When the OFPC_FRAG_DROP policy is in effect, IP fragments are supposed to
be dropped before they reach the flow table. Open vSwitch properly dropped
IP fragments in this case, but still accounted them to the packet and byte
counters for the flow that they would have hit if the OFPC_FRAG_NX_MATCh
policy had been in effect.
Reported-by: love you <thunder.love07@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
avoid using some GNU sed extensions, which are not available
eg. on NetBSD's /usr/bin/sed.
while there are other places these extenstions are used in the testsuite,
this instance is new and seems the only one currently being executed
for NetBSD.
Signed-off-by: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Before this patch, datapath keys with ODP_FIT_TO_LITTLE, would be
assigned subfacets and installed in the kernel with a SLOW_MATCH
slow path reason. This is problematic, because these flow keys
can't be reliable converted into a 'struct flow' thus breaking a
fundamental assumption of ofproto-dpif. This patch circumvents the
issue by skipping facet creation for these flows altogether. This
approach has the added benefit of simplifying the code for future
patches.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Two testcases are added to the testsuite, which test the new
command syntax and the corresponding corner cases.
Signed-off-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Since the use of single datapath, all bridges belonging to the same type of
datapath will use the same (single) datapath. This causes confusion in the
current 'ofproto/trace' command. Especially, when given the unrelated
'bridge' and 'in_port' combination, the current implementation will still
be able to process and give misleading output. Thusly, this patch changes
the 'ofproto/trace' command syntax to formats shown as follow.
ofproto/trace [datapath] odp_flow [-generate|packet]
ofproto/trace bridge br_flow [-generate|packet]
Also, this patch updates the tests and the manpages accordingly.
Co-authored-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This helps get rid of one special case in nx_pull_raw() and allows
loading of 32-bit values from/to OXM_OF_IN_PORT in NXAST_LEARN actions.
Previously the 16-bit limit acted the same on both NXM_OF_IN_PORT and
OXM_OF_IN_PORT, even though OF1.1+ controllers would expect OXM_OF_IN_PORT
to be 32 bits wide.
Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
If verbosity parameter of ofp_print_packet_{in,out}() is greater than 2
then when formatting packet data include a hex dump as well as the output
of ofp_packet_to_string(), which is already included if verbosity is
greater than 0.
This feature may be accesed in serveral ways including:
* Including the -m parameter in an invoocation of ovs-ofctl monitor.
* Including a verbosity greater than 2 in an invocation of
ovs-ofctl ofp-print.
This patch includes tests to exercise this feature using ovs-ofctl ofp-print.
The motivation of this is to allow tests to be written that use ovs-ofctl
-m monitor to check packet data which is not output by
ofp_packet_to_string(). Specifically, as the protocol of the inner-packet
is not known by ofp_packet_to_string() it only decodes and stringifies an
MPLS packet up to and including the first MPLS label stack entry. However
it may be useful to create tests which verify the contents of the inner
packet.
One example may be verify the effect of dec_ttl in the following sequence
of actions applied to a packet with a single MPLS label stack entry.
pop_mpls(0x800),dec_ttl,push_mpls(0x8847)
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
The string produced by ofp_packet_to_string() includes a trailing
newline, so in the case where packet data is formatted by
ofp_print_packet_out() there is already a newline present.
This patch updates ofp_print_packet_out() so that it does not
add a second newline in this case.
It is not necessary to update the case where there is packet data
to ensure that the result it is terminated by a "\n" as the higher-level
ofp_to_string() function will ensure that the result is "\n" terminated.
The test-suite has be updated to exercise output of packet data by
ofp_packet_to_string()
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This commit adds a function to lib/netdev.c to check that the interface name
is not the same as any of the registered vport providers' dpif_port name
(e.g. gre_system) or the datapath's internal port name (e.g. ovs-system).
Bug #15077.
Signed-off-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Found out there are some trailing white spaces. This patch fixes it.
Signed-off-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Adds tun_src and tun_dst match and set capabilities via new NXM fields
NXM_NX_TUN_IPV4_SRC and NXM_NX_TUN_IPV4_DST. This allows management of
large number of tunnels via the flow tables, without requiring the tunnels
to be pre-configured.
Flow-based tunnels can be configured with options remote_ip=flow and
local_ip=flow. local_ip=flow requires remote_ip=flow. When set, the
tunnel remote IP address and/or local IP address is set from the flow,
instead of the tunnel configuration.
