| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
Until now, when two tunnels had an identical configuration, both of them
were assigned OpenFlow ports, but only one of those OpenFlow ports was
functional. With this commit, only one of the two (or more) identically
configured tunnels will be assigned an OpenFlow port number.
Reported-by: Keith Holleman <hollemanietf@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Co-authored-by: Andy Zhou <azhou@nicira.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Following patch adds support for userspace tunneling. Tunneling
needs three more component first is routing table which is configured by
caching kernel routes and second is ARP cache which build automatically
by snooping arp. And third is tunnel protocol table which list all
listening protocols which is populated by vswitchd as tunnel ports
are added. GRE and VXLAN protocol support is added in this patch.
Tunneling works as follows:
On packet receive vswitchd check if this packet is targeted to tunnel
port. If it is then vswitchd inserts tunnel pop action which pops
header and sends packet to tunnel port.
On packet xmit rather than generating Set tunnel action it generate
tunnel push action which has tunnel header data. datapath can use
tunnel-push action data to generate header for each packet and
forward this packet to output port. Since tunnel-push action
contains most of packet header vswitchd needs to lookup routing
table and arp table to build this action.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Thomas Graf <tgraf@noironetworks.com>
Acked-by: Ben Pfaff <blp@nicira.com>
|
| |
|
|
|
|
|
|
|
|
| |
Tunnel lookup is done in slow path but DPDK tunneling
slow path is called in PMD context. Therefore it is
better to convert rwlock to fat rwlock.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Thomas Graf <tgraf@noironetworks.com>
Acked-by: Ben Pfaff <blp@nicira.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently we remove the IPSEC_MARK flag from all packets that are
egressing on non-tunnel ports. However, this behavior is confusing
if we allow OpenFlow controllers to match and set the pkt_mark field
because the tunnel behavior applies even on non-tunnel ports.
This instead clears the mark on tunnel input which should have the
same effect for tunnel ports. However, on non-tunnel traffic (or
even for traffic entering on a tunnel port but leaving on a non-
tunnel port) it allows the mark to pass through without change.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>
|
| |
|
|
|
|
|
|
|
|
| |
There are a couple of operations that are related to receiving a
packet on a tunnel port but that affect the actions and therefore
need to be performed on the output path. This adds a new hook to
do this and consolidates the existing code there.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>
|
| |
|
|
|
|
|
|
|
| |
This simplifies the tunnel module's interface and prevents us from
having to sync 'struct tnl_port' once ofproto-dpif and
ofproto-dpif-xlate are disentangled.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
|
| |
|
|
|
|
|
| |
Necessary in a future patch.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Until now, datapath ports and openflow ports were both represented by
unsigned integers of various sizes. With implicit conversions, etc., it is
easy to mix them up and use one where the other is expected. This commit
creates two typedefs, ofp_port_t and odp_port_t. Both of these two types
are marked by "__attribute__((bitwise))" so that sparse can be used to
detect any misuse.
Signed-off-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
For tunnels, we need to handle the facet's wildcards specially in a
couple of cases:
- Don't wildcard TTL for facets if "ttl" option is "inherit".
- Never wildcard the ECN bits, since they are always inherited.
- Wildcard the rest of the TOS field if the "tos" option is "inherit".
Issue #17911
Signed-off-by: Justin Pettit <jpettit@nicira.com>
|
| |
|
|
|
|
|
|
| |
This function no longer has much need to modify its argument, because the
caller can now easily do the modification itself, so this commit makes
that change.
Signed-off-by: Ben Pfaff <blp@nicira.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
After tunnel packet is unencapsulated we should unset IPsec flag from
skb_mark.
Otherwise, IPsec policies would be applied one more time on internal
interfaces, if there is one. This is especially necessary after we
will introduce global, low-priority IPsec drop policy that will make
sure that we never let through marked but unencrypted packets.
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Issue: 15074
|
|
|
The kernel tunneling code currently needs to handle a large number
of operations when tunnel packets are encapsulated and
decapsulated. Some examples of this are: finding the correct
tunnel port on receive, TTL and ToS inheritance, ECN handling, etc.
All of these can be done on a per-flow basis in userspace now that
we have both the inner and outer header information, which allows
us to both simplify the kernel and take advantage of userspace's
information. Once tunnel packets are redirected into this code,
the redundant pieces can be removed from other places.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Signed-off-by: Ethan Jackson <ethan@nicira.com>
|
