TIME_UPDATE_INTERVAL was removed long time ago.
Now each call leads to time update via syscall and it's
granularity is system dependent.
Fixes: 31ef9f5178 ("timeval: Remove CACHE_TIME scheme.")
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
ovs-appctl can wait indefinitely while executing an exit for a
dead service. Let's add a timeout (10 seconds should be
reasonable) to exit calls to avoid hanging up of the testsuite
in such cases.
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
The testsuite has an emulation of the common utility 'seq' that only
supported 2- and 3-argument forms. This commit adds support for the
1-argument form.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Russell Bryant <russell@ovn.org>
The purpose of the sequence number is to allow the client to figure out
when the connection status has changed. The significant event for the
client is when a connection completes, not when a connection attempt
starts. Thus, this commit changes the code to increment the sequence
number at completion, not at the attempt.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Russell Bryant <russell@ovn.org>
Role based access control is a relatively new addition to OVS/OVN, and
aside from the database documentation in ovn-sb(5), there is not much
explaining what RBAC is, how to use it, and the available roles. This
document remedies that situation.
It is hopeful that any new roles added will be added to this document in
the future.
Signed-off-by: Mark Michelson <mmichels@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Firewalld service files for OVN have been in the source for several
months. This adds instructions for how to use these service files with
firewalld.
Signed-off-by: Mark Michelson <mmichels@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Previous commit a67b337dc2 breaks the truncate and native
tunnel testcase by removing the truncate flag. The patch fixes
it by putting it back. Reproduce the error by:
> make check-system-userspace TESTSUITEFLAGS='17'
Fixes: a67b337dc2 ("ofproto-dpif-xlate: Remove assertion for truncated")
Cc: IWASE Yusuke <iwase.yusuke0@gmail.com>
Signed-off-by: William Tu <u9012063@gmail.com>
Acked-by: Yi-Hung Wei <yihung.wei@gmail.com>
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
On RHEL 7.4 (with iproute-3.10.0-87), a DHCP provided
ipv4 address has the "dynamic" keyword set. For e.g
"ip addr show breth0 | grep inet" shows:
inet 10.116.248.91/20 brd 10.116.255.255 scope global dynamic breth0
inet6 fe80::250:56ff:fea8:fdf0/64 scope link
The keyword "dynamic" (according to 'man ip-address') is only
used for ipv6, but in this case this is not true. Our current
code will skip the ipv4 address restoration because of this.
With this commit, we special case "dynamic" keyword to be valid
in case of ipv4.
VMware-BZ: #1982196
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Yi-Hung Wei <yihung.wei@gmail.com>
Currently, the OvsLookupFlow fails for the decap packet,
when the Geneve options are present in the packet as the OvsIPv4TunnelKey
flags are not set in the Geneve decap.
Set the OvsIPv4TunnelKey flags OVS_TNL_F_OAM and OVS_TNL_F_CRT_OPT
in OvsDecapGeneve based on the geneve header. Also set OVS_TNL_F_GENEVE_OPT
if the packet has geneve options.
Signed-off-by: Anand Kumar <kumaranand@vmware.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean@ovn.org>
Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
When the logrotate script runs, and Open vSwitch is running as a non-root
user, the /var/log/openvswitch directory doesn't have other rx bits set.
This means the reopen attempt will fail with "permission denied", even though
the default logrotate configuration creates a new log file with the
appropriate attributes.
This change sets the r/x bits for other on /var/log/openvswitch
Signed-off-by: Aaron Conole <aconole@redhat.com>
Tested-by: Jean Hsiao <jhsiao@redhat.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Acked-by: Markos Chandras <mchandras@suse.de>
Acked-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Russell Bryant <russell@ovn.org>
G++ 5 does not implement the _Atomic keyword, which is part of C11 but not
C++11, so the existing <stdatomic.h> based atomic implementation doesn't
work. This commit adds a new implementation based on the C++11 <atomic>
header.
In this area, C++ is pickier about types than C, so a few of the
definitions in ovs-atomic.h have to be updated to use more precise types
for integer constants.
This updates the code that generates cxxtest.cc to #include <config.h>
(so that HAVE_ATOMIC is defined) and to automatically regenerate when the
program is reconfigured (because otherwise the #include <config.h>) won't
get added without a "make clean" step).
"ovs-atomic.h" is not a public header, but apparently some code was
using it anyway.
