Define a new NXAST_SAMPLE OpenFlow vendor action and the corresponding
OFPACT_SAMPLE OVS action, to do per-flow packet sampling, translated
into a new SAMPLE "flow_sample" dp action.
Make the userspace action's userdata size vary depending on the union
member used. Add a new "flow_sample" upcall to do per-flow packet
sampling. Add a new "ipfix" upcall to do per-bridge packet sampling
to IPFIX collectors.
Extend the OVSDB schema to support configuring IPFIX collector sets.
Add support for configuring multiple IPFIX collectors for per-flow
packet sampling. Add support for configuring per-bridge IPFIX
sampling.
Automatically generate standard IPFIX entity definitions from the IANA
specs. Send one IPFIX data record message for every packet sampled by
an OpenFlow sample action or received by a bridge configured with
IPFIX sampling, and periodically send IPFIX template set messages.
Signed-off-by: Romain Lenglet <rlenglet@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
The following two commands results in a ovs-vsctl segfault.
ovs-vsctl -vfatal_signal:off --timeout=0 wait-until \
Open_vswitch . external_ids:blah="1"
/etc/init.d/openvswitch-switch restart
This patch fixes the segfault by properly setting the global
varibale, the_idl_txn to NULL when the underlying memory is
freed.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Until now, ovs-ctl has started ovsdb-server with the full set of remote
managers configured. This means that ovsdb-server immediately connects to
these managers, before ovs-vswitchd even starts. Because the Open vSwitch
schema has several ephemeral columns, there will be considerable startup
churn in the database. For example, ovs-vswitchd will initially fill in
the datapath-id and ofport columns as it starts and sets up the initial
configuration. This churn wastes bandwidth to the remote managers and has
potential for confusing them.
This commit reduces the churn by changing ovs-ctl so that ovsdb-server
connects to the remote managers only after ovs-vswitchd has finished its
initial configuration. This means that remote managers will initially
see a filled-in database, not one that has its ephemeral columns empty.
This commit does not mean that managers can ignore the possibility that
some columns have not yet been filled in. For example, some columns will
still be briefly blank after a new bridge or a new port is added at
runtime, because adding a bridge or port occurs in one transaction (made by
the client adding the port, e.g. ovs-vsctl) and filling in those columns
happens in a different transaction (made by ovs-vswitchd). But this commit
does reduce the quantity of empty columns that I would expect a database
client to observe in practice.
Reported-by: Jeff Merrick <jmerrick@vmware.com>
CC: Amar Padmanabhan <amar@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ansis Atteka <aatteka@nicira.com>
Bug #15983.
Running the OVS daemons with strace option enabled
will block if we pipe the output. We use tee
to log the output of ovs-ctl to ovs-ctl.log
This patch disables the startup script logging when we run the
OVS daemons with the strace option.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Currently, when we stop a daemon, we first send it SIGTERM.
If SIGTERM did not work within ~5 seconds, we send a SIGKILL.
After sending SIGKILL, we wait only for 4 seconds, before giving
up.
If the system is extremely busy, there is a chance that a
process is not killed by the kernel within 4 seconds. In such
a case, when we try to start the daemon immediately, we see that
the pid inside the pid-file is valid and assume that the daemon
is still running. This leaves us in a state, where the daemon is
actually not running.
This patch increases the time waiting for the kernel to kill the
process to 60 seconds.
Bug #15404.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
With single datapath, 'ovs-dpctl dump-flows ' dumps datapath flows for
all the userspace bridges in a system. It can get a little harder
to figure out the datapath flows belonging to a particular userspace
bridge.
This patch adds the 'ovs-appctl dpif/show' and 'ovs-appctl dpif/dump-flows'
output for each userspace bridge. This gives us a summary of configured
datapaths and all datapath flow entries for each bridge separately.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Currently we list all the rules only from the 'filter' table.
