When using vhost-user client or server mode with OpenStack, Neutron needs
to be able to construct the fully qualified socket path and pass it to
Nova. While the relative vhost-user socket directory is exposed via the
Open_vSwitch table in other_config:vhost-sock-dir, the openvswitch run
directory that it is relative to is not. This patch adds it to the
Open_vSwitch table as external_ids:rundir.
Signed-off-by: Robert Wojciechowicz <robertx.wojciechowicz@intel.com>
Acked-by: Sean K Mooney <sean.k.mooney@intel.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Show table formatting options with help output from
ovn-nbctl, obn-sbctl, ovs-vsctl, and vtep-ctl commands.
Include "--data" option in ovsdb-client help output.
Signed-off-by: Lance Richardson <lrichard@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Various printf() format specifiers in the tree had minor technical issues
which the Mac OS build reported, e.g. here:
https://s3.amazonaws.com/archive.travis-ci.org/jobs/208718342/log.txt
These tend to fall into two categories of harmless warnings:
1. Wrong width for types that are all promoted to 'int'. For example,
both uint8_t and uint16_t are both promoted to 'int' as part of a call
to printf(), but using PRIu8 for a uint16_t causes a warning.
2. Wrong format specifier for type promoted to 'int' due to arithmetic.
For example, if 'x' is a uint8_t, then x >> 1 has type 'int' due to
C's promotion rules, so the correct format specifier is %d and using
PRIu8 will cause a warning.
This commit fixes the warnings. I didn't see anything that rose to the
level of a bug.
These warnings only showed up on Mac OS X because of differences in the
format specifiers that Mac OS uses for PRI*.
Reported-by: Shu Shen <shu.shen@gmail.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Flow key handling changes:
- Add VLAN header array in struct flow, to record multiple 802.1q VLAN
headers.
- Add dpif multi-VLAN capability probing. If datapath supports
multi-VLAN, increase the maximum depth of nested OVS_KEY_ATTR_ENCAP.
Refactor VLAN handling in dpif-xlate:
- Introduce 'xvlan' to track VLAN stack during flow processing.
- Input and output VLAN translation according to the xbundle type.
Push VLAN action support:
- Allow ethertype 0x88a8 in VLAN headers and push_vlan action.
- Support push_vlan on dot1q packets.
Use other_config:vlan-limit in table Open_vSwitch to limit maximum VLANs
that can be matched. This allows us to preserve backwards compatibility.
Add test cases for VLAN depth limit, Multi-VLAN actions and QinQ VLAN
handling
Co-authored-by: Thomas F Herbert <thomasfherbert@gmail.com>
Signed-off-by: Thomas F Herbert <thomasfherbert@gmail.com>
Co-authored-by: Xiao Liang <shaw.leon@gmail.com>
Signed-off-by: Xiao Liang <shaw.leon@gmail.com>
Signed-off-by: Eric Garver <e@erig.me>
Signed-off-by: Ben Pfaff <blp@ovn.org>
This commit adds a new feature to the learn actions: the possibility to
limit the number of learned flows.
To be compatible with users of the old learn action, a new structure is
introduced as well as a new OpenFlow raw action number.
There's a small corner case when we have to delete the ukey. This
happens when:
* The learned rule has expired (or has been deleted).
* The ukey that learned the rule is still in the datapath.
* No packets hit the datapath flow recently.
In this case we cannot relearn the rule (because there are no new
packets), and the actions might depend on the learn execution, so the
only option is to delete the ukey. I don't think this has big
performance implications since it's done only for ukey with no traffic.
We could also slowpath it, but that will cause an action upcall and the
correct datapath actions will be installed later by a revalidator. If
we delete the ukey, the next upcall will be a miss upcall and that will
immediatedly install the correct datapath flow.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
We need to use == instead of the is operator. If you're unlucky it may
fail because they're not exactly the same object, but hold the same
value.
Example false positive:
E(120): Inappropriate bracing around statement
+ if (0 != nl_attr_get_u8(vxlan[IFLA_VXLAN_LEARNING])
Fixes: 30c7ffd5ac ("utilities/checkpatch.py: Check for appropriate bracing")
Signed-off-by: Eric Garver <e@erig.me>
Signed-off-by: Russell Bryant <russell@ovn.org>
Currently, a controller may potentially trigger a segmentation fault if it
accidentally removes a TLV mapping that is still used by an active flow.
