This lets the central controller to push
its certificate to the OVN controllers.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
In OVN, ovsdb-server is the daemon that manages the databases
and can be called as the central controller. So it would be
nice for ovsdb-server to be able to push its self-signed
certificate to all the other nodes where ovn-controller runs.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
When ovs-sandbox is run with ovn enabled, create the vtep database and
run ovn-controller-vtep. This lets you do some basic testing with
ovn-controller-vtep. For example:
$ make sandbox SANDBOXFLAGS="--ovn"
$ vtep-ctl add-ps ps0
After those commands, you can see that ovn-controller-vtep added a
Chassis row to OVN_Southbound for the physical switch.
Signed-off-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
'man ovs-vsctl' mentions that ovs-vsctl can bootstrap itself
by getting the certificate from the server. But the option
was never parsed in the code.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Whenever we write into a tunnel option field, we also need to mark
it as significant. If we don't, then the data will later be ignored.
We currently do this in every case except for flow metadata. This causes
us to not correctly serialize the tunnel metadata for Packet Ins to the
controller.
Rather than separately writing the data and marking the options as present,
it is better to combine the two steps to ensure that one can never be
done without the other.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
The HMAP_FOR_EACH_()* macros had a usability issue where the iterator
was only NULL at the completion of iteration if the hmap_node was the
first struct member. This change ensures that the iterator is set to
NULL when iteration ends normally without a 'break'.
Signed-off-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Add a benchmark command for classifier lookup performance testing.
Running the test-classifier without arguments of with "--help" will
print the following usage:
usage: ovstest test-classifier benchmark <n_rules> <n_priorities> <n_subtables> <n_threads> <n_lookups>
where:
<n_rules> - The number of rules to install for lookups. More rules
makes misses less likely.
<n_priorities> - How many different priorities to use. Using only 1
priority will force lookups to continue through all
subtables.
<n_subtables> - Number of subtables to use. Normally a classifier has
rules with different kinds of masks, resulting in
multiple subtables (one per mask). However, in some
special cases a table may consist of only one kind of
rules, so there will be only one subtable.
<n_threads> - How many lookup threads to use. Using one thread should
give less variance accross runs, but classifier
scaling can be tested with multiple threads.
<n_lookups> - How many lookups each thread should perform.
For testing the classifier is filled with <n_rules> rules using
<n_subtables> different mask patterns and <n_priorities> different
priorities. A random set of lookup flows are created, and <n_threads>
lookup threads are spawned to perform <n_lookups> lookups each. The
count of hits and misses, as well as the overall execution time is
reported.
Example run:
$ tests/ovstest test-classifier benchmark 1000 1 30 1 3800000
Benchmarking with:
1000 rules with 1 priorities in 30 tables, 1 threads doing 3800000 lookups each
Without wildcards:
hits: 461520, misses: 3338480
classifier lookups: 386 ms, 9844559 lookups/sec
With wildcards:
hits: 461520, misses: 3338480
classifier lookups: 866 ms, 4387990 lookups/sec
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Some older distros might not define _rundir yet so in this case the RPM
build breaks. This patch defines it to Fedora's default.
Signed-off-by: Flavio Leitner <fbl@redhat.com>
Acked-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
When called with --delete-bridges saved flows cannot be restored as the
bridges to which they belong no longer exist. This results in the following
error messages on restart.
ovs-ofctl: br0 is not a bridge or a socket
Restoring saved flows ... failed!
Although there is no effect of this error other than the message
it seems worth avoiding. This patch does so by skipping saving of flows
when --delete-bridges is in effect.
As flows are no longer saved when --delete-bridges is in effect
a side-effect of this change is that restart may be faster when
there are many flows.
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
The wildcard bits were set when they should have been cleared.
Found by inspection.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Actually copy the 'nd_target' from the key.
Found by inspection.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
GRE64 was introduced to extend gre key from 32-bit to 64-bit using
gre-key and sequence number field. But GRE64 is not standard
protocol. There are not many users of this protocol. Therefore we
have decided to remove it.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
OpenFlow 1.5 says:
If the group-mod request specifies more than one bucket for a group of
type Indirect, the switch must refuse to add the group entry and must
send an ofp_error_msg with OFPET_GROUP_MOD_FAILED type and
OFPGMFC_INVALID_GROUP code.
