git.onelab.eu Git - sliver-openvswitch.git/log

vswitchd: Make the MAC entry aging time configurable.

NICS-11.
Signed-off-by: Ben Pfaff <blp@nicira.com>

mac-learning: Increase MAC learning timeout to 300 seconds.

When Cisco (and other?) routers are configured in high-availability modes,
they use two different MAC addreses.  The router uses MAC 1 only for ARP
replies.  The router uses MAC 2 for forwarding IP packets to end hosts.
When a MAC learning switch is attached to the router, therefore, it will
only learn the location of MAC 1 from ARP replies.  If the end host's ARP
cache refresh timer is longer than the switch's MAC learning timeout, then
packets to the router will be flooded from the MAC learning timeout until
the next ARP reply.

This commit fixes the problem by increasing the MAC learning timeout from
60 seconds to 300 seconds.  According to research by Sanjay Sane, this is
always sufficient, even with operating systems that use ARP timeouts
longer than 300 seconds (such as FreeBSD and Mac OS, which have 1200
seconds ARP timeouts)  because the routers that cause this problem send
unsolicited ARP replies every 180 seconds.

NICS-11.
Signed-off-by: Ben Pfaff <blp@nicira.com>

bridge: Add flow in reconfiguring only after flow translation is possible.

If a bridge is in standalone mode and no controllers are configured, and
then reconfiguration (e.g. ovs-vsctl) adds an SLB or TCP-balanced bond,
and at the moment of reconfiguration active kernel flows exist that output
to the newly added bond, then ovs-vswitchd would segfault because the
bond's 'bond_hash' member is not yet initialized when flows are
retranslated as part of adding the flow that ensures normal standalone
switch behavior.

This commit fixes the problem by adding the flow later, after bonds have
been fully initialized.

NIC-443.
Reported-by: Dominic Curran <dominic.curran@citrix.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

bond: Only drop packets that indicate moves on SLB bonds.

SLB bonds, for important reasons, drop most incoming packets that indicate
that a MAC has moved to the bond from another port. These reasons do not
apply to active-backup bonds, but until now OVS has still dropped them.

This fixes the problem. Behavior of SLB bonds and TCP bonds in SLB
fallback mode is unaffected.

Cross-port of patch f931a4c93075e from master.

Bug #7928.

datapath: Add compatibility with sk_buff's vlan_tci before 2.6.33.

Between 2.6.27 and 2.6.32, the vlan_tci member of struct sk_buff was the
raw value of the 802.1Q header's TCI field, without the CFI bit being set.
In 2.6.33 and later, the CFI bit is always set if an 802.1Q header is
present, correcting a corner case.

Until now, OVS has not consistently dealt with this.  If a packet arrived
at a datapath from a network device directly, or if it was set with an
ODP_ACTION_ATTR_SET_DL_TCI action, then the CFI bit would not be set in
vlan_tci.  In flow_extract(), OVS copies vlan_tci directly to dl_tci in the
flow structure (via vlan_get_tci()), so the CFI bit would also not be set
in dl_tci.  But if OVS had to send a packet up to userspace (converting the
vlan_tci back to an 802.1Q header along the way) and got it back, then it
would set the VLAN CFI bit in dl_tci when it parsed the 802.1Q header in
parse_vlan().  This had the effect that a flow set up by userspace (with
the CFI bit set) would never be matched by a packet arriving from a network
device, because they would have different dl_tci values.

This fixes the problem, by making the vlan_get_tci() and vlan_set_tci()
interface consistent across kernel versions.  Now, they always accept or
return a value where the VLAN CFI bit is set if an 802.1Q header is
present.

Build-tested only.

Problem isolated by Ethan Jackson <ethan@nicira.com>

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Reported-by: Ram Jothikumar <rjothikumar@nicira.com>
Bug #4915.

ofproto-dpif: Do not mirror L2 multicast switch protocols to VLANs.

Mirroring certain protocols interpreted by switches to a VLAN can deceive
the switch that receives it. Drop such packets instead of mirroring them.

CC: David Tsai <dtsai@nicira.com>
NIC-401.

mac-learning: Fix serious performance bug in the learning table.

Due to a typo, the mac-learning hash table had dissolved into a
linked list. This caused a significant reduction in performance.

bond: Drop packets on backup slaves.

