| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream commit:
commit c6b2aafffc6934be72d96855c9a1d88970597fbc
Author: Jarno Rajahalme <jarno@ovn.org>
Date: Mon Aug 1 19:08:29 2016 -0700
openvswitch: Remove incorrect WARN_ONCE().
ovs_ct_find_existing() issues a warning if an existing conntrack entry
classified as IP_CT_NEW is found, with the premise that this should
not happen. However, a newly confirmed, non-expected conntrack entry
remains IP_CT_NEW as long as no reply direction traffic is seen. This
has resulted into somewhat confusing kernel log messages. This patch
removes this check and warning.
Fixes: 289f2253 ("openvswitch: Find existing conntrack entry after upcall.")
Suggested-by: Joe Stringer <joe@ovn.org>
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Joe Stringer <joe@ovn.org>
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Joe Stringer <joe@ovn.org>
|
|
|
|
|
|
|
|
|
| |
Following patch simplifies UDP-checksum routine by unconditionally
using checksum offload for non GSO packets. We might get some
performance improvement due to code simplification.
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
|
|
|
| |
Few function can be compiled out for non GSO case. This
patch make it bit cleaner to understand GSO compat code.
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream commit:
commit d5d5e8d55732c7c35c354e45e3b0af2795978a57
Author: Haishuang Yan <yanhaishuang@cmss.chinamobile.com>
Date: Sat Jul 2 15:02:48 2016 +0800
geneve: fix max_mtu setting
For ipv6+udp+geneve encapsulation data, the max_mtu should subtract
sizeof(ipv6hdr), instead of sizeof(iphdr).
Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream commit:
commit d913d3a763a6f66a862a6eafcf6da89a7905832a
Author: Samuel Gauthier <samuel.gauthier@6wind.com>
Date: Tue Jun 28 17:22:26 2016 +0200
openvswitch: fix conntrack netlink event delivery
Only the first and last netlink message for a particular conntrack are
actually sent. The first message is sent through nf_conntrack_confirm when
the conntrack is committed. The last one is sent when the conntrack is
destroyed on timeout. The other conntrack state change messages are not
advertised.
When the conntrack subsystem is used from netfilter, nf_conntrack_confirm
is called for each packet, from the postrouting hook, which in turn calls
nf_ct_deliver_cached_events to send the state change netlink messages.
This commit fixes the problem by calling nf_ct_deliver_cached_events in the
non-commit case as well.
Fixes: 7f8a436eaa2c ("openvswitch: Add conntrack action")
CC: Joe Stringer <joestringer@nicira.com>
CC: Justin Pettit <jpettit@nicira.com>
CC: Andy Zhou <azhou@nicira.com>
CC: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Samuel Gauthier <samuel.gauthier@6wind.com>
Acked-by: Joe Stringer <joe@ovn.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
| |
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
|
|
|
| |
struct ovs_gso_cb is stored in skb->cd. avoid going beyond size
of skb->cb.
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
udp_set_csum() has bug fix that is not relevant for upstream
(commit c77d947191b0).
So OVS need to use compat function. This function is also
used from UDP xmit path so we have to check USE_UPSTREAM_TUNNEL.
Following patch couple this function to USE_UPSTREAM_TUNNEL symbol
rather than kernel version.
This is not bug, This patch help in code readability.
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
|
|
|
| |
The check for tunnel GSO packet is done at ip-handle-offloads. Remove
same check from udp-handle-offloads.
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
|
|
|
| |
In case of OVS using compat fill metadata dst implementation we need to
setup temperory dst.
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
|
|
| |
Remove kernel version check related to unsupported kernel.
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
|
|
|
|
|
| |
OVS turns on tunnel GSO for statically for kernel older than 3.18.
Some distributions kernel could backport tunnel GSO. To make use
of device offload on such kernel detect the support at configure
stage.
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
| |
In kernels <=3.16 there is an LRU for managing fragment queues for IPv4
and IPv6. Because the backport code comes from more recent upstream
versions of Linux, this LRU management was missing from ip_frag_queue()
and nf_ct_frag6_queue().