To resolve this issue, in this patch, we maintain reference counting for each
dynamically allocated variable length mf_fields, so that vswitchd can use this
information to properly remove a TLV mapping, and to return an error if the
controller tries to remove a TLV mapping that is still used by any active flow.
To keep track of the usage of tun_metadata for each flow, two 'uint64_t'
bitmaps are introduce for the flow match and flow action respectively. We use
'uint64_t' as a bitmap since the 64 geneve TLV tunnel metadata are the only
available variable length mf_fields for now. We shall adopt general bitmap when
more variable length mf_fields are introduced. The bitmaps are configured
during the flow decoding process, and vswitchd use these bitmaps to increase or
decrease the ref counting when the flow is created or deleted.
VMWare-BZ: #1768370
Fixes: 04f48a68c4 ("ofp-actions: Fix variable length meta-flow OXMs.")
Suggested-by: Jarno Rajahalme <jarno@ovn.org>
Suggested-by: Joe Stringer <joe@ovn.org>
Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com>
Signed-off-by: Joe Stringer <joe@ovn.org>
vl_mff_map is introduced in commit 04f48a68c4 ("ofp-actions: Fix variable
length meta-flow OXMs") to account variable length mf_field, and it is used
to decode variable length mf_field in ofp_action. In this patch, vl_mff_map
is further used to decode the variable length match field as well.
Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com>
Signed-off-by: Joe Stringer <joe@ovn.org>
https://review.openstack.org/#/c/432906/
flake8-import-order adds 3 new flake8 warnings:
I100: Your import statements are in the wrong order.
I101: The names in your from import are in the wrong order.
I201: Missing newline between sections or imports.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Add resubmit option to use the conntrack original direction tuple
swapped with the corresponding packet header fields during the lookup.
This could allow the same ACL table be used for admitting return
and/or related traffic as is used for admitting the original direction
traffic.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Joe Stringer <joe@ovn.org>
Supply the match mask to prerequisities checking when available. This
allows checking for zero-valued matches. Non-zero valued matches
imply the presense of corresponding mask bits, but for zero valued
matches we must explicitly check the mask, too.
This is required now only for conntrack validity checking due to the
conntrack state having and 'invalid' bit, but not 'valid' bit. One
way to match an valid conntrack state is to match on the 'tracked' bit
being one and 'invalid' bit being zero. The latter requires the
corresponding mask bit be verified.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Joe Stringer <joe@ovn.org>
When using ovs-tcpdump to mirror interfaces with MTU larger than the default,
Open vSwitch will lower the interfaces we are interested in monitoring.
Instead, probe the MTU and set the mirrored port's MTU value correctly.
Fixes: 314ce6479a ("ovs-tcpdump: Add a tcpdump wrapper utility")
Reported-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
The Open vSwitch daemons allow passing --user user[:group] to allow
spawning under different user privileges. ovs-ctl now accepts --ovs-user
in the same form to pass this argument on, as well as create databases and
data directories with the appropriate privileges.
Signed-off-by: Aaron Conole <aconole@redhat.com>
Reviewed-by: Markos Chandras <mchandras@suse.de>
Signed-off-by: Andy Zhou <azhou@ovn.org>
"make clean" should remove all files generated by building a program, while
"make distclean" should also remove files generated by configuring the
program. Previously some generated files during the build process, such
as man pages, were left behind when "make clean" was run. This commit
only leaves configuration files after "make clean" is run, and removes
all other generated files.
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Testcase 1057 ofproto-dpif - fragment handling - upcall reports
the following leak:
xrealloc (util.c:123)
vconn_dump_flows (vconn.c:1030)
read_flows_from_switch (ovs-ofctl.c:3360)
ofctl_replace_flows (ovs-ofctl.c:3433)
ovs_cmdl_run_command__ (command-line.c:115)
Signed-off-by: William Tu <u9012063@gmail.com>
Signed-off-by: Andy Zhou <azhou@ovn.org>
Previously, if a flow action that involves a tunnel metadata meta-flow
field is dumped from vswitchd, the replied field length in the OXM header
is filled with the maximum possible field length, instead of the length
configured in the tunnel TLV mapping table. To solve this issue, this patch
introduces the following changes.
