This commit fixes unwanted whitespace in the ovs
bash completion script output.
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>
The standard mode for printing flows doesn't always provide the full
range of information that is available, particularly with the UFID
changes. Turn on more detail.
Suggested-by: Justin Pettit <jpettit@nicira.com>
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Gurucharan Shetty <gshetty@nicira.com>
This utility isn't going to be as portable as most of the Open vSwitch
utilities, unfortunately. I'm happy to take improvements to make it
able to work with, e.g., the "man" program from BSD. (I haven't tested
with that program, but I suspect that it is somewhat different from the
GNU version.)
The output of this program can already be viewed at:
http://openvswitch.org/support/dist-docs/
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Thomas Graf <tgraf@noironetworks.com>
ovs-vsctl has the concept of a VLAN (or "fake") bridge, which is a
sort of a sub-bridge that receives only packets on a particular VLAN.
There is no way to distinguish two VLAN bridges with the same parent on the
same VLAN, but until now ovs-vsctl did not prevent creating duplicates or
report them. This commit fixes the problem.
Reported-by: rwxybh
Reported-at: https://github.com/openvswitch/ovs/issues/21
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Thomas Graf <tgraf@noironetworks.com>
Document that mod-group rather than del-group requires the type field.
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Mention that the AUTO detection of admin point to point MAC parameter
is not implemented.
Signed-off-by: Martino Fornasa <mf@fornasa.it>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
This patch adds a new functions classifier_defer() and
classifier_publish(), which control when the classifier modifications
are made available to lookups. By default, all modifications are made
available to lookups immediately. Modifications made after a
classifier_defer() call MAY be 'deferred' for later 'publication'. A
call to classifier_publish() will both publish any deferred
modifications, and cause subsequent changes to to be published
immediately.
Currently any deferring is limited to the visibility of the subtable
vector changes. pvector now processes modifications mostly in a
working copy, which needs to be explicitly published with
pvector_publish(). pvector_publish() sorts the working copy and
removes gaps before publishing it.
This change helps avoiding O(n**2) memory behavior in corner cases,
where large number of rules with different masks are inserted or
deleted.
VMware-BZ: #1322017
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Previously, accurate iteration required writers to be excluded during
iteration. This patch adds an rculist to struct cls_subtable, and a
corresponding list node to struct cls_rule, which makes iteration more
straightforward, and allows the iterators to remain ignorant of the
internals of the cls_match. This new list allows iteration of rules
in the classifier by traversing the RCU-friendly subtables vector, and
the rculist of rules in each subtable.
Classifier modifications may be performed concurrently, but whether or
not the concurrent iterator sees those changes depends on the timing
of change. More specifically, an concurrent iterator:
- May or may not see a rule that is being inserted or removed.
- Will see either the new or the old version of a rule that is replaced.
- Will see all the other rules (that are not being modified).
Finally, The subtable's rculist also allows to make
classifier_rule_overlaps() lockless, which this patch also does.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
'rstp-admin-port-state' is the Administrative Bridge Port state
variable defined in the 802.1D-2004 standard. It can be set to
include or exclude a port from the active topology by management
(section 7.4).
operPointToPointMAC and 'rstp-admin-p2p-mac' are a pair of parameters
that permit inspection of, and control over, the administrative and
operational state of the point-to-point status of the MAC entity by
the MAC Relay Entity. adminPointToPointMAC can be set by management
and its value is reflected on operPointToPointMAC.
Signed-off-by: Daniele Venturino <daniele.venturino@m3s.it>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
(Draft) OpenFlow 1.5 flow mod commands include commands to manipulate the
buckets of existing groups. This patch add support to ovs-ofctl for these
commands. It also adds documentation and tests for them.
ONF-JIRA: EXT-350
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This is part of support for (draft) OpenFlow 1.5 flow mod messages.
This adds support for specifying the bucket_id of buckets of groups in
ovs-ofctl and documents that accordingly.
ONF-JIRA: EXT-350
Signed-off-by: Simon Horman <simon.horman@netronome.com>
[blp@nicira.com tweaked the documentation]
Signed-off-by: Ben Pfaff <blp@nicira.com>
This patch enables a user to set importance for a new rule via add-flow
OF1.4+ in the OVS and display the same via dump-flows command OF1.4+.
