mir/ovs
2
0
Fork 0
mirror of https://github.com/openvswitch/ovs synced 2025-08-22 09:58:01 +00:00
Code Issues Releases Wiki Activity
ovs/vswitchd/ovs-vswitchd.c

329 lines
8.9 KiB
C
Raw Normal View History

ovsdb-idlc: Eliminate <prefix>_init() function from generated code. Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Andy Zhou <azhou@ovn.org>
2016-08-24 14:53:52 -07:00
/* Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016 Nicira, Inc.
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
*
Update primary code license to Apache 2.0.
2009-06-15 15:11:30 -07:00
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
*
Update primary code license to Apache 2.0.
2009-06-15 15:11:30 -07:00
* http://www.apache.org/licenses/LICENSE-2.0
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
*
Update primary code license to Apache 2.0.
2009-06-15 15:11:30 -07:00
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
*/
#include <config.h>
#include <errno.h>
#include <getopt.h>
#include <limits.h>
#include <signal.h>
#include <stdlib.h>
#include <string.h>
ovs-vswitchd: Add --mlockall option and enable on XenServer. On XenServer 5.5 we found that running 4 simultaneous vm-import operations on iSCSI caused so much disk and cache activity that (we suspect) parts of ovs-vswitchd were paged out to disk and were not paged back in for over 10 seconds, causing the XenServer to fall off the network and the XenCenter connection to fail. Locking ovs-vswitchd into memory appears to avoid this problem. Henrik reports that, with memory locking, importing 11 VMs simultaneously completed successfully. Bug #2344.
2009-11-30 13:17:34 -08:00
#ifdef HAVE_MLOCKALL
#include <sys/mman.h>
#endif
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
#include "bridge.h"
#include "command-line.h"
#include "compiler.h"
#include "daemon.h"
ovs-vswitchd: Make database socket command-line argument optional. In practice the default location is the only one used, so we might as well make it easy.
2011-07-26 10:13:07 -07:00
#include "dirs.h"
tests: Allow unit tests to run as root. The unit tests did not allow users to run them as root because ovs-vswitchd would destroy all of the existing 'system' datapaths. This patch prevents ovs-vswitchd from registering 'system' datapaths when running unit tests preventing the issue.
2011-11-17 18:06:55 -08:00
#include "dpif.h"
Add new "dummy" netdev and dpif implementations for use in unit tests.
2010-11-29 12:21:08 -08:00
#include "dummy.h"
fatal-signal: SIGPIPE for Windows. Windows does not have a SIGPIPE. We ignore SIGPIPE for Linux. To compile on Windows, carve out a new function to ignore SIGPIPE on Linux. Signed-off-by: Gurucharan Shetty <gshetty@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-02-26 10:44:46 -08:00
#include "fatal-signal.h"
Add support for tracking and logging daemon memory usage. Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-05-08 15:44:21 -07:00
#include "memory.h"
netdev: Implement an abstract interface to network devices. This new abstraction layer allows multiple implementations of network devices in a single running process. This will be useful, for example, to support network devices that are simulated entirely in the running process or that communicate with other processes over Unix domain sockets, etc. The reimplemented tap device support in this commit has not been tested.
2009-07-30 16:04:45 -07:00
#include "netdev.h"
vconn: Remove unnecessary forward declarations and #includes from header. This required fix-ups in a few other files that accidentally depended upon vconn.h including those other headers.
2011-10-03 21:52:39 -07:00
#include "openflow/openflow.h"
vswitchd: Initial conversion to database-based configuration. This has seen very little testing, so some features are almost certainly busted. Port mirroring is not yet converted, so it will definitely not work.
2009-12-03 11:28:40 -08:00
#include "ovsdb-idl.h"
ovs-vswitchd: Fire RCU callbacks before exit to reduce memory leak warnings. ovs-vswitchd makes extensive use of RCU to defer freeing memory past the latest time that it could be in use by a thread. Until now, ovs-vswitchd has not waited for RCU callbacks to fire before exiting. This meant that in many cases, when ovs-vswitchd exits, many blocks of memory are stuck in RCU callback queues, which valgrind often reports as "possible" memory leaks. This commit adds a new function ovsrcu_exit() that waits and fires as many RCU callbacks as it reasonably can. It can only do so for the thread that calls it and the thread that calls the callbacks, but generally speaking ovs-vswitchd shuts down other threads before it exits anyway, so this is pretty good. In my testing this eliminates most valgrind warnings for tests that run ovs-vswitchd. This ought to make it easier to distinguish new leaks that are real from existing non-leaks. Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: William Tu <u9012063@gmai.com>
2018-01-25 15:39:48 -08:00
#include "ovs-rcu.h"
ovs-vswitchd: Do not use system routing table with --disable-system. The --disable-system option indicates that the user wants to avoid using the host's datapath. This is also a good indication that the user does not want to use other host resources such as the routing table, so this commit implements that. This fixes a failure in the test "ptap - recirculate after packet_type change" when the host routing table contained an entry that affected the generated flow. Without this patch, the commands: led to a failure in that test. Reported-by: Timothy Redaelli <tredaelli@redhat.com> Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2018-March/046406.html Tested-By: Timothy Redaelli <tredaelli@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-03-31 17:12:55 -07:00
#include "ovs-router.h"
ovs-thread: Fix thread id for threads not started with ovs_thread_create() When ping-pong'in a live VM migration between two machines running OVS-DPDK every now and then the ping misses would increase dramatically. For example: Acked-by: Ilya Maximets <i.maximets@samsung.com> ===========Stream Rate: 3Mpps=========== No Stream_Rate Downtime Totaltime Ping_Loss Moongen_Loss 0 3Mpps 128 13974 115 7168374 1 3Mpps 145 13620 17 1169770 2 3Mpps 140 14499 116 7141175 3 3Mpps 142 13358 16 1150606 4 3Mpps 136 14004 16 1124020 5 3Mpps 139 15494 214 13170452 6 3Mpps 136 15610 217 13282413 7 3Mpps 146 13194 17 1167512 8 3Mpps 148 12871 16 1162655 9 3Mpps 137 15615 214 13170656 I identified this issue being introduced in OVS commit, f3e7ec254738 ("Update relevant artifacts to add support for DPDK 17.05.1.") and more specific due to DPDK commit, af1475918124 ("vhost: introduce API to start a specific driver"). The combined changes no longer have OVS start the vhost socket polling thread at startup, but DPDK will do it on its own when the first vhost client is started. Figuring out the reason why this happens kept me puzzled for quite some time... What happens is that the callbacks called from the vhost thread are calling ovsrcu_synchronize() as part of destroy_device(). This will end-up calling seq_wait__(). By default, all created threads outside of OVS will get thread id 0, which is equal to the main ovs thread. So for example in the seq_wait__() function above if the main thread is waiting already we won't add ourselves as a waiter. The fix below assigns OVSTHREAD_ID_UNSET to none OVS created threads, which will get updated to a valid ID on the first call to ovsthread_id_self(). Signed-off-by: Eelco Chaudron <echaudro@redhat.com> Fixes: f3e7ec254738 ("Update relevant artifacts to add support for DPDK 17.05.1.") Acked-by: Ilya Maximets <i.maximets@samsung.com> Signed-off-by: Ian Stokes <ian.stokes@intel.com>
2018-06-04 10:07:36 +02:00
#include "ovs-thread.h"
lib: Move lib/poll-loop.h to include/openvswitch Poll-loop is the core to implement main loop. It should be available in libopenvswitch. Signed-off-by: Xiao Liang <shaw.leon@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
2017-11-03 13:53:53 +08:00
#include "openvswitch/poll-loop.h"
Add support for tracking and logging daemon memory usage. Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-05-08 15:44:21 -07:00
#include "simap.h"
vconn: Reimplement in terms of the "stream" abstraction. This reduces the amount of redundancy in the source tree, by making all of the current implementations of a vconn simply delegate to the "stream" abstraction.
2010-01-06 14:35:20 -08:00
#include "stream-ssl.h"
vswitchd: Initial conversion to database-based configuration. This has seen very little testing, so some features are almost certainly busted. Port mirroring is not yet converted, so it will definitely not work.