In order to maintain the correct length of variable length mf_fields (i.e.
tun_metadata), this patch creates a per-switch based map (struct vl_mff_map)
that hosts the variable length mf_fields. This map is updated when a
controller adds/deletes tlv-mapping entries to/from a switch. Although the
per-swtch based vl_mff_map only hosts tun_metadata for now, it is able to
support new variable length mf_fields in the future.
With this commit, when a switch decodes a flow action with mf_field, the switch
firstly looks up the global mf_fields map to identify the mf_field type. For
the variable length mf_fields, the switch uses the vl_mff_map to get the
configured mf_field entries. By lookig up vl_mff_map, the switch can check
if the added flow action access beyond the configured size of a variable
length mf_field, and the switch reports an ofperr if the controller adds a flow
with unmapped variable length mf_field. Later on, when a controller request
flows from the switch, with the per-switch based mf_fields, the switch will
encode the OXM header with correct length for variable length mf_fields.
To use the vl_mff_map for decoding flow actions, extract-ofp-actions is
updated to pass the vl_mff_map to the required action decoding functions.
Also, a new error code is introduced to identify a flow with an invalid
variable length mf_field. Moreover, a testcase is added to prevent future
regressions.
Committer notes:
- Factor out common code
- Style fixups
- Rename OFPERR_NXFMFC_INVALID_VL_MFF -> OFPERR_NXFMFC_INVALID_TLV_FIELD
VMWare-BZ: #1768370
Reported-by: Harold Lim <haroldl@vmware.com>
Suggested-by: Joe Stringer <joe@ovn.org>
Suggested-by: Jarno Rajahalme <jarno@ovn.org>
Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com>
Signed-off-by: Joe Stringer <joe@ovn.org>
There is still plenty of opportunity for improvement, but this new
ovs-fields(7) manpage is much more comprehensive than ovs-ofctl(8)
could be.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
When one adds a new table to a database schema, it's easy to forget to
add the table to the list of tables in the *ctl.c program. When this
happens, the database commands for that program don't work on that table
at all, even for commands like "list" and "create" that don't need any
special help. This patch fixes that problem, by making sure that
db-ctl-base always has the complete list of tables.
Previously, each ctl_table_class pointed directly to the corresponding
ovsdb_idl_table_class. With this patch, there are instead two parallel
arrays, one of ovsdb_idl_table_classes and the other of ctl_table_classes.
This change accounts for the bulk of the change to the db-ctl-base code.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Lance Richardson <lrichard@redhat.com>
This was overlooked when "clone" was introduced.
Fixes: 7ae62a676d ("ofp-actions: Add clone action.")
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Mickey Spiegel <mickeys.dev@gmail.com>
Due to upstream Linux feature "automatic helper assignment", up until
recently when using ct() action with FTP traffic, it has not been
necessary to specify the ALG parameter. However, automatic helper
assignment was disabled in Linux 4.7 or later, in upstream commit
3bb398d925ec ("netfilter: nf_ct_helper: disable automatic helper
assignment"). Document the need for this.
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Jarno Rajahalme <jarno@ovn.org>
nx_put_match() needs a non-NULL tunnel metadata table, otherwise it will
crash if a flow matches on tunnel metadata.
This wasn't handled in ofputil_append_flow_update(), causing a crash
when the controller sent a flow monitor request.
To fix the problem, this commit changes ofputil_append_flow_update() to
behave like ofputil_append_flow_stats_reply().
Since ofputil_append_flow_update() now needs to temporarily modify the
match, this commits also embeds 'struct match' into 'struct
ofputil_flow_update', to be safer. This is more similar to
'struct ofputil_flow_stats'.
