2
0
mirror of https://github.com/openvswitch/ovs synced 2025-08-30 05:47:55 +00:00

1727 Commits

Author SHA1 Message Date
Ben Pfaff
d171b5846f ovsdb: Add "comment" feature to transactions and make ovs-vsctl use them.
The idea here is that transaction comments get copied to the ovsdb-server's
transaction log, which can then make it clear later why a particular change
was made to the database, to ease debugging.
2009-12-16 13:30:53 -08:00
Justin Pettit
a39a859a30 ovs-vsctl: Set timeout to a default value of five seconds
In general, we don't want ovs-vsctl to wait forever to connect to the
database, as ovs-vsctl is used extensively in init scripts and the
system will not boot.  Use a default value of five seconds as a
stop-gap.  Eventually, we'll switch to a model of connection attempts,
since using time-based approach is kind of a hack.
2009-12-14 14:51:17 -08:00
Ben Pfaff
342045e177 ovs-vsctl: Add -t or --timeout option to limit runtime. 2009-12-14 10:13:49 -08:00
Ben Pfaff
577aebdfec ovs-vsctl: Add --dry-run option. 2009-12-11 13:26:08 -08:00
Ben Pfaff
524555d18b ovs-vsctl: Initialize the database automatically. 2009-12-11 13:26:05 -08:00
Ben Pfaff
c88b6a2788 ovs-vsctl: Log fatal errors as well as printing them on the console.
This makes debugging errors on XenServer much simpler, since many uses of
ovs-vsctl direct stderr to /dev/null.
2009-12-10 16:05:20 -08:00
Ben Pfaff
0c3dd1e1a1 ovs-vsctl: Accept documented --no-wait option. 2009-12-10 15:32:50 -08:00
Ben Pfaff
460aad8048 ovs-vsctl: Add --if-exists options to del-br, del-port commands.
These options make it easier to reimplement interface-reconfigure using
ovs-vsctl.
2009-12-10 14:07:54 -08:00
Ben Pfaff
01845ce8ca ovs-vsctl: Make functions to find entities more flexible.
This will be used in upcoming commits.
2009-12-10 14:07:54 -08:00
Ben Pfaff
5d9cb63c91 ovs-vsctl: Add options parsing infrastructure.
This paves the way for adding options to commands but should have no
user-visible change.
2009-12-10 14:07:54 -08:00
Ben Pfaff
68be4616d6 ovs-vsctl: Add --help output for external-id commands. 2009-12-10 10:12:02 -08:00
Justin Pettit
a0a9f31ddc ovs-vsctl: Fix minor memory leak in add_port(). 2009-12-10 02:33:56 -08:00
Justin Pettit
7a44236e27 Update .gitignore files 2009-12-10 02:33:56 -08:00
Ben Pfaff
457e1eb040 ovs-vsctl: New commands for working with external IDs.
This aids XenServer integration and should make it easier to integrate
with other environments in the future as well.
2009-12-09 17:06:49 -08:00
Ben Pfaff
586bb84a49 ovs-vsctl: Fix performance problem. 2009-12-09 13:29:02 -08:00
Ben Pfaff
dfbe07ba61 ovs-vsctl: Fix bugs.
The full ovs-vsctl test suite now passes.
2009-12-09 13:28:48 -08:00
Ben Pfaff
c75d15113c vsctl: Start making it work with ovsdb.
This passes at least one test (the one named "add-br a").  It probably
doesn't pass any more than that.

