When reference counting for json objects was introduced the
old json_clone() function became json_deep_clone(), but it
still calls shallow json_clone() while cloning objects and
arrays not really producing a deep copy.
Fixing that by making other functions to perform a deep copy
as well. There are no users for this functionality inside
OVS right now, but OVS exports this functionality externally.
'ovstest test-json' extended to test both versions of a clone
on provided inputs.
Fixes: 9854d473adea ("json: Use reference counting in JSON objects")
Acked-by: Dumitru Ceara <dceara@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
The "tcp vconn - refuse connection" test may fail due to a Connection
Refused error. The network stack returns ECONNREFUSED on a reset
connection in SYN_SENT state and EPIPE or ECONNRESET in all other
cases.
2022-09-19T17:45:48Z|00001|socket_util|INFO|0:127.0.0.1: listening on
port 34189
2022-09-19T17:45:48Z|00002|poll_loop|DBG|wakeup due to [POLLOUT][
POLLERR][POLLHUP] on fd 4 (127.0.0.1:47140<->) at ../lib/stream-fd.
c:153
test-vconn: unexpected vconn_connect() return value 111 (Connection
refused)
../../tests/vconn.at:21: exit code was 1, expected 0
530. vconn.at:21: 530. tcp vconn - refuse connection (vconn.at:21):
FAILED (vconn.at:21)
This was observed from a CI system, and isn't a common case.
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Mike Pattrick <mkp@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Part of the uuidset implementation is taken from the OVN codebase where
it was added via commit 0e77b3bcbfe2 ("ovn-northd-ddlog: New
implementation of ovn-northd based on ddlog.").
We now extend that, adding a few helpers and tests.
Co-authored-by: Leonid Ryzhyk <lryzhyk@vmware.com>
Signed-off-by: Leonid Ryzhyk <lryzhyk@vmware.com>
Co-authored-by: Justin Pettit <jpettit@ovn.org>
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Co-authored-by: Ben Pfaff <blp@ovn.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Signed-off-by: Dumitru Ceara <dceara@redhat.com>
Reviewed-by: Ales Musil <amusil@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Considering two DB rows, 'a' from table A and 'b' from table B (with
column 'ref_a' a reference to table A):
a = {A._uuid=<U1>}
b = {B._uuid=<U2>, B.ref_a=<U1>}
Assuming both records are inserted in the IDL client's in-memory view
of the database, if row 'b' is also deleted in the same run, it should
generate the following tracked changes:
- for table A:
- inserted records: a = {A._uuid=<U1>}
- for table B:
- inserted records: b = {B._uuid=<U2>, B.ref_a=<U1>}
- deleted records: b = {B._uuid=<U2>, B.ref_a=<U1>}
Before this patch, inserted and deleted records in table B
would (in some cases [0]) be b = {B._uuid=<U2>, B.ref_a=[]}.
Having B.ref_a=[] would violate the integrity of the database from
client perspective.
test-ovsdb has also been updated to show that one row can be
both inserted and deleted within one IDL run.
[0] In ovn-controller the fact that the reference is NULL caused a
crash in the following case, when both commands were handled by
ovn-controller within the same loop:
$ ovn-nbctl ls-add sw0 -- lsp-add sw0 sw0-port1 -- \
lsp-set-addresses sw0-port1 "50:54:00:00:00:01 192.168.0.2"
$ ovn-nbctl lsp-del sw0-port1
Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2126450
Fixes: 91e1ff5dde39 ("ovsdb-idl: Don't reparse orphaned rows.")
Signed-off-by: Xavier Simonart <xsimonar@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Improve the test by adding and varying the MTU of a DPDK null port to check if
relevant mempools are created/(re)used.
Acked-by: Kevin Traynor <ktraynor@redhat.com>
Tested-by: Michael Phelan <michael.phelan@intel.com>
Signed-off-by: Sunil Pai G <sunil.pai.g@intel.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
If the PACKET_OUT from controller ends up with sending packet to
a bond interface, the main thread will take locks in the following
order:
handle_openflow
--> take ofproto_mutex
handle_packet_out
packet_xlate
output_normal
bond_update_post_recirc_rules
--> take rwlock in bond.c
If at the same time revalidator thread is processing other packet
with the output to the same bond:
xlate_actions
output_normal
bond_update_post_recirc_rules
--> take rwlock in bond.c
update_recirc_rules
ofproto_dpif_add_internal_flow
ofproto_flow_mod
--> take ofproto_mutex
So, it is possible for these 2 threads to lock each other by
taking one lock and waiting for another thread to release the
second lock.