Fixes: 9c463631e8 ("ovs-atomic: Report error for contradictory configuration.")
Reported-by: Yi-Hung Wei <yihung.wei@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Yi-Hung Wei <yihung.wei@gmail.com>
When checksum offload is enabled, compute checksum using the
TCP pseudo header.
Signed-off-by: Anand Kumar <kumaranand@vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean@ovn.org>
Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
Instead of freeing in the error path, move the allocation
after it. Found by inspection.
Signed-off-by: William Tu <u9012063@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Because OpenFlow Spec does not clearly stipulate that "max_len" in
OUTPUT action must be zero when "port" is other than OFPP_CONTROLLER,
it is too strict assertion that confirm "max_len" is not zero, and
"max_len" should be ignored when not used.
Also this assertion causes the lack of the interoperability with some
controller implementations.
This patch removes these redundant assertions of if truncated or not.
Signed-off-by: IWASE Yusuke <iwase.yusuke0@gmail.com>
Signed-off-by: Andy Zhou <azhou@ovn.org>
ovs_assert() is normally invoked like a function call, e.g.:
ovs_assert(true);
but its expansion was a full statement, so that this ended up expanding to:
if (!OVS_LIKELY(true)) { \
ovs_assert_failure(OVS_SOURCE_LOCATOR, __func__, #CONDITION); \
};
with both } and ; at the end, which is weird and somewhat risky around 'if'
statements.
This commit fixes the problem, making ovs_assert() expand to an expression.
Reported-by: Greg Rose <gvrose8192@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
ofp_to_string() sometimes yields a trailing space in its output. This is
annoying for the test infrastructure, since we have to specially mark the
trailing white space in Autotest with a "@&t@" marker at the end of the
line. This commit gets rid of the trailing white space and the annoying
"@&t@" markers.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Russell Bryant <russell@ovn.org>
ovs_hex_dump() sometimes yields a trailing space in its output. This is
annoying for the test infrastructure, since we have to specially mark the
trailing white space in Autotest with a "@&t@" marker at the end of the
line. This commit gets rid of the trailing white space and the annoying
"@&t@" markers.
This also gets rid of an occasional trailing hyphen.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Russell Bryant <russell@ovn.org>
Commands that use the table library, such as ovs-vsctl and "ovsdb-client
dump", print trailing white space in tabular output, to fill out the entire
width of their tabular columns. This is annoying whenever we use these
commands in the test infrastructure, since we have to specially mark the
trailing white space in Autotest with a "@&t@" marker at the end of the
line. This commit gets rid of the trailing white space and the annoying
"@&t@" markers.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Russell Bryant <russell@ovn.org>
Daemons generally should close the standard fds because they don't want to
hold open an SSH session, etc. that is attached to a tty. But --monitor
without --detach does not daemonize, so do not close fds in that case.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Russell Bryant <russell@ovn.org>
Code that calls ovsdb_txn_row_delete() should avoid referencing the
deleted row again, because it might be freed. In practice this shouldn't
really happen in this case because of the particular circumstances, but it
costs little to be careful.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Russell Bryant <russell@ovn.org>
We still use SysV scripts for RHEL. Currently, invoking
/etc/init.d/openvswitch will redirect the calls to
dynamically generated systemd scripts. In the above case when you call
"/etc/init.d/openvswitch-switch start", it inturn calls
"/bin/systemctl start openvswitch-switch.service" and
that inturn again calls "/etc/init.d/openvswitch-switch start"
This patch avoids it. This is similar to what was done to
Debian in commit 873d85653d (debian: Skip systemctl redirect.)
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Currently we call 'hostname -f' when ovs-vswitchd is not
running. If you are using ovs-vswitchd to provide your
primary networking, then 'hostname -f' will "hang" till it
times out. On the system this issue was discovered, this was
as long as 40 seconds. This is a problem during OVS restarts
or upgrades.
This commit calls 'hostname -f' after ovs-vswitchd has started.
VMware-BZ: #1972026
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
This is essentially a revert of commit e09d61c41b ("ovs-atomic: Remove
atomic_uint64_t and atomic_int64_t.") My fear that some 32-bit platforms
did not support 64-bit integers seems overblown, because OVS 2.6.x uses
the 64-bit atomic_ullong and it is in Debian, which has tons of
architectures.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Simon Horman <simon.horman@netronome.com>
'EBADRQC' is only defined on the Linux platform. Without this fix,
The travis MacOS build fails. Switching to using EDOM which is more
portable.
