commit_set_icmp_action() should do its job only if the packet is ICMP,
otherwise there will be two problems:
* A set ICMP action will be inserted in the ODP actions and the flow
will be slow pathed.
* The tp_src and tp_dst field will be unwildcarded.
Normal TCP or UDP packets won't be impacted, because
commit_set_icmp_action() is called after commit_set_port_action() and it
will see the fields as already committed (TCP/UCP transport ports and ICMP
code/type are stored in the same members in struct flow).
MPLS packets though will hit the bug, causing a nonsensical set action
(which will end up zeroing the transport source port) and an invalid
mask to be generated.
The commit also alters an MPLS testcase to trigger the bug.
FTP NAT system tests fail if the corresponding modules are not loaded.
Add a probe for nf_nat_ftp module to make sure it is loaded before the
tests.
Reported-by: Daniele Di Proietto <diproiettod@vmware.com>
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
For lswitch ports with known IPs, ARP is responded directly from
local ovn-controller to avoid flooding.
Signed-off-by: Han Zhou <zhouhan@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Based on IPv4 tests, test tunnels over IPv6. In order to do that, add
netdev-dummy/ip6addr command for dummy bridges, and get_in6 support for
netdev-dummy as well.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
With this patch, it is possible to set the IPv6 source and destination address
in flow-based tunnels.
$ ovs-ofctl add-flow br0 "in_port=LOCAL actions=set_field:2001:cafe::92->tun_ipv6_dst"
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Jiri Benc <jbenc@redhat.com>
Co-authored-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
These tests are racy as nothing prevents packet re-ordering.
Fix them by sorting outputs before comparing.
Signed-off-by: YAMAMOTO Takashi <yamamoto@midokura.com>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Acked-by: Ben Pfaff <blp@ovn.org>
While (surprisingly to me) bash interprets $10 as ${1}0,
many other shells, including NetBSD's /bin/sh, interpret it as ${10}.
Also use already assigned named variables rather than positional
parameters to make things a little more readable.
Signed-off-by: YAMAMOTO Takashi <yamamoto@midokura.com>
Acked-by: Ben Pfaff <blp@ovn.org>
Currently ovs-ofctl replace-flows and diff-flows commands only support
flows in table 0. Extend this to cover all possible tables.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
This patch adds support for Openflow1.4 error codes for set-async-config.
In this patch, a new error type, OFPET_ASYNC_CONFIG_FAILED is introduced
that enables the switch to properly inform the controller when controller
tries to set invalid mask or unsupported configuration.
Signed-off-by: Ambika Arora <ambika.arora@tcs.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Since we don't distinguish between IPv4 and IPv6 lookups, consolidate ARP
and ND cache into neighbor cache. Other references to ARP related to the
ARP cache but that are not really about ARP have been renamed as well.
tnl_arp_lookup is kept for lookups using IPv4 instead of IPv4-mapped
addresses, but that is going to be removed in a later patch.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
This patch adds support for vacancy events in table-desc.
ovs-ofctl -O OpenFlow14 dump-tables-desc <switch>
-This command is enhanced to display the Vacancy Event configuration
of the tables on a <switch>, which is set using the mod-table command.
Signed-off-by: Saloni Jain <saloni.jain@tcs.com>
Co-authored-by: Hiteshi Kalra <hiteshi.kalra@tcs.com>
Signed-off-by: Hiteshi Kalra <hiteshi.kalra@tcs.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
OpenFlow 1.4 introduces the ability to turn on vacancy events with an
OFPT_TABLE_MOD message specifying OFPTC_VACANCY_EVENTS. This commit adds
support for the new feature in ovs-ofctl mod-table.
As per the openflow specification-1.4, vacancy event adds a mechanism
enabling the controller to get an early warning based on capacity
threshold chosen by the controller.
With this commit, vacancy events can be configured as:
ovs-ofctl -O OpenFlow14 mod-table <bridge> <table> vacancy:<low,high>
<low,high> specify vacancy threshold values in percentage for vacancy_down
and vacancy_up respectively.