A regression test is added and a comment is updated in ovs-ofctl.c
#0 0x000055699bd82fa0 in memcpy_from_metadata (dst=0x7ffc770930d0, src=0x7ffc77093698, loc=0x18) at ../lib/tun-metadata.c:451
#1 0x000055699bd83c2e in metadata_loc_from_match_read (map=0x0, match=0x7ffc77093410, idx=0, mask=0x7ffc77093658, is_masked=0x7ffc77093287) at ../lib/tun-metadata.c:848
#2 0x000055699bd83d9b in tun_metadata_to_nx_match (b=0x55699d3f0300, oxm=0, match=0x7ffc77093410) at ../lib/tun-metadata.c:871
#3 0x000055699bce523d in nx_put_raw (b=0x55699d3f0300, oxm=0, match=0x7ffc77093410, cookie=0, cookie_mask=0) at ../lib/nx-match.c:1052
#4 0x000055699bce5580 in nx_put_match (b=0x55699d3f0300, match=0x7ffc77093410, cookie=0, cookie_mask=0) at ../lib/nx-match.c:1116
#5 0x000055699bd3926f in ofputil_append_flow_update (update=0x7ffc770940b0, replies=0x7ffc77094e00) at ../lib/ofp-util.c:6805
#6 0x000055699bc4b5a9 in ofproto_compose_flow_refresh_update (rule=0x55699d405b40, flags=(NXFMF_INITIAL | NXFMF_ACTIONS), msgs=0x7ffc77094e00) at ../ofproto/ofproto.c:5915
#7 0x000055699bc4b5f6 in ofmonitor_compose_refresh_updates (rules=0x7ffc77094e10, msgs=0x7ffc77094e00) at ../ofproto/ofproto.c:5929
#8 0x000055699bc4bafc in handle_flow_monitor_request (ofconn=0x55699d404090, oh=0x55699d404220) at ../ofproto/ofproto.c:6082
#9 0x000055699bc4f46d in handle_openflow__ (ofconn=0x55699d404090, msg=0x55699d404910) at ../ofproto/ofproto.c:7912
#10 0x000055699bc4f5df in handle_openflow (ofconn=0x55699d404090, ofp_msg=0x55699d404910) at ../ofproto/ofproto.c:8002
#11 0x000055699bc88154 in ofconn_run (ofconn=0x55699d404090, handle_openflow=0x55699bc4f5bc <handle_openflow>) at ../ofproto/connmgr.c:1427
#12 0x000055699bc85934 in connmgr_run (mgr=0x55699d3adb90, handle_openflow=0x55699bc4f5bc <handle_openflow>) at ../ofproto/connmgr.c:363
#13 0x000055699bc422c9 in ofproto_run (p=0x55699d3c85e0) at ../ofproto/ofproto.c:1798
#14 0x000055699bc31ec6 in bridge_run__ () at ../vswitchd/bridge.c:2881
#15 0x000055699bc320a6 in bridge_run () at ../vswitchd/bridge.c:2938
#16 0x000055699bc3784e in main (argc=10, argv=0x7ffc770952c8) at ../vswitchd/ovs-vswitchd.c:111
Fixes: 8d8ab6c2d5 ("tun-metadata: Manage tunnel TLV mapping table on a
per-bridge basis.")
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Ben Pfaff <blp@ovn.org>
Allow using match field names in addition to the canonical register
names in actions (including 'load', 'move', 'push', 'pop', 'output',
'multipath', 'bundle_load', and 'learn'). Allow also leaving out the
trailing '[]' to indicate full field. These changes allow simpler
syntax similar to 'set_field' to be used also elsewhere.
Correspondingly, allow the '[start..end]' syntax to be used in matches
in addition to the more explicit 'value/mask' notation. For example,
to match on the value 2 of the bits 14..15 of NXM_NX_REG0, the match
could include:
... reg0[14..15]=2 ...
instead of
... reg0=0x8000/0xc000 ...
Note that only contiguous masks can be specified with the bracket
notation.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
The kernel datapath provides support for TFTP helpers, so add support
for this ALG to the commandline and OpenFlow encoding/decoding.
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Ben Pfaff <blp@ovn.org>
Sometimes seeing the OpenFlow flows that back a given logical flow can
provide additional insight. This commit adds a new --ovs option to
ovn-trace that makes it connect to Open vSwitch over OpenFlow and retrieve
and print the OpenFlow flows behind each logical flow encountered during
a trace.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
There are currently five users of the table formatting library,
all of which default to "list" except for ovsdb-client which
defaults to "table". The library current default is "table",
and the table.man man page fragment only considers ovs-vsctl
to use something other than "table" as a default.As a result,
the man pages for ovn-sbctl and vtep-ctl are currently incorrect
(these options aren't documented in the ovn-nbctl man page, which
will need to be addressed in a future patch).