It is also possible for the main thread to lock itself up by trying
to acquire ofproto_mutex for the second time, if it will actually
proceed with update_recirc_rules() after taking the bond rwlock.
The problem appears to be that bond_update_post_recirc_rules()
is called during the flow translation even if side effects are
prohibited, which is the case for openflow PACKET_OUT handling.
Skipping actual flow updates during the flow translation if
side effects are disabled to avoid the deadlock.
Since flows are not installed now when actions translated for
very first packet, installing initial flows in bond_reconfigure().
This will cover the case of allocating a new recirc_id.
Also checking if we need to update flows in bond_run() to cover
link state changes.
Regression test is added to catch the double lock case.
Reported-at: https://github.com/openvswitch/ovs-issues/issues/259
Reported-by: Daniel Ding <zhihui.ding@easystack.cn>
Fixes: adcf00ba35a0 ("ofproto/bond: Implement bond megaflow using recirculation")
Acked-by: Mike Pattrick <mkp@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
GCC 12.2.1 on Fedora 36 generates the following false-positive
warning that is treated as error with -Werror:
tests/test-list.c: In function 'test_list_construction':
tests/test-list.c:110:9: error: 'values' may be used uninitialized
110 | check_list(&list, values, n);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
For some reason it fails to recognize that array will not
be used if 'n' equals zero.
Fix that by just initializing arrays in full before using,
since it's just a test code.
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Most of commands in ovs-ofctl and ovs-appctl can display port names
instead of port numbers by using --names option. This change adds
similar functionality to ofproto/trace.
For backward compatibility, the default behavior is the same as
before.
Acked-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
GNU grep 3.8 started complaining about use of obsolete egrep/fgrep:
egrep: warning: egrep is obsolescent; using grep -E
This breaks tests on such systems. All the instances was cleaned up
from the testsuite, but the checkpatch check is needed to catch issues
in new patches.
Acked-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
GNU grep 3.8 started to emit warnings when invoking egrep/fgrep. In some
cases this breaks tests that check stderr. Replace the commands with
their grep -E and grep -F counterparts throughout.
Reported-at: https://bugzilla.opensuse.org/show_bug.cgi?id=1203239
Submitted-at: https://github.com/openvswitch/ovs/pull/395
Signed-off-by: Andreas Stieger <Andreas.Stieger@gmx.de>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Using [NETNS|OVS]_DAEMONIZE will start tcpdump in the background,
and it will also make sure it gets killed in corner cases.
For the check_pkt_len tests, we also kill tcpdump between individual
tests in the same test case to avoid confusion when analyzing results.
This also required some changes to the awk expressions, as an extra
newline is added to the output when tcpdump gets stopped.
Fixes: 02dabb21f243 ("tests: Add check_pkt_len action test to system-offload-traffic.")
Suggested-by: David Marchand <david.marchand@redhat.com>
Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
If tnl_port_should_receive() is false, we're looking for a normal
port, not a tunnel one. And it's better to print recirculation IDs
in hex since they are typically printed this way in flow dumps.
Fixes: d40533fc820c ("odp-util: Improve log messages and error reporting for Netlink parsing.")
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
When OFPROTO non-reversible actions are translated to data plane
actions, the only thing looked at is if there are more actions
pending. If this is the case, the action is encapsulated in a
clone().
This could lead to unnecessary clones if no meaningful data
plane actions are added. For example, the register pop in the
included test case.
The best solution would probably be to build the full action
path and determine if the clone is needed. However, this would
be a huge change in the existing design, so for now, we just try
to optimize the generated datapath flow. We can revisit this
later, as some of the pending CT issues might need this rework.
Fixes: feee58b9587f ("ofproto-dpif-xlate: Keep track of the last action")
Fixes: dadd8357f224 ("ofproto-dpif: Fix issue with non-reversible actions on a patch ports.")
Acked-by: Ales Musil <amusil@redhat.com>
Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Remove the current xenserver implementation - it is obsolete and
since 3.0 we do not support kernel module builds [1].
1. https://mail.openvswitch.org/pipermail/ovs-dev/2022-July/395789.html
[i.maximets]
Can be added back if people willing to maintain it will be found.
Signed-off-by: Greg Rose <gvrose8192@gmail.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
The following test sequence:
conntrack - IPv4 fragmentation incomplete reassembled packet
conntrack - IPv4 fragmentation with fragments specified
leads to a systematic failure of the latter test on the kernel
datapath (linux). Multiple executions of the former may also lead to
multiple failures.
