This patch fixes the following warning caused by a switch case
which was not handled.
lib/netdev-vport.c:144:5: error: enumeration value
‘OVS_VPORT_TYPE_FT_GRE’ not handled in switch
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Tunnel caching was added to reduce CPU utilization on TX path
by caching packet header, So performance gain is directly proportional
to number of skbs transferred. But with help of offloads skb are getting
larger. So there are less number of skbs. Therefore header caching does
not shows similar gains we seen in past. And now kernel 3.6 has removed
dst caching from networking which makes header caching even more tricky.
So this commit removes header caching from OVS tunnelling.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
The CAPWAP implementation is just the encapsulation format and
therefore really not the full protocol. While there were some
uses of it (primarily hardware support and UDP transport). But
these are most likely better provided by VXLAN. As a result,
CAPWAP will be removed no earlier than February 2013.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
This is a complementary patch to the other one I sent out previously.
The purpose of it is to make it more obvious that tunnel pmtud is
deprecated and will be removed soon.
Requested-by: Jesse Gross <jesse@nicira.com>
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
In near future we will switch to the flow-based tunneling and drop path
MTU discovery support. This patch prepares for that by changing the default
PMTUD value from 'enabled' to 'disabled'.
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Extend GRE to have a 64-bit key. Use GRE sequence number to
store upper 32-bits of the key, but this is not standard way of
using GRE sequence number.
Bug #13186
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
When unparsing the kernel tunnel configuration, TTL was incorrectly
converted to "tos". Although it leads to confusing configuration
output, actual operation is not affected.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Kyle Mestery <kmestery@cisco.com>
Otherwise the kernel will reject it later and the result is no tunnel,
whereas a tunnel with an unexpected TOS seems like a better result.
Bug #12566.
Reported-by: Luca Giraudo <lgiraudo@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Commit 2a586a5 (ipsec gre: Do not reread ovs monitor ipsec pidfile in
netdev vport so much) attempts to cache the pid of ovs-monitor-ipsec so
that it's not re-checked so often. Unfortunately, it also cached error
returns, so errors never recover. This commit continues to check for
the process's existence after an error.
Issue #12399
Reported-by: Paul Ingram <paul@nicira.com>
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Instead of rereading ovs-monitor-ipsec pidfile in netdev-vport so much. It's
probably only necessary to check once if ovs-monitor-ipsec is running,
and then cache the result. If the result is negative, then it may be
worthwhile to try again the next time someone tries to configure an ipsec
tunnel.
Signed-off-by: Arun Sharma <arun.sharma@calsoftinc.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
A smap is a string to string hash map. It has a cleaner interface
than shash's which were traditionally used for the same purpose.
This patch implements the data structure, and changes netdev and
its providers to use it.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Replaced all instances of Nicira Networks(, Inc) to Nicira, Inc.
Feature #10593
Signed-off-by: Raju Subramanian <rsubramanian@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
I did not check that tap devices otherwise work. This at least allows
them to be part of a bridge again.
Reported-by: Janis Hamme <janis.hamme@student.kit.edu>
Something like this, on two separate vswitches, works to try it out:
route add -net 224.0.0.0 netmask 240.0.0.0 dev eth0
ovs-vsctl \
-- add-port br0 gre0 \
-- set interface gre0 type=gre options:remote_ip=224.0.0.1
Runtime tested on Linux 3.0, build tested on Linux 2.6.18, both i386.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
netdev_find_dev_by_in4() appears to no longer be used and thus
can be removed. This also allows netdev_enumerate(), the
enumerate member of struct netdev_class and netdev_linux_enumerate()
to be removed.
I noticed this as netdev_linux_enumerate() makes use of if_nameindex()
and if_freenameindex() which are not available when compiling using
the Android NDK r6b (Android API level 13).
Currently ovs is using device stats for Linux devices and count them
itself in other situations. This leads to overlap with hardware stats,
inconsistencies, etc. It's much better to just always count the packets
flowing through the switch and let userspace do any merging that it wants.
Following patch removes vport->get_stats() interface. vport-stat is changed
to use new `struct ovs_vport_stat` rather than rtnl_link_stats64.
Definitions of rtnl_link_stats64 is removed from OVS. dipf_port->stat is also
removed as aggregate stats are only available at netdev layer.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Most netdev provider functions are allowed to be null if the implementation
does not support this feature. This commit adds this feature for get_mtu
and set_mtu, and changes netdev-vport to take advantage of it.