Currently, OVS accepts incoming traffic on all slaves participating
in a bond. In Linux active-backup bonding, all traffic which comes
in on backup slaves is dropped. This patch causes OVS to do the
same.

Bug #6125.

datapath: An expanded table should be larger than its predecessor

This resolves what appears to be a think-o in tbl_expand()

* Old Logic: Always create tables with TBL_MIN_BUCKETS buckets
* New Logic: Create tables twice as big as their predecessor

When sending 10,000 flows through ovs-vswitchd:
* Old Logic: CPU bound in tbl_lookup(), significant packet loss
* New Logic: ~10% of one core used, negligible packet loss

Tested with an Intel E5520 @ 2.27GHz,
flows from an ethernet device to to a dummy interface with
no address configured.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Jesse Gross <jesse@nicira.com>

bridge: Enable system stats only if turned on in the database.

Most hypervisors have no use for this column, so populating it just wastes
CPU time. It can still be enabled explicitly via other-config.

CC: Peter Balland <peter@nicira.com>
CC: David Tsai <dtsai@nicira.com>
Bug #5961.
NIC-397.

ovsdb-doc: Add support for references to specific keys.

Now a specific key can be referenced with syntax like
<ref table="Bridge" column="other-config" key="datapath-id"/>.

Also fixes up an existing place that needed this feature already (and had
a typo, too).

xenserver: allow dom0 traffic in secure pool host when controller unavailable.

A pool configured for secure fail-mode can block dom0 traffic on hosts joining
the pool or if the host reboots while the controller is unavailable. This
commit sets default flows on a host under these conditions to allow management
traffic. Once the connection with the controller is re-established, these
default flows are replaced by the controller.

tests/interface-reconfigure.at updated by Ben Pfaff.

NIC-376.

Signed-off-by: David Tsai <dtsai@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

stream-ssl: Disable SSL session caching.

SSL session caching causes mysterious connection failure problems.

Bug #4448.
Bug #4501.

Define the Open vSwitch version as 1.0.99.

xenserver: Pull slave MTU from bond record.

The MTU of the fake bond interface and the slaves participating in
a bond should all agree. The correct long term solution to this
problem is to remove the fake bond interface altogether. Until
that's possible, we simply set the MTU of the slaves.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

xenserver: Don't remove network.dbcache on uninstall.

network.dbcache was introduced by Open vSwitch for its own purposes, but
it has now migrated into the base install of XenServer, which uses it
whether Open vSwitch is installed or not, so we should no longer remove it
on package uninstall.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Reported-by: Bob Ball <bob.ball@citrix.com>

xenserver: Use .../extra not .../kernel/extra for kernel modules.

On XenServer, depmod.conf causes modules in /lib/modules/$(uname -r)/extra
to take priority over standard modules. Unfortunately, we were installing
our modules in /lib/modules/$(uname -r)/kernel/extra, which isn't special.
This commit fixes the problem.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Reported-by: Bob Ball <bob.ball@citrix.com>

datapath: Avoid freeing wild pointer in corner case.

In odp_flow_cmd_new_or_set(), if flow_actions_alloc() fails in the "new
flow" case, then flow_put() will kfree() the new flow's 'sf_acts' pointer,
but nothing has initialized that pointer. Initialize the pointer to NULL
to avoid the problem.

Found by inspection.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

bridge: Memory leak in port_destroy()

datapath: Avoid memory leak in odp_packet_cmd_execute().

The error path needs to free 'packet'.

Signed-off-by: Ben Pfaff <blp@nicira.com>

ovsdb: Force strong references to non-root tables to be persistent.

When a strong reference to a non-root table is ephemeral, the database log
can contain inconsistencies.  In particular, if the column in question is
the only reference to a row, then the row will be created in one logged
transaction but the reference to it will not be logged (because it is
ephemeral).  Thus, any later occurrence of the row later in the log (to
modify it, to delete it, or just to reference it) will yield a transaction
error and reading the database will abort at that point.

This commit fixes the problem by forcing any column with a strong reference
to a non-root table to be persistent.

The change to ovsdb_schema_from_json() looks bigger than it really is: it
just swaps the order of two operations on the schema and updates their
comments.  Similarly for the update to ovs.db.DbSchema.__init__().