This is *way* not up to my quality standards, but we are in a super hurry
so I'm pushing it anyhow.
2009-12-08 17:18:12 -08:00
Justin Pettit
a47f084024 ovs-vsctl: Fix traceback when telling target to reload
The code to tell the target to reload was referencing a non-existent
global variable to determine the target.  This change uses the correct
one.
2009-12-04 14:11:53 -08:00
Ben Pfaff
7634353824 vswitchd: Initial conversion to database-based configuration.
This has seen very little testing, so some features are almost certainly
busted.  Port mirroring is not yet converted, so it will definitely not
work.
2009-12-03 11:28:40 -08:00
Ben Pfaff
58fda1dab1 Merge "master" branch into "db". 2009-12-02 11:49:53 -08:00
Ben Pfaff
e3e9370bf9 ovs-openflowd: Add support for userspace-only switching. 2009-11-23 15:58:48 -08:00
Jean Tourrilhes
9af9e2e8cf ovs-controller: Add --wildcard and --normal features.
This adds two command line switches to ovs-controller to:
	1) Use wildcards instead of exact matches.
	2) Use "normal" action instead of explicit port.
2009-11-19 12:48:36 -08:00
Justin Pettit
e423eca6e9 ovs-ofctl: Add support for transport and network modification actions
Add support to ovs-ofctl for modifying the network source and destination
IP address with the "mod_nw_src" and "mod_nw_dst" actions, respectively.
And support modifying the TCP/UDP source and destination ports with the
"mod_tp_src" and "mod_tp_dst" actions, respectively.
2009-11-16 18:48:26 -08:00
Justin Pettit
fb344b867b ovs-appctl: Fix shadow variable that could cause segfault
The variable "socket_name" contains the name of the unix domain socket
to be used for communicating with the OVS process.  If the target does
not begin with a "/", the socket name is determined based on a pidfile.
A shadow copy of "socket_name" was kept in the block that looks at the
pidfile, which would cause the function-level one to not be set.  This
removes that shadow copy.
2009-11-16 18:11:39 -08:00
Justin Pettit
436cf33bb7 ovs-openflowd: Setup default listener
By default, ovs-openflowd was not listening for any management
connections.  Tools such as ovs-ofctl attempt to use a default location
based on the datapath name.  This change creates that default listener.
2009-11-13 15:51:44 -08:00
Jesse Gross
d65349ea28 Merge citrix branch into master. 2009-11-10 15:12:01 -08:00
Ben Pfaff
01b528c1b7 ovs-vsctl: Capitalize names of global constants but not variables.
Conforms to the Google style guide for Python.

Reported by Justin.
2009-11-09 15:02:05 -08:00
Ben Pfaff
3fbe1d307e Make ovs-appctl easier to use and synchronize its interface with ovs-vsctl.
It is inconvenient to type the whole path to the Unix daemon socket when
using ovs-appctl.  Allow the name of the daemon to be used instead when
a pidfile exists in the default location, and contact ovs-vswitchd by
default.

Also, the various options for manipulating vlog were invented before the
general-purpose command mechanism existed.  Get rid of all of the action
options in favor of just specifying the command to be executed as
non-option arguments.

Finally, there simply wasn't much value in allowing multiple targets or
options to be specified; these variations were never used in practice.  So
simplify the interface by making it one target, one action per invocation.

Also, make ovs-vsctl use the same syntax for its --target option.

Based on work by Justin Pettit.
2009-11-09 14:46:38 -08:00
Ben Pfaff
2886875a38 Fix incorrect printf format specifiers.
GCC reported these during a 64-bit build.
2009-11-09 10:30:10 -08:00
Jean Tourrilhes
ae602adc43 Revert "ovs-ofctl: Fix use-after-free error in del-flows command."
This reverts commit cae7a4b90a55cbfd4cfd23c06f9f09cd429ab4c0.

This commit forced the user to specify an action when deleting a flow,
which is not desirable.  The change was not actually needed, as the
buffer is never passed to str_to_flow() in the original code.
2009-11-04 23:43:22 -08:00
Ben Pfaff
675febfa2f Factor out common code from utilities that multiplex commands.
An upcoming commit will add yet another such utility and the code
redundancy was getting to be a bit much.
2009-11-04 15:24:40 -08:00
Jean Tourrilhes
cae7a4b90a ovs-ofctl: Fix use-after-free error in del-flows command. 2009-11-04 13:21:07 -08:00
Ben Pfaff
d6fbec6de0 Spell verb form of "set up" correctly throughout the tree. 2009-10-26 14:41:32 -07:00
Ben Pfaff
3f355f47f8 Merge "citrix" into "master".
This merge took a little bit of care due to two issues:

    - Crossport of "interface-reconfigure" fixes from master back to
      citrix that had happened and needed to be canceled out of the merge.

