Now ovs-vswitchd fills in the Interface ofport and Bridge datapath_id
fields when it reconfigures.
The existing Bridge datapath_id and hwaddr columns, which had surprising
meanings, have been banished to a new other_config column.
Connecting to a controller requires the vswitch to have a local port
(typically named the same as the bridge itself). Before the introduction
of ovsdb ovs-vswitchd simply added the local port itself if it was missing.
This was not properly implemented with the ovsdb transition, and a segfault
resulted. This commit avoids the segfault, although it should possibly
be improved to also add the local port, as before.
CC: Jeremy Stribling <strib@nicira.com>
This implements the userspace portion of GRE on Linux. It communicates
with the kernel module to setup tunnels using either Netlink or ioctls
as appropriate based on the kernel version.
Significant portions of this commit were actually written by
Justin Pettit.
This fixes a bug originally introduced in commit 763435 "vswitchd:
Initial conversion to database-based configuration." The bug
reversed a less than operator when setting the active timeout field.
Also add a warning if the timeout is set to an invalid value.
CC: Glen Gibb <grg@stanford.edu>
bridge_create() can return a null pointer if creating the bridge fails, so
check for that and don't dereference it in that case.
Thank to Jeremy Stribling for reporting the problem.
ovs-vswitchd has never supported spanning tree protocol, but there was
nevertheless a considerable amount of code that provided a framework for
supporting it.
This commit deletes this code, since we have no plans to introduce STP
support soon.
This change adds netdev_create() and netdev_destroy() functions to allow
the creation of network devices through the netdev library. Previously,
network devices had to already exist or be created on demand through
netdev_open(). This caused problems such as not being able to specify
TAP devices as ports in ovs-vswitchd, which this patch fixes.
This also lays the groundwork for adding GRE and VDE support.
This first stab at any interface definition language and compiler for OVSDB
will give other developers a chance to look at it and try to integrate it.
The IDL is not actually implemented yet; I am working on that.
This function combines what dpif_create() and dpif_open() do. It allows
us to factor a tiny amount of code out of the vswitch, but more importantly
this function is also useful in the following commit.
A function call using in_port was accidentally moved before the check
to see if it is null. in_port can be null if a port was deleted but
an update is still pending. This moves the call after the check.
Bug #2313
Update the learning table to keep it current with flows actually
going through the datapath. This ensures that entries do not age
out when they are actively being used.
Feature #2209
RSPAN does not work properly unless MAC learning for the VLAN is
disabled on all switches between the origin and monitoring point.
This allows learning to be disabled on a given VLAN so vSwitch can
acts as an intermediate switch.
Feature #2136
The bridge nominally allowed the MAC learning module to not be enabled
though in reality it was always used. Tracking active MAC addresses
in the bridge is useful for other reasons besides deciding the output
port - primarily for bonding. In addition there were several bugs
that would have been triggered had learning actually been disabled since
that code path is never tested. This makes it explicit that the learning
table should be maintained at all times.
If all slaves on a bond are down but some are waiting for an updelay,
enable the slave with the shortest amount of delay remaining. This
would already occur if all other slaves were disabled at the time the
delay was to begin but not if a delay was already in progress. This
also immediately sends learning packets out in both situations, which
prevents incoming packets to disabled slaves from being blackholed.
CC: Danny Wannagat <Danny.Wannagat@eu.citrix.com>
Previously NetFlow expiration messages always contained 0 as the
output interface index. This changes that to report the OpenFlow
interface instead.
Feature #1202
This merge took a little bit of care due to two issues:
- Crossport of "interface-reconfigure" fixes from master back to
citrix that had happened and needed to be canceled out of the merge.
- New script "refresh-xs-network-uuids" added on citrix branch that
needed to be moved from /root/vswitch/scripts to
/usr/share/vswitch/scripts.
When revalidating NORMAL flows we consult the learning table, which
could be empty if a packet hasn't come to userspace in a while or we
just did a bridge flush. If there is no learning entry then existing
flows will begin flooding packets until a new flow is setup. The
problem is worse with bonding because we can receive one of the flooded
packets back on a bond slave and learn that port, causing us to send
traffic to the wrong location.