Include the rules from all the other tables too.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
This patch adds two new scripts that run "ovs-ofctl show" and
"ovs-ofctl dump-flows" on each bridge.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
With single datapath, making ovs-ofctl calls on ovs-system
does not give the necessary o/p. This patch removes those calls.
The next patch adds the correct commands to bugtool plugin scripts.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Until now, ovs-vsctl has kept trying to the database server until it
succeeded or the timeout expired (if one was specified with --timeout).
This meant that if ovsdb-server wasn't running, then ovs-vsctl would hang.
The result was that almost every ovs-vsctl invocation in scripts specified
a timeout on the off-chance that the database server might not be running.
But it's difficult to choose a good timeout. A timeout that is too short
can cause spurious failures. A timeout that is too long causes long delays
if the server really isn't running.
This commit should alleviate this problem. It changes ovs-vsctl's behavior
so that, if it fails to connect to the server, it exits unsuccessfully.
This makes --timeout obsolete for the purpose of avoiding a hang if the
database server isn't running. (--timeout is still useful to avoid a hang
if ovsdb-server is running but ovs-vswitchd is not, for ovs-vsctl commands
that modify the database. --no-wait also avoids that issue.)
Bug #2393.
Bug #15594.
Reported-by: Jeff Merrick <jmerrick@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
ovs-ctl.log will include the o/p of ovs-ctl when
run from rhel, debian and xenserver startup scripts.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
We use ovs-ctl from startup scripts to start, stop, restart,
force-reload-kmod OVS daemons. ovs-ctl gives quite a descriptive
o/p while running the above commands. But the o/p goes to stdout.
Sometimes, this output is quite useful to debug issues.
With this patch, we store the o/p of ovs-ctl when called from
startup scripts in /var/log/openvswitch/ovs-ctl.log
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Currently we set a soft limit while defining the maximum size of
core files. If there is already a hard limit set that is lesser
than the soft limit we are setting, it will fail.
Since our startup scripts start with root permissions, it looks
fine to set the hard limit directly instead.
Reported-by: Dan Wendlandt <dan@nicira.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
The Push action takes a single parameter. Any source allowed by NXAST_REG_MOVE
is allowed to be pushed onto the stack. When the source is a bit field,
its value will be right shifted to bit zero before being pushed onto the
stack. The remaining bits will be set to zero.
The Pop action also takes a single parameter. Any destination allowed by
NXAST_REG_MOVE can be used as the destination of the action. The value, in
case of a bit field, will be taken from top of the stack, starting from
bit zero.
The stack size is not limited. The initial 8KB is statically allocated to
efficiently handle most common use cases. When more stack space is
required, the stack can grow using malloc().
Signed-off-by: Andy Zhou <azhou@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This adds support for the OpenFlow 1.1+ set_mpls_ttl action.
And also adds an NX set_mpls_ttl action.
The handling of the TTL modification is entirely handled in userspace.
Reviewed-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This adds support for the OpenFlow 1.1+ dec_mpls_ttl action.
And also adds an NX dec_mpls_ttl action.
The handling of the TTL modification is entirely handled in userspace.
Reviewed-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
When we upgrade from pre-1.9 to 1.10 or later branches, when just
the user space daemons are restarted, with the older kernel module
intact, datapaths are recreated.
This results in loosing the internal interface states like ip addresses,
routing table entries etc. Also, the 'ofport' value of the older interfaces
change.
With this patch we restore the interface states, ofport values etc,
when "ovs-ctl restart" or "/etc/init.d/openvswitch[-switch] restart
--save-flows" is called. The later command is automatically called
when debian packages are installed.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Previously, we would null the variables holding the names of the restore
scripts in case there were any errors in creating the restore script or if
we did not need to run a particular restore script. That is not necessary,
as we can just check the execution permission set on those scirpts.
Also, carve out a couple of functions which will be used in the next commit.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
A new option "--log-days" recently added lets us to control the
number of rotated logs included in the debug bundle. This option
only works on log files defined inside the ovs-bugtool code.
This patch lets us to do the same with logs collected through plugins.
