2
0
mirror of https://github.com/openvswitch/ovs synced 2025-08-29 21:38:13 +00:00

1727 Commits

Author SHA1 Message Date
Bala Sankaran
16770c6d91 checkpatch: support macro continuation
Added a test to identify a macro and skip
printing errors if the condition or loop
is part of a macro.

Additional tests are added to checkpatch
testsuite that cover conditionals and
loop constructs.

Signed-off-by: Bala Sankaran <bsankara@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-08-16 10:11:25 -07:00
Ilya Maximets
9551e80bef tests: Use environment variable for default timeout.
Introduce new 'OVS_CTL_TIMEOUT' environment variable
that, if set, will be used as a default timeout for
OVS control utilities. Setting it in 'atlocal.in' will
cover all the hangs inside the testsuite, even when
utils called in a subshell.

Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-08-15 11:36:18 -07:00
Ilya Maximets
cbcf40a847 utilities: Fix and unify parsing of timeout option.
Parsing of the '--timeout' option implemented differently
for every single control utility and, which is more
important, highly inaccurate. In most cases unsigned result
of 'strtoul' stored in signed variable. Parsing failures are
not tracked. 'ovs-appctl' even uses just 'atoi' without any
checking of the argument or result.

This patch unifies the parsing by using 'str_to_uint'.

Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-08-15 11:36:18 -07:00
Ben Pfaff
3267343a84 checkpatch: Improve accuracy and specificity of sign-off checking.
This also makes a start at a testsuite for checkpatch.

CC: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Aaron Conole <aconole@bytheb.org>
2018-08-13 14:52:42 -07:00
Alin Gabriel Serdean
111b58cc79 ofctl: Fixup compare_flows function
In the case there was no sorting criteria the flows on Windows were being
rearranged because it was always returning zero.

Also check if there we need sorting to save a few cycles.

CC: Ben Pfaff <blp@ovn.org>
Co-authored-by: Ben Pfaff <blp@ovn.org>
Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-08-08 21:01:37 +03:00
Bala Sankaran
a9e5ac0f97 checkpatch: warn on possible bare return
void functions do not need to have a return statement, because
such statements are redundant. Warn the user of such instances.

An interim line check is added to allow gathering additional
context for each line that is being processed.

Signed-off-by: Bala Sankaran <bsankara@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-08-06 16:56:51 -07:00
Timothy Redaelli
89caad6a23 utilities: Launch ovsdb-tool without using PAM
When ovsdb-server is starting, it performs some DB steps such as
creating and upgrading the OvS DB. When we are running as
'non-root' user, the 'runuser' tool is used to manage the privileges.
However, when this happens during systemd boot, we observe the following
errors in journald:

Jun 21 07:32:57 virt systemd[1]: session-c1.scope: Failed to add PIDs to
scope's control group: No such process
Jun 21 07:32:57 virt systemd[1]: Failed to start Session c1 of user openvswitch.
Jun 21 07:32:57 virt systemd[1]: session-c1.scope: Unit entered failed state.

According to the analysis performed on openSUSE bugzilla[1], it seems
that ovsdb-server.service creates (via the call to runuser) a user
session and therefore call pam_systemd which in its turn tries to start
a systemd user instance: "user@474.service". However "user@474.service"
is supposed to be started after systemd-user-sessions.service which is
supposed to be started after network.target. Additionally,
ovsdb-server.service uses Before=network.target hence the deadlock.

This commit uses "setpriv" instead of "runuser" to launch "ovsdb-tool" that
doesn't use PAM and so it permits to launch "ovsdb-tool" as a user without
having the deadlock. Since some old versions for "setpriv" (such as the
one used by RHEL7) doesn't support the username / groupname, but only the
user ids / group ids, "id" is used to get the user ID and the group IDs.
To replicate the same behaviour of "runuser", the effective group ID of
the user is used as GID (usually "openvswitch") and the remaining group
IDs are used as supplementary groups (usually "hugetlbfs", if OVS is
built with DPDK support).