Bug #5144.
Reported-by: Sujatha Sumanth <ssumanth@nicira.com>
Bug #5149.
Reported-by: Ram Jothikumar <rjothikumar@nicira.com>

ovsdb-types: Fix bug in ovsdb_base_type_is_ref().

This function only worked properly inside OVSDB itself, because that is
the only place where the 'refTable' member of ovsdb_base_type is set.
Both inside and outside OVSDB, 'refTableName' is set for reference types,
so it's better to check for that.

This doesn't fix any existing bug because this function was only used
inside OVSDB until now.

ovsdb: Truncate bad transactions from database log.

When ovsdb-server reads a database file that is corrupted at the
transaction level (that is, the transaction is valid JSON and has the
correct SHA-1 hash, but it does not describe a valid database transaction),
then ovsdb-server should truncate it and overwrite it by valid
transactions. However, until now, it didn't. Instead, it would keep the
invalid transaction and possibly every transaction in the database file
(depending on in what way the transaction was invalid), which would just
cause the same trouble again the next time the database was read.

This fixes the problem. An invalid transaction will be deleted from the
database file at the first write to the database.

Bug #5144.
Bug #5149.

xenserver: remove unneeded macro definitions

The macro binsuffix is no longer needed. It has been replaced with
kernel_flavor that is passed on the command line.

The macro kernel_version is passed on the command line. Redefining
the macro inside the spec file leads to build failures.

Signed-off-by: Sajjad Lateef <slateef@nicira.com>

xenserver: modify module spec file

Based on feedback from Citrix about building for multiple kernels,
the spec file has been modified to take three arguments on the
command line: kernel_name, kernel_version and kernel_flavor.

The kernel_flavor is either xen or kdump. The kernel_name is the
Name value embedded in the kernel rpm and the kernel_version
is Version-Release values embedded in the kernel rpm. The
xen_version is calculated.

The INSTALL document has been updated to reflect these changes.

Signed-off-by: Sajjad Lateef <slateef@nicira.com>
(cherry picked from commit b11e4aa7e92854612a4d139b8a620d036a5d41a2)

ofproto: Adjust netdev_monitor when switching netdevs.

This fixes a segfault in the "ofproto - mod-port" test. The segfault
should not occur--there must be a bug in the netdev_monitor or possibly
the netdev_dummy implementation--but the netdev_monitor_remove() and
netdev_monitor_add() calls are definitely wanted here in any case to ensure
that the new netdev, not the old one, is what gets monitored.

ofproto: Rework and fix bugs in port change detection.

The OpenFlow port change detection code in update_port() is supposed to
send out an OFPT_PORT_STATUS message whenever an OpenFlow port is added or
removed or changes in some way.  This commit fixes a number of bugs that
have persisted until now.

First, if a port with a given name is removed from the datapath and a new
port with the same name but a different port number is added to the
datapath, then update_port() would report this as a port "modify" change.
Reporting this as a "modify" seems likely to confuse controllers, which
have no reason to realize that the old port was deleted and may not
understand why a port that has not been reported as added would be
modified.  (This scenario is more likely than before, because the Linux
datapath implementation no longer quickly reuses port numbers.  This
problem has actually been reported in testing.)  This commit fixes the
problem by changing update_port() to report a "delete" of the old port
followed by an "add" of the new port.

Second, suppose that a datapath initially has "eth1" on port 1 and "eth2"
on port 2.  Then, "eth1" gets removed and "eth2" is reassigned to port 1.
If update_port() is first passed "eth2", then the old implementation would
have sent out an OpenFlow "modify" notification instead of "delete"
followed by "add", which is the same as the previous scenario.  But as a
further wrinkle, it would have failed to remove "eth1", which meant that we
ended up with two "ofports" with port number 1!  This commit fixes this
problem too.

Reported-by: David Tsai <dtsai@nicira.com>
Bug #5466.
NIC-372.

ofproto: Consistently use netdev's name instead of ofp_phy_port name.

There are at least two ways to get an ofport's name: from the netdev using
netdev_get_name() or from the ofp_phy_port's 'name' member. Some code used
one, some used the other. This switches all relevant code to use only
netdev_get_name(), because the 'name' member in ofp_phy_port is
fixed-length and thus a long name could be truncated.

