From 19b89416203f3b3b212fb01c30c81ea1b77624eb Mon Sep 17 00:00:00 2001 From: Ilya Maximets Date: Mon, 24 Feb 2025 20:14:57 +0100 Subject: [PATCH] tunnels: Remove support for deprecated STT and LISP. STT and LISP tunnel types were deprecated and marked for removal in the following commits in the OVS 3.5 release: 3b37a6154a59 ("netdev-vport: Deprecate STT tunnel port type.") 8d7ac031c03d ("netdev-vport: Deprecate LISP tunnel port type.") Main reasons were that STT was rejected in upstream kernel and the LISP was never upstreamed as well and doesn't really have a supported implementation. Both protocols also appear to have lost their former relevance. Removing both now. While at it, also fixing some small documentation issues and comments. Acked-by: Eelco Chaudron Acked-by: Alin Serdean Acked-by: Kevin Traynor Signed-off-by: Ilya Maximets --- Documentation/automake.mk | 1 - Documentation/faq/releases.rst | 5 - Documentation/howto/index.rst | 1 - Documentation/howto/ipsec.rst | 8 +- Documentation/howto/lisp.rst | 117 --- Documentation/intro/install/rhel.rst | 2 +- Documentation/intro/install/windows.rst | 5 +- NEWS | 3 + README.rst | 2 +- datapath-windows/automake.mk | 2 - datapath-windows/ovsext/Actions.c | 22 - datapath-windows/ovsext/Debug.h | 9 +- datapath-windows/ovsext/Stt.c | 1094 --------------------- datapath-windows/ovsext/Stt.h | 124 --- datapath-windows/ovsext/Switch.c | 7 - datapath-windows/ovsext/Util.h | 1 - datapath-windows/ovsext/Vport.c | 20 - datapath-windows/ovsext/Vport.h | 5 - datapath-windows/ovsext/ovsext.vcxproj | 2 - include/linux/openvswitch.h | 4 +- ipsec/ovs-monitor-ipsec.in | 34 +- lib/dpif-netlink-rtnl.c | 8 - lib/dpif-netlink.c | 10 - lib/meta-flow.xml | 13 +- lib/netdev-vport.c | 39 +- lib/tnl-ports.c | 2 - ofproto/ofproto-dpif-ipfix.c | 44 +- ofproto/ofproto-dpif-sflow.c | 4 - ofproto/ofproto-dpif-xlate.c | 2 - tests/ofproto-dpif.at | 6 +- tests/ovs-vsctl.at | 10 +- tests/system-kmod-macros.at | 2 +- tests/system-offloads-testsuite-macros.at | 2 +- tests/tunnel.at | 12 - utilities/docker/ovs-override.conf | 1 - utilities/docker/start-ovs | 1 - vswitchd/vswitch.xml | 113 +-- vtep/vtep.xml | 9 +- 38 files changed, 65 insertions(+), 1681 deletions(-) delete mode 100644 Documentation/howto/lisp.rst delete mode 100644 datapath-windows/ovsext/Stt.c delete mode 100644 datapath-windows/ovsext/Stt.h diff --git a/Documentation/automake.mk b/Documentation/automake.mk index 539870aa2..b18dbce5e 100644 --- a/Documentation/automake.mk +++ b/Documentation/automake.mk @@ -69,7 +69,6 @@ DOC_SOURCE = \ Documentation/howto/libvirt.rst \ Documentation/howto/selinux.rst \ Documentation/howto/ssl.rst \ - Documentation/howto/lisp.rst \ Documentation/howto/qos.png \ Documentation/howto/qos.rst \ Documentation/howto/sflow.png \ diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst index 1368f52b8..666609c6d 100644 --- a/Documentation/faq/releases.rst +++ b/Documentation/faq/releases.rst @@ -141,8 +141,6 @@ Q: Are all features available with all datapaths? Conntrack NAT 4.6 2.6 2.8 YES Conntrack NAT6 4.6 2.6 2.8 3.0 Conntrack Helper Persist. YES YES 3.3 NO - Tunnel - LISP (deprecated) NO 2.11 NO NO - Tunnel - STT (deprecated) NO 2.4 NO YES Tunnel - GRE 3.11 1.0 2.4 YES Tunnel - VXLAN 3.12 1.10 2.4 YES Tunnel - Geneve 3.18 2.4 2.4 YES @@ -190,7 +188,6 @@ Q: Are all features available with all datapaths? TCP flags matching 3.13 YES YES NO Validate flow actions YES YES N/A NO Multiple datapaths YES YES YES NO - Tunnel TSO - STT N/A YES NO YES ===================== ============== ============== ========= ======= Q: What DPDK version does each Open vSwitch release work with? @@ -294,8 +291,6 @@ packaged with Open vSwitch? VXLAN 3.12 Geneve 3.18 ERSPAN 4.18 - LISP not upstream - STT not upstream ======== ============ If you are using a version of the kernel that is older than the one listed diff --git a/Documentation/howto/index.rst b/Documentation/howto/index.rst index 1812f6a11..1491de3f3 100644 --- a/Documentation/howto/index.rst +++ b/Documentation/howto/index.rst @@ -41,7 +41,6 @@ OVS selinux libvirt ssl - lisp tunneling userspace-tunneling vlan diff --git a/Documentation/howto/ipsec.rst b/Documentation/howto/ipsec.rst index cd9348420..f4dc41fd2 100644 --- a/Documentation/howto/ipsec.rst +++ b/Documentation/howto/ipsec.rst @@ -45,10 +45,10 @@ OVS IPsec ~~~~~~~~~ OVS IPsec aims to provide a simple interface for user to add encryption on OVS -tunnels. It supports GRE, GENEVE, VXLAN, and STT tunnel. The IPsec -configuration is done by setting options of the tunnel interface and -other_config of Open_vSwitch. You can choose different authentication methods -and plaintext tunnel policies based on your requirements. +tunnels. It supports GRE, GENEVE, and VXLAN tunnels. The IPsec configuration is +done by setting options of the tunnel interface and other_config of +Open_vSwitch. You can choose different authentication methods and plaintext +tunnel policies based on your requirements. OVS does not currently provide any support for IPsec encryption for traffic not encapsulated in a tunnel. diff --git a/Documentation/howto/lisp.rst b/Documentation/howto/lisp.rst deleted file mode 100644 index f46a1bcaa..000000000 --- a/Documentation/howto/lisp.rst +++ /dev/null @@ -1,117 +0,0 @@ -.. - Licensed under the Apache License, Version 2.0 (the "License"); you may - not use this file except in compliance with the License. You may obtain - a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - License for the specific language governing permissions and limitations - under the License. - - Convention for heading levels in Open vSwitch documentation: - - ======= Heading 0 (reserved for the title in a document) - ------- Heading 1 - ~~~~~~~ Heading 2 - +++++++ Heading 3 - ''''''' Heading 4 - - Avoid deeper levels because they do not render well. - -==================== -Using LISP tunneling -==================== - -.. warning:: - - LISP tunnel port type is deprecated and will be removed in OVS 3.6. - -LISP is a layer 3 tunneling mechanism, meaning that encapsulated packets do not -carry Ethernet headers, and ARP requests shouldn't be sent over the tunnel. -Because of this, there are some additional steps required for setting up LISP -tunnels in Open vSwitch, until support for L3 tunnels will improve. - -This guide assumes tunneling between two VMs connected to OVS bridges on -different hypervisors reachable over IPv4. Of course, more than one VM may be -connected to any of the hypervisors, and a hypervisor may communicate with -several different hypervisors over the same lisp tunneling interface. A LISP -"map-cache" can be implemented using flows, see example at the bottom of this -file. - -There are several scenarios: - -1) the VMs have IP addresses in the same subnet and the hypervisors are also - in a single subnet (although one different from the VM's); -2) the VMs have IP addresses in the same subnet but the hypervisors are - separated by a router; -3) the VMs are in different subnets. - -In cases 1) and 3) ARP resolution can work as normal: ARP traffic is configured -not to go through the LISP tunnel. For case 1) ARP is able to reach the other -VM, if both OVS instances default to MAC address learning. Case 3) requires -the hypervisor be configured as the default router for the VMs. - -In case 2) the VMs expect ARP replies from each other, but this is not possible -over a layer 3 tunnel. One solution is to have static MAC address entries -preconfigured on the VMs (e.g., ``arp -f /etc/ethers`` on startup on Unix based -VMs), or have the hypervisor do proxy ARP. In this scenario, the eth0 -interfaces need not be added to the br0 bridge in the examples below. - -On the receiving side, the packet arrives without the original MAC header. The -LISP tunneling code attaches a header with hard-coded source and destination MAC -address ``02:00:00:00:00:00``. This address has all bits set to 0, except the -locally administered bit, in order to avoid potential collisions with existing -allocations. In order for packets to reach their intended destination, the -destination MAC address needs to be rewritten. This can be done using the flow -table. - -See below for an example setup, and the associated flow rules to enable LISP -tunneling. - -:: - - Diagram - - +---+ +---+ - |VM1| |VM2| - +---+ +---+ - | | - +--[tap0]--+ +--[tap0]---+ - | | | | - [lisp0] OVS1 [eth0]-----------------[eth0] OVS2 [lisp0] - | | | | - +----------+ +-----------+ - -On each hypervisor, interfaces tap0, eth0, and lisp0 are added to a single -bridge instance, and become numbered 1, 2, and 3 respectively: - -:: - - $ ovs-vsctl add-br br0 - $ ovs-vsctl add-port br0 tap0 - $ ovs-vsctl add-port br0 eth0 - $ ovs-vsctl add-port br0 lisp0 \ - -- set Interface lisp0 type=lisp options:remote_ip=flow options:key=flow - -The last command sets up flow based tunneling on the lisp0 interface. From -the LISP point of view, this is like having the Tunnel Router map cache -implemented as flow rules. - -Flows on br0 should be configured as follows: - -:: - - priority=3,dl_dst=02:00:00:00:00:00,action=mod_dl_dst:,output:1 - priority=2,in_port=1,dl_type=0x0806,action=NORMAL - priority=1,in_port=1,dl_type=0x0800,vlan_tci=0,nw_src=,action=set_field:->tun_dst,output:3 - priority=0,action=NORMAL - -The third rule is like a map cache entry: the ```` specified by the -``nw_src`` match field is mapped to the RLOC ````, which is set as the -tunnel destination for this particular flow. - -Optionally, if you want to use Instance ID in a flow, you can add -``set_tunnel:`` to the action list. diff --git a/Documentation/intro/install/rhel.rst b/Documentation/intro/install/rhel.rst index a5d8d827e..80e58fb36 100644 --- a/Documentation/intro/install/rhel.rst +++ b/Documentation/intro/install/rhel.rst @@ -199,7 +199,7 @@ Red Hat Network Scripts Integration A RHEL host has default firewall rules that prevent any Open vSwitch tunnel traffic from passing through. If a user configures Open vSwitch tunnels like -Geneve, GRE, VXLAN, LISP etc., they will