Until now ovs-vswitchd has created the files in /proc/net/bonding, but not
updated them, because there was little need. But the Citrix QA tests check
that the list of bond hashes in that file is kept up-to-date, so we need
to update them whenever the bond hashes (or other data in the file) change.
This commit does that.
Bug NIC-16.
The Citrix QA scripts require the bond hashes and their assigned devices
to be noted in /proc/net/bonding. We weren't doing that, so this commit
adds them.
Bug NIC-16.
The license file indicated that the software is licensed under the GPLv3
license. This commit corrects that to state that it's licensed under
the Apache 2.0 license with the exception of the "datapath" directory,
which is GPLv2. The style and abbreviations were from the following
page:
http://fedoraproject.org/wiki/Packaging/LicensingGuidelines
Previously, the only way to query the flow table was to run "ovs-ofctl
dump-flows". This returned most flows, but not those marked hidden by
secchan. Hidden flows are setup by mechanisms such as in-band control,
since they must not be modified by users of the controller. However,
when debugging problems on the switch, it is often useful to see what
the flow table is actually doing. The new "bridge/dump-flows" command
added to ovs-appctl shows all flows being used by the OpenFlow stack.
I had thought that Automake was smart enough to ignore conditionals around
EXTRA_DIST, so that all files always got distributed regardless of whether
Automake conditionals were set. I was wrong.
This pushes the conditionals for building the ezio binaries down into
extras/ezio/automake.mk and thereby makes adding ezio3.ti to EXTRA_DIST
unconditional, so that it always gets distributed. Otherwise, this file
will not be distributed on systems that don't have curses or don't have
PCRE, which is very surprising.
I had thought that Automake was smart enough to ignore conditionals around
EXTRA_DIST, so that all files always got distributed regardless of whether
Automake conditionals were set. I was wrong.
This commit removes the --disable-userspace option to "configure", which
put a conditional around most of Makefile.am and thus unintentionally
caused most of the distribution to be left out if --disable-userspace was
specified. The alternative (fixing --disable-userspace) seems like too
much work--it would require pushing "if ENABLE_USERSPACE" down into lots
of subdirectory--and would be difficult to maintain.
DHCP requests were sent with a source port of 66, when it should be 68.
This code has been tested, so apparently many DHCP servers don't pay
attention to the source port. This commit also adds #define's for the
DHCP ports, so that magic numbers don't need to be used.
The function send_ofmp_error_msg() is not currently used, so it was
producing compiler warnings that it was defined. Remove the function
until it's needed.
Autotest doesn't provide a lot of benefit by itself but it does allow us
to easily put a wrapper around each test by using a macro to invoke it.
(To do that with the built-in Automake test framework you need to write
or generate a separate wrapper script for each test, which is a pain.)
The next commit will take advantage of this possibility by adding support
for code coverage analysis.
Before now, the default probe interval (the idle time after which an echo
request is sent on an OpenFlow connection) was set to 15 seconds. The
fail-open timeout is 3 times the probe interval, so this meant that it
took 45 seconds for a switch to fail open.
Users at Nicira have commented that this is too long. They don't like the
idea that the network will be down for most of a minute before it begins to
recover. So this commit changes the default probe interval to 5 seconds,
hence the fail-open timeout to 15 seconds.
Users at Nicira have commented that a maximum reconnection time of 15
seconds, which was the default, is too long. This commit cuts it to 8
seconds, on the theory that an administrator is willing to wait that long
before deciding that a change that should restore connectivity did not
work.
The other-config:vSwitchVersion parameter was used to announce the Open
vSwitch version installed on a XenServer host, but this had the problem
that it could not be read or updated if the connection to the pool master
was down. Because of this problem, the only user of this parameter in
Open vSwitch was removed (in commit 3cdc31a4c3a "xenserver: Retrieve
vSwitch version from binary in xsconsole"). So this commit finished the
process and removes the parameter entirely.
This should fix hangs on Open vSwitch installation and removal due to
waiting on the connection to the pool master.
The xapi database for PIFs specifies the MAC address that should be used
for bonds, but interface-reconfigure didn't honor it and ovs-vswitchd
didn't have a way to configure it anyhow. This commit fixes both problems.
Bug #1645.
This works around a bug in xhad, which binds to a particular Ethernet
device, which in turn causes ICMP port unreachable messages if packets are
received are on the wrong interface, which in turn can happen if we send
out ARP replies on every interface (as Linux does by default) instead of
just on the interface that has the IP address being ARPed for, which this
sysctl setting in turn works around.
Justin Pettit did most of the work tracking down the origin of this bug.
Bug #1378.