This isn't a problem under Linux since the maximum length of a network
device's name under Linux is the same as the field width in ofp_phy_port.

ovs-vsctl: Back out garbage collection changes.

Garbage collection introduced in
c5f341ab193b9126dffef8c77bf8ed35e91290fd changed ovs-vsctl so that
it would allow the garbage collector to reclaim unused tables
instead of manually deleting them itself.  Since garbage collection
runs at transaction completion, undeleted tables would hang around
and could conflict with future actions in a given transaction.
This commit backs out this change.

The following command is an example of something that would have
failed before this commit.

ovs-vsctl -- add-br b \
-- del-br b           \
-- add-br b           \
-- set Interface b other_config:test=test

utilities: Fix typo in makefile that caused RPM build failure.

I tested this against our autobuilder and it passed.

ofproto: Remove controller discovery support.

I've never heard of anyone actually using controller discovery.
It adds a great deal of code to the source tree, and a little
bit of complication to ofproto, so this commit removes it.

ofproto: Get rid of archaic "switch status" OpenFlow extension.

Back in 2008 or so, I introduced this extension as a way to provide
information about switch status to the new "switch UI" program. Since
then, the switch UI program has been removed and the important information
that was provided by the switch status extension is now available in the
database, so we might as well get rid of this extension, and that is what
this commit does.

ofproto: Fix obsolete comments.

"secchan" is long gone.

ofproto: Fix comment on send_packet_in().

ofproto: Don't include unneeded header file.

dynamic-string: New function ds_get_preprocessed_line().

This commit adds one user. It will be useful elsewhere in an upcoming
commit.

ofp-util: New function ofputil_decode_flow_stats_reply().

This function will see more use later in this series. This commit just
starts using it to make ofp-print output entirely consistent for
OFPST_FLOW and NXST_FLOW replies.

ovs-ofctl: Check min flow format support in negotiate_highest_flow_format().

When the -F option wasn't set, or if it was set to an invalid flow format
for the match, this code would happily select a flow format that did not
select the user's requested match if the switch didn't support an
advanced-enough flow format. This fixes the problem. It also changes
behavior in the case where the user specifies a flow format that cannot
represent the match, changing this from a warning to a fatal error; this
is consistent with -F behavior for flow_mod commands.

classifier: Omit all-1-bits mask for VLAN TCI in cls_rule_format().

To me, this seems to be easier to read.

ofp-print: Consistently print priority only if it is not default.

In NXST_FLOW replies, the priority was printed only if it was not
OFP_DEFAULT_PRIORITY, but it was always printed in OFPST_FLOW replies.
This commit changes OFPST_FLOW replies to match NXST_FLOW replies.

tests: Fix up interface-reconfigure test and results.

I forgot to update the test when I added the VLAN bug workaround.

Support vlan_group workaround implemented in XenServer kernels.

Some Linux network drivers support a feature called "VLAN acceleration",
associated with a data structure called a "vlan_group".  A vlan_group is,
abstractly, a dictionary that maps from a VLAN ID (in the range 0...4095)
to a VLAN device, that is, a Linux network device associated with a
particular VLAN, e.g. "eth0.9" for VLAN 9 on eth0.

Some drivers that support VLAN acceleration have bugs that fall roughly
into the following categories:

    * Some NICs strip VLAN tags on receive if no vlan_group is registered,
      so that the tag is completely lost.

    * Some drivers size their receive buffers based on whether a vlan_group
      is enabled, meaning that a maximum size packet with a VLAN tag will
      not fit if a vlan_group is not configured.

    * On transmit some drivers expect that VLAN acceleration will be used
      if it is available (which can only be done if a vlan_group is
      configured).  In these cases, the driver may fail to parse the packet
      and correctly setup checksum offloading and/or TSO.

The correct long term solution is to fix these driver bugs.  To cope until
then, we have prepared a patch to the Linux kernel network stack that works
around these problems.  This commit adds support for the workaround
implemented by that patch.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

bridge: Create new port_run() function.

htb: Set required min-rate to mtu not 1500.

hfsc: min-rate tweaks.

There doesn't appear to be any reason to enforce a minimum min-rate
of 1500Bps on queues. This commit lowers the minimum to 1Bps. A
min-rate of 0 is not allowed by hfsc in the kernel.

qos: Remove min-rate requirement for linux-htb and linux-hfsc.

