The DSCP_INVALID flag allowed callers to prevent socket-util from
modify the DSCP bits of newly created sockets. However, the two
really important callers (implementations of the controller and
manager tables) never used it. Furthermore, the other callers
would be fine always setting the DSCP bits to zero. This patch
removes the DSCP_INVALID option in an effort to simplify the code.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
If socket-util failed to modify the dscp bits of an active
connection, it would fail to close the file descriptor potentially
causing a leak. Found by inspection.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
The changes allow the user to specify a separate dscp value for the
controller connection and the manager connection. The value will take
effect on resetting the connections. If no value is specified a default
value of 192 is chosen for each of the connections.
Feature #10074
Requested-by: Rajiv Ramanathan <rramanathan@nicira.com>
Signed-off-by: Mehak Mahajan <mmahajan@nicira.com>
The error handling path here failed to clean up bound sockets, by removing
them. This fixes the problem.
It was easy to observe this bug by running "ovs-vsctl" without
"ovsdb-server" running.
Bug #9811.
Bug #9769.
Reported-by: Michael <mhu@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
The "listen" system call doesn't work and isn't necessary for UDP, but
inet_open_passive() would still try to call it (and fail).
This doesn't fix a real bug because the two existing callers both use
inet_open_passive() to listen for TCP connections.
Signed-off-by: Ben Pfaff <blp@nicira.com>
The comment on this function says that negative values indicate errors, and
the callers assume that too, but in fact it was returning positive errno
values, which are indistinguishable from valid fd numbers.
It really seems to me that this should have been found pretty quickly in
the field, since stream-tcp and stream-ssl both use inet_open_passive to
implement their passive listeners. I'm surprised that no one has reported
it.
This patch fixes the following compiler warning:
lib/socket-util.c:621:5: error: comparison is always false due to
limited range of data type [-Werror=type-limits]
I looked at almost every uint<N>_t in the tree to determine whether it was
really in network byte order, and converted the ones that were.
The only remaining ones, modulo my mistakes, are in openflow.h. I'm not
sure whether we should convert those, because there might be some value
in remaining close to upstream for this header.
Until now, when the poll_loop module's log level was turned up to "debug",
it would log a backtrace of the call stack for the event that caused poll()
to wake up in poll_block(). This was pretty useful from time to time to
find out why ovs-vswitchd was using more CPU than expected, because we
could find out what was causing it to wake up.
But there were some issues. One is simply that the backtrace was printed
as a series of hexadecimal numbers, so GDB or another debugger was needed
to translate it into human-readable format. Compiler optimizations meant
that even the human-readable backtrace wasn't, in my experience, as helpful
as it could have been. And, of course, one needed to have the binary to
interpret the backtrace. When the backtrace couldn't be interpreted or
wasn't meaningful, there was essentially nothing to fall back on.
This commit changes the way that "debug" logging for poll_block() wakeups
works. Instead of logging a backtrace, it logs the source code file name
and line number of the call to a poll_loop function, using __FILE__ and
__LINE__. This is by itself much more meaningful than a sequence of
hexadecimal numbers, since no additional interpretation is necessary. It
can be useful even if the Open vSwitch version is only approximately known.
In addition to the file and line, this commit adds, for wakeups caused by
file descriptors, information about the file descriptor itself: what kind
of file it is (regular file, directory, socket, etc.), the name of the file
(on Linux only), and the local and remote endpoints for socket file
descriptors.
Here are a few examples of the new output format:
932-ms timeout at ../ofproto/in-band.c:507
[POLLIN] on fd 20 (192.168.0.20:35388<->192.168.0.3:6633) at ../lib/stream-fd.c:149
[POLLIN] on fd 7 (FIFO pipe:[48049]) at ../lib/fatal-signal.c:168
Under Linux, at least, bind and fchmod interact for Unix sockets in a way
that surprised me. Calling fchmod() on a Unix socket successfully sets the
permissions for the socket's own inode. But that has no effect on any
inode that has already been created in the file system by bind(), because
that inode is not the same as the one for the Unix socket itself.
