Current version of debian/rules simply passes the libopenvswitch.a
as a command line argument via LDFLAGS, but that doesn't actually
lead to this library being statically linked into python extension,
which is a shared library. Instead, the build "succeeds", but the
resulted extension is not usable, because most of the symbols are
missing:
from ovs import _json
ImportError:
/usr/lib/python3/dist-packages/ovs/_json.cpython-310-x86_64-linux-gnu.so:
undefined symbol: json_parser_finish
'-lopenvswitch' with a path to a static library should be passed
instead to make it actually statically linked. But even that is not
enough as all the libraries that libopenvswitch.a was built with also
has to be passed. Otherwise, we'll have unresolved symbols like ssl,
cap-ng, etc.
The most convenient way to get all the required libraries and cflags
seems to be by using pkg-config.
Setting several environment variables for pkg-config, so it can find
the libopenvswitch.pc in non-standard directory, not skip default
locations and also report them with the right base directory.
Extra '-Wl,-Bstatic -lopenvswitch -Wl,-Bdynamic' is added before all
the libs to ensure static linking of libopenvswitch even if the
dynamic library is available in a system.
One more problem here is that it is not possible to link static
library into dynamic library if the static one is not position
independent. So, we have to build everything with -fPIC, otherwise
it's not possible to build C extensions.
Also added a simple CI script to check that we're able to use python
C extension after installing a package.
Fixes: 6ad3be9749 ("debian: Fix build of python json C extension.")
Acked-by: Frode Nordahl <frode.nordahl@canonical.com>
Reviewed-by: David Marchand <david.marchand@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
In order to correctly link with static libopenvswitch.a library,
users should also provide required cflags and all the libraries
libopenvswitch.a was actually built with and depends on. Otherwise,
it's not possible to link correctly.
Fixes: 671f93fe42 ("python: Allow building json C extension with static OVS library.")
Acked-by: Frode Nordahl <frode.nordahl@canonical.com>
Reviewed-by: David Marchand <david.marchand@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
SSL, BPF, lcap-ng and other libraries are in use by a static library,
so they has to be linked while building applications with that static
library, i.e. 'pkg-config --libs --static libopenvswitch' must return
-lssl, -lcap-ng, etc. in the output for a successful build.
For dynamic library (non-private Libs) all these libraries will be
dynamically linked to libopenvswitch.so, so the application will
pick them up without having a direct dependency.
Acked-by: Frode Nordahl <frode.nordahl@canonical.com>
Reviewed-by: David Marchand <david.marchand@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Currently, openvswitch-devel installs following header tree:
/usr/include
/openflow/*.h
/openvswitch
/*.h
/openflow/*.h
/openvswitch/*.h
/sparse/*.h
/lib/*.h
Few issues with that:
1. openflow and openvswitch headers are installed twice. Once in the
main /usr/include and second time in the /usr/include/openvswitch/.
2. For some reason internal headers such as lib/*.h and fairly useless
headers such as sparse/*.h are installed as well.
One more issue is that current pkg-config files doesn't work with
builds installed with 'make install', because 'make install' doesn't
create this weird header tree.
While double install of same headers is not a huge problem, it doesn't
seem right. Installation of the internal headers is a bigger issue.
They are not part of API/ABI and we do not provide any stability
guarantees for them. We are making incompatible changes constantly in
minor updates, so users should not rely on these headers.
If it's necessary for some external application to use them, this
external application should not link with libopenvswitch dynamically
and also it can't expect the static library to not break these API/ABI,
hence there is no real point installing them. Application should use
OVS as a submodule like OVN does or compile itself by obtaining
required version of OVS sources otherwise. Another option is to
properly export and install required headers.
pkg-config configuration files updated as necessary.
Fixes: 4886d4d249 ("debian, rhel: Ship ovs shared libraries and header files")
Reviewed-by: David Marchand <david.marchand@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
PyModule_AddObject() may fail and it doesn't steal references
in this case. The error condition should be handled to avoid
possible memory leaks.
