A cls_rule is 324 bytes on i386 now. The cost of a flow table lookup is
currently proportional to this size, which is going to continue to grow.
However, the required cost of a flow table lookup, with the classifier that
we currently use, is only proportional to the number of bits that a rule
actually matches. This commit implements that optimization by replacing
the match inside "struct cls_rule" by a sparse representation.
This reduces struct cls_rule to 100 bytes on i386.
There is still some headroom for further optimization following this
commit:
- I suspect that adding an 'n' member to struct miniflow would make
miniflow operations faster, since popcount() has some cost.
- It's probably possible to replace the "struct minimatch" in cls_rule
by just a "struct miniflow", since the cls_rule's cls_table has a
copy of the minimask.
- Some of the miniflow operations aren't well-optimized.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Until now, "struct cls_rule" didn't own any data outside its own memory
block. An upcoming commit will make "struct cls_rule" sometimes own blocks
of memory, so it needs "destroy" and to a lesser extent "clone" functions.
This commit adds these in advance, even though they are mostly no-ops, to
make it possible to separately review the memory management.
Signed-off-by: Ben Pfaff <blp@nicira.com>
In order to form a stats message for the prevailing OpenFlow version
of a vconn the vconn needs to be open at the time the request is
encoded. Thus there is no longer a case where it makes sense to
use dump_stats_transaction() without a vconn already being open and
available to pass as a parameter.
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
The autopath action is an obsolete attempt to replicate
functionality contained in the bundle action. It is ugly and of
questionable usefulness. This patch deprecates it and schedules
its removal for February 2013. If there are concerns, please email
dev@openvswitch.org.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Currently, if a controller having a nonzero id registers to get a
OFPR_INVALID_TTL async message, it will not receive it. This is because
compose_dec_ttl() only sent the invalid ttl packets to the default controller
id. NXAST_DEC_TTL_CNT_IDS is a new action that accepts a list of controller
ids, each separated by `,', to which the OFPR_INVALID_TTL packets must be sent.
The earlier requirement of the controller having to explicitly register to
receive these asynchronous messages is retained.
The syntax of this action is:
dec_ttl(id1,id2)
where id1, id2 are valid controller ids.
Signed-off-by: Mehak Mahajan <mmahajan@nicira.com>
Rob Sherwood reported a bug in OVS treatment of ofp10_match bytes that
should be ignored some time ago:
> In any case, the pktact.SingleWildcardMatch and
> pktact.AllExceptOneWildcardMatch tests were failing because it looks
> like OVS (v1.4 release) was not matching vlan tagged packets when the
> match wildcarded vlan but the dl_vlan value (which should be ignored,
> because it is wildcarded) was non-zero. We've worked around this in
> OFTest by making sure that the dl_vlan value is zero when vlan is
> wildcarded and now the test passes.
>
> In other words:
>
> if (ofp_match->wildcards&OFPFW_DL_VLAN) is true, then the match should
> match both tagged and untagged packets, independent of the value of
> ofp_match->dl_vlan. OVS (seemingly) only matches tagged packets if
> ofp_match->dl_vlan == 0.
I wasn't able to spot the problem at the time, and I still don't see a
problem (perhaps it has been fixed since then), but this commit should
prevent any regression for this specific problem and for anything like it.
It would be natural to modify the parse-ofp11-match test in the same way,
but this commit doesn't do it.
Rob's original bug report is at:
https://mailman.stanford.edu/pipermail/openflow-discuss/2012-March/003107.html
Reported-by: Rob Sherwood <rob.sherwood@bigswitch.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Until now, ovs-controller and the learning-switch code split responsibility
for the OpenFlow connection. This commit moves all the responsibility into
the learning-switch code.
The rationale here is twofold. First, the split itself seems odd; I think
there must have been a reason for it at one time, but I don't remember it
and don't see one anymore. Second, I intend to make the lswitch code more
stateful in upcoming commits, and it seems odd to have the lswitch manage
quite a bit of state but not the entity that that state applies to.