2009-12-03 11:28:40 -08:00
#include "stream.h"
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
#include "svec.h"
#include "timeval.h"
#include "unixctl.h"
#include "util.h"
openvswitch: Define the OVS_STATIC_TRACE() macro. This patch defines the OVS_STATIC_TRACE() macro, and as an example, adds two of them in the bridge run loop. Signed-off-by: Eelco Chaudron <echaudro@redhat.com> Acked-by: Paolo Valerio <pvalerio@redhat.com> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
2021-12-22 10:17:12 +01:00
#include "openvswitch/usdt-probes.h"
lib: Move vconn.h to <openvswitch/vconn.h> Also moves definitions for struct vconn and pvconn to the public header. The provider interface is kept private. Signed-off-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-12-15 14:10:38 +01:00
#include "openvswitch/vconn.h"
lib: Move vlog.h to <openvswitch/vlog.h> A new function vlog_insert_module() is introduced to avoid using list_insert() from the vlog.h header. Signed-off-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-12-15 14:10:38 +01:00
#include "openvswitch/vlog.h"
Avoid possibly including an old vswitch-idl.h. Codes that uses #include "vswitch-idl.h" can get an older version of this header, because this header file moved from vswitchd/ to lib/ and the older generated file might still be present. This helps out two ways: * "make clean" will delete the generated files from their old locations. * Use #include "lib/vswitch-idl.h" to explicitly avoid including the files from their old locations. Reported-by: Justin Pettit <jpettit@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-03-27 15:57:52 -07:00
#include "lib/vswitch-idl.h"
DNS: Add basic support for asynchronous DNS resolving This patch is a simple implementation for the proposal discussed in https://mail.openvswitch.org/pipermail/ovs-dev/2017-August/337038.html and https://mail.openvswitch.org/pipermail/ovs-dev/2017-October/340013.html. It enables ovs-vswitchd and other utilities to use DNS names when specifying OpenFlow and OVSDB remotes. Below are some of the features and limitations of this patch: - Resolving is asynchornous in daemon context, avoiding blocking main loop; - Resolving is synchronous in general utility context; - Both IPv4 and IPv6 are supported; - The resolving API is thread-safe; - Depends on the unbound library; - When multiple ip addresses are returned, only the first one is used; - /etc/nsswitch.conf isn't respected as unbound library doesn't look at it; - For async-resolving, caller need to retry later; there is no callback. Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-06-26 14:06:21 -07:00
#include "lib/dns-resolve.h"
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
vlog: Make client supply semicolon for VLOG_DEFINE_THIS_MODULE. It's kind of odd for VLOG_DEFINE_THIS_MODULE to supply its own semicolon, so this commit switches to the more common form.
2010-10-19 14:47:01 -07:00
VLOG_DEFINE_THIS_MODULE(vswitchd);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
vswitchd: Only lock pages that are faulted in. The main purpose of locking the memory is to ensure that OVS can keep doing what it did before in case of increased memory pressure, e.g., during VM ingest / migration. Fulfilling this requirement can be achieved without locking all the allocated memory, but only the pages already accessed in the past (faulted in). Processing of the new traffic involves new memory allocations. Latency on these operations can't be guaranteed by the locking. The main difference would be the pre-faulting of the stack memory. However, in order to revalidate or process upcalls on the same traffic, the same amount of stack is likely needed, so all the necessary memory will already be faulted in. Switch 'mlockall' to MCL_ONFAULT to avoid consuming unnecessarily large amounts of RAM on systems with high core counts. For example, in a densely populated OVN cluster this saves about 650 MB of RAM per node on a system with 64 cores. This equates to 320 GB of allocated but unused RAM in a 500 node cluster. This also makes OVS better suited by default for small systems with limited amount of memory. The MCL_ONFAULT flag was introduced in Linux kernel 4.4 and wasn't available at the time of '--mlockall' introduction, but we can use it now. Falling back to an old way of locking in case we're running on an older kernel just in case. Only locking the faulted in pages also makes locking compatible with vhost post-copy live migration by default, because we'll no longer pre-fault all the guest's memory. Post-copy relies on userfaultfd to work on shared huge pages, which is only available in 4.11+ kernels. So, technically, it should not be possible for MCL_ONFAULT to fail and the call without it to succeed. But keeping the check just in case for now. Acked-by: Simon Horman <horms@ovn.org> Acked-by: Eelco Chaudron <echaudro@redhat.com> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
2024-06-14 14:22:47 +02:00
/* --mlockall: If set, locks all present process memory pages into physical
* RAM and all the new pages the moment they are faulted in, preventing
ovs-vswitchd: Call mlockall() from the daemon, not the parent or monitor. mlockall(2) says: Memory locks are not inherited by a child created via fork(2) and are automatically removed (unlocked) during an execve(2) or when the process terminates. which means that --mlockall was ineffective in combination with --detach or --monitor or both. Both are used in the most common production configuration of Open vSwitch, so this means that --mlockall has never been effective in production. Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-06-29 09:22:59 -07:00
* the kernel from paging any of its memory to disk. */
static bool want_mlockall;
dpdk: Allow retaining CAP_SYS_RAWIO privileges. Open vSwitch generally tries to let the underlying operating system managed the low level details of hardware, for example DMA mapping, bus arbitration, etc. However, when using DPDK, the underlying operating system yields control of many of these details to userspace for management. In the case of some DPDK port drivers, configuring rte_flow or even allocating resources may require access to iopl/ioperm calls, which are guarded by the CAP_SYS_RAWIO privilege on linux systems. These calls are dangerous, and can allow a process to completely compromise a system. However, they are needed in the case of some userspace driver code which manages the hardware (for example, the mlx implementation of backend support for rte_flow). Here, we create an opt-in flag passed to the command line to allow this access. We need to do this before ever accessing the database, because we want to drop all privileges asap, and cannot wait for a connection to the database to be established and functional before dropping. There may be distribution specific ways to do capability management as well (using for example, systemd), but they are not as universal to the vswitchd as a flag. Reviewed-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Aaron Conole <aconole@redhat.com> Acked-by: Flavio Leitner <fbl@sysclose.org> Acked-by: Gaetan Rivet <gaetanr@nvidia.com> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
2023-03-16 08:00:39 -04:00
/* --hw-rawio-access: If set, retains CAP_SYS_RAWIO privileges. */
static bool hw_rawio_access;
ovs-vswitchd: Implement "exit" unixctl command. This is useful for profiling, since common profilers do not print anything until the process terminates, and only if the process terminates in the ordinary way by calling exit().
2010-05-03 15:43:49 -07:00
static unixctl_cb_func ovs_vswitchd_exit;
Add cmdline arg to specify unix domain control socket. This is useful for sandboxing multiple instances of the daemon for testing purposes. Signed-off-by: Andrew Lambeth <wal@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-01-19 10:26:03 -08:00
static char *parse_options(int argc, char *argv[], char **unixctl_path);
lib: Move compiler.h to <openvswitch/compiler.h> The following macros are renamed to avoid conflicts with other headers: * WARN_UNUSED_RESULT to OVS_WARN_UNUSED_RESULT * PRINTF_FORMAT to OVS_PRINTF_FORMAT * NO_RETURN to OVS_NO_RETURN Signed-off-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-12-15 14:10:38 +01:00
OVS_NO_RETURN static void usage(void);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
vswitchd: Wait for a bridge exit before replying to exit unixctl. Before the cleanup option, the bridge_exit() call was fairly fast, because it didn't include any particularly long operations. However, with the cleanup flag, this function destroys a lot of datapath resources freeing a lot of memory, waiting on RCU and talking to the kernel. That may take a noticeable amount of time, especially on a busy system or under profilers/sanitizers. However, the unixctl 'exit' command replies instantly without waiting for any work to actually be done. This may cause system test failures or other issues where scripts expect ovs-vswitchd to exit or destroy all the datapath resources shortly after appctl call. Fix that by waiting for the bridge_exit() before replying to the user. At least, all the datapath resources will actually be destroyed by the time ovs-appctl exits. Also moving a structure from stack to global. Seems cleaner this way. Since we're not replying right away and it's technically possible to have multiple clients requesting exit at the same time, storing connections in an array. Fixes: fe13ccdca6a2 ("vswitchd: Add --cleanup option to the 'appctl exit' command") Acked-by: Eelco Chaudron <echaudro@redhat.com> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
2023-07-18 14:40:03 +02:00
static struct ovs_vswitchd_exit_args {
struct unixctl_conn **conns;
size_t n_conns;
bool exiting;
bool cleanup;
} exit_args;
vswitchd: Add --cleanup option to the 'appctl exit' command 'appctl exit' stops the running vswitchd daemon, without releasing the datapath resources (such as bridges and ports) that vswitchd has created. This is expected when vswitchd is to be relaunched, to reduce the perturbation of exiting traffic and connections. However, when vswitchd is intended to be shutdown permanently, it is desirable not to leak datapath resources. In theory, this can be achieved by removing the corresponding configurations from OVSDB before shutting down vswitchd. However it is not always possible in practice. Sometimes it is convenient and robust for vswitchd to release all datapath resources that it has configured. Add 'appctl exit --cleanup' option for this use case. Signed-off-by: Andy Zhou <azhou@ovn.org> Acked-by: Jarno Rajahalme <jarno@ovn.org>
2017-04-24 18:55:04 -07:00
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
int
main(int argc, char *argv[])
{
struct unixctl_server *unixctl;
vswitchd: Wait for a bridge exit before replying to exit unixctl. Before the cleanup option, the bridge_exit() call was fairly fast, because it didn't include any particularly long operations. However, with the cleanup flag, this function destroys a lot of datapath resources freeing a lot of memory, waiting on RCU and talking to the kernel. That may take a noticeable amount of time, especially on a busy system or under profilers/sanitizers. However, the unixctl 'exit' command replies instantly without waiting for any work to actually be done. This may cause system test failures or other issues where scripts expect ovs-vswitchd to exit or destroy all the datapath resources shortly after appctl call. Fix that by waiting for the bridge_exit() before replying to the user. At least, all the datapath resources will actually be destroyed by the time ovs-appctl exits. Also moving a structure from stack to global. Seems cleaner this way. Since we're not replying right away and it's technically possible to have multiple clients requesting exit at the same time, storing connections in an array. Fixes: fe13ccdca6a2 ("vswitchd: Add --cleanup option to the 'appctl exit' command") Acked-by: Eelco Chaudron <echaudro@redhat.com> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
2023-07-18 14:40:03 +02:00
char *unixctl_path = NULL;
ovs-vswitchd: Make database socket command-line argument optional. In practice the default location is the only one used, so we might as well make it easy.