The changes are made in accordance with OpenFlow 1.4 specs to implement
eviction on the basis of "importance". This patch also enhances the
diff-flows & replace-flows CLI for addition of importance parameter in
a rule.
This doesn't actually implement eviction on the basis of importance, which
will happen in a later patch.
Signed-off-by: Rishi Bamba <rishi.bamba@tcs.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
parse_ofp_group_mod_str() may limit the usable protocols according
to the group and in particular its actions. However, without this
change ovs-ofctl ignores this calculation.
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
This field allows a flow table to match on the output port currently in the
action set.
ONF-JIRA: EXT-233
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
To some extent this is cosmetic because ovs-ovfctl will immediately
exit. However, it does seem to be in keeping with freeing 'gms' in
ofctl_group_mod_file().
Found by inspection using make check-valgrind.
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
OpenFlow has priorities in the 16-bit unsigned range, from 0 to 65535.
In the classifier, it is sometimes useful to be able to have values below
and above this range. With the 'unsigned int' type used for priorities
until now, there were no values below the range, so some code worked
around it by converting priorities to 64-bit signed integers. This didn't
seem so great to me given that a plain 'int' also had the needed range.
This commit therefore changes the type used for priorities to int.
The interesting parts of this change are in pvector.h and classifier.c,
where one can see the elimination of the use of int64_t.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
This patch adds bash command-line completion script for ovs-appctl,
ovs-dpctl, ovs-ofctl and ovsdb-tool command. Right now, the script
can do the following:
- display available completion or complete on unfinished user input
(long option, subcommand, and argument).
- once the subcommand (e.g. ofproto/trace) has been given, the
script will print the subcommand format.
- the script can convert between keywords like 'bridge/port/interface/dp'
and the available record in ovsdb.
The limitations are:
- only support small set of important keywords
(dp, datapath, bridge, switch, port, interface, iface).
- does not support parsing of nested options
(e.g. ovsdb-tool create [db [schema]]).
- does not support expansion on repeatitive argument
(e.g. ovs-dpctl show [dp...]).
- only support matching on long options, and only in the format
(--option [arg], i.e. should not use --option=[arg]).
To use the script, either copy it inside /etc/bash_completion.d/
or manually run it via . ovs-command-compgen.bash.
Also, a unit testsuite is provided as ovs-command-compgen-test.bash.
It is suggested that this test script be run only inside
tutorial/sandbox directory.
For more info please refer to utilities/ovs-command-compgen.INSTALL.md.
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Every row in the database has a UUID, generated by the database server.
Rows in most tables also have a user-assigned name (e.g. a bridge or port
or interface name). The ovs-vsctl database commands (e.g. "set", "get",
"list", ...) accept both UUIDs and names, but until now if a command's
argument had the form of a UUID, then it had to be the database-assigned
UUID for a row; that is, ovs-vsctl did not check whether it was the name
of a row. This commit changes that: a UUID argument to a database command
is now first checked against database UUIDs then, if it is not a database
UUID, it is checked as the name of a row.
This is prompted by Windows integration with OpenStack, which uses UUIDs
as port names.
CC: Nithin Raju <nithin@vmware.com>
Requested-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Gurucharan Shetty <gshetty@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This commit adds a new variable in 'struct command' for
recording the command usage. Also, a new function is
added to print the usage given the array of defined
commands.
Later patch will use the output in bash command-line
completion script.
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
This commit implements the 'list-commands' command for ovs-dpctl
and ovs-appctl dpctl/* commands. The function will print the
usage string for each subcommand.
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Having 'ovs-appctl help' and 'ovs-appctl --help' print different
output is confusing. This commit renames the 'help' to 'list-commands'.
Also, future patches will add the 'list-commands' to other ovs-*
commands, and the output will be used by bash command-line completion
script.
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
This commit adds a function that prints (both long and short)
options of a ovs-* command. To use this function, option
'--option' is added to ovs-appctl/dpctl/ofctl and ovsdb-tool
commands. A future patch will use the option output to
conduct bash command-line completion.