And while it's not strictly specified if PyModule_Create may
fail, most of the examples in python documentation include
handling of a NULL case.
Acked-by: Mike Pattrick <mkp@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Bond master netdev may be created without a classification type, due
to routing or tunneling code.
If bond master is not attached to ovs, the ingress block on LAG members
should not be updated.
Simple reproducer:
tc q ls dev net3 ingress
ip a add 10.1.1.1/30 dev bond0
ip l set net3 master bond0
tc q ls dev net3 ingress
Fixes: d22f8927c3 ("netdev-linux: monitor and offload LAG slaves to TC")
Signed-off-by: Tao Liu <thomas.liu@ucloud.cn>
Acked-by: Roi Dayan <roid@nvidia.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
When netdev first opened by netdev_open(..., NULL, ...), netdev_class sets
to system by default, and auto_classified sets to true.
If netdev reopens by netdev_open(..., "system", ...), auto_classified
should be cleared. This will be used in next patch to fix lag issue.
Fixes: 8c2c225e48 ("netdev: Fix netdev_open() to track and recreate classless interfaces")
Signed-off-by: Tao Liu <thomas.liu@ucloud.cn>
Acked-by: Roi Dayan <roid@nvidia.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
On my Fedora 36, the test with enabled offloads often fails with one of
those ping failing.
By chance (?), the previous tcpdumps are not stopped and I can see for
example:
10:04:02.534492 IP 10.1.1.1 > 10.1.1.2: ICMP echo request, id 62835, seq 2, length 72
10:04:02.639443 IP 10.1.1.1 > 10.1.1.2: ICMP echo request, id 62835, seq 3, length 72
10:04:02.743447 IP 10.1.1.1 > 10.1.1.2: ICMP echo request, id 62835, seq 4, length 72
10:04:02.846447 IP 10.1.1.1 > 10.1.1.2: ICMP echo request, id 62835, seq 5, length 72
10:04:02.950519 IP 10.1.1.1 > 10.1.1.2: ICMP echo request, id 62835, seq 6, length 72
10:04:03.054697 IP 10.1.1.1 > 10.1.1.2: ICMP echo request, id 62835, seq 7, length 72
10:04:03.158448 IP 10.1.1.1 > 10.1.1.2: ICMP echo request, id 62835, seq 8, length 72
10:04:03.262541 IP 10.1.1.1 > 10.1.1.2: ICMP echo request, id 62835, seq 9, length 72
10:04:03.366444 IP 10.1.1.1 > 10.1.1.2: ICMP echo request, id 62835, seq 10, length 72
10:04:03.466501 IP 10.1.1.1 > 10.1.1.2: ICMP echo request, id 62835, seq 11, length 72
The first ping request has not been handled correctly.
Adding a sleep 1 (like other offloads unit tests) seems to be enough to
avoid this situation.
Fixes: 02dabb21f2 ("tests: Add check_pkt_len action test to system-offload-traffic.")
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Ping process remains in the system after the test. Using a proper
macro that will correctly register it for stopping at cleanup stage.
Fixes: 134e6831ac ("system-traffic: Check frozen state handling with TLV map change")
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Reviewed-by: David Marchand <david.marchand@redhat.com>
A connection is established if we see packets from both directions.
The cited commit fixed the issue of sending twice in one direction,
but still an issue if more than that.
Fix it.
Fixes: a867c010ee ("conntrack: Fix conntrack new state")
Signed-off-by: Eli Britstein <elibr@nvidia.com>
Acked-by: Paolo Valerio <pvalerio@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Since Python 2 is not supported anymore, remove Python 2 support from C
extension too
Fixes: 1ca0323e7c ("Require Python 3 and remove support for Python 2.")
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
There is no need to log if the implementation didn't change.
Scalar one is default, any change will be logged. And availability
is not really important to log at INFO level. Moving these logs
to DBG level to avoid littering the log file and confusing users.
We do the same for miniflow_extract and datapath interface
implementations.