Example:
$ ovs-vsctl add-port br0 gre -- set Interface gre ofport_request=1 type=gre options:remote_ip=flow options:key=flow
$ ovs-ofctl add-flow br0 "in_port=LOCAL actions=set_tunnel:1,set_field:192.168.0.1->tun_dst,output:1"
$ ovs-ofctl add-flow br0 "in_port=1 tun_src=192.168.0.1 tun_id=1 actions=LOCAL"
Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
I believe this is consistent with the handling of all other action
parsing called from parse_named_action().
Verification of all actions, including learn actions, occurs separately
in ofpact_check__(). It also occurs via in a call to ofpacts_check()
in parse_ofp_str(),
This patch is larger than might otherwise be expected as the flow argument
of learn_parse() is now unused and thus removed. This propagates up the
call-chain some way.
This implementation was suggested by Jesse Gross in response to an
enhancement I made to the validation performed during parsing learn actions
to allow it to correctly account for changes to the dl_type due to MPLS
push and pop actions.
Tests have also been updated to check for the less specific messages
generated by the call to ofpacts_check() in parse_ofp_str() which at the
suggestion of Ben Pfaff was added by a prior patch for this purpose.
Cc: Jesse Gross <jesse@nicira.com>
Cc: Ben Pfaff <blp@nicira.com>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Add a call to ofpacts_check() in parse_ofp_str() to check pre-requisites.
This is in preparation for removing special-case pre-requisite checking
of learn actions which is useful for the test-suite.
This patch also fixes two tests which this change revealed to be incorrect.
1. Open Flow 1.0 action which sets NXM_NX_IPV6_SRC
without any pre-requisites
This is not valid because there should be an IPv6 pre-requisite.
This portion of the test has been removed as IPv6 pre-requisites are
only valid when using OXM or NXM, however the test appears
to be a (non-NXM) Open Flow 1.0 test.
It has been replaced with a similar test of an action
that sets the IPv4 source address.
2. Open Flow 1.2 action which sets NXM_NX_IPV6_SRC
without any pre-requisites.
This is not valid because there should be an IPv6 pre-requisite.
This test has been corrected by adding IPv6 as a pre-requisite,
which is valid for Open Flow 1.2 as it uses OXM.
Use of ofpacts_check() in parse_ofp_str() suggested by Ben Pfaff.
Cc: Ben Pfaff <blp@nicira.com>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
OpenFlow says that an "output" action to a flow's input port is ordinarily
dropped, unless the flow explicitly outputs to OFPP_IN_PORT. We've
occasionally been asked to implement some way to avoid this behavior in
cases where it is not easily known in advance whether a given port is the
input port (so that OFPP_IN_PORT is not easy to use).
This commit implements such a feature. With this commit, one may write:
actions=load:0->NXM_OF_IN_PORT[],output:123
which will output to port 123 regardless of whether it is the input port.
If the input port is important, then one may save and restore it on the
stack:
actions=push:NXM_OF_IN_PORT[],load:0->NXM_OF_IN_PORT[],output:123,
pop:NXM_OF_IN_PORT[]
(Sometimes I am asked whether "resubmit" changes the in_port and would
therefore interact badly with this feature. It does not. "resubmit" only
(optionally) changes the in_port used for the resubmit's flow table lookup.
It does not otherwise have any effect on in_port.)
Bug #14091.
CC: Jarno Rajahalme <jarno.rajahalme@nsn.com>
CC: Ronghua Zhang <rzhang@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Reducing non-const static data makes code more obviously thread-safe.
Although option parsing does not normally need to be thread-safe, I
don't know of a drawback to making its data const.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Until now, we were presenting a separate sFlow data-source (sampler) for
each ifIndex-interface. This caused problems with samples that did not
easily map to an ifIndex being aliased together and breaking the sFlow
containment rules. This patch changes the model to present a single sFlow
data-source for each bridge. Now we can still make all reasonable effort
to map packet samples to ingress/egress ifIndex numbers, knowing that the
fallback to "unknown" does not break the sFlow model. Note that
interface-counter-polling is still handled the same way as before, with
sFlow counter-polling data only being exported for ifIndex-interfaces.
Signed-off-by: Neil Mckee <neil.mckee@inmon.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Supplying this data is somewhat misleading as it
is completely ignored and is not included in
the synthesised packet.