This is due to the fact that fragments not yet reassembled are kept in
a queue for /proc/sys/net/ipv4/ipfrag_time seconds, and if the
kernel receives a fragment already present in the queue, it returns
-EINVAL.
Below the related log message:
|00058|dpif|WARN|system@ovs-system: execute ct(commit) failed (Invalid argument)
on packet udp,vlan_tci=0x0000,dl_src=50:54:00:00:00:09,dl_dst=50:54:00:00:00:0a,
nw_src=10.1.1.1,nw_dst=10.1.1.2,nw_tos=0,nw_ecn=0,nw_ttl=0,nw_frag=first,tp_src=1,
tp_dst=2 udp_csum:0
Fix the sequence by sending the second fragment in "conntrack - IPv4
fragmentation incomplete reassembled packet", once the checks are
done.
IPv6 tests are not affected as the defrag kernel code path pretends to
add the duplicate fragment to the queue returning -EINPROGRESS, when a
duplicate is detected.
Signed-off-by: Paolo Valerio <pvalerio@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
The permanent neighbor entry for fc00::1 is added into a wrong
namespace, so in order to reply to a ping from at_ns1, the
address of fc00::1 has to be discovered. Interfaces are attached
to OVS and we're removing flows that can forward ND requests
after initial setup. In case ND request wasn't sent and replied
before that, at_ns1 will not be able to discover fc00:1 and won't
reply to pings.
It's hard to catch this condition while running tests locally,
but for some reason our CI is failing consistently.
Fix the issue by removing all the unnecessary permanent entries
and just allowing all the normal traffic to flow through the
low priority OVS flow, so all addresses can be discovered.
Also adding one more wait to avoid occasional drops of the very
first packet.
Fixes: 2ff43c78c685 ("packets: Re-calculate IPv6 checksum only for first frag upon modify.")
Acked-by: Salem Sol <salems@nvidia.com>
Acked-by: Michael Phelan <michael.phelan@intel.com>
Acked-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
OVS kernel module is incorrectly updating checksums while changing
IPv6 fields of later fragments that doesn't really have L4 headers.
This makes the 'ping6 between two ports with header modify' test
fail on most of the distribution kernels.
The issue got indirectly fixed in latest 5.19 with commit:
12378a5a75e3 ("net: openvswitch: fix parsing of nw_proto for IPv6 fragments")
The reason is that set_ipv6() function in net/openvswitch/actions.c
is using the protocol number from the parsed flow key and not from
the packet itself, and nw_proto=44 is not a protocol where we can
update the checksum.
It was backported to all supported upstream stable trees, but didn't
find its way to most of the distributions yet.
Restricting the test to 5.19+ kernels to avoid failures on distro
kernels. Additionally allowing the previous test for later fragments
to be executed in userspace testsuite.
Fixes: 2ff43c78c685 ("packets: Re-calculate IPv6 checksum only for first frag upon modify.")
Acked-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
With just released flake8 5.0 we're getting a bunch of E275 errors:
utilities/bugtool/ovs-bugtool.in:959:23: E275 missing whitespace after keyword
tests/test-ovsdb.py:623:11: E275 missing whitespace after keyword
python/setup.py:105:8: E275 missing whitespace after keyword
python/setup.py:106:8: E275 missing whitespace after keyword
python/ovs/db/idl.py:145:15: E275 missing whitespace after keyword
python/ovs/db/idl.py:167:15: E275 missing whitespace after keyword
make[2]: *** [flake8-check] Error 1
This breaks CI on branches below 2.16. We don't see a problem right
now on newer branches because we're installing extra dependencies
that backtrack flake8 down to 4.1 or even 3.9.
Acked-by: Mike Pattrick <mkp@redhat.com>
Acked-by: Dumitru Ceara <dceara@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
$NC_EOF_OPT should be used to avoid some netcat implementations
to wait indefinitely.
This fixes the check-offloads testsuite hanging in Ubuntu 22.04.
Fixes: 5660b89a309d ("dpif-netlink: Offloading meter to tc police action")
Acked-by: Mike Pattrick <mkp@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
A new check for common mistakes while formatting a 'Fixes:' tag.
Acked-by: Sunil Pai G <sunil.pai.g@intel.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
In case of modifying an IPv6 packet src/dst address the L4 checksum
should be recalculated only for the first frag. Currently it's done
for all frags, leading to incorrect reassembled packet checksum.
Fix it by adding a new flag to recalculate the checksum only for the
first frag.