    - New script "refresh-xs-network-uuids" added on citrix branch that
      needed to be moved from /root/vswitch/scripts to
      /usr/share/vswitch/scripts.
2009-10-22 17:43:28 -07:00
Ben Pfaff
4d14e30f80 ovs-vsctl: Add the ability to perform multiple operations in a single run.
CC: Ian Campbell <Ian.Campbell@citrix.com>
2009-10-16 09:42:21 -07:00
Ben Pfaff
2792c2ad6d ovs-vsctl: Refactor internals to increase flexibility.
This changes the interface of each of the command implementations, making
them take the configuration as an argument and return the output.  This
will make it easier to support alternate output formats and to execute more
than one command per invocation (both happening in upcoming commits).
2009-10-16 09:36:25 -07:00
Ben Pfaff
3d1b9636b2 ovs-vsctl: Allow bridge name to be omitted from del-port command.
The 'bridge' argument to ovs-vsctl's del-port command is only supplied as
a form of error checking.  Sometimes the name of the bridge isn't readily
available, so for such situations this commit allows the user to omit the
name of the bridge entirely.

CC: Ian Campbell <Ian.Campbell@citrix.com>
2009-10-16 09:26:22 -07:00
Ben Pfaff
37c84020e9 ovs-vsctl: Log changes to configuration file to syslog.
This feature, which has been in ovs-cfg-mod for some time as the "-c"
option, makes it much easier to see what changes ovs-vsctl actually makes
to ovs-vswitchd.conf.

CC: <Ian.Campbell@citrix.com>
2009-10-16 09:26:20 -07:00
Jean Tourrilhes
6a5d4138d6 ovs-ofctl: Fix use-after-free error in mod-flows command. 2009-10-08 10:42:14 -07:00
Ben Pfaff
576e26d7b4 Merge citrix branch into master. 2009-09-22 10:17:44 -07:00
Justin Pettit
d4260cb4ee ovs-appctl: Correct "target" option synopsis in man page
The synopsis section of the man page for ovs-appctl incorrectly stated
that the target option takes "pid" as an argument.  This commit corrects
that to say "socket".
2009-09-17 13:42:54 -07:00
Ben Pfaff
7778bd15da secchan: Better tolerate failing controller admission control in fail-open.
When the switch is configured to connect to a controller that accepts
connections, waits a few seconds, and then disconnects without setting up
flows, currently this causes "fail-open" to flush the flow table and
stop setting up new flows during the connection duration.  This is OK if
it happens once, but it can easily happen every 8 seconds with typical
backoff settings, and that isn't so great.

This commit changes fail-open to only flush the flow table once the switch
appears to have been admitted by the controller, which prevents these
frequent network interruptions.

Thanks to Jesse Gross for especially valuable feedback.

QA notes: Behavior in fail-open and especially behavior with a controller
that rejects the switch after it connects needs to be re-tested.  The
ovs-controller --mute switch added by this commit is one simple way to
create such a controller.

CC: Peter Balland <peter@nicira.com>

Bug #1695.  Bug #2055.
2009-09-16 15:12:27 -07:00
Ben Pfaff
72aa493e2f ovs-pki: Extend validity of generated CA certificates from 3 to 6 years.
Dan requested this change to make it less likely that a user encounter a
CA certificate expiring.

For the "citrix" branch instead of "master" in case a customer upgrades
(without generating new CA certificates) away from the beta.

CC: Dan Wendlandt <dan@nicira.com>
2009-09-16 14:09:29 -07:00
Ian Campbell
9d6122026b ovs-vsctl: /var/run/ovs-vswitchd.*.ctl is a Unix domain socket
Currently ov-vsctl tries to treat /var/run/ovs-vswitchd.*.ctl as a
file/pipe when it is actually a Unix domain socket:

        # ovs-vsctl add-br TEST
        Traceback (most recent call last):
          File "/usr/bin/ovs-vsctl", line 498, in ?
            main()
          File "/usr/bin/ovs-vsctl", line 493, in main
            function(*args)
          File "/usr/bin/ovs-vsctl", line 345, in cmd_add_br
            cfg_save(cfg, VSWITCHD_CONF)
          File "/usr/bin/ovs-vsctl", line 142, in cfg_save
            cfg_reload()
          File "/usr/bin/ovs-vsctl", line 126, in cfg_reload
            f = open(target, "r+")
        IOError: [Errno 6] No such device or address: ' '
        # ls -l /var/run/ovs-vswitchd.4173.ctl
        srw------- 1 root root 0 Sep 14 12:25 /var/run/ovs-vswitchd.4173.ctl