either have to manually add iptables +Geneve, GRE, VXLAN, etc., they will either have to manually add iptables firewall rules to allow the tunnel traffic or add it through a startup script Refer to the "enable-protocol" command in the ovs-ctl(8) manpage for more information. diff --git a/Documentation/intro/install/windows.rst b/Documentation/intro/install/windows.rst index 12e377941..2ca3a4e26 100644 --- a/Documentation/intro/install/windows.rst +++ b/Documentation/intro/install/windows.rst @@ -703,8 +703,7 @@ Add tunnels #. IPv4 tunnel, e.g.: - The Windows Open vSwitch implementation support VXLAN and STT tunnels - (STT tunnel ports are deprecated). + The Windows Open vSwitch implementation supports VXLAN and Geneve tunnels. To add tunnels. For example, first add the tunnel port between 172.168.201.101 <->172.168.201.102: @@ -728,7 +727,7 @@ Add tunnels > ovs-vsctl set Interface tun-2 options:in_key=flow > ovs-vsctl set Interface tun-2 options:out_key=flow - Where ```` is one of: ``stt`` or ``vxlan`` + Where ```` is one of: ``geneve`` or ``vxlan`` .. note:: diff --git a/NEWS b/NEWS index d7f582985..037519a58 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,9 @@ Post-v3.5.0 - ovs-ctl: * Added a new option, --oom-score=, to set the daemons' Linux Out-Of-Memory (OOM) killer score. + - Tunnels: + * Support for previously deprecated LISP and STT tunnel port types + is now removed. v3.5.0 - 17 Feb 2025 diff --git a/README.rst b/README.rst index ca9e386c2..649dc1d38 100644 --- a/README.rst +++ b/README.rst @@ -37,7 +37,7 @@ following features: - NIC bonding with or without LACP on upstream switch - NetFlow, sFlow(R), and mirroring for increased visibility - QoS (Quality of Service) configuration, plus policing -- Geneve, GRE, VXLAN, STT, ERSPAN, GTP-U, SRv6, Bareudp, and LISP tunneling +- Geneve, GRE, VXLAN, ERSPAN, GTP-U, SRv6, and Bareudp tunneling - 802.1ag connectivity fault management - OpenFlow 1.0 plus numerous extensions - Transactional configuration database with C and Python bindings diff --git a/datapath-windows/automake.mk b/datapath-windows/automake.mk index ea320e732..7d0d82d41 100644 --- a/datapath-windows/automake.mk +++ b/datapath-windows/automake.mk @@ -63,8 +63,6 @@ EXTRA_DIST += \ datapath-windows/ovsext/PacketParser.h \ datapath-windows/ovsext/Recirc.c \ datapath-windows/ovsext/Recirc.h \ - datapath-windows/ovsext/Stt.c \ - datapath-windows/ovsext/Stt.h \ datapath-windows/ovsext/Switch.c \ datapath-windows/ovsext/Switch.h \ datapath-windows/ovsext/Tunnel.c \ diff --git a/datapath-windows/ovsext/Actions.c b/datapath-windows/ovsext/Actions.c index 97029b0f4..36b74df73 100644 --- a/datapath-windows/ovsext/Actions.c +++ b/datapath-windows/ovsext/Actions.c @@ -29,7 +29,6 @@ #include "Offload.h" #include "PacketIO.h" #include "Recirc.h" -#include "Stt.h" #include "Switch.h" #include "User.h" #include "Vport.h" @@ -49,8 +48,6 @@ typedef struct _OVS_ACTION_STATS { UINT64 txGre; UINT64 rxVxlan; UINT64 txVxlan; - UINT64 rxStt; - UINT64 txStt; UINT64 rxGeneve; UINT64 txGeneve; UINT64 flowMiss; @@ -212,9 +209,6 @@ OvsDetectTunnelRxPkt(OvsForwardingContext *ovsFwdCtx, dstPort, nwProto); if (tunnelVport) { switch(tunnelVport->ovsType) { - case OVS_VPORT_TYPE_STT: - ovsActionStats.rxStt++; - break; case OVS_VPORT_TYPE_VXLAN: ovsActionStats.rxVxlan++; break; @@ -314,9 +308,6 @@ OvsDetectTunnelPkt(OvsForwardingContext *ovsFwdCtx, case OVS_VPORT_TYPE_VXLAN: ovsActionStats.txVxlan++; break; - case OVS_VPORT_TYPE_STT: - ovsActionStats.txStt++; - break; case OVS_VPORT_TYPE_GENEVE: ovsActionStats.txGeneve++; break; @@ -671,11 +662,6 @@ OvsTunnelPortTx(OvsForwardingContext *ovsFwdCtx) &ovsFwdCtx->tunKey, ovsFwdCtx->switchContext, &ovsFwdCtx->layers, &newNbl, &switchFwdInfo); break; - case OVS_VPORT_TYPE_STT: - status = OvsEncapStt(ovsFwdCtx->tunnelTxNic, ovsFwdCtx->curNbl, - &ovsFwdCtx->tunKey, ovsFwdCtx->switchContext, - &ovsFwdCtx->layers, &newNbl, &switchFwdInfo); - break; case OVS_VPORT_TYPE_GENEVE: status = OvsEncapGeneve(ovsFwdCtx->tunnelTxNic, ovsFwdCtx->curNbl, &ovsFwdCtx->tunKey, ovsFwdCtx->switchContext, @@ -767,14 +753,6 @@ OvsTunnelPortRx(OvsForwardingContext *ovsFwdCtx) status = OvsDecapVxlan(ovsFwdCtx->switchContext, ovsFwdCtx->curNbl, &ovsFwdCtx->tunKey, &newNbl); break; - case OVS_VPORT_TYPE_STT: - status = OvsDecapStt(ovsFwdCtx->switchContext, ovsFwdCtx->curNbl, - &ovsFwdCtx->tunKey, &newNbl); - if (status == NDIS_STATUS_SUCCESS && newNbl == NULL) { - /* This was an STT-LSO Fragment */ - dropReason = L"OVS-STT segment is cached"; - } - break; case OVS_VPORT_TYPE_GENEVE: status = OvsDecapGeneve(ovsFwdCtx->switchContext, ovsFwdCtx->curNbl, &ovsFwdCtx->tunKey, &newNbl); diff --git a/datapath-windows/ovsext/Debug.h b/datapath-windows/ovsext/Debug.h index c17f0e9f8..6660a98fa 100644 --- a/datapath-windows/ovsext/Debug.h +++ b/datapath-windows/ovsext/Debug.h @@ -39,12 +39,11 @@ #define OVS_DBG_OTHERS BIT32(19) #define OVS_DBG_NETLINK BIT32(20) #define OVS_DBG_TUNFLT BIT32(21) -#define OVS_DBG_STT BIT32(22) -#define OVS_DBG_CONTRK BIT32(23) -#define OVS_DBG_GENEVE BIT32(24) -#define OVS_DBG_IPFRAG BIT32(25) +#define OVS_DBG_CONTRK BIT32(22) +#define OVS_DBG_GENEVE BIT32(23) +#define OVS_DBG_IPFRAG BIT32(24) -#define OVS_DBG_LAST 25 /* Set this to the last defined module number. */ +#define OVS_DBG_LAST 24 /* Set this to the last defined module number. */ /* Please add above OVS_DBG_LAST. */ #define OVS_DBG_ERROR DPFLTR_ERROR_LEVEL diff --git a/datapath-windows/ovsext/Stt.c b/datapath-windows/ovsext/Stt.c deleted file mode 100644 index 09d317934..000000000 --- a/datapath-windows/ovsext/Stt.c +++ /dev/null @@ -1,1094 +0,0 @@ -/* - * Copyright (c) 2015, 2016 VMware, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "precomp.h" - -#include "Atomic.h" -#include "Debug.h" -#include "Flow.h" -#include "IpHelper.h" -#include "Jhash.h" -#include "NetProto.h" -#include "Offload.h" -#include "PacketIO.h" -#include "PacketParser.h" -#include "Stt.h" -#include "Switch.h" -#include "User.h" -#include "Util.h" -#include "Vport.h" - -#ifdef OVS_DBG_MOD -#undef OVS_DBG_MOD -#endif -#define OVS_DBG_MOD OVS_DBG_STT - -#define OVS_MAX_STT_PACKET_LENGTH 0x10000 -#define OVS_MAX_STT_L4_OFFSET_LENGTH 0xFF - -KSTART_ROUTINE OvsSttDefragCleaner; -static PLIST_ENTRY OvsSttPktFragHash; -static NDIS_SPIN_LOCK OvsSttSpinLock; -static OVS_STT_THREAD_CTX sttDefragThreadCtx; - -static NDIS_STATUS -OvsDoEncapStt(POVS_VPORT_ENTRY vport, PNET_BUFFER_LIST curNbl, - const OvsIPTunnelKey *tunKey, - const POVS_FWD_INFO fwdInfo, - POVS_PACKET_HDR_INFO layers, - POVS_SWITCH_CONTEXT switchContext, - PNET_BUFFER_LIST *newNbl); - -/* - * -------------------------------------------------------------------------- - * OvsInitSttTunnel -- - * Initialize STT tunnel module. - * -------------------------------------------------------------------------- - */ -NTSTATUS -OvsInitSttTunnel(POVS_VPORT_ENTRY vport, - UINT16 tcpDestPort) -{ - POVS_STT_VPORT sttPort; - - sttPort = (POVS_STT_VPORT) OvsAllocateMemoryWithTag(sizeof(*sttPort), - OVS_STT_POOL_TAG); - if (!sttPort) { - OVS_LOG_ERROR("Insufficient memory, can't allocate STT_VPORT"); - return STATUS_INSUFFICIENT_RESOURCES; - } - - RtlZeroMemory(sttPort, sizeof(*sttPort)); - sttPort->dstPort = tcpDestPort; - vport->priv = (PVOID) sttPort; - return STATUS_SUCCESS; -} - -/* - * -------------------------------------------------------------------------- - * OvsCleanupSttTunnel -- - * Cleanup STT Tunnel module. - * -------------------------------------------------------------------------- - */ -void -OvsCleanupSttTunnel(POVS_VPORT_ENTRY vport) -{ - if (vport->ovsType != OVS_VPORT_TYPE_STT || - vport->priv == NULL) { - return; - } - - OvsFreeMemoryWithTag(vport->priv, OVS_STT_POOL_TAG); - vport->priv = NULL; -} - -/* - * -------------------------------------------------------------------------- - * OvsEncapStt -- - * Encapsulates a packet with an STT header. - * -------------------------------------------------------------------------- - */ -NDIS_STATUS -OvsEncapStt(POVS_VPORT_ENTRY vport, - PNET_BUFFER_LIST curNbl, - OvsIPTunnelKey *tunKey, - POVS_SWITCH_CONTEXT switchContext, - POVS_PACKET_HDR_INFO layers, - PNET_BUFFER_LIST *newNbl, - POVS_FWD_INFO switchFwdInfo) -{ - OVS_FWD_INFO fwdInfo; - NDIS_STATUS status; - - UNREFERENCED_PARAMETER(switchContext); - - if (tunKey->dst.si_family != AF_INET) { - /*V6 tunnel support will be supported later*/ - return NDIS_STATUS_FAILURE; - } - - status = OvsLookupIPhFwdInfo(tunKey->src, tunKey->dst, &fwdInfo); - if (status != STATUS_SUCCESS) { - OvsFwdIPHelperRequest(NULL, 0, tunKey, NULL, NULL, NULL); - /* - * XXX This case where the ARP table is not populated is - * currently not handled - */ - return NDIS_STATUS_FAILURE; - } - - RtlCopyMemory(switchFwdInfo->value, fwdInfo.value, sizeof fwdInfo.value); - - status = OvsDoEncapStt(vport, curNbl, tunKey, &fwdInfo, layers, - switchContext, newNbl); - return status; -} - -/* - * -------------------------------------------------------------------------- - * OvsDoEncapStt -- - * Internal utility function which actually does the STT encap. - * -------------------------------------------------------------------------- - */ -NDIS_STATUS -OvsDoEncapStt(POVS_VPORT_ENTRY vport, - PNET_BUFFER_LIST curNbl, - const OvsIPTunnelKey *tunKey, - const POVS_FWD_INFO fwdInfo, - POVS_PACKET_HDR_INFO layers, - POVS_SWITCH_CONTEXT switchContext, - PNET_BUFFER_LIST *newNbl) -{ - NDIS_STATUS status = NDIS_STATUS_SUCCESS; - PMDL curMdl = NULL; - PNET_BUFFER curNb; - PUINT8 buf = NULL; - EthHdr *outerEthHdr; - IPHdr *outerIpHdr; - TCPHdr *outerTcpHdr; - SttHdr *sttHdr; - UINT32 innerFrameLen, ipTotalLen; - POVS_STT_VPORT vportStt; - UINT32 headRoom = OvsGetSttTunHdrSize(); - UINT32 tcpChksumLen; - PUINT8 bufferStart; - ULONG mss = 0; - NDIS_TCP_LARGE_SEND_OFFLOAD_NET_BUFFER_LIST_INFO lsoInfo; - PVOID vlanTagValue; - ULONG tcpHeaderOffset = sizeof(EthHdr) + sizeof(IPHdr); - UINT32 encapMss = OvsGetExternalMtu(switchContext) - - sizeof(IPHdr) - - sizeof(TCPHdr); - - curNb = NET_BUFFER_LIST_FIRST_NB(curNbl); - - /* Verify