Fixes: bc7a5acdff08 ("datapath: add ipv6 'set' action")
Signed-off-by: Salem Sol <salems@nvidia.com>
Acked-by: Mike Pattrick <mkp@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
LeakSanitizer for some reason reports these json objects as leaked,
even though we do have references to them at the moment ovs_fatal()
called from check_ovsdb_error().
Previously it complained only with -O2, but with newer versions of
clang/llvm it started complaining even with -O1. For example, negative
ovsdb parsing tests are failing on ubuntu 22.04 with clang 14 if built
with ASan and detect_leaks=1.
Fix that by destroying the json object before aborting the process.
And we may also build with default -O2 in CI with that change.
Alternative implementation might be to just pass the json to destroy
to every check_ovsdb_error() call, but indirect registering of the
pointer seems a bit less invasive.
Acked-by: Ales Musil <amusil@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
On my Fedora 36, the test with enabled offloads often fails with one of
those ping failing.
By chance (?), the previous tcpdumps are not stopped and I can see for
example:
10:04:02.534492 IP 10.1.1.1 > 10.1.1.2: ICMP echo request, id 62835, seq 2, length 72
10:04:02.639443 IP 10.1.1.1 > 10.1.1.2: ICMP echo request, id 62835, seq 3, length 72
10:04:02.743447 IP 10.1.1.1 > 10.1.1.2: ICMP echo request, id 62835, seq 4, length 72
10:04:02.846447 IP 10.1.1.1 > 10.1.1.2: ICMP echo request, id 62835, seq 5, length 72
10:04:02.950519 IP 10.1.1.1 > 10.1.1.2: ICMP echo request, id 62835, seq 6, length 72
10:04:03.054697 IP 10.1.1.1 > 10.1.1.2: ICMP echo request, id 62835, seq 7, length 72
10:04:03.158448 IP 10.1.1.1 > 10.1.1.2: ICMP echo request, id 62835, seq 8, length 72
10:04:03.262541 IP 10.1.1.1 > 10.1.1.2: ICMP echo request, id 62835, seq 9, length 72
10:04:03.366444 IP 10.1.1.1 > 10.1.1.2: ICMP echo request, id 62835, seq 10, length 72
10:04:03.466501 IP 10.1.1.1 > 10.1.1.2: ICMP echo request, id 62835, seq 11, length 72
The first ping request has not been handled correctly.
Adding a sleep 1 (like other offloads unit tests) seems to be enough to
avoid this situation.
Fixes: 02dabb21f243 ("tests: Add check_pkt_len action test to system-offload-traffic.")
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Ping process remains in the system after the test. Using a proper
macro that will correctly register it for stopping at cleanup stage.
Fixes: 134e6831acca ("system-traffic: Check frozen state handling with TLV map change")
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Reviewed-by: David Marchand <david.marchand@redhat.com>
A connection is established if we see packets from both directions.
The cited commit fixed the issue of sending twice in one direction,
but still an issue if more than that.
Fix it.
Fixes: a867c010ee91 ("conntrack: Fix conntrack new state")
Signed-off-by: Eli Britstein <elibr@nvidia.com>
Acked-by: Paolo Valerio <pvalerio@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
The MTU vport unit tests do not clean up testpmd after use which causes
them to fail randomly. This commit amends the MTU vport unit tests to
clean up testpmd after running.
Fixes: bf47829116a8 ("tests: Add OVS-DPDK MTU unit tests.")
Reported-by: Ilya Maximets <i.maximets@ovn.org>
Acked-by: Kumar Amber <kumar.amber@intel.com>
Acked-by: Sunil Pai G <sunil.pai.g@intel.com>
Signed-off-by: Michael Phelan <michael.phelan@intel.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
nw_frag was not being printed in the flow key because it was improperly
masked and printed. Since this field is only two bits, it needs to use a
different macro to be masked. During printing, the switch statement
switched on the whole 8 bits rather than just the two that are relevant.
This caused nw_frag to often not be printed at all.
Signed-off-by: Rosemarie O'Riorden <roriorden@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
This config param allows the delivery of broadcast and multicast
packets to the secondary interface of non-lacp bonds, equivalent
to the option 'all_slaves_active' for Linux kernel bonds.
Reported-at: https://bugzilla.redhat.com/1720935
Signed-off-by: Christophe Fontaine <cfontain@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Use pytest to run unit tests as part of the standard testsuite.
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
This adds 8 new unit tests to the 'check-dpdk' subsystem that will
test Maximum Transmission Unit (MTU) functionality.
