Netcat is different on each platform I tried (Debian, Ubuntu, RHEL),
so rather than handling version differences it's better to just do the
same test with some hardcoded packets.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Use OpenFlow bundles for setting up flow tables. This has the benefit
that when debugging test failures, no packet gets processed by
partially set-up flow table, which may seem confusing.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Create all bridges with the same set of supported OpenFlow protocols
and fail-safe-mode secure, so that each test explicitly specifies flow
handling.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
This allows us to remove nxm_put_ct_label() with something more general.
It will also have other callers later.
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Instead of taking the source and destination as arguments, make these
functions act like their short and long counterparts.
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Protocol-independent symbols OFPG_* were already defined in
openflow-common.h, so remove the protocol version dependent symbols.
Found by inspection.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Backslashes are necessary if you put OVN syntax inside a quoted string, but
it's not part of the syntax itself and might confuse readers.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Russell Bryant <russell@ovn.org>
The inet_get_local_port_range() function is defined as a 3-parameter
version in the backported net/ip.h, however some versions of RHEL7
kernel use the 2-parameter version in their net/udp.h header. We need to
make sure that our net/ip.h is first included, then undef our overriding
3-parameter version, include the system net/udp.h, then redefine our
overriding 3-parameter version so that it may be used inside OVS code.
This header needs to include net/ip.h here as some files may not include
it prior to net/udp.h, in which case the logic we have to define the
right version while including the system net/udp.h will not work.
Specifically this fixes issues on kernel 3.10.0-229.7.2.el7.x86_64
(perhaps earlier as well; some later versions make this unnecessary).
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Update the BFD todo item to clarify where we might use BFD as it
previously seemed to imply we wanted to enable it for all
hypervisor-to-hypervisor tunnels.
Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-By: Kyle Mestery <mestery@mestery.com
Acked-by: Ben Pfaff <blp@ovn.org>
When there are PtP TUN devices on the system or SIT devices, tests will fail
because of a warning that it was not possible to get their Ethernet addresses.
That call comes from the route code adding tunnel ports.
Make that warning an informational message and filter that out during tests.
Also, return EINVAL when trying to get those interface Ethernet addresses, which
will prevent them from being added to the tunnel ports pool and will properly
fail in other places as well.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
The hardcoded ovsdb port causes problems when hooking up xenserver to
different SDN stacks. Changing this to a variable at the start of the
script makes it easier to update this when needed (using chef/puppet/etc)
Signed-off-by: Sten Spans <sten@blinkenlights.nl>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Ovsdb-idl notifies a client that something changed; it does not track
which table, row changed in what way (insert, modify or delete).
As a result, a client has to scan or reconfigure the entire idl after
ovsdb_idl_run(). This is presumably fine for typical ovs schemas where
tables are relatively small. In use-cases where ovsdb is used with
schemas that can have very large tables, the current ovsdb-idl
notification mechanism does not appear to scale - clients need to do a
lot of processing to determine the exact change delta.
This change adds support for:
- Table and row based change sequence numbers to record the
most recent IDL change sequence numbers associated with insert,
modify or delete update on that table or row.
- Change tracking of specific columns. This ensures that changed
rows (inserted, modified, deleted) that have tracked columns, are
tracked by IDL. The client can directly access the changed rows
with get_first, get_next operations without the need to scan the
entire table.
The tracking functionality is not enabled by default and needs to
be turned on per-column by the client after ovsdb_idl_create()
and before ovsdb_idl_run().
/* Example Usage */
idl = ovsdb_idl_create(...);
/* Track specific columns */
ovsdb_idl_track_add_column(idl, column);
/* Or, track all columns */
ovsdb_idl_track_add_all(idl);
for (;;) {
ovsdb_idl_run(idl);
seqno = ovsdb_idl_get_seqno(idl);
/* Process only the changed rows in Table FOO */
FOO_FOR_EACH_TRACKED(row, idl) {
/* Determine the type of change from the row seqnos */
if (foo_row_get_seqno(row, OVSDB_IDL_CHANGE_DELETE)
>= seqno)) {
printf("row deleted\n");
} else if (foo_row_get_seqno(row, OVSDB_IDL_CHANGE_MODIFY)
>= seqno))
printf("row modified\n");
} else if (foo_row_get_seqno(row, OVSDB_IDL_CHANGE_INSERT)
>= seqno))
printf("row inserted\n");
}
}
/* All changes processed - clear the change track */
ovsdb_idl_track_clear(idl);
}
Signed-off-by: Shad Ansari <shad.ansari@hp.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
There is currently no mechanism in IDL to fetch specific column values
on-demand without having to register them for monitoring. In the case
where the column represent a frequently changing entity (e.g. counter),
and the reads are relatively infrequent (e.g. CLI client), there is a
significant overhead in replication.
This patch adds support in the Python IDL to register a subset of the
columns of a table as "readonly". Readonly columns are not replicated.
Users may "fetch" the readonly columns of a row on-demand. Once fetched,
the columns are not updated until the next fetch by the user. Writes by
the user to readonly columns does not change the value (both locally or
on the server).
The two main user visible changes in this patch are:
- The SchemaHelper.register_columns() method now takes an optionaly
argument to specify the subset of readonly column(s)
- A new Row.fetch(columns) method to fetch values of readonly columns(s)
Usage:
------
# Schema file includes all columns, including readonly
schema_helper = ovs.db.idl.SchemaHelper(schema_file)
# Register interest in columns with 'r' and 's' as readonly
schema_helper.register_columns("simple", [i, r, s], [r, s])
# Create Idl and jsonrpc, and wait for update, as usual
...