2011-07-26 10:13:07 -07:00
char *remote;
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
int retval;
set_program_name(argv[0]);
ovs-thread: Fix thread id for threads not started with ovs_thread_create() When ping-pong'in a live VM migration between two machines running OVS-DPDK every now and then the ping misses would increase dramatically. For example: Acked-by: Ilya Maximets <i.maximets@samsung.com> ===========Stream Rate: 3Mpps=========== No Stream_Rate Downtime Totaltime Ping_Loss Moongen_Loss 0 3Mpps 128 13974 115 7168374 1 3Mpps 145 13620 17 1169770 2 3Mpps 140 14499 116 7141175 3 3Mpps 142 13358 16 1150606 4 3Mpps 136 14004 16 1124020 5 3Mpps 139 15494 214 13170452 6 3Mpps 136 15610 217 13282413 7 3Mpps 146 13194 17 1167512 8 3Mpps 148 12871 16 1162655 9 3Mpps 137 15615 214 13170656 I identified this issue being introduced in OVS commit, f3e7ec254738 ("Update relevant artifacts to add support for DPDK 17.05.1.") and more specific due to DPDK commit, af1475918124 ("vhost: introduce API to start a specific driver"). The combined changes no longer have OVS start the vhost socket polling thread at startup, but DPDK will do it on its own when the first vhost client is started. Figuring out the reason why this happens kept me puzzled for quite some time... What happens is that the callbacks called from the vhost thread are calling ovsrcu_synchronize() as part of destroy_device(). This will end-up calling seq_wait__(). By default, all created threads outside of OVS will get thread id 0, which is equal to the main ovs thread. So for example in the seq_wait__() function above if the main thread is waiting already we won't add ourselves as a waiter. The fix below assigns OVSTHREAD_ID_UNSET to none OVS created threads, which will get updated to a valid ID on the first call to ovsthread_id_self(). Signed-off-by: Eelco Chaudron <echaudro@redhat.com> Fixes: f3e7ec254738 ("Update relevant artifacts to add support for DPDK 17.05.1.") Acked-by: Ilya Maximets <i.maximets@samsung.com> Signed-off-by: Ian Stokes <ian.stokes@intel.com>
2018-06-04 10:07:36 +02:00
ovsthread_id_init();
dpif-netdev: Add DPDK netdev. Following patch adds DPDK netdev-class to userspace datapath. Now OVS can use DPDK port for IO by just configuring DPDK port and then adding dpdk type port to userspace datapath. Refer to INSTALL.DPDK doc for further info. This is based a patch from Gerald Rogers. Signed-off-by: Gerald Rogers <gerald.rogers@intel.com> Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Thomas Graf <tgraf@redhat.com>
2014-03-24 19:23:08 -07:00
DNS: Add basic support for asynchronous DNS resolving This patch is a simple implementation for the proposal discussed in https://mail.openvswitch.org/pipermail/ovs-dev/2017-August/337038.html and https://mail.openvswitch.org/pipermail/ovs-dev/2017-October/340013.html. It enables ovs-vswitchd and other utilities to use DNS names when specifying OpenFlow and OVSDB remotes. Below are some of the features and limitations of this patch: - Resolving is asynchornous in daemon context, avoiding blocking main loop; - Resolving is synchronous in general utility context; - Both IPv4 and IPv6 are supported; - The resolving API is thread-safe; - Depends on the unbound library; - When multiple ip addresses are returned, only the first one is used; - /etc/nsswitch.conf isn't respected as unbound library doesn't look at it; - For async-resolving, caller need to retry later; there is no callback. Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-06-26 14:06:21 -07:00
dns_resolve_init(true);
command-line: add ovs_cmdl_ prefix The coding style guidelines include the following: - Pick a unique name prefix (ending with an underscore) for each module, and apply that prefix to all of that module's externally visible names. Names of macro parameters, struct and union members, and parameters in function prototypes are not considered externally visible for this purpose. This patch adds the new prefix to the externally visible names. This makes it a bit more obvious what code is coming from common command line handling code. Signed-off-by: Russell Bryant <rbryant@redhat.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2015-03-16 12:01:55 -04:00
ovs_cmdl_proctitle_init(argc, argv);
daemon-windows: Add users for windows services. Start with ovs-vswitchd and ovsdb-server. Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
2014-01-17 10:43:03 -08:00
service_start(&argc, &argv);
Add cmdline arg to specify unix domain control socket. This is useful for sandboxing multiple instances of the daemon for testing purposes. Signed-off-by: Andrew Lambeth <wal@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-01-19 10:26:03 -08:00
remote = parse_options(argc, argv, &unixctl_path);
fatal-signal: SIGPIPE for Windows. Windows does not have a SIGPIPE. We ignore SIGPIPE for Linux. To compile on Windows, carve out a new function to ignore SIGPIPE on Linux. Signed-off-by: Gurucharan Shetty <gshetty@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-02-26 10:44:46 -08:00
fatal_ignore_sigpipe();
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
dpdk: Allow retaining CAP_SYS_RAWIO privileges. Open vSwitch generally tries to let the underlying operating system managed the low level details of hardware, for example DMA mapping, bus arbitration, etc. However, when using DPDK, the underlying operating system yields control of many of these details to userspace for management. In the case of some DPDK port drivers, configuring rte_flow or even allocating resources may require access to iopl/ioperm calls, which are guarded by the CAP_SYS_RAWIO privilege on linux systems. These calls are dangerous, and can allow a process to completely compromise a system. However, they are needed in the case of some userspace driver code which manages the hardware (for example, the mlx implementation of backend support for rte_flow). Here, we create an opt-in flag passed to the command line to allow this access. We need to do this before ever accessing the database, because we want to drop all privileges asap, and cannot wait for a connection to the database to be established and functional before dropping. There may be distribution specific ways to do capability management as well (using for example, systemd), but they are not as universal to the vswitchd as a flag. Reviewed-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Aaron Conole <aconole@redhat.com> Acked-by: Flavio Leitner <fbl@sysclose.org> Acked-by: Gaetan Rivet <gaetanr@nvidia.com> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
2023-03-16 08:00:39 -04:00
daemonize_start(true, hw_rawio_access);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
ovs-vswitchd: Call mlockall() from the daemon, not the parent or monitor. mlockall(2) says: Memory locks are not inherited by a child created via fork(2) and are automatically removed (unlocked) during an execve(2) or when the process terminates. which means that --mlockall was ineffective in combination with --detach or --monitor or both. Both are used in the most common production configuration of Open vSwitch, so this means that --mlockall has never been effective in production. Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-06-29 09:22:59 -07:00
if (want_mlockall) {
#ifdef HAVE_MLOCKALL
vswitchd: Only lock pages that are faulted in. The main purpose of locking the memory is to ensure that OVS can keep doing what it did before in case of increased memory pressure, e.g., during VM ingest / migration. Fulfilling this requirement can be achieved without locking all the allocated memory, but only the pages already accessed in the past (faulted in). Processing of the new traffic involves new memory allocations. Latency on these operations can't be guaranteed by the locking. The main difference would be the pre-faulting of the stack memory. However, in order to revalidate or process upcalls on the same traffic, the same amount of stack is likely needed, so all the necessary memory will already be faulted in. Switch 'mlockall' to MCL_ONFAULT to avoid consuming unnecessarily large amounts of RAM on systems with high core counts. For example, in a densely populated OVN cluster this saves about 650 MB of RAM per node on a system with 64 cores. This equates to 320 GB of allocated but unused RAM in a 500 node cluster. This also makes OVS better suited by default for small systems with limited amount of memory. The MCL_ONFAULT flag was introduced in Linux kernel 4.4 and wasn't available at the time of '--mlockall' introduction, but we can use it now. Falling back to an old way of locking in case we're running on an older kernel just in case. Only locking the faulted in pages also makes locking compatible with vhost post-copy live migration by default, because we'll no longer pre-fault all the guest's memory. Post-copy relies on userfaultfd to work on shared huge pages, which is only available in 4.11+ kernels. So, technically, it should not be possible for MCL_ONFAULT to fail and the call without it to succeed. But keeping the check just in case for now. Acked-by: Simon Horman <horms@ovn.org> Acked-by: Eelco Chaudron <echaudro@redhat.com> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
2024-06-14 14:22:47 +02:00
/* MCL_ONFAULT introduced in Linux kernel 4.4. */
#ifndef MCL_ONFAULT
#define MCL_ONFAULT 4
#endif
if (mlockall(MCL_CURRENT | MCL_FUTURE | MCL_ONFAULT)) {
if (mlockall(MCL_CURRENT | MCL_FUTURE)) {
VLOG_ERR("mlockall failed: %s", ovs_strerror(errno));
} else {
set_all_memory_locked();
}
ovs-vswitchd: Call mlockall() from the daemon, not the parent or monitor. mlockall(2) says: Memory locks are not inherited by a child created via fork(2) and are automatically removed (unlocked) during an execve(2) or when the process terminates. which means that --mlockall was ineffective in combination with --detach or --monitor or both. Both are used in the most common production configuration of Open vSwitch, so this means that --mlockall has never been effective in production. Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-06-29 09:22:59 -07:00
}
#else
VLOG_ERR("mlockall not supported on this system");
#endif
}
Add cmdline arg to specify unix domain control socket. This is useful for sandboxing multiple instances of the daemon for testing purposes. Signed-off-by: Andrew Lambeth <wal@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-01-19 10:26:03 -08:00
retval = unixctl_server_create(unixctl_path, &unixctl);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
if (retval) {
unixctl: Avoid double error reporting. All of these programs were re-reporting an error that unixctl_server_create() had already reported. There's no need for that.
