Test 854 "tunnel_push_pop - action" showed problems in revalidation for
L3 protocol support in its L3 GRE test. L3 packets (that is, packets
without an Ethernet header but only some L3 protocol such as IPv4 or IPv6)
have an Ethernet type that is kept in the dl_type member of the flow, and
the flows that they pass through can cause L3 and L4 fields to be matched.
However, the translation process incorrectly forced the dl_type to be
wildcarded, which caused a contradiction since it's not possible to match
on L3 and L4 fields if the dl_type is not known, and the code in
odp_flow_key_to_flow() and related functions therefore rejected these flows
at revalidation time.
This commit fixes the problem by treating dl_type the same for L2 and L3
flows in translation. It also makes odp_flow_key_to_flow__() copy the
Ethernet type that comes from a packet_type field into dl_type, which is
the expected behavior.
The actual error that this fixes is only visible after applying an upcoming
commit that improves logging for bad datapath flows.
Acked-by: Justin Pettit <jpettit@ovn.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Most of checkpatch tests uses equal patch headers that could
be moved to a variable to reduce duplications and code size.
Acked-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
ipam_add_port_adresses() needs to be called after the peer field is set
on the ovn_port structures. This way, addresses taken by peered router
ports will be added to the logical switch's IPAM and therefore will be
barred from assignment to other ports.
Reported-by: Girish Moodalbail <gmoodalbail@nvidia.com>
Signed-off-by: Mark Michelson <mmichels@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
When a logical switch port changes to no longer use "dynamic" addresses,
then the dynamic_addresses should be cleared.
Reported-by: Girish Moodalbail <gmoodalbail@nvidia.com>
Signed-off-by: Mark Michelson <mmichels@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
This allows a controller to change the name of OpenFlow flow tables in the
OVS software switch.
CC: Brad Cowie <brad@cowie.nz>
Acked-by: Justin Pettit <jpettit@ovn.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
It appears that Python silently treats invalid escape sequences in
strings as literals, e.g. "\." is the same as "\\.". Newer versions of
checkpatch complain, and it does seem reasonable to me to fix these.
Acked-by: Numan Siddique <nusiddiq@redhat.com>
Tested-by: Numan Siddique <nusiddiq@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
On some systems in case where remote is not responding, socket could
remain in SYN_SENT state for a really long time without errors waiting
for connection. This leads to situations where vconn connection hangs
for a few minutes waiting for connection to the DOWN remote.
For example, this situation emulated by "refuse-connection" vconn
testcase. This leads to test failures because Alarm signal arrives much
faster than ETIMEDOUT from the socket:
./vconn.at:21: ovstest test-vconn refuse-connection tcp
Alarm clock
stderr:
|socket_util|INFO|0:127.0.0.1: listening on port 63812
|poll_loop|DBG|wakeup due to 0-ms timeout
|poll_loop|DBG|wakeup due to 10155-ms timeout
|fatal_signal|WARN|terminating with signal 14 (Alarm clock)
./vconn.at:21: exit code was 142, expected 0
vconn.at:21: 535. tcp vconn - refuse connection (vconn.at:21): FAILED
This patch allowes to specify timeout value for vconn blocking
connections. If the connection takes more time, socket will be closed
with ETIMEDOUT error code. Negative value could be used to wait
infinitely.
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
On some systems in case where remote is not responding, socket could
remain in SYN_SENT state for a really long time without errors waiting
for connection. This leads to situations where open_blok() hangs for
a few minutes waiting for connection to the DOWN remote.
For example, our "multiple remotes" idl tests hangs waiting for
connection to the WRONG_PORT on FreeBSD in CirrusCI environment.
This leads to test failures because Alarm signal arrives much faster
than ETIMEDOUT from the socket.
This patch allowes to specify timeout value for 'open_block' function.
If the connection takes more time, socket will be closed with
ETIMEDOUT error code. Negative value or None in python could be
used to wait infinitely.