if inner checksum is verified */ - BOOLEAN innerChecksumVerified = FALSE; - BOOLEAN innerPartialChecksum = FALSE; - - if (layers->isTcp) { - mss = OVSGetTcpMSS(curNbl); - - curNb = NET_BUFFER_LIST_FIRST_NB(curNbl); - innerFrameLen = NET_BUFFER_DATA_LENGTH(curNb); - - /* If the length of the packet exceeds 64K or if the L4 offset is - bigger than 255 bytes, then the packet cannot be offloaded to the - network card */ - if ((innerFrameLen > OVS_MAX_STT_PACKET_LENGTH) || - (layers->l4Offset > OVS_MAX_STT_L4_OFFSET_LENGTH)) { - *newNbl = OvsTcpSegmentNBL(switchContext, curNbl, layers, - mss - headRoom, headRoom, FALSE); - if (*newNbl == NULL) { - OVS_LOG_ERROR("Unable to segment NBL"); - return NDIS_STATUS_FAILURE; - } - /* Clear out LSO flags after this point */ - NET_BUFFER_LIST_INFO(*newNbl, TcpLargeSendNetBufferListInfo) = 0; - } - } - - vportStt = (POVS_STT_VPORT) GetOvsVportPriv(vport); - ASSERT(vportStt); - - NDIS_TCP_IP_CHECKSUM_NET_BUFFER_LIST_INFO csumInfo; - csumInfo.Value = NET_BUFFER_LIST_INFO(curNbl, - TcpIpChecksumNetBufferListInfo); - vlanTagValue = NET_BUFFER_LIST_INFO(curNbl, Ieee8021QNetBufferListInfo); - if (*newNbl == NULL) { - *newNbl = OvsPartialCopyNBL(switchContext, curNbl, 0, headRoom, - FALSE /*copy NblInfo*/); - if (*newNbl == NULL) { - OVS_LOG_ERROR("Unable to copy NBL"); - return NDIS_STATUS_FAILURE; - } - } - curNbl = *newNbl; - for (curNb = NET_BUFFER_LIST_FIRST_NB(curNbl); curNb != NULL; - curNb = curNb->Next) { - curMdl = NET_BUFFER_CURRENT_MDL(curNb); - innerFrameLen = NET_BUFFER_DATA_LENGTH(curNb); - bufferStart = (PUINT8)OvsGetMdlWithLowPriority(curMdl); - if (bufferStart == NULL) { - status = NDIS_STATUS_RESOURCES; - goto ret_error; - } - bufferStart += NET_BUFFER_CURRENT_MDL_OFFSET(curNb); - - if (layers->isIPv4) { - IPHdr *ip = (IPHdr *)(bufferStart + layers->l3Offset); - if (!ip->tot_len) { - ip->tot_len = htons(innerFrameLen - layers->l3Offset); - } - if (!ip->check) { - ip->check = IPChecksum((UINT8 *)ip, ip->ihl * 4, 0); - } - } - - if (layers->isTcp) { - if (mss) { - innerPartialChecksum = TRUE; - } else { - if (!csumInfo.Transmit.TcpChecksum) { - innerChecksumVerified = TRUE; - } else { - innerPartialChecksum = TRUE; - } - } - } else if (layers->isUdp) { - if(!csumInfo.Transmit.UdpChecksum) { - innerChecksumVerified = TRUE; - } else { - innerPartialChecksum = TRUE; - } - } - - status = NdisRetreatNetBufferDataStart(curNb, headRoom, 0, NULL); - if (status != NDIS_STATUS_SUCCESS) { - ASSERT(!"Unable to NdisRetreatNetBufferDataStart(headroom)"); - OVS_LOG_ERROR("Unable to NdisRetreatNetBufferDataStart(headroom)"); - goto ret_error; - } - - /* - * Make sure that the headroom for the tunnel header is continguous in - * memory. - */ - curMdl = NET_BUFFER_CURRENT_MDL(curNb); - ASSERT((int) (MmGetMdlByteCount(curMdl) - - NET_BUFFER_CURRENT_MDL_OFFSET(curNb)) >= (int) headRoom); - - buf = (PUINT8)OvsGetMdlWithLowPriority(curMdl); - if (!buf) { - ASSERT(!"MmGetSystemAddressForMdlSafe failed"); - OVS_LOG_ERROR("MmGetSystemAddressForMdlSafe failed"); - status = NDIS_STATUS_RESOURCES; - goto ret_error; - } - - buf += NET_BUFFER_CURRENT_MDL_OFFSET(curNb); - outerEthHdr = (EthHdr *)buf; - outerIpHdr = (IPHdr *) (outerEthHdr + 1); - outerTcpHdr = (TCPHdr *) (outerIpHdr + 1); - sttHdr = (SttHdr *) (outerTcpHdr + 1); - - /* L2 header */ - NdisMoveMemory(outerEthHdr->Destination, fwdInfo->dstMacAddr, - sizeof outerEthHdr->Destination); - NdisMoveMemory(outerEthHdr->Source, fwdInfo->srcMacAddr, - sizeof outerEthHdr->Source); - outerEthHdr->Type = htons(ETH_TYPE_IPV4); - - /* L3 header */ - outerIpHdr->ihl = sizeof(IPHdr) >> 2; - outerIpHdr->version = IPPROTO_IPV4; - outerIpHdr->tos = tunKey->tos; - - ipTotalLen = sizeof(IPHdr) + sizeof(TCPHdr) + STT_HDR_LEN + innerFrameLen; - outerIpHdr->tot_len = htons(ipTotalLen); - ASSERT(ipTotalLen < 65536); - - outerIpHdr->id = (uint16) atomic_add64(&vportStt->ipId, innerFrameLen); - outerIpHdr->frag_off = (tunKey->flags & OVS_TNL_F_DONT_FRAGMENT) ? - IP_DF_NBO : 0; - outerIpHdr->ttl = tunKey->ttl? tunKey->ttl : 64; - outerIpHdr->protocol = IPPROTO_TCP; - outerIpHdr->check = 0; - outerIpHdr->saddr = fwdInfo->srcIphAddr.Ipv4.sin_addr.s_addr; - outerIpHdr->daddr = tunKey->dst.Ipv4.sin_addr.s_addr; - - /* L4 header */ - RtlZeroMemory(outerTcpHdr, sizeof *outerTcpHdr); - outerTcpHdr->source = htons(tunKey->flow_hash | 32768); - outerTcpHdr->dest = tunKey->dst_port ? tunKey->dst_port: - htons(vportStt->dstPort); - outerTcpHdr->seq = htonl((STT_HDR_LEN + innerFrameLen) << - STT_SEQ_LEN_SHIFT); - outerTcpHdr->ack_seq = htonl(atomic_inc64(&vportStt->ackNo)); - outerTcpHdr->doff = sizeof(TCPHdr) >> 2; - outerTcpHdr->psh = 1; - outerTcpHdr->ack = 1; - outerTcpHdr->window = (uint16) ~0; - - /* Calculate pseudo header chksum */ - tcpChksumLen = sizeof(TCPHdr) + STT_HDR_LEN + innerFrameLen; - ASSERT(tcpChksumLen < 65535); - sttHdr->version = 0; - - /* Set STT Header */ - sttHdr->flags = 0; - sttHdr->mss = 0; - sttHdr->l4Offset = 0; - if (innerPartialChecksum) { - sttHdr->flags |= STT_CSUM_PARTIAL; - if (layers->isIPv4) { - sttHdr->flags |= STT_PROTO_IPV4; - } - if (layers->isTcp) { - sttHdr->flags |= STT_PROTO_TCP; - } - sttHdr->l4Offset = (UINT8) layers->l4Offset; - sttHdr->mss = (UINT16) htons(mss); - } else if (innerChecksumVerified) { - sttHdr->flags = STT_CSUM_VERIFIED; - sttHdr->l4Offset = 0; - sttHdr->mss = 0; - } - - /* Set VLAN tag */ - sttHdr->vlanTCI = 0; - if (vlanTagValue) { - PNDIS_NET_BUFFER_LIST_8021Q_INFO vlanTag = - (PNDIS_NET_BUFFER_LIST_8021Q_INFO)(PVOID *)&vlanTagValue; - sttHdr->vlanTCI = htons(vlanTag->TagHeader.VlanId | OVSWIN_VLAN_CFI | - (vlanTag->TagHeader.UserPriority << 13)); - } - - sttHdr->reserved = 0; - sttHdr->key = tunKey->tunnelId; - /* Zero out stt padding */ - *(uint16 *)(sttHdr + 1) = 0; - - /* The LSO offloading will be set only if the packet isn't - segmented due to the 64K limit for the offloading or 255 bytes - limit of L4 offset */ - if (ipTotalLen > encapMss) { - /* For Windows LSO, the TCP pseudo checksum must contain Source IP - * Address, Destination IP Address, and Protocol; the length of the - * payload is excluded because the underlying miniport driver and NIC - * generate TCP segments from the large packet that is passed down by - * the TCP/IP transport, the transport does not know the size of the - * TCP payload for each TCP segment and therefore cannot include the - * TCP Length in the pseudo-header. - */ - outerIpHdr->check = IPChecksum((UINT8 *)outerIpHdr, - sizeof *outerIpHdr, 0); - outerTcpHdr->check = IPPseudoChecksum((UINT32*)&fwdInfo->srcIphAddr.Ipv4.sin_addr.s_addr, - (UINT32*)&tunKey->dst.Ipv4.sin_addr.s_addr, - IPPROTO_TCP, (uint16)0); - - lsoInfo.Value = 0; - lsoInfo.LsoV2Transmit.TcpHeaderOffset = tcpHeaderOffset; - lsoInfo.LsoV2Transmit.MSS = encapMss; - lsoInfo.LsoV2Transmit.Type = NDIS_TCP_LARGE_SEND_OFFLOAD_V2_TYPE; - lsoInfo.LsoV2Transmit.IPVersion = NDIS_TCP_LARGE_SEND_OFFLOAD_IPv4; - NET_BUFFER_LIST_INFO(curNbl, - TcpLargeSendNetBufferListInfo) = lsoInfo.Value; - } else { - outerTcpHdr->check = IPPseudoChecksum((UINT32*)&fwdInfo->srcIphAddr.Ipv4.sin_addr.s_addr, - (UINT32*)&tunKey->dst.Ipv4.sin_addr.s_addr, - IPPROTO_TCP, - (uint16) tcpChksumLen); - } - } - - /* Offload IP and TCP checksum. - The offsets are the same for all segments if the packet was segmented */ - csumInfo.Value = 0; - csumInfo.Transmit.IpHeaderChecksum = 1; - csumInfo.Transmit.TcpChecksum = 1; - csumInfo.Transmit.IsIPv4 = 1; - csumInfo.Transmit.TcpHeaderOffset = tcpHeaderOffset; - NET_BUFFER_LIST_INFO(curNbl, - TcpIpChecksumNetBufferListInfo) = csumInfo.Value; - - return STATUS_SUCCESS; - -ret_error: - OvsCompleteNBL(switchContext, *newNbl, TRUE); - *newNbl = NULL; - return status; -} - -/* - *---------------------------------------------------------------------------- - * OvsValidateTCPChecksum - * Validate TCP checksum - *---------------------------------------------------------------------------- - */ -static __inline NDIS_STATUS -OvsValidateTCPChecksum(PNET_BUFFER_LIST curNbl, - PNET_BUFFER curNb, - POVS_PACKET_HDR_INFO layers) -{ - PUINT8 buf; - PMDL curMdl; - NDIS_TCP_IP_CHECKSUM_NET_BUFFER_LIST_INFO csumInfo; - NDIS_STATUS status; - - curMdl = NET_BUFFER_CURRENT_MDL(curNb); - buf = (PUINT8)OvsGetMdlWithLowPriority(curMdl) - + NET_BUFFER_CURRENT_MDL_OFFSET(curNb); - if (!buf) { - status = NDIS_STATUS_INVALID_PACKET; - return status; - } - - csumInfo.Value = NET_BUFFER_LIST_INFO(curNbl, - TcpIpChecksumNetBufferListInfo); - - /* Check if NIC has indicated TCP checksum failure */ - if (csumInfo.Receive.TcpChecksumFailed) { - return NDIS_STATUS_INVALID_PACKET; - } - - UINT16 checkSum; - - /* Check if TCP Checksum has been calculated by NIC */ - if (csumInfo.Receive.TcpChecksumSucceeded) { - return NDIS_STATUS_SUCCESS; - } - - EthHdr *ethHdr = (EthHdr *)buf; - if (ethHdr == NULL) { - return NDIS_STATUS_RESOURCES; - } - - if (ethHdr->Type == ntohs(NDIS_ETH_TYPE_IPV4)) { - IPHdr *ipHdr = (IPHdr *)(buf + layers->l3Offset); - UINT32 l4Payload = ntohs(ipHdr->tot_len) - ipHdr->ihl * 4; - TCPHdr *tcp = (TCPHdr *)(buf + layers->l4Offset); - checkSum = tcp->check; - - tcp->check = 0; - tcp->check = IPPseudoChecksum(&ipHdr->saddr, &ipHdr->daddr, - IPPROTO_TCP, (UINT16)l4Payload); - tcp->check = CalculateChecksumNB(curNb, (UINT16)(l4Payload), - layers->l4Offset); - if (checkSum != tcp->check) { - return NDIS_STATUS_INVALID_PACKET; - } - } else { - OVS_LOG_ERROR("IPv6 on STT is not supported"); - return NDIS_STATUS_INVALID_PACKET; - } - - csumInfo.Receive.TcpChecksumSucceeded = 1; - NET_BUFFER_LIST_INFO(curNbl, - TcpIpChecksumNetBufferListInfo) = csumInfo.Value; - return NDIS_STATUS_SUCCESS; -} - -/* - *---------------------------------------------------------------------------- - * OvsInitSttDefragmentation - * Initialize the components used by the stt lso defragmentation - *---------------------------------------------------------------------------- - */ -NTSTATUS -OvsInitSttDefragmentation() -{ - NTSTATUS status; - HANDLE threadHandle = NULL; - - /* Init the