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Converts the majority of docs over to use the Markdown language for
pretty printing on GitHub. It's a rough first convertion without
exploiting the full potential of Markdown at this point. Section
titles and indentation are fixed as needed. Minimal docs interlinking
is added.
Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Open vSwitch does not have native integration with Docker.
INSTALL.Docker explains how Open vSwitch can be integrated
with docker non-natively.
ovs-docker is a helper script to add network interfaces to
docker containers and to attach them as ports to OVS bridge.
This script can be further enhanced as we understand different
use cases.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
OpenFlow 1.2+ defines a means for vendors to define vendor-specific OXM
fields, called "experimenter OXM". These OXM fields are expressed with a
64-bit OXM header instead of the 32-bit header used for standard OXM (and
NXM). Until now, OVS has not implemented experimenter OXM, and indeed we
have had little need to do so because of a pair of special 32-bit OXM classes
grandfathered to OVS as part of the OpenFlow 1.2 standardization process.
However, I want to prototype a feature for OpenFlow 1.5 that uses an
experimenter OXM as part of the prototype, so to do this OVS needs to
support experimenter OXM. This commit adds that support.
Most of this commit is a fairly straightforward change: it extends the type
used for OXM/NXM from 32 to 64 bits and adds code to encode and decode the
longer headers when necessary. Some other changes are necessary because
experimenter OXMs have a funny idea of the division between "header" and
"body": the extra 32 bits for experimenter OXMs are counted as part of the body
rather than the header according to the OpenFlow standard (even though this
does not entirely make sense), so arithmetic in various places has to be
adjusted, which is the reason for the new functions nxm_experimenter_len(),
nxm_payload_len(), and nxm_header_len().
Another change that calls for explanation is the new function mf_nxm_header()
that has been split from mf_oxm_header(). This function is used in actions
where the space for an NXM or OXM header is fixed so that there is no room
for a 64-bit experimenter type. An upcoming commit will add new variations
of these actions that can support experimenter OXM.
Testing experimenter OXM is tricky because I do not know of any in
widespread use. Two ONF proposals use experimenter OXMs: EXT-256 and
EXT-233. EXT-256 is not suitable to implement for testing because its use
of experimenter OXM is wrong and will be changed. EXT-233 is not suitable
to implement for testing because it requires adding a new field to struct
flow and I am not yet convinced that that field and the feature that it
supports is worth having in Open vSwitch. Thus, this commit assigns an
experimenter OXM code point to an existing OVS field that is currently
restricted from use by controllers, "dp_hash", and uses that for testing.
Because controllers cannot use it, this leaves future versions of OVS free
to drop the support for the experimenter OXM for this field without causing
backward compatibility problems.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
OpenFlow 1.5 (draft) extends the OFPAT_SET_FIELD action originally
introduced in OpenFlow 1.2 so that it can set not just entire fields but
any subset of bits within a field as well. This commit adds support for
that feature when OpenFlow 1.5 is used.
With this feature, OFPAT_SET_FIELD becomes a superset of NXAST_REG_LOAD.
Thus, this commit merges the implementations of the two actions into a
single ofpact_set_field.
ONF-JIRA: EXT-314
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: YAMAMOTO Takashi <yamamoto@valinux.co.jp>
OVSDB has the concept of "immutable" columns, which are columns whose
values are fixed once a row is inserted. Until now, ovs-vsctl has not
allowed these columns to be modified at all. However, this is a little too
strict, because these columns can be set to any value at the time that the
row is inserted. This commit relaxes the ovs-vsctl requirement, then, to
allow an immutable column's value to be modified if its row has been
inserted within this transaction.
Requested-by: Mukesh Hira <mhira@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
The generic form doesn't work in "learn" actions.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Reported-by: Alex Wang <alexw@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>
It is add-groups rather than add-group that takes FILE as an argument.