The xsconsole plugin shows status information about Open vSwitch. The
version information was retrieved from XAPI, but this could cause
problems. The most easily reproduced is to make a XenServer part of a
pool, then remove it. The version string is no longer in the
XenServer's local XAPI view, so it reports "<unknown>". A more direct
way to get the information is to directly query the binary, which is
what this commit does.
Bug #1626
Until now, setting a netflow collector to a DNS name would cause
secchan to attempt to resolve that DNS name each time that the set of
netflow collectors is re-set. For the vswitch, this is every time that
the vswitch reconfigures itself.
Unfortunately, DNS lookup within secchan cannot work as currently
implemented, because it needs both an asynchronous DNS resolver library
and in-band control updates. Currently we have neither. Attempting to
look up DNS anyway just hangs.
This commit disables DNS lookup entirely, and updates the documentation to
change user expectations. DNS still won't work, but at least it won't
hang.
Bug #1609.
Creating a bond from the network device that holds the Xen management
connection automatically transfers the management connection to that bond.
However, we weren't properly removing the IP address from the network
devices that constituted the bond. This commit fixes that problem.
Bug #1566.
The kernel only handles a single VLAN per bridge, but vswitchd can deal
with all the VLANs on a single bridge. This commit makes "brctl showmacs"
pretend that the former is the case even though the latter is the
implementation.
Bug #1567.
The "fdb/show" unixctl command was showing vswitch-internal port indexes,
which cannot be meaningfully interpreted by software outside vswitchd.
Also, they potentially change every time the vswitchd configuration file
changes. This commit changes it to use a datapath port index instead,
which are both more meaningful and more stable.
In an upcoming change, brcompat will need to receive bulk data from
ovs-brcompatd. The existing brcompat infrastructure for receiving data
only supports returning an error code, so this commit adds the ability to
receive an arbitrary sk_buff and updates the existing users to handle it.
In an upcoming commit, ovs-brcompatd will need to create a subprocess and
capture both its stdout and stderr separately, which one cannot do with
simple interfaces such as popen(). This function provides that ability.
To prevent fatal signals in a child process from causing the parent
process's pidfile, etc. to be deleted, we need to block fatal signals
around fork and call fatal_signal_fork() in the child process.
This problem was noticed through code inspection; it has not been observed
in practice.
To implement "brctl showmacs" for bridge compatibility, brcompatd needs to
be able to extract the MAC learning table from ovs-vswitchd. This provides
a way, and it may be directly useful to switch administrators also.
OpenFlow 0.9 will change the interpretation of a max_len of 0 in an
OFPP_CONTROLLER output action from "send entire packet" to "send 0 bytes
of packet", but ovs-ofctl documents that specifying no argument or "ALL"
as the argument to a CONTROLLER output action sends the whole packet, so
we need to make that happen.
If a network device takes a few seconds to detect carrier, as some do, then
when bringing up a network device and then immediately adding that device
to a bridge, the bond code would start out with that slave considered down
and apply the full updelay to it before bringing it up. With the 31-second
updelay set by XenServer, this is excessive: we end up having no
connectivity at all for 31 seconds even though there is no reason for it.
This commit makes the bond code disregard the updelay when an interface
comes up on a bond that has no enabled interfaces, and updates the
documentation to match.
Part of bug #1566.
When providing the ability to force coverage printouts to occur, some
code was moved around that allowed the "hash" variable to be used
unitialized. This fixes that.
Thanks to Ben for pointing out the problem.
Bug #1577
Before commit 72ca14c1 "datapath: Fix race against workqueue in dp_dev and
simplify code," the dp_dev network device had a device queue, and we would
orphan packets before sticking them on the queue. This screwed up socket
accounting a bit, but the effect was limited to the device queue length.
Now, after that commit, the dp_dev device has no device queue, but it still
orphans packets. This screws up socket accounting a *lot*, because the
effect is now unlimited, since there is no queue to limit it.
The solution is to not orphan packets at all. There is little need for it
now since packet transmission now happens immediately, not in a workqueue
whose execution may be delayed.
This should fix bug #1519, which tests "netperf -t UDP_STREAM" performance,
finding that an unrealistically high number of UDP packets could be sent
but that none at all were received. The send rate is due to the orphaning,
the receive rate presumably because at least one out of approx. 65535/1500
= 44 fragments per full packet were dropped in each case.
The in-band control code needs to know the IP and port of both ends of the
control connection. However, the vconn code was only reporting the local
address after the connection had already succeeded, which created a
chicken-and-egg problem. In practice we would fail to connect until the
switch went into fail-open, at which point the connection would go through.
Fortunately, we can get the local IP address right after we try to connect,
not just after the connection completes, so this commit changes the code
to do that.
This commit also breaks setting the remote IP and port into functions
separate from vconn_init(), which makes the code more readable.