To disable vacancy events, following command should be given:
ovs-ofctl -O OpenFlow14 mod-table <bridge> <table> novacancy
Signed-off-by: Saloni Jain <saloni.jain@tcs.com>
Co-authored-by: Shashwat Srivastava <shashwat.srivastava@tcs.com>
Signed-off-by: Shashwat Srivastava <shashwat.srivastava@tcs.com>
Co-authored-by: Sandeep Kumar <sandeep.kumar16@tcs.com>
Signed-off-by: Sandeep Kumar <sandeep.kumar16@tcs.com>
[blp@ovn.org fixed a few typos]
Signed-off-by: Ben Pfaff <blp@ovn.org>
Before this patch, logical switch ports were using name as key but
logical router ports using uuid, which confuses user when trouble-
shooting, and names of patch ports unreadable. This patch unifies
it by using "name" field also for logical router ports.
Signed-off-by: Han Zhou <zhouhan@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
The OpenFlow specification implies that every flag is part of the flow
state, even though that isn't really meaningful for OFPFF_CHECK_OVERLAP
or OFPFF_RESET_COUNTS. This commit adds them to the flow state (reported
in flow stats replies).
Found by OFTest.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Co-authored-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Open vSwitch has supported these features on flow_mod for a long time, but
it has never included a test. This commit adds tests for both.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
The out_port and out_group matches only looked at apply_actions
instructions, but my interpretation of the OpenFlow spec is that they
should also look inside write_actions.
This affected the output of (and in one case the correctness of) some
tests, so this updates them.
Reported-by: Gavin Remaley <gavin_remaley@selinc.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
In test runs, I've occasionally seen mysterious failures in which
parse_listening_port failed to find the listening port even though an
examination of the log file showed that it was there. I spent some time
trying to figure out what was going wrong. It seemed like everything was
lined up properly to ensure that a command like "ovs-vsctl set-controller
br0 tcp:127.0.0.1:0" would only return to the command prompt after the
new listener was ready and the proper log message was written. It was
obviously a very small race because I could only reproduce it with a large
test parallelism (e.g. -j10 on my quad-core laptop).
The problem turned out to be asynchronous logging in ovs-vswitchd. If I
turned that off, by commenting out the call to vlog_enable_async() in
bridge.c, parse_listening_port became reliable.
This commit works around the problem by making parse_listening_port retry
for a while if necessary. It also transforms the shell function into an
m4 macro (so that it can use OVS_WAIT_UNTIL) and renames it to
all-uppercase to follow the convention for macros.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Sometimes OVS_WAIT_WHILE and OVS_WAIT_UNTIL are used for conditions that
tend to be true immediately but sometimes take a moment or two. This
change makes such cases 0.1 seconds faster (which could add up over
hundreds of tests).
Signed-off-by: Ben Pfaff <blp@ovn.org>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
AT_CHECK runs its commands in a subshell. That means that (among other
effects), any variable assignments within its commands will disappear after
the commands' completion. That doesn't matter for any of the existing
users, which don't do the sorts of things that affect an outer shell
environment anyhow, but an upcoming user wants to make a shell assignment
that persists. This commit makes that possible, by using AT_CHECK
(actually AT_FAIL_IF but it's moot) only upon failure instead of bracketing
the entire test.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
While a barrier serializes requests from the same connection,
it doesn't wait for requests from other connections to the switch.
Replace the barrier with infamous "sleep 1" to workaround the problem.
Signed-off-by: YAMAMOTO Takashi <yamamoto@midokura.com>
Acked-by: Ben Pfaff <blp@ovn.org>
This makes tests pass on on my single-cpu NetBSD-7 VM.
How frequently preemption happens depends on the cpu scheduler.
Signed-off-by: YAMAMOTO Takashi <yamamoto@midokura.com>
Acked-by: Ben Pfaff <blp@ovn.org>
NetBSD's /bin/sh complains on the syntax of bash array.