Additionally text of the log message made more readable and uniform
with the one used for miniflow_extract.
Fixes: 95e4a35b0a ("odp-execute: Add function pointers to odp-execute for different action implementations.")
Acked-by: Emma Finn <emma.finn@intel.com>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
The MTU vport unit tests do not clean up testpmd after use which causes
them to fail randomly. This commit amends the MTU vport unit tests to
clean up testpmd after running.
Fixes: bf47829116 ("tests: Add OVS-DPDK MTU unit tests.")
Reported-by: Ilya Maximets <i.maximets@ovn.org>
Acked-by: Kumar Amber <kumar.amber@intel.com>
Acked-by: Sunil Pai G <sunil.pai.g@intel.com>
Signed-off-by: Michael Phelan <michael.phelan@intel.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
When we send parallel flows such as VXLAN to a PF[1] port in OVS with
multiple PMDs. OVS will create a RTE flow with Mark and RSS actions to
send flows to the software data path. But the RSS action does not work
well and all the flows are forwarded to a single PMD. This is because
RSS hash types should be set in RSS action.
[1]: In our testbed, a Mellanox ConnectX-6 is used as a PF port.
[i.maximets]
DPDK PMD drivers supposed to provide "best-effort" RSS configuration
if the type is set to zero. However, they are very inconsistent in
practice and barely put any effort to provide a good configuration.
For example, mlx5 driver seems to use just RTE_ETH_RSS_IP, which is
not enough for most deployments.
Setting the types the same way we configure them for a normal RSS
in netdev-dpdk to workaround the scalability issue.
Signed-off-by: Harold Huang <baymaxhuang@gmail.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
nw_frag was not being printed in the flow key because it was improperly
masked and printed. Since this field is only two bits, it needs to use a
different macro to be masked. During printing, the switch statement
switched on the whole 8 bits rather than just the two that are relevant.
This caused nw_frag to often not be printed at all.
Signed-off-by: Rosemarie O'Riorden <roriorden@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
ovsdb/ directory should not be a dependency, otherwise the man
page is getting re-built every time unrelated files are changed.
Fixes: 6f24c2bc76 ("ovsdb: Add Local_Config schema.")
Acked-by: Dumitru Ceara <dceara@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
While it looks like the right python3 versions of those dependencies
seems to be installed in the CI, prefer calling this via pip3 like the
rest of the script.
Fixes: 445dceb884 ("python: Introduce unit tests.")
Signed-off-by: David Marchand <david.marchand@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
This config param allows the delivery of broadcast and multicast
packets to the secondary interface of non-lacp bonds, equivalent
to the option 'all_slaves_active' for Linux kernel bonds.
Reported-at: https://bugzilla.redhat.com/1720935
Signed-off-by: Christophe Fontaine <cfontain@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Based on pyparsing, create a very simple filtering syntax.
It supports basic logic statements (and, &, or, ||, not, !), numerical
operations (<, >), equality (=, !=), and masking (~=). The latter is only
supported in certain fields (IntMask, EthMask, IPMask).
Masking operation is semantically equivalent to "includes",
therefore:
ip_src ~= 192.168.1.1
means that ip_src field is either a host IP address equal to 192.168.1.1
or an IPMask that includes it (e.g: 192.168.1.1/24).
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
A ODPFlow is a Flow with the following sections:
ufid
info (e.g: bytes, packets, dp, etc)
match
actions
Only three datapath actions require special handling:
gre: because it has double parenthesis
geneve: because it supports many concatenated lists of options
nat: we reuse the decoder used for openflow actions
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Introduce OFPFlow class and all its decoders.
Most of the decoders are generic (from decoders.py). Some have special
syntax and need a specific implementation.
Decoders for nat are moved to the common decoders.py because it's syntax
is shared with other types of flows (e.g: dpif flows).
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
It simplifies the implementation of different types of flows by creating
the concept of Section (e.g: match, action) and automatic accessors for
all the provided Sections
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Based on meta-field information extracted by extract_ofp_fields,
autogenerate the right decoder to be used.