Fixes: 595e069a0634 ("compat: Backport IPv4 reassembly.")
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Pravin B Shelar <pshelar@ovn.org>
|
|
|
|
|
|
|
|
|
|
| |
This function is just a dummy to ensure that the corresponding netfilter
fragment module is loaded, to initialize the shared structures. But it
doesn't need to be invoked once per namespace; one call per protocol
should do the trick.
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Pravin B Shelar <pshelar@ovn.org>
|
|
|
|
|
|
|
| |
Kernel 3.7 and lower are now unsupported, remove this fragment.
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Pravin B Shelar <pshelar@ovn.org>
|
|
|
|
|
|
|
|
| |
Remove a couple of functions that are available on all supported kernel
versions.
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Pravin B Shelar <pshelar@ovn.org>
|
|
|
|
|
|
|
|
| |
This was previously backported to fix issues with our inet_fragment
backport; with that largely gone, we can get rid of this too.
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Pravin B Shelar <pshelar@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The core fragmentation handling logic is exported on all supported
kernels, so it's not necessary to backport the latest version of this.
This greatly simplifies the code due to inconsistencies between the old
per-lookup garbage collection and the newer workqueue based garbage
collection.
As a result of simplifying and removing unnecessary backport code, a few
bugs are fixed for corner cases such as when some fragments remain in
the fragment cache when openvswitch is unloaded.
Some backported ip functions need a little extra logic than what is seen
on the latest code due to this, for instance on kernels <3.17:
* Call inet_frag_evictor() before defrag
* Limit hashsize in ip{,6}_fragment logic
The pernet init/exit logic also differs a little from upstream. Upstream
ipv[46]_defrag logic initializes the various pernet fragment parameters
and its own global fragments cache. In the OVS backport, the pernet
parameters are shared while the fragments cache is separate. The
backport relies upon upstream pernet initialization to perform the
shared setup, and performs no pernet initialization of its own. When it
comes to pernet exit however, the backport must ensure that all
OVS-specific fragment state is cleared, while the shared state remains
untouched so that the regular ipv[46] logic may do its own cleanup. In
practice this means that OVS must have its own divergent implementation
of inet_frags_exit_net().
Fixes the following crash:
Call Trace:
<IRQ>
[<ffffffff810744f6>] ? call_timer_fn+0x36/0x100
[<ffffffff8107548f>] run_timer_softirq+0x1ef/0x2f0
[<ffffffff8106cccc>] __do_softirq+0xec/0x2c0
[<ffffffff8106d215>] irq_exit+0x105/0x110
[<ffffffff81737095>] smp_apic_timer_interrupt+0x45/0x60
[<ffffffff81735a1d>] apic_timer_interrupt+0x6d/0x80
<EOI>
[<ffffffff8104f596>] ? native_safe_halt+0x6/0x10
[<ffffffff8101cb2f>] default_idle+0x1f/0xc0
[<ffffffff8101d406>] arch_cpu_idle+0x26/0x30
[<ffffffff810bf3a5>] cpu_startup_entry+0xc5/0x290
[<ffffffff810415ed>] start_secondary+0x21d/0x2d0
Code: Bad RIP value.
