git.onelab.eu Git - sliver-openvswitch.git/log

flow: Enable retrieval of TCP flags from IPv6 traffic.

We currently check that a packet is IPv4 and TCP before fetching the
TCP flags. This enables fetching from IPv6 packets as well.

Bug #10194

Reported-by: Michael Mao <mmao@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

flow: Add length check when retrieving TCP flags.

When collecting TCP flags we check that the IP header indicates that
a TCP header is present but not that the packet is actually long
enough to contain the header. This adds a check to prevent reading
off the end of the packet.

In practice, this is only likely to result in reading of bad data and
not a crash due to the presence of struct skb_shared_info at the end
of the packet.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

unixctl: Fix bad log message on error path.

'path' is usually not the right path (often it's NULL).

Introduced in commit bde9f75de (unixctl: New JSON RPC back-end.).

Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto: Optimize internal device MTU update.

Internal device mtu does not influence mtu of other internal devices.
So skip MTU update to other devices when internal device mtu is
changed.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>

ovsdb-idlc: Fix memory leak in "optional bool" columns.

Commit 1bf2c9096858 (idl: Generalize special case boolean exception.)
changed the IDL to do dynamic allocation with (x)malloc() for optional
booleans, but it didn't add the corresponding calls to free(). This
commit fixes the problem.

Bug #10357.
Reported-by: Paul Ingram <paul@nicira.com>
Reported-by: Krishna Miriyala <krishna@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

debian: Fix log rotation.

Commit 24e81092a1 (debian: Bring Debian packaging in-line with new file
locations) introduced an ambiguous "--t" option invoking ovs-appctl, so
ovs-vswitchd and ovsdb-server were not reopening their log files following
log rotation. This fixes the problem by correct the option name.

Reported-by: Paul Ingram <paul@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

xenserver: Recognize XenServer 5.6-SP2 scripts in RPM %post.

Somehow we forgot to put the md5sums for 5.6-SP2 so users were getting
scary error messages.

Bug #10210.
Reported-by: Ronald Lee <rlee@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

debian: Move PKI directory to FHS-compliant location.

The PKI directory is mutable state, so it should be in /var, not in /usr.
This commit changes its location and, on systems upgraded from earlier
versions, moves the existing PKI and leaves behind a symlink.

CC: 661090@bugs.debian.org
Reported-by: Andreas Beckmann <debian@abeckmann.de>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif: Fix tag caching for learned flows.

This code in xlate_table_action() is supposed to tag flows in tables that
have special forms so that changes do not require revalidating every flow.
When rule->tag is nonzero, its value can be used, because we know in this
case that rule->cr.wc is the same as table->other_table->wc and that thus
rule->tag caches the return value of the rule_calculate_tag() expression.
When rule->tag is zero (a "catchall" rule) we need to calculate the tag
manually because we have no way to cache it in that case.

I discovered this bug by running an "hping3" between a couple of VMs plus
the following commands on OVS in the middle:

    ovs-ofctl del-flows br0
    ovs-ofctl add-flow br0 "table=0 actions=learn(table=1, \
              idle_timeout=600, NXM_OF_VLAN_TCI[0..11], \
              NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[], \
              output:NXM_OF_IN_PORT[], fin_idle_timeout=10), resubmit(,1)"
    ovs-ofctl add-flow br0 "table=1 priority=0 actions=flood"

Without this patch, flows don't get properly invalidated upon initial MAC
learning, so one sees warnings like the following:

    in_port(2),eth(src=50:54:00:00:00:05,dst=50:54:00:00:00:07),
    eth_type(0x0800),ipv4(src=192.168.0.1,dst=192.168.0.2,proto=6,tos=0,
    ttl=64,frag=no),tcp(src=13966,dst=0): inconsistency in subfacet
    (actions were: 3,0,1) (correct actions: 1)

This patch fixes the problem and thus avoids these warnings.

Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif: Avoid segfault deleting facets that execute LEARN actions.

