Adjust formatting in ovs-ofctl manpage so that apply_actions, clear_actions
write_metadata and goto_table appear at the same level of indentation as
actions rather being indented as if they are arguments to the learn action.
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This doesn't include a dpif implementation of groups functionality. In its
current form, it is untested.
Signed-off-by: Neil Zhu <zhuj@centecnetworks.com>
Co-authored-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Co-authored-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Simon Horman <horms@verge.net.au>
Co-authored-by: Jarno Rajahalme <jrajahalme@nicira.com>
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Keep track of usable protocols while parsing actions and matches,
rather than checking for them afterwards. This fixes silently discarded
meter and goto table instructions when not explicitly specifying the
protocol to use.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
The OFPFF_* flags used in flow_mods are just confusing enough that it
seems worthwhile to try to abstract them out. In particular:
* OFPFF_EMERG was introduced in OF1.0, deleted in OF1.1, and then
its bit was reused for a different purpose in OF1.2.
* OFPFF_RESET_COUNTS was introduced in OF1.2 but the semantics that it
specifies are implied by "add" commands in earlier versions, so
proper translation requires the OpenFlow version number and flow_mod
command.
This commit does the abstraction.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
Implement a per-exporter flow cache with active timeout expiration.
Add columns "cache_active_timeout" and "cache_max_flows" into table
"IPFIX" to configure each cache.
Add per-flow elements "octetDeltaSumOfSquares",
"minimumIpTotalLength", and "maximumIpTotalLength" to replace
"ethernetTotalLength". Add per-flow element "flowEndReason" to
indicate whether a flow has expired because of an active timeout, the
cache size limit being reached, or the exporter being stopped.
Signed-off-by: Romain Lenglet <rlenglet@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
The Linux kernel datapath enables matching and setting the skb mark
but this functionality is currently used only internally by
ovs-vswitchd. This exposes it through NXM to enable external
controllers to interact with other kernel subsystems. Although this
is simply exporting the skb mark, the intention is that this is a
platform independent mechanism to access some system metadata and
therefore may have different implementations on various systems.
Bug #17855
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>
Avoids these warnings from groff:
<standard input>:1037: warning [p 14, 6.0i]: cannot adjust line
<standard input>:1037: warning [p 14, 6.2i]: can't break line
Found by lintian.
Signed-off-by: Ben Pfaff <blp@nicira.com>
The previously defined config files were never included in
the debug bundle. This will include them.
Also increase the max size for CAP_NETWORK_CONFIG to 5 MB.
A pre-compressed size of 5 MB does not amount to much after
compression for config files.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Currently the openvswitch database is being collected with
CAP_NETWORK_CONFIG which has a max size of 50 KB. This is
quite low as the database can easily be larger than 50 KB.
Move database collection to CAP_NETWORK_STATUS which does
not have a max size. If database size exceeds 10 MB, create
a compacted version of it and then collect it.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
When verbose mode tuned on, all dp flow fields described by the netlink
attributes are displayed, including fully wildcarded attributes.
Otherwise, the fully wildcarded attributes are omitted for brevity.
Added -m option to "ovs-dpctl dump-flows" to enable verbose mode. It is
off by default.
Signed-off-by: Andy Zhou <azhou@nicira.com>
[blp@nicira.com added documentation]
Signed-off-by: Ben Pfaff <blp@nicira.com>
Both -Wall and -Wextra are handled by autoconf, so there's no longer a
need for ovs-dev.py to pass them through CFLAGS.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Current situation is that CAP_NETWORK_STATUS has a max size of 50 MB.
When we have around 100,000 openflow flows, we over-run that size
by just running the "ovs-ofctl dump-flows" command. All the openvswitch
commands run through the plugin scripts in this repo won't have its
data stored in the debug bundle in this case as they are part of
CAP_NETWORK_STATUS too. One option to correct this is to increase
the CAP_NETWORK_STATUS max size to a higher number. But CAP_NETWORK_STATUS
also includes a bunch of general network related information collected
by running commands like ethtool, tc etc. and we probably want to limit
the data collected through those commands.
With this commit, we create a new capability called CAP_NETWORK_INFO
and collect general network related information through them. For OVS
related information, we continue to use CAP_NETWORK_STATUS, but remove
the maximum size restriction. One rationale to keep OVS related
information in CAP_NETWORK_STATUS is because xen-bugtool probably expects
OVS information in that capability.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
ovs-appctl bond/show is being run through the plugin by
calling the script ovs-bugtool-bond-show.
