Until now, the collection of coverage counters supported by a given OVS
program was not specific to that program. That means that, for example,
even though ovs-dpctl does not have anything to do with mac_learning, it
still has a coverage counter for it. This is confusing, at best.
This commit fixes the problem on some systems, in particular on ones that
use GCC and the GNU linker. It uses the feature of the GNU linker
described in its manual as:
If an orphaned section's name is representable as a C identifier then
the linker will automatically see PROVIDE two symbols: __start_SECNAME
and __end_SECNAME, where SECNAME is the name of the section. These
indicate the start address and end address of the orphaned section
respectively.
Systems that don't support these features retain the earlier behavior.
This commit also fixes the annoyance that files that include coverage
counters must be listed on COVERAGE_FILES in lib/automake.mk.
This commit also fixes the annoyance that modifying any source file that
includes a coverage counter caused all programs that link against
libopenvswitch.a to relink, even programs that the source file was not
linked into. For example, modifying ofproto/ofproto.c (which includes
coverage counters) caused tests/test-aes128 to relink, even though
test-aes128 does not link again ofproto.o.
The 'xid' in an ofp_header is not interpreted by the receiver but only by
the sender, so it need not be in any particular byte order. OVS used to
try to take advantage of this to avoid host/network byte order conversions
for this field. Older code in OVS, therefore, treats xid as being in host
byte order. However, as time went on, I forgot that I had introduced this
trick, and so newer code treats xid as being in network byte order.
This commit fixes up the situation by consistently treating xid as being
in network byte order. I think that this will be less surprising and
easier to remember in the future.
This doesn't fix any actual bugs except that some log messages would have
printed xids in the wrong byte order.
All streams and all vconns are "active", so there's no point in noting that
requirement in comments. (A long time ago, active and passive vconns were
conflated instead of having passive vconns broken out as pvconns. But
active and passive streams have always been distinct.)
Adding a macro to define the vlog module in use adds a level of
indirection, which makes it easier to change how the vlog module must be
defined. A followup commit needs to do that, so getting these widespread
changes out of the way first should make that commit easier to review.
While I was looking at the rconn code for connection backoff and retry, I
noticed that ovs-vswitchd was logging the following on each connection
attempt:
Jun 11 15:17:41|00020|vconn_stream|ERR|send: Connection refused
The "send:" part didn't make much sense. The configured controller was not
actually running, so the vconn code should not have been able to connect
at all, so the message should have been about a connection failing, not
about sending on a completed connection failing.
Investigation showed that different parts of the library have different
ideas about return value semantics. vconn_open() and stream_open() both
return 0 if a connection succeeded or if one is in progress, but some of
its callers thought that it returned 0 if the connection succeeded and
EAGAIN if the connection was in progress. This commit fixes up the callers
that had the wrong idea, by making them instead all vconn_connect() or
stream_connect() to determine whether the connection is complete.
The main purpose of the vconn code is to ship OpenFlow messages across
network connections. Over time a large number of utility functions related
to OpenFlow messages have also crept into vconn.c, but that's really
logically separate. This commit breaks those functions out into a new
file.
Add a tun_id field which contains the ID of the encapsulating tunnel
on which a packet was received (0 if not received on a tunnel). Also
add an action which allows the tunnel ID to be set for outgoing
packets. At this point there aren't any tunnel implementations so
these fields don't have any effect.
The matching is exposed to OpenFlow by overloading the high 32 bits
of the cookie as the tunnel ID. ovs-ofctl is capable of turning
on this special behavior using a new "tun-cookie" command but this
command is intentially undocumented to avoid it being used without
a full understanding of the consequences.
The fatal-signal library notices and records fatal signals (e.g. SIGTERM)
and terminates the process on the next trip through poll_block(). But
some special utilities do not always invoke poll_block() promptly, e.g.
"ovs-ofctl monitor" does not call poll_block() as long as OpenFlow messages
are available. But these special cases seem like they are all likely to
call into functions that themselves block (those with "_block" in their
names). So make a new rule that such functions should always call
fatal_signal_run(), either directly or through poll_block(). This commit
implements and documents that rule.
Bug #2625.
OpenFlow 1.0 adds support for matching on IP ToS/DSCP bits.
NOTE: OVS at this point is not wire-compatible with OpenFlow 1.0 until
the final commit in this OpenFlow 1.0 set.
The OpenFlow 1.0 specification supports matching the IP address and
opcode in ARP messages. The datapath already supports this, so this
commit merely exposes that through the OpenFlow module.
NOTE: OVS at this point is not wire-compatible with OpenFlow 1.0
until the final commit in this OpenFlow 1.0 set.