"ovs-ofctl del-flows <bridge>" can result in the following call path:

  delete_flows_loose() in ofproto.c
    -> collect_rules_loose() -- uses 'ofproto_node' inside 'struct rule'
    -> rule_destruct() in ofproto-dpif.c
      -> facet_revalidate()
        -> facet_remove()
          -> facet_flush_stats()
            -> facet_account()
              -> xlate_actions()
                -> xlate_learn_action()
                  -> ofproto_flow_mod() back in ofproto.c
                    -> modify_flow_strict()
                      -> collect_rules_strict() -- also uses 'ofproto_node'

which goes "boom" when we fall back up the call chain because the nested
use of ofproto_node steps on the outer use of ofproto_node.

This commit fixes the problem by refusing to translate "learn" actions
within facet_flush_stats(), breaking the doubled use.

Another possible approach would be to switch to another way to keep track
of rules in the flow_mod implementations, so that there'd be no fighting
over 'ofproto_node'.  But then "ovs-ofctl del-flows" might still leave some
flows around (ones created by "learn" actions as flows are accounted as
facets get deleted), which would be surprising behavior.  And it seems in
general a bad idea to allow recursive flow_mods; the consequences have not
been carefully thought through.

Before this commit, one can reproduce the problem by running an "hping3"
between a couple of VMs plus the following commands on OVS in the middle.
Sometimes you have to run them a few times:

    ovs-ofctl del-flows br0
    ovs-ofctl add-flow br0 "table=0 actions=learn(table=1, \
              idle_timeout=600, NXM_OF_VLAN_TCI[0..11], \
              NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[], \
              output:NXM_OF_IN_PORT[], fin_idle_timeout=10), resubmit(,1)"
    ovs-ofctl add-flow br0 "table=1 priority=0 actions=flood"

This commit has a side effect that leftover unaccounted packets no longer
update the timeouts in MAC learning actions in some cases, when the facets
that cause updates are deleted.  At most one second of updates should  be
lost.

Bug #10184.
Reported-by: Michael Mao <mmao@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

hmap: New function hmap_contains().

This is useful in a situation where one knows that an hmap_node is in some
hmap, but it's not certain which one, and one needs to know whether it is
in a particular one. This is not a very common case; I don't see any
potential users in the current tree, although an upcoming commit will add
one.

Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif: Fix return type of rule_calculate_tag().

tag_type is currently uint32_t but using uint32_t directly is conceptually
wrong.

Signed-off-by: Ben Pfaff <blp@nicira.com>

learn: Initialize cookie_mask in constructed flow_mod.

Otherwise the "learn" action may not correctly set the cookie in flows that
it creates.

Found by valgrind.

Signed-off-by: Ben Pfaff <blp@nicira.com>

ovs-vsctl: Allow "fake bridges" to be created for VLAN 0.

A fake bridge for VLAN 0 is useful, because it provides a way to create
access ports for VLAN 0. There is no good reason to prevent it.

NIC-464.
Reported-by: Rob Hoes <Rob.Hoes@citrix.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

netdev-linux: Fix use-after-free when netdev_dump_queues() deletes queues.

iface_configure_qos() passes a callback to netdev_dump_queues() that can
delete queues.  The netdev-linux implementation of this function was
unprepared for the callback to delete queues, so this could cause a
use-after-free.  This fixes the problem in netdev_linux_dump_queues() and
documents that netdev_dump_queues() implementations must support deletions
in the callback.

Found by valgrind:

==1593== Invalid read of size 8
==1593==    at 0x4A8C43: netdev_linux_dump_queues (hmap.h:326)
==1593==    by 0x4305F7: bridge_reconfigure (bridge.c:3084)
==1593==    by 0x431384: bridge_run (bridge.c:1892)
==1593==    by 0x432749: main (ovs-vswitchd.c:96)
==1593==  Address 0x632e078 is 8 bytes inside a block of size 32 free'd
==1593==    at 0x4C240FD: free (vg_replace_malloc.c:366)
==1593==    by 0x4A4D74: hfsc_class_delete (netdev-linux.c:3250)
==1593==    by 0x42AA59: iface_delete_queues (bridge.c:3055)
==1593==    by 0x4A8C8C: netdev_linux_dump_queues (netdev-linux.c:1881)
==1593==    by 0x4305F7: bridge_reconfigure (bridge.c:3084)
==1593==    by 0x431384: bridge_run (bridge.c:1892)

Bug #10164.
Reported-by: Ram Jothikumar <ram@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

python: Fix "make distcheck" error on version.py.