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
VXLAN was recently assigned UDP port 4789 by IANA. This
comit updates the OVS VXLAN implementation to reflect the new UDP port
number.
Cc: Kenneth Duda <kduda@aristanetworks.com>
Signed-off-by: Kyle Mestery <kmestery@cisco.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
1. mpls or mplsm should be included in the formatted match instead of
dl_type=0xXXXX if the dl_type of the match is ETH_TYPE_MPLS or
ETH_TYPE_MPLS_MCAST respectively. This is consistent with the treatment
of other dl_types in match_format().
2. Add formatting of MPLS TTL to match_format().
The format is mpls_ttl=YY.
3. Set the mpls_lse mask of a match to all 1's if
the dl_type of the flow is ETH_TYPE_MPLS or ETH_TYPE_MPLS_MCAST.
This will cause mpls_label=LLLL,mpls_tc=W,mpls_ttl=YY,mpls_bos=Z to
be included with the match is formatted.
4. mpls(label:LLLL,tc:W,ttl:TT,bos:Z) and
mplsm(label:LLLL,tc:W,ttl:TT,bos:Z) should not be included
in a formatted match as this is not consistent with the
formatting of other match elements.
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Define a new NXAST_SAMPLE OpenFlow vendor action and the corresponding
OFPACT_SAMPLE OVS action, to do per-flow packet sampling, translated
into a new SAMPLE "flow_sample" dp action.
Make the userspace action's userdata size vary depending on the union
member used. Add a new "flow_sample" upcall to do per-flow packet
sampling. Add a new "ipfix" upcall to do per-bridge packet sampling
to IPFIX collectors.
Extend the OVSDB schema to support configuring IPFIX collector sets.
Add support for configuring multiple IPFIX collectors for per-flow
packet sampling. Add support for configuring per-bridge IPFIX
sampling.
Automatically generate standard IPFIX entity definitions from the IANA
specs. Send one IPFIX data record message for every packet sampled by
an OpenFlow sample action or received by a bridge configured with
IPFIX sampling, and periodically send IPFIX template set messages.
Signed-off-by: Romain Lenglet <rlenglet@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
depending on a platform, perl might not be /usr/bin/perl.
eg. on NetBSD it's usually /usr/pkg/bin/perl.
Signed-off-by: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>
The administrator can request that OVSDB bind any available TCP port, but
in that case there is no easy way to find out what port it has bound. This
commit adds that information as the "bound_port" key in the "status"
column.
Signed-off-by: Ben Pfaff <blp@nicira.com>
An occasionally occurring problem with "make check", especially when
parallel tests are enabled, is that multiple tests try to bind the same
TCP port and, of course, fail. This happens because the code to select
a TCP port to bind just generates random numbers until it finds a port that
is not currently in use and uses the first one, which is of course prone
to races.
This commit changes the tests to let the kernel directly choose an
available port, which should avoid this type of failure.
Also, some of the tests that generated a random free TCP port actually
used the port number to bind a UDP socket, which of course doesn't work
well. This commit fixes that problem too as a side effect.
Signed-off-by: Ben Pfaff <blp@nicira.com>
An upcoming patch will start using the --log-file option with these test
programs, so they need to support it.
Signed-off-by: Ben Pfaff <blp@nicira.com>
NXM puts the DSCP value in bits 2-7 of NXM_OF_IP_TOS.
OXM puts the DSCP value in bits 0-6 of OXM_OF_IP_DSCP.
Before this commit, Open vSwitch incorrectly implemented OXM_OF_IP_DSCP
with the same format as NXM_OF_IP_TOS. This commit fixes the problem and
adds a test (previously missing but I don't know why).
Reported-by: Hiroshi Miyata <miyahiro.dazu@gmail.com>
Tested-by: Hiroshi Miyata <miyahiro.dazu@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This will make it possible, in later commits, to make ovsdb-server connect
to OVS managers only after ovs-vswitchd has completed its initial
configuration.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ansis Atteka <aatteka@nicira.com>
Fixes a bug where per ofproto moving average stats did not update
when there is no active dp flows.
Reported-by: Justin Pettit <jpettit@nicira.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>
Signed-off-by: Justin Pettit <jpettit@nicira.com>
This patch adds an sFlow test to the test suite.
I have only tested this on a Fedora 17 OS.
Signed-off-by: Neil Mckee <neil.mckee@inmon.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Commit f3103dfa00 (lacp.at: Change timing of lacp - negotiation test)
fixed test failures for the lacp negotiation test on some systems, but
made it crop up on others where it hadn't appeared before.
