This commit introduces a new data structure used for receiving packets from
netdevs and passing them to dpifs.
The purpose of this change is to allow storing some private data for each
packet. The subsequent commits make use of it.
Signed-off-by: Daniele Di Proietto <ddiproietto@vmware.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
rte_eal_init() returns the number of parsed dpdk arguments to skip.
dpdk_init() should add 1 to that number, because it has already skipped
the "--dpdk" argument itself.
This patch also makes sure the program name is ovs-vswitchd in
rte_eal_init() and proctitle_init().
Signed-off-by: Daniele Di Proietto <ddiproietto@vmware.com>
Signed-off-by: Ryan Wilson <wryan@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Previously the out_port of a flow monitor was
checked in ofmonitor_report() using ofoperation_has_out_port().
When ofoperation_has_out_port() was removed so was the call to
it in ofmonitor_report() thus flow monitor updates are longer
filtered on the out_port.
This restores filtering on the out_port by using
ofproto_rule_has_out_port to check the actions of the rule.
If the actions have been changed by a modify actions then
ofpacts_output_to_port() is also used to check the old actions.
This patch also adds a test to exercise out_ports for flow monitors.
This resolves what appears to be a regression introduced by
b20f4073eecd4761 ("ofproto: Do straightforward removal of asynchronous flow
operations.")
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
The introduction of a %zu in datapath/flow_netlink.c with commit c1fc1411
revealed a problem with out-of-tree builds.
printf-check and thread-safety-check skip some directories with a 'grep -v'.
In the case of an out-of-tree build, the grep -v pattern doesn't work, because
it assumes the pathnames to be relative to the OVS root directory.
This commit fixes the problem by changing the directory before executing any
commands, like we do elsewhere in Makefile.am
Signed-off-by: Daniele Di Proietto <ddiproietto@vmware.com>
Signed-off-by: Joe Stringer <joestringer@nicira.com>
It's possible that the tunnel information may not have been set by
userspace before a packet is output to a tunnel port. Therefore, we
should ensure that we validate that the information is there before
attempting to use it.
Signed-off-by: Jesse Gross <jesse@nicira.com>
This adds support for Geneve - Generic Network Virtualization
Encapsulation. The protocol is documented at
http://tools.ietf.org/html/draft-gross-geneve-00
The kernel implementation is completely agnostic to the options
that are in use and can handle newly defined options without
further work. It does this by simply matching on a byte array
of options and allowing userspace to setup flows on this array.
Userspace currently implements only support for basic version of
Geneve. It can work with the base header (including the VNI) and
is capable of parsing options but does not currently support any
particular option definitions. Over time, the intention is to
allow options to be matched through OpenFlow without requiring
explicit support in OVS userspace.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
As the size of the flow key grows, it can put some pressure on the
stack. This is particularly true in ovs_flow_cmd_set(), which needs several
copies of the key on the stack. One of those uses is logically separate,
so this factors it out to reduce stack pressure and improve readibility.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Some tunnel formats have mechanisms for indicating that packets are
OAM frames that should be handled specially (either as high priority or
not forwarded beyond an endpoint). This provides support for allowing
those types of packets to be matched.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Currently, the flow information that is matched for tunnels and
the tunnel data passed around with packets is the same. However,
as additional information is added this is not necessarily desirable,
as in the case of pointers.
This adds a new structure for tunnel metadata which currently contains
only the existing struct. This change is purely internal to the kernel
since the current OVS_KEY_ATTR_IPV4_TUNNEL is simply a compressed version
of OVS_KEY_ATTR_TUNNEL that is translated at flow setup.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
As new protocols are added, the size of the flow key tends to
increase although few protocols care about all of the fields. In
order to optimize this for hashing and matching, OVS uses a variable
length portion of the key. However, when fields are extracted from
the packet we must still zero out the entire key.
This is no longer necessary now that OVS implements masking. Any
fields (or holes in the structure) which are not part of a given
protocol will be by definition not part of the mask and zeroed out
during lookup. Furthermore, since masking already uses variable
length keys this zeroing operation automatically benefits as well.
