| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
Commit d6b37e42 (datapath: Allow a packet with no input port to omit
ODP_KEY_ATTR_IN_PORT.) was a crossport from commit 18886b6 in the
"master" branch, but dropped a few lines. This causes a compiler
warning about an unused "done" label. This commit brings the two
patches in line.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
|
|
|
|
| |
Bug #5443.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The vport policy for OVS_VPORT_ATTR_PORT_NO and OVS_VPORT_ATTR_TYPE
are present only in the section for newer kernels. This means that
on older kernels the length of these attributes are never checked
anywhere but we go ahead and read from them anyways.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
|
|
|
|
|
| |
Reported-by: George Shuklin <amarao@desunote.ru>
Bug-report: http://bugs.debian.org/642206
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's possible to start receiving packets on a datapath as soon as
the internal device is created. It's therefore important that the
datapath be fully initialized before this, which it currently isn't.
In particular, the fact that dp->stats_percpu is not yet set is
potentially fatal. In addition, if allocation of the Netlink response
failed it would leak the percpu memory. This fixes both problems.
Found by code inspection, in practice the datapath is probably always
done initializing before someone can send a packet on it.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
|
|
|
|
|
|
|
|
|
|
| |
In a few places in queue_userspace_packets() when we encounter an
error, we don't actually set the 'err' variable. Although we
free the packets we don't correctly account for these packets as
being lost.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
|
|
|
|
| |
Reported-by: Philippe Jung <phil.jung@free.fr>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Until now, when a network device disappeared, netdev_changed_cb() passed
the name of the bridge that contained the network device to ovs-vsctl as
part of the "del-port" command. However, when the network device was
actually a "fake bridge", it would pass the name of the real bridge, which
ovs-vsctl rejected as wrong (expecting the name of the fake bridge) and
not remove the port.
This fixes the problem by dropping the bridge name, which is simpler than
trying to get the name of the fake bridge in this case.
Reported-by: Tyler Coumbes <coumbes@gmail.com>
Tested-by: Tyler Coumbes <coumbes@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
Currently, the OVS_CB(skb)->vport member is never initialized for
packets coming from userspace. This means that they can never be
sampled by sFlow and generally violates our principle that userspace
packets should be made to look the same as others.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Pravin Shelar <pshelar@nicira.com>
|
|
|
|
|
|
|
|
|
|
| |
ofproto-dpif assumed that the datapath initialized the tun_id of a
flow on egress, to its tun_id on ingress. For this reason, if
OpenFlow actions set the tun_id to a flow's ingress tun_id,
ofproto-dpif would fail to emit a set_tunnel action.
Reported-by: Igor Ganichev <iganichev@nicira.com>
Reported-by: Pankaj Thakkar <thakkar@nicira.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By registering an error-handler for the init script used
in openvswitch-switch.postinst and detecting if module insertion fails,
it is possible to avoid failure to install in the case where the
openvswitch_mod module is not available.
This is done without altering the behaviour that the start target
of the openvswitch-switch init script will fail if module insertion fails.
This patch also adds a friendly hint as as to why starting
openvswitch-switch has failed if it is due to failure to insert
the openvswtich_mod. This message is displayed as necessary both
on package install and other calls to the start target of the
init script.
[Ben Pfaff fixed up == to = in postinst]
|
|
|
|
|
|
|
|
|
|
| |
On Debian there is a need for the init scripts to die gracefully
if module insertion fails. In such a case it is desirable to print
some sort of informative message.
By adding the load-kmod sub-command to ovs-ctl init scripts
may try to load modules and take appropriate action on failure
or then try to start the daemons.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When ovs-vswitchd executes actions on a synthesized packet, that is, on a
packet that is not being forwarded from any particular port but is being
generated by ovs-vswitchd itself or by an OpenFlow controller (using a
OFPT_PACKET_OUT message with an in_port of OFPP_NONE), there is no good
choice for the in_port to pass to the kernel in the flow in the
ODP_PACKET_CMD_EXECUTE message. This commit allows ovs-vswitchd to omit
the in_port entirely in this case.
This fixes a bug in OFPT_PACKET_OUT: using an in_port of OFPP_NONE would
cause the packet to be dropped by the kernel, since that's an invalid
input port.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Reported-by: Aaron Rosen <arosen@clemson.edu>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When we execute a packet from userspace we first extract the header
fields from the packet and then add supplied metadata. However, we
compute the hash of the packet in between these two steps despite
the fact that the metadata can affect the hash. This can lead to
two separate hashes for packets of the same flow.
Found by code inspection, not an actual real-world problem.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
dh_pysupport that the packaging used until now is deprecated, with
dh_python2 as its successor.
This commit removes the PYTHONPATH setting from
debian/openvswitch-ipsec.init because it is not needed, as the Python
packaging is public. In fact, the Python packaging was public,
unintentionally, before, so the PYTHONPATH could have been removed earlier.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
As reported by lintian:
The maintainer script doesn't seem to set the -e flag which ensures
that the script's execution is aborted when any executed command
fails.