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
After creating a group with hash select type,then we need to insert a new
bucket with weight, But,it fails. Commands are as following:
# ovs-ofctl -O OpenFlow15 add-group br0 "group_id=10, type=select, selection_method=hash,fields=tcp_src, bucket=bucket_id=10,weight:99,actions=output:1, bucket=bucket_id=20,weight:199,actions=output:1 "
# ovs-ofctl -O OpenFlow15 insert-buckets br0 "group_id=10,type=select command_bucket_id=last,bucket=bucket_id=3,weight=100,actions=output:1"
ovs-ofctl: type is not needed
# ovs-ofctl -O OpenFlow15 insert-buckets br0 "group_id=10 command_bucket_id=last,bucket=bucket_id=3,weight=100,actions=output:1"
ovs-ofctl: Only select groups can have bucket weights.
This patch can help us. However, for other types that are not select, the
check of the parameters is not strict, but it does not affect their
function, because other types do not use this weight parameter.
Signed-off-by: solomon <liwei.solomon@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Add the capability to IPAM/MACAM framework to specify a static ip address
and get the L2 one allocated dynamically using the following syntax:
$ovn-nbctl lsp-set-addresses <port> "dynamic <IP>"
The static ip address needs to belong to the subnet configured for the
logical switch
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Add the capability to assign just L2 address to IPAM/MACAM since
in the current implementation either subnet or ipv6_prefix are mandatory
to enable IPAM
Tested-by: Yossi Segev <ysegev@redhat.com>
Acked-by: Mark Michelson <mmichels@redhat.com>
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
This will make it easier to get the Address Sanitizer output in cases
where we only have the testsuite.log, which happens with some autobuilders.
Acked-by: Mark Michelson <mmichels@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Rather than letting the test framework kill any remaining ofctl monitor,
ask and wait for it to gracefully exit before looking at the log file.
This solves random failures of tests 29, 30 and 50.
Signed-off-by: David Marchand <david.marchand@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Tests with multiple remotes always involves connection attempts
to the wrong destinations. This includes few reconnection cycles
for 1 second each and also possible long timeouts for blocking
connections.
Let's increase the timeouts for these tests to allow them finish
successfully.
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
FreeBSD likely reports ENOTCONN instead of EPIPE/ECONNRESET in case
of sending to the disconnected socket.
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
On some systems (ex. FreeBSD) kernel could allocate outcoming tcp ports
too close to the listening port of ovsdb-server. This could lead to having
outcoming tcp port of test-ovsdb application equal to one of the
WRONG_PORTs. In this case self-connection to the WRONG_PORT succeeds and
fails the tests:
WRONG_PORT_1=51835
WRONG_PORT_2=51836
remotes="tcp:127.0.0.1:51835,tcp:127.0.0.1:51834,tcp:127.0.0.1:51836"
# lsof -P -n -i @127.0.0.1
COMMAND PID TYPE NODE NAME
ovsdb-ser 82174 IPv4 TCP 127.0.0.1:51834 (LISTEN)
python2.7 82179 IPv4 TCP 127.0.0.1:51835->127.0.0.1:51835 (ESTABLISHED)
python2.7 82179 IPv4 TCP 127.0.0.1:51836->127.0.0.1:51836 (ESTABLISHED)
./ovsdb-idl.at:312: $PYTHON $srcdir/test-ovsdb.py -t10 idl \
$srcdir/idltest.ovsschema $remote
Alarm clock
./ovsdb-idl.at:312: exit code was 1, expected 0
It's more likely to have outcoming port not equal to TCP_PORT + 101 or 102.
Let's use them instead.
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
'*' has different semantics in common case, but it's not
important here.
This fixes test on FreBSD.
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
It's useful to see the connection attempts and the transactions
in case of test failures.
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Unlike Python IDL, C library tested only with unix sockets.
These tests enlarges the coverage.
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Otherwise failed non-blocking connection could be reported as
connected. This causes errors in all following operations with the
socket.
At least this is true on FreeBSD, where POLLHUP could be set without
POLLERR.