Signed-off-by: Ben Pfaff <blp@nicira.com>
In the case of Open Flow 1.2, which is currently the only
time that OXM is be used, there is a 4 byte header before
the match which needs to be taken into account when calculating
the pad length. This complicates nx_match pull and put somewhat.
This patch takes an approach suggested by Ben Pfaff to separate the
encoding of the match and the adding of padding and, in the case of OXM,
a header.
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
The usual manpage style is to write metasyntactic variable names in
lowercase, so this commit adopts that consistently.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Some in-tree and out-of-tree code sets the OVS_SYSCONFDIR environment
variable to control where /etc files go (mostly for test purposes). When
the database directory (dbdir) was split off from the sysconfdir, the
configure-time default continued to be based on the sysconfdir, but
overriding the sysconfdir at runtime with OVS_SYSCONFDIR didn't have any
effect on the dbdir, which caused a visible change in behavior for code
that set the OVS_SYSCONFDIR environment variable. This commit reverts that
change in behavior, by basing the dbdir on OVS_SYSCONFDIR if that
environment variable is set (but the OVS_DBDIR environment variable is
not).
Signed-off-by: Ben Pfaff <blp@nicira.com>
The default is unchanged, /etc/openvswitch/conf.db.
This makes it possible to transition each Open vSwitch packaging from
/etc/openvswitch/conf.db to /var/lib/openvswitch/conf.db independently.
Signed-off-by: Ben Pfaff <blp@nicira.com>
FreeBSD doesn't have "date -r" and calls its sha1 hash tool "sha1".
Signed-off-by: Ed Maste <emaste@freebsd.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>
OpenFlow headers are not as uniform as they could be, with size, alignment,
and numbering changes from one version to another and across varieties
(e.g. ordinary messages vs. "stats" messages). Until now the Open vSwitch
internal APIs haven't done a good job of abstracting those differences in
header formats. This commit changes that; from this commit forward very
little code actually needs to understand the header format or numbering.
Instead, it can just encode or decode, or pull or put, the header using
a more abstract API using the ofpraw_, ofptype_, and other APIs in the
new ofp-msgs module.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Tested-by: Simon Horman <horms@verge.net.au>
Reviewed-by: Simon Horman <horms@verge.net.au>
The datapath port number influences the OpenFlow port number in
ovs-vswitchd. The new "port_no" option for the "add-if" command allows
the user to request a specific datapath port number.
Feature #12642
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Previously, the force-reload-kmod command would stop forwarding, stop
the database, restart the database, and then restart forwarding. If the
database is large, it can take a while to be read (we've seen as much as
10 seconds), which means the switch is not forwarding traffic during
that time.
This change stops and starts the database before restarting the
forwarding path. This means that ovs-vswitchd will lose its
connectivity to the database during a force-reload-kmod, but while it
will complain a little in the logs, it will continue to operate
properly.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Feature #12643
It is possible for "struct ofpact"s to differ bytewise even if they are
equivalent when converted to another representation, such as OpenFlow 1.0
action format or a string representation. This can cause "ovs-ofctl
diff-flows" to print surprising false "differences", e.g. as in the bug
report:
- actions=resubmit(,1)
+ actions=resubmit(,1)
This commit fixes the problem by comparing not just the ofpacts but also
the string representation and printing a difference only if both differ.
Bug #8899.
Reported-by: Luca Giraudo <lgiraudo@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Option --ovs is added for ovs-bugtool command to collect
only OpenvSwitch relevant information. To perform
filtering in plugins, a new xml attribute filters="ovs" (optional)
would be required in element 'command','files','directory' in
openvswitch.xml. Value of 'filters' attribute will be compared
with filtering option in load_plugins to get all relevant operation
to collect information. If no "--ovs" option is passed then it will
behave as earlier.
Fixed an issue which occurs in scenario where option '--yestoall'
is not passed and user keeps entering "y" or "n" on prompt.
Plus, trailing whitespaces are fixed. White space before '=' and
after in function def and call is also fixed.
Signed-off-by: Arun Sharma <arun.sharma@calsoftinc.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This will be more useful later when we introduces "worker" subprocesses.
I don't have any current plans to introduce threading, but I can't
think of a disadvantage to wording this in a general manner.
