry_continue_rcu, nr_neigh_for_each, nr_neigh_for_each_safe, nr_node_for_each, nr_node_for_each_safe, for_each_gfn_indirect_valid_sp, for_each_gfn_sp, for_each_host;

type T;
expression a,c,d,e;
identifier b;
statement S;
@@

-T b;
    <+... when != b
(
hlist_for_each_entry(a,
- b,
c, d) S
|
hlist_for_each_entry_continue(a,
- b,
c) S
|
hlist_for_each_entry_from(a,
- b,
c) S
|
hlist_for_each_entry_rcu(a,
- b,
c, d) S
|
hlist_for_each_entry_rcu_bh(a,
- b,
c, d) S
|
hlist_for_each_entry_continue_rcu_bh(a,
- b,
c) S
|
for_each_busy_worker(a, c,
- b,
d) S
|
ax25_uid_for_each(a,
- b,
c) S
|
ax25_for_each(a,
- b,
c) S
|
inet_bind_bucket_for_each(a,
- b,
c) S
|
sctp_for_each_hentry(a,
- b,
c) S
|
sk_for_each(a,
- b,
c) S
|
sk_for_each_rcu(a,
- b,
c) S
|
sk_for_each_from
-(a, b)
+(a)
S
+ sk_for_each_from(a) S
|
sk_for_each_safe(a,
- b,
c, d) S
|
sk_for_each_bound(a,
- b,
c) S
|
hlist_for_each_entry_safe(a,
- b,
c, d, e) S
|
hlist_for_each_entry_continue_rcu(a,
- b,
c) S
|
nr_neigh_for_each(a,
- b,
c) S
|
nr_neigh_for_each_safe(a,
- b,
c, d) S
|
nr_node_for_each(a,
- b,
c) S
|
nr_node_for_each_safe(a,
- b,
c, d) S
|
- for_each_gfn_sp(a, c, d, b) S
+ for_each_gfn_sp(a, c, d) S
|
- for_each_gfn_indirect_valid_sp(a, c, d, b) S
+ for_each_gfn_indirect_valid_sp(a, c, d) S
|
for_each_host(a,
- b,
c) S
|
for_each_host_safe(a,
- b,
c, d) S
|
for_each_mesh_entry(a,
- b,
c, d) S
)
    ...+>

[akpm@linux-foundation.org: drop bogus change from net/ipv4/raw.c]
[akpm@linux-foundation.org: drop bogus hunk from net/ipv6/raw.c]
[akpm@linux-foundation.org: checkpatch fixes]
[akpm@linux-foundation.org: fix warnings]
[akpm@linux-foudnation.org: redo intrusive kvm changes]
Tested-by: Peter Senna Tschudin <peter.senna@gmail.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Cc: Wu Fengguang <fengguang.wu@intel.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>
Cc: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Jesse Gross <jesse@nicira.com>

datapath: Backport simplified hlist iterators.

The hlist iterator macros were simplified upstream to remove the
need for a scratch pointer. This backports those versions, which
don't otherwise touch anything else about the data structures.

Signed-off-by: Jesse Gross <jesse@nicira.com>

ovs-ofctl: Improve description of mod_nw_tos action.

Reported-by: Murphy McCauley <murphy.mccauley@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

lib: Rename lib/pcap.h to avoid inclusion conflicts.

lib/pcap.h has a name that conflicts with /usr/include/pcap.h. When one
wants to include pcap.h from libpcap (i.e.: the one from /usr/include), one
may end up with pcap.h from openvswitch.

This change renames this header to pcap-file.h and updates all
references to this file.

This change was tested with `make distcheck`.

Signed-off-by: Stephane A. Sezer <sas@cd80.net>
Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath: fix drvinfo strings set in drivers

Use strlcpy where possible to ensure the string is \0 terminated.
Use always sizeof(string) instead of 32, ETHTOOL_BUSINFO_LEN
and custom defines.
Use snprintf instead of sprint.
Remove unnecessary inits of ->fw_version
Remove unnecessary inits of drvinfo struct.

Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jesse Gross <jesse@nicira.com>

rhel: Return an exit value of 0 for ifup-ovs.

When the variable "STP" is not set, the last executed command is False
while running ifup-ovs for OVSBridge. This causes the ifup-ovs
script to return an error resulting in a failure.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

ovs-appctl: dpif/show display per bridge stats

This is to fix the fallout of single datapath change.
ovs-appctl dpif/show displays per bridge miss, hit
and flow counts on the screen, but the backend is
obtaining those information from the datapath.
With a single datapath, all bridges of the same
datapath would all display the same (global)
counters maintained by the datapath, obviously
not correct.

This patch fixes the bug by maintaining per ofproto_dpif
miss and hit counts, which are used for display output.
The number of flows count is obtained by counting the
number facets per ofproto.

ovs-dpctl show still displays the counters maintain by
the datapath, as before.

Bug #15369

Signed-off-by: Andy Zhou <azhou@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

tunnel: Remove references to multicast tunnels in schema documentation.

The vestigal multicast support in tunnels has been removed at this
point, so this deletes the remaining references in the documentation.

Reported-by: Guangvy <1965837689@qq.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

datapath: Check for Centos 6.4 backports.

Centos 6.4 backported a number of additional functions so our existing
versions started causing conflicts.

Reported-by: Denis Iskandarov <d.iskandarov@gmail.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

bridge: Store the 'mac_in_use' for interfaces in OVSDB.

It can be useful to remotely determine the MAC addresses of attached
interfaces without going through OpenFlow. This adds the MAC address to
a new 'mac_in_use' column on the Interface table.

Feature #15551

Requested-by: Paul Ingram <paul@nicira.com>
Signed-off-by: Justin Pettit <jpettit@nicira.com>

bridge: Minor style fix.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

datapath: Reduce loop limit by one to 4.

We currently allow five trips through the kernel datapath
before dropping the packet to protect the stack. However, there
have been a few reports recently involving tunneling that this is
still too much. Although it's not a complete solution, this reduces
the limit by one to balance safety in common situations with
flexibility.

Bug #15477

Reported-by: Paul Ingram <paul@nicira.com>
Reported-by: 謝秉融 <faithfulman@gmail.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

bridge: Minor style fix.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ofproto: Remove unnecessary struct forward declaration.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ovsdb: Allow recovery from transient write errors in log implementation.

Until now, the OVSDB data journaling implementation has made write errors
"sticky", so that a single write error persists as long as ovsdb-server is
alive. However, some kinds of write errors (such as ENOSPC) can be
transient in practice. I don't know of a good reason to make such errors
sticky, so this commit makes the journaling code retry writes even after
an error occurs, allowing ovsdb-server to recover from transient errors.

Reported-by: likunyun <kunyunli@hotmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

vswitch.xml: Document iface-status behavior for intra-hypervisor migration.

Based on a face-to-face discussion.

CC: Natasha Gude <natasha@nicira.com>
CC: Andrew Lambeth <wal@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ovsdb: Fix memory leak.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

connmgr: Fix memory leak in ofconn monitor table.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

Set dates for 1.9.0 release.

This also sets the dates for 1.8.0, even though it was an internal-only
release.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

NEWS: Note tunneling feature removals in the correct release.

Signed-off-by: Jesse Gross <jesse@nicira.com>

ovs-ctl.in: Set hard limit for core files created.

Currently we set a soft limit while defining the maximum size of
core files. If there is already a hard limit set that is lesser
than the soft limit we are setting, it will fail.

Since our startup scripts start with root permissions, it looks
fine to set the hard limit directly instead.

Reported-by: Dan Wendlandt <dan@nicira.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

ofproto-dpif: Remove unnecessary ofp_port to odp_port mapping.

Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

nicira-ext: Document that nx_flow_mod_table_id applies to nx_flow_mod too.