My guess is that this commit is the real fix. If it isn't, then we
will probably just have to remove the test or disable it, much as I
hate doing that.
Signed-off-by: Ben Pfaff <blp@nicira.com>
The "lacp - negotiation" test (# 3) used to always fail when running
multiple tests in parallel (-j2). The reduced simulated wait time
(from 4 seconds to 2.5 seconds) seems to still give the expected result,
and works also when running multiple tests in parallel.
Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Fix a test failure due to timing differences in different test runs.
Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This patch adds more flow related stats to the output of
"ovs-appctl dpif/show". Specifically, the follow information
are added per ofproto:
- Max flow table size
- Average flow table size
- Average flow table add rate
- Average flow table delete rate
- Average flow entry life in milliseconds
Feature #15366
Signed-off-by: Andy Zhou <azhou@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Before this patch, when ofproto-dpif decided that a particular flow
miss needed a facet, it would do action translation multiple times.
Once in subfacet_make_actions(), and once per packet in
subfacet_update_stats(). In the common case (once per miss), this
would double the amount of work required in xlate_actions().
The call to facet_push_stats() in subfacet_update_stats() is
unnecessary. If the packets are simply accounted to the facet,
they will eventually be pushed to the relevant rules in
update_stats() or when the facet is removed. Removing the
unnecessary step gives us a 20% improvement of the netperf TCP_CRR
benchmark with the complex flow tables installed by our controller.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Until now, ovs-vsctl has kept trying to the database server until it
succeeded or the timeout expired (if one was specified with --timeout).
This meant that if ovsdb-server wasn't running, then ovs-vsctl would hang.
The result was that almost every ovs-vsctl invocation in scripts specified
a timeout on the off-chance that the database server might not be running.
But it's difficult to choose a good timeout. A timeout that is too short
can cause spurious failures. A timeout that is too long causes long delays
if the server really isn't running.
This commit should alleviate this problem. It changes ovs-vsctl's behavior
so that, if it fails to connect to the server, it exits unsuccessfully.
This makes --timeout obsolete for the purpose of avoiding a hang if the
database server isn't running. (--timeout is still useful to avoid a hang
if ovsdb-server is running but ovs-vswitchd is not, for ovs-vsctl commands
that modify the database. --no-wait also avoids that issue.)
Bug #2393.
Bug #15594.
Reported-by: Jeff Merrick <jmerrick@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
There were plans to use this in conjunction with inner/outer flows,
however that plan has been changed in favour of using recirculation.
This leaves us with the current usage.
encal_dl_type is currently only used to allow decoding of packets used in
the test suite. However, this is a bit of a fudge and the packets may be
provided as hexadecimal instead.
Also remove comments from parse_l2_5_onward() relating to MPLS which are
not in keeping with the commenting throughout the rest of the function.
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Jesse Gross <jesse@nicira.com>
lib/pcap.h has a name that conflicts with /usr/include/pcap.h. When one
wants to include pcap.h from libpcap (i.e.: the one from /usr/include), one
may end up with pcap.h from openvswitch.
This change renames this header to pcap-file.h and updates all
references to this file.
This change was tested with `make distcheck`.
Signed-off-by: Stephane A. Sezer <sas@cd80.net>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This is to fix the fallout of single datapath change.
ovs-appctl dpif/show displays per bridge miss, hit
and flow counts on the screen, but the backend is
obtaining those information from the datapath.
With a single datapath, all bridges of the same
datapath would all display the same (global)
counters maintained by the datapath, obviously
not correct.
This patch fixes the bug by maintaining per ofproto_dpif
miss and hit counts, which are used for display output.
The number of flows count is obtained by counting the
number facets per ofproto.
ovs-dpctl show still displays the counters maintain by
the datapath, as before.
Bug #15369
Signed-off-by: Andy Zhou <azhou@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Remove recursion from GOTO_TABLE processing in do_xlate_actions().
This allows packet processing pipelines built with goto table be
longer and not interact with each other via the resubmit recursion limit.
Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
The command "ovs-appctl dpif/dump-flows" would print slow-path actions
as "drop", which could be confusing to users. This is different from
"ovs-dpctl dump-flows", which prints a descriptive reason. This commit
replaces "drop" with the reason.
Bug #14840
Signed-off-by: Justin Pettit <jpettit@nicira.com>