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Commit 9ff33ca7 (ovs-pki: Use SHA-512 instead of MD5 as message
digest.) changes the message digest algorithm to SHA-512. This
seems to break the unit tests on some xenserver 5.6/6.0 builds
causing the error: "SSL_connect: error:0D0C50A1:asn1 encoding
routines:ASN1_item_verify:unknown message digest algorithm".
As a solution, this commit changes the message digest algorithm
to SHA-1 which works for both the above xenserver builds and
centos 7.
VMware-BZ: #1319116
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
This fixes numerous testsuite failures of the form "SSL_connect:
error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message
digest algorithm" on systems that disable MD5 in OpenSSL. Centos 7 is one
example. Presumably it increase security as well for anyone who generates
certificates based on a new configuration created by the new ovs-pki.
Reported-by: Robert Strickler <anomalyst@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
They have slightly different support characteristics, so it's nice to
easily switch between them for testing.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Acked-by: Daniele Di Proietto <ddiproietto@vmware.com>
They may or may not make a difference, but there's no reason not to
support passing them.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Acked-by: Daniele Di Proietto <ddiproietto@vmware.com>
To prevent warnings such as "Not all control paths return a value",
we should define NO_RETURN for MSVC.
Currently for gcc, we add NO_RETURN at the end of function declaration.
But for MSVC, "__declspec(noreturn)" is needed at the beginning of function
declaration. So this commit moves NO_RETURN to the beginning of the function
declaration as it works with gcc and clang too.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
--enable-dummy was useless anyway for ovsdb-server. Now it is an error to pass
it.
Signed-off-by: Daniele Di Proietto <ddiproietto@vmware.com>
Acked-by: Joe Stringer <joestringer@nicira.com>
MSVC complains about a void function returning a value if there is a
statement of the form - 'return foo()' even if foo() has a void return
type.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Ben Pfaff <blp@nicira.com>
This is the v5 from June 12th, 2014, rebased to OVS master, further
changes in following patches.
Signed-off by: Daniele Venturino <daniele.venturino@m3s.it>
Signed-off by: Martino Fornasa <mf@fornasa.it>
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Daniele Venturino <daniele.venturino@m3s.it>
Fixing issue where "resubmit" action in a group action set was not
considered sufficient to retain the full action set. This patch allows
a group action set (considered terminal with OF1.4 and earlier spec)
to have the "output" action come from a different table.
Signed-off-by: Srini Seetharaman <srini.seetharaman@gmail.com>
[blp@nicira.com added documentation]
Signed-off-by: Ben Pfaff <blp@nicira.com>
mininet uses the Open vSwitch controller by default, for testing.
CC: 757761@bugs.debian.org
Reported-at: https://bugs.debian.org/757761
Requested-by: Tomasz Buchert <tomasz.buchert@inria.fr>
Requested-by: Dariusz Dwornikowski <dariusz.dwornikowski@cs.put.poznan.pl>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>
Extend IPFIX exporter to export tunnel headers when both input and output
of the port.
Add three other_config options in IPFIX table: enable-input-sampling,
enable-output-sampling and enable-tunnel-sampling, to control whether
sampling tunnel info, on which direction (input or output).
Insert sampling action before output action and the output tunnel port
is sent to datapath in the sampling action.
Make datapath collect output tunnel info and send it back to userpace
in upcall message with a new additional optional attribute.
Add a tunnel ports map to make the tunnel port lookup faster in sampling
upcalls in IPFIX exporter. Make the IPFIX exporter generate IPFIX template
sets with enterprise elements for the tunnel info, save the tunnel info
in IPFIX cache entries, and send IPFIX DATA with tunnel info.
Add flowDirection element in IPFIX templates.
Signed-off-by: Wenyu Zhang <wenyuz@vmware.com>
Acked-by: Romain Lenglet <rlenglet@vmware.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Treating OFPACT_REG_MOVE as a "set" action preserves the order of loads
and moves and allows a load to overwrite a previous move to the same
register.
This makes the following work:
add-group br0 group_id=1234,type=all, \
bucket=output:10,move:NXM_NX_REG1[]->NXM_OF_IP_SRC[], \
bucket=output:11
add-flow br0 ip actions=load:0xffffffff->NXM_NX_REG1[],group:1234
Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
