This patch creates a new action called "bundle". Bundles are a way
to implement a simple form of multipath in OpenFlow by grouping
several ports in a single output-like action.
This causes tests to fail on my system with the following error.
Use of qw(...) as parentheses is deprecated at
/home/root/ovs/tests/flowgen.pl line 35.
The state machine didn't have a proper state for "not yet committed or
aborted", which meant that destroying an ovsdb_idl_txn without committing
or aborting it caused a segfault. This fixes the problem by adding a new
state TXN_UNCOMMITTED to the state machine.
This is related to commit 79554078d "ovsdb-idl: Fix bad logic in
ovsdb_idl_txn_commit() state transitions", which fixed a related bug.
Bug #2438.
A pool configured for secure fail-mode can block dom0 traffic on hosts joining
the pool or if the host reboots while the controller is unavailable. This
commit sets default flows on a host under these conditions to allow management
traffic. Once the connection with the controller is re-established, these
default flows are replaced by the controller.
tests/interface-reconfigure.at updated by Ben Pfaff.
NIC-376.
Signed-off-by: David Tsai <dtsai@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Flow dumps printed the OpenFlow table ID under the name "table_id", but
the flow parser only accepted "table". This makes them consistent by
changing the output. (Another alternative would be to change the accepted
input name.)
We had no tests that exercised OFPST_AGGREGATE or NXST_AGGREGATE. At one
point in development I screwed up aggregate stats badly enough that they
caused an immediate and reproducible segfault, which this simple test would
have caught.
Also, it's best to test everything in both NXM and OpenFlow 1.0 flow
formats, since they have slightly different code.
The NXAST_DROP_SPOOFED_ARP action has been deprecated in favor of
defining flows using the NXM_NX_ARP_SHA flow match for a while. This
commit removes it.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
This makes it possible to add flows that match on the Ethernet multicast
bit with ovs-ofctl.
CC: Paul Ingram <paul@nicira.com>
CC: Amar Padmanabhan <amar@nicira.com>
This function is not useful inside ovsdb itself but only in the
"test-ovsdb" test program. To avoid the temptation to use it incorrectly
inside ovsdb, this commit moves it into the test program.
This function took a struct ovsdb_table but only used the 'schema' member.
An upcoming patch needs to parse a column set when only the schema is
available, so to prepare for that this patch changes
ovsdb_column_set_from_json() to only take the schema that it really needs.
Errors from this function were being ignored, which meant that transactions
could use "mutate" to bypass number-of-elements constraints on sets and
maps. This fixes the problem and adds a test to prevent the problem from
recurring.
Bug #5781.
Commit 0b3f27253 (ovs-ofctl: Warn about flows not in normal form) made
ovs-ofctl warn about non-normalized flows, that is, flows some of whose
specified fields will be ignored by the switch. This was convenient for
users, who are understandably confused by flow normalization. However,
later commit 8050b31d6 (ofp-parse: Refactor flow parsing) accidentally
deleted the warning. This commit restores it and adds a test to ensure
that it doesn't get deleted again later.
Reported-by: Reid Price <reid@nicira.com>
Bug #5029.
Feature #5029 requests that "ovs-ofctl add-flow" report an attempt to add
a flow that is not properly normalized, that is, a flow to which the switch
will add extra wildcards, ignoring some fields specified by the user. This
requires that ofp-util make flow normalization directly available (again).
Until now, flow normalization has only been applied to OpenFlow 1.0 flows,
but the concept applies equally to NXM, so this commit generalizes the
implementation to NXM also.
Casting a character pointer to uint16_t * or uint32_t * provokes this
warning on sparc. There is no actual problem, because all of the accesses
to data occurs through calls to the get_unaligned_*() functions, so this
commit suppresses the warning by using "void *" as an intermediate type.
OVS has two Python tests that have always failed, for reasons not
understood, since they were added to the tree. This commit fixes them.
One problem was that Python was assuming that stdout was encoded in ASCII.
Apparently the only way to "fix" this at runtime is to set PYTHONIOENCODING
to utf_8 in the environment, so this change does that.