For example, stream_open_block() tests fails with the following error
reporting successful connection to the 'WRONG_PORT':
./ovsdb-idl.at:1817:
$PYTHON2 $srcdir/test-stream.py tcp:127.0.0.1:$WRONG_PORT
stdout:
./ovsdb-idl.at:1817: exit code was 0, expected 1
2399. ovsdb-idl.at:1817: FAILED (ovsdb-idl.at:1817)
Also added new tests to track this issue in C library:
'Check Stream open block - C - tcp'
'Check Stream open block - C - tcp6'
CC: Numan Siddique <nusiddiq@redhat.com>
Fixes: c1aa16d191 ("ovs python: ovs.stream.open_block() returns success even if the remote is unreachable")
Fixes: d6cedfd9d2 ("socket-util: Avoid using SO_ERROR.")
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
sflow.log reports the first ip address of the 'loopback' interface.
It could be different on different systems. For example, on FreeBSD
IPv6 [::1] address goes first despite of IPv4 127.0.0.1 on Linux.
Let's just replace it to IPv4 always to make tests work.
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
':a', 'ba' and other suff is not portable.
Additionally removed CORE_QUEUE* macroses as they only complicates
the tests. 'sort' used instead.
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
While configuring sFlow agent OVS tries to treat the value as a name
of the interface at first, after that it tries to treat it as an ip
address. While trying to create netdev from the 'agent', netdev-bsd
calls 'netdev_get_flags()' which produces following warning:
failed to get flags for network device 127.0.0.1
This does not happen with netdev-linux because it uses its own
implementation of 'get_flags' while creating the netdev.
Let's just ignore the warning for sFlow tests.
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
'read' requires explicit argument.
'sed' partially replaced with more portable 'tr' because '\n'
could not be recognized as a line break.
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
'sed -i' on FreeBSD always expects backup filename extention
passed while GNU version expects it only if specified without
extra space after the '-i'. Let's specify the backup extention
to make BSD sed work.
This fixes test on FreeBSD.
CC: Joe Stringer <joe@ovn.org>
Fixes: 07659514c3 ("Add support for connection tracking.")
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
This keyword is not portable and also optional in bash.
Fixes test on FreeBSD.
CC: Miguel Angel Ajo <majopela@redhat.com>
Fixes: 508b7f961b ("ovn: l3ha, make is_chassis_active aware of gateway_chassis")
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Almost equal 'check_dpflow_stats()' functions defined 4 times.
Make it common to reduce code duplication.
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Fixes select group test on FreeBSD:
test-source: 27: Syntax error: word unexpected (expecting ")")
CC: Jan Scheurich <jan.scheurich@ericsson.com>
Fixes: 06db81ccfe ("ofproto-dpif: Use dp_hash as default selection method")
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
'read -d' is a bash extention. Replace it with simple 'cat'.
This fixes 'select group' tests on FreeBSD.
CC: Jan Scheurich <jan.scheurich@ericsson.com>
Fixes: 06db81ccfe ("ofproto-dpif: Use dp_hash as default selection method")
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
valgrind tests always runs with '-d' option which breaks the
re-checking. Lets just drop the rechecking support for these
targets.
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
This fixes 'RECHECK=yes' functionality in case of configured test
range. For example, before the patch following cmdline will result in
running all of the 1000 tests re-checking in case of any failure:
make -j8 check TESTSUITEFLAGS='1000-1999' RECHECK=yes
This happens because ranges and pattern matching options has higher
priority than the '--recheck'.
With patch, only failed tests from the range will be re-checked.
With this patch applied we're dropping support of '--verbose' and
'--trace' options while re-check, but, IMHO, these options makes
sense mostly while debugging individual tests and not much usable
while running recheck of a whole testsuite.
'--jobs' we're resetting each time anyway.
Not sure if someone overrides default '--directory'. For me it looks
not very useful. Changing the color mode also looks not much
profitable.
OTOH, re-checking the ranges or keyword matched tests is very useful,
for example, if you're trying to split up single testsuite check in
a few independent CI jobs.