While the use of eval might seem overkill, it's tricky to avoid
the error because the generated code will be a part of the surrounding
subshell and the syntax check is done a bit earlier than the execution
of these conditionals.
Signed-off-by: YAMAMOTO Takashi <yamamoto@midokura.com>
Acked-by: Ben Pfaff <blp@ovn.org>
Extend OVS conntrack interface to cover NAT. New nested NAT action
may be included with a CT action. A bare NAT action only mangles
existing connections. If a NAT action with src or dst range attribute
is included, new (non-committed) connections are mangled according to
the NAT attributes.
This work extends on a branch by Thomas Graf at
https://github.com/tgraf/ovs/tree/nat.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Hack around a bug in pyftpdlib that rejects EPRT connection due to
mismatching textual representation of the IPv6 address when the
address is not in the normalized format. This happens when the
control connection is mangled by Linux NAT.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Joe Stringer <joe@ovn.org>
This changes the conntrack state flags used in the OpenFlow interface
to match the ones we currently use in the datapath. While these do
not need to be synced, it is nice to get rid of the gap.
This should be merged before the first OVS release with connection
tracking, or not at all.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Sometimes xlate_actions() fails due to too deep recursion, too many
MPLS labels, or missing recirculation context. Make xlate_actions()
clear out the produced odp actions in these cases to make it easy for
the caller to install a drop flow (instead or installing a flow with
partially translated actions). Also, return a specific error code, so
that the error can be properly propagated where meaningful.
There are may cases in which the NORMAL action decides to drop the
packet. Most of these are not, however, traslation errors, but just
reactions to malformed input. In these cases it is correct to make the
NORMAL action do nothing, but allow other actions in the pipeline (if
any) to take effect.
Before this patch it was possible that the revalidation installed a
flow with a recirculation ID with an invalid recirc ID (== 0), due to
the introduction of in-place modification in commit 43b2f131a2
(ofproto: Allow in-place modifications of datapath flows).
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Joe Stringer <joe@ovn.org>
Otherwise duplicate bucket IDs cause linked list loops and other nastiness
because the ofputil_bucket_find() in the OFPG15_BUCKET_LAST case later in
copy_buckets_for_insert_bucket() will find the new bucket instead of the
old one and the list_splice() call becomes nonsensical.
Reported-by: Ray Li <rayli1107@gmail.com>
Reported-at: http://openvswitch.org/pipermail/discuss/2015-September/018731.html
Signed-off-by: Ben Pfaff <blp@ovn.org>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Add an additional test that ensures that when receiving packets from
internal ports that reside in a foreign namespace, the conntrack
information is not populated in the flow.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Netcat is different on each platform I tried (Debian, Ubuntu, RHEL),
so rather than handling version differences it's better to just do the
same test with some hardcoded packets.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Use OpenFlow bundles for setting up flow tables. This has the benefit
that when debugging test failures, no packet gets processed by
partially set-up flow table, which may seem confusing.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Create all bridges with the same set of supported OpenFlow protocols
and fail-safe-mode secure, so that each test explicitly specifies flow
handling.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
When there are PtP TUN devices on the system or SIT devices, tests will fail
because of a warning that it was not possible to get their Ethernet addresses.
That call comes from the route code adding tunnel ports.
Make that warning an informational message and filter that out during tests.
Also, return EINVAL when trying to get those interface Ethernet addresses, which
will prevent them from being added to the tunnel ports pool and will properly
fail in other places as well.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Ovsdb-idl notifies a client that something changed; it does not track
which table, row changed in what way (insert, modify or delete).
As a result, a client has to scan or reconfigure the entire idl after
ovsdb_idl_run(). This is presumably fine for typical ovs schemas where
tables are relatively small. In use-cases where ovsdb is used with
schemas that can have very large tables, the current ovsdb-idl
notification mechanism does not appear to scale - clients need to do a
lot of processing to determine the exact change delta.
This change adds support for:
- Table and row based change sequence numbers to record the
most recent IDL change sequence numbers associated with insert,
modify or delete update on that table or row.