So remove the redundant code.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
This commit fixes the warning issued by 'clang' when pointer is casted
to one with greater alignment.
Signed-off-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This change includes the output of ovs-appctl bfd/show to
ovs-bugtool output.
Signed-off-by: Pavithra Ramesh <paramesh@vmware.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Testing shows that creation of 5000 internal ports and using it
to do some meaningful tasks works fine on a 12 cpu hardware.
Since a single port needs one file descriptor and a bridge
needs 3 file descriptors, we will have to increase the file
descriptor limit to a higher number from the current limit of 5000.
7500 feels like a decent increase with enough room for further
scale testing.
Bug #18383.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Commit 89f3c258fe (ovs-vsctl: Improve error message for "ovs-vsctl del-port
<bridge>".) changed the behavior of
ovs-vsctl --if-exists del-port <bridge>
from a silent no-op to a hard failure. This commit fixes this regression.
This caused problems on XenServer, for which the Open vSwitch integration
runs commands like:
/usr/bin/ovs-vsctl --timeout=20 \
-- --with-iface --if-exists del-port xapi103 \
-- --if-exists del-br xapi103
Bug #18276.
Reported-by: Michael Hu <mhu@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
ovs-dev.py is a script I've written to help perform common tasks
necessary for developing Open vSwitch. It allows a developer to
configure, build, and run the switch with a minimum of effort or
knowledge of the various idiosyncrasies involved.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Until now, failure to parse a flow in the ofp-parse module has caused the
program to abort immediately with a fatal error. This makes it hard to
use these functions from any long-lived program. This commit fixes the
problem.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Usually the table id in flow mods is 255, which means that goto table
instruction cannot be checked before the table is picked (for flow add),
or the rules to be modified are found (flow mod).
Move goto table checking from decode (ofp-util) to actions checking
(ofp-actions), and postpone the action checking until the table in
which the actions are added is known.
This fixes OFPBRC_BAD_TABLE_ID errors for flow adds that specify the table
id as 255, and have a goto table instruction.
Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
OpenFlow 1.2 standardized experimenter error codes in a way different from
the Nicira extension. This commit implements the OpenFlow 1.2+ version.
This commit also makes it easy to add error codes for new experimenter IDs
by adding new *_VENDOR_ID definitions to openflow-common.h.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Until now, datapath ports and openflow ports were both represented by
unsigned integers of various sizes. With implicit conversions, etc., it is
easy to mix them up and use one where the other is expected. This commit
creates two typedefs, ofp_port_t and odp_port_t. Both of these two types
are marked by "__attribute__((bitwise))" so that sparse can be used to
detect any misuse.
Signed-off-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Added support to allow mega flow specified and displayed. ovs-dpctl tool
is mainly used as debugging tool.
This patch also implements the low level user space routines to send
and receive mega flow netlink messages. Those netlink suppor
routines are required for forthcoming user space mega flow patches.
Added a unit test to test parsing and display of mega flows.
Ethan contributed the ovs-dpctl mega flow output function.
Co-authored-by: Ethan Jackson <ethan@nicira.com>
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Previously, commands like this:
ovs-vsctl add-br br0
ovs-vsctl del-port br0
yielded an error message like:
no port named br0
which is confusing. This commit improves the error message to:
cannot delete port br0 because it is the local port for bridge br0
(deleting this port requires deleting the entire bridge)
Bug #17994.
Reported-by: Reid Price <reid@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
The underlying glibc interface is deprecated because the interface itself
is not thread-safe. That means that there's no way for a layer on top of
it to be thread-safe.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
The ethertype should always be updated on mpls_pop
as there may be a transition between MPLS unicast (0x8847) and
MPLS multicast (0x8848).
Ben Pfaff tells me that this is consistent with the
behaviour described in EXT-194 of the JIRA bug tracker.
Signed-off-by: Simon Horman <horms+renesas@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Found a bug that OVS allows goto_table_id to be smaller than (or equal to)
the current table id where the flow resides. It potentially creates an
infinite loop when composing actions for a packet. To fix it, we just let
OVS returns an error message to prevent such flow to be programmed.