One could quite reasonably desire to create a queue with no
min-rate.  For example, a default queue could be reasonably
configured without a min-rate or a max-rate.  This commit removes
the requirement that min-rate be configured on all queues.  If not
configured, defaults to something very small.

reconnect.py: Fix Python 2.4 compatibility break.

Commit 5eda645e36 (ovsdb-server: Report time since last connect and disconnect
for each manager.) used a conditional expression in reconnect.py. That syntax
is only supported in Python 2.5 and later. XenServer 5.6 is based on RHEL 5,
which uses Python 2.4.3, so various OVS scripts on XenServer fail with Python
tracebacks.

Reported-by: Cedric Hobbs <cedric@nicira.com>

vswitchd: Dump QoS with appctl.

The source of truth for QoS statistics on a given interface is tc.
Unfortunately, output from tc can be a little bit confusing and
does not follow the same data model as OVS. This commit adds a
"qos/show" appctl command which gives friendlier output.

bridge: Downgrade log level of some log messages that may indicate races.

Some legitimate system activity can cause network devices to be destroyed
just before they are removed from the database, added to the database
just before they are created, or destroyed and then recreated under the
same name while other database activity is going on. Logging these
events as errors makes it sound like something unexpectedly bad is going
on, but in fact these events are the most common instances of these log
messages, so downgrade them to warnings.

Reported-by: Reid Price <reid@nicira.com>
Bug #2584.

ovsdbmonitor: Fix "make install" race.

In a parallel make, the install-exec-local target runs concurrently with
the creation of the directory that it installs into. Fix the race by
using the install-exec-hook target instead, which runs subsequently to
directory creation.

debian: Restart daemons only after upgrade is complete.

This yields less downtime during an upgrade and allows an SSH session or
other network access to dpkg to continue during the upgrade to, e.g.,
answer questions about conffiles from dpkg. (Open vSwitch doesn't have
any conffiles but other packages being upgraded in the same dpkg run
might.)

Bug #542.

debian: Run tests in parallel too.

Passing e.g. -j4 in TESTSUITEFLAGS runs 4 tests in parallel, which speeds
up the testsuite.

xenserver: dbcache should always exist so don't bother checking.

Open vSwitch introduced the on-disk database cache a long time ago. Since
then, Citrix has integrated it upstream into XenServer's
interface-reconfigure and even into their installer. OVS no longer
supports XenServer before 5.6.100, so it is no longer necessary to check
for and create the database cache if it isn't there.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Bug #3388.

netdev-vport: Log at ERR level when port won't be created.

Suggested-by: Ben Pfaff <blp@nicira.com>

netdev-vport: Don't create port when ovs-monitor-ipsec not running.

It was suggested by Jesse that it would be better to just not create
IPsec tunnel devices if the ovs-monitor-ipsec daemon is not running. He
had legitimate concerns about users missing the warning message printed
and traffic possibly going out unencrypted.

Suggested-by: Jesse Gross <jesse@nicira.com>

ofproto: Store time since last connect and disconnect in Controller table.

ovs-vswitchd writes only the duration of its connection to or disconnection
from each controller to the database. This changes that behavior to write the
time since both the last connection and disconnection events regardless of
connection state. This mirrors the new behavior for reporting database manager
connection status.

Requested-by: Peter Balland <peter@nicira.com>
Bug #4833.

ovsdb-server: Report time since last connect and disconnect for each manager.

Only the time connected (if connected) or disconnected (if disconnected) is
currently reported for each manager. Change to reporting both in seconds since
the last connect and disconnect events respectively. An empty value indicates
no previous connection or disconnection.

This can help diagnose certain connectivity problems, e.g. flapping.

Requested-by: Peter Balland <peter@nicira.com>
Bug #4833.

ofp-print: Omit timestamp when printing packets in ofp_packet_to_string().

There's no value in the timestamp here, because it will always be the
same. Printing it just makes results less reproducible because output
then depends on the time zone.

This fixes a test failure in California due to yesterday's DST change,
and presumably a test failure almost everywhere else all the time.

Reported-by: Andrew Evans <aevans@nicira.com>

datapath: Check for backported dev_get_by_index_rcu().

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

datapath: Use compat directory only for backported code.