Older versions don't specify a particular error for this case, so we might
as well use it for older OpenFlow also.
Found by OFTest.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Using casts, IMO, makes it harder to spot what's actually going on.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>
This test is skipped if the 'ip' command cannot interpret the vxlan 'dstport'
option; this is used as a proxy for detecting native kernel support for this
tunnel type.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Depending on the kernel in use, manually removing a bridge during
OVS_VSWITCHD_STOP can cause the kernel to send a route update that
refers to the bridge device which is being deleted. OVS can't make sense
of these messages, resulting in logs like the following:
route_table|DBG|Could not find interface name[702]: No such device or
address
netlink_notifier|WARN|received bad netlink message
One such example kernel is the Ubuntu 3.16.0-33-generic linux package.
The bridge doesn't need to be explicitly removed, as the OVSDB
configuration for each test will be cleared before executing the next.
Drop this extra step.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
This patch splits ADD_BR into two commands, so they can be used from
different contexts:
ADD_BR(...) is a standalone command to add a bridge to OVS, and allows
additional ovs-vsctl arguments to be passed. It uses _ADD_BR().
_ADD_BR(...) is the implementation-specific ovs-vsctl arguments to
set up the correct datapath type for userspace or kmod tests.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Rather than saving all of the ping output to a file then checking at the
end, check each ping and fail as soon as there is a connectivity
failure.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
This allows arbitrary commands to be passed into the NS_EXEC macro to be
executed within a namespace, including commands that have quotes and
commands chained together.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
The static result of default_db() was malloc'd but not freed before
exit. Make the static result global and free it before exit.
Signed-off-by: Russell Bryant <rbryant@redhat.com>
Acked-by: Alex Wang <alexw@nicira.com>
Otherwise, binding_cleanup() will be a no-op since all related chassis
entries are deleted in gateway_cleanup().
Found by inspection.
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>
A unit test for ovn-northd was hanging because ovn-northd
running on Windows failed to detach. The detach function
for Windows is implemented inside "service_start()".
Also handle Windows services.
Reported-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>
openvswitch modifies the L4 checksum of a packet when modifying
the ip address. When an IP packet is fragmented only the first
fragment contains an L4 header and checksum. Prior to this change
openvswitch would modify all fragments, modifying application data
in non-first fragments, causing checksum failures in the
reassembled packet.
Signed-off-by: Glenn Griffin <ggriffin.kernel@gmail.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream: 3576fd794b3 ("openvswitch: Fix L4 checksum handling when
dealing with IP fragments").
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Some architectures like POWER can have a NUMA node_possible_map that
contains sparse entries. This causes memory corruption with openvswitch
since it allocates flow_cache with a multiple of num_possible_nodes() and
assumes the node variable returned by for_each_node will index into
flow->stats[node].
Use nr_node_ids to allocate a maximal sparse array instead of
num_possible_nodes().
The crash was noticed after 3af229f2 was applied as it changed the
node_possible_map to match node_online_map on boot.
Fixes: 3af229f2071f5b5cb31664be6109561fbe19c861
Signed-off-by: Chris J Arges <chris.j.arges@canonical.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Nishanth Aravamudan <nacc@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream: bac541e4631 ("openvswitch: allocate nr_node_ids flow_stats
instead of num_possible_nodes")
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Currently, openvswitch tries to disable LRO from the user space. This does
not work correctly when the device added is a vlan interface, though.
Instead of dealing with possibly complex stacked cross name space relations
in the user space, do the same as bridging does and call dev_disable_lro in
the kernel.
Signed-off-by: Jiri Benc <jbenc@redhat.com>
Acked-by: Flavio Leitner <fbl@redhat.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream: 640b2b107c ("openvswitch: disable LRO").
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
The 'ovs-vtep' simulator is not ported to Windows. So, for now,
just skip all tests in ovn-controller-vtep.at when running in
Windows.
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Gurucharan Shetty <gshetty@nicira.com>
This commit adds the binding module to ovn-controller-vtep. The
module will scan through the Port_Binding table in ovnsb. If there is
a port binding entry for a logical switch on the vtep gateway chassis's
"vtep_logical_switches", sets the port binding's chassis column to the
vtep gateway chassis.