Fixes: 2029ce9ac3 (dpif-netdev: Fix a zero-rate bug for meter)
CC: Ali Volkan ATLI <volkan.atli@argela.com.tr>
Signed-off-by: Andy Zhou <azhou@ovn.org>
Acked-by: Joe Stringer <joe@ovn.org>
nicira-ext.h says:
* 1. OVS sends an NXT_FLOW_MONITOR_PAUSED message to the controller, following
* all the already queued notifications. After it receives this message,
* the controller knows that its view of the flow table, as represented by
* flow monitor notifications, is incomplete.
The actual implementation could send NXT_FLOW_MONITOR_PAUSED in the middle
of a series of queued notifications. This fixes it to always send it after
those notifications. Possibly this confused some controllers, since the
documentation said that NXFME_ADD and NXFME_MODIFIED notifications wouldn't
be sent between "pause" and "resume" messages, but this bug could cause
them to be sent just after "pause".
VMware-BZ: #1919454
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Gurucharan Shetty <guru@ovn.org>
Currently, we send the first packet of every new connection
to userspace to figure out the target IP address of load-balancing.
With this patch, we use the selection method of dp_hash to prevent
that situation.
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Conntrack, Conntrack-related, Stt, and IP fragmentation
have cleaner threads that run periodically to clean
up their respective tables. During driver unload,
OvsExtDetach() calls into routines that are meant
for explicitly cleaning these tables up and freeing
the resources associated with these threads.
If during driver unload, these cleaner threads run
immediately after the resources are freed, such as locks
used by these threads, then the cleaner threads result
in a kernel crash since they try to acquire locks
that have already been freed.
For eg, OvsIpFragmentEntryCleaner() caused a kernel
crash because it tried to acquire a lock that was
already freed by OvsCleanupIpFragment().
The fix is to simply exit the cleaner thread if the
lock associated with the thread is not initialized,
because the only way the threads can run when the lock
is invalid is when the lock has been freed up during
driver unload.
Testing done:
Verified that cleaner threads run as expected without
crashing during driver unload.
Signed-off-by: Shashank Ram <rams@vmware.com>
Acked-by: Anand Kumar <kumaranand@vmware.com>
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Now that Patchwork 2.0 is out, folks can start to take advantage of some
of the new features that it offers. Chief among these is series support,
which is only exposed via the web UI and new REST API and which, in
turn, necessitates using git-pw rather than pwclient. As such, this tool
is slightly documented.
Signed-off-by: Stephen Finucane <stephen@that.guru>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Open vSwitch daemon crashes (by receiving signal SIGFPE,
Arithmetic exception) when a controller tries to send
a meter-mod message with zero rate.
Signed-off-by: Ali Volkan ATLI <volkan.atli@argela.com.tr>
Signed-off-by: Andy Zhou <azhou@ovn.org>
Merge native tunnel handling with patch port handling
as much as possible.
Current native tunnel handling logic inspects the generated actions
to determine if truncate has been applied to the packet. (since if
it is then recirculation should be used). This logic can be
simplified by passing the 'truncate' boolean argument into
compose_output_action().
Signed-off-by: Andy Zhou <azhou@ovn.org>
Tested-by: Greg Rose <gvrose8192@gmail.com>
Reviewed-by: Greg Rose <gvrose8192@gmail.com>
Rename apply_nested_clone_actions() To patch_port_output().
The original function name does not make much sense.
Signed-off-by: Andy Zhou <azhou@ovn.org>
Tested-by: Greg Rose <gvrose8192@gmail.com>
Reviewed-by: Greg Rose <gvrose8192@gmail.com>
Allow xlate_table_actions() to generate actions with or without
enclosed in clone().
Signed-off-by: Andy Zhou <azhou@ovn.org>
Tested-by: Greg Rose <gvrose8192@gmail.com>
Reviewed-by: Greg Rose <gvrose8192@gmail.com>
When Openflow clone is last action of an action list, it does not
make sense for xlated actions to generate datapath clone action.
This patch attemps to Keep track of last clone action, but not
necessarily for every case.
Signed-off-by: Andy Zhou <azhou@ovn.org>
Tested-by: Greg Rose <gvrose8192@gmail.com>
Reviewed-by: Greg Rose <gvrose8192@gmail.com>