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
When an IPv6 packet enters a router pipeline and it needs to be routed via
the nexthop IP address set in the static route, OVN generates an IPv6
Neigh Solicitation request if the nexthop IP is not resolved yet. But
right now, the generated IPv6 Neigh Solicitation packet doesn't set
the eth.dst to the mutlicast address derived from the nexthop and
ip6.dst to the solicited-node multicast address corresponding to the
nexthop address. Instead it generates these values from the actual
ip6.dst of the original packet.
This patch fixes this issue.
Signed-off-by: Numan Siddique <nusiddiq@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Add selected dynamic mac address to MACAM in update_dynamic_addresses
and not just in in ipam_add_port_addresses/ipam_insert_lsp_addresses
since the second approach can produce a duplicated L2 address in a
IPv6-only network if ipv6_prefix is provided after logical port creation.
The issue can be triggered with the following reproducer:
$ovn-nbctl ls-add sw0
$ovn-nbctl lsp-add sw0 sw0-port1
$ovn-nbctl lsp-set-addresses sw0-port1 "dynamic"
$ovn-nbctl lsp-add sw0 sw0-port2
$ovn-nbctl lsp-set-addresses sw0-port2 "dynamic"
$ovs-vsctl add-port br-int p1 -- \
set Interface p1 external_ids:iface-id=sw0-port1
$ovs-vsctl add-port br-int p2 -- \
set Interface p2 external_ids:iface-id=sw0-port2
[..]
$ovn-nbctl --wait=sb set Logical-switch sw0 \
other_config:ipv6_prefix="aef0::"
$ovn-nbctl list logical_switch_port
_uuid : 1e0e2ed8-20c6-48dc-bfa8-d823e48c9f45
addresses : [dynamic]
dhcpv4_options : []
dhcpv6_options : []
dynamic_addresses : "0a:00:00:00:00:01 aef0::800:ff:fe00:1"
enabled : []
external_ids : {}
name : "sw0-port1"
options : {}
parent_name : []
port_security : []
tag : []
tag_request : []
type : ""
up : true
_uuid : cfeab7fb-e20b-41f1-974c-f99e0b5293d7
addresses : [dynamic]
dhcpv4_options : []
dhcpv6_options : []
dynamic_addresses : "0a:00:00:00:00:01 aef0::800:ff:fe00:1"
enabled : []
external_ids : {}
name : "sw0-port2"
options : {}
parent_name : []
port_security : []
tag : []
tag_request : []
type : ""
up : true
Fixes: c814545b43 ("OVN: configure L2 address according to the used IP
address")
Acked-by: Mark Michelson <mmichels@redhat.com>
Acked-by: Numan Siddique <nusiddiq@redhat.com>
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
See RFC 2131, section 4.3.2. When handling a DHCPREQUEST message, the
server should validate that the client's requested IP matches the
offered IP. If not, the server should reply with a DHCPNAK. The client's
requested IP is either specified as the Requested IP Address (option
50), or as the ciaddr, depending on the client's state.
Signed-off-by: Gregory Smith <gasmith@nutanix.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Prior to this patch, GARPs announcing NAT addresses or new VIFs
were sent out to localnet ofport through an output action.
This can lead to problems since local datapaths won't get those
GARPs and ovn-controller won't update MAC_Binding entries (as
upstream switch will not send back the GARP to this port hence
other logical routers won't update their neighbours).
This patch is changing the behavior so that GARPs get injected
to OVN pipeline of the external switch. This way, they'll get
broadcasted to local pipelines and also sent out to the external
network through the localnet port.
Acked-by: Han Zhou <hzhou8@ebay.com>
Acked-by: Numan Siddique <nusiddiq@redhat.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2018-October/047604.html
Signed-off-by: Daniel Alvarez <dalvarez@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
This patch replaces most of direct accesses to the dp_packet_batch
internal components by appropriate APIs.
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ian Stokes <ian.stokes@intel.com>
The daemon tests used files a lot when shell variables were easier to use
and easier to understand. This commit changes that.
The tests created empty databases that aren't really needed anymore. This
commit changes them to use the ovsdb-server --no-db option instead.
The tests had a lot of common code for checking the ancestry of processes.