In principle, the only thing that needs to be done at this point
is remove the memset() at the beginning of flow. However, some
fields assume that they are initialized to zero, which now must be
done explicitly. In addition, in the event of an error we must also
zero out corresponding fields to signal that there is no valid data
present. These increase the total amount of code but very little of
it is executed in non-error situations.
Removing the memset() reduces the profile of ovs_flow_extract()
from 0.64% to 0.56% when tested with large packets on a 10G link.
Suggested-by: Pravin Shelar <pshelar@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
When deleting a mask from the mask array, we always move the last entry
into its current location. Another approach can be NULL in its
current place, and periodically compact it.
The approach taken by this patch is more efficient during run
time. During look up, fast path packet don't have to skip over NULL
pointers.
A more important advantage of this approach is that it tries to
keep the mask array index stable by avoiding periodic index
reshuffle.
This patch implements an optimization to further promote index
stability. By leaving the last entry value intact when moving it
to a new location, the old cache index can 'fix' themselves, by noticing
the index in the cache is outside the valid mask array region. The
new index can be found by scanning the mask pointer within the valid
rtegion.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Simplify flow mask cache replacement without using expensive atomic
memory access to the mask pointers.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
This commit adds logic that checks the return value of status_txn
transaction and runs the update again if the transaction fails
(transaction status is not 'TXN_SUCCESS', 'TXN_UNCHANGED', or
'TXN_INCOMPLETE').
To keep the code simple, the re-run of update on transaction failure
will extracts the status from all interfaces, rather than just those
that have status change. Since the transaction failure is considered
to be very rare, such overhead is deemed to be affordable.
VMware-BZ: 1256577
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Currently, ofproto_port_get_bfd/cfm_status() is used to check the
bfd/cfm status change and query the status change. Users decide
what to do with the filled status struct based on the return value
of the funciton. Such design is confusing and makes the caller
code hard to read.
This commit breaks the function into a status change check function
and a status query function, so that they become easier to read and
use.
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
This commit adds a new function, cfm_get_status(), for extracting
all cfm status at once. This helps avoid the sequence of lock
acquire/release in current implementation of status query.
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Non-leader revalidator thread uses pthread_barrier_* functions in their
main loop to synchronize with leader thread. However, since those threads
only call poll_block() intermittently, the poll interval check in
poll_block() can wrongly take the time since last call as poll interval
and issue the following warnings:
"Unreasonably long XXXXms poll interval".
To prevent it, this commit implements the barrier struct and operations
for OVS which allow thread to block on barrier via poll_block().
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
In most cases, tunnel ports specify a dpif name to act as the backing
port in the datapath. However, in the case of UDP tunnels the type is
used with the port number appended. This is potentially a problem for
IPsec tunnels because they have different types but should have the
same backing port. The hasn't been a problem in practice though because
no UDP tunnels are currently used with IPsec.
This switches to use the dpif_port in all cases plus a port number if
necessary. It does this by making the names short enough to accomodate
ports, which also makes the naming more consistent.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
We've forgotten more than once. Most updates coincide with adding
new flow members, so a build assertion on FLOW_WC_SEQ seems appropriate.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>
If NXFMF_OWN is set then full updates should be sent.
Prior to this change an abbreviated update is always sent
to the controller to which a monitor belongs, that is,
the NXFMF_OWN flag is ignored.
Also:
* Update existing flow tests for this chagne
* Add a test to exercise NX flow monitor with !own
I noticed this while working on support for OpenFlow1.4 flow monitors.
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
The flow monitoring tests includes a perl script to sort multiline
messages. This commit breaks it out of an individual test so that it can
be used elsewhere.
Signed-off-by: Simon Horman <horms@verge.net.au>
[blp@nicira.com changed approach from a separate file to a shell function]
Signed-off-by: Ben Pfaff <blp@nicira.com>
On windows platform, TCP_NODELAY can only be set when TCP
is established. If the conection is not immediately returning
success, call it when state is changed from TCP_CONNECTING
to SSL_CONNECTING.