The example format inside a plugin is:
<files type="logs">
/var/log/one
</files>
This will collect one, one.[1-x], one.[1-x].gz. Where 'x' is 20
by default and can be controlled by the option '--log-days' passed
to ovs-bugtool.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Current ovs-bugtool collects command outputs as text strings.
Thus it reads the output by lines. For commands that generate
huge binary data, it becomes very inefficient to read the output.
The change here is to use a 1MB buffer to read binary data
instead of reading them by lines.
Signed-off-by: Shih-Hao Li <shihli@vmware.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
There is some code that is unused and some commands whose
output we probably don't need to debug openvswitch issues.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
In my tests, I see that creating a tar.gz takes a lot less
time than creating a tar.bz2. The difference in compressed
size of the debug bundle is not much different when either
of the above is used. So, use tar.gz as the default debug
bundle type.
Test results in my setup:
For an uncompressed debug bundle size of 250MB(95% of it is log files),
bz2 takes 50 seconds whereas gz takes 8 seconds. xz took 90 seconds.
gz, bz2 and xz compressed the debug bundle into 144M, 139M and 131M
respectively.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
There can be a few hundred virtual interfaces in a hypervisor.
Some of the ethtool commands that we currently run on these devices
probably does not provide any extra information. So remove them
for tap and vif interfaces.
Also bump up the size limitation for CAP_NETWORK_STATUS. The
current value is quite low and a 50 MB limit pre-compression
does not add much to the overall size.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
A big reason for a large debug bundle size is the size of log
files. By default we collect 20 rotated logs for each logfile.
Most of the times we collect the debug bundle as soon as we
hit a bug. In such cases, we know that we need only one day's
worth of logs.
This patch adds an option, '--log-days' to ovs-bugtool wherein
we can specify how many days worth of rotated logs do we need
as part of the debug bundle.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Currently we have a 50 MB size limitation for all logs. This looks
quite less because a single uncompressed log can be 50 MB which
will result in ovs-bugtool picking a single log.
While debugging issues related to openvswitch, it is important that
we have all logs related to openvswitch atleast. This patch provides
a new capability for openvswitch logs with no size limitation. This
should not be a problem since compression reduces the size of the logs
quite a bit.
Also increase the size limitation for the regular system logs to 200 MB.
A future commit adds an option '--log-days' to control the number of logs
that we collect.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
While upgrading from openvswitch1.10, we need not restore ofports
across force-reload-kmod.
This patch fixes a bug wherein 'force-reload-kmod' command
tried to execute an empty script that did not have '+x' in
file permissions.
Bug #15067
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
This patch increases the certificate validity to 100 years
for certificate authorities, the certificates that they certify
and for self signed certificates.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
The autopath action was attempting to achieve functionality similar
to the bundle action, but was significantly clunkier, more
difficult to understand, more difficult to use, and less reliable.
This patch removes it.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
This patch implements use-space datapath and non-datapath code
to match and use the datapath API set out in Leo Alterman's patch
"user-space datapath: Add basic MPLS support to kernel".
The resulting MPLS implementation supports:
* Pushing a single MPLS label
* Poping a single MPLS label
* Modifying an MPLS lable using set-field or load actions
that act on the label value, tc and bos bit.
* There is no support for manipulating the TTL
this is considered future work.
The single-level push pop limitation is implemented by processing
push, pop and set-field/load actions in order and discarding information
that would require multiple levels of push/pop to be supported.
e.g.
push,push -> the first push is discarded
pop,pop -> the first pop is discarded
This patch is based heavily on work by Ravi K.
Cc: Ravi K <rkerur@gmail.com>
Reviewed-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
The IS_POW2 macro is meant for use in contexts where a function call is not
allowed.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
rconn_add_monitor() tries to check the version of the controller
connection being monitored, so that it can decide what OpenFlow version to
tell the monitor connection to negotiate. But at any given time an rconn
may not have a controller connection (e.g. during backoff), so rc->vconn
may be null and thus vconn_get_version(rc->vconn) dereferences a null
pointer.