This commit factors out a new shell function check_ancestors.
The tests tended to use random pidfile names. This switches to just using
the defaults, which are fine.
The tests didn't check the names of the child processes. This adds those
checks using the new check_process_name shell function. This should avoid
regression of the bug fixed by commit 266f79e32c60 ("daemon-unix: Use
same name for original or restarted children.")
Other minor improvements too.
I only made small updates to the Windows-specific test, because it is hard
for me to verify.
Acked-by: Alin Gabriel Serdean <aserdean@ovn.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
'redzone' not supported in new versions of jemalloc
(since jemalloc 5.0.0).
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
The arguments to sed(1) need to be on the same line in the shell
script or it will just sit there awaiting input.
Signed-off-by: Scott Cheloha <scottcheloha@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
This makes the tests all pass cleanly when Address Sanitizer is enabled.
Acked-by: Mark Michelson <mmichels@redhat.com>
Acked-by: Justin Pettit <jpettit@ovn.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
An OVN deployment can have multiple logical switches each with a
localnet port connected to a distributed logical router in which one
logical switch may provide external connectivity and the rest of
the localnet logical switches use VLAN tagging in the physical
network.
As reported in [1], external traffic from these localnet VLAN tagged
logical switches are tunnelled to the gateway chassis (chassis hosting
a distributed gateway port which applies NAT rules). As part of the
discussion in [1], there are few possible solutions proposed by
Russell [2]. This patch implements the first option in [2].
With this patch, a new option 'reside-on-redirect-chassis' in 'options'
column of Logical_Router_Port table is added. If the value of this
option is set to 'true' and if the logical router also have a
distributed gateway port, then routing for this logical router port
is centralized in the chassis hosting the distributed gateway port.
If a logical switch 'sw0' is connected to a router 'lr0' with the
router port - 'lr0-sw0' with the address - "00:00:00:00:af:12 192.168.1.1"
, and it has a distributed logical port - 'lr0-public', then the
below logical flow is added in the logical switch pipeline
of 'sw0' if the 'reside-on-redirect-chassis' option is set on 'lr-sw0' -
table=16(ls_in_l2_lkup), priority=50,
match=(eth.dst == 00:00:00:00:af:12 && is_chassis_resident("cr-lr0-public")),
action=(outport = "sw0-lr0"; output;)
"cr-lr0-public" is an internal port binding created by ovn-northd of type
'chassisredirect' for lr0-public in SB DB. Please see "man ovn-sb" for more details.
With the above flow, the packet doesn't enter the router pipeline in
the source chassis. Instead the packet is sent out via the localnet
port of 'sw0'. The gateway chassis upon receiving this packet, runs
the logical router pipeline applying NAT rules and sends the traffic
out via the localnet port of the logical switch providing external connectivity.
The gateway chassis will also reply to the ARP requests for the router port IPs.
With this approach, we avoid redirecting the external traffic to the
gateway chassis via the tunnel port. There are a couple of drawbacks
with this approach:
- East - West routing is no more distributed for the VLAN tagged
localnet logical switches if 'reside-on-redirect-chassis' option is defined
- 'dnat_and_snat' NAT rules with 'logical_mac' and 'logical_port'
columns defined will not work for these logical switches.
This approach is taken for now as it is simple. If there is a requirement
to support distributed routing for these VLAN tenant networks, we
can explore other possible solutions.
[1] - https://mail.openvswitch.org/pipermail/ovs-discuss/2018-April/046543.html
[2] - https://mail.openvswitch.org/pipermail/ovs-discuss/2018-April/046557.html
Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2018-April/046543.html
Reported-by: venkata anil <vkommadi@redhat.com>
Co-authored-by: venkata anil <vkommadi@redhat.com>
Signed-off-by: Numan Siddique <nusiddiq@redhat.com>
Signed-off-by: venkata anil <vkommadi@redhat.com>
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
With --detach but not --no-chdir, core files and Address Sanitizer logs
don't go into the testsuite directory but end up dropped because it tries
to write them in the root directory.
Acked-by: Mark Michelson <mmichels@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