The generated version.py has to go in the srcdir and has to be regenerated
based on config.status, which breaks "make distcheck" because it
write-protects the srcdir. However, the contents of version.py only change
when the version number changes, so we can just "touch" it when it doesn't
really need to change.

The same pattern is used elsewhere in the tree for other files in the same
situation, e.g. the various RPM spec files.

Reported-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>

debian: Use a different way to avoid failing install without kernel module.

The dh_installinit --error-handler option makes a lot of sense, but after
playing with it for a while I could not figure out a nice way to use it
only for openvswitch-switch without either duplicating the dh_installinit
fragments in postinst and prerm (the actual bug that was reported) or
omitting them for some package.

Also, we forgot to write the error handler function for the prerm.

This commit switches to a different way to avoid failing the install when
the kernel module is not available, without using --error-handler.

CC: 663051@bugs.debian.org
Reported-by: Thomas Goirand <zigo@debian.org>
Reviewed-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovsdb-doc: Use minus sign in negative numbers in nroff output.

ovs-vswitchd.conf.db.5 has autogenerated text "at least -1" in one place.
This '-' should be a minus sign, but ovsdb-doc was generating it as a
hyphen.

Found by lintian.

Reported-by: Thomas Goirand <zigo@debian.org>
Reviewed-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovsdb-doc: Convert '-' preceding a number as a minus sign, not a hyphen.

ovs-vswitchd.conf.db.5 contains the following sentence:

   If the interface cannot be added then Open vSwitch sets this column
   to -1.

The '-' in "-1" should be a minus sign, not a hyphen, but the heuristic
in ovsdb-doc wasn't smart enough.  This commit improves the heuristic and
fixes the problem.

Found by lintian.

Reported-by: Thomas Goirand <zigo@debian.org>
Reviewed-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovsdb-doc: Put NAME section into generated manpage.

This makes the manpage indexable by standard system tools.

Found by lintian.

Reported-by: Thomas Goirand <zigo@debian.org>
Reviewed-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>

debian: Avoid unit test failure when doing "unofficial" builds.

The configure option --with-build-number=0 is interpreted differently in
different places. The configure script itself accepts 0 as an actual
build number and puts '#define BUILDNR "+build0"' into config.h. The
code in python/automake.mk treats 0 as "no build number" and puts
'BUILDNR = ""' into version.py.

This commit avoids the problem by not passing 0 as a build number.

Reviewed-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>

doc: Fix typo in manpage.

Found by lintian.

Reviewed-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Thomas Goirand <zigo@debian.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>

debian: Bump standards-version to 3.9.3.

No other changes necessary.

Reviewed-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Thomas Goirand <zigo@debian.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>

debian: Remove some useless files from the dkms pacakge.

This commit removes useless files from the dkms package that caused
lintian warnings.

(Many of the other files in the dkms package are also useless but do not
cause lintian warnings so they are less important.)

Reviewed-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Thomas Goirand <zigo@debian.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>

debian: Clean .pyc files in "clean" target.

Reviewed-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Thomas Goirand <zigo@debian.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>

debian: Remove po-debconf build dependency.

Open vSwitch no longer uses Debconf at all, for some time now.

Reviewed-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Thomas Goirand <zigo@debian.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>

debian: Build-depend on python-all to pull in all Python versions.

Open vSwitch should support all Python versions in the distribution. This
is the way to do it.

Reviewed-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Thomas Goirand <zigo@debian.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>

debian: Add missing ${python:Depends} to openvswitch-test package.

Reviewed-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Thomas Goirand <zigo@debian.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>

debian: Improve long descriptions so as to better describe the packages.