Signed-off-by: Linda Sun <lsun@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
A few Open vSwitch source files use a type named HANDLE on Windows systems,
in a way that makes it easier to avoid #ifdefs if we have a dummy
definition on other platforms. <linux/types.h> was a really weird place
for this dummy definition. This commit moves it to util.h.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Gurucharan Shetty <gshetty@nicira.com>
When reaching the end of a prefix trie, we checked one bit off the end
to the intended data. However, since the trie node in that case has
NULLs for both edge links, this did not result in incorrect
functionality.
Found via check-valgrind.
Reported-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
trie_lookup_value() is easier to read with the local variable 'plen'
renamed as 'ofs'.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
When calculating the source port for the UDP header, LISP primarily
uses skb_get_hash() but needs a backup in case this fails. The
current backup is a hash of the entire flow key but this includes
many fields that probably would not be considered to be part of a
flow in many situations. It assumes that all fields, including those
not used, are zeroed out which will soon not be the case.
This switches to using a hash of the IP addresses instead, which
solves both problems. These should always be present since LISP
encapsulates L3 packets.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
The new command is of the form 'time/warp LARGE_MSECS MSECS'.
It advances the current monotonic time by LARGE_MSECS. This is done MSECS
at a time in each run of the main thread. This gives other threads
time to run after the clock has been advanced by MSECS.
The old command would continue to work.
Rationale: On Windows, process creation is slower. When we have tests
that run 'ovs-appctl time/warp MSECS' hundreds of times in a for loop,
the time it takes to complete the test increases. This is specially
true for bfd tests. For e.g, the 11 bfd tests would take 3.5 minutes
to complete before this change and now takes a little less than 2 minutes.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
This is analogous to Nicira extension support.
This is in preparation for supporting EXT-187: flow entry notification
extension (ONF flow monitor).
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Add OFPRAW_OFPST14_FLOW_MONITOR_REQUEST and
OFPRAW_OFPST14_FLOW_MONITOR_REPLY.
This is a step towards supporting OpenFlow1.4 flow monitors.
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Add OFPET_FLOW_MONITOR_FAILED which is added in OpenFLow1.4.
Map the OFPERR_NXBRC_FM_* errors to the corresponding new OpenFlow errors.
This is a step towards supporting OpenFlow1.4 flow monitors.
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This is in preparation for supporting OpenFlow1.4
flow monitor requests.
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
dd51dae29bccca3 ("ofproto: Move logic for collecting read-only rules into
rule_criteria.") modifies modify_flows__ such that the variable error,
the return value, may be uninitialised if either of the following is true:
1. ofproto->ofproto_class->rule_premodify_actions is NULL
2. rules->n is zero
It appears for the "bfd - Verify tunnel down detection" test
in the testsuite the first condition is true and the test fails.
This commit fixes the problem.
Signed-off-by: Simon Horman <horms@verge.net.au>
[blp@nicira.com changed the style of the fix]
Signed-off-by: Ben Pfaff <blp@nicira.com>
In queue_userspace_packet(), the ovs_nla_put_flow return value is
not checked. This is fine as long as key_attr_size() returns the
correct value. In case it does not, the current code may corrupt buffer
memory. Add a run time assertion catch this case to avoid silent
failure.
Reported-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
The key_attr_size() was not updated when RECIRC_ID and DP_HASH
key fields are added to support recircualtion. This patch fixes it.
Reported-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
VMware-BZ: 1266214
Since dpif_netdev_enumerate() is used for "netdev" and "dummy" class, it
incorrectly lists dpif-netdevs as "dummy" and vice versa.
This patches address the issue by changing the dpif-provider interface: a
dpif_class parameter is passed to the 'enumerate' call to match the right class.
Signed-off-by: Daniele Di Proietto <ddiproietto@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
When a flow with a "learn" action is deleted, one often wants the flows
that it created (the "learned flows") to be deleted as well. This commit
makes that possible.