- Change tracking of specific columns. This ensures that changed
rows (inserted, modified, deleted) that have tracked columns, are
tracked by IDL. The client can directly access the changed rows
with get_first, get_next operations without the need to scan the
entire table.
The tracking functionality is not enabled by default and needs to
be turned on per-column by the client after ovsdb_idl_create()
and before ovsdb_idl_run().
/* Example Usage */
idl = ovsdb_idl_create(...);
/* Track specific columns */
ovsdb_idl_track_add_column(idl, column);
/* Or, track all columns */
ovsdb_idl_track_add_all(idl);
for (;;) {
ovsdb_idl_run(idl);
seqno = ovsdb_idl_get_seqno(idl);
/* Process only the changed rows in Table FOO */
FOO_FOR_EACH_TRACKED(row, idl) {
/* Determine the type of change from the row seqnos */
if (foo_row_get_seqno(row, OVSDB_IDL_CHANGE_DELETE)
>= seqno)) {
printf("row deleted\n");
} else if (foo_row_get_seqno(row, OVSDB_IDL_CHANGE_MODIFY)
>= seqno))
printf("row modified\n");
} else if (foo_row_get_seqno(row, OVSDB_IDL_CHANGE_INSERT)
>= seqno))
printf("row inserted\n");
}
}
/* All changes processed - clear the change track */
ovsdb_idl_track_clear(idl);
}
Signed-off-by: Shad Ansari <shad.ansari@hp.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
There is currently no mechanism in IDL to fetch specific column values
on-demand without having to register them for monitoring. In the case
where the column represent a frequently changing entity (e.g. counter),
and the reads are relatively infrequent (e.g. CLI client), there is a
significant overhead in replication.
This patch adds support in the Python IDL to register a subset of the
columns of a table as "readonly". Readonly columns are not replicated.
Users may "fetch" the readonly columns of a row on-demand. Once fetched,
the columns are not updated until the next fetch by the user. Writes by
the user to readonly columns does not change the value (both locally or
on the server).
The two main user visible changes in this patch are:
- The SchemaHelper.register_columns() method now takes an optionaly
argument to specify the subset of readonly column(s)
- A new Row.fetch(columns) method to fetch values of readonly columns(s)
Usage:
------
# Schema file includes all columns, including readonly
schema_helper = ovs.db.idl.SchemaHelper(schema_file)
# Register interest in columns with 'r' and 's' as readonly
schema_helper.register_columns("simple", [i, r, s], [r, s])
# Create Idl and jsonrpc, and wait for update, as usual
...
# Fetch value of column 'r' for a specific row
row.fetch('r')
txn.commit_block()
print row.r
print getattr(row, 'r')
# Writing to readonly column has no effect (locally or on server)
row.r = 3
print row.r # prints fetched value not 3
Signed-off-by: Shad Ansari <shad.ansari@hp.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
This tests that resubmits return as expected when conntrack is used
with recirculation to another table.
Signed-off-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Joe Stringer <joestringer@nicira.com>
'conntrack' output format varies depending on the system
configuration, i.e., conntrack accounting or timestamping is enabled.
Modify the FORMAT_CT() macro to hide these differences.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>
Until now, the only way to specify multiple fields in the "fields"
parameter for the Netronome groups extension, was to specify "fields"
more than once, e.g. fields=eth_dst,fields=ip_dst
However, this wasn't documented and the code in ofp-print didn't use it,
generating output that couldn't be parsed.
This commit fixes the situation by introducing a more straightforward
syntax, e.g. fields(eth_dst,ip_dst), documents it, and adjusts ofp-print
code to use it when there is more than one field (it retains the previous
format for backward compatibility when there is exactly one field)
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Simon Horman <simon.horman@netronome.com>
It is very easy to misuse these macros, because when the COMMAND
returns exit code "0" it is actually considered as if condition
evaluated to "true" and not "false" as some might think.
This patch ensures that this is clearly reflected in documentation.
Acked-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