sync-lock */ - NdisAllocateSpinLock(&OvsSttSpinLock); - - /* Init the Hash Buffer */ - OvsSttPktFragHash = OvsAllocateMemoryWithTag(sizeof(LIST_ENTRY) - * STT_HASH_TABLE_SIZE, - OVS_STT_POOL_TAG); - if (OvsSttPktFragHash == NULL) { - NdisFreeSpinLock(&OvsSttSpinLock); - return STATUS_INSUFFICIENT_RESOURCES; - } - - for (int i = 0; i < STT_HASH_TABLE_SIZE; i++) { - InitializeListHead(&OvsSttPktFragHash[i]); - } - - /* Init Defrag Cleanup Thread */ - KeInitializeEvent(&sttDefragThreadCtx.event, NotificationEvent, FALSE); - status = PsCreateSystemThread(&threadHandle, SYNCHRONIZE, NULL, NULL, - NULL, OvsSttDefragCleaner, - &sttDefragThreadCtx); - - if (status != STATUS_SUCCESS) { - OvsCleanupSttDefragmentation(); - return status; - } - - ObReferenceObjectByHandle(threadHandle, SYNCHRONIZE, NULL, KernelMode, - &sttDefragThreadCtx.threadObject, NULL); - ZwClose(threadHandle); - threadHandle = NULL; - return STATUS_SUCCESS; -} - -/* - *---------------------------------------------------------------------------- - * OvsCleanupSttDefragmentation - * Cleanup memory and thread that were spawned for STT LSO defragmentation - *---------------------------------------------------------------------------- - */ -VOID -OvsCleanupSttDefragmentation(VOID) -{ - NdisAcquireSpinLock(&OvsSttSpinLock); - sttDefragThreadCtx.exit = 1; - KeSetEvent(&sttDefragThreadCtx.event, 0, FALSE); - NdisReleaseSpinLock(&OvsSttSpinLock); - - KeWaitForSingleObject(sttDefragThreadCtx.threadObject, Executive, - KernelMode, FALSE, NULL); - ObDereferenceObject(sttDefragThreadCtx.threadObject); - - if (OvsSttPktFragHash) { - OvsFreeMemoryWithTag(OvsSttPktFragHash, OVS_STT_POOL_TAG); - OvsSttPktFragHash = NULL; - } - - NdisFreeSpinLock(&OvsSttSpinLock); -} - -/* - *---------------------------------------------------------------------------- - * OvsSttDefragCleaner - * Runs periodically and cleans up the buffer to remove expired segments - *---------------------------------------------------------------------------- - */ -VOID -OvsSttDefragCleaner(PVOID data) -{ - POVS_STT_THREAD_CTX context = (POVS_STT_THREAD_CTX)data; - PLIST_ENTRY link, next; - POVS_STT_PKT_ENTRY entry; - BOOLEAN success = TRUE; - - while (success) { - if (&OvsSttSpinLock == NULL) { - /* Lock has been freed by 'OvsCleanupSttDefragmentation()' */ - break; - } - NdisAcquireSpinLock(&OvsSttSpinLock); - if (context->exit) { - NdisReleaseSpinLock(&OvsSttSpinLock); - break; - } - - /* Set the timeout for the thread and cleanup */ - UINT64 currentTime, threadSleepTimeout; - NdisGetCurrentSystemTime((LARGE_INTEGER *)¤tTime); - threadSleepTimeout = currentTime + STT_CLEANUP_INTERVAL; - - for (int i = 0; i < STT_HASH_TABLE_SIZE; i++) { - LIST_FORALL_SAFE(&OvsSttPktFragHash[i], link, next) { - entry = CONTAINING_RECORD(link, OVS_STT_PKT_ENTRY, link); - if (entry->timeout < currentTime) { - RemoveEntryList(&entry->link); - OvsFreeMemoryWithTag(entry->packetBuf, OVS_STT_POOL_TAG); - OvsFreeMemoryWithTag(entry, OVS_STT_POOL_TAG); - } - } - } - - NdisReleaseSpinLock(&OvsSttSpinLock); - KeWaitForSingleObject(&context->event, Executive, KernelMode, - FALSE, (LARGE_INTEGER *)&threadSleepTimeout); - } - - PsTerminateSystemThread(STATUS_SUCCESS); -} - -static OVS_STT_PKT_KEY -OvsGeneratePacketKey(IPHdr *ipHdr, TCPHdr *tcpHdr) -{ - OVS_STT_PKT_KEY key; - key.sAddr = ipHdr->saddr; - key.dAddr = ipHdr->daddr; - key.ackSeq = ntohl(tcpHdr->ack_seq); - return key; -} - -static UINT32 -OvsSttGetPktHash(OVS_STT_PKT_KEY *pktKey) -{ - UINT32 arr[3]; - arr[0] = pktKey->ackSeq; - arr[1] = pktKey->dAddr; - arr[2] = pktKey->sAddr; - return OvsJhashWords(arr, 3, OVS_HASH_BASIS); -} - -static VOID * -OvsLookupPktFrag(OVS_STT_PKT_KEY *pktKey, UINT32 hash) -{ - PLIST_ENTRY link; - POVS_STT_PKT_ENTRY entry; - - LIST_FORALL(&OvsSttPktFragHash[hash & STT_HASH_TABLE_MASK], link) { - entry = CONTAINING_RECORD(link, OVS_STT_PKT_ENTRY, link); - if (entry->ovsPktKey.ackSeq == pktKey->ackSeq && - entry->ovsPktKey.dAddr == pktKey->dAddr && - entry->ovsPktKey.sAddr == pktKey->sAddr) { - return entry; - } - } - return NULL; -} - -/* -* --------------------------------------------------------------------------- -* OvsSttReassemble -- -* Reassemble an LSO packet from multiple STT-Fragments. -* --------------------------------------------------------------------------- -*/ -PNET_BUFFER_LIST -OvsSttReassemble(POVS_SWITCH_CONTEXT switchContext, - PNET_BUFFER_LIST curNbl, - IPHdr *ipHdr, - TCPHdr *tcp, - SttHdr *newSttHdr, - UINT16 payloadLen) -{ - UINT32 seq = ntohl(tcp->seq); - UINT32 innerPacketLen = (seq >> STT_SEQ_LEN_SHIFT) - STT_HDR_LEN; - UINT32 segOffset = STT_SEGMENT_OFF(seq); - UINT32 offset = segOffset == 0 ? 0 : segOffset - STT_HDR_LEN; - UINT32 startOffset = 0; - OVS_STT_PKT_ENTRY *pktFragEntry; - PNET_BUFFER_LIST targetPNbl = NULL; - BOOLEAN lastPacket = FALSE; - PNET_BUFFER sourceNb; - UINT32 fragmentLength = payloadLen; - SttHdr stt; - SttHdr *sttHdr = NULL; - sourceNb = NET_BUFFER_LIST_FIRST_NB(curNbl); - - /* If this is the first fragment, copy the STT header */ - if (segOffset == 0) { - sttHdr = NdisGetDataBuffer(sourceNb, sizeof(SttHdr), &stt, 1, 0); - if (sttHdr == NULL) { - OVS_LOG_ERROR("Unable to retrieve STT header"); - return NULL; - } - fragmentLength = fragmentLength - STT_HDR_LEN; - startOffset = startOffset + STT_HDR_LEN; - } - - if (offset + fragmentLength > innerPacketLen) { - // avoid buffer overflow on copy - return NULL; - } - - /* XXX optimize this lock */ - NdisAcquireSpinLock(&OvsSttSpinLock); - - /* Lookup fragment */ - OVS_STT_PKT_KEY pktKey = OvsGeneratePacketKey(ipHdr, tcp); - UINT32 hash = OvsSttGetPktHash(&pktKey); - pktFragEntry = OvsLookupPktFrag(&pktKey, hash); - - if (pktFragEntry == NULL) { - /* Create a new Packet Entry */ - POVS_STT_PKT_ENTRY entry; - entry = OvsAllocateMemoryWithTag(sizeof(OVS_STT_PKT_ENTRY), - OVS_STT_POOL_TAG); - if (entry == NULL) { - goto handle_error; - } - RtlZeroMemory(entry, sizeof (OVS_STT_PKT_ENTRY)); - - /* Update Key, timestamp and recvdLen */ - NdisMoveMemory(&entry->ovsPktKey, &pktKey, sizeof (OVS_STT_PKT_KEY)); - - entry->recvdLen = fragmentLength; - if (ipHdr->ecn == IP_ECN_CE) { - entry->ecn = IP_ECN_CE; - } - - UINT64 currentTime; - NdisGetCurrentSystemTime((LARGE_INTEGER *) ¤tTime); - entry->timeout = currentTime + STT_ENTRY_TIMEOUT; - - if (segOffset == 0) { - ASSERT(sttHdr); - entry->sttHdr = *sttHdr; - } - - /* Copy the data from Source to new buffer */ - entry->allocatedLen = innerPacketLen; - entry->packetBuf = OvsAllocateMemoryWithTag(innerPacketLen, - OVS_STT_POOL_TAG); - if (entry->packetBuf == NULL) { - OvsFreeMemoryWithTag(entry, OVS_STT_POOL_TAG); - goto handle_error; - } - if (OvsGetPacketBytes(curNbl, fragmentLength, startOffset, - entry->packetBuf + offset) == NULL) { - OVS_LOG_ERROR("Error when obtaining bytes from Packet"); - goto handle_error; - } - - /* Insert the entry in the Static Buffer */ - InsertHeadList(&OvsSttPktFragHash[hash & STT_HASH_TABLE_MASK], - &entry->link); - } else { - if (offset + fragmentLength > pktFragEntry->allocatedLen) { - // don't copy more than it is allocated - goto handle_error; - } - - if (segOffset == 0) { - ASSERT(sttHdr); - pktFragEntry->sttHdr = *sttHdr; - } - if (ipHdr->ecn == IP_ECN_CE) { - pktFragEntry->ecn = IP_ECN_CE; - } - - /* Copy the fragment data from Source to existing buffer */ - if (OvsGetPacketBytes(curNbl, fragmentLength, startOffset, - pktFragEntry->packetBuf + offset) == NULL) { - OVS_LOG_ERROR("Error when obtaining bytes from Packet"); - goto handle_error; - } - - /* Add to received length to identify if this is the last fragment */ - pktFragEntry->recvdLen += fragmentLength; - lastPacket = (pktFragEntry->recvdLen == innerPacketLen); - } - -handle_error: - if (lastPacket) { - /* It is RECOMMENDED that if any segment of the received STT - * frame has the CE (congestion experienced) bit set - * in its IP header, then the CE bit SHOULD be set in the IP - * header of the decapsulated STT frame.*/ - if (pktFragEntry->ecn == IP_ECN_CE) { - ipHdr->ecn = IP_ECN_CE; - } - - /* Retrieve the original STT header */ - NdisMoveMemory(newSttHdr, &pktFragEntry->sttHdr, sizeof (SttHdr)); - targetPNbl = OvsAllocateNBLFromBuffer(switchContext, - pktFragEntry->packetBuf, - innerPacketLen); - - /* Delete this entry and free up the memory/ */ - RemoveEntryList(&pktFragEntry->link); - OvsFreeMemoryWithTag(pktFragEntry->packetBuf, OVS_STT_POOL_TAG); - OvsFreeMemoryWithTag(pktFragEntry, OVS_STT_POOL_TAG); - } - - NdisReleaseSpinLock(&OvsSttSpinLock); - return lastPacket ? targetPNbl : NULL; -} - - -/* -*---------------------------------------------------------------------------- -* OvsDecapSetOffloads -* Processes received STT header and sets TcpIpChecksumNetBufferListInfo -* accordingly. -* For TCP packets with total length bigger than destination MSS it -* populates TcpLargeSendNetBufferListInfo. -* -* Returns NDIS_STATUS_SUCCESS normally. -* Fails only if packet data is invalid. -* (e.g. if OvsExtractLayers() returns an error). -*---------------------------------------------------------------------------- -*/ -NDIS_STATUS -OvsDecapSetOffloads(PNET_BUFFER_LIST *curNbl, - SttHdr *sttHdr, - OVS_PACKET_HDR_INFO *layers) -{ - if ((sttHdr->flags & STT_CSUM_VERIFIED) - || !