I am aware of a race condition that could lead to a learned flow not being
properly deleted. Suppose thread A deletes a flow with a "learn" action.
Meanwhile, thread B obtains the actions for this flow and translates and
executes them. Thread B could obtain the actions for the flow before it is
deleted, but execute them after the "learn" flow and its learned flows are
deleted. The result is that the flow created by thread B persists despite
its "learn" flow having been deleted. This race can and should be fixed,
but I think that this commit is worth reviewing without it.
VMware-BZ: #1254021
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Ethan Jackson <ethan@nicira.com>
The delete_flow__() function had two callers, each of which had to
correctly call ofmonitor_flush() when completely done. An upcoming commit
will add another function that the callers need to call. This is easier
if delete_flow__() only has one caller, so this commit refactors so that
it does, and inlines delete_flow__() into that caller for further
simplification.
Also remove a parameter from delete_flows__() that wasn't really needed
and change its return type to void since it can't ever fail.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Ethan Jackson <ethan@nicira.com>
Nothing actually used 'provider_meter_id', but some code did want to know
whether there was a meter, so we can save a little space by using a bool
instead. An upcoming commit will add a second bool member. This change
allows that bool to be added without using extra space.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
This commit finishes the removal of asynchronous flow table operations
begun in the previous commit, by removing ofoperation and ofopgroup
entirely and all of the code that depended on them. Following this commit,
all the internal documentation and comments should again be consistent and
correct.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
Open vSwitch has supported datapaths that cannot update their flow tables
synchronously for many versions. In that time, I have talked to many
hardware implementers. None of them has ever mentioned the asynchronous
interface. Furthermore, the only public hardware implementation of an Open
vSwitch datapath (from Centec), does not use the asynchronous interface.
At the same time, the asynchronous interface makes ofproto hard to read and
hard to understand. It also makes it hard to maintain and extend. An
extension in an upcoming commit would be very difficult to implement
asynchronously.
Therefore, this commit begins to remove the asynchronous interface. This
initial commit does only the most straightforward parts of the removal, the
ones that do not significantly change the structure of the code. For
example, this commit does not remove the ofoperation or ofopgroup data
structures at the core of the asynchronous interface, but instead reduces
them to a vestigial form: where previously an ofoperation might span
multiple trips through the main loop (if the operation were truly
asynchronous), now it always completes immediately.
The following commit will do more structural changes. It will also update
all the comments, which are mostly left alone here.
The hope is that this structuring of the asynchronous removal into two
stages will make it easier to understand and review. If not, the commits
could be squashed.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
It's nicer to pass around a single argument than a pair of them. This
will also make it easier to change the 'const struct ofp_header *request'
parameters to 'ovs_be32 xid' ones in an upcoming commit.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
ofproto supports OpenFlow tables that the controller can view but not
modify. Until now, the logic for this was separately implemented in each
flow table operation, which meant that it was somewhat error-prone and in
fact seems missing entirely for "delete" operations. This commit
implements the "modify" and "delete" side of that logic in the common code
for collecting a group of rules to work on, thereby slightly simplifying
the somewhat tricky modify_flows__() function and fixing the bug in
deletion.
There isn't a good way to reuse this logic for "add" operations.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
In OpenFlow, a single "flow_mod" operation can change the actions (and
some other properties) of an arbitrary number of flows. Until now,
Open vSwitch has assumed that any subset of these operations could
fail. However, it has come out in discussion in the OpenFlow extensibility
working group that "partial failure" of a flow table operation is
undesirable, and furthermore that it should be possible to avoid it on
hardware implementations. (The latter is the reason that Open vSwitch
permitted it to be with.)
This commit changes Open vSwitch to check whether all of a set of flow
table modifications will succeed before it initiates any of them.
This will not change visible behavior of the Open vSwitch software
switch, which never failed flow table modifications anyway. It might
change behavior of some hardware implementation, but I don't actually know
of any.
ONF-JIRA: EXT-362.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