RIP [<ffffffffa0177480>] 0xffffffffa0177480
RSP <ffff88003f703e78>
CR2: ffffffffa0177480
---[ end trace eb98ca80ba07bd9c ]---
Kernel panic - not syncing: Fatal exception in interrupt
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Pravin B Shelar <pshelar@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a user sends some fragments of an IPv6 message through OVS, but OVS
fails to assemble the IPv6 message and the OVS module is then unloaded
before the fragments expire, it could lead to a kernel panic like the
following:
Call Trace:
<IRQ>
[<ffffffff810e1919>] ? call_timer_fn+0x39/0x130
[<ffffffff810e31fe>] run_timer_softirq+0x20e/0x2c0
[<ffffffff8107dd0d>] __do_softirq+0xdd/0x290
[<ffffffff817c5bdc>] do_softirq_own_stack+0x1c/0x30
<EOI>
[<ffffffff8107df5f>] do_softirq+0x4f/0x60
[<ffffffff8107dff5>] __local_bh_enable_ip+0x85/0x90
[<ffffffff8173994f>] inet_frags_exit_net+0x6f/0xc0
[<ffffffffc00c02a3>] nf_ct_net_exit+0x43/0x50 [nf_defrag_ipv6]
[<ffffffff816ae528>] ops_exit_list.isra.4+0x38/0x60
[<ffffffff816ae656>] unregister_pernet_operations+0x96/0xe0
[<ffffffff816ae6c5>] unregister_pernet_subsys+0x25/0x40
[<ffffffffc00c1315>] nf_ct_frag6_cleanup+0x15/0x23 [nf_defrag_ipv6]
[<ffffffffc00c133d>] nf_defrag_fini+0x1a/0xcdd [nf_defrag_ipv6]
[<ffffffff810fbedd>] SyS_delete_module+0x18d/0x220
[<ffffffff817c40b2>] entry_SYSCALL_64_fastpath+0x16/0x75
Code: Bad RIP value.
RIP [<ffffffffc030f990>] 0xffffffffc030f990
RSP <ffff88007a043e90>
CR2: ffffffffc030f990
---[ end trace 3bd8c1bbc4478fe2 ]---
Kernel panic - not syncing: Fatal exception in interrupt
Fixes: 73b09aff14c7 ("compat: Backport IPv6 reassembly.")
Reported-by: Jarno Rajahalme <jarno@ovn.org>
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Pravin B Shelar <pshelar@ovn.org>
|
|
|
|
|
|
|
|
|
| |
Most of patch iron out USE_UPSTREAM_TUNNEL case where datapath
directly use upstream tunneling modules.
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
Acked-by: Amitabha Biswas <abiswas@us.ibm.com>
|
|
|
|
|
| |
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OVS compat layer can handle tunnel GSO packets. but it does
keep skb encapsulation on for packet handled in GSO. This can
confuse some NIC drivers. I have seen this issue on intel devices:
>>> i40e 0000:42:00.0: TX driver issue detected, PF reset issued
Following patch resets this bit in case compat layer handles the packet.
VMware-BZ: 1698877
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
|
|
|
|
|
| |
In upstream linux kernel networking stack udp_set_csum() is called
with only udp header applied but in case of compat layer it can
be called with IP header. So following patch take the offset into
account.
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
| |
This compatibility code was only needed for Linux 2.6.36 and older. With the
support for versions older than 3.10 dropped, this code is not needed anymore.
The style for checking for mpls was kept in case some other protocol type is
added in the future.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Acked-by: Pravin B Shelar <pshelar@ovn.org>
|
|
|
|
|
|
|
|
|
| |
The changes from upstream version of rtnl_delete_link were only there to support
Linux 2.6.33 or older. The removal of this support makes it identical to
upstream version as of 4.6.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Acked-by: Pravin B Shelar <pshelar@ovn.org>
|
|
|
|
|
|
|
|
| |
This backported functon was only used for Linux 3.2 or older. As we support only
Linux 3.10 or newer, there is no need for it anymore.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Acked-by: Pravin B Shelar <pshelar@ovn.org>
|
|
|
|
|
|
|
|
| |
The code that used that module was already removed when some support for Linux
older than 3.10 was removed.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Acked-by: Pravin B Shelar <pshelar@ovn.org>
|
|
|
|
|
|
|
|
| |
flow_dissector was only built for Linux 3.8 and older. There is no need for this
anymore, as anything older than 3.10 is no longer supported.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Acked-by: Pravin B Shelar <pshelar@ovn.org>
|
|
|
|
|
|
|
|
| |
flex_array is already present on Linux 3.10, so there is no need for its
backport anymore.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Acked-by: Pravin B Shelar <pshelar@ovn.org>
|
|
|
|
|
| |
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
|
|
|
| |
Most of changes are related to ip-fragment API and genetlink
API changes.