From strace:
        open("/var/run/ovs-vswitchd.4173.ctl", O_RDWR|O_LARGEFILE) = -1 ENXIO (No such device or address)
2009-09-15 09:27:08 -07:00
Ben Pfaff
8e58fa9a79 ovs-vsctl: Add test suite, documentation for br-to-vlan, br-to-parent.
CC: Ian Campbell <Ian.Campbell@citrix.com>
2009-09-15 09:27:08 -07:00
Ian Campbell
2e44e26d10 ovs-vsctl: additional commands for querying VLAN fake bridges.
Our test automation needs to be able to validate that a VLAN bridge and
for this I needed two new operations in ovs-vsctl:
      * The ability to query the VLAN tag for a bridge.
      * The ability to query the 'parent' of a bridge. The parent is the
        non-VLAN/untagged bridge with the same physical devices and
        could be a bond.

So given xenbr0 (containing eth0) + xapi2 (VLAN 42 on eth0) and xapi1
(containing bond0 == eth2+eth3) + xapi3 (VLAN 23 on the bonded
interface):

[root@warlock ~]# ovs-vsctl br-to-vlan xapi2
42
[root@warlock ~]# ovs-vsctl br-to-vlan xapi3
23
[root@warlock ~]# ovs-vsctl br-to-parent xapi2
xenbr0
[root@warlock ~]# ovs-vsctl br-to-parent xapi3
xapi1
2009-09-14 11:27:42 -07:00
Ben Pfaff
3b135da329 New utility ovs-vsctl. 2009-09-14 10:05:13 -07:00
Ben Pfaff
8fef8c7121 Merge citrix into master.
This was a somewhat difficult merge since there was a fair amount of
superficially divergent development on the two branches, especially in the
datapath.

This has been build-tested against XenServer 5.5.0 and XenServer 5.7.0
build 15122.  It has been booted and connected to XenCenter on 5.5.0.

The merge revealed a couple of outstanding bugs, which will be fixed on
citrix and then merged back into master.
2009-08-19 13:03:46 -07:00
Justin Pettit
496d0fe536 ovs-pki: Add uniqueness to CA certs
When ovs-pki is used for CA cert generation, it generates certificates
that are identical except for the public key.  If multiple controllers are
their own certificate authorities, the switch will receive multiple CA
certs that are identical other than their key.  Unfortunately, OpenSSL
cannot distinguish between them.  This is an excerpt of the
SSL_CTX_load_verify_locations function used by vconn-ssl:

    Certificate matching is done based on the subject name, the key
    identifier (if present), and the serial number as taken from the
    certificate to be verified. If these data do not match, the next
    certificate will be tried. If a first certificate matching the
    parameters is found, the verification process will be performed; no
    other certificates for the same parameters will be searched in case of
    failure.

To work around this, we add a bit of uniqueness to each certificate.  In
this commit, we add the generation time to the subject name.  Please note
that the CN field is limited to 64 bytes, so a bit of name compression
needed to take place in order to fit the time.

Bug #1782
2009-08-13 15:58:38 -07:00
Justin Pettit
a20d2466fc ovs-pki: Add uniqueness to CA certs
When ovs-pki is used for CA cert generation, it generates certificates
that are identical except for the public key.  If multiple controllers are
their own certificate authorities, the switch will receive multiple CA
certs that are identical other than their key.  Unfortunately, OpenSSL
cannot distinguish between them.  This is an excerpt of the
SSL_CTX_load_verify_locations function used by vconn-ssl:

    Certificate matching is done based on the subject name, the key
    identifier (if present), and the serial number as taken from the
    certificate to be verified. If these data do not match, the next
    certificate will be tried. If a first certificate matching the
    parameters is found, the verification process will be performed; no
    other certificates for the same parameters will be searched in case of
    failure.

To work around this, we add a bit of uniqueness to each certificate.  In
this commit, we add the generation time to the subject name.  Please note
that the CN field is limited to 64 bytes, so a bit of name compression
needed to take place in order to fit the time.

Bug #1782
2009-08-13 15:27:19 -07:00