Signed-off-by: Michael Phelan <michael.phelan@intel.com>
Signed-off-by: Sunil Pai G <sunil.pai.g@intel.com>
Co-authored-by: Sunil Pai G <sunil.pai.g@intel.com>
Signed-off-by: Ian Stokes <ian.stokes@intel.com>
This adds 4 new unit tests to the 'check-dpdk' subsystem that will
test Quality of Service (QoS) functionality.
Signed-off-by: Michael Phelan <michael.phelan@intel.com>
Signed-off-by: Ian Stokes <ian.stokes@intel.com>
The OVS kernel module is no longer supported as of OVS 2.18
Reviewed-by: David Marchand <david.marchand@redhat.com>
Signed-off-by: Greg Rose <gvrose8192@gmail.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
This commit adds a new command to allow the user to switch
the active action implementation at runtime.
Usage:
$ ovs-appctl odp-execute/action-impl-set scalar
This commit also adds a new command to retrieve the list of available
action implementations. This can be used by to check what implementations
of actions are available and what implementation is active during runtime.
Usage:
$ ovs-appctl odp-execute/action-impl-show
Added separate test-case for ovs-actions show/set commands:
odp-execute - actions implementation
Signed-off-by: Emma Finn <emma.finn@intel.com>
Signed-off-by: Kumar Amber <kumar.amber@intel.com>
Signed-off-by: Sunil Pai G <sunil.pai.g@intel.com>
Co-authored-by: Kumar Amber <kumar.amber@intel.com>
Co-authored-by: Sunil Pai G <sunil.pai.g@intel.com>
Acked-by: Harry van Haaren <harry.van.haaren@intel.com>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Ian Stokes <ian.stokes@intel.com>
This commit introduces the initial infrastructure required to allow
different implementations for OvS actions. The patch introduces action
function pointers which allows user to switch between different action
implementations available. This will allow for more performance and flexibility
so the user can choose the action implementation to best suite their use case.
Signed-off-by: Emma Finn <emma.finn@intel.com>
Acked-by: Harry van Haaren <harry.van.haaren@intel.com>
Acked-by: Sunil Pai G <sunil.pai.g@intel.com>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Ian Stokes <ian.stokes@intel.com>
Test that user configured mempool params have been stored.
Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
Reviewed-by: David Marchand <david.marchand@redhat.com>
Signed-off-by: Ian Stokes <ian.stokes@intel.com>
Splitting them allows them to be reused separately. This
is useful for setting some things in ovsdb before vswitchd is
started or DPDK is initialized.
Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
Reviewed-by: David Marchand <david.marchand@redhat.com>
Acked-by: Sunil Pai G <sunil.pai.g@intel.com>
Signed-off-by: Ian Stokes <ian.stokes@intel.com>
Currently ovsdb-server is using shallow copies of some JSON objects
by keeping a reference counter. JSON string objects are also used
directly as ovsdb atoms in database rows to avoid extra copies.
Taking this approach one step further ovsdb_datum objects can also
be mostly deduplicated by postponing the copy until it actually
needed. datum object itself contains a type and 2 pointers to
data arrays. Adding a one more pointer to a reference counter
we may create a shallow copy of the datum by simply copying type
and pointers and increasing the reference counter.
Before modifying the datum, special function needs to be called
to perform an actual copy of the object, a.k.a. unshare it.
Most of the datum modifications are performed inside the special
functions in ovsdb-data.c, so that is not very hard to track.
A few places like ovsdb-server.c and column mutations are accessing
and changing the data directly, so a few extra unshare() calls
has to be added there.
This change doesn't affect the maximum memory consumption too much,
because most of the copies are short-living. However, not actually
performing these copies saves up to 40% of CPU time on operations
with large sets.
Reported-at: https://bugzilla.redhat.com/2069089
Acked-by: Dumitru Ceara <dceara@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
This patch will properly initialize offload, as it requires the
setting to be enabled before starting ovs-vswitchd (or do a
restart once configured).
Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
The bash completion scripts shipped with Open vSwitch currently
have the executable bit set. This is problematic because the
files do not start with a shebang and as such a user may end up
executing them using the wrong shell. When installed in a system
the bash shell will source these files and not execute them.
This also triggers Debian lintian warnings [0] and defies Debian
policy [1].
0: https://lintian.debian.org/tags/executable-not-elf-or-script
1: https://www.debian.org/doc/debian-policy/ch-files.html#scripts
Fixes: 423ede182b65 ("utilities: Add bash command-line completion script.")