Signed-off-by: Jing Ai <jinga@google.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
It has been observed that when we upgrade openvswitch with
thousands of openflow flows already established and there is heavy
traffic going through the switch, restoring flows can take a very
long time (8 minutes in one use case) with CPU running at 100%.
This can make the upgrade very expensive.
This commit starts vswitchd by asking it to wait till flow restore is
finished. Once the flows are restored, it resumes normal operations.
Bug #16086.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Currently we are adding the manager after starting ovs-vswitchd.
Instead, add the manager after flow restore is completed.
Bug #16086.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
This gets rid of the only per-instance data in "struct netdev", which
will make it possible to merge "struct netdev_dev" into "struct netdev" in
a later commit.
Ed Maste wrote the netdev-bsd changes in this commit.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Co-authored-by: Ed Maste <emaste@freebsd.org>
Signed-off-by: Ed Maste <emaste@freebsd.org>
Tested-by: Ed Maste <emaste@freebsd.org>
Adds tun_src and tun_dst match and set capabilities via new NXM fields
NXM_NX_TUN_IPV4_SRC and NXM_NX_TUN_IPV4_DST. This allows management of
large number of tunnels via the flow tables, without requiring the tunnels
to be pre-configured.
Flow-based tunnels can be configured with options remote_ip=flow and
local_ip=flow. local_ip=flow requires remote_ip=flow. When set, the
tunnel remote IP address and/or local IP address is set from the flow,
instead of the tunnel configuration.
Example:
$ ovs-vsctl add-port br0 gre -- set Interface gre ofport_request=1 type=gre options:remote_ip=flow options:key=flow
$ ovs-ofctl add-flow br0 "in_port=LOCAL actions=set_tunnel:1,set_field:192.168.0.1->tun_dst,output:1"
$ ovs-ofctl add-flow br0 "in_port=1 tun_src=192.168.0.1 tun_id=1 actions=LOCAL"
Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
strftime() returns 0 and leaves the contents of the output buffer
unspecified if the output buffer is not big enough. Thus, one should
check strftime()'s return value. Until now, OVS has had a few invocations
of strftime() that did not check the return value. This commit fixes
those. I believe that the buffers were always large enough in each case,
but it's better to be safe.
Reported-by: Andy Zhou <azhou@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Before I applied this commit, when I generated CA certificate with OpenSSL
0.9.8o on my 32-bit Debian system, I got a certificate that expired
sometime in 1977. This made all SSL-based tests fail with an invalid
certificate.
32-bit time_t only extends to 2038, so this must be a bug in OpenSSL.
This commit works around the problem by reducing the validity period of
certificates to 10 years.
CC: Gurucharan Shetty <gshetty@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Otherwise the command will time out after a while when there's no traffic,
which probably isn't what we want.
Reported-by: Henry Mai <hmai@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
Reducing non-const static data makes code more obviously thread-safe.
Although option parsing does not normally need to be thread-safe, I
don't know of a drawback to making its data const.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Add fflush() to the 'rate' command of 'ovs-benchmark'. On a tty console
the output is line-buffered. However, piped output by default has a
deeper (usually 4KB) buffer, the output won't appear to the other end of
the pipe until this buffer is full.
This patch makes the piped output of the 'rate' command's consistent
with tty console output.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Currently, when we upgrade openvswitch packages, we do a restart
of userspace daemons automatically. This does not replace the
kernel module.
But almost everytime, we want to use the new kernel module
that comes with the new version. This means that we need to
manually do a "force-reload-kmod". This step, reloads the
kernel module and also restarts the userspace daemons. This gives
us a total of two restarts of userspace daemons. This is quite
expensive in a hypervisor with hundreds of VMs sending real traffic.
This also hurts the controller as it gets two reconnections in a short
amount of time.
With this patch, during a package upgrade, if the kernel module
on disk is different than the one that is loaded, we will
automatically do a force-reload-kmod while openvswitch-switch
is installed. If not, we will just do a "restart" like before.
One can install the kernel package first and then install the userspace
packages in 2 separate steps to enforce a single 'force-reload-kmod'.
If anyone wants to just restart the userspace package instead of
force-reload-kmod, they can set the value of OVS_FORCE_RELOAD_KMOD=no
while installing the package.
Ex: OVS_FORCE_RELOAD_KMOD=no dpkg -i openvswitch-switch*
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