[1]: https://bugzilla.suse.com/show_bug.cgi?id=1098630
Reported-by: Markos Chandras <mchandras@suse.de>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2018-July/349716.html
Co-authored-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Signed-off-by: Aaron Conole <aconole@redhat.com>
2018-08-06 15:19:31 -07:00
Ben Pfaff
4111c9304d ovs-ofctl: Better validate OpenFlow message length in "ofp-parse-pcap".
Reported-by: Oscar Wilde <xdxiaobin@gmail.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2018-July/047070.html
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Aaron Conole <aconole@redhat.com>
2018-08-06 15:17:05 -07:00
Timothy Redaelli
1ea9742269 utilities: Install ovs-tcp{dump, undump} also when only Python3 is enabled
Since commit 793bdb6c0500 ("ovs-tcpdump: Fix incompatibilities with python3")
and commit 227abb77d3d1 ("ovs-tcpundump: Fix incompatibilities with python3")
ovs-tcpdump and ovs-tcpdump works with Python3 as well.

This commit allows ovs-tcpdump and ovs-tcpundump to be installed also when
only Python3 is enabled.

Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-08-04 19:19:00 -07:00
Timothy Redaelli
49c5ee21ea utilities: don't use a bashism to check that datapath exists
[[ ]] syntax is not supported, at least, by dash that Debian, Ubuntu and other
linux distributions may use instead of bash.

This commit uses, instead, a POSIX way that is compatible with any POSIX
shell (bash, dash, busybox sh, etc).

CC: Martin Xu <martinxu9.ovs@gmail.com>
Fixes: 9763d17fbd05 ("utilities: check datapath exists before conntrack flush")
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Aaron Conole <aconole@redhat.com>
2018-08-03 17:06:56 -07:00
Mark Michelson
7491caa37f ovn: Modify restart_controller in ovn-ctl to use --restart
The --restart flag allows for uninterrupted packet flowage when exiting
ovn-controller. This patch modifies the restart_controller argument to
ovn-ctl to use --restart.

Signed-off-by: Mark Michelson <mmichels@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-08-02 13:04:43 -07:00
Qiuyu Xiao
c8efec6ef7 ovs-pki: generate x.509 v3 certificate
This patch modifies ovs-pki to generate x.509 version 3 certificate.
Compared with the x.509 v1 certificate generated by ovs-pki, version 3
certificate adds subjectAltName field and sets its value the same as
common name (CN). The main reason for this change is to enable
strongSwan IKE daemon to extract certificate identity string from the
subjectAltName field, which makes OVN IPsec implementation easier.

Signed-off-by: Qiuyu Xiao <qiuyu.xiao.qyx@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-08-01 10:17:19 -07:00
Martin Xu
9763d17fbd utilities: check datapath exists before conntrack flush
As part of "force-reload-kmod," conntrack flush command is issued as
'action "ovs-appctl dpctl/flush-conntrack"'. In case no datapath exists
yet when issuing "force-reload-kmod," there is an error message
"ovs-vswitchd: no datapaths exist\ ovs-appctl: ovs-vswitchd: server
returned an error", which is harmless but potentially shows up as "FAILED."
Add an if condition to check whether datapath exists before running the
conntrack flush command.

VMware-BZ: #2170402
Fixes: 265d70310c69 ("utilities: Fix conntrack flush command")
Signed-off-by: Martin Xu <martinxu9.ovs@gmail.com>
CC: Greg Rose <gvrose8192@gmail.com>
CC: Aaron Conole <aconole@redhat.com>
CC: Justin Pettit <jpettit@ovn.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-07-31 13:54:50 -07:00
Ben Pfaff
ae6f7530bf ofp-actions: Split ofpacts_check__() into many functions.
ofpacts_check__() was a huge switch statement with special cases for many
different kinds of actions.  This made it unwieldy and put the special
cases far away from the rest of the code related to a given action.  This
commit refactors the code to avoid the problem.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Tested-by: Yifeng Sun <pkusunyifeng@gmail.com>
Reviewed-by: Yifeng Sun <pkusunyifeng@gmail.com>
2018-07-31 13:11:13 -07:00
Justin Pettit
206ddb9adb ofproto: Add support for specifying a meter in controller actions.
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
2018-07-30 17:57:13 -07:00
Timothy Redaelli
9ec533122f Permit to build OVS with only Python3 installed
This commit renames HAVE_PYTHON to HAVE_PYTHON2 and PYTHON to PYTHON2
and adds HAVE_PYTHON and PYTHON with a different semantics:
- If PYTHON environment variable is set, use it as PYTHON
- If a python2 interpreter is available, PYTHON became the python2 interpreter
- If a python3 interpreter is available, PYTHON became the python3 interpreter

PYTHON is only used to run the python scripts needed by the build system

NOTE:
Since currently most of the utilities and bugtool doesn't support Python3,
they're installed only if python2 is available. This will be fixed in later
commits.

Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-07-24 16:02:48 -07:00
Timothy Redaelli
793bdb6c05 ovs-tcpdump: Fix incompatibilities with python3
Opening a file with 'rw' in Python3 returns an error, moreover using 'rw' in
Python2 is wrong too since it opens the file using O_RDONLY and not by using
O_RDWR.

This commit fixes it by using the low-level os.open function with O_RDWR
as suggested by the Linux kernel (tuntap.txt) documentation.

This commit fixes also some usual bytes vs string incompatibilities.

Tested on Python 2.7.15 and Python 3.6.5

Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-07-24 16:01:11 -07:00
Timothy Redaelli
227abb77d3 ovs-tcpundump: Fix incompatibilities with python3
Added parenthesis after print and use "as" instead of "," in except.

This commit fixes also a couple of flake8 warnings:

    utilities/ovs-tcpundump:23:1: E302 expected 2 blank lines, found 1
    utilities/ovs-tcpundump:35:1: E305 expected 2 blank lines after class or
    function definition, found 1

Tested on Python 2.7.15 and Python 3.6.5

Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-07-24 16:00:48 -07:00
Jakub Sitnicki
a95199f26a db-ctl-base: Propagate errors from the commands parser.
Let the caller decide how to handle the error. Prepare for using the
parser in ovn-nbctl daemon mode.

Signed-off-by: Jakub Sitnicki <jkbs@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-07-23 16:09:43 -07:00
Ben Pfaff
19041a098e ovs-ofctl: New helper command "parse-packet".
This was useful for testing commit 4fe080160685 ("flow: Fix buffer overread
for crafted IPv6 packets.").

Signed-off-by: Ben Pfaff <blp@ovn.org>
Tested-by: Yifeng Sun <pkusunyifeng@gmail.com>
Reviewed-by: Yifeng Sun <pkusunyifeng@gmail.com>
2018-07-12 16:31:00 -07:00
Jakub Sitnicki
a9f55784c3 ovn-nbctl, ovn-sbctl, ovs-vsctl: Don't dup error message just to report it.
Get rid of a pointless copy operation.

Signed-off-by: Jakub Sitnicki <jkbs@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-07-09 16:42:08 -07:00
Eelco Chaudron
4ef1edf085 utilities: Update gdb script to include mac_learning counters
This patch updates the GDB script "ovs_show_fdb" command to include
the new per mac_learning instance counters.

Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-07-06 14:26:20 -07:00
Justin Pettit
04f803fddc ovs-ofctl: Prefer "del-meters" and "dump-meters".
Previously to delete or dump the meter table, separate commands had to
be used depending on whether one wanted to operate on a single or all
meters.  This change makes it so that the "meter" argument is always
optional regardless of the command.  This is a bit more consistent with
other OVS commands and makes it easier when experimenting to not have to
distinguish between the two cases.

This also fixes an error in the ovs-ofctl man page that show the plural
version of the command supported an optional "meter" argument.

"del-meter" and "dump-meter" can still be used, but their use is no
longer documented.

Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
2018-07-06 14:23:30 -07:00
Justin Pettit
330f6f535e ovs-ofctl: Clarifications in the Meter Syntax man page section.
This also correct an error that indicated that the burst size is kbps,
when it should be kb.

Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
2018-07-06 14:23:21 -07:00
Justin Pettit
76b0525822 OpenFlow: Update documentation to indicate support for virtual meters.
Support was added in commit 9e638f223feb ("ofproto: Support action
upcall meters").

Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
2018-07-06 14:23:18 -07:00
Eelco Chaudron
b23d42a68d utilities: Add upcall related commands to the GDB script
This commit adds ovs_dump_udpif_keys and ovs_show_upcall commands to the GDB script.
Here are some examples of the output:

(gdb) ovs_show_upcall
netdev@ovs-netdev:
  flows         : (current 0) (avg 0) (max 0) (limit 10000)
  dump duration : 1ms
  ufid enabled  : true

  39: (keys 0)
  42: (keys 0)
  41: (keys 0)
  43: (keys 0)
  44: (keys 0)
  45: (keys 0)

system@ovs-system:
  flows         : (current 4000) (avg 4031) (max 4064) (limit 139000)
  dump duration : 4ms
  ufid enabled  : true

  99: (keys 676)
  102: (keys 665)
  101: (keys 656)
  103: (keys 648)
  104: (keys 642)
  105: (keys 713)

(gdb) ovs_dump_udpif_keys
(struct udpif *) 0x1ebb830: name = netdev@ovs-netdev, total keys = 2
(struct udpif *) 0x20c6f00: name = system@ovs-system, total keys = 0

(gdb) ovs_dump_udpif_keys 0x1ebb830
(struct umap *) 0x1ef9328:
  (struct udpif_key *) 0x7f36e0004e40: key_len = 132, mask_len = 144
                                       ufid = 3e529416-83bf-bab4-5c6e-421127a9143a
                                       hash = 0x3d96b11d, pmd_id = 1
                                       state = UKEY_OPERATIONAL
                                       n_packets = 2, n_bytes = 68
                                       used = 1397047436, tcp_flags = 0x0000
(struct umap *) 0x1efb740:
  (struct udpif_key *) 0x7f36dc004c20: key_len = 132, mask_len = 144
                                       ufid = ee98d69f-8298-04dd-844a-4d2abee9f773
                                       hash = 0x2e8077c2, pmd_id = 15
                                       state = UKEY_OPERATIONAL
                                       n_packets = 0, n_bytes = 0
                                       used = 0, tcp_flags = 0x0000

(gdb) ovs_dump_udpif_keys 0x1ebb830 short
(struct umap *) 0x1ef9328:
  (struct udpif_key *) 0x7f36e0004e40:
(struct umap *) 0x1efb740:
  (struct udpif_key *) 0x7f36dc004c20:

Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-07-06 14:18:21 -07:00
Jakub Sitnicki
675b152e99 db-ctl-base: Extend ctl_context with an error message.
Prepare for the command handlers (pre_cmd_*() cmd_*() functions) to
report errors by storing them in the context.

Signed-off-by: Jakub Sitnicki <jkbs@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-07-03 13:19:46 -07:00
Jakub Sitnicki
fd26f9a2bd db-ctl-base: Don't die in ctl_set_column() on error.
Return the error message to the caller instead of reporting it and dying
so that the caller can handle the error without terminating the process
if needed.

Signed-off-by: Jakub Sitnicki <jkbs@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-07-03 13:19:45 -07:00
Aaron Conole
128b46a077 checkpatch: fix patch separator line regex
The separator line always starts with three dashes on a line, optionally
followed by either white-space, OR a single space and a filename.  The
regex would previously match on any three dashes in a row.  This means
that a patch (such as [1]) would trigger the parser state machine to
advance beyond the signed-off checks.

Now, bound the check only to use what git-mailinfo would use as a
separator.
   --- <filename>
   ---<sp>

1: https://mail.openvswitch.org/pipermail/ovs-dev/2018-June/348625.html

Fixes: c599d5ccf316 ("checkpatch.py: A simple script for finding patch issues")
Signed-off-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-07-03 11:41:49 -07:00
Greg Rose
265d70310c utilities: Fix conntrack flush command
This patch fixes two problems.

1) The 'action "ovs-appctl dpctl/flush-conntrack"' does not do
anything because a command does not follow it.

2) Even after adding the command it still doesn't work - it must be
done before the stop_forwarding command.

In addition, make the message more human friendly.

Signed-off-by: Greg Rose <gvrose8192@gmail.com>
Acked-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Justin Pettit <jpettit@ovn.org>
2018-06-29 15:57:47 -07:00
Greg Rose
e95ce654b8 utilities: On RHEL 7 systems clean up after upgrade
When upgrading from older versions of OVS that used the built-in geneve
kernel module on RHEL 7 systems to newer versions that use the 'compat'
vport_geneve and vport_vxlan drivers we need to clean up some cruft
that might have been left over after the upgrade.