Refer to Debian Policy Manual section 10.4 (Scripts) for details.
|
|
|
|
|
|
|
|
| |
This resolves a warning reported as
"71: warning [p 11, 5.0i]: cannot adjust line"
Reported-by: Simon Horman <horms@verge.net.au>
Found by lintian.
|
|
|
|
|
|
|
|
|
| |
This adds what appears to be a missing character to an escape sequence.
This resolves a problem reported as
"a newline character is not allowed in an escape name".
Reported by lintian
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Suppress "warning: macro `DD' not defined" warning for ovs-brcompatd.8.
As per the description by Ben Pfaff for the same problem effecting
other files:
deamon.man allows the file that is including it to include extra
text in the description of --detach by defining a macro named DD.
Only some of the manpages that included it did this (only those
manpages that needed extra text there). But it's better to be
quiet in "man --warnings", so this defines DD to an empty value in
the other manpages that include daemon.man.
Reported by lintian
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add dependency on ${misc:Depends} to openvswitch-brcompat and ovsdbmonitor.
As reported by Lintian:
The source package uses debhelper, but it does not include
${misc:Depends} in the given binary package's debian/control entry.
Any debhelper command may add dependencies to ${misc:Depends} that
are required for the work that it does, so recommended best
practice is always add ${misc:Depends} to the dependencies of each
binary package if debhelper is in use.
Refer to the debhelper(7) manual page for details.
|
| |
|
|
|
|
|
|
| |
Commit fa066f015f716c7 "bridge: Move packet processing functionality into
ofproto" deleted the call to mac_learning_run() that deletes MAC learning
table entries when they expire. This fixes the problem.
|
|
|
|
|
|
| |
This patch fixes a bug introduced in Commit 43edca57 "nx-match: New
helpers.", which caused the "move" action to improperly handle bit
ranges.
|
|
|
|
| |
Reported-by: Ethan Jackson <ethan@nicira.com>
|
|
|
|
|
|
|
|
|
| |
This is just a typo introduced in commit 57483aeda (debian: Fix bug from
commit 211b05b5 "debian: Modernize use of dh_install.) that caused the
ovsdbmonitor package to install too many files.
Bug-report: http://bugs.debian.org/636815
Reported-by: Ralf Treinen <treinen@free.fr>
|
|
|
|
|
|
|
|
| |
The code and the specification say that nxm_length includes both value
and mask, but this example showed nxm_length only including the value.
This commit fixes it.
Reported-by: Justin Pettit <jpettit@nicira.com>
|
|
|
|
|
|
| |
Commit c821124b25e "ovs-ofctl: Accept only valid flow_mod and
flow_stats_request fields" caused actions read by read_flows_from_file()
to be ignored and treated as "drop". This fixes the problem.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, a NORMAL action bridge drops reserved-multicast-mac addresses;
01-80-c2-00-00-[f0:ff]. A node that does not implement STP should have an
option to forward such frames.
This commit proposes to have a configuration option to allow forwarding of
BPDU class frames. To ensure backward compatibility, this option is
disabled by default.
This config can be set using bridge's other-config column, for e.g
ovs-vsctl set bridge br0 other-config:forward-bpdu=true
Changing this option can revalidate all flows in a software-OVS
implementation (ofproto-dpif)
--------
unit tests:
------------
make config changes, test runtime behavior
-- test runtime behavior --
continuously send packets to br0 with dest-mac=01:80:c2:00:00:00
ovs-dpctl dump-flows br0
ovs-vsctl set bridge br0 other-config:forward-bpdu=true
ovs-dpctl dump-flows br0
ovs-vsctl set bridge br0 other-config:forward-bpdu=false
ovs-dpctl dump-flows br0
ovs-vsctl set bridge br0 other-config:forward-bpdu=true
ovs-dpctl dump-flows br0
ovs-vsctl remove bridge br0 other-config forward-bpdu=true
ovs-dpctl dump-flows br0
--result--
ovs-dpctl dump-flows br0
in_port(1),eth(src=00:0c:29:d1:39:42,dst=01:80:c2:00:00:00), packets:29550, bytes:1773000, used:0.004s, actions:drop
ovs-vsctl set bridge br0 other-config:forward-bpdu=true
ovs-dpctl dump-flows br0
in_port(1),eth(src=00:0c:29:d1:39:42,dst=01:80:c2:00:00:00), packets:8209, bytes:492540, used:0.000s, actions:2,0
ovs-vsctl set bridge br0 other-config:forward-bpdu=false
ovs-dpctl dump-flows br0
in_port(1),eth(src=00:0c:29:d1:39:42,dst=01:80:c2:00:00:00), packets:19, bytes:1140, used:0.000s, actions:drop
ovs-vsctl set bridge br0 other-config:forward-bpdu=true
ovs-dpctl dump-flows br0
in_port(1),eth(src=00:0c:29:d1:39:42,dst=01:80:c2:00:00:00), packets:29, bytes:1740, used:0.000s, actions:2,0
ovs-vsctl remove bridge br0 other-config forward-bpdu=true
ovs-dpctl dump-flows br0
in_port(1),eth(src=00:0c:29:d1:39:42,dst=01:80:c2:00:00:00), packets:0, bytes:0, used:never, actions:drop
Bug #6624
Reported-by: Niklas Andersson <nandersson@nicira.com>
|
|
|
|
|
|
|
|
| |
It would be better to use ovs-ctl from this script, but until now this is
an adequate solution.