Previously when deciding whether to migrate a hash between slaves
we would never move it if it would cause more load on the new slave
than the old. This could lead to a situation where the slaves would
be imbalanced but no migration would occur since it would flip the
load. This will do the migration if it will decrease the ratio.
Bug NIC-49
Drop packets received on a bond port if we have learned a different
source port for that MAC. We were already doing this for multicast
packets but extend the logic to unicast packets as well since the
same situation can occur if the connected switch has not learned the
MAC address and is flooding. Otherwise vSwitch will learn the bond
port as the source of that MAC.
Bug #2167
We check that a packet is not sent out the on the in port on the
same VLAN when performing RSPAN. However, we were comparing the
vlan tag from a packet after implicit tagging with a tag from
before implicit tagging. This ensures that we always compare them
before such tagging.
In order to avoid loops we check that the input and output ports
are not equal. When selecting mirror outputs for RSPAN we were
checking interfaces instead of ports. This lead to loops when
using RSPAN with bonded ports.
Bug #2118
Brings the fake bond interface up and down to match our notion of
whether the bond is currently active. This solves an issue where
XenCenter would always show the bond as disconnected.
Bug #1703
Until now the vswitch configuration file has allowed the user to configure
the MAC address on bridge local ports only. This commit adds the ability
to configure them on any internal interface.
It would be logical to extend this to any bridge port, period, but many
network devices must be brought down before their Ethernet addresses may be
changed. Bringing a network interface down and then back up can reset a
lot of state, so as we don't actually need the ability to change any bridge
port's MAC address yet this commit does not implement it.
CC: Ian Campbell <Ian.Campbell@citrix.com>
Ben Pfaff dug through the kernel sources and reported that
bond_miimon_inspect() supports four BOND_LINK_* states:
* BOND_LINK_UP: carrier detected, updelay has passed.
* BOND_LINK_FAIL: carrier lost, downdelay in progress.
* BOND_LINK_DOWN: carrier lost, downdelay has passed.
* BOND_LINK_BACK: carrier detected, updelay in progress.
And that bond_info_show_slave() only considers BOND_LINK_UP to be "up"
and anything else to be "down".
Thanks for doing this and suggesting a fix, Ben!
Free dpif_names when we're done with it.
This memory leak is not a big deal since bridge_init() is only ever called
once in a given ovs-vswitchd execution.
Our test case automation has a requirement to know which hash value a
given MAC address hashes to, in order to validate that balancing is
happening as expect etc.. Rather than attempt to reimplement the hash
algorithm used by vswitchd in python instead expose an appctl which
returns this information.
The bonding code in vswitch sends out gratuitous learning packets that
are supposed to teach switches but not cause anything else to happen on
the network. Some upcoming code wants to synthesize packets with similar
properties, so factor this code into a new function so that it can be
used in both places.
In the /proc compatibility layer, the bond member was reported as up
immediately after link recovery, regardless of the updelay. I believe
the compatibility code was correct if the check had been done with carrier,
but since 'iface->enabled' already does that calculation, we can use it
directly.
Additinally, when a bond slave was enabled or disabled, the bond
compatibility code was not being told to update its state. This commit
makes that call.
NIC-39
If all of the ports specified as mirror selection criteria actually do not
exist, then until now the bridge would mirror all incoming packets (on
specified VLAN(s), if any). This matches the behavior that occurs if no
mirror selection ports were specified at all, and so it makes a certain
amount of logical sense.
But it is far more likely that the user simply misspelled a port name, or
specified the name of a port that does not always exist. In fact we have
seen this behavior in practice when the controller has not caught up to
the switch's current configuration. So this commit changes the bridge to
instead disable a mirror if ports are specified and none of those ports
exist.
Bug #1904.
compose_dsts() was updating the VLAN of packets sent to VLAN mirrors
before it changed the VLAN value, but of course it's the final VLAN value
that actually matters.
Thanks to Reid for his good work tracking this one down.
Bug #1898.
This bug was introduced in the merge from the citrix branch in commit
8fef8c71 "Merge citrix into master."
Thanks to Reid for characterizing the problem.
Bug #1907.