Most necessary compatibility code is simply backported versions
of kernel functions from newer kernels. These belong in the compat
directory, where they can be transparently picked up when necessary.
However, in some situations there is code that is different
depending on the kernel version but is always needed in some form.
Here it is desirable to segregate the code but it does not really
belong in the compat directory because it does not exist in upstream
kernels. This moves those functions to a compat file, which makes
the meaning clear and prevents problems when Open vSwitch is integrated
into other projects.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

system-stats: Don't bother calling kill() after read_pidfile().

The function read_pidfile() will only return a PID if the process is
still running, so there's no reason to send a signal to check again.

Suggested-by: Andrew Evans <aevans@nicira.com>

netdev-vport: Warn on IPsec tunnels when ovs-monitor-ipsec not running.

IPsec tunnels are only supported on Debian systems running
ovs-monitor-ipsec.  Since that daemon configures IPsec, ovs-vswitchd
doesn't know whether IPsec will actually work.  With this commit, a
warning is printed that it is unlikely to work unless that daemon is
started.

There is a more serious issue that IPsec traffic can pass unencrypted if
that daemon is not running.  To fix that problem, changes to the kernel
module will need to occur.  A future commit will address that issue, but
this earlier warning will be useful regardless.

Bug #4854

xenserver: Don't touch /etc/xensource/network.conf on upgrade.

The post-install script for the openvswitch userspace package always sets the
bridge type to 'vswitch'. If someone reconfigures XenServer to use the Linux
bridge instead, then upgrades Open vSwitch, their system will revert to using
Open vSwitch as the bridge.

Reported-by: Michael Mao <mmao@nicira.com>
Bug #4825.

netdev-vport: Don't warn when a tunnel key is set.

Reported-by: Reid Price <reid@nicira.com>

ovsdb: Fix uninitialized data;.

This could causes unit tests to fail sometimes.

vswitchd: Regenerate schema diagram.

The schema diagram was generated with an intermediate version of the
ovsdb-dot tool that put the wrong borders on the non-root nodes. This
version is regenerated with the currently checked in version of the
ovsdb-dot tool.

tunneling: Rely on protocol handles to parse ToS.

Currently the generic tunneling code assumes that on receive the
outer IP header is present on the packet and the protocol pointers
are initialized to it.  This knowledge is used in only one place,
which is to copy ECN bits from outer to inner IP packets.  These
assumptions are difficult to keep track of because the receive code
generally uses the protocol pointers for the inner packet.  A
number of bugs have resulted from incorrect assumptions, including
one fixed here about the location of a vlan header.  This drops the
convention and instead uses the protocol handles to supply the ToS,
which is less error-prone.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

table: Fix typo in manpage.

Reported-by: Paul Ingram <paul@nicira.com>

ovsdb: Implement garbage collection.

ovsdb: Don't count self-references in ovsdb_row's n_refs member.

The comment on the n_refs member of struct ovsdb_row says that it does not
count references from a row to itself, but the code didn't implement this
properly. This commit makes the code consistent with the comment.

This does not actually affect any existing OVSDB behavior, because a row's
reference count currently affects only whether it may be deleted, and
references from a row to itself disappear when the row is deleted. But
an upcoming commit will add new uses for a row's reference count, so at
that point it becomes important.

ovsdb: Provide a way for for_each_txn_row() callback to delete any row.

for_each_txn_row() restricts the txn_rows that its callback may delete.
Until now, this has meant that its callback could not delete any rows
that were created within the transaction being processed. These rows have
txn_rows with null 'old' and nonnull 'new', so to delete them requires
either removing the txn_row entirely (forbidden by for_each_txn_row()) or
clearing its 'new' to null. The latter is forbidden because a txn_row
is not allowed to have both 'old' and 'new' null.

Until now, this has not been a significant restriction, because none of
the processing at transaction commit time required deleting arbitrary rows.
Implementing garbage collection, however, does require this ability, so
this commit makes it possible by eliminating the requirement that at least
'old' or 'new' be nonnull.

ovsdb-data: Expose guts of ovsdb_symbol_table() to clients.

ovs-vsctl will, in upcoming commits, want to more closely examine its
ovsdb_symbol_table structures.  This could be done by providing a more
complete API, but it doesn't seem worth it to me.  This commit instead goes
the other way, exposing the internals to clients.  This commit also
eliminates the ovsdb_symbol_table_find_uncreated() function, which
ovs-vsctl can now implement itself.

ovsdb-data: Rename 'used' to 'created' in struct ovsdb_symbol.