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
|
|
|
|
| |
upstream dev_fill_metadata_dst() uses upstream tunnel-dst which could
be different from OVS defined tun-dst. Therefore use fill-meta-data
function from compat layer.
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream commit:
commit fe3a5f6c795810edb1646a840fec3c8c350c2a4e
Author: Simon Horman <simon.horman@netronome.com>
openvswitch: allow output of MPLS packets on tunnel vports
Currently output of MPLS packets on tunnel vports is not allowed by Open
vSwitch. This is because historically encapsulation was done in such a way
that the inner_protocol field of the skb needed to hold the inner protocol
for both MPLS and tunnel encapsulation in order for GSO segmentation to be
performed correctly.
Since b2acd1dc3949 ("openvswitch: Use regular GRE net_device instead of
vport") Open vSwitch makes use of lwt to output to tunnel netdevs which
perform encapsulation. As no drivers expose support for MPLS offloads this
means that GSO packets are segmented in software by validate_xmit_skb(),
which is called from __dev_queue_xmit(), before tunnel encapsulation occurs.
This means that the inner protocol of MPLS is no longer needed by the time
encapsulation occurs and the contention on the inner_protocol field of the
skb no longer occurs.
Thus it is now safe to output MPLS to tunnel vports.
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Reviewed-by: Jesse Gross <jesse@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
API changes are related commit:
openvswitch: Revert: "Enable memory mapped Netlink i/o"
revert commit 795449d8b846 ("openvswitch: Enable memory mapped Netlink i/o").
Following the mmaped netlink removal this code can be removed.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
| |
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
|
|
|
| |
This brings in missing hunks from upstream commit 00a93babd06aaa
("openvswitch: add tunnel protocol to sw_flow_key").
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream commit:
commit bc7cc5999fd392cc799630d7e375b2f4e29cc398
Author: Simon Horman <simon.horman@netronome.com>
openvswitch: update checksum in {push,pop}_mpls
In the case of CHECKSUM_COMPLETE the skb checksum should be updated in
{push,pop}_mpls() as they the type in the ethernet header.
As suggested by Pravin Shelar.
Cc: Pravin Shelar <pshelar@ovn.org>
Fixes: 25cd9ba0abc0 ("openvswitch: Add basic MPLS support to kernel")
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Acked-by: Pravin B Shelar <pshelar@ovn.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
|
|
|
| |
partialy backport commit c868ee7063bdb5 ("lwt: fix rx checksum setting
for lwt devices tunneling over ipv6").
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
|
|
|
| |
Introduced by upstream commit 4272cc51a6d ("openvswitch: Convert to
using IFF_NO_QUEUE").
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
upstream commit:
commit 684ff4ef5edd758c47929b852b4ea79be56f8bc0
Author: Zhang Shengju <zhangshengju@cmss.chinamobile.com>
ovs: set name assign type of internal port
Set name_assign_type of internal port to NET_NAME_USER.
Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com>
Acked-by: Pravin B Shelar <pshelar@ovn.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream commit:
commit 598c12d0ba6de9060f04999746eb1e015774044b
Author: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
ovs: do not allocate memory from offline numa node
When openvswitch tries allocate memory from offline numa node 0:
stats = kmem_cache_alloc_node(flow_stats_cache, GFP_KERNEL | __GFP_ZERO, 0)
It catches VM_BUG_ON(nid < 0 || nid >= MAX_NUMNODES || !node_online(nid))
[ replaced with VM_WARN_ON(!node_online(nid)) recently ] in linux/gfp.h
This patch disables numa affinity in this case.
Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Acked-by: Pravin B Shelar <pshelar@ovn.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
|
|
| |
Synchronize code with upstream ovs_nla_get_flow_metadata().
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream commit:
commit f35423c137b0e64155f52c166db1d13834a551f2
Author: Fabian Frederick <fabf@skynet.be>
openvswitch: use PTR_ERR_OR_ZERO
Signed-off-by: Fabian Frederick <fabf@skynet.be>
Acked-by: Pravin B Shelar <pshelar@ovn.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream commit:
commit b46f6ded906ef0be52a4881ba50a084aeca64d7e
Author: Nicolas Dichtel <nicolas.dichtel@6wind.com>
libnl: nla_put_be64(): align on a 64-bit area
nla_data() is now aligned on a 64-bit area.