Signed-off-by: Ben Pfaff <blp@nicira.com>
This follows the form of the OF1.1 match decoding and encoding test that I
wrote a while back, which seems to be a good form to use.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Tested-by: Simon Horman <horms@verge.net.au>
Commit 4ce9c31573 (ovs-ofctl: Factor code out of read_flows_from_switch().)
introduced a use-after-free error, fixed by this change.
Also adds a unit test for "ovs-ofctl diff-flows" that would have found the
problem. (The bug report cited "diff-flows" but this bug was present in
dump-flows as well because they share common code.)
Bug #12461.
Reported-by: James Schmidt <jschmidt@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
The implementation of "ofctl/block" used a nested poll loop, with an inner
call to unixctl_server_run(). This poll loop always ran inside an outer
call to unixctl_server_run(), since that's the context within which unixctl
command implementations run. That means that, if a unixctl connection got
closed within the inner poll loop, and the outer poll loop happened to be
processing the same unixctl connection, then the outer poll loop would
dereference data in the freed connection.
The simplest solution is to avoid a nested poll loop, so that's what this
commit does.
This didn't cause a failure in the unit tests on i386 (which is why I
didn't catch it before pushing) but it did, reliably, on x86-64, and it
showed up in valgrind everywhere.
Signed-off-by: Ben Pfaff <blp@nicira.com>
OpenFlow switching monitoring and controller coordination can be made more
efficient if the switch can notify a controller of flow table changes as
they occur, rather than periodically polling for changes. This commit
implements such a feature.
Feature #6633.
CC: Natasha Gude <natasha@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
The logic in do_dump_flows__() went to some trouble to open an OpenFlow
connection and set the correct protocol, but then it allowed
dump_stats_transaction() to create and use a completely different OpenFlow
connection that hadn't been prepared that way. This commit fixes the
problem.
I don't think that there is a real bug here because currently the set of
protocols doesn't influence flow stats replies. But that could change in
the future.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Rename do_* in ovs-dpctl and ovs-ofctl command with "dpctl_" or "ofctl_"
prefix.
Rename add_flow with dp_netdev_flow_add in lib/dpif-netdev.c.
Signed-off-by: Arun Sharma <arun.sharma@calsoftinc.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
The ovs-lib strace wrapper requires the -D (run tracer process as a
detached grandchild, not as parent) option which does not exist in
older versions. This patch falls back to attaching to the running
process when the -D option does not exists.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
os.listdir("/proc/%d/fd" % pid) throws OSError if 'pid' died since the
list of pids was obtained.
Bug #12375.
Reported-by: Amey Bhide <abhide@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
So far, only the Apply-Actions instruction is supported, and only
actions that have identical semantics to OpenFlow 1.0 actions.
Co-authored-by: Simon Horman <horms@verge.net.au>
Co-authored-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>
OpenFlow actions have always been somewhat awkward to handle.
Moreover, over time we've started creating actions that require more
complicated parsing. When we maintain those actions internally in
their wire format, we end up parsing them multiple times, whenever
we have to look at the set of actions.
When we add support for OpenFlow 1.1 or later protocols, the situation
will get worse, because these newer protocols support many of the same
actions but with different representations. It becomes unrealistic to
handle each protocol in its wire format.
This commit adopts a new strategy, by converting OpenFlow actions into
an internal form from the wire format when they are read, and converting
them back to the wire format when flows are dumped. I believe that this
will be more maintainable over time.
Thanks to Simon Horman and Pravin Shelar for reviews.
Signed-off-by: Ben Pfaff <blp@nicira.com>
ovs-l3ping is similar to ovs-test, but the main difference
is that it does not require administrator to open firewall
holes for the XML/RPC control connection. This is achieved
by encapsulating the Control Connection over the L3 tunnel
itself.
This tool is not intended as a replacement for ovs-test,
because ovs-test covers much broader set of test cases.
Sample usage:
Node1: ovs-l3ping -s 192.168.122.236,10.1.1.1 -t gre
Node2: ovs-l3ping -c 192.168.122.220,10.1.1.2,10.1.1.1 -t gre
Issue#11791
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