It wasn't clear from the comments that nx_flow_mod_table_id applies to
nx_flow_mod as well as ofp10_flow_mod, but it does and always has. This
commit makes it clear.

Reported-by: Justin Pettit <jpettit@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

NEWS: Fix release for table ID in NXM flow_removed feature.

I forgot that I was planning to backport this to branch-1.10.

Signed-off-by: Ben Pfaff <blp@nicira.com>

Add table_id to NXM flow_removed messages.

Feature #15466.
Requested-by: Ronghua Zhang <rzhang@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif: Fix up user specifying wrong bridge on "ofproto/trace".

If there is more than one bridge, then it's easy to specify the wrong one
on an ofproto/trace command.  Previously, this would produce surprising
results.  With this commit, "ofproto/trace" should silently fix up the
problem.

It would be nice to not require the user to specify a bridge at all, but
it's theoretically possible to have more than one backer, in which case we
need some way to distinguish, and a bridge name is as good an identifier
as we have.  We could ask the user to specify the datapath_type, I guess,
but that's a less familiar name to most users and it would be a somewhat
gratuitous change in synatx for ofproto/trace.

Bug #15419.
Reported-by: Paul Ingram <paul@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif: GOTO_TABLE recursion removal.

Remove recursion from GOTO_TABLE processing in do_xlate_actions().
This allows packet processing pipelines built with goto table be
longer and not interact with each other via the resubmit recursion limit.

Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif: Print slow-path actions instead of "drop" in dump-flows.

The command "ovs-appctl dpif/dump-flows" would print slow-path actions
as "drop", which could be confusing to users. This is different from
"ovs-dpctl dump-flows", which prints a descriptive reason. This commit
replaces "drop" with the reason.

Bug #14840

Signed-off-by: Justin Pettit <jpettit@nicira.com>

ofproto-dpif: Add helper function to retrieve a subfacet from a facet.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

ofproto-dpif: Clarify that 'one_subfacet' may not always be valid.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

timeval: Avoid backtrace() from signal handler on x86-64.

backtrace() is really useful, but it is not signal safe everywhere. We
need to reassess whether it is reasonable to use it anywhere, but
immediately we need to disable it on x86-64 (with glibc) because it is
causing segfaults in testing.

Bug #15497.
Reported-by: Ram Jothikumar <rjothikumar@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: Treat zero MPLS post-decrement TTL as invalid.

RFC 3443 says that an outgoing MPLS TTL of zero is invalid, so we must send
packets that have such a TTL post-decrement to the controller rather than
allowing them to continue through the OpenFlow tables.

Here is the text from RFC 3443 that implies this behavior:

   oTTL: This is the TTL value used as the outgoing TTL value (see
   section 3.5 for exception).  It is always (iTTL - 1) unless otherwise
   stated.

   oTTL Check: Check if oTTL is greater than 0.  If the oTTL Check is
   false, then the packet is not forwarded.  Note that the oTTL check is
   performed only if any outgoing TTL (either IP or MPLS) is set to oTTL
   (see section 3.5 for exception).

That is, the output TTL is one less than the input TTL, and a packet with
an output TTL of 0 must not be forwarded.

CC: Bruce Davie <bsd@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Reviewed-by: Simon Horman <horms@verge.net.au>

bridge: Fix interpretation of 'health' member of struct ofproto_cfm_status.

Commit 9a9e3786b3a8 (ofproto: Merge all the CFM query functions into one.)
mistakenly interpreted struct ofproto_cfm_status as always being in the
range [0,100]. It can in fact take the value -1 if the health status is
not currently well-defined.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

bridge: Fix remote_opstate bug recently introduced.

Commit 9a9e3786b3a8 (ofproto: Merge all the CFM query functions into one.)
mistakenly transformed a tristate variable into a Boolean one. This commit
fixes the problem.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

tunnel: Mark ECN status on decapsulated tunnel packets.