Remove any genev_sys_6081 and vxlan_sys_4789 interfaces and then if
the RHEL 7 geneve or vxlan built-in drivers are loaded remove them
before loading the new drivers.

Removing the geneve and vxlan built-in drivers will prevent occurrences
of the "unassociated datapath" errors that can sometimes occur in some
environments.

Signed-off-by: Greg Rose <gvrose8192@gmail.com>
Acked-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Justin Pettit <jpettit@ovn.org>
2018-06-29 15:57:47 -07:00
Aaron Conole
3ccb889989 checkpatch: Only consider certain signoffs
Formatted patches can contain a heirarchy of sign-offs.  This is true when
merging patches from different projects (eg. backports to the datapath
directory from the linux net project).

This means that a submitted backport will contain multiple signed-off
tags, and not all should be considered.

This commit updates checkpatch to only consider those signoff lines which
start at the beginning of a line.  So the following:

  Signed-off-by: Foo Bar <foo@bar.com>

should not trigger.

Signed-off-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-06-25 15:24:38 -07:00
Aaron Conole
de8fa82a48 checkpatch: add quiet option
This allows scripts which only want to process error messages to silence
the normal 'warm and fuzzy' status messages from checkpatch.

Signed-off-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-06-25 15:24:37 -07:00
Justin Pettit
de759da2dd ovs-ofctl: Update man page on conntrack supported platforms.
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
2018-06-20 14:01:55 -07:00
Eelco Chaudron
ef557e2c55 utilities: Add the ovs_show_fdb command to gdb
This adds the ovs_show_fdb command:

  Usage: ovs_show_fdb {<bridge_name> {dbg} {hash}}

  <bridge_name> : Optional bridge name, if not supplied FDB summary
                  information is displayed for all bridges.
  dbg           : Will show structure address information
  hash          : Will display the forwarding table using the hash
                  table, rather than the rlu list.

Some examples:

  (gdb) ovs_show_fdb
  br0        : (struct mac_learning *) 0x139c160
      table.n         : 0
      secret          : 0x6c42c707
      idle_time       : 300
      max_entries     : 2048
      ref_count       : 2
      need_revalidate : false
      ports_by_ptr.n  : 0
      ports_by_usage.n: 0
  br1        : (struct mac_learning *) 0x139b0b0
      table.n         : 0
      secret          : 0xcf8efaf8
      idle_time       : 300
      max_entries     : 2048
      ref_count       : 2
      need_revalidate : false
      ports_by_ptr.n  : 0
      ports_by_usage.n: 0
  ovs_pvp_br0: (struct mac_learning *) 0x137b470
      table.n         : 4
      secret          : 0x623e75ad
      idle_time       : 300
      max_entries     : 2048
      ref_count       : 2
      need_revalidate : false
      ports_by_ptr.n  : 4
      ports_by_usage.n: 4

  (gdb) ovs_show_fdb  ovs_pvp_br0
  table.n         : 4
  secret          : 0x623e75ad
  idle_time       : 300
  max_entries     : 2048
  ref_count       : 2
  need_revalidate : false
  ports_by_ptr.n  : 4
  ports_by_usage.n: 4

  FDB "lrus" table:
  port               VLAN  MAC                Age out @
  -----------------  ----  -----------------  ---------
  02[vnet2]             0  52:54:00:b6:de:1e      81501
  01[vnet0]             0  52:54:00:0b:60:6e      81501
  03[vnet4]             0  52:54:00:89:32:4c      81501
  0LOCAL[ovs_pvp_br     0  5e:26:7b:41:28:46      81501

  Total MAC entries: 4

  Current time is between 81198 and 81203 seconds.

Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-06-20 10:20:06 -07:00
Ben Pfaff
16ee87263e ovs-sim: Don't install manpage at all (except from ovs-sim itself).
ovs-sim is a funny utility since it only works from a build tree, not from
an installed OVS.  That means that we shouldn't install its manpage when
we run "make install".  But we do want to install the manpage when we're
inside ovs-sim itself, so that the user can invoke "man ovs-sim" from its
nested shell.