Reviewed-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Thomas Goirand <zigo@debian.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>

debian: Bump debhelper compat level to 8 and make build-depends consistent.

Reviewed-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Thomas Goirand <zigo@debian.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>

netlink-socket: Increase Netlink socket receive buffer size.

Open vSwitch userspace can set up flows at a high rate, but it is somewhat
"bursty" in opportunities to set up flows, by which I mean that OVS sets up
a batch of flows, then goes off and does some other work for a while, then
sets up another batch of flows, and so on. The result is that, if a large
number of packets that need flow setups come in all at once, then some of
them can overflow the relatively small kernel-to-user buffers.

This commit increases the kernel-to-user buffers from the default of
approximately 120 kB each to 1 MB each. In one somewhat synthetic test
case that I ran based on an "hping3" that generated a load of about 20,000
new flows per second (including both requests and replies), this reduced
the packets dropped at the kernel-to-user interface from about 30% to none.
I expect that it will similarly improve packet loss in workloads where
flow arrival is not easily predictable.

(This has little effect on workloads generated by "ovs-benchmark rate"
because that benchmark is effectively "self-clocking", that is, a new flow
is triggered only by a reply to a request made earlier, which means that
the number of buffered packets at any given has a known, constant upper
limit.)

Bug #10210.
Signed-off-by: Ben Pfaff <blp@nicira.com>

meta-flow: Don't dereference NULL sf->field in mf_format_subfield().

Signed-off-by: Ben Pfaff <blp@nicira.com>

fail-open: Use connmgr_send_packet_in() instead of connmgr_broadcast().

Otherwise even controllers that should not receive any packet-ins (via
enable-async-messages=false) still receive the packet-ins that probe for
a controller being up when we're in fail-open.

Bug #9964.
Reported-by: James Schmidt <jschmidt@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto: connmgr_send_packet_in() doesn't need buffer_id and total_len.

Trying to add a new caller for connmgr_send_packet_in(), I wasn't sure
what to put in these members. Investigating, I saw that the function
didn't really need them, so this commit clears that up.

Signed-off-by: Ben Pfaff <blp@nicira.com>

connmgr: Drop 'flow' parameter from connmgr_send_packet_in().

Only 'flow->in_port' was used, which was redundant with pin->fmd.in_port.

Signed-off-by: Ben Pfaff <blp@nicira.com>

tests: Skip "strings at least 2 characters long" test for narrow Python.

Narrow Python can't handle Unicode characters outside the BMP, so skip the
test.

Reported-by: Michael Shigorin <mike@osdn.org.ua>
Tested-by: Michael Shigorin <mike@osdn.org.ua>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto: Fix code that keeps track of MTU.

ofport_install() should set the MTU that it finds into the ofport
before calling set_internal_devs_mtu(), because the latter function might
change the MTU and update ofport->mtu and the caller should not incorrectly
overwrite its changes.

Signed-off-by: Ben Pfaff <blp@nicira.com>

netdev-linux: Cache error code from do_get_ifindex().

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>

netdev-linux: Cache error code from get-features.

Following patch adds support for caching error code from ETHTOOL_GSET
call. Since internal device is virtual device device feature does not
make much sense, so netdev_get_features op is removed for internal
devices.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>

netdev-linux: Cache error code from set-policing.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>

netdev-linux: Cache error code from ether-addr ioctl.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>

netdev-linux: Cache error code from mtu ioctl.

netdev linux devices uses mtu ioctl to get and set MTU for a device.
By caching error code from ioctl we can reduce number of ioctl calls
for device which is unregistered from system.
netdev notification is used to update mtu which saves get-mtu-ioctl.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>

netdev-linux: Cache drv-info for net device.

Netdev-linux calls ETHTOOL_GDRVINFO on every netdev_linux_get_status()
which is not optimal as drv-info does not change for given device.
So following patch changes netdev_linux_get_status() to read drv-info at
device initialization and cache it.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>

ovs-monitor-ipsec: Detect correctly IPSEC configuration changes

If Open vSwitch has IPSEC tunnel (with certificates) and Interface
table was updated, then ovs-monitor-ipsec daemon would incorrectly
remove and readd all existing IPSEC tunnels.