Also, changes netdev_get_mtu() to report an MTU of 0 on error, instead of
leaving the MTU indeterminate.
There is no need to have vport attribute MTU (OVS_VPORT_ATTR_MTU) as
linux net-dev-ioctl can be used to get/set MTU for linux device.
Following patch removes OVS_VPORT_ATTR_MTU from datapath protocol.
This patch also adds netdev_set_mtu interface. So that MTU adjustments
can be done from OVS userspace. get_mtu() interface is also changed, now
get_mtu() returns EOPNOTSUPP rather than returning 0 and setting *pmtu
to INT_MAX in case there is no MTU attribute for given device.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Add tunnel key support to CAPWAP vport. Uses the optional WSI field in a
CAPWAP header to store a 64bit key. It can also be used without keys, in which
case it is backward compatible with the old code. Documentation about the
WSI field format is in CAPWAP.txt.
Signed-off-by: Valient Gough <vgough@pobox.com>
[horms@verge.net.au: Various minor fixes (v4.1)]
Signed-off-by: Simon Horman <horms@verge.net.au>
[jesse: Additional parsing fixes]
Signed-off-by: Jesse Gross <jesse@nicira.com>
The only rtnetlink specific functionality contained in the
rtnetlink module is the use of the NETLINK_ROUTE protocol. This
can easily be passed in by callers.
In preparation for generalization, this patch renames
rtnetlink.[ch] to netlink-notifier.[ch]. Future patches will
complete the transition.
The prefix "ODP_*" is not overly descriptive in the context of the
larger Linux tree. This commit changes the prefix to "OVS_*" for the
userpace to kernel interactions. The userspace libraries still use
"ODP_" in many of their interfaces since it is more descriptive in the
OVS oeuvre.
Feature #6904
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Until now, each call to netdev_open() for a particular network device
had to either specify a set of network device arguments that was either
empty or (for devices that already existed) equal to the existing device's
configuration. Unfortunately, the definition of "equality" in the latter
case was mostly done in terms of strict equality of string-to-string maps,
which caused problems in cases where, for example, one set of arguments
specified the default value of an optional argument explicitly and the
other omitted it.
The netdev interface does have provisions for defining equality other ways,
but this had only been done in one case that was especially problematic in
practice. One way to solve this particular problem would be to carefully
define equality in all the problematic cases.
This commit takes another approach based on the realization that there is
really no need to do any comparisons. Instead, it removes configuration
at netdev_open() time entirely, because almost all of netdev_open()'s
callers are not interested in creating and configuring a netdev. Most of
them just want to open a configured device and use it. Therefore, this
commit stops providing any configuration arguments to netdev_open() and the
provider functions that it calls. Instead, a caller that does want to
configure a device does so after it opens it, by calling
netdev_set_config().
This change allows us to simplify the netdev interface a bit. There is no
longer any need to implement argument comparisons. As a result, there is
also no need for "struct netdev_dev" to keep track of configuration at all.
Instead, the network devices that have configuration keep track of it in
their own internal form.
This new interface does mean that it becomes possible to accidentally
create and try to use an unconfigured netdev that requires configuration.
Bug #6677.
Reported-by: Paul Ingram <paul@nicira.com>
The Open vSwitch tree only has one user of the ability for a netdev to
receive packets from a network device. Thus, this commit simplifies the
common-case use of the netdev interface by replacing the "ethertype" option
from "struct netdev_options" by a new netdev_listen() call.
The only user of netdev_listen() wants to receive all packets from a
network device, so this commit also removes the ability to restrict the
received packets to a particular protocol. (This ability was once used by
the Open vSwitch integrated DHCP client, but that code has been removed.)
This commit also simplifies and improves the implementation of the code
in netdev-linux that started listening to a network device. Before, I had
not figured out how to avoid receiving all packets on all devices before
binding to a particular device, but I took a closer look at the kernel code
and figured it out.
I've tested that the userspace datapath (dpif-netdev), the only user of
netdev_recv(), still works after this change.
Commit aebf423 (netdev: Add methods to do netdev-specific argument
comparisons.) added a new config_equal_ipsec() function to ignore
IPsec key options when comparing an existing netdev's options with a new
netdev. We only ignored the options for the new netdev configuration,
which works when pulling the existing configuration from the kernel.