The name 'created' better reflects the actual meaning of this member: in
both ovsdb and ovs-vsctl, it is true if a row has been created with the
symbol's UUID and false otherwise.

ovs-vsctl: Remove stray \ from end of manpage.

ovs-vsctl: Update list of tables in manpage.

The QoS and Queue tables weren't mentioned at all, and some of the
tables were in a different order from that in vswitch.xml. This
fixes both.

ovs-vsctl: Check for uncreated symbols earlier.

The check for uncreated symbols does not rely on anything that happens
during transaction commit, so there is no point in allowing the transaction
to be sent to the database server, only to fail there, before reporting
the problem locally.

ovsdb: Improve error message for duplicate uuid-name.

ovsdb_execute_insert() tried to return a helpful error message when there
was a duplicate uuid-name, but ovsdb_execute() (its caller) makes any
parse error override a parse error. Since ovsdb_execute_insert() would
skip parsing the row when the uuid-name was a duplicate, this meant that
the error actually reported would be that "row" was not allowed here, which
wasn't at all helpful (since "row" is in fact mandatory).

This commit clears up the problem by always retrieving the "row" member,
which required a small amount of refactoring, and adds a test.

ovsdb: Improve error reporting for some internal errors.

Sometimes internal errors are generated based on an originating error. In
these cases we were just throwing this information away. This commit adds
this information to the internal error report so that the error will be
easier to track down.

I haven't actually seen a situation like this come up.

ovsdb-data: Verify that named-uuid string is an <id>.

The "uuid-name" that creates symbols must be an <id> but we weren't
verifying the same constraint on the "named-uuid"s that refer to symbols,
which was a bit confusing in writing transactions by hand. This commit
fixes the inconsistency and updates the SPECS file to clarify that a
named-uuid string has to be an <id>.

ovsdb-idlc: Initialize refType in IDL reference columns' types.

Otherwise the refType always appears to be 0 (OVSDB_REF_STRONG).

Nothing in the code that uses these structures actually uses the refType
yet, so this does not fix any existing bug, but upcoming commits will add
users.

python/ovs/ovsuuid: Fix behavior of UUID.from_json() with no symbol table.

UUID.from_json(['named-uuid', 'x'], None) should raise an error about
invalid syntax, but instead it was raising a TypeError because it would
try to evaluate "'x' not in None". This fixes the problem and adds a test.

reconnect: Rename CONNECT_IN_PROGRESS state to CONNECTING (like rconn).

reconnect uses the same connection state names as rconn with the exception of
the above. This commit makes their states identical, which should reduce
confusion for people debugging connection problems.

xenserver: Delete Bridge when creating vlan.

Commit 34edeccfd8d4273844d12c85fe38ec47002c47cd removed a
workaround which still applies to XenServer versions older than
5.5. This could causes creation of vlans to fail in some cases.

CC: "David Tsai" <dtsai@nicira.com>
Bug #4877.

reconnect: Fix printf() format warning.

tests/test-reconnect.c:245:9: error: format '%llu' expects type
'long long unsigned int', but argument 2 has type 'unsigned int'

reconnect: Track last-disconnected time.

Commit a4613b01ab (ovsdb: Change the way connection duration time is reported
in Manager table.), pushed earlier today, requires this commit, so OVSDB has
been unbuildable from then to now.

datapath: Enable vlan offload on internal devices.

Although it is generally best to configure vlans directly though
Open vSwitch, enabling vlan acceleration on internal devices can
avoid some issues and hardware limitations if Linux vlan devices
are used. It is only used on kernels that support modern vlan
data structures, which are 2.6.27 and later.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ovs-ofctl: Make add-flows command read from stdin if file name is "-".

It is conventional for Unix tools to read from standard input if "-" is
specified as a file name. It's easy for "ovs-ofctl add-flows" to behave
this way, too, so this commit implements it.

Suggested-by: Paul Ingram <paul@nicira.com>

xenserver: Remove other_config option for setting controller.