The root cause for this issue was that "peer_cert_file" key was present in
interfaces dictionary, but it was missing in new_interfaces dictionary.

v2: Do not fail buildtests

Issue#10096

Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Reported-by: Niklas Andersson <nandersson@nicira.com>

netdev-linux: Use "read", not "recv", for tap devices.

"recv" only works for sockets, but tap devices aren't sockets.

Makes the userspace switch work again.

Reported-by: Ravi Kerur <Ravi.Kerur@telekom.com>
Reported-by: 胡靖飞 <hujingfei914@msn.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

tests: Suppress "role reply" that can appear in async message test.

Another race condition in this test, *sigh*.

Signed-off-by: Ben Pfaff <blp@nicira.com>

ovs-xapi-sync: Rerun processing when a db update arrives during a commit.

The logic in ovs-xapi-sync didn't handle the case where ovsdb-server sends
a database update before it replies to a transaction that ovs-xapi-sync
sent, like this:

ovs-xapi-sync              ovsdb-server
-------------              ------------

                      .
                      .
                      .
transaction request  --->
                     <---  database contents update
                     <---  transaction reply
                      .
                      .
                      .

The update was not lost but ovs-xapi-sync would not process it until the
database changed again.

Bug #10082.
Reported-by: Krishna Miriyala <krishna@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

unixctl: Re-enable unit tests.

The transient failure in the unixctl unit tests likely still
exists, but we've added additional instrumentation to our build
tools to help us debug it.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: Log traces when resubmit depth is exceeded.

It can be very difficult to debug xlate_actions() failures due to
excessive resubmit recursion. In an attempt to make it easier,
this patch adds a (severely rate-limited) full ofproto/trace to the
logs.

Suggested-by: Alan Shieh <ashieh@nicira.com>
Signed-off-by: Ethan Jackson <ethan@nicira.com>

unixctl: New JSON RPC back-end.

The unixctl library had used the vde2 management protocol since the
early days of Open vSwitch.  As Open vSwitch has matured, several
Python daemons have been added to the code base which would benefit
from a unixctl implementations.  Instead of implementing the old
unixctl protocol in Python, this patch changes unixctl to use JSON
RPC for which we already have an implementation in both Python and
C.  Future patches will need to implement a unixctl library in
Python on top of JSON RPC.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

jsonrpc: Don't swallow errors in jsonrpc_transact_block().

If a server returned an error in response to a request,
jsonrpc_transact_block() would ignore it. This patch changes the
behavior and updates its callers to gracefully handle the
possibility.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

bond: Incorrectly reported an error in appctl.

The bond/enable-slave and bond/disable-slave ovs-appctl commands
incorrectly reported the 501 error code upon success.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

socket-util: Unlink Unix domain sockets that bind but fail to connect.

The error handling path here failed to clean up bound sockets, by removing
them. This fixes the problem.

It was easy to observe this bug by running "ovs-vsctl" without
"ovsdb-server" running.

Bug #9811.
Bug #9769.
Reported-by: Michael <mhu@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovs-ofctl: Make "barrier" output reproducible for testing.

The "ofproto - asynchronous message control" test had a race in which
the "send: OFPT_BARRIER_REQUEST" message could get printed in different
places because there was nothing to ensure that messages from the switch
were printed before messages sent to the switch, even though the actual
ordering of the messages was predictable. This fixes the problem by not
printing a message at all when the barrier request is sent.

Bug #10049.
Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath: Fix checksum update for actions on UDP packets.

When modifying IP addresses or ports on a UDP packet we don't
correctly follow the rules for unchecksummed packets. This meant
that packets without a checksum can be given a incorrect new checksum
and packets with a checksum can become marked as being unchecksummed.
This fixes it to handle those requirements.

Bug #8937

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

datapath: Honor dp_ifindex, when specified, for vport lookup by name.