Fix by making the library default format "list" and handling
ovsdb-client as the exception.
Signed-off-by: Lance Richardson <lrichard@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
When the add-port command fails, vsctl reports the failure and just
suggests to check the logs for more details.
ovs-vswitchd fills the error column in the Interface table with a
description of the error, so it might be helpful to print that.
This is useful especially for dpdk devices, because the port naming
change could use a better error reporting.
I'm planning another patch to make sure that ovs-vswitch writes
appropriates information in the error column, after the dpdk port naming
changes are merged.
CC: Ben Pfaff <blp@ovn.org>
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Ben Pfaff <blp@ovn.org>
This is moved separately due to the sheer number of references to this
file in the codebase.
Signed-off-by: Stephen Finucane <stephen@that.guru>
Signed-off-by: Ben Pfaff <blp@ovn.org>
There are many docs that don't need to kept at the top level, along
with many more hidden in random folders. Move them all.
This also allows us to add the '-W' flag to Sphinx, ensuring unindexed
docs result in build failures.
Signed-off-by: Stephen Finucane <stephen@that.guru>
Signed-off-by: Ben Pfaff <blp@ovn.org>
There are a couple of references to these for various build systems.
The website is going to be our "one true resource" for all docs, so
simply remove these references.
Signed-off-by: Stephen Finucane <stephen@that.guru>
Signed-off-by: Ben Pfaff <blp@ovn.org>
This is a dumb move of all 'INSTALL*' docs, with very little
refactoring (mostly updating links and making the titles a little more
consistent. Additional refactoring will be done in subsequent changes.
Signed-off-by: Stephen Finucane <stephen@that.guru>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Without this patch, I see errors like this on master:
../ofproto/ipfix-gen-entities:115:1: E305 expected 2 blank lines after
class or function definition, found 1
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
pycodestyle >= 2.1.0 reports E305 otherwise, and the flake8-check step
fails.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Ben Pfaff <blp@ovn.org>
Before Open vSwitch 2.5.90, IPFIX reports from Open vSwitch didn't include
whether the packet was ingressing or egressing the switch. Starting in
OVS 2.5.90, this information was available but only accurate if the action
included a port number that indicated a tunnel. Conflating these two does
not always make sense (not every packet involves a tunnel!), so this patch
makes it possible for the sample action to simply say whether it's for
ingress or egress.
This is difficult to test, since the "tests" directory of OVS does not have
a proper IPFIX listener. This passes those tests, plus a couple that just
verify that the actions are properly parsed and formatted. Benli did test
it end-to-end in a VMware use case.
Requested-by: Benli Ye <daniely@vmware.com>
Tested-by: Benli Ye <daniely@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Simon Horman <simon.horman@netronome.com>
This adds a new argument and feature, 'check-file', which will allow
checkpatch to run against files instead of only against patches.
Signed-off-by: Aaron Conole <aconole@bytheb.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
The regex for the if/for/while bracket tests fails to distinguish
non-space text. This means text such as do_something_if() would match
incorrectly.
Additionally, the ends-with-bracket test doesn't allow for the common
coding paradigm:
if (condition) { /* Text about conditional. */
}
So fix that as well.
Signed-off-by: Aaron Conole <aconole@bytheb.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
When no 'Signed-off-by' tags are found, the output will look like:
E: No signatures found.
E: Too many signoffs; are you missing Co-authored-by lines?
Warnings: 0, Errors: 2
However, there should really only be one error reported in this case.
Signed-off-by: Aaron Conole <aconole@bytheb.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
The line numbers being printed were the line numbers for the patchfile.
This is sometimes okay to fix simple things (trailing or leading
whitespace, missing signoffs, etc). But more complicated fixes, or
those fixes which require a bit more care, aren't helped by this. So,
we use the implied file line number.
This can be useful with future work to 'mock' apply and build a real
contextual scanner for checking multi-line changes.
Signed-off-by: Aaron Conole <aconole@bytheb.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
These coding issues are not just things that shouldn't be done. They are
styles which should never be submitted.
Signed-off-by: Aaron Conole <aconole@bytheb.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
This makes it easier to distinguish between the line, and
the warning/error message.
Signed-off-by: Aaron Conole <aconole@bytheb.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