A temporary version (nla_put_be64_32bit()) is added for nla_put_net64().
This function is removed in the next patch.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream commit:
commit 3a927bc7cf9d0fbe8f4a8189dd5f8440228f64e7
Author: Paolo Abeni <pabeni@redhat.com>
ovs: propagate per dp max headroom to all vports
This patch implements bookkeeping support to compute the maximum
headroom for all the devices in each datapath. When said value
changes, the underlying devs are notified via the
ndo_set_rx_headroom method.
This also increases the internal vports xmit performance.
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream commit:
commit 0238b7204b7ff1bad1d2d4489f010d670cbd89f2
Author: Nicolas Dichtel <nicolas.dichtel@6wind.com>
ovs: use nla_put_u64_64bit()
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream commit:
commit 66c7a5ee1a6b7c69d41dfd68d207fdd54efba56a
Author: Nicolas Dichtel <nicolas.dichtel@6wind.com>
ovs: align nlattr properly when needed
I also fix commit 8b32ab9e6ef1: use nla_total_size_64bit() for
OVS_FLOW_ATTR_USED in ovs_flow_cmd_msg_size().
Fixes: 8b32ab9e6ef1 ("ovs: use nla_put_u64_64bit()")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream commit:
commit 6f15cdbf8a8ac2e22767cc8b1eae225702733c95
Author: Samuel Gauthier <samuel.gauthier@6wind.com>
ovs: allow nl 'flow set' to use ufid without flow key
When we want to change a flow using netlink, we have to identify it to
be able to perform a lookup. Both the flow key and unique flow ID
(ufid) are valid identifiers, but we always have to specify the flow
key in the netlink message. When both attributes are there, the ufid
is used. The flow key is used to validate the actions provided by
the userland.
This commit allows to use the ufid without having to provide the flow
key, as it is already done in the netlink 'flow get' and 'flow del'
path. The flow key remains mandatory when an action is provided.
Signed-off-by: Samuel Gauthier <samuel.gauthier@6wind.com>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Acked-by: Pravin B Shelar <pshelar@ovn.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
skipping extension headers
Upstream commit:
commit c30da497893718abc6cec4f1d34d35875200edee
Author: Simon Horman <simon.horman@netronome.com>
openvswitch: retain parsed IPv6 header fields in flow on error skipping extension headers
When an error occurs skipping IPv6 extension headers retain the already
parsed IP protocol and IPv6 addresses in the flow. Also assume that the
packet is not a fragment in the absence of information to the contrary;
that is always use the frag_off value set by ipv6_skip_exthdr().
This allows matching on the IP protocol and IPv6 addresses of packets
with malformed extension headers.
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream commit:
commit 4a92602aa1cd5bbaeedbd9536ff992f7d26fe9d1
Author: Tycho Andersen <tycho.andersen@canonical.com>
openvswitch: allow management from inside user namespaces
Operations with the GENL_ADMIN_PERM flag fail permissions checks because
this flag means we call netlink_capable, which uses the init user ns.
Instead, let's introduce a new flag, GENL_UNS_ADMIN_PERM for operations
which should be allowed inside a user namespace.
The motivation for this is to be able to run openvswitch in unprivileged
containers. I've tested this and it seems to work, but I really have no
idea about the security consequences of this patch, so thoughts would be
much appreciated.
v2: use the GENL_UNS_ADMIN_PERM flag instead of a check in each function
v3: use separate ifs for UNS_ADMIN_PERM and ADMIN_PERM, instead of one
massive one
Reported-by: James Page <james.page@canonical.com>
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
CC: Eric Biederman <ebiederm@xmission.com>
CC: Pravin Shelar <pshelar@ovn.org>
CC: Justin Pettit <jpettit@ovn.org>
CC: "David S. Miller" <davem@davemloft.net>
Acked-by: Pravin B Shelar <pshelar@ovn.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|