Unfortunately, if this is just a re-init of a netdev for which we just
created, this ignoring of the IPsec key options on the new netdev will
cause the check to fail, since the full options actually available in
both netdevs. This commit just ignore all IPsec key options from both
netdevs.
When doing a netdev_open(), a check is first done to make sure the
arguments are equivalent for any open devices with the same name. In
most cases, a simple shash comparison is sufficient. However, IPsec
key configuration is handled by an external program, so it is not pushed
down into the kernel module. Thus, when the "unparse_config" method is
called on an existing IPsec-based vport, a simple comparison with the
returned data will not match the original configuration. This commit
adds code to allow netdev-specific argument comparisons and has
"ipsec_gre" make use of them.
Bug #5575
An upcoming commit will introduce another function that needs to convert
between rtnl_link_stats64 and netdev_stats, so it seemed best to just add
functions to do the conversion.
Split existing pmtud tunnel option's functionality into three. Existing pmtud
option still exists, but now governs only whether datapath sends ICMP frag
needed messages. New df_inherit option controls whether DF bit is copied from
packet inner header to outer tunnel header. New df_default option controls
whether DF bit is set if inner packet isn't IP or if df_inherit is disabled.
Suggested-by: Jesse Gross <jesse@nicira.com>
Signed-off-by: Andrew Evans <aevans@nicira.com>
Feature #5456.
It was suggested by Jesse that it would be better to just not create
IPsec tunnel devices if the ovs-monitor-ipsec daemon is not running. He
had legitimate concerns about users missing the warning message printed
and traffic possibly going out unencrypted.
Suggested-by: Jesse Gross <jesse@nicira.com>
IPsec tunnels are only supported on Debian systems running
ovs-monitor-ipsec. Since that daemon configures IPsec, ovs-vswitchd
doesn't know whether IPsec will actually work. With this commit, a
warning is printed that it is unlikely to work unless that daemon is
started.
There is a more serious issue that IPsec traffic can pass unencrypted if
that daemon is not running. To fix that problem, changes to the kernel
module will need to occur. A future commit will address that issue, but
this earlier warning will be useful regardless.
Bug #4854
shash_find_data() returns an shash_node's 'data' member, but this code here
wants the shash_node itself, so it needs to use shash_find() instead.
This bug meant that any attempt to add a single netdev_vport to more than
one netdev_monitor would cause a segmentation fault. Here's an example
command that reproduces it reliably for me under valgrind (because ofproto
always monitors its ports and the bridge monitors bond interfaces):
ovs-vsctl -- add-bond br0 bond0 p0 p1 \
-- set interface p0 type=patch options:peer=p1 \
-- set interface p1 type=patch options:peer=p0
Bug #4527.
Reported-by: Krishna Miriyala <krishna@nicira.com>
This commit makes several changes to the route_table code used to
populate tunnel_egress_iface.
- It removes name_table code from netdev-vport and puts it into
route-table.
- It no longer attempts to build the name_table dynamically by
listening to rtnetlink-link notifications. Instead it dumps the
entire table, and uses rtnetlink-link notifications to indicate a
re-dump is required.
- It forces rtnetlink-link notifications to re-dump the routing
table. This fixes an issue where bringing an interface down or
removing it altogether would not have the expected effect on
related tunnel_egress_ifaces.
netdev-vport unregistered the routing table in its destroy
function, but registered it in its init function. This could
cause the routing table to be unregistered when it shouldn't have
been causing segmentation faults.
Bug #4526.
I can't see any real value in maintaining a dp_idx separate from the
ifindex of the local port. With the current implementation it also
artificially limits the number of datapaths.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
This commit calls genl_lock() and thus doesn't support Linux before
2.6.35, which wasn't exported before that version. That problem will
be fixed once the whole userspace interface transitions to Generic
Netlink a few commits from now.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
One of the goals for Open vSwitch is to decouple kernel and userspace
software, so that either one can be upgraded or rolled back independent of
the other. To do this in full generality, it must be possible to add new
features to the kernel vport layer without changing userspace software.
The customary way to do this in the Linux networking stack is to use
Netlink and in particular Netlink attributes. This commit adopts that
model for the vport layer. It does not yet actually start using the
Netlink socket layer, which will come later.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
I plan to make the vport type part of the standard header stuck on each
Netlink message related to a vport. As such, it is more convenient to use
an integer than a string. In addition, by being fundamentally different
from strings, using an integer may reduce the confusion we've had in the
past over the differences in userspace and kernel names for network device
and vport types.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