In the kernel tunnel implementation, if a packet was marked as ECN CE on
the outer packet then we would carry this over to the inner packet on
decapsulation. With the switch to flow based tunneling, this stopped
happening. This commit reintroduces that behavior by using the set IP
header action.

Bug #15072

Signed-off-by: Justin Pettit <jpettit@nicira.com>

tunnel: Generate datapath flows for tunneled packets dropped due to ECN.

Move the check for whether tunneled packets should be dropped due to
congestion encountered (CE) when the encapsulated packet is not ECN
capable (non-ECT). This also adds some additional tests for ECN
handling on tunnel decapsulation.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

ofproto-dpif: Store the initial tunnel IP TOS values for later use.

When a packet arrives on an IP tunnel, store the TOS value for later
use. This value will be used in a couple of future commits.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

ofproto-dpif: Make initial packet value handling generic.

For VLAN splinters, an "initial_tci" value was introduced that is passed
around during flow processing to be used later for action translation.
This commit switches to passing around a struct so that additional
values beyond TCI can be used. A future commit will use this.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

ofproto-dpif: Pass around "facet" in flow_push_stats().

The flow_push_stats() function will need other members of the "facet"
structure in a future commit.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

nicira-ext: Add Nicira actions NXAST_STACK_PUSH and NXAST_STACK_POP.

The Push action takes a single parameter. Any source allowed by NXAST_REG_MOVE
is allowed to be pushed onto the stack. When the source is a bit field,
its value will be right shifted to bit zero before being pushed onto the
stack. The remaining bits will be set to zero.

The Pop action also takes a single parameter. Any destination allowed by
NXAST_REG_MOVE can be used as the destination of the action. The value, in
case of a bit field, will be taken from top of the stack, starting from
bit zero.

The stack size is not limited. The initial 8KB is statically allocated to
efficiently handle most common use cases. When more stack space is
required, the stack can grow using malloc().

Signed-off-by: Andy Zhou <azhou@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto: Merge all the CFM query functions into one.

This eliminates several function calls and in particular several
hash table lookups to find structures corresponding to a port
number from iface_refresh_cfm_stats().

This does not seem to reduce CPU use, but the code is shorter
and more readable.

Bug #15171.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

Add support for set_mpls_ttl action

This adds support for the OpenFlow 1.1+ set_mpls_ttl action.
And also adds an NX set_mpls_ttl action.

The handling of the TTL modification is entirely handled in userspace.

Reviewed-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>

Add support for dec_mpls_ttl action

This adds support for the OpenFlow 1.1+ dec_mpls_ttl action.
And also adds an NX dec_mpls_ttl action.

The handling of the TTL modification is entirely handled in userspace.

Reviewed-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>

timeval: Increase accuracy of cached time 4X, from 100 ms to 25 ms.

With CFM and other tunnel monitoring protocols, having a fairly precise
time is good. My measurements don't show this change increasing CPU use.
(In fact it appears to repeatably reduce CPU use slightly, from about
22% to about 20% with 1000 CFM instances, although it's not obvious why.)

Bug #15171.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

timeval: Enable caching the current time even on x86-64.

With CFM enabled on 1000 tunnels, this reduced CPU use from about 30% to
about 22%.

Bug #15171.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

ovsdb-idlc: Make no-op writes to write-only columns cheaper.

For 1000 tunnels with CFM enabled, this reduces CPU use from
about 36% to about 30%.

Bug #15171.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

tunneling: Simplify ovs_tnl_send() error handling code.

Following commit slightly improves code readability. It is
also correctness fix as ip_local_out() was storing error
code in err which was not int.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

datapath: Fix circular dependency between bug.h and kernel.h.

In Linux 3.4 the definition for BUILD_BUG_ON_NOT_POWER_OF_2 was
moved from kernel.h to bug.h. On various kernels these header
files include each other in various orders (often through a
long chain of other header files), which can create circular
dependency issues. Since we not longer need this definition,
this simply removes the backport.