2010-01-15 10:31:57 -08:00
exit(EXIT_FAILURE);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
}
vswitchd: Add --cleanup option to the 'appctl exit' command 'appctl exit' stops the running vswitchd daemon, without releasing the datapath resources (such as bridges and ports) that vswitchd has created. This is expected when vswitchd is to be relaunched, to reduce the perturbation of exiting traffic and connections. However, when vswitchd is intended to be shutdown permanently, it is desirable not to leak datapath resources. In theory, this can be achieved by removing the corresponding configurations from OVSDB before shutting down vswitchd. However it is not always possible in practice. Sometimes it is convenient and robust for vswitchd to release all datapath resources that it has configured. Add 'appctl exit --cleanup' option for this use case. Signed-off-by: Andy Zhou <azhou@ovn.org> Acked-by: Jarno Rajahalme <jarno@ovn.org>
2017-04-24 18:55:04 -07:00
unixctl_command_register("exit", "[--cleanup]", 0, 1,
vswitchd: Wait for a bridge exit before replying to exit unixctl. Before the cleanup option, the bridge_exit() call was fairly fast, because it didn't include any particularly long operations. However, with the cleanup flag, this function destroys a lot of datapath resources freeing a lot of memory, waiting on RCU and talking to the kernel. That may take a noticeable amount of time, especially on a busy system or under profilers/sanitizers. However, the unixctl 'exit' command replies instantly without waiting for any work to actually be done. This may cause system test failures or other issues where scripts expect ovs-vswitchd to exit or destroy all the datapath resources shortly after appctl call. Fix that by waiting for the bridge_exit() before replying to the user. At least, all the datapath resources will actually be destroyed by the time ovs-appctl exits. Also moving a structure from stack to global. Seems cleaner this way. Since we're not replying right away and it's technically possible to have multiple clients requesting exit at the same time, storing connections in an array. Fixes: fe13ccdca6a2 ("vswitchd: Add --cleanup option to the 'appctl exit' command") Acked-by: Eelco Chaudron <echaudro@redhat.com> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
2023-07-18 14:40:03 +02:00
ovs_vswitchd_exit, NULL);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
ovs-vswitchd: Allow bridge code to manage the database connection itself. Until now, the ovs-vswitchd main loop has managed the connection to the database. This worked adequately until now, but upcoming patches will tie the bridge code more tightly to the database, which means that the bridge needs more control over interaction with the database connection and thus that it is better for the bridge to handle that connection itself. This commit makes the latter change, moving the database interaction from the ovs-vswitchd main loop into bridge.c.
2010-06-10 14:17:41 -07:00
bridge_init(remote);
ovs-vswitchd: Make database socket command-line argument optional. In practice the default location is the only one used, so we might as well make it easy.
2011-07-26 10:13:07 -07:00
free(remote);
vswitchd: Wait for a bridge exit before replying to exit unixctl. Before the cleanup option, the bridge_exit() call was fairly fast, because it didn't include any particularly long operations. However, with the cleanup flag, this function destroys a lot of datapath resources freeing a lot of memory, waiting on RCU and talking to the kernel. That may take a noticeable amount of time, especially on a busy system or under profilers/sanitizers. However, the unixctl 'exit' command replies instantly without waiting for any work to actually be done. This may cause system test failures or other issues where scripts expect ovs-vswitchd to exit or destroy all the datapath resources shortly after appctl call. Fix that by waiting for the bridge_exit() before replying to the user. At least, all the datapath resources will actually be destroyed by the time ovs-appctl exits. Also moving a structure from stack to global. Seems cleaner this way. Since we're not replying right away and it's technically possible to have multiple clients requesting exit at the same time, storing connections in an array. Fixes: fe13ccdca6a2 ("vswitchd: Add --cleanup option to the 'appctl exit' command") Acked-by: Eelco Chaudron <echaudro@redhat.com> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
2023-07-18 14:40:03 +02:00
while (!exit_args.exiting) {
openvswitch: Define the OVS_STATIC_TRACE() macro. This patch defines the OVS_STATIC_TRACE() macro, and as an example, adds two of them in the bridge run loop. Signed-off-by: Eelco Chaudron <echaudro@redhat.com> Acked-by: Paolo Valerio <pvalerio@redhat.com> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
2021-12-22 10:17:12 +01:00
OVS_USDT_PROBE(main, run_start);
Add support for tracking and logging daemon memory usage. Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-05-08 15:44:21 -07:00
memory_run();
if (memory_should_report()) {
struct simap usage;
simap_init(&usage);
bridge_get_memory_usage(&usage);
memory_report(&usage);
simap_destroy(&usage);
}
ovs-vswitchd: Allow bridge code to manage the database connection itself. Until now, the ovs-vswitchd main loop has managed the connection to the database. This worked adequately until now, but upcoming patches will tie the bridge code more tightly to the database, which means that the bridge needs more control over interaction with the database connection and thus that it is better for the bridge to handle that connection itself. This commit makes the latter change, moving the database interaction from the ovs-vswitchd main loop into bridge.c.
2010-06-10 14:17:41 -07:00
bridge_run();
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
unixctl_server_run(unixctl);
netdev: Implement an abstract interface to network devices. This new abstraction layer allows multiple implementations of network devices in a single running process. This will be useful, for example, to support network devices that are simulated entirely in the running process or that communicate with other processes over Unix domain sockets, etc. The reimplemented tap device support in this commit has not been tested.
2009-07-30 16:04:45 -07:00
netdev_run();
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
Add support for tracking and logging daemon memory usage. Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-05-08 15:44:21 -07:00
memory_wait();
ovs-vswitchd: Allow bridge code to manage the database connection itself. Until now, the ovs-vswitchd main loop has managed the connection to the database. This worked adequately until now, but upcoming patches will tie the bridge code more tightly to the database, which means that the bridge needs more control over interaction with the database connection and thus that it is better for the bridge to handle that connection itself. This commit makes the latter change, moving the database interaction from the ovs-vswitchd main loop into bridge.c.
2010-06-10 14:17:41 -07:00
bridge_wait();
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
unixctl_server_wait(unixctl);
netdev: Implement an abstract interface to network devices. This new abstraction layer allows multiple implementations of network devices in a single running process. This will be useful, for example, to support network devices that are simulated entirely in the running process or that communicate with other processes over Unix domain sockets, etc. The reimplemented tap device support in this commit has not been tested.
2009-07-30 16:04:45 -07:00
netdev_wait();
vswitchd: Wait for a bridge exit before replying to exit unixctl. Before the cleanup option, the bridge_exit() call was fairly fast, because it didn't include any particularly long operations. However, with the cleanup flag, this function destroys a lot of datapath resources freeing a lot of memory, waiting on RCU and talking to the kernel. That may take a noticeable amount of time, especially on a busy system or under profilers/sanitizers. However, the unixctl 'exit' command replies instantly without waiting for any work to actually be done. This may cause system test failures or other issues where scripts expect ovs-vswitchd to exit or destroy all the datapath resources shortly after appctl call. Fix that by waiting for the bridge_exit() before replying to the user. At least, all the datapath resources will actually be destroyed by the time ovs-appctl exits. Also moving a structure from stack to global. Seems cleaner this way. Since we're not replying right away and it's technically possible to have multiple clients requesting exit at the same time, storing connections in an array. Fixes: fe13ccdca6a2 ("vswitchd: Add --cleanup option to the 'appctl exit' command") Acked-by: Eelco Chaudron <echaudro@redhat.com> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
2023-07-18 14:40:03 +02:00
if (exit_args.exiting) {
Make the "exit" unixctl command reliable in ovsdb-server, ovs-vswitchd. If "ovs-appctl exit" happens to hit ovsdb-server or ovs-vswitchd at a moment when nothing else is happening to wake the daemon up, it can take a long time for them to exit. This seems to account for occasional "make check" failures on Nicira's internal builds. It probably fixes some Debian automatic build failures as well.