However, if you bind() *after* calling fchmod(), then the bind() takes the
permissions for the new inode from the Unix socket inode, which has the
desired effect.
This also adds a more portable fallback for non-Linux systems.
Reported-by: YAMAMOTO Takashi <yamamoto@valinux.co.jp>
Static analyzers hate strncpy(). This new function shares its property of
initializing an entire buffer, without its nasty habit of failing to
null-terminate long strings.
Coverity #10697,10696,10695,10694,10693,10692,10691,10690.
Provides ability to match over IPv6 traffic in the same manner as IPv4.
Currently, the matching fields include:
- IPv6 source and destination addresses (ipv6_src and ipv6_dst)
- Traffic Class (nw_tos)
- Next Header (nw_proto)
- ICMPv6 Type and Code (icmp_type and icmp_code)
- TCP and UDP Ports over IPv6 (tp_src and tp_dst)
When defining IPv6 rules, the Nicira Extensible Match (NXM) extension to
OVS must be used.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Many Open vSwitch tests fail on Debian's automatic build machines because
the builds occur in deeply nested directories with long names. OVS tries
to bind and connect to Unix domain sockets using absolute path names, which
in combination with long directory names means that the socket's name
exceeds the limit for Unix domain socket names (108 bytes on Linux).
This commit works around the problem on Linux by indirecting through
/proc/self/fd/<dirfd>/<basename> when names exceed the maximum that can be
used directly.
Reported-by: Hector Oron <hector.oron@gmail.com>
Reported-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Reported-by: Roger Leigh <rleigh@codelibre.net>
Debian bug #602891.
Debian bug #602911.
Adding a macro to define the vlog module in use adds a level of
indirection, which makes it easier to change how the vlog module must be
defined. A followup commit needs to do that, so getting these widespread
changes out of the way first should make that commit easier to review.
The test-vconn program binds a socket to a nonspecific port number. To
add SSL support to this program, it needs to be able to use SSL, and the
stream library is the easiest way to do that. But the stream library
can't bind to a nonspecific port. This commit adds that feature, by adding
it to the function that the stream SSL library uses as a building block.
make_unix_socket() can return EAGAIN in rare circumstances, e.g. when the
server's socket listen queue is full. A lot of OVS callers interpret
EAGAIN as a "try again" error code, but in this case it means that the
attempt to create the socket failed. So munge EAGAIN into another error
code to prevent that misinterpretation.
The tcp_open_active() and tcp_open_passive() functions don't really have
any strong dependencies on TCP. With a couple of simple changes they
can be used for UDP also. Since this is useful for Netflow, this commit
does so.
Until now, tcp_open_active() and tcp_open_passive() have only been used
in situations where there is a reasonable default port, e.g. OFP_TCP_PORT.
But for NetFlow there is no universal default, so enhance these functions
so that they can require the user to specify a port explicitly.
Crossported from the 'db' branch, where this is useful for JSON-RPC, which
also has no widely known port.
Until now, setting a netflow collector to a DNS name would cause
secchan to attempt to resolve that DNS name each time that the set of
netflow collectors is re-set. For the vswitch, this is every time that
the vswitch reconfigures itself.
Unfortunately, DNS lookup within secchan cannot work as currently
implemented, because it needs both an asynchronous DNS resolver library
and in-band control updates. Currently we have neither. Attempting to
look up DNS anyway just hangs.
This commit disables DNS lookup entirely, and updates the documentation to
change user expectations. DNS still won't work, but at least it won't
hang.
Bug #1609.
The TCP and SSL vconn implementations had a lot of common code to make
and accept TCP connections, which this commit factors out into common
functions in socket-util.c.
Also adds the ability to bind ptcp and pssl vconns to a particular IP
address instead of the wildcard address.