Reported-by: Palo Andi <andi@dis.uniroma1.it>
Signed-off-by: Jesse Gross <jesse@nicira.com>

ovs-ctl.in: Restore interfaces and ofports for userspace restarts.

When we upgrade from pre-1.9 to 1.10 or later branches, when just
the user space daemons are restarted, with the older kernel module
intact, datapaths are recreated.

This results in loosing the internal interface states like ip addresses,
routing table entries etc. Also, the 'ofport' value of the older interfaces
change.

With this patch we restore the interface states, ofport values etc,
when "ovs-ctl restart" or "/etc/init.d/openvswitch[-switch] restart
--save-flows" is called. The later command is automatically called
when debian packages are installed.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

ovs-ctl.in: Clean up code for the next commit.

Previously, we would null the variables holding the names of the restore
scripts in case there were any errors in creating the restore script or if
we did not need to run a particular restore script. That is not necessary,
as we can just check the execution permission set on those scirpts.

Also, carve out a couple of functions which will be used in the next commit.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

Tunnel: Cleanup old tunnel infrastructure.

Since userspace flow based tunneling code is checked in, the kernel
port based tunneling code can be removed.

Patch removes following components:
- tunnel ports hash table and moved tunnel ports list to individual
vports.
- Cleaned per tnl-port config.
- OVS_KEY_ATTR_TUN_ID action is removed.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Bug #15078

CodingStyle: Mention our common return value conventions.

CC: Andy Zhou <azhou@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofpbuf: Remove OFPBUF_STACK_BUFFER.

Its alleged convenience just doesn't outweigh the syntactical ugliness, and
so it didn't have any users.

Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath: Increase maximum allocation size of action list.

The switch to flow based tunneling increased the size of each output
action in the flow action list. In extreme cases, this can result
in the action list exceeding the maximum buffer size.
This doubles the maximum buffer size to compensate for the increase
in action size.
Action list is recieved from netlink callback which is allocating
linear-skb, therefore allocating another multi-page buffer would
not increase probability of the allocation-failure a lot.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Bug #15203

Revert "datapath: Increase maximum allocation size of action list."

This reverts commit 82b0d755094ec675ea1a49b4ae58bc1c5e8e51c2.

This patch introduced bug by calling vfree() from interrupt context.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

netdev: Update comment.

The claim that there's only a single implementation was long obsolete.

Signed-off-by: Ben Pfaff <blp@nicira.com>

netdev-linux: Fix netdev_linux_send() return value in corner case.

A negative 'sock' means there was an error but netdev_linux_send() returns
a positive errno value on error.

Signed-off-by: Ben Pfaff <blp@nicira.com>

nx-match: Correct writing of value and length in set_field_to_ofast()

ofpbuf_put_* may reallocate the underlying buffer of the ofpbuf and
thus writing data after a ofpbuf_put_* call must write to memory
relative to the pointer returned by the call.

Prior to this change the length and trailing value would not be written to
the set_field action if ofpbuf_put_* may reallocated the underlying buffer.

Also make use of ofpbuf_put_zero() to avoid calling memset() directly.

Tested-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>

AUTHORS: Add Andy Zhou.

CC: Andy Zhou <azhou@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

python: Do not include time stamp in syslog messages.

vlog.py currently generates the same log messages, starts with the time stamp
information, for console, syslog and file. All messages start with current
time stamp information.

Syslogd, by default, prepends time stamp with each message already. Thus
the time stamp generated by vlog.py is redundant.

This patch removes time stamp from the message before vlog.py sends it
to syslogd.

Signed-off-by: Andy Zhou <azhou@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

tunnel: Only print non-default UDP dst_port for LISP/VXLAN tunnels

In get_tunnel_config(), distinguish between VXLAN and LISP when deciding
whether or not to print UDP destination port. Only add the UDP
destination port for either protocol if it is not the default UDP port.
Update the LISP unit test to match the new behavior as well.