2010-11-16 15:14:58 -08:00
poll_immediate_wake();
}
openvswitch: Define the OVS_STATIC_TRACE() macro. This patch defines the OVS_STATIC_TRACE() macro, and as an example, adds two of them in the bridge run loop. Signed-off-by: Eelco Chaudron <echaudro@redhat.com> Acked-by: Paolo Valerio <pvalerio@redhat.com> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
2021-12-22 10:17:12 +01:00
OVS_USDT_PROBE(main, poll_block);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
poll_block();
daemon-windows: Add users for windows services. Start with ovs-vswitchd and ovsdb-server. Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
2014-01-17 10:43:03 -08:00
if (should_service_stop()) {
vswitchd: Wait for a bridge exit before replying to exit unixctl. Before the cleanup option, the bridge_exit() call was fairly fast, because it didn't include any particularly long operations. However, with the cleanup flag, this function destroys a lot of datapath resources freeing a lot of memory, waiting on RCU and talking to the kernel. That may take a noticeable amount of time, especially on a busy system or under profilers/sanitizers. However, the unixctl 'exit' command replies instantly without waiting for any work to actually be done. This may cause system test failures or other issues where scripts expect ovs-vswitchd to exit or destroy all the datapath resources shortly after appctl call. Fix that by waiting for the bridge_exit() before replying to the user. At least, all the datapath resources will actually be destroyed by the time ovs-appctl exits. Also moving a structure from stack to global. Seems cleaner this way. Since we're not replying right away and it's technically possible to have multiple clients requesting exit at the same time, storing connections in an array. Fixes: fe13ccdca6a2 ("vswitchd: Add --cleanup option to the 'appctl exit' command") Acked-by: Eelco Chaudron <echaudro@redhat.com> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
2023-07-18 14:40:03 +02:00
exit_args.exiting = true;
daemon-windows: Add users for windows services. Start with ovs-vswitchd and ovsdb-server. Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
2014-01-17 10:43:03 -08:00
}
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
}
vswitchd: Wait for a bridge exit before replying to exit unixctl. Before the cleanup option, the bridge_exit() call was fairly fast, because it didn't include any particularly long operations. However, with the cleanup flag, this function destroys a lot of datapath resources freeing a lot of memory, waiting on RCU and talking to the kernel. That may take a noticeable amount of time, especially on a busy system or under profilers/sanitizers. However, the unixctl 'exit' command replies instantly without waiting for any work to actually be done. This may cause system test failures or other issues where scripts expect ovs-vswitchd to exit or destroy all the datapath resources shortly after appctl call. Fix that by waiting for the bridge_exit() before replying to the user. At least, all the datapath resources will actually be destroyed by the time ovs-appctl exits. Also moving a structure from stack to global. Seems cleaner this way. Since we're not replying right away and it's technically possible to have multiple clients requesting exit at the same time, storing connections in an array. Fixes: fe13ccdca6a2 ("vswitchd: Add --cleanup option to the 'appctl exit' command") Acked-by: Eelco Chaudron <echaudro@redhat.com> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
2023-07-18 14:40:03 +02:00
bridge_exit(exit_args.cleanup);
for (size_t i = 0; i < exit_args.n_conns; i++) {
unixctl_command_reply(exit_args.conns[i], NULL);
}
free(exit_args.conns);
ovs-vswitchd: Release most memory on normal exit. This makes "valgrind --leak-check=full --show-reachable=yes" output much easier to read.
2010-12-13 13:08:31 -08:00
unixctl_server_destroy(unixctl);
daemon-windows: Add users for windows services. Start with ovs-vswitchd and ovsdb-server. Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
2014-01-17 10:43:03 -08:00
service_stop();
ovs-vswitchd: Avoid or suppress memory leak warning for glibc aio. The asynchronous IO library in glibc starts threads that show up as memory leaks in valgrind. This commit attempts to avoid the warnings by flushing all the asynchronous I/O to the log file before exiting. This only does part of the job for glibc since it keeps the threads around for some undefined idle time before killing them, so in addition this commit adds a valgrind suppression to stop displaying these warnings in any case. Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: William Tu <u9012063@gmai.com>
2018-01-25 15:39:49 -08:00
vlog_disable_async();
ovs-vswitchd: Fire RCU callbacks before exit to reduce memory leak warnings. ovs-vswitchd makes extensive use of RCU to defer freeing memory past the latest time that it could be in use by a thread. Until now, ovs-vswitchd has not waited for RCU callbacks to fire before exiting. This meant that in many cases, when ovs-vswitchd exits, many blocks of memory are stuck in RCU callback queues, which valgrind often reports as "possible" memory leaks. This commit adds a new function ovsrcu_exit() that waits and fires as many RCU callbacks as it reasonably can. It can only do so for the thread that calls it and the thread that calls the callbacks, but generally speaking ovs-vswitchd shuts down other threads before it exits anyway, so this is pretty good. In my testing this eliminates most valgrind warnings for tests that run ovs-vswitchd. This ought to make it easier to distinguish new leaks that are real from existing non-leaks. Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: William Tu <u9012063@gmai.com>
2018-01-25 15:39:48 -08:00
ovsrcu_exit();
DNS: Add basic support for asynchronous DNS resolving This patch is a simple implementation for the proposal discussed in https://mail.openvswitch.org/pipermail/ovs-dev/2017-August/337038.html and https://mail.openvswitch.org/pipermail/ovs-dev/2017-October/340013.html. It enables ovs-vswitchd and other utilities to use DNS names when specifying OpenFlow and OVSDB remotes. Below are some of the features and limitations of this patch: - Resolving is asynchornous in daemon context, avoiding blocking main loop; - Resolving is synchronous in general utility context; - Both IPv4 and IPv6 are supported; - The resolving API is thread-safe; - Depends on the unbound library; - When multiple ip addresses are returned, only the first one is used; - /etc/nsswitch.conf isn't respected as unbound library doesn't look at it; - For async-resolving, caller need to retry later; there is no callback. Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-06-26 14:06:21 -07:00
dns_resolve_destroy();
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
return 0;
}
ovs-vswitchd: Make database socket command-line argument optional. In practice the default location is the only one used, so we might as well make it easy.
2011-07-26 10:13:07 -07:00
static char *
Add cmdline arg to specify unix domain control socket. This is useful for sandboxing multiple instances of the daemon for testing purposes. Signed-off-by: Andrew Lambeth <wal@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-01-19 10:26:03 -08:00
parse_options(int argc, char *argv[], char **unixctl_pathp)
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
{
enum {
OPT_PEER_CA_CERT = UCHAR_MAX + 1,
ovs-vswitchd: Add --mlockall option and enable on XenServer. On XenServer 5.5 we found that running 4 simultaneous vm-import operations on iSCSI caused so much disk and cache activity that (we suspect) parts of ovs-vswitchd were paged out to disk and were not paged back in for over 10 seconds, causing the XenServer to fall off the network and the XenCenter connection to fail. Locking ovs-vswitchd into memory appears to avoid this problem. Henrik reports that, with memory locking, importing 11 VMs simultaneously completed successfully. Bug #2344.
2009-11-30 13:17:34 -08:00
OPT_MLOCKALL,
Add cmdline arg to specify unix domain control socket. This is useful for sandboxing multiple instances of the daemon for testing purposes. Signed-off-by: Andrew Lambeth <wal@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-01-19 10:26:03 -08:00
OPT_UNIXCTL,
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
VLOG_OPTION_ENUMS,
Add new "dummy" netdev and dpif implementations for use in unit tests.
2010-11-29 12:21:08 -08:00
OPT_BOOTSTRAP_CA_CERT,
daemon: Define daemon options enums the same way as other option enums. Other modules that accept options use this style and I don't see a reason for the daemon code to be different. The style used by the daemon code until now runs the risk of ending up with conflicting values accidentally, which would be confusing.
2011-01-28 12:39:15 -08:00
OPT_ENABLE_DUMMY,
tests: Allow unit tests to run as root. The unit tests did not allow users to run them as root because ovs-vswitchd would destroy all of the existing 'system' datapaths. This patch prevents ovs-vswitchd from registering 'system' datapaths when running unit tests preventing the issue.
