Meter requests should use dump/stats transaction, instead of
transact_noreply, which caused the output to go to stderr and an error
exit.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
vtep/vtep.xml : Tunnel table definitions were reviewed against
latest OVS schema.
Relevant changes taken into HW VTEP schema.
XML formatting of Tunnel table corrected
Signed-off-by: Ariel Tubaltsev <tubaltzev@gmail.com>
Acked-by: Bruce Davie <bdavie@vmware.com>
Signed-off-by: Russell Bryant <russell@ovn.org>
Although netdev does explicit locking, it is only valid from the ovs
perspective, then only the ring ends used by ovs should be declared as
single producer/consumer.
The other ends that are used by the application should be declared as
multiple producer/consumer that is the most general case.
Signed-off-by: Mauricio Vasquez B <mauricio.vasquezbernal@studenti.polito.it>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Calling VLOG_FATAL() while holding the 'log_file_mutex" may lead to
deadlock since VLOG_FATAL() implementation tries to acquire the
same lock. Fix this by building the error message first, then
call VLOG_FATAL() after the 'log_file_mutex' has been released.
This bug is not likely show up in practice since chown() usually
won't fail. It is still better to have a correct implementation.
Reported-by: Daniele Di Proietto <ddiproietto@vmware.com>
Signed-off-by: Andy Zhou <azhou@ovn.org>
Acked-by: Daniele Di Proietto <ddiproietto@vmware.com>
Docker multi-host networking is now part of
Docker 1.9.
This commit adds two drivers for OVN integration
with Docker. The first driver is a pure overlay driver
that does not need OpenStack integration. The second driver
needs OVN+OpenStack.
The description of the Docker API exists here:
https://github.com/docker/libnetwork/blob/master/docs/remote.md
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@ovn.org>
All of these links when viewing OVN-Tutorial on github, but most of
these links didn't work when viewing OVN-Tutorial.md.html in dist-docs.
Use full github links so that they always work (as long as you have
internet access).
Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-By: Kyle Mestery <mestery@mestery.com>
By default, Unix domain sockets are created with file system permission
mode of 0700. This means that only processes that runs under the same
user can access this socket.
For OVS, it may be more convenient to control access at the group
level rather than at the user level, since other processes need to
access OVSDB and UNIXCTL sockets while running under different users.
This patch changes Unix domain sockets' file system permission to 0770,
to grant group access.
It has not been an issue in the past since OVS, until very recently,
had to run as root. If a process needed to access OVSDB or UNIXCTL
sockets, it had to be a root process as well.
With the added --user option to OVS daemons and this change, system
administrators can deploy OVS more securely: OVS daemons can run as
a non root user. Various processes that need to talk to OVS does not
have to run as root process anymore.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ansis Atteka <aatteka@nicira.com>
vlog log file can be created when parsing --log-file option, before
switching user, in case the --user option is also specified. While this
does not directly cause errors for the running daemons, it can
leave the log files on the disk as created under the "root" user.
This patch fix the log file ownership to the user specified with --user.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ansis Atteka <aatteka@nicira.com>
A global variable 'switch_user' was used to make sure
we switch process's current user only once. This logic is now
simplified by testing for uid directly; if switch process has
taken place, the current uid will be not be zero.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ansis Atteka <aatteka@nicira.com>
This tests that resubmits return as expected when conntrack is used
with recirculation to another table.
Signed-off-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Joe Stringer <joestringer@nicira.com>
If conntrack recirculates, it should not stop processing the current
pipeline. The cloned packet will begin processing in the table specified
with the current metadata and action set; The current copy of the packet
will continue processing, including to return back to prior resubmit()
calls.
Reported-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Some versions of groff use termcap sequences for bold, italic, etc. by
default. The dist-docs script doesn't cope with those; it expects
sequences based on backspacing and overprinting. This commit fixes the
problem by setting an environment variable GROFF_NO_SGR that forces groff
to use backspacing.
Found on Fedora.
Reported-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Russell Bryant <rbryant@redhat.com>
'n' is the number of keys, which are grouped into blocks of L2_SIZE
indexes. Even if only one key in a block is allocated, the whole block has
a pointer to it that must be freed. Thus, we need to round up instead of
down.
Reported-at: https://github.com/openvswitch/ovs/pull/87
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
[cascardo: use IPv4-mapped IPv6 addresses]
Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Co-authored-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
lookup_ip will emit an error when used with an IPv6 address, like below.