Signed-off-by: Kyle Mestery <kmestery@cisco.com>
[jesse: merge common test for VXLAN and LISP]
Signed-off-by: Jesse Gross <jesse@nicira.com>

ofproto-dpif: Handle tunnel config changes in facet_revalidate().

For most of the history of Open vSwitch, one could assume that a
given datapath flow key would consistently translate into the same
userspace struct flow representation.  However, with the switch to
flow based tunneling, we now have a situation where a database
configuration change can cause a datapath flow key's in_port to
correspond to a completely different OpenFlow in_port possibly on a
completely different bridge.  This can cause all sorts of problems,
including traffic black holes due to confused facet revalidations.

To solve the problem, this patch verifies that each facet's
subfacets still result in the appropriate struct flow.  If a facet
fails this test, it is simply removed.

Bug #15213.
Signed-off-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: Ignore subfacet install errors.

When we fail to install a subfacet, there's not much we can do
other than note that it happened.  However, doing this requires us
to maintain a pointer to a subfacet which theoretically could be
destroyed by facet_revalidate() later.  This patch solves the
problem by simply assuming dpif_flow_put() always succeeds.  This
should have no effect on behavior.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: Always maintain subfacet key.

Due to flow based tunneling, we can no longer assume that it's
possible to reconstruct a subfacet's key from its facet's flow.
The flow's in_port may be stale due to tunnel configuration
changes.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

tests: Add VXLAN and LISP tunnel tests to the unit test infrastructure.

Signed-off-by: Kyle Mestery <kmestery@cisco.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

documentation: Add instructions on how to run the unit test infrastructure.

Signed-off-by: Kyle Mestery <kmestery@cisco.com>
Co-authored-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto: Create and delete tnl_backers in type_run()

Garbage collect tnl_backers during type_run(). Add new
tnl_backers if a VXLAN port's UDP port changes.

Signed-off-by: Kyle Mestery <kmestery@cisco.com>
Signed-off-by: Ethan Jackson <ethan@nicira.com>

Add support for LISP tunneling

LISP is an experimental layer 3 tunneling protocol, described in RFC
6830.  This patch adds support for LISP tunneling.  Since LISP
encapsulated packets do not carry an Ethernet header, it is removed
before encapsulation, and added with hardcoded source and destination
MAC addresses after decapsulation.  The harcoded MAC chosen for this
purpose is the locally administered address 02:00:00:00:00:00.  Flow
actions can be used to rewrite this MAC for correct reception.  As such,
this patch is intended to be used for static network configurations, or
with a LISP capable controller.

Signed-off-by: Lorand Jakab <lojakab@cisco.com>
Signed-off-by: Kyle Mestery <kmestery@cisco.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

ovs-bugtool: Ability to collect number of logs through plugins.

A new option "--log-days" recently added lets us to control the
number of rotated logs included in the debug bundle. This option
only works on log files defined inside the ovs-bugtool code.

This patch lets us to do the same with logs collected through plugins.

The example format inside a plugin is:
<files type="logs">
/var/log/one
</files>

This will collect one, one.[1-x], one.[1-x].gz. Where 'x' is 20
by default and can be controlled by the option '--log-days' passed
to ovs-bugtool.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

ofp-util: Remove prototype for unimplemented, misspelled function.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

Add binary option for command outputs collected by ovs-bugtool

Current ovs-bugtool collects command outputs as text strings.
Thus it reads the output by lines. For commands that generate
huge binary data, it becomes very inefficient to read the output.

The change here is to use a 1MB buffer to read binary data
instead of reading them by lines.

Signed-off-by: Shih-Hao Li <shihli@vmware.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

debian: Remove openvswitch-ipsec dependency from dbg package.

The openvswitch-dbg package does not have any binaries from
openvswitch-ipsec package. So remove the dependency.

While trying to install a openvswitch-dbg package currently,
we are forced to install racoon and openvswitch-ipsec package
which is not really necessary.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>