2011-11-17 18:06:55 -08:00
OPT_DISABLE_SYSTEM,
vswitchd: Separate disable system and route. Previously, '--disable-system' disables both system dp and the system routing table. The patch makes '--disable-system' only disable system dp and adds '--disable-system-route' for disabling the route table. This fixes failures when 'make check-system-userspace' for tunnel cases. As a consequence, hitting errors due to OVS userspace parses the IGMP packet but its datapaths do not, so odp_flow_key_to_flow() return ODP_FIT_TOO_LITTLE. commit c645550bb249 ("odp-util: Always report ODP_FIT_TOO_LITTLE for IGMP.") Fix it by filtering out the IGMP-related error message. Signed-off-by: William Tu <u9012063@gmail.com> Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com> Co-authored-by: Yi-Hung Wei <yihung.wei@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
2019-06-25 14:52:38 -07:00
OPT_DISABLE_SYSTEM_ROUTE,
dpif-netdev: Add DPDK netdev. Following patch adds DPDK netdev-class to userspace datapath. Now OVS can use DPDK port for IO by just configuring DPDK port and then adding dpdk type port to userspace datapath. Refer to INSTALL.DPDK doc for further info. This is based a patch from Gerald Rogers. Signed-off-by: Gerald Rogers <gerald.rogers@intel.com> Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Thomas Graf <tgraf@redhat.com>
2014-03-24 19:23:08 -07:00
DAEMON_OPTION_ENUMS,
OPT_DPDK,
Add support for specifying SSL connection parameters to ovsdb Signed-off-by: Ethan Rahn <erahn@arista.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
2016-10-06 16:21:33 -07:00
SSL_OPTION_ENUMS,
vswitchd: Add --dummy-numa command line option. This option is used to initialize the ovs_numa module with a fake configuration and to avoid pthread_setaffinity_np() calls. It will be useful to test dpif-netdev with pmd threads. Since it is only used for testing it is not documented in the man pages. Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Acked-by: Ilya Maximets <i.maximets@samsung.com>
2016-06-06 17:05:49 -07:00
OPT_DUMMY_NUMA,
dpdk: Allow retaining CAP_SYS_RAWIO privileges. Open vSwitch generally tries to let the underlying operating system managed the low level details of hardware, for example DMA mapping, bus arbitration, etc. However, when using DPDK, the underlying operating system yields control of many of these details to userspace for management. In the case of some DPDK port drivers, configuring rte_flow or even allocating resources may require access to iopl/ioperm calls, which are guarded by the CAP_SYS_RAWIO privilege on linux systems. These calls are dangerous, and can allow a process to completely compromise a system. However, they are needed in the case of some userspace driver code which manages the hardware (for example, the mlx implementation of backend support for rte_flow). Here, we create an opt-in flag passed to the command line to allow this access. We need to do this before ever accessing the database, because we want to drop all privileges asap, and cannot wait for a connection to the database to be established and functional before dropping. There may be distribution specific ways to do capability management as well (using for example, systemd), but they are not as universal to the vswitchd as a flag. Reviewed-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Aaron Conole <aconole@redhat.com> Acked-by: Flavio Leitner <fbl@sysclose.org> Acked-by: Gaetan Rivet <gaetanr@nvidia.com> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
2023-03-16 08:00:39 -04:00
OPT_HW_RAWIO_ACCESS,
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
};
Make most "struct option" instances "const". Reducing non-const static data makes code more obviously thread-safe. Although option parsing does not normally need to be thread-safe, I don't know of a drawback to making its data const. Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-04-23 16:40:56 -07:00
static const struct option long_options[] = {
Consistently write null pointer constants as NULL instead of 0. Found with sparse.
2011-05-04 13:49:42 -07:00
{"help", no_argument, NULL, 'h'},
{"version", no_argument, NULL, 'V'},
{"mlockall", no_argument, NULL, OPT_MLOCKALL},
Add cmdline arg to specify unix domain control socket. This is useful for sandboxing multiple instances of the daemon for testing purposes. Signed-off-by: Andrew Lambeth <wal@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-01-19 10:26:03 -08:00
{"unixctl", required_argument, NULL, OPT_UNIXCTL},
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
DAEMON_LONG_OPTIONS,
VLOG_LONG_OPTIONS,
stream-ssl: Improve messages when configuring SSL if it is unsupported. Previously, if --private-key or another option that requires SSL support was used, but OVS was built without OpenSSL support, then OVS would fail with an error message that the specified option was not supported. This confused users because it made them think that the option had been removed: http://openvswitch.org/pipermail/discuss/2011-April/005034.html This commit improves the error message: OVS will now report that it was built without SSL support. This should be make the problem clear to users. Reported-by: Aaron Rosen <arosen@clemson.edu> Feature #5325.
2011-05-10 09:17:37 -07:00
STREAM_SSL_LONG_OPTIONS,
Consistently write null pointer constants as NULL instead of 0. Found with sparse.
2011-05-04 13:49:42 -07:00
{"peer-ca-cert", required_argument, NULL, OPT_PEER_CA_CERT},
{"bootstrap-ca-cert", required_argument, NULL, OPT_BOOTSTRAP_CA_CERT},
dummy: Make --enable-dummy=override replace all dpifs, netdevs by dummies. Plain "--enable-dummy" just creates new dummy dpif and netdev classes. This commit makes "--enable-dummy=override" go a step farther and actually delete and replace all the existing dpif and netdev classes by copies of the dummy class. This is useful for testing in an environment where changing the classes in Bridge or Interface records is challenging. Requested-by: Andrew Lambeth <wal@nicira.com> Tested-by: Andrew Lambeth <wal@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-01-19 10:24:46 -08:00
{"enable-dummy", optional_argument, NULL, OPT_ENABLE_DUMMY},
tests: Allow unit tests to run as root. The unit tests did not allow users to run them as root because ovs-vswitchd would destroy all of the existing 'system' datapaths. This patch prevents ovs-vswitchd from registering 'system' datapaths when running unit tests preventing the issue.
2011-11-17 18:06:55 -08:00
{"disable-system", no_argument, NULL, OPT_DISABLE_SYSTEM},
vswitchd: Separate disable system and route. Previously, '--disable-system' disables both system dp and the system routing table. The patch makes '--disable-system' only disable system dp and adds '--disable-system-route' for disabling the route table. This fixes failures when 'make check-system-userspace' for tunnel cases. As a consequence, hitting errors due to OVS userspace parses the IGMP packet but its datapaths do not, so odp_flow_key_to_flow() return ODP_FIT_TOO_LITTLE. commit c645550bb249 ("odp-util: Always report ODP_FIT_TOO_LITTLE for IGMP.") Fix it by filtering out the IGMP-related error message. Signed-off-by: William Tu <u9012063@gmail.com> Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com> Co-authored-by: Yi-Hung Wei <yihung.wei@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
2019-06-25 14:52:38 -07:00
{"disable-system-route", no_argument, NULL, OPT_DISABLE_SYSTEM_ROUTE},
netdev-dpdk: Convert initialization from cmdline to db Existing DPDK integration is provided by use of command line options which must be split out and passed to librte in a special manner. However, this forces any configuration to be passed by way of a special DPDK flag, and interferes with ovs+dpdk packaging solutions. This commit delays dpdk initialization until after the OVS database connection is established, at which point ovs initializes librte. It pulls all of the config data from the OVS database, and assembles a new argv/argc pair to be passed along. Signed-off-by: Aaron Conole <aconole@redhat.com> Acked-by: Kevin Traynor <kevin.traynor@intel.com> Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
2016-04-29 13:44:01 -04:00
{"dpdk", optional_argument, NULL, OPT_DPDK},
vswitchd: Add --dummy-numa command line option. This option is used to initialize the ovs_numa module with a fake configuration and to avoid pthread_setaffinity_np() calls. It will be useful to test dpif-netdev with pmd threads. Since it is only used for testing it is not documented in the man pages. Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Acked-by: Ilya Maximets <i.maximets@samsung.com>
2016-06-06 17:05:49 -07:00
{"dummy-numa", required_argument, NULL, OPT_DUMMY_NUMA},
dpdk: Allow retaining CAP_SYS_RAWIO privileges. Open vSwitch generally tries to let the underlying operating system managed the low level details of hardware, for example DMA mapping, bus arbitration, etc. However, when using DPDK, the underlying operating system yields control of many of these details to userspace for management. In the case of some DPDK port drivers, configuring rte_flow or even allocating resources may require access to iopl/ioperm calls, which are guarded by the CAP_SYS_RAWIO privilege on linux systems. These calls are dangerous, and can allow a process to completely compromise a system. However, they are needed in the case of some userspace driver code which manages the hardware (for example, the mlx implementation of backend support for rte_flow). Here, we create an opt-in flag passed to the command line to allow this access. We need to do this before ever accessing the database, because we want to drop all privileges asap, and cannot wait for a connection to the database to be established and functional before dropping. There may be distribution specific ways to do capability management as well (using for example, systemd), but they are not as universal to the vswitchd as a flag. Reviewed-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Aaron Conole <aconole@redhat.com> Acked-by: Flavio Leitner <fbl@sysclose.org> Acked-by: Gaetan Rivet <gaetanr@nvidia.com> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
2023-03-16 08:00:39 -04:00
{"hw-rawio-access", no_argument, NULL, OPT_HW_RAWIO_ACCESS},
Consistently write null pointer constants as NULL instead of 0. Found with sparse.