2015-10-20T18:48:22.357Z|00036|socket_util|ERR|"2001:cafe::92" is not a valid IP address
Verify if address looks like IPv6 before giving it to either lookup_ip or
lookup_ipv6.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
These functions will be used by the next patches.
Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
The stage names were getting long and throwing off the formatting when
dumping the logical flows.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>
To decrement the IP TTL, the existing TTL can't be less than two. The
field is not bit-maskable, though, so "ip.ttl < 2" will not work.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>
The patchwork instance has been recreated, so this doesn't point any
place valid.
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Russell Bryant <rbryant@redhat.com>
Acked-by: Ben Pfaff <blp@ovn.org>
Currently when using QEMU v2.4.0+, two (or more) dpdkvhostuser ports cannot
be unbound from the kernel driver in the guest without causing the
ovs-vswitchd process to crash. Document this limitation and potential
workarounds.
Signed-off-by: Ciara Loftus <ciara.loftus@intel.com>
Acked-by: Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Filter out not only flows with recirculation actions, but also flows
with non-zero recirculation id in flow key when creating ukeys from
datapath flows, as such flows also depend on the recirculation
context, which have been lost after a restart.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>
Restrictions from embedded actions should be folded in rather than
discarded.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>
'conntrack' output format varies depending on the system
configuration, i.e., conntrack accounting or timestamping is enabled.
Modify the FORMAT_CT() macro to hide these differences.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>
Add a section that gives a quick introduction to applying ACLs. It
discusses how the ACLs are translated into OVN logical flows. It doesn't
get down to the OpenFlow level because that's not supported in
ovs-sandbox yet. Instead, it provides a reference to an OpenStack
related blog post that talks about how OVN ACLs are used there and gives
examples of the resulting OpenFlow flows.
In theory, once we have a userspace conntrack implementation available,
we'll be able to provide better suppot for it in ovs-sandbox.
Signed-off-by: Russell Bryant <rbryant@redhat.com>
Acked-by: Kyle Mestery <mestery@mestery.com>
Until now, the only way to specify multiple fields in the "fields"
parameter for the Netronome groups extension, was to specify "fields"
more than once, e.g. fields=eth_dst,fields=ip_dst
However, this wasn't documented and the code in ofp-print didn't use it,
generating output that couldn't be parsed.
This commit fixes the situation by introducing a more straightforward
syntax, e.g. fields(eth_dst,ip_dst), documents it, and adjusts ofp-print
code to use it when there is more than one field (it retains the previous
format for backward compatibility when there is exactly one field)
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Simon Horman <simon.horman@netronome.com>
dpctl_unixctl_handler() didn't fully initialize the dpctl_params structure
it passed to the handler, which meant that dpctl_help() could see a nonnull
(indeterminate) 'usage' pointer and jump through it, causes a crash.
This commit fixes the crash by fully initializing the structure.
The dpctl/help command wasn't going to do anything useful anyway, so this
commit also stops registering it.
Reported-by: Murali R <muralirdev@gmail.com>
Reported-at: http://openvswitch.org/pipermail/discuss/2015-October/019135.html
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
It is very easy to misuse these macros, because when the COMMAND
returns exit code "0" it is actually considered as if condition
evaluated to "true" and not "false" as some might think.
This patch ensures that this is clearly reflected in documentation.
Acked-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
This changed from 2 to 3 when ACLs got implemented, as it turned out
ACLs needed two tables (1 and 2).
While we're at it, do a bit of OCD formatting cleanup by fixing the
alignment of '\' at the end of each line in the logical flow table
defininitions.
Signed-off-by: Russell Bryant <rbryant@redhat.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Since commit 5935835968, the OVN nb and sb
schema definitions have included duplicate version entries. In the nb
case, the version has since been updated to 2.0.0, but only in one
place. Remove the duplicate version entries that were at the bottom of
the files.
Signed-off-by: Russell Bryant <rbryant@redhat.com>
Acked-by: Ben Pfaff <blp@nicira.com>
This code does some checking to validate the existing encaps for a
chassis to see if they need to be updated. This typo resulted in
ovn-controller re-creating its encap(s) every time this code ran, making
ovn-controller and ovsdb-server eat up a CPU in my testing.
Signed-off-by: Russell Bryant <rbryant@redhat.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Use the wording from RFC 5880 to describe the "diagnostic" and
"remote_diagnostic" fields.
Reported-by: Justin Pettit <jpettit@nicira.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>
Report invalid parameter to the userspace if the user tries to add a vport
tunnel type which is not supported by the kernel extension.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