(sttHdr->flags & STT_CSUM_PARTIAL)) { - return NDIS_STATUS_SUCCESS; - } - - NDIS_STATUS status; - NDIS_TCP_IP_CHECKSUM_NET_BUFFER_LIST_INFO csumInfo; - UINT8 protoType; - - csumInfo.Value = 0; - csumInfo.Transmit.IpHeaderChecksum = 0; - csumInfo.Transmit.TcpHeaderOffset = sttHdr->l4Offset; - protoType = sttHdr->flags & STT_PROTO_TYPES; - switch (protoType) { - case (STT_PROTO_IPV4 | STT_PROTO_TCP): - /* TCP/IPv4 */ - csumInfo.Transmit.IsIPv4 = 1; - csumInfo.Transmit.TcpChecksum = 1; - break; - case STT_PROTO_TCP: - /* TCP/IPv6 */ - csumInfo.Transmit.IsIPv6 = 1; - csumInfo.Transmit.TcpChecksum = 1; - break; - case STT_PROTO_IPV4: - /* UDP/IPv4 */ - csumInfo.Transmit.IsIPv4 = 1; - csumInfo.Transmit.UdpChecksum = 1; - break; - default: - /* UDP/IPv6 */ - csumInfo.Transmit.IsIPv6 = 1; - csumInfo.Transmit.UdpChecksum = 1; - } - NET_BUFFER_LIST_INFO(*curNbl, - TcpIpChecksumNetBufferListInfo) = csumInfo.Value; - - if (sttHdr->mss && (sttHdr->flags & STT_PROTO_TCP)) { - NDIS_TCP_LARGE_SEND_OFFLOAD_NET_BUFFER_LIST_INFO lsoInfo; - PMDL curMdl = NULL; - PNET_BUFFER curNb; - PUINT8 buf = NULL; - - // if layers not initialized by the caller we extract layers here - if (layers->value == 0) { - status = OvsExtractLayers(*curNbl, layers); - if (status != NDIS_STATUS_SUCCESS) { - return status; - } - } - - curNb = NET_BUFFER_LIST_FIRST_NB(*curNbl); - curMdl = NET_BUFFER_CURRENT_MDL(curNb); - - buf = (PUINT8)OvsGetMdlWithLowPriority(curMdl); - if (buf == NULL) { - return NDIS_STATUS_RESOURCES; - } - buf += NET_BUFFER_CURRENT_MDL_OFFSET(curNb); - - // apply pseudo checksum on extracted packet - if (sttHdr->flags & STT_PROTO_IPV4) { - IPHdr *ipHdr; - TCPHdr *tcpHdr; - - ipHdr = (IPHdr *)(buf + layers->l3Offset); - tcpHdr = (TCPHdr *)(buf + layers->l4Offset); - - tcpHdr->check = IPPseudoChecksum(&ipHdr->saddr, - (uint32 *)&ipHdr->daddr, - IPPROTO_TCP, 0); - } else { - IPv6Hdr *ipHdr; - TCPHdr *tcpHdr; - - ipHdr = (IPv6Hdr *)(buf + layers->l3Offset); - tcpHdr = (TCPHdr *)(buf + layers->l4Offset); - - tcpHdr->check = IPv6PseudoChecksum((UINT32*)&ipHdr->saddr, - (UINT32*)&ipHdr->daddr, - IPPROTO_TCP, 0); - } - - // setup LSO - lsoInfo.Value = 0; - lsoInfo.LsoV2Transmit.TcpHeaderOffset = sttHdr->l4Offset; - lsoInfo.LsoV2Transmit.MSS = ntohs(sttHdr->mss); - lsoInfo.LsoV2Transmit.Type = NDIS_TCP_LARGE_SEND_OFFLOAD_V2_TYPE; - if (sttHdr->flags & STT_PROTO_IPV4) { - lsoInfo.LsoV2Transmit.IPVersion = NDIS_TCP_LARGE_SEND_OFFLOAD_IPv4; - } else { - lsoInfo.LsoV2Transmit.IPVersion = NDIS_TCP_LARGE_SEND_OFFLOAD_IPv6; - } - NET_BUFFER_LIST_INFO(*curNbl, - TcpLargeSendNetBufferListInfo) = lsoInfo.Value; - } - - return NDIS_STATUS_SUCCESS; -} - -/* - * -------------------------------------------------------------------------- - * OvsDecapStt -- - * Decapsulates an STT packet. - * -------------------------------------------------------------------------- - */ -NDIS_STATUS -OvsDecapStt(POVS_SWITCH_CONTEXT switchContext, - PNET_BUFFER_LIST curNbl, - OvsIPTunnelKey *tunKey, - PNET_BUFFER_LIST *newNbl) -{ - NDIS_STATUS status; - PNET_BUFFER curNb; - IPHdr *ipHdr; - char *ipBuf[sizeof(IPHdr)]; - SttHdr stt; - SttHdr *sttHdr; - char *sttBuf[STT_HDR_LEN]; - UINT32 advanceCnt, hdrLen; - OVS_PACKET_HDR_INFO layers = { 0 }; - - status = OvsExtractLayers(curNbl, &layers); - if (status != NDIS_STATUS_SUCCESS) { - return status; - } - - curNb = NET_BUFFER_LIST_FIRST_NB(curNbl); - ASSERT(NET_BUFFER_NEXT_NB(curNb) == NULL); - - /* Validate the TCP Checksum */ - status = OvsValidateTCPChecksum(curNbl, curNb, &layers); - if (status != NDIS_STATUS_SUCCESS) { - return status; - } - - /* Skip Eth header */ - hdrLen = layers.l3Offset; - NdisAdvanceNetBufferDataStart(curNb, hdrLen, FALSE, NULL); - advanceCnt = hdrLen; - - ipHdr = NdisGetDataBuffer(curNb, sizeof *ipHdr, (PVOID) &ipBuf, - 1 /*no align*/, 0); - if (ipHdr == NULL) { - return NDIS_STATUS_RESOURCES; - } - - TCPHdr *tcp = (TCPHdr *)((PCHAR)ipHdr + ipHdr->ihl * 4); - - /* Skip IP & TCP headers */ - hdrLen = (ipHdr->ihl * 4) + (tcp->doff * 4); - NdisAdvanceNetBufferDataStart(curNb, hdrLen, FALSE, NULL); - advanceCnt += hdrLen; - - UINT32 seq = ntohl(tcp->seq); - UINT32 totalLen = (seq >> STT_SEQ_LEN_SHIFT); - UINT16 payloadLen = (UINT16)ntohs(ipHdr->tot_len) - - (ipHdr->ihl * 4) - - (tcp->doff * 4); - - /* Check if incoming packet requires reassembly */ - if (totalLen != payloadLen) { - sttHdr = &stt; - PNET_BUFFER_LIST pNbl = OvsSttReassemble(switchContext, curNbl, - ipHdr, tcp, sttHdr, - payloadLen); - if (pNbl == NULL) { - return NDIS_STATUS_SUCCESS; - } - - *newNbl = pNbl; - } else { - /* STT Header */ - sttHdr = NdisGetDataBuffer(curNb, sizeof *sttHdr, - (PVOID) &sttBuf, 1 /*no align*/, 0); - if (sttHdr == NULL) { - return NDIS_STATUS_RESOURCES; - } - /* Skip stt header, DataOffset points to inner pkt now. */ - hdrLen = STT_HDR_LEN; - NdisAdvanceNetBufferDataStart(curNb, hdrLen, FALSE, NULL); - advanceCnt += hdrLen; - - *newNbl = OvsPartialCopyNBL(switchContext, curNbl, 0, - 0, FALSE /*copy NBL info*/); - } - - if (*newNbl == NULL) { - OVS_LOG_ERROR("Unable to allocate a new cloned NBL"); - return NDIS_STATUS_RESOURCES; - } - - status = NdisRetreatNetBufferDataStart(curNb, advanceCnt, 0, NULL); - if (status != NDIS_STATUS_SUCCESS) { - status = NDIS_STATUS_FAILURE; - goto dropNbl; - } - - ASSERT(sttHdr); - - /* Initialize the tunnel key */ - tunKey->dst.Ipv4.sin_addr.s_addr = ipHdr->daddr; - tunKey->dst.si_family = AF_INET; - tunKey->src.Ipv4.sin_addr.s_addr = ipHdr->saddr; - tunKey->src.si_family = AF_INET; - tunKey->tunnelId = sttHdr->key; - tunKey->flags = OVS_TNL_F_KEY; - tunKey->tos = ipHdr->tos; - tunKey->ttl = ipHdr->ttl; - tunKey->pad = 0; - - /* Handle ECN */ - if (0 != ipHdr->tos) { - status = OvsExtractLayers(*newNbl, &layers); - if (status != NDIS_STATUS_SUCCESS) { - status = NDIS_STATUS_FAILURE; - goto dropNbl; - } - - if (layers.isIPv4) { - IPHdr ip_storage; - IPHdr *innerIpHdr; - - /* - * If CE is set for outer IP header, reset ECN of inner IP - * header to CE, all other values are kept the same - */ - innerIpHdr = (IPHdr*)OvsGetIp(*newNbl, - layers.l3Offset, - &ip_storage); - if (innerIpHdr) { - if (ipHdr->ecn == IP_ECN_CE) { - innerIpHdr->ecn |= IP_ECN_CE; - } - /* copy DSCP from outer header to inner header */ - innerIpHdr->dscp = ipHdr->dscp; - /* fix IP checksum */ - innerIpHdr->check = IPChecksum((UINT8 *)innerIpHdr, - innerIpHdr->ihl * 4, 0); - } else { - status = NDIS_STATUS_INVALID_PACKET; - goto dropNbl; - } - } else if (layers.isIPv6) { - IPv6Hdr ipv6_storage; - IPv6Hdr *innerIpv6Hdr = (IPv6Hdr*)OvsGetPacketBytes( - *newNbl, - sizeof *innerIpv6Hdr, - layers.l3Offset, - &ipv6_storage); - if (innerIpv6Hdr) { - /* copy ECN and DSCN to inner header */ - innerIpv6Hdr->priority = ipHdr->ecn - | ((innerIpv6Hdr->flow_lbl[0] & 0x3) << 2); - innerIpv6Hdr->flow_lbl[0] = (innerIpv6Hdr->flow_lbl[0] & 0xF) - | ((ipHdr->tos & 0xF) << 4); - } else { - status = NDIS_STATUS_RESOURCES; - goto dropNbl; - } - } - } - - /* Apply VLAN tag if present */ - if (ntohs(sttHdr->vlanTCI) & OVSWIN_VLAN_CFI) { - NDIS_NET_BUFFER_LIST_8021Q_INFO vlanTag; - vlanTag.Value = 0; - vlanTag.TagHeader.VlanId = ntohs(sttHdr->vlanTCI) & 0xfff; - vlanTag.TagHeader.UserPriority = ntohs(sttHdr->vlanTCI) >> 13; - NET_BUFFER_LIST_INFO(*newNbl, - Ieee8021QNetBufferListInfo) = vlanTag.Value; - } - - /* Set Checksum and LSO offload flags */ - OvsDecapSetOffloads(newNbl, sttHdr, &layers); - - return NDIS_STATUS_SUCCESS; - -dropNbl: - OvsCompleteNBL(switchContext, *newNbl, TRUE); - *newNbl = NULL; - return status; -} diff --git a/datapath-windows/ovsext/Stt.h b/datapath-windows/ovsext/Stt.h deleted file mode 100644 index 5e77f96c9..000000000 --- a/datapath-windows/ovsext/Stt.h +++ /dev/null @@ -1,124 +0,0 @@ -/* - * Copyright (c) 2015 VMware, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef __OVS_STT_H_ -#define __OVS_STT_H_ 1 - -#include "IpHelper.h" - -typedef union _OVS_FWD_INFO *POVS_FWD_INFO; - -#define STT_TCP_PORT 7471 -#define STT_TCP_PORT_NBO 0x2f1d - -#define MAX_IP_TOTAL_LEN 65535 - -// STT defines. -#define STT_SEQ_LEN_SHIFT 16 -#define STT_SEQ_OFFSET_MASK ((1 << STT_SEQ_LEN_SHIFT) - 1) -#define STT_FRAME_LEN(seq) ((seq) >> STT_SEQ_LEN_SHIFT) -#define STT_SEGMENT_OFF(seq) ((seq) & STT_SEQ_OFFSET_MASK) - -#define STT_CSUM_VERIFIED (1 << 0) -#define STT_CSUM_PARTIAL (1 << 1) -#define STT_PROTO_IPV4 (1 << 2) -#define STT_PROTO_TCP (1 << 3) -#define STT_PROTO_TYPES (STT_PROTO_IPV4 | STT_PROTO_TCP) - -#define STT_HASH_TABLE_SIZE ((UINT32)1 << 10) -#define STT_HASH_TABLE_MASK (STT_HASH_TABLE_SIZE - 1) -#define STT_ENTRY_TIMEOUT 300000000 // 30s -#define STT_CLEANUP_INTERVAL 300000000 // 30s - -#define STT_ETH_PAD 2 -typedef struct SttHdr { - UINT8 version; - UINT8 flags; - UINT8 l4Offset; - UINT8 reserved; - UINT16 mss; - UINT16 vlanTCI; - UINT64 key; -} SttHdr, *PSttHdr; - -#define STT_HDR_LEN (sizeof(SttHdr) + STT_ETH_PAD) - -typedef struct _OVS_STT_VPORT { - UINT16 dstPort; - UINT64 ackNo; - UINT64 ipId; -} OVS_STT_VPORT, *POVS_STT_VPORT; - -typedef struct _OVS_STT_PKT_KEY { - UINT32 sAddr; - UINT32 dAddr; - UINT32 ackSeq; -} OVS_STT_PKT_KEY, *POVS_STT_PKT_KEY; - -typedef struct _OVS_STT_PKT_ENTRY { - OVS_STT_PKT_KEY ovsPktKey; - UINT64 timeout; - UINT32 recvdLen; - UINT32 allocatedLen; - UINT8 ecn; - SttHdr sttHdr; - PCHAR packetBuf; - LIST_ENTRY link; -} OVS_STT_PKT_ENTRY, *POVS_STT_PKT_ENTRY; - -typedef struct _OVS_STT_THREAD_CTX { - KEVENT event; - PVOID threadObject; - UINT32 exit; -} OVS_STT_THREAD_CTX, *POVS_STT_THREAD_CTX; - -NTSTATUS OvsInitSttTunnel(POVS_VPORT_ENTRY vport, - UINT16 udpDestPort); - -VOID OvsCleanupSttTunnel(POVS_VPORT_ENTRY vport); - -NDIS_STATUS OvsEncapStt(POVS_VPORT_ENTRY vport, - PNET_BUFFER_LIST curNbl, - OvsIPTunnelKey *tunKey, - POVS_SWITCH_CONTEXT switchContext, - POVS_PACKET_HDR_INFO layers, - PNET_BUFFER_LIST *newNbl, - POVS_FWD_INFO switchFwdInfo); - - -NDIS_STATUS OvsDecapStt(POVS_SWITCH_CONTEXT switchContext, - PNET_BUFFER_LIST curNbl, - OvsIPTunnelKey *tunKey, - PNET_BUFFER_LIST *newNbl); - -NTSTATUS OvsInitSttDefragmentation(); - -VOID OvsCleanupSttDefragmentation(VOID); - -static __inline UINT32 -OvsGetSttTunHdrSize(VOID) -{ - return sizeof (EthHdr) + sizeof(IPHdr) + sizeof(TCPHdr) + - STT_HDR_LEN; -} - -static __inline UINT32 -OvsGetSttTunHdrSizeFromLayers(POVS_PACKET_HDR_INFO layers) -{ - return layers->l7Offset + STT_HDR_LEN; -} - -#endif /*__OVS_STT_H_ */ diff --git a/datapath-windows/ovsext/Switch.c b/datapath-windows/ovsext/Switch.c index 6aa5abc28..294c6773d 100644 --- a/datapath-windows/ovsext/Switch.c +++ b/datapath-windows/ovsext/Switch.c @@ -215,12 +215,6 @@ OvsCreateSwitch(NDIS_HANDLE ndisFilterHandle, goto create_switch_done; } - status = OvsInitSttDefragmentation(); - if (status != STATUS_SUCCESS) { - OVS_LOG_ERROR("Exit: Failed to initialize Stt Defragmentation"); - goto create_switch_done; - } - status = OvsInitConntrack(switchContext); if (status != STATUS_SUCCESS) { OvsUninitSwitchContext(switchContext); @@ -284,7 +278,6 @@ OvsExtDetach(NDIS_HANDLE filterModuleContext) } OvsDeleteSwitch(switchContext); OvsCleanupIpHelper(); - OvsCleanupSttDefragmentation(); OvsCleanupConntrack(); OvsCleanupCtRelated(); OvsCleanupIpFragment(); diff --git a/datapath-windows/ovsext/Util.h b/datapath-windows/ovsext/Util.h index 3670e2e4b..95114e9f2 100644 --- a/datapath-windows/ovsext/Util.h +++ b/datapath-windows/ovsext/Util.h @@ -33,7 +33,6 @@ #define OVS_SWITCH_POOL_TAG 'SSVO' #define OVS_USER_POOL_TAG 'USVO' #define OVS_VPORT_POOL_TAG 'PSVO' -#define OVS_STT_POOL_TAG 'RSVO' #define OVS_GRE_POOL_TAG 'GSVO' #define OVS_TUNFLT_POOL_TAG 'WSVO' #define OVS_RECIRC_POOL_TAG 'CSVO' diff --git a/datapath-windows/ovsext/Vport.c b/datapath-windows/ovsext/Vport.c index 9f1587f44..3422d27ed 100644 --- a/datapath-windows/ovsext/Vport.c +++ b/datapath-windows/ovsext/Vport.c @@ -22,7 +22,6 @@ #include "IpHelper.h" #include "Jhash.h" #include "Oid.h" -#include "Stt.h" #include "Switch.h" #include "User.h" #include "Vport.h" @@ -764,11 +763,6 @@ OvsFindTunnelVportByDstPortAndNWProto(POVS_SWITCH_CONTEXT switchContext, continue; } break; - case IPPROTO_TCP: - if (vport->ovsType != OVS_VPORT_TYPE_STT) { - continue; - } - break; case IPPROTO_GRE: break; default: @@ -1114,9 +1108,6 @@ OvsInitTunnelVport(PVOID userContext, } break; } - case OVS_VPORT_TYPE_STT: - status = OvsInitSttTunnel(vport, dstPort); - break; case OVS_VPORT_TYPE_GENEVE: status = OvsInitGeneveTunnel(vport, dstPort); break; @@ -1254,7 +1245,6 @@ InitOvsVportCommon(POVS_SWITCH_CONTEXT switchContext, switch(vport->ovsType) { case OVS_VPORT_TYPE_GRE: case OVS_VPORT_TYPE_VXLAN: - case OVS_VPORT_TYPE_STT: case OVS_VPORT_TYPE_GENEVE: { UINT16 dstPort = GetPortFromPriv(vport); @@ -1336,9 +1326,6 @@ OvsRemoveAndDeleteVport(PVOID usrParamsContext, case OVS_VPORT_TYPE_GENEVE: OvsCleanupGeneveTunnel(vport); break; - case OVS_VPORT_TYPE_STT: - OvsCleanupSttTunnel(vport); - break; case OVS_VPORT_TYPE_GRE: OvsCleanupGreTunnel(vport); break; @@ -2299,10 +2286,6 @@ OvsNewVportCmdHandler(POVS_USER_PARAMS_CONTEXT usrParamsCtx, case OVS_VPORT_TYPE_GENEVE: transportPortDest = GENEVE_UDP_PORT; break; - case OVS_VPORT_TYPE_STT: - transportPortDest = STT_TCP_PORT; - nwProto = IPPROTO_TCP; - break; default: nlError = NL_ERROR_INVAL; goto Cleanup; @@ -2421,9 +2404,6 @@ Cleanup: case OVS_VPORT_TYPE_VXLAN: OvsCleanupVxlanTunnel(NULL, vport, NULL, NULL); break; - case OVS_VPORT_TYPE_STT: - OvsCleanupSttTunnel(vport); - break; case OVS_VPORT_TYPE_GENEVE: OvsCleanupGeneveTunnel(vport); break; diff --git a/datapath-windows/ovsext/Vport.h b/datapath-windows/ovsext/Vport.h index 32cbf8bcc..a399d6cf2 100644 --- a/datapath-windows/ovsext/Vport.h +++ b/datapath-windows/ovsext/Vport.h @@ -18,7 +18,6 @@ #define __VPORT_H_ 1 #include "Gre.h" -#include "Stt.h" #include "Switch.h" #include "VxLan.h" #include "Geneve.h" @@ -180,7 +179,6 @@ OvsIsTunnelVportType(OVS_VPORT_TYPE ovsType) { return ovsType == OVS_VPORT_TYPE_VXLAN || ovsType == OVS_VPORT_TYPE_GENEVE || - ovsType == OVS_VPORT_TYPE_STT || ovsType == OVS_VPORT_TYPE_GRE; } @@ -253,9 +251,6 @@ GetPortFromPriv(POVS_VPORT_ENTRY vport) switch(vport->ovsType) { case OVS_VPORT_TYPE_GRE: break; - case OVS_VPORT_TYPE_STT: - dstPort = ((POVS_STT_VPORT)vportPriv)->dstPort; - break; case OVS_VPORT_TYPE_VXLAN: dstPort = ((POVS_VXLAN_VPORT)vportPriv)->dstPort; break; diff --git a/datapath-windows/ovsext/ovsext.vcxproj b/datapath-windows/ovsext/ovsext.vcxproj index 8ee56aa00..e1c43fd56 100644 --- a/datapath-windows/ovsext/ovsext.vcxproj +++ b/datapath-windows/ovsext/ovsext.vcxproj @@ -179,7 +179,6 @@ - @@ -426,7 +425,6 @@ $(IntDir)\precomp.h.pch - diff --git a/include/linux/openvswitch.h b/include/linux/openvswitch.h index 12c25d380..48b3a7322 100644 --- a/include/linux/openvswitch.h +++ b/include/linux/openvswitch.h @@ -247,8 +247,8 @@ enum ovs_vport_type { OVS_VPORT_TYPE_GRE, /* GRE tunnel. */ OVS_VPORT_TYPE_VXLAN, /* VXLAN tunnel. */ OVS_VPORT_TYPE_GENEVE, /* Geneve tunnel. */ - OVS_VPORT_TYPE_LISP = 105, /* LISP tunnel (deprecated). */ - OVS_VPORT_TYPE_STT = 106, /* STT tunnel (deprecated). */ + /* OVS_VPORT_TYPE_LISP = 105, LISP tunnel (no longer supported). */ + /* OVS_VPORT_TYPE_STT = 106, STT tunnel (no longer supported). */ OVS_VPORT_TYPE_ERSPAN = 107, /* ERSPAN tunnel. */ OVS_VPORT_TYPE_IP6ERSPAN = 108, /* ERSPAN tunnel. */ OVS_VPORT_TYPE_IP6GRE = 109, diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in index 2a133a684..f451fb84a 100755 --- a/ipsec/ovs-monitor-ipsec.in +++ b/ipsec/ovs-monitor-ipsec.in @@ -56,17 +56,6 @@ $auth_section leftprotoport=udp rightprotoport=udp/6081 -"""), "stt": Template("""\ -conn $ifname-in-$version -$auth_section - leftprotoport=tcp/7471 - rightprotoport=tcp - -conn $ifname-out-$version -$auth_section - leftprotoport=tcp - rightprotoport=tcp/7471 - """), "vxlan": Template("""\ conn $ifname-in-$version $auth_section @@ -227,11 +216,6 @@ conn prevent_unencrypted_geneve leftprotoport=udp/6081 mark={0} -conn prevent_unencrypted_stt - type=drop - leftprotoport=tcp/7471 - mark={0} - conn prevent_unencrypted_vxlan type=drop leftprotoport=udp/4789 @@ -456,12 +440,6 @@ conn prevent_unencrypted_geneve leftprotoport=udp/6081 mark={0} -conn prevent_unencrypted_stt - type=drop - left=%defaultroute - leftprotoport=tcp/7471 - mark={0} - conn prevent_unencrypted_vxlan type=drop left=%defaultroute @@ -746,11 +724,6 @@ conn prevent_unencrypted_vxlan "--ctlsocket", self.IPSEC_CTL, "--add", "--asynchronous", "prevent_unencrypted_geneve"]) - run_command(self.IPSEC_AUTO + - ["--config", self.ROOT_IPSEC_CONF, - "--ctlsocket", self.IPSEC_CTL, - "--add", - "--asynchronous", "prevent_unencrypted_stt"]) run_command(self.IPSEC_AUTO + ["--config", self.ROOT_IPSEC_CONF, "--ctlsocket", self.IPSEC_CTL, @@ -767,11 +740,6 @@ conn prevent_unencrypted_vxlan "--ctlsocket", self.IPSEC_CTL, "--delete", "--asynchronous", "prevent_unencrypted_geneve"]) - run_command(self.IPSEC_AUTO + - ["--config", self.ROOT_IPSEC_CONF, - "--ctlsocket", self.IPSEC_CTL, - "--delete", - "--asynchronous", "prevent_unencrypted_stt"]) run_command(self.IPSEC_AUTO + ["--config", self.ROOT_IPSEC_CONF, "--ctlsocket", self.IPSEC_CTL, @@ -1178,7 +1146,7 @@ class IPsecMonitor(object): def is_tunneling_type_supported(self, tunnel_type): """Returns True if we know how to configure IPsec for these types of tunnels. Otherwise, returns False.""" - return tunnel_type in ["gre", "geneve", "vxlan", "stt"] + return tunnel_type in ["gre", "geneve", "vxlan"] def is_ipsec_required(self, options_column): """Return True if tunnel needs to be encrypted. Otherwise, diff --git a/lib/dpif-netlink-rtnl.c b/lib/dpif-netlink-rtnl.c index f7035333e..08054aa28 100644 --- a/lib/dpif-netlink-rtnl.c +++ b/lib/dpif-netlink-rtnl.c @@ -135,8 +135,6 @@ vport_type_to_kind(enum ovs_vport_type type, return "bareudp"; case OVS_VPORT_TYPE_NETDEV: case OVS_VPORT_TYPE_INTERNAL: - case OVS_VPORT_TYPE_LISP: - case OVS_VPORT_TYPE_STT: case OVS_VPORT_TYPE_UNSPEC: case __OVS_VPORT_TYPE_MAX: default: @@ -318,8 +316,6 @@ dpif_netlink_rtnl_verify(const struct netdev_tunnel_config *tnl_cfg, break; case OVS_VPORT_TYPE_NETDEV: case OVS_VPORT_TYPE_INTERNAL: - case OVS_VPORT_TYPE_LISP: - case OVS_VPORT_TYPE_STT: case OVS_VPORT_TYPE_GTPU: case OVS_VPORT_TYPE_SRV6: case OVS_VPORT_TYPE_UNSPEC: @@ -411,8 +407,6 @@ dpif_netlink_rtnl_create(const struct netdev_tunnel_config *tnl_cfg, break; case OVS_VPORT_TYPE_NETDEV: case OVS_VPORT_TYPE_INTERNAL: - case OVS_VPORT_TYPE_LISP: - case OVS_VPORT_TYPE_STT: case OVS_VPORT_TYPE_GTPU: case OVS_VPORT_TYPE_SRV6: case OVS_VPORT_TYPE_UNSPEC: @@ -528,8 +522,6 @@ dpif_netlink_rtnl_port_destroy(const char *name, const char *type) return dpif_netlink_rtnl_destroy(name); case OVS_VPORT_TYPE_NETDEV: case OVS_VPORT_TYPE_INTERNAL: - case OVS_VPORT_TYPE_LISP: - case OVS_VPORT_TYPE_STT: case OVS_VPORT_TYPE_GTPU: case OVS_VPORT_TYPE_UNSPEC: case __OVS_VPORT_TYPE_MAX: diff --git a/lib/dpif-netlink.c b/lib/dpif-netlink.c index 84e2bd8ea..f8850181d 100644 --- a/lib/dpif-netlink.c +++ b/lib/dpif-netlink.c @@ -901,12 +901,6 @@ get_vport_type(const struct dpif_netlink_vport *vport) case OVS_VPORT_TYPE_VXLAN: return "vxlan"; - case OVS_VPORT_TYPE_LISP: - return "lisp"; - - case OVS_VPORT_TYPE_STT: - return "stt"; - case OVS_VPORT_TYPE_ERSPAN: return "erspan"; @@ -942,14 +936,10 @@ netdev_to_ovs_vport_type(const char *type) return OVS_VPORT_TYPE_NETDEV; } else if (!strcmp(type, "internal")) { return OVS_VPORT_TYPE_INTERNAL; - } else if (strstr(type, "stt")) { - return OVS_VPORT_TYPE_STT; } else if (!strcmp(type, "geneve")) { return OVS_VPORT_TYPE_GENEVE; } else if (!strcmp(type, "vxlan")) { return OVS_VPORT_TYPE_VXLAN; - } else if (!strcmp(type, "lisp")) { - return OVS_VPORT_TYPE_LISP; } else if (!strcmp(type, "erspan")) { return OVS_VPORT_TYPE_ERSPAN; } else if (!strcmp(type, "ip6erspan")) { diff --git a/lib/meta-flow.xml b/lib/meta-flow.xml index ac72a44bc..5c57ab08f 100644 --- a/lib/meta-flow.xml +++ b/lib/meta-flow.xml @@ -27,7 +27,7 @@ Open vSwitch 2.7 and earlier considered Ethernet fields to be root fields, and this remains the default mode of operation for Open vSwitch bridges. When a packet is received from a non-Ethernet interfaces, such as a layer-3 - LISP tunnel, Open vSwitch 2.7 and earlier force-fit the packet to this + VXLAN-GPE tunnel, Open vSwitch 2.7 and earlier force-fit the packet to this Ethernet-centric point of view by pretending that an Ethernet header is present whose Ethernet type that indicates the packet's actual type (and whose source and destination addresses are all-zero). @@ -44,7 +44,7 @@ turn off this legacy behavior, on a port-by-port basis, by setting options:packet_type to ptap in the Interface table. This is significant only for ports that can - handle non-Ethernet packets, which is currently just LISP, VXLAN-GPE, and + handle non-Ethernet packets, which is currently just VXLAN-GPE, and GRE tunnel ports. See ovs-vwitchd.conf.db(5) for more information.