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>
When testing the recreation of 'chassis' table entry by 'ovn-controller-
vtep'. The removal of 'chassis' table entry by the 'ovn-sbctl' could
cause 'Broken pipe' warning in ovsdb-server.log. This is due to the
race between 'ovn-sbctl' exiting and 'ovn-controller-vtep' adding
the chassis back. So, if the 'ovn-sbctl' exits right when the
ovsdb-server tries to send update of readd of the deleted 'chassis',
the sending will fail with 'Broken pipe' error.
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>
The test waits until grep no vlan '200' from the VTEP 'vlan_binding'
column. However, string '200' could also appear in other 'vlan_binding'
entry's uuid value. Instead, we should grep for '200='.
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>
This patch adds the following to OVN %files:
/usr/bin/ovn-controller-vtep
/usr/bin/ovn-sbctl
/usr/share/man/man8/ovn-controller-vtep.8.gz
/usr/share/man/man8/ovn-sbctl.8.gz
Signed-off-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>
There is a miss-match between the handling of invalid ICMPv6 fields in the
implementations of parse_icmpv6() in user-space and in the kernel datapath.
This patch addresses that by modifying the user-space implementation to
match that of the kernel datapath; processing is terminated without
rather than with an error and partial information is cleared.
With these changes the user-space implementation of parse_icmpv6()
never returns an error. Accordingly the return type and caller have been
updated.
The original motivation for this is to allow matching the ICMPv6 type and
code of packets with invalid neighbour discovery options although only the
change around the '(!opt_len || opt_len > *sizep)' conditional is necessary
to achieve that goal.
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
There are certain use cases (such as bond rebalancing) where a
datapath flow's actions may change, while it's wildcard pattern
remains the same. Before this patch, revalidators would note the
change, delete the flow, and wait for the handlers to install an
updated version. This is inefficient, as many packets could get
punted to userspace before the new flow is finally installed.
To improve the situation, this patch implements in place modification
of datapath flows. If the revalidators detect the only change to a
given ukey is its actions, instead of deleting it, it does a put with
the MODIFY flag set.
Signed-off-by: Ethan J. Jackson <ethan@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Future patches will need to modify ukey actions in some instances.
This patch makes this possible by protecting them with RCU. It also
adds thread safety checks to enforce the new protection mechanism.
Signed-off-by: Ethan J. Jackson <ethan@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
'cmd_show_table'.
Sometimes, it is desirable to print the table with weak reference to
the table specified in 'struct cmd_show_table'. For example the
Port_Binding table rows in OVN_Southbound database that refer to the
same Chassis table row can be printed under the same chassis entry
in 'ovn-sbctl show' output.
To achieve it, this commit adds a new struct in 'struct cmd_show_table'
that allows users to print a table with weak reference to 'table'
specified in 'struct cmd_show_table'. The 'ovn-sbctl' which now prints
the Port_Binding entries with Chassis table, is the first user of this
new feature.
Requested-by: Justin Pettit <jpettit@nicira.com>
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>
This will be useful in a future commit.
It also introduces #define's for logical stages instead of in-place
constants.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>
mf_value has grown bigger than needed for storing the biggest
supported prefix (IPv6 address length). Define a new type to be used
instead of mf_value.
This makes classifier lookups a bit faster.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>
I frequently view the contents of the Logical_Flow table while working
on OVN. Add a command that can output the contents of this table in a
sorted way that makes it easier to read through. It's sorted by
logical datapath, pipeline, table id, priority, and match.
Signed-off-by: Russell Bryant <rbryant@redhat.com>
Acked-by: Alex Wang <alexw@nicira.com>
minimask_hash() can be simplified as each value is known to be non-zero.
Move miniflow_hash() into test-classifier.c as miniflow_hash__() as it
is no longer needed elsewhere.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>
GCC (4.7) sees too wide shifts when there are none, refactor to
circumvent the false error.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>
This was renamed. Surprisingly, the tests still pass without this,
however the extra checks that this command performs were not executed.
Fix the macro definition.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
This commit adds the gateway module to ovn-controller-vtep. The
module will register the physical switches to ovnsb as chassis and
constantly update the "vtep_logical_switches" column in Chassis table.
Limitation (Recorded in TODO file):
- Do not support reading multiple tunnel ips of physical switch.
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Russell Bryant <rbryant@redhat.com>