Second, it appears that Python really doesn't like to print invalid UTF-8,
so this avoids doing that in python/ovs/json.py, instead just printing
the hexadecimal values of the invalid bytes. For consistency, it makes
the same change to the C version.
Third, the C version of test-ovsdb doesn't check UTF-8 for consistency, it
just sends it blindly to the OVSDB server, but Python does check it and so
it bails out earlier. This commit changes the Python version of the
"no invalid UTF-8 sequences in strings" to allow for the slight difference
in output that occurs for that reason.
Finally, test-ovsdb.py needs to convert error messages to Unicode
explicitly before printing them in the "parse-atoms" function. I don't
really understand why, but now it works.
The sparse checker does not like taking sizeof(_Bool). Older versions of
sparse output a hard error ("error: cannot size expression"). Newer
versions output a warning ("warning: expression using sizeof bool"). This
commit avoids the problem by not using sizeof(_Bool) anywhere.
The only place where OVS uses sizeof(_Bool) anyway is in code generated by
the OVSDB IDL. It generates it for populating "optional bool" columns in
the database, that is, columns that are allowed to contain 0 or 1 instances
of a bool. For these columns, it generates code that looks roughly like
this:
row->column = xmalloc(sizeof *row->column);
*row->column = value;
This commit changes these columns from type "bool *" to type "const bool *"
and changes the generated code to:
static const bool true_value = true;
static const bool false_value = false;
row->column = value ? &true_value : &false_value;
which avoids the problem and saves a malloc() call at the same time.
The idltest code had a column with a slightly different type ("0, 1, or
2 bools") that didn't fit the revised pattern and is a fairly stupid type
anyhow, so I just changed it to "0 or 1 bools".
I know already that this breaks the statsfixes that were implemented by the
following commits:
827ab71c97 "ofproto: Datapath statistics accounted twice."
6f1435fc8f "ofproto: Resubmit statistics improperly account during..."
These were already broken in a previous merge. I will work on a fix.
With this commit, the tree compiles clean with sparse commit 87f4a7fda3d
"Teach 'already_tokenized()' to use the stream name hash table" with patch
"evaluate: Allow sizeof(_Bool) to succeed" available at
http://permalink.gmane.org/gmane.comp.parsers.sparse/2461 applied, as long
as the "include/sparse" directory is included for use by sparse (only),
e.g.:
make CC="CHECK='sparse -I../include/sparse' cgcc"
ovs-openflowd outputs a number of log messages that we don't want to
suppress. We do want to know if it logs anything that we don't expect.
So this commit starts checking the log output, discarding any normal,
expected messages.
Reviewed-by: Simon Horman <horms@verge.net.au>
For a long time, Open vSwitch has "normalized" OpenFlow 1.0 flows in a
funny way: it tries to change fields that are wildcarded into fields
that are exact-match. For example, the normalize_match() function
knows that if dl_type is wildcarded, then all of the L3 and L4 fields
will always be extracted as 0, so it sets those fields to exact-match
and their values to 0.
The reason for this was originally that exact-match flows were much
cheaper for Open vSwitch to implement, because they could be implemented
with a hash table, whereas other kinds of flows had to be implemented
with an expensive linear search. But these days Open vSwitch has a
smarter classifier in which wildcarded flows have minimal cost. Also,
it is no longer possible for OpenFlow 1.0 to specify truly exact-match
flows, because Open vSwitch supports fields for which OpenFlow 1.0
cannot specify values and therefore will always be wildcarded.
Now, it no longer makes sense to do this transformation, so this commit
removes it. Presumably, this will be less surprising for users.
Reviewed-by: Simon Horman <horms@verge.net.au>
OpenFlow 1.0 uses a 6-bit field to express the number of wildcarded bits
in the nw_src and nw_dst field. Any value 32 or greater in these fields
(binary 1xxxxx) means that all of the bits are wildcarded. That means
that there are 32 different ways to express a wildcarded nw_src or nw_dst.
At least two of those seem sensible (100000 and 111111) so we shouldn't
warn about one of them.