2011-05-04 13:49:42 -07:00
{NULL, 0, NULL, 0},
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
};
command-line: add ovs_cmdl_ prefix The coding style guidelines include the following: - Pick a unique name prefix (ending with an underscore) for each module, and apply that prefix to all of that module's externally visible names. Names of macro parameters, struct and union members, and parameters in function prototypes are not considered externally visible for this purpose. This patch adds the new prefix to the externally visible names. This makes it a bit more obvious what code is coming from common command line handling code. Signed-off-by: Russell Bryant <rbryant@redhat.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2015-03-16 12:01:55 -04:00
char *short_options = ovs_cmdl_long_options_to_short_options(long_options);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
for (;;) {
int c;
c = getopt_long(argc, argv, short_options, long_options, NULL);
if (c == -1) {
break;
}
switch (c) {
case 'h':
usage();
case 'V':
ovs-vswitchd: Don't print supported OpenFlow versions with "-V". When "-V" was supplied to ovs-vswitchd, it was returning a max supported OpenFlow version of 1.0, which is no longer true. There are other methods to determine the supported OpenFlow versions in ovs-vswitchd, so remove it from the "-V" output. Reported-by: Russell Bryant <rbryant@redhat.com> Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Russell Bryant <rbryant@redhat.com>
2015-04-15 13:26:32 -07:00
ovs_print_version(0, 0);
vswitchd: show DPDK version Show DPDK version if Open vSwitch is compiled with DPDK support. Version can be retrieved with `ovs-vswitchd --version` or from OVS logs. Small change in ovs-ctl to avoid breakage on output change. Signed-off-by: Matteo Croce <mcroce@redhat.com> Acked-by: Kevin Traynor <ktraynor@redhat.com> Signed-off-by: Ian Stokes <ian.stokes@intel.com>
2018-01-15 19:21:12 +01:00
print_dpdk_version();
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
exit(EXIT_SUCCESS);
ovs-vswitchd: Add --mlockall option and enable on XenServer. On XenServer 5.5 we found that running 4 simultaneous vm-import operations on iSCSI caused so much disk and cache activity that (we suspect) parts of ovs-vswitchd were paged out to disk and were not paged back in for over 10 seconds, causing the XenServer to fall off the network and the XenCenter connection to fail. Locking ovs-vswitchd into memory appears to avoid this problem. Henrik reports that, with memory locking, importing 11 VMs simultaneously completed successfully. Bug #2344.
2009-11-30 13:17:34 -08:00
case OPT_MLOCKALL:
ovs-vswitchd: Call mlockall() from the daemon, not the parent or monitor. mlockall(2) says: Memory locks are not inherited by a child created via fork(2) and are automatically removed (unlocked) during an execve(2) or when the process terminates. which means that --mlockall was ineffective in combination with --detach or --monitor or both. Both are used in the most common production configuration of Open vSwitch, so this means that --mlockall has never been effective in production. Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-06-29 09:22:59 -07:00
want_mlockall = true;
ovs-vswitchd: Add --mlockall option and enable on XenServer. On XenServer 5.5 we found that running 4 simultaneous vm-import operations on iSCSI caused so much disk and cache activity that (we suspect) parts of ovs-vswitchd were paged out to disk and were not paged back in for over 10 seconds, causing the XenServer to fall off the network and the XenCenter connection to fail. Locking ovs-vswitchd into memory appears to avoid this problem. Henrik reports that, with memory locking, importing 11 VMs simultaneously completed successfully. Bug #2344.
2009-11-30 13:17:34 -08:00
break;
Add cmdline arg to specify unix domain control socket. This is useful for sandboxing multiple instances of the daemon for testing purposes. Signed-off-by: Andrew Lambeth <wal@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-01-19 10:26:03 -08:00
case OPT_UNIXCTL:
*unixctl_pathp = optarg;
break;
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
VLOG_OPTION_HANDLERS
DAEMON_OPTION_HANDLERS
vconn: Reimplement in terms of the "stream" abstraction. This reduces the amount of redundancy in the source tree, by making all of the current implementations of a vconn simply delegate to the "stream" abstraction.
2010-01-06 14:35:20 -08:00
STREAM_SSL_OPTION_HANDLERS
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
case OPT_PEER_CA_CERT:
vconn: Reimplement in terms of the "stream" abstraction. This reduces the amount of redundancy in the source tree, by making all of the current implementations of a vconn simply delegate to the "stream" abstraction.
2010-01-06 14:35:20 -08:00
stream_ssl_set_peer_ca_cert_file(optarg);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
break;
ovs-vswitchd: Add ability to bootstrap SSL.
2009-12-21 13:06:47 -08:00
case OPT_BOOTSTRAP_CA_CERT:
stream_ssl_set_ca_cert_file(optarg, true);
break;
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
Add new "dummy" netdev and dpif implementations for use in unit tests.
2010-11-29 12:21:08 -08:00
case OPT_ENABLE_DUMMY:
dummy: Introduce new --enable-dummy=system option. Until now there have been two variants for --enable-dummy: * --enable-dummy: This adds support for "dummy" dpif and netdev. * --enable-dummy=override: In addition, this replaces *every* existing dpif and netdev by the dummy type. The latter is useful for testing but it defeats the possibility of using the userspace native tunneling implementation (because all the tunnel netdevs get replaced by dummy netdevs). Thus, this commit adds a third variant: * --enable-dummy=system: This replaces the "system" dpif and netdev by dummies but leaves the others untouched. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Alex Wang <alexw@nicira.com>
2015-06-13 16:58:49 -07:00
dummy_enable(optarg);
Add new "dummy" netdev and dpif implementations for use in unit tests.
2010-11-29 12:21:08 -08:00
break;
tests: Allow unit tests to run as root. The unit tests did not allow users to run them as root because ovs-vswitchd would destroy all of the existing 'system' datapaths. This patch prevents ovs-vswitchd from registering 'system' datapaths when running unit tests preventing the issue.
2011-11-17 18:06:55 -08:00
case OPT_DISABLE_SYSTEM:
Eliminate "whitelist" and "blacklist" terms. There is one remaining use under datapath. That change should happen upstream in Linux first according to our usual policy. Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Alin Gabriel Serdean <aserdean@ovn.org>
2020-06-17 14:22:47 -07:00
dp_disallow_provider("system");
vswitchd: Separate disable system and route. Previously, '--disable-system' disables both system dp and the system routing table. The patch makes '--disable-system' only disable system dp and adds '--disable-system-route' for disabling the route table. This fixes failures when 'make check-system-userspace' for tunnel cases. As a consequence, hitting errors due to OVS userspace parses the IGMP packet but its datapaths do not, so odp_flow_key_to_flow() return ODP_FIT_TOO_LITTLE. commit c645550bb249 ("odp-util: Always report ODP_FIT_TOO_LITTLE for IGMP.") Fix it by filtering out the IGMP-related error message. Signed-off-by: William Tu <u9012063@gmail.com> Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com> Co-authored-by: Yi-Hung Wei <yihung.wei@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
2019-06-25 14:52:38 -07:00
break;
case OPT_DISABLE_SYSTEM_ROUTE:
ovs-vswitchd: Do not use system routing table with --disable-system. The --disable-system option indicates that the user wants to avoid using the host's datapath. This is also a good indication that the user does not want to use other host resources such as the routing table, so this commit implements that. This fixes a failure in the test "ptap - recirculate after packet_type change" when the host routing table contained an entry that affected the generated flow. Without this patch, the commands: led to a failure in that test. Reported-by: Timothy Redaelli <tredaelli@redhat.com> Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2018-March/046406.html Tested-By: Timothy Redaelli <tredaelli@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-03-31 17:12:55 -07:00
ovs_router_disable_system_routing_table();
tests: Allow unit tests to run as root. The unit tests did not allow users to run them as root because ovs-vswitchd would destroy all of the existing 'system' datapaths. This patch prevents ovs-vswitchd from registering 'system' datapaths when running unit tests preventing the issue.
2011-11-17 18:06:55 -08:00
break;
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
case '?':
exit(EXIT_FAILURE);
dpif-netdev: Add DPDK netdev. Following patch adds DPDK netdev-class to userspace datapath. Now OVS can use DPDK port for IO by just configuring DPDK port and then adding dpdk type port to userspace datapath. Refer to INSTALL.DPDK doc for further info. This is based a patch from Gerald Rogers. Signed-off-by: Gerald Rogers <gerald.rogers@intel.com> Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Thomas Graf <tgraf@redhat.com>
2014-03-24 19:23:08 -07:00
case OPT_DPDK:
netdev-dpdk: Convert initialization from cmdline to db Existing DPDK integration is provided by use of command line options which must be split out and passed to librte in a special manner. However, this forces any configuration to be passed by way of a special DPDK flag, and interferes with ovs+dpdk packaging solutions. This commit delays dpdk initialization until after the OVS database connection is established, at which point ovs initializes librte. It pulls all of the config data from the OVS database, and assembles a new argv/argc pair to be passed along. Signed-off-by: Aaron Conole <aconole@redhat.com> Acked-by: Kevin Traynor <kevin.traynor@intel.com> Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
2016-04-29 13:44:01 -04:00
ovs_fatal(0, "Using --dpdk to configure DPDK is not supported.");
dpif-netdev: Add DPDK netdev. Following patch adds DPDK netdev-class to userspace datapath. Now OVS can use DPDK port for IO by just configuring DPDK port and then adding dpdk type port to userspace datapath. Refer to INSTALL.DPDK doc for further info. This is based a patch from Gerald Rogers. Signed-off-by: Gerald Rogers <gerald.rogers@intel.com> Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Thomas Graf <tgraf@redhat.com>
2014-03-24 19:23:08 -07:00
break;
vswitchd: Add --dummy-numa command line option. This option is used to initialize the ovs_numa module with a fake configuration and to avoid pthread_setaffinity_np() calls. It will be useful to test dpif-netdev with pmd threads. Since it is only used for testing it is not documented in the man pages. Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Acked-by: Ilya Maximets <i.maximets@samsung.com>
2016-06-06 17:05:49 -07:00
case OPT_DUMMY_NUMA:
ovs_numa_set_dummy(optarg);
break;
dpdk: Allow retaining CAP_SYS_RAWIO privileges. Open vSwitch generally tries to let the underlying operating system managed the low level details of hardware, for example DMA mapping, bus arbitration, etc. However, when using DPDK, the underlying operating system yields control of many of these details to userspace for management. In the case of some DPDK port drivers, configuring rte_flow or even allocating resources may require access to iopl/ioperm calls, which are guarded by the CAP_SYS_RAWIO privilege on linux systems. These calls are dangerous, and can allow a process to completely compromise a system. However, they are needed in the case of some userspace driver code which manages the hardware (for example, the mlx implementation of backend support for rte_flow). Here, we create an opt-in flag passed to the command line to allow this access. We need to do this before ever accessing the database, because we want to drop all privileges asap, and cannot wait for a connection to the database to be established and functional before dropping. There may be distribution specific ways to do capability management as well (using for example, systemd), but they are not as universal to the vswitchd as a flag. Reviewed-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Aaron Conole <aconole@redhat.com> Acked-by: Flavio Leitner <fbl@sysclose.org> Acked-by: Gaetan Rivet <gaetanr@nvidia.com> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
2023-03-16 08:00:39 -04:00
case OPT_HW_RAWIO_ACCESS:
hw_rawio_access = true;
break;
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
default:
abort();
}
}
free(short_options);
argc -= optind;
argv += optind;
ovs-vswitchd: Make database socket command-line argument optional. In practice the default location is the only one used, so we might as well make it easy.