Fixing the problem in a local way would require the rconn to remember the
previous version negotiated, and that fails if the rconn hasn't yet
connected or if the next connection negotiates a new version.
This commit instead adds the ability to a vconn to accept any OpenFlow
message version and modifies "ovs-ofctl snoop" to use that feature, thus
removing the need to negotiate the "correct" version on snoops.
Bug #14265.
Reported-by: Pratap Reddy <preddy@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
All of the paths in open_vconn__(), except the one path that calls
vconn_open() directly, just start the connection and do not block until
it completes. This changes the remaining path to work the same way.
This will be important in an upcoming commit when in some cases we need to
take an action between opening and connecting.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
This is a straight search-and-replace, except that I also removed #include
<assert.h> from each file where there were no assert calls left.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
If we want to upgrade from pre-1.10 branch to 1.10 or later
and restore flows across force-reload-kmod, we need to maintain
the value of ofport.
To do this, we fetch the value of ofport before the upgrade and use
it to populate the column 'ofport_request' after ovsdb is upgraded.
We need to do this before vswitchd is restarted as vswitchd
needs the ofport_request column populated before it starts.
Issue #13556
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
This patch adds a helper command: save-ofports. The command
will o/p a shell script that will set the 'ofport_request' column
of the interface table with the value of the corresponding ofport.
This command takes a list of bridges as input and will be used by
a future commit to restore the ofport value across force-reload-kmod.
This command is only useful while trying to upgrade from a pre-1.10
branch to 1.10 or a later branch.
Issue #13556
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
A few ovs-vsctl commands have accepted --if-exists options for some time,
to make it possible to execute them in cases where it doesn't really
matter if the records they touch exist. This commit adds this option to
other commands.
This is intended for initial use with "ovs-vsctl set interface <iface>
ofport_request=<number>" commands in ovs-ctl for upgrades from OVS 1.9
to later versions.
This makes a very small incompatible change to the ovs-vsctl "get"
command: previously with --if-exists, only keys in map columns were
allowed to be missing; now with --if-eixsts, also records are allowed
to be missing.
CC: Gurucharan Shetty <gshetty@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Currently we use "*" or ANY to mark a field in flow syntax
as a wildcard. With ANY being a valid openflow port now,
there is a conflict for in_port field. So at the least, we
need to remove ANY from being considered as a wildcard for
in_port. But this may cause general confusion and it may be
a better idea to remove 'ANY' as a wildcard for all fields.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
This patch fixes regressions in the dist and distclean targets, and in
the Debian build process, that were introduced by commit d2cb6c956b
(manpages: Put version number instead of date at bottom of page.).
Signed-off-by: Saul St. John <sstjohn@cs.wisc.edu>
Signed-off-by: Ben Pfaff <blp@nicira.com>
The customary parameter order in Open vSwitch is to put input parameters
before output parameters, but vconn_open() and pvconn_open() had the 'dscp'
input parameter at the end, which bugged me a bit. Also,
vconn_open_block() didn't take a 'dscp' parameter at all even though it's
otherwise a wrapper around vconn_open(). This commit fixes all that up.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
We're really good about keeping manpages up to date, but terrible at
updating the dates at the bottom of the manpages. So, instead of using
manually updated dates, this commit switches to using automatically updated
version numbers.
We can only use automatically updated version numbers for manpages that
we preprocess, that is, the manpages whose sources end with ".in". This
excludes a couple of manpages that don't actually get installed with OVS,
such as the manpages for ovs-ctl and ovsdb-idlc. This commit doesn't
change those manpages. It does change the ovs-bugtool manpage to one that
is preprocessed so that we can use the version there.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
I've always intended ovs-ofctl to work with any OpenFlow switch, not just
with Open vSwitch. This explicitly documents that intention.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
Currently brcompat does not work on master due to recent
datapath changes. We have decided to remove it as it is
not used very widely.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