@@ -1455,9 +1455,7 @@ ovs-ofctl add-flow br-int 'in_port=3,tun_src=192.168.1.1,tun_id=5001 actions=1'
  • VXLAN and Geneve have a 24-bit virtual network identifier (VNI).
    • -
  • LISP has a 24-bit instance ID.
  • GRE has an optional 32-bit key.
    • -
  • STT has a 64-bit key.
  • ERSPAN has a 10-bit key (Session ID).
  • GTPU has a 32-bit key (Tunnel Endpoint ID).
    • @@ -4832,13 +4830,6 @@ r c c c r. href="http://www.ietf.org/rfc/rfc5462.txt"/>. -
    RFC 6830
    -
    - D. Farinacci, V. Fuller, D. Meyer, and D. Lewis, ``The - Locator/ID Separation Protocol (LISP),'' . -
    -
    RFC 7348
    M. Mahalingam, D. Dutt, K. Duda, P. Agarwal, L. Kreeger, T. Sridhar, diff --git a/lib/netdev-vport.c b/lib/netdev-vport.c index 46a62dbfc..ed67b509d 100644 --- a/lib/netdev-vport.c +++ b/lib/netdev-vport.c @@ -57,8 +57,6 @@ VLOG_DEFINE_THIS_MODULE(netdev_vport); #define GENEVE_DST_PORT 6081 #define VXLAN_DST_PORT 4789 -#define LISP_DST_PORT 4341 -#define STT_DST_PORT 7471 #define DEFAULT_TTL 64 @@ -119,7 +117,6 @@ netdev_vport_needs_dst_port(const struct netdev *dev) return (class->get_config == get_tunnel_config && (!strcmp("geneve", type) || !strcmp("vxlan", type) || - !strcmp("lisp", type) || !strcmp("stt", type) || !strcmp("gtpu", type) || !strcmp("bareudp",type))); } @@ -224,12 +221,6 @@ netdev_vport_construct(struct netdev *netdev_) } else if (!strcmp(type, "vxlan")) { tnl_cfg->dst_port = port ? htons(port) : htons(VXLAN_DST_PORT); update_vxlan_global_cfg(netdev_, NULL, tnl_cfg); - } else if (!strcmp(type, "lisp")) { - tnl_cfg->dst_port = port ? htons(port) : htons(LISP_DST_PORT); - VLOG_WARN("%s: 'lisp' port type is deprecated.", name); - } else if (!strcmp(type, "stt")) { - tnl_cfg->dst_port = port ? htons(port) : htons(STT_DST_PORT); - VLOG_WARN("%s: 'stt' port type is deprecated.", name); } else if (!strcmp(type, "gtpu")) { tnl_cfg->dst_port = port ? htons(port) : htons(GTPU_DST_PORT); } else if (!strcmp(type, "bareudp")) { @@ -480,9 +471,7 @@ static enum tunnel_layers tunnel_supported_layers(const char *type, const struct netdev_tunnel_config *tnl_cfg) { - if (!strcmp(type, "lisp")) { - return TNL_L3; - } else if (!strcmp(type, "gre")) { + if (!strcmp(type, "gre")) { return TNL_L2 | TNL_L3; } else if (!strcmp(type, "vxlan") && tnl_cfg->exts & (1 << OVS_VXLAN_EXT_GPE)) { @@ -630,7 +619,7 @@ set_tunnel_config(struct netdev *dev_, const struct smap *args, char **errp) int err; has_csum = strstr(type, "gre") || strstr(type, "geneve") || - strstr(type, "stt") || strstr(type, "vxlan"); + strstr(type, "vxlan"); has_seq = strstr(type, "gre"); memset(&tnl_cfg, 0, sizeof tnl_cfg); @@ -643,14 +632,6 @@ set_tunnel_config(struct netdev *dev_, const struct smap *args, char **errp) tnl_cfg.dst_port = htons(VXLAN_DST_PORT); } - if (!strcmp(type, "lisp")) { - tnl_cfg.dst_port = htons(LISP_DST_PORT); - } - - if (!strcmp(type, "stt")) { - tnl_cfg.dst_port = htons(STT_DST_PORT); - } - if (!strcmp(type, "gtpu")) { tnl_cfg.dst_port = htons(GTPU_DST_PORT); } @@ -1032,8 +1013,6 @@ get_tunnel_config(const struct netdev *dev, struct smap *args) if ((!strcmp("geneve", type) && dst_port != GENEVE_DST_PORT) || (!strcmp("vxlan", type) && dst_port != VXLAN_DST_PORT) || - (!strcmp("lisp", type) && dst_port != LISP_DST_PORT) || - (!strcmp("stt", type) && dst_port != STT_DST_PORT) || (!strcmp("gtpu", type) && dst_port != GTPU_DST_PORT) || !strcmp("bareudp", type)) { smap_add_format(args, "dst_port", "%d", dst_port); @@ -1316,20 +1295,6 @@ netdev_vport_tunnel_register(void) }, {{NULL, NULL, 0, 0}} }, - { "lisp_sys", - { - TUNNEL_FUNCTIONS_COMMON, - .type = "lisp" - }, - {{NULL, NULL, 0, 0}} - }, - { "stt_sys", - { - TUNNEL_FUNCTIONS_COMMON, - .type = "stt" - }, - {{NULL, NULL, 0, 0}} - }, { "erspan_sys", { TUNNEL_FUNCTIONS_COMMON, diff --git a/lib/tnl-ports.c b/lib/tnl-ports.c index a1dec89d4..56119b300 100644 --- a/lib/tnl-ports.c +++ b/lib/tnl-ports.c @@ -169,8 +169,6 @@ tnl_type_to_nw_proto(const char type[], uint8_t nw_protos[2]) if (!strcmp(type, "geneve") || !strcmp(type, "vxlan") || !strcmp(type, "gtpu")) { nw_protos[0] = IPPROTO_UDP; - } else if (!strcmp(type, "stt")) { - nw_protos[0] = IPPROTO_TCP; } else if (!strcmp(type, "gre") || !strcmp(type, "erspan") || !strcmp(type, "ip6erspan") || !strcmp(type, "ip6gre")) { nw_protos[0] = IPPROTO_GRE; diff --git a/ofproto/ofproto-dpif-ipfix.c b/ofproto/ofproto-dpif-ipfix.c index 7f10b87a7..1f561b3bc 100644 --- a/ofproto/ofproto-dpif-ipfix.c +++ b/ofproto/ofproto-dpif-ipfix.c @@ -66,27 +66,27 @@ enum ipfix_sampled_packet_type { }; /* The standard layer2SegmentId (ID 351) element is included in vDS to send - * the VxLAN tunnel's VNI. It is 64-bit long, the most significant byte is - * used to indicate the type of tunnel (0x01 = VxLAN, 0x02 = GRE) and the three - * least significant bytes hold the value of the layer 2 overlay network - * segment identifier: a 24-bit VxLAN tunnel's VNI or a 24-bit GRE tunnel's - * TNI. This is not compatible with STT, as implemented in OVS, as - * its tunnel IDs is 64-bit. + * the VxLAN tunnel's VNI. It is 64-bit long, the most significant byte is used + * to indicate the type of tunnel (0x01 = VxLAN, 0x02 = GRE) and the three or + * four least significant bytes hold the value of the layer 2 overlay network + * segment identifier: a 24-bit VxLAN or Geneve tunnel's VNI or a 32-bit GRE + * tunnel's TNI. * * Two new enterprise information elements are defined which are similar to * laryerSegmentId but support 64-bit IDs: * tunnelType (ID 891) and tunnelKey (ID 892). + * OVS currently doesn't support any tunnel types that require 64-bit IDs, but + * these elements are used for historical reasons. * * The enum dpif_ipfix_tunnel_type is to declare the types supported in the * tunnelType element. - * The number of ipfix tunnel types includes two reserverd types: 0x04 and 0x06. */ enum dpif_ipfix_tunnel_type { DPIF_IPFIX_TUNNEL_UNKNOWN = 0x00, DPIF_IPFIX_TUNNEL_VXLAN = 0x01, DPIF_IPFIX_TUNNEL_GRE = 0x02, - DPIF_IPFIX_TUNNEL_LISP = 0x03, - DPIF_IPFIX_TUNNEL_STT = 0x04, + /* 0x03 - 0x06 are either reserved or previously used by no longer + * supported tunnel types, hence should not be used for any new ones. */ DPIF_IPFIX_TUNNEL_GENEVE = 0x07, NUM_DPIF_IPFIX_TUNNEL }; @@ -226,7 +226,7 @@ enum ipfix_proto_l4 { }; enum ipfix_proto_tunnel { IPFIX_PROTO_NOT_TUNNELED = 0, - IPFIX_PROTO_TUNNELED, /* Support gre, lisp and vxlan. */ + IPFIX_PROTO_TUNNELED, /* Support gre, geneve and vxlan. */ NUM_IPFIX_PROTO_TUNNEL }; @@ -386,13 +386,9 @@ struct ipfix_data_record_flow_key_icmp { BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_flow_key_icmp) == 2); static uint8_t tunnel_protocol[NUM_DPIF_IPFIX_TUNNEL] = { - 0, /* reserved */ - IPPROTO_UDP, /* DPIF_IPFIX_TUNNEL_VXLAN */ - IPPROTO_GRE, /* DPIF_IPFIX_TUNNEL_GRE */ - IPPROTO_UDP, /* DPIF_IPFIX_TUNNEL_LISP*/ - IPPROTO_TCP, /* DPIF_IPFIX_TUNNEL_STT*/ - 0 , /* reserved */ - IPPROTO_UDP, /* DPIF_IPFIX_TUNNEL_GENEVE*/ + [DPIF_IPFIX_TUNNEL_VXLAN] = IPPROTO_UDP, + [DPIF_IPFIX_TUNNEL_GRE] = IPPROTO_GRE, + [DPIF_IPFIX_TUNNEL_GENEVE] = IPPROTO_UDP, }; OVS_PACKED( @@ -511,12 +507,11 @@ BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_aggregated_tcp) == 48); /* * support tunnel key for: - * VxLAN: 24-bit VIN, + * VxLAN: 24-bit VNI, + * Geneve: 24-bit VNI, * GRE: 32-bit key, - * LISP: 24-bit instance ID - * STT: 64-bit key */ -#define MAX_TUNNEL_KEY_LEN 8 +#define MAX_TUNNEL_KEY_LEN 4 #define MAX_IF_NAME_LEN 64 #define MAX_IF_DESCR_LEN 128 @@ -866,12 +861,8 @@ dpif_ipfix_tunnel_type(const struct ofport *ofport) return DPIF_IPFIX_TUNNEL_GRE; } else if (strcmp(type, "vxlan") == 0) { return DPIF_IPFIX_TUNNEL_VXLAN; - } else if (strcmp(type, "lisp") == 0) { - return DPIF_IPFIX_TUNNEL_LISP; } else if (strcmp(type, "geneve") == 0) { return DPIF_IPFIX_TUNNEL_GENEVE; - } else if (strcmp(type, "stt") == 0) { - return DPIF_IPFIX_TUNNEL_STT; } return DPIF_IPFIX_TUNNEL_UNKNOWN; @@ -886,11 +877,8 @@ dpif_ipfix_tunnel_key_length(enum dpif_ipfix_tunnel_type tunnel_type) /* 32-bit key gre */ return 4; case DPIF_IPFIX_TUNNEL_VXLAN: - case DPIF_IPFIX_TUNNEL_LISP: case DPIF_IPFIX_TUNNEL_GENEVE: return 3; - case DPIF_IPFIX_TUNNEL_STT: - return 8; case DPIF_IPFIX_TUNNEL_UNKNOWN: case NUM_DPIF_IPFIX_TUNNEL: default: diff --git a/ofproto/ofproto-dpif-sflow.c b/ofproto/ofproto-dpif-sflow.c index fb12cf419..c5403e27a 100644 --- a/ofproto/ofproto-dpif-sflow.c +++ b/ofproto/ofproto-dpif-sflow.c @@ -60,7 +60,6 @@ enum dpif_sflow_tunnel_type { DPIF_SFLOW_TUNNEL_UNKNOWN = 0, DPIF_SFLOW_TUNNEL_VXLAN, DPIF_SFLOW_TUNNEL_GRE, - DPIF_SFLOW_TUNNEL_LISP, DPIF_SFLOW_TUNNEL_GENEVE }; @@ -628,8 +627,6 @@ dpif_sflow_tunnel_type(struct ofport *ofport) { return DPIF_SFLOW_TUNNEL_GRE; } else if (strcmp(type, "vxlan") == 0) { return DPIF_SFLOW_TUNNEL_VXLAN; - } else if (strcmp(type, "lisp") == 0) { - return DPIF_SFLOW_TUNNEL_LISP; } else if (strcmp(type, "geneve") == 0) { return DPIF_SFLOW_TUNNEL_GENEVE; } @@ -649,7 +646,6 @@ dpif_sflow_tunnel_proto(enum dpif_sflow_tunnel_type tunnel_type) break; case DPIF_SFLOW_TUNNEL_VXLAN: - case DPIF_SFLOW_TUNNEL_LISP: case DPIF_SFLOW_TUNNEL_GENEVE: ipproto = IPPROTO_UDP; diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c index d9962765f..329b99de9 100644 --- a/ofproto/ofproto-dpif-xlate.c +++ b/ofproto/ofproto-dpif-xlate.c @@ -3840,8 +3840,6 @@ propagate_tunnel_data_to_flow(struct xlate_ctx *ctx, struct eth_addr dmac, nw_proto = (flow->dl_type == htons(ETH_TYPE_IP)) ? IPPROTO_IPIP : IPPROTO_IPV6; break; - case OVS_VPORT_TYPE_LISP: - case OVS_VPORT_TYPE_STT: case OVS_VPORT_TYPE_UNSPEC: case OVS_VPORT_TYPE_NETDEV: case OVS_VPORT_TYPE_INTERNAL: diff --git a/tests/ofproto-dpif.at b/tests/ofproto-dpif.at index fa5f148b4..7b0d18f76 100644 --- a/tests/ofproto-dpif.at +++ b/tests/ofproto-dpif.at @@ -8593,7 +8593,7 @@ AT_SETUP([ofproto-dpif - Flow IPFIX sanity check - tunnel set]) OVS_VSWITCHD_START([add-port br0 p1 -- set Interface p1 type=gre \ options:remote_ip=1.1.1.1 options:local_ip=2.2.2.2 \ options:key=5 ofport_request=1\ - -- add-port br0 p2 -- set Interface p2 type=stt \ + -- add-port br0 p2 -- set Interface p2 type=geneve \ options:remote_ip=1.1.1.2 options:local_ip=2.2.2.3 \ options:key=6 ofport_request=2\ -- add-port br0 p3 -- set Interface p3 type=dummy \ @@ -8651,14 +8651,14 @@ AT_CHECK([ovs-appctl ofproto/trace ovs-dummy 'in_port(3),eth(src=50:54:00:00:00: dnl Make sure flow sample action in datapath is behind set tunnel dnl action at egress point of tunnel port. AT_CHECK([tail -1 stdout], [0], [dnl -Datapath actions: set(tunnel(tun_id=0x5,src=2.2.2.2,dst=1.1.1.1,tos=0x1,ttl=64,flags(df|key))),userspace(pid=0,flow_sample(probability=65535,collector_set_id=1,obs_domain_id=0,obs_point_id=0,output_port=1),tunnel_out_port=1),1,set(tunnel(tun_id=0x6,src=2.2.2.3,dst=1.1.1.2,tos=0x1,ttl=64,tp_dst=7471,flags(df|key))),userspace(pid=0,flow_sample(probability=65535,collector_set_id=1,obs_domain_id=0,obs_point_id=0,output_port=7471),tunnel_out_port=7471),7471 +Datapath actions: set(tunnel(tun_id=0x5,src=2.2.2.2,dst=1.1.1.1,tos=0x1,ttl=64,flags(df|key))),userspace(pid=0,flow_sample(probability=65535,collector_set_id=1,obs_domain_id=0,obs_point_id=0,output_port=1),tunnel_out_port=1),1,set(tunnel(tun_id=0x6,src=2.2.2.3,dst=1.1.1.2,tos=0x1,ttl=64,tp_dst=6081,flags(df|key))),userspace(pid=0,flow_sample(probability=65535,collector_set_id=1,obs_domain_id=0,obs_point_id=0,output_port=6081),tunnel_out_port=6081),6081 ]) dnl Remove the flow which contains sample action. AT_CHECK([ovs-ofctl del-flows br0 in_port=3], [0], [ignore]) AT_CHECK([ovs-vsctl destroy Flow_Sample_Collector_Set 1], [0], [ignore]) -OVS_VSWITCHD_STOP(["/'stt' port type is deprecated/d"]) +OVS_VSWITCHD_STOP AT_CLEANUP AT_SETUP([ofproto-dpif - Flow IPFIX sanity check - from field]) diff --git a/tests/ovs-vsctl.at b/tests/ovs-vsctl.at index 0778c4480..e488e292d 100644 --- a/tests/ovs-vsctl.at +++ b/tests/ovs-vsctl.at @@ -1613,7 +1613,6 @@ m4_foreach( [ovs-dummy], [genev_sys], [gre_sys], -[lisp_sys], [vxlan_sys]], [ # Try creating the port @@ -1639,19 +1638,16 @@ AT_SETUP([add-port -- reserved names 2]) # Creates all type of tunnel ports OVS_VSWITCHD_START([add-port br0 p1 -- set Interface p1 type=gre \ options:remote_ip=1.1.1.1 ofport_request=1\ - -- add-port br0 p3 -- set Interface p3 type=lisp \ + -- add-port br0 p3 -- set Interface p3 type=vxlan \ options:remote_ip=2.2.2.2 ofport_request=3 \ - -- add-port br0 p4 -- set Interface p4 type=vxlan \ - options:remote_ip=2.2.2.2 ofport_request=4 \ - -- add-port br0 p5 -- set Interface p5 type=geneve \ - options:remote_ip=2.2.2.2 ofport_request=5]) + -- add-port br0 p4 -- set Interface p4 type=geneve \ + options:remote_ip=2.2.2.2 ofport_request=4]) # Test creating all reserved tunnel port names m4_foreach( [reserved_name], [[genev_sys], [gre_sys], -[lisp_sys], [vxlan_sys]], [ # Try creating the port diff --git a/tests/system-kmod-macros.at b/tests/system-kmod-macros.at index 7a7a19f7e..f7e9ff689 100644 --- a/tests/system-kmod-macros.at +++ b/tests/system-kmod-macros.at @@ -20,7 +20,7 @@ m4_define([_ADD_BR], [[add-br $1 -- set Bridge $1 protocols=OpenFlow10,OpenFlow1 m4_define([OVS_TRAFFIC_VSWITCHD_START], [AT_CHECK([modprobe openvswitch]) on_exit 'modprobe -r openvswitch' - m4_foreach([mod], [[vport_geneve], [vport_gre], [vport_lisp], [vport_stt], [vport_vxlan]], + m4_foreach([mod], [[vport_geneve], [vport_gre], [vport_vxlan]], [modprobe -q mod || echo "Module mod not loaded." on_exit 'modprobe -q -r mod' ]) diff --git a/tests/system-offloads-testsuite-macros.at b/tests/system-offloads-testsuite-macros.at index e50dc07fb..e6d044d21 100644 --- a/tests/system-offloads-testsuite-macros.at +++ b/tests/system-offloads-testsuite-macros.at @@ -18,7 +18,7 @@ limitations under the License.]) m4_define([OVS_TRAFFIC_VSWITCHD_START], [AT_CHECK([modprobe openvswitch]) on_exit 'modprobe -r openvswitch' - m4_foreach([mod], [[vport_geneve], [vport_gre], [vport_lisp], [vport_stt], [vport_vxlan]], + m4_foreach([mod], [[vport_geneve], [vport_gre], [vport_vxlan]], [modprobe -q mod || echo "Module mod not loaded." on_exit 'modprobe -q -r mod' ]) diff --git a/tests/tunnel.at b/tests/tunnel.at index c2a401390..60ed8ba6a 100644 --- a/tests/tunnel.at +++ b/tests/tunnel.at @@ -564,18 +564,6 @@ ffffffffffffaa55aa55000008060001080006040001aa55aa550000ac1f0101000000000000ac1f OVS_VSWITCHD_STOP AT_CLEANUP -AT_SETUP([tunnel - LISP]) -OVS_VSWITCHD_START([add-port br0 p1 -- set Interface p1 type=lisp \ - options:remote_ip=1.1.1.1 ofport_request=1]) - -AT_CHECK([ovs-appctl dpif/show | tail -n +3], [0], [dnl - br0 65534/100: (dummy-internal) - p1 1/4341: (lisp: remote_ip=1.1.1.1) -]) - -OVS_VSWITCHD_STOP(["/'lisp' port type is deprecated/d"]) -AT_CLEANUP - AT_SETUP([tunnel - ERSPAN]) OVS_VSWITCHD_START([add-port br0 p1 -- set Interface p1 type=erspan \ options:remote_ip=1.1.1.1 options:key=1 options:erspan_ver=1 \ diff --git a/utilities/docker/ovs-override.conf b/utilities/docker/ovs-override.conf index 8f792e4b4..682cb5251 100644 --- a/utilities/docker/ovs-override.conf +++ b/utilities/docker/ovs-override.conf @@ -1,4 +1,3 @@ override openvswitch * extra override vport-geneve * extra -override vport-stt * extra override vport-* * extra diff --git a/utilities/docker/start-ovs b/utilities/docker/start-ovs index 516b5d91c..054c7f163 100755 --- a/utilities/docker/start-ovs +++ b/utilities/docker/start-ovs @@ -27,7 +27,6 @@ case $1 in ;; "ovs-vswitchd") depmod -a modprobe openvswitch - modprobe vport_stt modprobe vport_geneve /usr/share/openvswitch/scripts/ovs-ctl \ --no-ovsdb-server start diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml index fc844576c..76df9aab0 100644 --- a/vswitchd/vswitch.xml +++ b/vswitchd/vswitch.xml @@ -2823,56 +2823,6 @@