When OVS_VPORT_ATTR_NAME is specified and dp_ifindex is nonzero, the
logical behavior would be for the vport name lookup scope to be limited
to the specified datapath, but in fact the dp_ifindex value was ignored.
This commit causes the search scope to be honored.

Bug #9889.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

ovs-ofctl: Avoid segfault upon receive error for "monitor", "snoop".

Bug #10062.
Reported-by: James Schmidt <jschmidt@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

xenserver: Add vm-id to the external_ids.

The vm-id external id in the interface table will uniquely identify a VM
that is connected to a bridge through that interface.

In xenserver, this will have the same value as the external id - xs-vm-uuid
and can be overridden by setting the nicira-vm-id key in the other_config
field of VM record of XAPI.

Bug #10020.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

netdev-linux: Make netdev_set_policing coverage counter consistent with other counters.

Most of coverage counters in netdev-linux are counting actual system
calls rather than reads from cached data.
Following patch fixes it by incrementing it after cache check.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>

vswitchd: Document behavior of 802.1p priorities with VLAN splinters.

Reported-by: likunyun <kunyunli@hotmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

bridge: Remove unwanted ports at time of ofproto creation.

The reconfiguration code only deleted unwanted ports for bridges that had
been created in previous (re)configurations.  In fact, we should run this
step even for bridges that are newly added, e.g. to delete ports that
were added by a previous run of ovs-vswitchd and deleted from the database
between runs.

Before this commit, the following left "int" in datapath br0.  After this
commit, "int" is properly deleted:

1. With ovs-vswitchd running:
      # ovs-vsctl add-br br0
      # ovs-vsctl add-port br0 int -- set interface int type=internal
2. Kill ovs-vswitchd, then:
      # ovs-vsctl --no-wait -- del-port br0 int
3. Restart ovs-vswitchd.

Bug #9957.
Reported-by: Hiroshi Tanaka <htanaka@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

unixctl: Skip Python unixctl tests.

The Python unixctl tests introduced a transient build failure that
can't be debugged until more information is collected. Skipping
these tests for now until it's possible to debug them.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

connmgr: Make "enable-async-messages" work for primary controllers too.

I only tested this feature with service controllers.

Bug #9964.
Reported-by: James Schmidt <jschmidt@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

netdev: Fix typo in error message.

Found by inspection.

Signed-off-by: Ben Pfaff <blp@nicira.com>

python: Port unixctl to Python.

Many of the currently implemented Python daemons, and likely many
daemons to be implemented in the future, could benefit from unixctl
support even if only to implement "exit" and "version" commands.
This patch implements unixctl in Python.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

tests: Add code coverage for Python.

Adds support for Ned Batchelder's code coverage tool to the
test suite. http://nedbatchelder.com/code/coverage/

Signed-off-by: Ethan Jackson <ethan@nicira.com>

python: New method to retrieve OVS version at runtime.

Version information is typically fairly useful when debugging Open
vSwitch. This patch adds a new version.py module which python code
can use to report its version to callers.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

python: Add ovs_error() helper function to Python.

The ovs_error() and ovs_fatal() helper functions are useful enough
to be ported to Python. A user will be added in a future commit.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

jsonrpc.py: Don't swallow errors in transact_block().

If a server returned an error in response to a request,
transact_block() would ignore it.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

python: Implement new SchemaHelper class.

The new SchemaHelper class makes it easier to prune database
schemas intended for the Python IDL.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

timeval: Add "time/stop" unixctl command, for use in unit tests.

Although we try to avoid it, some unit tests are necessarily
timing-sensitive. The new "time/stop" command that this commit adds should
help with that, by preventing time from advancing from the viewpoint of
the OVS "timeval" functions except when "time/warp" explicitly advances
the current time. This should allow the unit tests that need it to become
reproducible regardless of the speed at which the tests run.

This commit adds one use of "time/stop" to the unit test suite, in the one
timing-sensitive test of which I am currently aware.