2011-07-26 10:13:07 -07:00
switch (argc) {
case 0:
return xasprintf("unix:%s/db.sock", ovs_rundir());
case 1:
return xstrdup(argv[0]);
default:
VLOG_FATAL("at most one non-option argument accepted; "
Log anything that could prevent a daemon from starting. If a daemon doesn't start, we need to know why. Being able to consistently consult the log to find out is helpful.
2011-03-31 16:23:50 -07:00
"use --help for usage");
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
}
}
static void
usage(void)
{
Remove references to Open vSwitch being a "virtual" switch The Open vSwitch system is not limted to being a virtual switch. This commit removes these references. We are now a "versatile" switch!
2009-06-23 14:18:43 -07:00
printf("%s: Open vSwitch daemon\n"
ovs-vswitchd: Make database socket command-line argument optional. In practice the default location is the only one used, so we might as well make it easy.
2011-07-26 10:13:07 -07:00
"usage: %s [OPTIONS] [DATABASE]\n"
"where DATABASE is a socket on which ovsdb-server is listening\n"
" (default: \"unix:%s/db.sock\").\n",
program_name, program_name, ovs_rundir());
Add SSL support to "stream" library and OVSDB.
2009-12-21 13:13:48 -08:00
stream_usage("DATABASE", true, false, true);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
daemon_usage();
vlog_usage();
dpdk: Update documentation. Add usage info for ovs-vswitchd dpdk option. Update INSTALL.DPDK file and man page. Reported-by: Hari Sasank Bhamidipalli <hbhamidi@cisco.com> Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com> Acked-by: Flavio Leitner <fbl@redhat.com>
2014-08-07 12:40:34 -07:00
printf("\nDPDK options:\n"
netdev-dpdk: Convert initialization from cmdline to db Existing DPDK integration is provided by use of command line options which must be split out and passed to librte in a special manner. However, this forces any configuration to be passed by way of a special DPDK flag, and interferes with ovs+dpdk packaging solutions. This commit delays dpdk initialization until after the OVS database connection is established, at which point ovs initializes librte. It pulls all of the config data from the OVS database, and assembles a new argv/argc pair to be passed along. Signed-off-by: Aaron Conole <aconole@redhat.com> Acked-by: Kevin Traynor <kevin.traynor@intel.com> Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
2016-04-29 13:44:01 -04:00
"Configuration of DPDK via command-line is removed from this\n"
"version of Open vSwitch. DPDK is configured through ovsdb.\n"
);
Remove /proc/net compatibility support. This feature was included only to allow Citrix QA to run some tests that interacted directly with the bridge. This feature hasn't been turned on for some time, so it should not be necessary any longer. Signed-off-by: Ben Pfaff <blp@nicira.com>
2011-02-11 13:16:28 -08:00
printf("\nOther options:\n"
netdev-dpdk: add dpdk vhost-cuse ports This patch adds support for a new port type to userspace datapath called dpdkvhost. This allows KVM (QEMU) to offload the servicing of virtio-net devices to its associated dpdkvhost port. Instructions for use are in INSTALL.DPDK. This has been tested on Intel multi-core platforms and with clients that have virtio-net interfaces. Signed-off-by: Ciara Loftus <ciara.loftus@intel.com> Signed-off-by: Kevin Traynor <kevin.traynor@intel.com> Signed-off-by: Maryam Tahhan <maryam.tahhan@intel.com> Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
2015-03-05 13:42:04 -08:00
" --unixctl=SOCKET override default control socket name\n"
" -h, --help display this help message\n"
" -V, --version display version information\n");
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
exit(EXIT_SUCCESS);
}
ovs-vswitchd: Implement "exit" unixctl command. This is useful for profiling, since common profilers do not print anything until the process terminates, and only if the process terminates in the ordinary way by calling exit().
2010-05-03 15:43:49 -07:00
static void
vswitchd: Add --cleanup option to the 'appctl exit' command 'appctl exit' stops the running vswitchd daemon, without releasing the datapath resources (such as bridges and ports) that vswitchd has created. This is expected when vswitchd is to be relaunched, to reduce the perturbation of exiting traffic and connections. However, when vswitchd is intended to be shutdown permanently, it is desirable not to leak datapath resources. In theory, this can be achieved by removing the corresponding configurations from OVSDB before shutting down vswitchd. However it is not always possible in practice. Sometimes it is convenient and robust for vswitchd to release all datapath resources that it has configured. Add 'appctl exit --cleanup' option for this use case. Signed-off-by: Andy Zhou <azhou@ovn.org> Acked-by: Jarno Rajahalme <jarno@ovn.org>
2017-04-24 18:55:04 -07:00
ovs_vswitchd_exit(struct unixctl_conn *conn, int argc,
vswitchd: Wait for a bridge exit before replying to exit unixctl. Before the cleanup option, the bridge_exit() call was fairly fast, because it didn't include any particularly long operations. However, with the cleanup flag, this function destroys a lot of datapath resources freeing a lot of memory, waiting on RCU and talking to the kernel. That may take a noticeable amount of time, especially on a busy system or under profilers/sanitizers. However, the unixctl 'exit' command replies instantly without waiting for any work to actually be done. This may cause system test failures or other issues where scripts expect ovs-vswitchd to exit or destroy all the datapath resources shortly after appctl call. Fix that by waiting for the bridge_exit() before replying to the user. At least, all the datapath resources will actually be destroyed by the time ovs-appctl exits. Also moving a structure from stack to global. Seems cleaner this way. Since we're not replying right away and it's technically possible to have multiple clients requesting exit at the same time, storing connections in an array. Fixes: fe13ccdca6a2 ("vswitchd: Add --cleanup option to the 'appctl exit' command") Acked-by: Eelco Chaudron <echaudro@redhat.com> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
2023-07-18 14:40:03 +02:00
const char *argv[], void *args OVS_UNUSED)
ovs-vswitchd: Implement "exit" unixctl command. This is useful for profiling, since common profilers do not print anything until the process terminates, and only if the process terminates in the ordinary way by calling exit().
2010-05-03 15:43:49 -07:00
{
vswitchd: Wait for a bridge exit before replying to exit unixctl. Before the cleanup option, the bridge_exit() call was fairly fast, because it didn't include any particularly long operations. However, with the cleanup flag, this function destroys a lot of datapath resources freeing a lot of memory, waiting on RCU and talking to the kernel. That may take a noticeable amount of time, especially on a busy system or under profilers/sanitizers. However, the unixctl 'exit' command replies instantly without waiting for any work to actually be done. This may cause system test failures or other issues where scripts expect ovs-vswitchd to exit or destroy all the datapath resources shortly after appctl call. Fix that by waiting for the bridge_exit() before replying to the user. At least, all the datapath resources will actually be destroyed by the time ovs-appctl exits. Also moving a structure from stack to global. Seems cleaner this way. Since we're not replying right away and it's technically possible to have multiple clients requesting exit at the same time, storing connections in an array. Fixes: fe13ccdca6a2 ("vswitchd: Add --cleanup option to the 'appctl exit' command") Acked-by: Eelco Chaudron <echaudro@redhat.com> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
2023-07-18 14:40:03 +02:00
exit_args.n_conns++;
exit_args.conns = xrealloc(exit_args.conns,
exit_args.n_conns * sizeof *exit_args.conns);
exit_args.conns[exit_args.n_conns - 1] = conn;
exit_args.exiting = true;
if (!exit_args.cleanup) {
exit_args.cleanup = argc == 2 && !strcmp(argv[1], "--cleanup");
}
ovs-vswitchd: Implement "exit" unixctl command. This is useful for profiling, since common profilers do not print anything until the process terminates, and only if the process terminates in the ordinary way by calling exit().
2010-05-03 15:43:49 -07:00
}
Reference in New Issue Copy Permalink