This fixes the problem by ORing with 100000 instead of 111111, so that any
already-correct wildcarded mask won't be affected.
This fix allows us to update some tests.
Reviewed-by: Simon Horman <horms@verge.net.au>
This code issues a warning if obtaining a lock takes even 1 millisecond.
That's far too aggressive. There's no need to warn if we have to wait
a few milliseconds. This function already warns elsewhere if locking takes
more than 1 second, which is much more reasonable.
This change allows us to test ovsdb-server stderr output more carefully.
Before now, the tests had to ignore what ovsdb-server writes to stderr
because sometimes it would log a warning that locking took 1 ms (or so).
Reviewed-by: Simon Horman <horms@verge.net.au>
It's better to check output than to ignore it, because ignoring
output can fail to detect real bugs later if the output changes.
Reviewed-by: Simon Horman <horms@verge.net.au>
This implements basic multiple table support in ofproto and supporting
libraries and utilities. The design is the same as the one that has been
on the Open vSwitch "wdp" branch for a long time. There is no support for
multiple tables in the software switch implementation (ofproto-dpif), only
a set of hooks for other switch implementations to use.
To allow controllers to add flows in a particular table, Open vSwitch adds
an OpenFlow 1.0 extension called NXT_FLOW_MOD_TABLE_ID.
Before, ->rule_construct() both created the rule and inserted into the
flow table, but ->rule_destruct() only destroyed the rule. This makes
->rule_destruct() also remove the rule from the flow table.
In addition to the changes to ofproto, this commit changes all of the
instances of "struct flow" in the tree so that the "in_port" member is an
OpenFlow port number. Previously, this member was an OpenFlow port number
in some cases and an ODP port number in other cases.
Previously, if --private-key or another option that requires SSL support
was used, but OVS was built without OpenSSL support, then OVS would fail
with an error message that the specified option was not supported. This
confused users because it made them think that the option had been removed:
http://openvswitch.org/pipermail/discuss/2011-April/005034.html
This commit improves the error message: OVS will now report that it was
built without SSL support. This should be make the problem clear to users.
Reported-by: Aaron Rosen <arosen@clemson.edu>
Feature #5325.
The "tun_id_from_cookie" OpenFlow extension predated NXM and supports only
a fraction of its features. Nothing (at Nicira, anyway) uses it any
longer. Support for it had been broken since January and it took until a
few days ago for anyone to complain, so it cannot be too important. This
commit removes it.
Just setting the tun_id field isn't enough--it's also necessary to set
the tun_id_mask. Otherwise the call to cls_rule_zero_wildcarded_fields()
at the end of ofputil_cls_rule_from_match() will zero out the tun_id again.
This was broken by commit 8368c090ca "Implement arbitrary bitwise masks
for tun_id field" back in January. (This makes me wonder whether we can
drop support for tun_id_from_cookie now.)
Reported-by: Dan Wendlandt <dan@nicira.com>
Until now, if two copies of one OVS daemon started up at the same time,
then due to races in pidfile creation it was possible for both of them to
start successfully, instead of just one. This was made worse when a
previous copy of the daemon had died abruptly, leaving a stale pidfile.
This commit implements a new pidfile creation and removal protocol that I
believe closes these races. Now, a pidfile is asserted with "link" instead
of "rename", which prevents the race on creation, and a stale pidfile may
only be deleted by a process after it has taken a lock on it.
This may solve mysterious problems seen occasionally on vswitch restart.
I'm still puzzled by these problems, however, because I don't see anything
in our tests cases that would actually cause two copies of a daemon to
start at the same time, which as far as I can see is a necessary
precondition for the problem.
Until now, it has been the responsibility of an individual daemon to call
die_if_already_running() at an appropriate time. A long time ago, this
had to happen *before* daemonizing, because once the process daemonized
itself there was no way to report failure to the process that originally
started the daemon. With the introduction of daemonize_start(), this is
now possible, but we haven't been taking advantage of it.
Therefore, this commit integrates the die_if_already_running() call into
daemonize_start() and deletes the calls to it from individual daemons.