Bug #9782.
Reported-by: Tim Chen <tchen@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

INSTALL.Linux: minor typo

s/ovsdmonitor/ovsdbmonitor/

Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>

xenserver: Fix rule for generating xenserver/openvswitch-xen.spec.

Commands in Makefiles have to begin with a hard tab, otherwise they are
ignored, which is what happened here.

Fixes "make distcheck".

Signed-off-by: Ben Pfaff <blp@nicira.com>

tests: Prefer development Python files over installed ones.

A developer may have Open vSwitch installed, in which case many of
the Python files which are tested will be in both the development
tree and the system Python library. When running unit tests, we
want to test the development tree, so it's better to prefer
importing those files.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

xenserver: Restart ovs-xapi-sync on kmod reload.

Some users never restart OVS, they just reload the kernel module on
each new version. Since ovs-xapi-sync is a daemon, a restart is
required to use the new code. Therefore, without this patch, users
could unwittingly use stale versions of ovs-xapi-sync.

Bug #9919.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Diagnosed-by: Ben Pfaff <blp@nicira.com>

xenserver: Always update the bridge ID in ovs-xapi-sync.

In some cases we were seeing this column get stale.

Bug #9929.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Diagnosed-by: Justin Pettit <jpettit@nicira.com>

netdev-linux: Fix stats for ovs internal device.

There is no need to retrieve linux system stats for internal devices
as all relevant stats for virtual device like internal device are
already reported by OVS over vport-stats. As a result it also fixes
error stats for internal-devices as they are not counted twice.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>

bridge: Drop log message when a QoS record lacks a default queue.

Apparently we're planning to use this configuration regularly at Nicira.

Bug #7413.
Requested-by: Bryan Fulton <bryan@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

debian: Fix exit status of openvswitch-switch init script "status" command.

The init script ends with an explicit "exit 0" so nonzero exit codes from
"ovs-ctl status" were being lost.

Bug #9714.
Reported-by: Paul Ingram <paul@nicira.com>
CC: Sujatha Shetty <sshetty@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

dpif-linux: Make dpif_linux_port_query_by_name() query only one datapath.

The kernel will report a vport with the given name in any datapath, but
userspace only wants a vport with the given name in a specific datapath.
Receiving information on a vport in an unexpected datapath yields bizarre
and hard-to-debug problems.

Bug #9889.
Signed-off-by: Ben Pfaff <blp@nicira.com>

Declare the version as "1.6.0".

Prepare for post-1.6.0 (1.6.90).

Signed-off-by: Justin Pettit <jpettit@nicira.com>

ofproto-dpif: Cleanup STP on ports when disabled on their bridge.

When STP is enabled on a bridge, the STP module puts its ports in
an STP_LISTENING state until STP converges.  This causes all
traffic destined for these ports to be dropped.  If STP is disabled
on the bridge, but not explicitly disabled on its ports, the bridge
fails to remove the STP state from these ports.  Therefore, if a
port is in an STP_LISTENING state, it will remain in that state and
continue to drop all traffic indefinitely.  This patch fixes the
issue.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
Bug #9157.

ovs-vsctl.at: Use full name for referring to the "NetFlow" table.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

datapath: Increase maximum number of datapath ports.

Use hash table to store ports of datapath. Allow 64K ports per switch.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Bug #2462

configure: Try to extract kernel source directory from build Makefile.

OVS needs to inspect the headers in the kernel source directory at build
time. Debian keeps moving the source directory relative to the build
directory and doesn't provide an obvious way to find the source directory,
so in the past we've used some name-based heuristics to essentially guess
where it is.

This commit introduces a new heuristic that I hope will be more reliable:
extracting the source directory from the Makefile in the build directory.
In Debian's case, it looks like the Makefile generally contains a line of
the form "MAKEARGS := -C <srcdir> O=<outdir>". This commit extracts the
source directory from that line.

To avoid regressions this commit retains the older heuristics as fallbacks.

CC: 659685@bugs.debian.org
Reported-by: Thomas Goirand <zigo@debian.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>

vswitchd: Always configure a default queue for QoS.