    -
    lisp
    -
    -

    - This port type is deprecated. -

    -

    - A layer 3 tunnel over the experimental, UDP-based Locator/ID - Separation Protocol (RFC 6830). -

    -

    - Only IPv4 and IPv6 packets are supported by the protocol, and - they are sent and received without an Ethernet header. Traffic - to/from LISP ports is expected to be configured explicitly, and - the ports are not intended to participate in learning based - switching. As such, they are always excluded from packet - flooding. -

    -
    - -
    stt
    -
    -

    - This port type is deprecated. -

    - -

    - The Stateless TCP Tunnel (STT) is particularly useful when tunnel - endpoints are in end-systems, as it utilizes the capabilities of - standard network interface cards to improve performance. - STT utilizes a TCP-like header inside the IP header. It is - stateless, i.e., there is no TCP connection state of any kind - associated with the tunnel. The TCP-like header is used to - leverage the capabilities of existing network interface cards, - but should not be interpreted as implying any sort of connection - state between endpoints. -

    - -

    - Since the STT protocol does not engage in the usual TCP 3-way - handshake, so it will have difficulty traversing stateful - firewalls. -

    - -

    - The protocol is documented at - https://tools.ietf.org/html/draft-davie-stt. - All traffic uses a default destination port of 7471. -

    -
    -
    patch
    A pair of virtual devices that act as a patch cable. @@ -2928,8 +2878,7 @@

    These options apply to interfaces with of geneve, bareudp, gre, - ip6gre, vxlan, lisp, - stt and srv6. + ip6gre, vxlan, and srv6.

    @@ -3023,9 +2972,8 @@ key="in_key"/> at all.

  • - A positive 24-bit (for Geneve, VXLAN, and LISP), 32-bit (for GRE) - or 64-bit (for STT) number. The tunnel receives only - packets with the specified key. + A positive 24-bit (for Geneve and VXLAN) or 32-bit (for GRE) + number. The tunnel receives only packets with the specified key.
  • The word flow. The tunnel accepts packets with any @@ -3054,9 +3002,9 @@ key="out_key"/> at all.
  • - A positive 24-bit (for Geneve, VXLAN and LISP), 32-bit (for GRE) or - 64-bit (for STT) number. Packets sent through the tunnel - will have the specified key. + A positive 24-bit (for Geneve and VXLAN) or 32-bit (for GRE) + number. Packets sent through the tunnel will have the specified + key.
  • The word flow. Packets sent through the tunnel will @@ -3069,8 +3017,8 @@ - Optional. The tunnel transport layer destination port, for UDP and TCP - based tunnel protocols (Geneve, VXLAN, LISP, and STT). + Optional. The tunnel transport layer destination port, for UDP + based tunnel protocols (Geneve, VXLAN). @@ -3107,35 +3055,6 @@ including tunnel monitoring. - - -

    - LISP tunnel type is deprecated. -

    - -

    - A LISP tunnel sends and receives only IPv4 and IPv6 packets. This - option controls what how the tunnel represents the packets that it - sends and receives: -

    - -
      -
    • - By default, or if this option is legacy_l3, the - tunnel represents packets as Ethernet frames for compatibility - with legacy OpenFlow controllers that expect this behavior. -
      • -
    • - If this option is ptap, the tunnel represents - packets using the packet_type mechanism introduced - in OpenFlow 1.5. -
      • -
    -     -     - @@ -3279,11 +3198,10 @@

    Setting any of these options enables IPsec support for a given - tunnel. gre, geneve, - vxlan and stt - interfaces support these options. See the IPsec - section in the table for a description - of each mode. + tunnel. gre, geneve and + vxlan interfaces support these options. See the + IPsec section in the table + for a description of each mode.

    @@ -6944,7 +6862,7 @@ ovs-vsctl add-port br0 p0 -- set Interface p0 type=patch options:peer=p1 \

    type: unsigned 8-bit integer.

    data type semantics: identifier.

    description: Identifier of the layer 2 network overlay network - encapsulation type: 0x01 VxLAN, 0x02 GRE, 0x03 LISP, 0x07 GENEVE.

    + encapsulation type: 0x01 VxLAN, 0x02 GRE, 0x07 GENEVE.

    • tunnelKey:
    @@ -6953,9 +6871,8 @@ ovs-vsctl add-port br0 p0 -- set Interface p0 type=patch options:peer=p1 \

    data type semantics: identifier.

    description: Key which is used for identifying an individual traffic flow within a VxLAN (24-bit VNI), GENEVE (24-bit VNI), - GRE (32-bit key), or LISP (24-bit instance ID) tunnel. The - key is encoded in this octetarray as a 3-, 4-, or 8-byte integer - ID in network byte order.

    + or GRE (32-bit key) tunnel. The key is encoded in this octetarray + as a 3- or 4-byte integer ID in network byte order.

    tunnelSourceIPv4Address:
    diff --git a/vtep/vtep.xml b/vtep/vtep.xml index 903dadf90..c39f82b13 100644 --- a/vtep/vtep.xml +++ b/vtep/vtep.xml @@ -730,11 +730,10 @@

    Tunnel protocols tend to have a field that allows the tunnel - to be partitioned into sub-tunnels: VXLAN has a VNI, GRE and - STT have a key, CAPWAP has a WSI, and so on. We call these - generically ``tunnel keys.'' Given that one needs to use a - tunnel key at all, there are at least two reasonable ways to - assign their values: + to be partitioned into sub-tunnels: VXLAN has a VNI, GRE has a key, + CAPWAP has a WSI, and so on. We call these generically + ``tunnel keys.'' Given that one needs to use a tunnel key at all, + there are at least two reasonable ways to assign their values: