This commit fixes a bug where the i-sid/vlan mapping structures associated with
an lldp-enabled port were not being freed during general port cleanup.
Signed-off-by: Dennis Flynn <drflynn@avaya.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Markdown was not formatted correctly and, as a result,
was displaying incorrectly on github.
Signed-off-by: Mark D. Gray <mark.d.gray@intel.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
MSVC 2013 does not like designated initializers when
structs are initialized inside structs.
Apparently it has been fixed in MSVC 2015.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
With this commit, the VTEP emulator detects the datapath_type of the
bridge used as a "physical" switch, and creates subsequent bridges
with the same type. This allows ovs-vtep to work with the userspace
datapath.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Gurucharan Shetty <gshetty@nicira.com>
This makes life easier for testing at the point you start to separate your
environment into multiple machines.
Also work on the manpage a little.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>
This allows XML-generated manpages in the source tree to include correct
directory names for the local configuration, instead of just the plain
nroff ones.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>
Until now there have been two variants for --enable-dummy:
* --enable-dummy: This adds support for "dummy" dpif and netdev.
* --enable-dummy=override: In addition, this replaces *every* existing
dpif and netdev by the dummy type.
The latter is useful for testing but it defeats the possibility of using
the userspace native tunneling implementation (because all the tunnel
netdevs get replaced by dummy netdevs). Thus, this commit adds a third
variant:
* --enable-dummy=system: This replaces the "system" dpif and netdev
by dummies but leaves the others untouched.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>
Otherwise, if netdev_unregister_provider() is called before any other
netdev function, netdev_class_mutex is not initialized and the attempt to
lock it aborts.
This doesn't fix an existing bug but with the following commit
--enable-dummy=system will make netdev_unregister_provider() the first
netdev function to be called.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>
When --enable-dummy=system or --enable-dummy=override is in use, dpifs
other than "dummy" are actually dummy dpifs, so use a more reliable test.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>
I found this invaluable for debugging native tunnels over dummy devices.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>
This allow the reports to have additional useful information. An upcoming
commit will take advantage of this.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>
This is the only missing piece to make native tunneling work with dummy
devices for testing purposes.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>
Until now, compose_arp() has only been able to compose ARP requests. This
extends it to composing general ARP packets, in particular replies.
An upcoming commit will make use of this capability.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>
This conforms with the interface described in netdev-provider.h.
Found when experimenting with native tunneling and dummy devices.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>
When the filter detach routine is called while there are packets
still in processing, the OvsUninitSwitchContext function call will
decrement the switch context reference count without releasing the
switch context structure. This behaviour is correct and expected,
but the BSOD is caused in this case because the gOvsSwitchContext
variable is set to NULL, which is wrong.
The gOvsSwitchContext global variable must be set to NULL only when
the switch context structure is actually released.
Signed-off-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-at: https://github.com/openvswitch/ovs-issues/issues/80
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
The keys in the Chassis table's "gateway_ports" column report the same
information as the Gateway table's "attached_port" column, so this commit
removes the latter.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>
It appears that miniflow_extract() in emc_processing() spends a lot of
cycles waiting for the packet's data to be read.
Prefetching the next packet's data while parsing removes this delay.
For a single flow pipeline the throughput improves by ~10%. With a
more realistic pipeline the change has a much smaller effect (~0.5%
improvement)
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
Abort openvswitch startup script if ovsdb startup fails for
some reason. This helps in getting the system startup to NOT hang
indefinitely, as was seen in a recent report when ovsdb failed with
"I/O error: /etc/openvswitch/conf.db: failed to lock lockfile
(Resource temporarily unavailable)" and system remained in hung state
forever, unless manually rebooted from console.
Signed-off-by: Sabyasachi Sengupta <sabyasachi.sengupta@alcatel-lucent.com>
[blp@nicira.com changed an 'if' statement to '||']
Signed-off-by: Ben Pfaff <blp@nicira.com>
The git repository for the neutron plugin has been renamed to reflect
that it is now officially part of the OpenStack Neutron project. The
repo now lives in the "openstack" namespace.
Also remove the link to the todo file as those are now just tracked in
the networking-ovn bug tracker (launchpad bugs).
Signed-off-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This patch creates a new subpackage for OVN, openvswitch-ovn. It also
installs systemd unit files for ovn-controller and ovn-northd.
If you want to run ovn-controller:
# systemctl start ovn-controller
If you want to run ovn-northd:
# systemctl start ovn-northd
Both systemd units are currently set to depend on openvswitch. If
further ovsdb initialization is required for the OVN databases before
ovn-northd can start, that will be handled automatically by ovn-ctl
when you start the ovn-northd service.
This currently assumes that ovn-northd runs on the same host as
ovsdb-server that is hosting the OVN databases. That seems like a
reasonable assumption in the current architecture and can be evolved
later when needed.
Signed-off-by: Russell Bryant <rbryant@redhat.com>
CC: Flavio Leitner <fbl@redhat.com>
CC: Ben Pfaff <blp@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This patch introduces ovn-ctl, which is similar to ovs-ctl. I opted
for a new script as everything in OVN so far is nicely isolated, so a
new script seemed to make the most sense.
If you'd like to run ovn-controller on a host already running ovs:
# ovn-ctl start_controller
If you'd like to run ovn-northd:
# ovn-ctl start_northd
Note that ovn-ctl assumes that ovn-northd is running on the same
server as ovsdb-server hosting the OVN databases. Based on the
current architecture this seems like a completely reasonable
assumption. This can be improved later when needed.
There's some additional stuff happening in start_northd to make the
experience nicer and not require additional steps by the
administrator. It creates the OVN dbs if they don't exist. If
ovsdb-server hasn't loaded them, it tells it to load them, as well.
ovn-ctl also supports running everything on the same host. This would
be common in a test environment with a single host or small set of
hosts. That would simply be:
# ovs-ctl start --system-id=random
# ovn-ctl start_northd
# ovn-ctl start_controller
Signed-off-by: Russell Bryant <rbryant@redhat.com>
CC: Flavio Leitner <fbl@redhat.com>
CC: Ben Pfaff <blp@nicira.com>
[blp@nicira.com added configure.ac code to create ovn/utilities builddir]
Signed-off-by: Ben Pfaff <blp@nicira.com>
This patch adds support for a new port type to the userspace
datapath called dpdkvhostuser.
A new dpdkvhostuser port will create a unix domain socket which
when provided to QEMU is used to facilitate communication between
the virtio-net device on the VM and the OVS port on the host.
vhost-cuse ('dpdkvhost') ports are still available as 'dpdkvhostcuse'
ports and will be enabled if vhost-cuse support is detected in the
DPDK build specified during compilation of the switch. Otherwise,
vhost-user ports are enabled.
Signed-off-by: Ciara Loftus <ciara.loftus@intel.com>
Acked-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
OVSDB is transactional but it does not have built-in protection from dirty
reads. To avoid those, it's necessary to manually add verification to
transactions to ensure that any data reads whose values were essential to
later writes have not changed. ovn-controller didn't do that for
the "ports" column in the Bridge table, which means that if the set of
ports changed when it didn't expect it, it could revert changes made by
other database clients.
In particular this showed up in a scale test, where ovn-controller would
delete "vif" ports added via ovs-vsctl.
(It's easy to see exactly what happened by looking in the database log
with "ovsdb-tool -mm show-log".)
Reported-by: Russell Bryant <rbryant@redhat.com>
Reported-at: http://openvswitch.org/pipermail/dev/2015-June/056326.html
Signed-off-by: Ben Pfaff <blp@nicira.com>
This allows OVN to take advantage of the client scalability changes
that have been committed to ovsdb-server on master recently.
Conflicts:
Makefile.am
lib/learn.c
Add support for port mods in an OpenFlow 1.4 bundle, as required for
the minimum support level by the OpenFlow 1.4 specification. If the
bundle includes port mods, it may not specify the OFPBF_ATOMIC flag.
Port mods and flow mods in a bundle are always applied in order and
the consecutive flow mods between port mods are made available to
lookups atomically.
Note that ovs-ofctl does not support creating bundles with port mods.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
The final flow stats are available only after there are no references
to the rule. Postpone sending the flow removed message until the
final stats are available.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
After all, there are some cases in which both the insertion version
and removal version of a rule need to be considered. This makes the
cls_match a bit bigger, but makes classifier versioning much simpler
to understand.
Also, avoid using type larger than int in an enum, as it is not
portable C.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
A comment referred to a "Usage" section but the section was named "Use".
This fixes the problem (also a grammar error).
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>
Postponed 'next' member poisoning was based on the faulty assumption
that postponed functions would be called in the order they were
postponed. This assumption holds only for the functions postponed by
any single thread. When functions are postponed by different
threads, there are no guarantees of the order in which the functions
may be called, or timing between those calls after the next grace
period has passed.
Given this, the postponed poisoning could have executed after
postponed destruction of the object containing the rculist element.
This bug was revealed after the memory leaks on rule deletion were
recently fixed.
This patch removes the postponed 'next' member poisoning and adds
documentation describing the ordering limitations in OVS RCU.
Alex Wang dug out the root cause of the resulting crashes, thanks!
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>
add_port_to_cache() uses 'cache_name' as the shash node name for
shash_add(). So, the del_cached_port() must also pass 'cache_name'
as argument for shash_find_and_delete().
This bug does not cause any issue currently but should be fixed.
Signed-off-by: Alex Wang <alexw@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>
Handling evictions was broken in the previous patches. Eviction took
place early in the commit, and actually inappropriately bumped the
version number too early. Now eviction is treated much like a flow
modification, where a new rule replaces the old one, but just without
any 'inheritance' from the evicted rule to the new rule. This makes
evictions to be executed only when commit is successful, as evictions
are reverted like any other changes when the commit fails.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Classifier's rule count now contains temporary duplicates and rules
whose deletion has been deferred. Maintain a new 'n_flows' count in
struct oftable to as the count of rules in the latest version.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Each rule is now added or deleted in a specific tables version. Flow
tables are versioned with a monotonically increasing 64-bit integer,
where positive values are valid version numbers.
Rule modifications are implemented as an insertion of a new rule and a
deletion of the old rule, both taking place in the same tables
version. Since concurrent lookups may use different versions, both
the old and new rule must be available for lookups at the same time.
The ofproto provider interface is changed to accomodate the above. As
rule's actions need not be modified any more, we no longer need
'rule_premodify_actions', nor 'rule_modify_actions'. 'rule_insert'
now takes a pointer to the old rule and adds a flag that tells whether
the old stats should be forwarded to the new rule or not (this
replaces the 'reset_counters' flag of the now removed
'rule_modify_actions').
Versioning all flow table changes has the side effect of making
learned flows visible for future lookups only. I.e., the upcall that
executes the learn action, will not see the newly learned action in
it's classifier lookups. Only upcalls that start executing after the
new flow was added will match on it.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
The traversal of the list of identical rules from the lookup threads
is fragile if the list head is removed during the list traversal.
This patch simplifies the implementation of that list by making the
list NULL terminated, singly linked RCU-protected list. By having the
NULL at the end there is no longer a possiblity of missing the point
when the list wraps around. This is significant when there can be
multiple elements with the same priority in the list.
This change also decreases the size of the struct cls_match back
pre-'visibility' attribute size.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
We formerly converted tunnel attributes to their flow representation
before formatting but now perform all operations directly on the
netlink attributes.
There is one remaining use of odp_tun_key_from_attr() that is not
used for the purposes of generating a flow. This is to check the
mask but this no longer makes sense given the way that we format
the flow itself. In fact, the code is not actually invoked any
more, so we can simply remove it.
This retains the special case for tunnels as a safety measure but it
should not matter in practice.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
We've had this question a couple of times so we might as well document it.
Requested-by: Saurabh Shrivastava (सौरभ श्रीवास्तव) <saurabh@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This change include an initial implementable of STT.
The following should be added:
[1] Checksum offload (SW and HW)
[2] LSO (SW and HW)
[3] IP layer WFP callout for IP segments
Added support for multiple (per TCP port) STT ports
Testing: link layer connection through ping works. File transfer.
Signed-off-by: Eitan Eliahu <eliahue@vmware.com>
Co-authored-by: Saurabh Shah <ssaurabh@vmware.com>
Signed-off-by: Saurabh Shah <ssaurabh@vmware.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
OvsCreateNewNBLsFromMultipleNBs function failed to correctly complete the
original NBL with multiple NBs after creating multiple NBLs with single
NB.
Signed-off-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Acked-by: Eitan Eliahu <eliahue@vmware.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Ignoring the result of this function means that the caller is quite likely
blindly using the character array passed in, instead of the return value,
which leads to latent bugs.
This would have prevented one of the bugs fixed by commit "tunneling: Fix a
tunnel name display bug".
CC: Andy Zhou <azhou@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>
This patch allows classifier rules to become visible and invisible in
specific versions. A 'version' is defined as a positive monotonically
increasing integer, which never wraps around.
The new 'visibility' attribute replaces the prior 'to_be_removed' and
'visible' attributes.
When versioning is not used, the 'version' parameter should be passed
as 'CLS_MIN_VERSION' when creating rules, and 'CLS_MAX_VERSION' when
looking up flows.
This feature enables the support for atomic OpenFlow bundles without
significant performance penalty on 64-bit systems. There is a
performance decrease in 32-bit systems due to 64-bit atomics used.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
All existing ovs-ofctl flow mod commands now take an optional
'--bundle' argument, which executes the flow mods as a single
transaction. OpenFlow 1.4+ is implicitly assumed when '--bundle' is
specified.
ovs-ofctl 'add-flow' and 'add-flows' commands now accept flow
specifications that start with an optional 'add', 'modify', 'delete',
'modify_strict', or 'delete_strict' keyword, so that arbitrary flow
table modifications may be specified. For backwards compatibility, a
missing keyword is treated as an 'add'. With the new '--bundle'
option all the modifications are executed as a single transaction
using an OpenFlow 1.4 bundle.
OpenFlow 1.4 requires bundles to support at least flow and port mods.
This implementation does not yet support port mods in bundles.
Another restriction is that the atomic transactions are not yet
supported.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Weirdest things can bother you at night when you try to sleep ;-)
Now we have function triples such as add_flow_begin(),
add_flow_finish(), and add_flow_revert(), where a modification is
started in *_begin(), which can fail, and when successful can be
either made permanent with *_finish(), or cancelled with *_revert().
Linguistically it should be either "begin/end" or "start/finish", not
"begin/finish". "begin/end" has some C++ STL baggage, so let's go
with "start/finish". IMO "revert" rhymes with it, too.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Setting CFLAGS by hand before invoking dpkg-buildflags is ineffective,
because dpkg-buildflags overrides it.
Reported-by: Andrey Korolyov <andrey@xdel.ru>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Debian likes to enable -Wformat-zero-length, even over our code trying to
disable it. It isn't too hard to make our code warning-free against this
option, so this commit both stops disabling it and fixes the warnings.
The first fix is to change set_subprogram_name() to take a plain string
instead of a format string, and to adjust its few callers. This fixes one
warning since one of those callers passed in an empty string.
The second fix is to remove a test for ovs_scan() against an empty string.
I couldn't find a way to avoid a warning for this test, and it isn't too
valuable in any case.
This allows us to drop filtering for -Wformat from the Debian rules file,
so this commit removes it.
Signed-off-by: Ben Pfaff <blp@nicira.com>
This function doesn't need to be exported in the public OVS headers, and
it had an inconsistent name compared to uuid_equals(). Rename and move.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Unique flow identifiers are really a UUID of sorts, so it makes sense to
reuse the UUID string representations for UFID.
Suggested-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