# Fetch value of column 'r' for a specific row
row.fetch('r')
txn.commit_block()
print row.r
print getattr(row, 'r')
# Writing to readonly column has no effect (locally or on server)
row.r = 3
print row.r # prints fetched value not 3
Signed-off-by: Shad Ansari <shad.ansari@hp.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Make the packet out and trace processing perform the same actions
checks as flow mod processing does.
This used to be the case before, but at some point these have diverged
to perform different combinations of checks.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Meter requests should use dump/stats transaction, instead of
transact_noreply, which caused the output to go to stderr and an error
exit.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
vtep/vtep.xml : Tunnel table definitions were reviewed against
latest OVS schema.
Relevant changes taken into HW VTEP schema.
XML formatting of Tunnel table corrected
Signed-off-by: Ariel Tubaltsev <tubaltzev@gmail.com>
Acked-by: Bruce Davie <bdavie@vmware.com>
Signed-off-by: Russell Bryant <russell@ovn.org>
Although netdev does explicit locking, it is only valid from the ovs
perspective, then only the ring ends used by ovs should be declared as
single producer/consumer.
The other ends that are used by the application should be declared as
multiple producer/consumer that is the most general case.
Signed-off-by: Mauricio Vasquez B <mauricio.vasquezbernal@studenti.polito.it>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Calling VLOG_FATAL() while holding the 'log_file_mutex" may lead to
deadlock since VLOG_FATAL() implementation tries to acquire the
same lock. Fix this by building the error message first, then
call VLOG_FATAL() after the 'log_file_mutex' has been released.
This bug is not likely show up in practice since chown() usually
won't fail. It is still better to have a correct implementation.
Reported-by: Daniele Di Proietto <ddiproietto@vmware.com>
Signed-off-by: Andy Zhou <azhou@ovn.org>
Acked-by: Daniele Di Proietto <ddiproietto@vmware.com>
Docker multi-host networking is now part of
Docker 1.9.
This commit adds two drivers for OVN integration
with Docker. The first driver is a pure overlay driver
that does not need OpenStack integration. The second driver
needs OVN+OpenStack.
The description of the Docker API exists here:
https://github.com/docker/libnetwork/blob/master/docs/remote.md
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@ovn.org>
All of these links when viewing OVN-Tutorial on github, but most of
these links didn't work when viewing OVN-Tutorial.md.html in dist-docs.
Use full github links so that they always work (as long as you have
internet access).
Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-By: Kyle Mestery <mestery@mestery.com>
By default, Unix domain sockets are created with file system permission
mode of 0700. This means that only processes that runs under the same
user can access this socket.
For OVS, it may be more convenient to control access at the group
level rather than at the user level, since other processes need to
access OVSDB and UNIXCTL sockets while running under different users.
This patch changes Unix domain sockets' file system permission to 0770,
to grant group access.
It has not been an issue in the past since OVS, until very recently,
had to run as root. If a process needed to access OVSDB or UNIXCTL
sockets, it had to be a root process as well.
With the added --user option to OVS daemons and this change, system
administrators can deploy OVS more securely: OVS daemons can run as
a non root user. Various processes that need to talk to OVS does not
have to run as root process anymore.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ansis Atteka <aatteka@nicira.com>
vlog log file can be created when parsing --log-file option, before
switching user, in case the --user option is also specified. While this
does not directly cause errors for the running daemons, it can
leave the log files on the disk as created under the "root" user.
This patch fix the log file ownership to the user specified with --user.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ansis Atteka <aatteka@nicira.com>
A global variable 'switch_user' was used to make sure
we switch process's current user only once. This logic is now
simplified by testing for uid directly; if switch process has
taken place, the current uid will be not be zero.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ansis Atteka <aatteka@nicira.com>
This tests that resubmits return as expected when conntrack is used
with recirculation to another table.
Signed-off-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Joe Stringer <joestringer@nicira.com>
If conntrack recirculates, it should not stop processing the current
pipeline. The cloned packet will begin processing in the table specified
with the current metadata and action set; The current copy of the packet
will continue processing, including to return back to prior resubmit()
calls.
Reported-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Some versions of groff use termcap sequences for bold, italic, etc. by
default. The dist-docs script doesn't cope with those; it expects
sequences based on backspacing and overprinting. This commit fixes the
problem by setting an environment variable GROFF_NO_SGR that forces groff
to use backspacing.
Found on Fedora.
Reported-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Russell Bryant <rbryant@redhat.com>
'n' is the number of keys, which are grouped into blocks of L2_SIZE
indexes. Even if only one key in a block is allocated, the whole block has
a pointer to it that must be freed. Thus, we need to round up instead of
down.
Reported-at: https://github.com/openvswitch/ovs/pull/87
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
[cascardo: use IPv4-mapped IPv6 addresses]
Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Co-authored-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
lookup_ip will emit an error when used with an IPv6 address, like below.
2015-10-20T18:48:22.357Z|00036|socket_util|ERR|"2001:cafe::92" is not a valid IP address
Verify if address looks like IPv6 before giving it to either lookup_ip or
lookup_ipv6.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
These functions will be used by the next patches.
Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
The stage names were getting long and throwing off the formatting when
dumping the logical flows.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>
To decrement the IP TTL, the existing TTL can't be less than two. The
field is not bit-maskable, though, so "ip.ttl < 2" will not work.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>