Reported-by: Jibesh Patra
Bug-report: https://bugs.launchpad.net/bugs/822142
|
|
|
|
|
|
|
|
| |
Virtual ports such as GRE tunnels don't exist until after the port is
added to the datapath, so without this change adding such a port yields
a warning like the following:
netdev|WARN|failed to retrieve MTU for network device gre0: No such device
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
vswitchd/INTERNALS explains the incompatibility:
2. When Open vSwitch forwards a multicast or broadcast packet to a
link in the SLB bond other than the active slave, the remote
switch will forward it to all of the other links in the SLB
bond, including the active slave. Without special handling,
this would mean that Open vSwitch would forward a second copy of
the packet to each switch port (other than the bond), including
the port that originated the packet.
Open vSwitch deals with this case by dropping packets received
on any SLB bonded link that have a source MAC+VLAN that has been
learned on any other port. (This means that SLB as implemented
in Open vSwitch relies critically on MAC learning. Notably, SLB
is incompatible with the "flood_vlans" feature.)
We could go farther than this and automatically change the bonding mode to
a safer one (e.g. active-backup) when flood_vlans are enabled. However,
that would still leave the SLB fallback for LACP modes in place; perhaps
active-backup would have to be the fallback for LACP modes when flood_vlans
are enabled.
|
|
|
|
|
|
|
| |
This commit makes several library headers suitable for inclusion in C++.
It adds [extern "C"] guards and makes minor changes to fix casting and
keyword issues.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
in_band_destroy() doesn't remove all of the rules that in-band control
adds (and it cannot, because that might require waiting for an existing
asynchronous flow modification or addition to complete), so turning on
other-config:disable-in-band or deleting all of the OpenFlow controllers
did not delete all of the in-band rules.
This commit fixes the problem by making the in-band control object hang
around until all of the flows that it set up have actually been deleted.
This problem was introduced as part of commit 7ee20df "ofproto: Implement
asynchronous OFPT_FLOW_MOD commands."
Reported-by: Brad Hall <brad@nicira.com>
|
|
|
|
|
|
|
|
| |
This timer used to exist because it was possible for in-band remote IP
addresses to change without any intentional configuration change in one
case: where controller discovery found a new controller. Controller
discovery was removed long ago, but the reason for the timer had been
forgotten and so remained. This commit removes it.
|
| |
|
| |
|
|
|
|
|
|
|
| |
Users should be able to find out what a log level means without reading
source code comments, so this seems like a better place for it.
Reported-by: David Tsai <dtsai@nicira.com>
|
|
|
|
|
|
|
| |
Until now, "emer" has effectively been "off" because no messages were ever
logged at "emer" level. Justin points out that it is useful to use "emer"
for messages that indicate a fatal error. This commit makes that change
and adds a new "off" level to really turn off all logging to a facility.
|
|
|
|
| |
Reported-by: Brad Hall <brad@nicira.com>
|
|
|
|
|
|
|
|
|
| |
flex_arrays didn't exist at all until 2.6.30, weren't exported to modules
until 2.6.38, and performed poorly until 3.0, so this backports the
functionality to older kernels.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On new kernels kzalloc() is simply a wrapper around kmalloc with
the addition of the __GFP_ZERO flag. flex_arrays take advantage
of this by expecting the user to just pass in this flag if they
want the memory to be zeroed. However, before 2.6.23, kzalloc()
was a function in its own right and kmalloc really didn't like
receiving __GFP_ZERO. This overrides kmalloc() to intercept the
flags and direct the call to the right function.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
|
|
|
|
|
|
|
|
| |
The reciprocal division library did not exist until 2.6.20 and is
not currently exported in any version, so this backports it.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
|
|
|
|
| |
I've found this makes debugging a bit easier.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow setting the number of flows present in the flow hash
at which point eviction of entries from the kernel flow hash
will begin to occur.
The value may be set using a bridge's other-config column.
e.g.
ovs-vsctl set bridge br3 other-config:flow-eviction-threshold=10000
default is 1000, reflecting constant value previously used.
Increasing this value can result in reduced CPU usage and
packet loss in situations where the number of active flows
is significantly larger than 1000.
|
|
|
|
|
|
|
|
| |
ODP_ACTION_ATTR_CONTROLLER in the kernel actually sends packets to
userspace, not the controller. To make it generic rename this action
to ODP_ACTION_ATTR_USERSPACE.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
|