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
In order to be able to reuse the core extraction logic, split the command
in two parts. The core extraction logic is moved to python/build while
the command that writes the different files out of the extracted field
info is kept in build-aux.
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Some openflow or dpif flows encode their arguments in lists, eg:
"some_action(arg1,arg2,arg3)". In order to decode this in a way that can
be then stored and queried, add ListParser and ListDecoders classes
that parse lists into KeyValue instances.
The ListParser / ListDecoders mechanism is quite similar to KVParser and
KVDecoders. Since the "key" of the different KeyValue objects is now
ommited, it has to be provided by ListDecoders.
For example, take the openflow action "resubmit" that can be written as:
resubmit([port],[table][,ct])
Can be decoded by creating a ListDecoders instance such as:
ListDecoders([
("port", decode_default),
("table", decode_int),
("ct", decode_flag),
])
Naturally, the order of the decoders must be kept.
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Add more decoders that can be used by KVParser.
For IPv4 and IPv6 addresses, create a new class that wraps
netaddr.IPAddress.
For Ethernet addresses, create a new class that wraps netaddr.EUI.
For Integers, create a new class that performs basic bitwise mask
comparisons
netaddr is added as a new shoft dependency:
- extras_require in setup.py
- Suggests in deb and rpm packages
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Most of ofproto and dpif flows are based on key-value pairs. These
key-value pairs can be represented in several ways, eg: key:value,
key=value, key(value).
Add the following classes that allow parsing of key-value strings:
* KeyValue: holds a key-value pair
* KeyMetadata: holds some metadata associated with a KeyValue such as
the original key and value strings and their position in the global
string
* KVParser: is able to parse a string and extract it's key-value pairs
as KeyValue instances. Before creating the KeyValue instance it tries
to decode the value via the KVDecoders
* KVDecoders holds a number of decoders that KVParser can use to decode
key-value pairs. It accepts a dictionary of keys and callables to
allow users to specify what decoder (i.e: callable) to use for each
key
Also, flake8 seems to be incorrectly reporting an error (E203) in:
"slice[index + offset : index + offset]" which is PEP8 compliant. So,
ignore this error.
Acked-by: Terry Wilson <twilson@redhat.com>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
This adds 4 new unit tests to the 'check-dpdk' subsystem that will
test Quality of Service (QoS) functionality.
Signed-off-by: Michael Phelan <michael.phelan@intel.com>
Signed-off-by: Ian Stokes <ian.stokes@intel.com>
As of Open vSwitch release 2.18 the OVS kernel module is no longer
supported. Pull the documentation references.
Reviewed-by: David Marchand <david.marchand@redhat.com>
Signed-off-by: Greg Rose <gvrose8192@gmail.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Since the openvswitch project inception it has had support for building
a Linux kernel module to support the OVS kernel datapath. Since Linux
kernel release 5.8 support for newer kernels has been deprecated. Now
is the time to fully discontinue support for building the openvswitch
kernel driver. Since Linux 5.9 the Linux built-in openvswitch kernel
driver supports all necessary features and functions of the kernel
datapath and the need to support this additional "out of tree" kernel
module is gone.
Remove the --with-linux configuration support from the acinclude.m4
configuration and warn user it is not supported any longer.
Signed-off-by: Greg Rose <gvrose8192@gmail.com>
Reviewed-by: David Marchand <david.marchand@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Update the necessary make and configure files to remove the Linux
datapath and then remove the datapath.
Move datapath/linux/compat/include/linux/openvswitch.h to
include/linux/openvswitch.h because it is needed to generate header
files used by the userspace switch.
Also remove references to the Linux datapath from auxiliary files
and utilities since it is no longer supported.
Signed-off-by: Greg Rose <gvrose8192@gmail.com>
Reviewed-by: David Marchand <david.marchand@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
On the back of changing the debian/ubuntu packaging, update the
docs to refer to existing packages.
Signed-off-by: Frode Nordahl <frode.nordahl@canonical.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