This commit makes this happen.

Suggested-by: Roi Dayan <roid@mellanox.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Roi Dayan <roid@mellanox.com>
2018-06-18 15:24:29 -07:00
Aaron Conole
15117123c5 ovs-kmod-ctl: introduce a kernel module load script
Currently, Open vSwitch on linux embeds the logic of loading and unloading
kernel modules into the ovs-ctl and ovs-lib script files.  This works, but
it means that there is no way to leverage extended filesystem attributes
to grant fine grain permissions relating to module loading.

The split out utility 'ovs-kmod-ctl' will be used in an upcoming commit
for RHEL-based distributions to have a separate transition domain that
will allow module loading to be given to a separate selinux domain from
the openvswitch_t domain.

Acked-by: Ansis Atteka <aatteka@ovn.org>
Acked-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Aaron Conole <aconole@redhat.com>
2018-06-17 19:32:06 -07:00
Eelco Chaudron
425620614f Utilities: Add the simap and netdev_provider dump commands to gdb
This changes add two additional gdb commands:

- ovs_dump_netdev_provider
- ovs_dump_ovs_list <struct simap *>

Here are some examples of their output:

ovs_dump_netdev_provider:
=========================

  (gdb) ovs_dump_netdev_provider
  (struct netdev_registered_class *) 0x2b2c540: refcnt = {count = 3},
      (struct netdev_class *) 0x9555c0 = {type = tap, is_pmd = false, ...},
  (struct netdev_registered_class *) 0x2b2c5a0: refcnt = {count = 2},
      (struct netdev_class *) 0xc439d8 = {type = vxlan, is_pmd = false, ...},
      (struct vport_class *) 0xc439d0 = { dpif_port = vxlan_sys, ... }
  (struct netdev_registered_class *) 0x2b2c960: refcnt = {count = 1},
      (struct netdev_class *) 0xc442f8 = {type = ip6erspan, is_pmd = false, ...},
      (struct vport_class *) 0xc442f0 = { dpif_port = ip6erspan_sys, ... }
  (struct netdev_registered_class *) 0x2b2c980: refcnt = {count = 1},
      (struct netdev_class *) 0xc44540 = {type = ip6gre, is_pmd = false, ...},
      (struct vport_class *) 0xc44538 = { dpif_port = ip6gre_sys, ... }
  (struct netdev_registered_class *) 0x2b2ebe0: refcnt = {count = 3},
      (struct netdev_class *) 0x95b8c0 = {type = dpdk, is_pmd = true, ...},

ovs_dump_ovs_list:
==================

  (gdb) b memory_report
  Breakpoint 1 at 0x753190: file lib/memory.c, line 136.
  (gdb) set want_report=1
  (gdb) c
  Continuing.

  Breakpoint 1, memory_report (usage=usage@entry=0x7fff0683d920) at lib/memory.c:136
  136	{
  (gdb) p usage
  $20 = (const struct simap *) 0x7fff0683d920
  (gdb) p* usage
  $21 = {map = {buckets = 0x2b64df0, one = 0x0, mask = 3, n = 4}}
  (gdb) p *usage
  (gdb) ovs_dump_simap usage
  handlers    : 40 / 0x28
  ports       : 6 / 0x6
  revalidators: 16 / 0x10
  rules       : 10 / 0xa

Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-06-15 11:47:24 -07:00
Eelco Chaudron
b9683ff014 Utilities: Add the ovs_dump_dp_provider command to the gdb script
This change adds the ovs_dump_dp_provider command, which allows
dumping of all the registered registered_dpif_class structures.

In addition it has some small internal cleanups.

Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-06-15 11:46:41 -07:00
Justin Pettit
0035ab47b1 ovs-dpctl: Remove redundant documentation from man page.
Remove descriptions of options that are already described with the
command.  These options were not staying current with the commands that
supported them.

Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
2018-06-15 01:08:40 -07:00
Ben Pfaff
5a0e4aec1a treewide: Convert leading tabs to spaces.
It's always been OVS coding style to use spaces rather than tabs for
indentation, but some tabs have snuck in over time.  This commit converts
them to spaces.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
2018-06-11 15:32:00 -07:00
Greg Rose
a94f9524db Revert "utilities/ovs-ctl: Force removal of ip_gre/gre"
This reverts commit 2bdd1f3d96a86bea6bdb8788f23ec7dd99b289e3.

This is the wrong direction for the solution to the ip_gre/gre kernel
module conflicts, as reported by Jiri Benc <jbenc@redhat.com> and others in
https://mail.openvswitch.org/pipermail/ovs-dev/2018-June/347803.html and
elsewhere in the same thread

Rather than attempting to force the removal of the ip_gre/gre kernel
modules, which often fails because they're in use, we will add a patch that
does not cause the openvswitch kernel module to fail to load when the
ip_gre/gre protocol entry points are already claimed.

Signed-off-by: Greg Rose <gvrose8192@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: William Tu <u9012063@gmail.com>
2018-06-05 10:37:53 -07:00
Greg Rose
2bdd1f3d96 utilities/ovs-ctl: Force removal of ip_gre/gre
On Linux kernels older than 4.16 the user cannot take advantage of
OVS ERSPAN features if the older ip_gre and gre kernel modules are
loaded.  In addition, the openvswitch kernel module will fail to
load because it cannot grab the IPPROTO_GRE inet protocol handler
since the gre kernel module has already taken it.

Update the force_reload_kmod() script function to force removal
of the ip_gre and gre built-in kernel modules so that the openvswitch
kernel module can load and provide support for ERSPAN.

Signed-off-by: Greg Rose <gvrose8192@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-06-01 07:16:01 -07:00
Jan Scheurich
06db81ccfe ofproto-dpif: Use dp_hash as default selection method
The dp_hash selection method for select groups overcomes the scalability
problems of the current default selection method which, due to L2-L4
hashing during xlation and un-wildcarding of the hashed fields,
basically requires an upcall to the slow path to load-balance every
L4 connection. The consequence are an explosion of datapath flows
(megaflows degenerate to miniflows) and a limitation of connection
setup rate OVS can handle.

This commit changes the default selection method to dp_hash, provided the
bucket configuration is such that the dp_hash method can accurately
represent the bucket weights with up to 64 hash values. Otherwise we
stick to original default hash method.

We use the new dp_hash algorithm OVS_HASH_L4_SYMMETRIC to maintain the
symmetry property of the old default hash method.

A controller can explicitly request the old default hash selection method
by specifying selection method "hash" with an empty list of fields in the
Group properties of the OpenFlow 1.5 Group Mod message.

Update the documentation about selection method in the ovs-ovctl man page.

Revise and complete the ofproto-dpif unit tests cases for select groups.

Signed-off-by: Jan Scheurich <jan.scheurich@ericsson.com>
Signed-off-by: Nitin Katiyar <nitin.katiyar@ericsson.com>
Co-authored-by: Nitin Katiyar <nitin.katiyar@ericsson.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-05-25 15:07:31 -07:00
Ben Pfaff
9a6b896118 ovs-sim: Support backup and clustered databases for ovn.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
2018-05-25 14:26:03 -07:00
Ben Pfaff
15f6255fdd ovs-vsctl, ovn-nbctl, ovn-sbctl, vtep-ctl: Parse options before logging.
These utilities logged the command very early, before parsing the options
or the command.  This meant that logging options (like --log-file or
-vsyslog:off) weren't considered for the purpose of logging the command.
This fixes the problem.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
2018-05-25 14:25:54 -07:00
Ben Pfaff
2128f9b4d2 ovs-sim, ovs-sandbox: Turn off logging to syslog.
There's no value in having these testing tools log to syslog.  It just
pollutes the system log.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
2018-05-25 14:25:52 -07:00
Ben Pfaff
59cff954e6 ovs-sim: Install RST manpages into simulation environment too.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
2018-05-25 14:25:49 -07:00
Ben Pfaff
ea38b8931a ovs-sim: Convert documentation to RST format.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
2018-05-25 14:25:43 -07:00
Ben Pfaff
7b809df952 Add OpenFlow extensions for group support in OpenFlow 1.0.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
2018-05-17 08:16:06 -07:00