When an interface has QoS configured but no default queue (queue 0), OVS
has until now installed that QoS configuration literally, which causes all
packets destined for this default queue to be dropped. This behavior is
usually both unexpected and undesirable.

This commit changes behavior so that, when no default queue is configured,
OVS uses a default "empty" configuration for the default queue. This
behavior should be more acceptable when QoS is slightly misconfigured.

I tested that, without this patch, configuring only queue 1 causes "tc
class show" to show only queue 1 (handle 1:2) for linux-htb and linux-hfsc,
and that with this patch it shows configurations for both queue 0 (handle
1:1) and queue 1.

Bug #5583.
Feature #7413.
Signed-off-by: Ben Pfaff <blp@nicira.com>

vswitchd: Remove never-implemented table and column for capabilities.

Not only have we never implemented this, no one has ever asked for it to
the best of my knowledge.

This increments the middle part of the schema version number instead of the
first part on the grounds that removing something that is unused is
unlikely to break anything.

Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath: use eth_hw_addr_random() and reset addr_assign_type

Use eth_hw_addr_random() instead of calling random_ether_addr()
to set addr_assign_type correctly to NET_ADDR_RANDOM.

Reset the state to NET_ADDR_PERM as soon as the MAC get
changed via .ndo_set_mac_address.

Signed-off-by: Danny Kukawka <danny.kukawka@bisect.de>
[jesse: add backporting to older kernels]
Signed-off-by: Jesse Gross <jesse@nicira.com>

Implement new "fin_timeout" action and "learn" feature.

The "learn" action can create matching return flows. If those have a long
timeout then it's a good idea to have a way to notice when in fact the
flows have terminated. This new action and matching "learn" feature
provides that way.

Feature #8603.
Signed-off-by: Ben Pfaff <blp@nicira.com>

packets: New function packet_get_tcp_flags(), factored out of dpif.

This will acquire a new user in an upcoming commit.

Signed-off-by: Ben Pfaff <blp@nicira.com>

xenserver: Fix iteration of dictionary.

Fix bug in commit 3249bb907a1dab9b0, which incorrectly assumed that
get_all_records_where() returned a list. It in fact returns a
dictionary and the list iteratory needs to change to account for this.

Thanks to Nicira for pointing this out.

NIC-454.

Reported-by: David Tsai <dtsai@nicira.com>
Acked-by: Rob Hoes <rob.hoes@citrix.com>
Signed-off-by: Dominic Curran <dominic.curran@citrix.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

debian: Update changelog for 1.4.0-2 upload

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>

netdev-linux: Factor out duplicate ifi_flags update code.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Ethan Jackson <ethan@nicira.com>

netdev-linux: Use 'unsigned int's to track device flags.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

netdev-linux: Cache flags using netlink.

Before this patch, every request for a 'netdev_dev''s flags
required an ioctl call. This occurred every time
netdev_get_carrier() was called, which theoretically was very often
if there were a large number of devices. We were already using
netlink to keep track of the IFF_RUNNING flag. This patch
generalizes the code to keep track of all flags using the same
netlink code.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

netdev-linux: Get carrier from ioctl instead of sysfs.

When a netdev Linux device is created or its netlink cache is
invalidate, it needs an alternative method to update the its
carrier status. Previous patches retrieved this information from a
sysfs file. This patch switches to ioctl which is significantly
simpler, and likely quite a bit faster as well.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

debian: Use provided kernel source dir instead of host kernel version.

DKMS passes in an explicit variable for the kernel source directory, so we
should use that instead of `uname -r`.

CC: 659685@bugs.debian.org
Reported-by: Thomas Goirand <thomas@goirand.fr>
Tested-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>

bond: Remove stale documentation.

The process_flow() function no longer exists. It seems safest to
remove reference to the function altogether as it's likely to
become stale again.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

debian: Do not run "make" if "configure" fails during DKMS build.

There is no point in trying to run "make" if "configure" failed. The
"make" will fail too and the log will be harder to read.

CC: Thomas Goirand <zigo@debian.org>
CC: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>