Since XenServer 5.6, "vswitch_controller" has been a first-class key for
setting the Open vSwitch controller. Prior to that, we stored it in
"other_config". Since we no longer support such old versions, we can
remove references to the "other_config" option.

Signed-off-by: Justin Pettit <jpettit@nicira.com>

utilities: Improve ovs-vlan-test man page.

The IP addresses used in the ovs-vlan-test example where more or
less random. This caused a great deal of confusion which hopefully
this patch will remedy.

Also changes the management port to 8080 in the examples because
XenServer uses port 80 on Dom0 for something.

ovsdb: Change the way connection duration time is reported in Manager table.

Commit 0b3e7a8b71 (ovsdb-server: Write manager status information to Manager
table.) attempted to provide managers with the ability to debug manager-related
connection problems, but it turns out that reporting "time_in_state" is not
very useful, because the state is constantly changing. What people really want
is the time each manager has been connected or disconnected, depending on the
current connection state.

Replace "time_in_state" key with "time_connected" and "time_disconnected"
keys. Only one exists at a time, and time is in seconds.

Bug #4833.

ofproto: Report time connected or disconnected, not time in rconn state.

Commit bffc058934 (bridge: Add controller status to Controller table.) exposed
the underlying time in a particular connection state for each controller, but
this turns out not to be very useful, because controller state tends to
fluctuate even when the connection is unbroken. Change to set
"time_connected" or "time_disconnected" keys in the status column of the
Controller table.

Bug #4833.

datapath: Avoid random tun_id in odp_packet_cmd_execute().

flow_extract() sets key->tun_id from OVS_CB(packet)->tun_id, which until
now has contained whatever Netlink put there in its NETLINK_CB structure.
Zero it earlier so that its value is at least predictable.

The resulting code is still not correct, because key->tun_id and
key->in_port are now set to arbitrary values.  I have known about this
since I wrote this function (and before, too, in its earlier incarnations),
but until now I did not think that it was a problem because I did not
think that there were any users along this code path.  But that is wrong:
sFlow sampling uses tun_id and in_port and ODP_ACTION_ATTR_CONTROLLER uses
in_port.  So we need a way to pass these back down from userspace.  An
upcoming commit will add a way.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

vswitch: Fix typos in schema documentation.

netdev-port: Fix invalid memory access in netdev_vport_poll_add().

shash_find_data() returns an shash_node's 'data' member, but this code here
wants the shash_node itself, so it needs to use shash_find() instead.

This bug meant that any attempt to add a single netdev_vport to more than
one netdev_monitor would cause a segmentation fault.  Here's an example
command that reproduces it reliably for me under valgrind (because ofproto
always monitors its ports and the bridge monitors bond interfaces):

ovs-vsctl -- add-bond br0 bond0 p0 p1 \
          -- set interface p0 type=patch options:peer=p1 \
          -- set interface p1 type=patch options:peer=p0

Bug #4527.
Reported-by: Krishna Miriyala <krishna@nicira.com>

tunneling: Don't leak dst on vlan tagging failure.

When we need to send a packet through the IP stack we need to attach
a dst to the skb. Due to some interactions with caching this doesn't
happen until late in the transmission process. However, if we are
inserting a vlan tag and the insertion fails it is possible to leak
the dst.

Reported-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

ovs-dpctl: Support more than one option for "add-if" command.

This "while" loop in do_add_if() is supposed to split up everything after
the interface name with ',' as the delimiter, but it didn't do that
correctly.

Also corrects a typo in the manpage pointed out by Justin Pettit.

vswitchd: Initialize configuration on active-backup bonds.

Some configuration settings which were not balance-[slb|tcp]
specific were only initialized for these bond types.

Bug #4806.

ofproto: facet_execute() stats changes.

facet_execute() should rely on facet_update_stats() to update the
relevant facet's used parameter.

Before this patch, in very rare cases, the current practice could
lead to assertion failures. The used value of a facet could be
slightly in the future due to the clocks being out of sync between
the kernel and user space. Thus manually setting the used
parameter of a facet could put it slightly behind an already pushed
used value causing an assertion failure.

Bug #4745.

ofproto: Update facet stats when used time increases.

datapath: Add backport for USHRT_MAX.

Kernels before 2.6.26 didn't have type limits for short at all
and before 2.6.35 it was called SHORT instead of SHRT.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>