In OpenFlow 1.0, flows have been extended to include an opaque
identifier, referred to as a cookie. The cookie is specified by the
controller when the flow is installed; the cookie will be returned as
part of each flow stats and flow removed message.
NOTE: OVS at this point is not wire-compatible with OpenFlow 1.0 until
the final commit in this Openflow 1.0 set.
This commit adds (some) support for a couple new OpenFlow 0.9 features:
- The OFPFF_CHECK_OVERLAP flag in Flow Mod messages allows the
controller to prevent flows that would conflict at the same
priority.
- An emergency flow cache that contains a small flow table that is
used if the switch loses connectivity with the controller. I
believe the design has fundamental flaws and looks likely to be
retired. If a controller attempts to add a flow to the emergency
flow cache, OVS always responds that the tables are full.
The OpenFlow 0.9 error codes are also sync'd in the commit.
NOTE: OVS at this point is not wire-compatible with OpenFlow 0.9 until the
final commit in this OpenFlow 0.9 set.
Starting in OpenFlow 0.9, it is possible to match on the VLAN PCP
(priority) field and rewrite the IP ToS/DSCP bits. This check-in
provides that support and bumps the wire protocol number to 0x98.
NOTE: The wire changes come together over the set of OpenFlow 0.9 commits,
so OVS will not be OpenFlow-compatible with any official release between
this commit and the one that completes the set.
These are useful for checking that the syntax of a name is valid, so that
completely invalid names can be rejected at program startup time.
CC: Jean Tourrilhes <jt@hpl.hp.com>
This code was previously unreachable, but it makes sense to check the
action length before looking at the action any further.
This doesn't fix an actual bug--actions were always properly validated.
Also, rephrase a few of the switch cases to make it even more obvious
that they always return.
Reported-by: Jean Tourrilhes <jt@hpl.hp.com>
The vconn code is a relative fossil as OVS code goes. It was written
before we had really figured how code should fit together. Part of that
history is that it used poll_fd_callback() to register callbacks without
the assistance of other code. That isn't how the rest of OVS works now;
this code is the only remaining user of that function.
To make it more like the rest of the system, this code gets rid of the use
of poll_fd_callback(). It also adds vconn_run() and vconn_run_wait()
functions and calls to them from the places where they are now required.
These invariants are checked by vconn_open() and stream_open(), but there
is no reason not to check them earlier also. vconn and stream creation
don't have to go through vconn_open() and stream_open(), so this ensures
that the invariants get checked either way.
A few comments referenced "m", when "match" was clearly meant. This was
likely due to a quick search and replace that scooped up these comments
along with the intended code. This cleans that up.
Currently only ofproto.c ever composes OFPT_PACKET_IN messages, but some
upcoming code wants to do the same thing, so factor this out into a new
function to avoid code duplication.
It seems really strange that this one slipped through. Perhaps this
means that we have never tested with any action other than OFPAT_OUTPUT
(which has value 0 and thus is not affected by byte-swapping).
Until now, setting a netflow collector to a DNS name would cause
secchan to attempt to resolve that DNS name each time that the set of
netflow collectors is re-set. For the vswitch, this is every time that
the vswitch reconfigures itself.
Unfortunately, DNS lookup within secchan cannot work as currently
implemented, because it needs both an asynchronous DNS resolver library
and in-band control updates. Currently we have neither. Attempting to
look up DNS anyway just hangs.
This commit disables DNS lookup entirely, and updates the documentation to
change user expectations. DNS still won't work, but at least it won't
hang.
Bug #1609.
The in-band control code needs to know the IP and port of both ends of the
control connection. However, the vconn code was only reporting the local
address after the connection had already succeeded, which created a
chicken-and-egg problem. In practice we would fail to connect until the
switch went into fail-open, at which point the connection would go through.
Fortunately, we can get the local IP address right after we try to connect,
not just after the connection completes, so this commit changes the code
to do that.
This commit also breaks setting the remote IP and port into functions
separate from vconn_init(), which makes the code more readable.
Previously, rconn and vconn only allowed users to find out about the
remote IP address. This set of changes allows users to retrieve the
remote port, local IP, and local port used for the connection.
The TCP and SSL vconn implementations had a lot of common code to make
and accept TCP connections, which this commit factors out into common
functions in socket-util.c.
Also adds the ability to bind ptcp and pssl vconns to a particular IP
address instead of the wildcard address.
Older versions of Open vSwitch implemented OpenFlow in the kernel over
a Netlink channel, and this code was here to work around some issues with
that, but now it is unnecessary since the OpenFlow kernel implementation is
gone.
vconn_connect() is defined to return 0 on success or a positive errno
value on failure, but it was possible to get a negative value (EOF). This
commit changes this to ECONNRESET to match caller expectations.