Signed-off-by: Frode Nordahl <frode.nordahl@canonical.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
This is a regression test to make sure that all later IPv6 fragments
have proto=44 in the flow key, and that there are not any later IPv6
frag flows that do not have it.
Previously, the way that later IPv6 fragments' nw_proto field is parsed
in the kernel was changed to equal the next_header field of the last
extension header. The same change was not made in OVS userspace. This
was a problem because OVS creates actions based on what is parsed in
userspace, but the kernel-provided flow key is used as a match criteria.
This lead to issues such as packets incorrectly matching on a flow and
thus the wrong list of actions being applied to the packet. Therefore,
OVS and the kernel must parse this field the same way to prevent this
issue.
OVS and the kernel both currently parse this field the same way for
later IPv6 fragments, with nw_proto=44.
Signed-off-by: Rosemarie O'Riorden <roriorden@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
OVS meters are created in advance and openflow rules refer to them by
their unique ID. New tc_police API is used to offload them. By calling
the API, police actions are created and meters are mapped to them.
These actions then can be used in tc filter rules by the index.
Signed-off-by: Jianbo Liu <jianbol@nvidia.com>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Simon Horman <simon.horman@corigine.com>
Without running set command first the string matching
fails on get command beacuse DPCLS prio value is different
for different default builds like with --enable-autovalidator
build auto-validator prio is set to 255 and if the build
is a scalar than generic value is default 255.
The same problem is seen with dpif where re-arranging the get
command after set makes it consistent across any builds.
Fixes: cc0a87b11c (pmd.at: Add test-cases for DPCLS and DPIF commands.)
Signed-off-by: Kumar Amber <kumar.amber@intel.com>
Acked-by: Michael Phelan <michael.phelan@intel.com>
Signed-off-by: Ian Stokes <ian.stokes@intel.com>
The mfex pcap generation script is improved for varied length
traffic and also removes the hard coded mfex_pcap and instead uses
the script itself to generate complex traffic patterns for testing.
Signed-off-by: Kumar Amber <kumar.amber@intel.com>
Acked-by: Cian Ferriter <cian.ferriter@intel.com>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Ian Stokes <ian.stokes@intel.com>
The only way to configure settings on a remote (e.g. inactivity_probe)
is via --remote=db:DB,table,row. There is no way to do this via the
existing CLI options.
For a clustered DB with multiple servers listening on unique addresses
there is no way to store these entries in the DB as the DB is shared.
For example, three servers listening on 1.1.1.1, 1.1.1.2, and 1.1.1.3
respectively would require a Manager/Connection row each, but then
all three servers would try to listen on all three addresses.
It is possible for ovsdb-server to serve multiple databases. This
means that we can have a local "config" database in addition to
the main database we are serving (Open_vSwitch, OVN_Southbound, etc.)
and this patch adds a Local_Config schema that currently just mirrors
the Connection table and a Config table with a 'connections' row that
stores each Connection.
Signed-off-by: Terry Wilson <twilson@redhat.com>
Acked-by: Dumitru Ceara <dceara@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
When OVS sees a tunnel push with a nested list next, it will not
clone the packet, as a clone is not needed. However, a clone action will
still be created with the tunnel push encapsulated inside. There is no
need to create the clone action in this case, as extra parsing will need
to be performed, which is less efficient.
Signed-off-by: Rosemarie O'Riorden <roriorden@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
This adds 4 new unit tests to the 'check-dpdk' subsystem that will
test rate limiting functionality.
Signed-off-by: Seamus Ryan <seamus.ryan@intel.com>
Signed-off-by: Michael Phelan <michael.phelan@intel.com>
Co-authored-by: Michael Phelan <michael.phelan@intel.com>
Acked-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ian Stokes <ian.stokes@intel.com>
If lldp didn't change, we are not supposed to trigger backer
revalidation.
Without this patch, bridge_reconfigure() always trigger udpif
revalidator because of lldp.
Signed-off-by: lic121 <lic121@chinatelecom.cn>
Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
Co-authored-by: Eelco Chaudron <echaudro@redhat.com>
Acked-by: Paolo Valerio <pvalerio@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
ipfix cfg creation/deleting triggers revalidation. But this does
not cover the case where ipfix options changes, which also suppose
to trigger revalidation.
Fixes: a9f5ee1199e1 ("ofproto-dpif: Trigger revalidation when ipfix config set.")
Signed-off-by: lic121 <lic121@chinatelecom.cn>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
